sr2/RHEL9-CIS
4
0
Fork 0
forked from ansible-lockdown/RHEL9-CIS
Code Activity

improved tests and updated

Browse source 
Signed-off-by: Mark Bolwell <mark.bollyuk@gmail.com>
This commit is contained in:
Mark Bolwell 2024-08-09 13:13:17 +01:00
parent 485a85db76
commit 265423eb0a
No known key found for this signature in database
GPG key ID: 997FF7FE93AEB5B9
11 changed files with 171 additions and 152 deletions
Download patch file Download diff file Expand all files Collapse all files

5
templates/audit/99_auditd.rules.j2
View file

@ -46,6 +46,9 @@
-w /etc/gshadow -p wa -k identity
-w /etc/shadow -p wa -k identity
-w /etc/security/opasswd -p wa -k identity
-w /etc/nsswitch.conf -p wa -k identity
-w /etc/pam.conf -p wa -k identity
-w /etc/pam.d -p wa -k identity
{% endif %}
{% if rhel9cis_rule_6_3_3_9 %}
-a always,exit -F arch=b64 -S chmod,fchmod,fchmodat -F auid>={{ prelim_min_int_uid }} -F auid!=unset -F key=perm_mod
@ -83,7 +86,7 @@
-a always,exit -F path=/usr/bin/setfacl -F perm=x -F auid>={{ prelim_min_int_uid }} -F auid!=unset -k perm_chng
{% endif %}
{% if rhel9cis_rule_6_3_3_17 %}
-a always,exit -F path=/usr/bin/chacl -F perm=x -F auid>={{ prelim_min_int_uid }} -F auid!=unset -k priv_cmd
-a always,exit -F path=/usr/bin/chacl -F perm=x -F auid>={{ prelim_min_int_uid }} -F auid!=unset -k priv_chng
{% endif %}
{% if rhel9cis_rule_6_3_3_18 %}
-a always,exit -F path=/usr/sbin/usermod -F perm=x -F auid>={{ prelim_min_int_uid }} -F auid!=unset -k usermod