Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update incorrect audit STIG rules for Ubuntu 18.04 STIG #1172

Closed
wants to merge 2 commits into from

Conversation

jgbradley1
Copy link

@jgbradley1 jgbradley1 commented Nov 26, 2022

Pull Request (PR) description:

This PR updates several STIG rules for Canonical Ubuntu 18.04 LTS STIG (V2R7 and V2R8).

This fixes #1170. The list of STIG finding IDs impacted are:

V-219238
V-219239
V-219240
V-219241
V-219242
V-219243
V-219244
V-219245
V-219246
V-219247
V-219248
V-219249
V-219250
V-219251
V-219252
V-219253
V-219254
V-219255
V-219256
V-219257
V-219261
V-219262
V-219263
V-219264
V-219265
V-219266
V-219267
V-219268
V-219269
V-219270
V-219271
V-219272
V-219273
V-219274
V-219275
V-219276
V-219277
V-219279
V-219284
V-219285
V-219286
V-219287
V-219288
V-219289
V-219290
V-219293
V-219294
V-219295

Task list:

  • Change details added to Unreleased section of CHANGELOG.md (Not required for Convert modules)?
  • Added/updated documentation, comment-based help and descriptions where appropriate?

This change is Reviewable

@erjenkin erjenkin requested a review from bcwilhite November 28, 2022 15:01
@jgbradley1
Copy link
Author

jgbradley1 commented Nov 28, 2022

There is another related problem with the Ubuntu STIG but I can create another PR if that would facilitate an easier review.

Issue: STIG policies state that all “audit” rules defined by a STIG finding should be defined in a file at /etc/audit/rules.d/stig.rules. PowerSTIG currently places those rules at /etc/audit/rules.d/audit.rules.

STIG compliance checkers do not seem to report the different filepath as being a problem. However it might be easier to maintain and debug if the audit rules are implemented exactly as stated by the STIG.

Copy link
Contributor

@erjenkin erjenkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Parser update will be required to ensure future versions have the correct values

@erjenkin
Copy link
Contributor

closing PR as update to parser has not been completed. Please reopen with parser updated

@erjenkin erjenkin closed this Jun 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Multiple Ubuntu STIG rules using wrong auid value
2 participants