Amazon Linux 2023 Department of War (Previously Department of Defense) STIG · ComplianceAsCode/content · Discussion #13885
Comparison of Similarity in the Fix Text Field of the Checklists....
| AL2023 ID | RHEL9 ID | Similarity |
|---|---|---|
| AZLX-23-001300 | RHEL-09-611170 | 0.999596 |
| AZLX-23-002440 | RHEL-09-432035 | 0.998923 |
| AZLX-23-002510 | RHEL-09-412080 | 0.998269 |
| AZLX-23-002430 | RHEL-09-411050 | 0.998121 |
| AZLX-23-002555 | RHEL-09-211055 | 0.998079 |
| AZLX-23-001020 | RHEL-09-611085 | 0.997772 |
| AZLX-23-001015 | RHEL-09-432025 | 0.997673 |
| AZLX-23-002040 | RHEL-09-653040 | 0.997628 |
| AZLX-23-001265 | RHEL-09-672040 | 0.997478 |
| AZLX-23-002265 | RHEL-09-653080 | 0.99744 |
| AZLX-23-002460 | RHEL-09-411080 | 0.997304 |
| AZLX-23-002410 | RHEL-09-412065 | 0.997188 |
| AZLX-23-002190 | RHEL-09-232035 | 0.997163 |
| AZLX-23-002395 | RHEL-09-412040 | 0.997108 |
| AZLX-23-002045 | RHEL-09-653045 | 0.997064 |
| AZLX-23-002396 | RHEL-09-412035 | 0.997038 |
| AZLX-23-002405 | RHEL-09-412050 | 0.997022 |
| AZLX-23-000220 | RHEL-09-213080 | 0.996915 |
| AZLX-23-002000 | RHEL-09-211020 | 0.996877 |
| AZLX-23-001255 | RHEL-09-255050 | 0.996412 |
| AZLX-23-002390 | RHEL-09-611105 | 0.996244 |
| AZLX-23-002520 | RHEL-09-653120 | 0.996238 |
| AZLX-23-002200 | RHEL-09-232225 | 0.996173 |
| AZLX-23-002480 | RHEL-09-411045 | 0.995759 |
| AZLX-23-002450 | RHEL-09-431010 | 0.995733 |
| AZLX-23-002470 | RHEL-09-411090 | 0.995651 |
| AZLX-23-002489 | RHEL-09-611040 | 0.995643 |
| AZLX-23-002600 | RHEL-09-231040 | 0.995594 |
| AZLX-23-002195 | RHEL-09-232220 | 0.995583 |
| AZLX-23-002290 | RHEL-09-232020 | 0.995472 |
| AZLX-23-000200 | RHEL-09-213010 | 0.995375 |
| AZLX-23-000205 | RHEL-09-213015 | 0.995352 |
| AZLX-23-002535 | RHEL-09-213030 | 0.995059 |
| AZLX-23-002540 | RHEL-09-213035 | 0.995059 |
| AZLX-23-002315 | RHEL-09-232025 | 0.99413 |
| AZLX-23-002435 | RHEL-09-411040 | 0.99361 |
| AZLX-23-001005 | RHEL-09-611145 | 0.993487 |
| AZLX-23-002350 | RHEL-09-232195 | 0.993214 |
| AZLX-23-001115 | RHEL-09-611175 | 0.993185 |
| AZLX-23-002455 | RHEL-09-411075 | 0.992839 |
| AZLX-23-001130 | RHEL-09-215075 | 0.991992 |
| AZLX-23-002345 | RHEL-09-232190 | 0.991798 |
| AZLX-23-002620 | RHEL-09-611030 | 0.991594 |
| AZLX-23-001070 | RHEL-09-651025 | 0.989618 |
| AZLX-23-001180 | RHEL-09-255010 | 0.989339 |
| AZLX-23-002005 | RHEL-09-255025 | 0.98894 |
| AZLX-23-001295 | RHEL-09-631015 | 0.988786 |
| AZLX-23-001095 | RHEL-09-215095 | 0.988265 |
| AZLX-23-001125 | RHEL-09-611185 | 0.988265 |
| AZLX-23-001110 | RHEL-09-431025 | 0.988265 |
| AZLX-23-000120 | RHEL-09-214015 | 0.988262 |
| AZLX-23-001035 | RHEL-09-653130 | 0.987871 |
| AZLX-23-001305 | RHEL-09-631020 | 0.987544 |
| AZLX-23-000115 | RHEL-09-214020 | 0.984378 |
| AZLX-23-002240 | RHEL-09-653110 | 0.983933 |
| AZLX-23-001225 | RHEL-09-255090 | 0.97962 |
| AZLX-23-001185 | RHEL-09-255015 | 0.979225 |
| AZLX-23-002570 | RHEL-09-651015 | 0.979111 |
| AZLX-23-001065 | RHEL-09-651015 | 0.979111 |
| AZLX-23-001050 | RHEL-09-252010 | 0.976132 |
| AZLX-23-000135 | RHEL-09-211040 | 0.975174 |
| AZLX-23-001235 | RHEL-09-255040 | 0.974264 |
| AZLX-23-001240 | RHEL-09-255045 | 0.974105 |
| AZLX-23-002565 | RHEL-09-252020 | 0.972974 |
| AZLX-23-002330 | RHEL-09-232030 | 0.96947 |
| AZLX-23-000215 | RHEL-09-213075 | 0.969431 |
| AZLX-23-001000 | RHEL-09-432010 | 0.968209 |
| AZLX-23-002050 | RHEL-09-653050 | 0.966963 |
| AZLX-23-002125 | RHEL-09-654025 | 0.965485 |
| AZLX-23-002130 | RHEL-09-654070 | 0.965205 |
| AZLX-23-002285 | RHEL-09-232015 | 0.961484 |
| AZLX-23-002445 | RHEL-09-431015 | 0.959827 |
| AZLX-23-001280 | RHEL-09-671010 | 0.95911 |
| AZLX-23-000310 | RHEL-09-215025 | 0.959071 |
| AZLX-23-001260 | RHEL-09-672035 | 0.95813 |
| AZLX-23-001060 | RHEL-09-651010 | 0.957395 |
| AZLX-23-001245 | RHEL-09-255100 | 0.956781 |
| AZLX-23-002280 | RHEL-09-232215 | 0.95592 |
| AZLX-23-002065 | RHEL-09-652040 | 0.955743 |
| AZLX-23-002275 | RHEL-09-653090 | 0.954897 |
| AZLX-23-001080 | RHEL-09-251015 | 0.954808 |
| AZLX-23-001010 | RHEL-09-432015 | 0.954751 |
| AZLX-23-002305 | RHEL-09-232210 | 0.954705 |
| AZLX-23-001220 | RHEL-09-255140 | 0.953733 |
| AZLX-23-002225 | RHEL-09-653080 | 0.951951 |
| AZLX-23-002300 | RHEL-09-232205 | 0.950613 |
| AZLX-23-002295 | RHEL-09-232200 | 0.949083 |
| AZLX-23-001195 | RHEL-09-672010 | 0.948459 |
| AZLX-23-000315 | RHEL-09-215040 | 0.947496 |
| AZLX-23-002235 | RHEL-09-653090 | 0.946315 |
| AZLX-23-001215 | RHEL-09-255135 | 0.945668 |
| AZLX-23-002580 | RHEL-09-231105 | 0.940204 |
| AZLX-23-002270 | RHEL-09-653085 | 0.938413 |
| AZLX-23-002055 | RHEL-09-653070 | 0.937671 |
| AZLX-23-002585 | RHEL-09-231110 | 0.935211 |
| AZLX-23-002590 | RHEL-09-231120 | 0.933059 |
| AZLX-23-000305 | RHEL-09-215020 | 0.932394 |
| AZLX-23-001315 | RHEL-09-611190 | 0.930405 |
| AZLX-23-002515 | RHEL-09-212055 | 0.928578 |
| AZLX-23-002110 | RHEL-09-654010 | 0.925449 |
| AZLX-23-002230 | RHEL-09-653085 | 0.921782 |
| AZLX-23-002150 | RHEL-09-654065 | 0.918115 |
| AZLX-23-002425 | RHEL-09-411015 | 0.917402 |
| AZLX-23-001105 | RHEL-09-252065 | 0.914648 |
| AZLX-23-002070 | RHEL-09-652045 | 0.913767 |
| AZLX-23-001275 | RHEL-09-255065 | 0.907372 |
| AZLX-23-002400 | RHEL-09-611075 | 0.904758 |
| AZLX-23-002120 | RHEL-09-654020 | 0.898967 |
| AZLX-23-001250 | RHEL-09-255095 | 0.895645 |
| AZLX-23-002485 | RHEL-09-411030 | 0.887052 |
| AZLX-23-000100 | RHEL-09-231190 | 0.88609 |
| AZLX-23-002185 | RHEL-09-654200 | 0.88375 |
| AZLX-23-001075 | RHEL-09-251010 | 0.883185 |
| AZLX-23-000320 | RHEL-09-215045 | 0.882558 |
| AZLX-23-001045 | RHEL-09-652030 | 0.882448 |
| AZLX-23-002115 | RHEL-09-654015 | 0.882113 |
| AZLX-23-002215 | RHEL-09-653070 | 0.881502 |
| AZLX-23-002105 | RHEL-09-654235 | 0.88149 |
| AZLX-23-002060 | RHEL-09-652035 | 0.881241 |
| AZLX-23-002335 | RHEL-09-232185 | 0.878625 |
| AZLX-23-002175 | RHEL-09-654185 | 0.877607 |
| AZLX-23-002145 | RHEL-09-654105 | 0.873758 |
| AZLX-23-002135 | RHEL-09-654080 | 0.872869 |
| AZLX-23-002595 | RHEL-09-611180 | 0.872759 |
| AZLX-23-002155 | RHEL-09-654045 | 0.872686 |
| AZLX-23-002340 | RHEL-09-232180 | 0.872212 |
| AZLX-23-001090 | RHEL-09-251030 | 0.871564 |
| AZLX-23-002165 | RHEL-09-654255 | 0.871344 |
| AZLX-23-002385 | RHEL-09-611060 | 0.871215 |
| AZLX-23-002100 | RHEL-09-654230 | 0.869651 |
| AZLX-23-002255 | RHEL-09-654245 | 0.869651 |
| AZLX-23-002180 | RHEL-09-654195 | 0.862273 |
| AZLX-23-002560 | RHEL-09-252020 | 0.860831 |
| AZLX-23-002380 | RHEL-09-611100 | 0.859753 |
| AZLX-23-002160 | RHEL-09-654250 | 0.859427 |
| AZLX-23-002250 | RHEL-09-654240 | 0.858405 |
| AZLX-23-001290 | RHEL-09-611165 | 0.853753 |
| AZLX-23-002025 | RHEL-09-653060 | 0.852833 |
| AZLX-23-002500 | RHEL-09-232245 | 0.852338 |
| AZLX-23-001055 | RHEL-09-252015 | 0.851317 |
| AZLX-23-002020 | RHEL-09-231030 | 0.850095 |
| AZLX-23-002320 | RHEL-09-232170 | 0.84858 |
| AZLX-23-002365 | RHEL-09-611070 | 0.848555 |
| AZLX-23-002360 | RHEL-09-611065 | 0.848555 |
| AZLX-23-002355 | RHEL-09-611110 | 0.848555 |
| AZLX-23-002095 | RHEL-09-654225 | 0.845575 |
| AZLX-23-002575 | RHEL-09-213020 | 0.844952 |
| AZLX-23-002210 | RHEL-09-654085 | 0.837555 |
| AZLX-23-002260 | RHEL-09-653100 | 0.837474 |
| AZLX-23-002075 | RHEL-09-652050 | 0.836473 |
| AZLX-23-002325 | RHEL-09-232175 | 0.836401 |
| AZLX-23-002490 | RHEL-09-611050 | 0.834417 |
| AZLX-23-002615 | RHEL-09-214035 | 0.829819 |
| AZLX-23-002085 | RHEL-09-654215 | 0.829481 |
| AZLX-23-002090 | RHEL-09-654215 | 0.829481 |
| AZLX-23-005000 | RHEL-09-654270 | 0.825983 |
| AZLX-23-002495 | RHEL-09-611055 | 0.825932 |
| AZLX-23-001230 | RHEL-09-255035 | 0.825376 |
| AZLX-23-002030 | RHEL-09-653065 | 0.811496 |
| AZLX-23-000300 | RHEL-09-215015 | 0.810811 |
| AZLX-23-001200 | RHEL-09-255055 | 0.810432 |
| AZLX-23-000130 | RHEL-09-211010 | 0.806855 |
| AZLX-23-002375 | RHEL-09-611090 | 0.805823 |
| AZLX-23-000210 | RHEL-09-213025 | 0.795042 |
| AZLX-23-002245 | RHEL-09-654150 | 0.787313 |
| AZLX-23-002505 | RHEL-09-232240 | 0.775069 |
| AZLX-23-002370 | RHEL-09-611115 | 0.763604 |
| AZLX-23-001040 | RHEL-09-652020 | 0.752883 |
| AZLX-23-002220 | RHEL-09-653025 | 0.75222 |
| AZLX-23-002465 | RHEL-09-411085 | 0.706033 |
| AZLX-23-001025 | RHEL-09-653010 | 0.690237 |
| AZLX-23-002205 | RHEL-09-654240 | 0.682896 |
| AZLX-23-001085 | RHEL-09-251035 | 0.666906 |
| AZLX-23-002035 | RHEL-09-653035 | 0.663485 |
| AZLX-23-000225 | RHEL-09-213070 | 0.646632 |
| AZLX-23-002420 | RHEL-09-611030 | 0.643452 |
| AZLX-23-001205 | RHEL-09-672020 | 0.643222 |
| AZLX-23-002015 | RHEL-09-653030 | 0.643038 |
| AZLX-23-001210 | RHEL-09-672020 | 0.642694 |
| AZLX-23-001285 | RHEL-09-672010 | 0.635171 |
| AZLX-23-001120 | RHEL-09-215075 | 0.554608 |
| AZLX-23-002415 | RHEL-09-411040 | 0.536519 |
| AZLX-23-002140 | RHEL-09-654050 | 0.536035 |
| AZLX-23-001030 | RHEL-09-653015 | 0.51337 |
| AZLX-23-002475 | RHEL-09-251020 | 0.504679 |
| AZLX-23-001270 | RHEL-09-672045 | 0.47515 |
| AZLX-23-000125 | RHEL-09-214025 | 0.444188 |
| AZLX-23-000110 | RHEL-09-214015 | 0.40211 |
| AZLX-23-002080 | RHEL-09-652055 | 0.290845 |
| AZLX-23-001310 | RHEL-09-215010 | 0.228441 |
| AZLX-23-002605 | RHEL-09-251030 | 0.161288 |
| AZLX-23-002610 | RHEL-09-232260 | 0.0630691 |
0 replies
Posted similarity analysis above between RHEL 9 and Amazon Linux 2023, as a lot of the STIGs are the same, just written slightly differently. I think it is all Fedora based, would be nice if all the common ones were 100% similarity, but not the case when things are hand jammed.
0 replies
If you wanted to do the same analysis. Replace "rhel9" and "amazonlinux" with DISA STIG checklists converted to CSV.
import pandas as pd
from sklearn.feature_extraction.text import TfidfVectorizer
from sklearn.metrics.pairwise import cosine_similarity
# Load CSVs
al = pd.read_csv("amazonlinux")
rhel = pd.read_csv("rhel9")
# TF-IDF on descriptions
vectorizer = TfidfVectorizer(stop_words='english')
tfidf_al = vectorizer.fit_transform(al['Fix Text'].astype(str))
tfidf_rhel = vectorizer.transform(rhel['Fix Text'].astype(str))
# Compute similarity
sim_matrix = cosine_similarity(tfidf_al, tfidf_rhel)
crosswalk = []
for i, al_row in al.iterrows():
best_idx = sim_matrix[i].argmax()
crosswalk.append({
'AL2023 ID': al_row['STIG ID'],
'AL2023 Fix Text': al_row['Fix Text'],
'RHEL9 ID': rhel.iloc[best_idx]['STIG ID'],
'RHEL9 Fix Text': rhel.iloc[best_idx]['Fix Text'],
'Similarity': sim_matrix[i][best_idx]
})
df_crosswalk = pd.DataFrame(crosswalk)
df_crosswalk.to_csv("al2023_rhel9_crosswalk.csv", index=False)
0 replies
0 replies
I got the profile to build. I think I just need to go through each item to verify it is 100% correct. If this is not something desired here, I can create a fork, or just make a playbook for my own use. Just let me know how to proceed. @Mab879
0 replies
Thanks for for the work. Please feel free open PR to get some better feedback. Here few points I found based on a quick look:
- The
idshould just be the STIG ID, no extra identifiers. i.e.AZLX-23-000100. - The formatting should follow the style guide and should pass this project's YAML lint.
- The SME field on the profile should be a github username
- The
referencekey on the profile should use the new URL of DISA's website.
0 replies
Hi @bordencastle , are you still working on a PR for this? I am happy to attempt it.
0 replies
Good morning, has this received any progress?
0 replies
@Mab879 @nessadc @ngearhart I started a PR here
The profile runs, down to 12 rules coming back as N/A - still need to go through each check and make sure its doing the right thing
0 replies
@Mab879 @nessadc @ngearhart @bordencastle I had to make a new PR since it was failing for having a merge request in commit... anyways
I could use a hand in reviewing the rules, to test this is somewhat difficult, since AL2023 doesn't have the latest oscap, it needs to be built from source on the remote machine, and then use oscap-ssh to scan/remediate. i was able to get it to ~80%ish green
Steps to reproduce
Pre-req
- have a al2023 vanilla VM installed, or an ec2 instance in AWS
- If using vmware, need a seed.iso to cloud-init the instance for initial use
On the remote AL2023 VM
- Install the build dependencies, and git for openscap, similar to RHEL8+. Note that python36-devel is not available
sudo dnf install \
git cmake dbus-devel libacl-devel libblkid-devel libcap-devel libcurl-devel \
libgcrypt-devel libselinux-devel libxml2-devel libxslt-devel libattr-devel make openldap-devel \
pcre2-devel perl-XML-Parser perl-XML-XPath perl-devel rpm-devel swig \
bzip2-devel gcc-c++ libyaml-devel xmlsec1-devel xmlsec1-openssl-devel
- Clone the openscap repo
git clone https://github.com/OpenSCAP/openscap.git
- Build oscap from source
$ cd build/
$ cmake ../
$ make
$ make install
- Move oscap_wrapper to path and rename to oscap
sudo mv oscap_wrapper /usr/local/bin/oscap
On local fedora box
-
Clone the PR
gh pr checkout 14246 -
Build the content
cd build
cmake ../
make -j4 al2023
- Run the scan with remediate
oscap-ssh --sudo ec2-user@<ipaddress> 22 xccdf eval --remediate --profile xccdf_org.ssgproject.content_profile_stig --stig-viewer ssh-remediate-results.xml ssg-al2023-ds.xml
7 replies
rsyslog is not installed, authselect is not installed, /boot/efi is vfat which there is a filter in the rule to exclude vfat from applying nosuid, so that one will never work. I did something to fix the authselect install, and rsyslog, but my code doesn't look great yet. Some rules try to apply, but the rules are missing platform filters for al2023. The common theme I see is that things like rsyslog and authselect might just be assumed to exist, when they should verify the rpms are installed prior to attempting to create configs for them, and certainly the platform labels need to be updated to include al2023.
--- Starting Remediation --- Title Build and Test AIDE Database Rule xccdf_org.ssgproject.content_rule_aide_build_database Result error Title Enable Dracut FIPS Module Rule xccdf_org.ssgproject.content_rule_enable_dracut_fips_module Result fail Title Enable FIPS Mode Rule xccdf_org.ssgproject.content_rule_enable_fips_mode Result error Title Set kernel parameter 'crypto.fips_enabled' to 1 Rule xccdf_org.ssgproject.content_rule_sysctl_crypto_fips_enabled Result fail Title Configure SSH Server to Use FIPS 140-2 Validated Ciphers: opensshserver.config Rule xccdf_org.ssgproject.content_rule_harden_sshd_ciphers_opensshserver_conf_crypto_policy Result fail Title The Installed Operating System Is Vendor Supported Rule xccdf_org.ssgproject.content_rule_installed_OS_is_vendor_supported Result fail Title Ensure /var/log/audit Located On Separate Partition Rule xccdf_org.ssgproject.content_rule_partition_for_var_log_audit Result fail Title Ensure authselect is Installed Rule xccdf_org.ssgproject.content_rule_package_authselect_installed Ident CCE-89733-0 Result fixed Title Enable authselect Rule xccdf_org.ssgproject.content_rule_enable_authselect Result error Title Ensure remote access methods are monitored in Rsyslog Rule xccdf_org.ssgproject.content_rule_rsyslog_remote_access_monitoring Result error Title Add nosuid Option to /boot/efi Rule xccdf_org.ssgproject.content_rule_mount_option_boot_efi_nosuid Result error Title Enable Auditing for Processes Which Start Prior to the Audit Daemon Rule xccdf_org.ssgproject.content_rule_grub2_audit_argument Result error Title Extend Audit Backlog Limit for the Audit Daemon Rule xccdf_org.ssgproject.content_rule_grub2_audit_backlog_limit_argument Result error Title Record Any Attempts to Run chcon Rule xccdf_org.ssgproject.content_rule_audit_rules_execution_chcon Result error Title Record Any Attempts to Run semanage Rule xccdf_org.ssgproject.content_rule_audit_rules_execution_semanage Result error Title Ensure auditd Collects Information on the Use of Privileged Commands - init Rule xccdf_org.ssgproject.content_rule_audit_privileged_commands_init Result error Title Ensure auditd Collects Information on the Use of Privileged Commands - reboot Rule xccdf_org.ssgproject.content_rule_audit_privileged_commands_reboot Result error Title Ensure auditd Collects Information on the Use of Privileged Commands - shutdown Rule xccdf_org.ssgproject.content_rule_audit_privileged_commands_shutdown Result error Title Ensure auditd Collects Information on the Use of Privileged Commands - chage Rule xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_chage Result error Title Ensure auditd Collects Information on the Use of Privileged Commands - kmod Rule xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_kmod Result error Title Ensure auditd Collects Information on the Use of Privileged Commands - sudo Rule xccdf_org.ssgproject.content_rule_audit_rules_privileged_commands_sudo Result error
It appears these parts need to be redone after you enable FIPS on the server you are running remediations on as well....
Clone the openscap repo
git clone https://github.com/OpenSCAP/openscap.git
Build oscap from source
$ cd build/
$ cmake ../
$ make
$ make install
Move oscap_wrapper to path and rename to oscap
sudo mv oscap_wrapper /usr/local/bin/oscap
@Eric-Domeier Eric-Domeier#2
Not as much as I wanted to achieve, but most of this is relatively new to me. I think it fixes some things.
Rename the extension back to .cklb to see in STIG viewer. As a systems administrator, I would be redoing the audit rules if not exact, as they would get flagged by scanning tools, but I'm not sure what the overall theory is with openscap and using the shared rules/templates. The remaining things are around those audit rules not being exact, some rsyslog config, authselect/pam settings. I added in some of the comments "key: line-duplicated", where it is not necessarily a finding, but it would be better if the addition of the setting uncommented and used the existing line instead of creating a duplicate line.
As far as audit rules in general, I know for RHEL 9 that part of the ansible playbook ran for 45 minutes. I think it would be more ideal to have OS specific applications for the rules where it's not doing all this querying of shared audit rules. If you did that the playbooks could run in 2-3 minutes to configure audit rules, or you could have something like 1 jinja template to do them all, or 1 per OS where it isn't going through 100's of ansible tasks to provision a few files on any given OS.
@bordencastle I worked on this a bit before I realized you had put a PR in, I attempted to merge ours together here
Something may have gone wrong while merging ours together as the number of rules that are applicable went down slightly.
With my latest changes merged into the current PR its looking pretty good with 158 not a finding, 16 NR's and 7 Opens.
I believe my changes have fixed the issues you were running into with the audit rules not being applied.
As for how long it takes to run the ansible version of the fixes, I use the bash typically it is only taking ~5 minutes for a scan+remediate,
will keep working when i get a chance
Looking a bit better now.
167 rules successfully remediate/scan
9 findings
7 n/a
9 not reviewed/manuals
Here are the current errors/fails
--- Starting Remediation ---
Title Build and Test AIDE Database
Rule xccdf_org.ssgproject.content_rule_aide_build_database
Result error
Title Configure SSH Client to Use FIPS 140-2 Validated MACs: openssh.config
Rule xccdf_org.ssgproject.content_rule_harden_sshd_macs_openssh_conf_crypto_policy
Result fail
Title Ensure /var/log/audit Located On Separate Partition
Rule xccdf_org.ssgproject.content_rule_partition_for_var_log_audit
Result fail
Title Enable authselect
Rule xccdf_org.ssgproject.content_rule_enable_authselect
Result error
Title Ensure rsyslog-gnutls is installed
Rule xccdf_org.ssgproject.content_rule_package_rsyslog-gnutls_installed
Result error
Title Ensure remote access methods are monitored in Rsyslog
Rule xccdf_org.ssgproject.content_rule_rsyslog_remote_access_monitoring
Result error
Title Add nosuid Option to /boot/efi
Rule xccdf_org.ssgproject.content_rule_mount_option_boot_efi_nosuid
Result error
Title Enable Auditing for Processes Which Start Prior to the Audit Daemon
Rule xccdf_org.ssgproject.content_rule_grub2_audit_argument
Result error
Title Extend Audit Backlog Limit for the Audit Daemon
Rule xccdf_org.ssgproject.content_rule_grub2_audit_backlog_limit_argument
Result error
- For xccdf_org.ssgproject.content_rule_mount_option_boot_efi_nosuid, in my case my /boot/efi is vfat and so it should find that this is not applicable.
- For xccdf_org.ssgproject.content_rule_grub2_audit_backlog_limit_argument i've set the required vars i believe, but it is still having issues
1 reply
@Eric-Domeier Nice work, and thanks for spending your weekend working hard on this. I added some comments for the stuff I previously fixed to your merge request.
This is great work! It looks like the PR is basically ready to merge with some minor formatting changes. Is there anything you need help with?
0 replies