52.8 MB
/srv/reproducible-results/rbuild-debian/r-b-build.rcacOdWr/b1/scap-security-guide_0.1.65-1_amd64.changes vs.
/srv/reproducible-results/rbuild-debian/r-b-build.rcacOdWr/b2/scap-security-guide_0.1.65-1_amd64.changes
822 B
Files
    
Offset 1, 6 lines modifiedOffset 1, 6 lines modified
  
1 ·18090169a6b08e51aa8cf98d1a67791d·181960·admin·optional·ssg-applications_0.1.65-1_all.deb1 ·c648e9dd369bd5db41cf2cabca7e639e·181916·admin·optional·ssg-applications_0.1.65-1_all.deb
2 ·f7bae0738ce4e633a16dbb487c1b30d5·27788·admin·optional·ssg-base_0.1.65-1_all.deb2 ·f7bae0738ce4e633a16dbb487c1b30d5·27788·admin·optional·ssg-base_0.1.65-1_all.deb
3 ·bcdc31fc8ce6187d18aa01992d8bdeff·3378672·admin·optional·ssg-debderived_0.1.65-1_all.deb 
4 ·56111c82ff654a02f0793cad2a4f9e4f·828680·admin·optional·ssg-debian_0.1.65-1_all.deb 
5 ·caed9acb69b15daa2c02d4ec76955caa·40217608·admin·optional·ssg-nondebian_0.1.65-1_all.deb3 ·cbf5117ebf59a4d85e284ac8798843b4·3380308·admin·optional·ssg-debderived_0.1.65-1_all.deb
 4 ·978245e3e4c24d53f4a7dfee5e0c9507·828692·admin·optional·ssg-debian_0.1.65-1_all.deb
 5 ·4c021df465c5f7e67d290321990173a1·40218524·admin·optional·ssg-nondebian_0.1.65-1_all.deb
20.3 KB
ssg-applications_0.1.65-1_all.deb
452 B
file list
    
Offset 1, 3 lines modifiedOffset 1, 3 lines modified
1 -rw-r--r--···0········0········0········4·2022-12-20·09:54:05.000000·debian-binary1 -rw-r--r--···0········0········0········4·2022-12-20·09:54:05.000000·debian-binary
2 -rw-r--r--···0········0········0·····1736·2022-12-20·09:54:05.000000·control.tar.xz2 -rw-r--r--···0········0········0·····1732·2022-12-20·09:54:05.000000·control.tar.xz
3 -rw-r--r--···0········0········0···180032·2022-12-20·09:54:05.000000·data.tar.xz3 -rw-r--r--···0········0········0···179992·2022-12-20·09:54:05.000000·data.tar.xz
98.0 B
control.tar.xz
70.0 B
control.tar
48.0 B
./md5sums
30.0 B
./md5sums
Files differ
19.7 KB
data.tar.xz
19.7 KB
data.tar
1.99 KB
./usr/share/doc/ssg-applications/ssg-chromium-guide-stig.html
    
Offset 14334, 16 lines modifiedOffset 14334, 16 lines modified
00037fd0:·7669·7369·6f6e·2048·6973·746f·7279·3c2f··vision·History</00037fd0:·7669·7369·6f6e·2048·6973·746f·7279·3c2f··vision·History</
00037fe0:·6832·3e3c·703e·4375·7272·656e·7420·7665··h2><p>Current·ve00037fe0:·6832·3e3c·703e·4375·7272·656e·7420·7665··h2><p>Current·ve
00037ff0:·7273·696f·6e3a·203c·7374·726f·6e67·3e30··rsion:·<strong>000037ff0:·7273·696f·6e3a·203c·7374·726f·6e67·3e30··rsion:·<strong>0
00038000:·2e31·2e36·353c·2f73·7472·6f6e·673e·3c2f··.1.65</strong></00038000:·2e31·2e36·353c·2f73·7472·6f6e·673e·3c2f··.1.65</strong></
00038010:·703e·3c75·6c3e·3c6c·693e·3c73·7472·6f6e··p><ul><li><stron00038010:·703e·3c75·6c3e·3c6c·693e·3c73·7472·6f6e··p><ul><li><stron
00038020:·673e·6472·6166·743c·2f73·7472·6f6e·673e··g>draft</strong>00038020:·673e·6472·6166·743c·2f73·7472·6f6e·673e··g>draft</strong>
00038030:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············00038030:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············
00038040:·2020·2020·2028·6173·206f·6620·3230·3234·······(as·of·202400038040:·2020·2020·2028·6173·206f·6620·3230·3235·······(as·of·2025
00038050:·2d30·312d·3134·290a·2020·2020·2020·2020··-01-14).········00038050:·2d30·322d·3135·290a·2020·2020·2020·2020··-02-15).········
00038060:·2020·2020·2020·2020·3c2f·6c69·3e3c·2f75··········</li></u00038060:·2020·2020·2020·2020·3c2f·6c69·3e3c·2f75··········</li></u
00038070:·6c3e·3c2f·6469·763e·3c68·323e·5461·626c··l></div><h2>Tabl00038070:·6c3e·3c2f·6469·763e·3c68·323e·5461·626c··l></div><h2>Tabl
00038080:·6520·6f66·2043·6f6e·7465·6e74·733c·2f68··e·of·Contents</h00038080:·6520·6f66·2043·6f6e·7465·6e74·733c·2f68··e·of·Contents</h
00038090:·323e·3c6f·6c3e·3c6c·693e·3c61·2068·7265··2><ol><li><a·hre00038090:·323e·3c6f·6c3e·3c6c·693e·3c61·2068·7265··2><ol><li><a·hre
000380a0:·663d·2223·7863·6364·665f·6f72·672e·7373··f="#xccdf_org.ss000380a0:·663d·2223·7863·6364·665f·6f72·672e·7373··f="#xccdf_org.ss
000380b0:·6770·726f·6a65·6374·2e63·6f6e·7465·6e74··gproject.content000380b0:·6770·726f·6a65·6374·2e63·6f6e·7465·6e74··gproject.content
000380c0:·5f67·726f·7570·5f63·6872·6f6d·6975·6d22··_group_chromium"000380c0:·5f67·726f·7570·5f63·6872·6f6d·6975·6d22··_group_chromium"
651 B
html2text {}
    
Offset 50, 15 lines modifiedOffset 50, 15 lines modified
50 *****·Profile·Information·*****50 *****·Profile·Information·*****
51 Profile·Title·Upstream·STIG·for·Google·Chromium51 Profile·Title·Upstream·STIG·for·Google·Chromium
52 Profile·ID····xccdf_org.ssgproject.content_profile_stig52 Profile·ID····xccdf_org.ssgproject.content_profile_stig
53 ***·CPE·Platforms·***53 ***·CPE·Platforms·***
54 ····*·cpe:/a:google:chromium-browser54 ····*·cpe:/a:google:chromium-browser
55 *****·Revision·History·*****55 *****·Revision·History·*****
56 Current·version:·0.1.6556 Current·version:·0.1.65
57 ····*·draft·(as·of·2024-01-14)57 ····*·draft·(as·of·2025-02-15)
58 *****·Table·of·Contents·*****58 *****·Table·of·Contents·*****
59 ···1.·Chromium59 ···1.·Chromium
60 *****·Checklist·*****60 *****·Checklist·*****
61 Group  ·Guide·to·the·Secure·Configuration·of·Chromium·  Group·contains·1·group·and·3761 Group  ·Guide·to·the·Secure·Configuration·of·Chromium·  Group·contains·1·group·and·37
62 rules62 rules
63 Group  ·Chromium·  Group·contains·37·rules63 Group  ·Chromium·  Group·contains·37·rules
64 [ref]  ·Chromium·is·an·open-source·web·browser,·powered·by·WebKit·(Blink),·and64 [ref]  ·Chromium·is·an·open-source·web·browser,·powered·by·WebKit·(Blink),·and
1.9 KB
./usr/share/doc/ssg-applications/ssg-eks-guide-cis-node.html
    
Offset 14331, 15 lines modifiedOffset 14331, 15 lines modified
00037fa0:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current00037fa0:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current
00037fb0:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron00037fb0:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron
00037fc0:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong00037fc0:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong
00037fd0:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st00037fd0:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st
00037fe0:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro00037fe0:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro
00037ff0:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············00037ff0:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············
00038000:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·200038000:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·2
00038010:·3032·342d·3031·2d31·3429·0a20·2020·2020··024-01-14).·····00038010:·3032·352d·3032·2d31·3529·0a20·2020·2020··025-02-15).·····
00038020:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>00038020:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>
00038030:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T00038030:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T
00038040:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents00038040:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents
00038050:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·00038050:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·
00038060:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org00038060:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org
00038070:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont00038070:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont
00038080:·656e·745f·6772·6f75·705f·6f70·656e·7368··ent_group_opensh00038080:·656e·745f·6772·6f75·705f·6f70·656e·7368··ent_group_opensh
698 B
html2text {}
    
Offset 44, 15 lines modifiedOffset 44, 15 lines modified
44 Profile·ID····xccdf_org.ssgproject.content_profile_cis-node44 Profile·ID····xccdf_org.ssgproject.content_profile_cis-node
45 ***·CPE·Platforms·***45 ***·CPE·Platforms·***
46 ····*·cpe:/a:amazon:elastic_kubernetes_service_node:1.2146 ····*·cpe:/a:amazon:elastic_kubernetes_service_node:1.21
47 ····*·cpe:/o:amazon:elastic_kubernetes_service_node:147 ····*·cpe:/o:amazon:elastic_kubernetes_service_node:1
48 ····*·cpe:/a:amazon:elastic_kubernetes_service:148 ····*·cpe:/a:amazon:elastic_kubernetes_service:1
49 *****·Revision·History·*****49 *****·Revision·History·*****
50 Current·version:·0.1.6550 Current·version:·0.1.65
51 ····*·draft·(as·of·2024-01-14)51 ····*·draft·(as·of·2025-02-15)
52 *****·Table·of·Contents·*****52 *****·Table·of·Contents·*****
53 ···1.·Kubernetes_Settings53 ···1.·Kubernetes_Settings
54 ·········1.·Kubernetes_Kubelet_Settings54 ·········1.·Kubernetes_Kubelet_Settings
55 ·········2.·Kubernetes_-_Worker_Node_Settings55 ·········2.·Kubernetes_-_Worker_Node_Settings
56 *****·Checklist·*****56 *****·Checklist·*****
57 Group  ·Guide·to·the·Secure·Configuration·of·Amazon·Elastic·Kubernetes·Service·  Group57 Group  ·Guide·to·the·Secure·Configuration·of·Amazon·Elastic·Kubernetes·Service·  Group
58 contains·3·groups·and·7·rules58 contains·3·groups·and·7·rules
1.88 KB
./usr/share/doc/ssg-applications/ssg-eks-guide-cis.html
    
Offset 14330, 15 lines modifiedOffset 14330, 15 lines modified
00037f90:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>00037f90:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>
00037fa0:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:00037fa0:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:
00037fb0:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<00037fb0:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<
00037fc0:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>00037fc0:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>
00037fd0:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf00037fd0:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf
00037fe0:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····00037fe0:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····
00037ff0:·2020·2020·2020·2020·2020·2020·2020·2028·················(00037ff0:·2020·2020·2020·2020·2020·2020·2020·2028·················(
00038000:·6173·206f·6620·3230·3234·2d30·312d·3134··as·of·2024-01-1400038000:·6173·206f·6620·3230·3235·2d30·322d·3135··as·of·2025-02-15
00038010:·290a·2020·2020·2020·2020·2020·2020·2020··).··············00038010:·290a·2020·2020·2020·2020·2020·2020·2020··).··············
00038020:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di00038020:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di
00038030:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C00038030:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C
00038040:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>00038040:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>
00038050:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc00038050:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc
00038060:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje00038060:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje
00038070:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group00038070:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group
680 B
html2text {}
    
Offset 44, 15 lines modifiedOffset 44, 15 lines modified
44 Profile·ID····xccdf_org.ssgproject.content_profile_cis44 Profile·ID····xccdf_org.ssgproject.content_profile_cis
45 ***·CPE·Platforms·***45 ***·CPE·Platforms·***
46 ····*·cpe:/a:amazon:elastic_kubernetes_service_node:1.2146 ····*·cpe:/a:amazon:elastic_kubernetes_service_node:1.21
47 ····*·cpe:/o:amazon:elastic_kubernetes_service_node:147 ····*·cpe:/o:amazon:elastic_kubernetes_service_node:1
48 ····*·cpe:/a:amazon:elastic_kubernetes_service:148 ····*·cpe:/a:amazon:elastic_kubernetes_service:1
49 *****·Revision·History·*****49 *****·Revision·History·*****
50 Current·version:·0.1.6550 Current·version:·0.1.65
51 ····*·draft·(as·of·2024-01-14)51 ····*·draft·(as·of·2025-02-15)
52 *****·Table·of·Contents·*****52 *****·Table·of·Contents·*****
53 ···1.·Kubernetes_Settings53 ···1.·Kubernetes_Settings
54 ·········1.·Kubernetes_-_Account_and_Access_Control54 ·········1.·Kubernetes_-_Account_and_Access_Control
55 ·········2.·Authentication55 ·········2.·Authentication
56 ·········3.·Kubernetes_-_General_Security_Practices56 ·········3.·Kubernetes_-_General_Security_Practices
57 ·········4.·Kubernetes_Kubelet_Settings57 ·········4.·Kubernetes_Kubelet_Settings
58 ·········5.·OpenShift_-_Logging_Settings58 ·········5.·OpenShift_-_Logging_Settings
1.93 KB
./usr/share/doc/ssg-applications/ssg-firefox-guide-stig.html
    
Offset 14331, 15 lines modifiedOffset 14331, 15 lines modified
00037fa0:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>00037fa0:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>
00037fb0:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:00037fb0:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:
00037fc0:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<00037fc0:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<
00037fd0:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>00037fd0:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>
00037fe0:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf00037fe0:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf
00037ff0:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····00037ff0:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····
00038000:·2020·2020·2020·2020·2020·2020·2020·2028·················(00038000:·2020·2020·2020·2020·2020·2020·2020·2028·················(
00038010:·6173·206f·6620·3230·3234·2d30·312d·3134··as·of·2024-01-1400038010:·6173·206f·6620·3230·3235·2d30·322d·3135··as·of·2025-02-15
00038020:·290a·2020·2020·2020·2020·2020·2020·2020··).··············00038020:·290a·2020·2020·2020·2020·2020·2020·2020··).··············
00038030:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di00038030:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di
00038040:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C00038040:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C
00038050:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>00038050:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>
00038060:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc00038060:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc
00038070:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje00038070:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje
00038080:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group00038080:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group
730 B
html2text {}
    
Offset 50, 15 lines modifiedOffset 50, 15 lines modified
50 *****·Profile·Information·*****50 *****·Profile·Information·*****
51 Profile·Title·Mozilla·Firefox·STIG51 Profile·Title·Mozilla·Firefox·STIG
52 Profile·ID····xccdf_org.ssgproject.content_profile_stig52 Profile·ID····xccdf_org.ssgproject.content_profile_stig
53 ***·CPE·Platforms·***53 ***·CPE·Platforms·***
54 ····*·cpe:/a:mozilla:firefox54 ····*·cpe:/a:mozilla:firefox
55 *****·Revision·History·*****55 *****·Revision·History·*****
56 Current·version:·0.1.6556 Current·version:·0.1.65
57 ····*·draft·(as·of·2024-01-14)57 ····*·draft·(as·of·2025-02-15)
58 *****·Table·of·Contents·*****58 *****·Table·of·Contents·*****
59 ···1.·Firefox59 ···1.·Firefox
60 *****·Checklist·*****60 *****·Checklist·*****
61 Group  ·Guide·to·the·Secure·Configuration·of·Firefox·  Group·contains·1·group·and·33·rules61 Group  ·Guide·to·the·Secure·Configuration·of·Firefox·  Group·contains·1·group·and·33·rules
62 Group  ·Firefox·  Group·contains·33·rules62 Group  ·Firefox·  Group·contains·33·rules
63 [ref]  ·Firefox·is·an·open-source·web·browser·and·developed·by·Mozilla.·Web·browsers·such·as63 [ref]  ·Firefox·is·an·open-source·web·browser·and·developed·by·Mozilla.·Web·browsers·such·as
64 Firefox·are·used·for·a·number·of·reasons.·This·section·provides·settings·for·configuring64 Firefox·are·used·for·a·number·of·reasons.·This·section·provides·settings·for·configuring
1.4 KB
./usr/share/xml/scap/ssg/content/ssg-chromium-ds-1.2.xml
1.29 KB
./usr/share/xml/scap/ssg/content/ssg-chromium-ds-1.2.xml
    
Offset 28, 15 lines modifiedOffset 28, 15 lines modified
28 ········<cpe-dict:title·xml:lang="en-us">Google·Chromium·Browser</cpe-dict:title>28 ········<cpe-dict:title·xml:lang="en-us">Google·Chromium·Browser</cpe-dict:title>
29 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-chromium-cpe-oval.xml">oval:ssg-installed_app_is_chromium:def:1</cpe-dict:check>29 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-chromium-cpe-oval.xml">oval:ssg-installed_app_is_chromium:def:1</cpe-dict:check>
30 ······</cpe-dict:cpe-item>30 ······</cpe-dict:cpe-item>
31 ····</cpe-dict:cpe-list>31 ····</cpe-dict:cpe-list>
32 ··</ds:component>32 ··</ds:component>
33 ··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-xccdf.xml"·timestamp="2022-12-20T09:54:05">33 ··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-xccdf.xml"·timestamp="2022-12-20T09:54:05">
34 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_CHROMIUM"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">34 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_CHROMIUM"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
35 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>35 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
36 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Chromium</xccdf-1.2:title>36 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Chromium</xccdf-1.2:title>
37 ······<xccdf-1.2:description>37 ······<xccdf-1.2:description>
38 ········This·guide·presents·a·catalog·of·security-relevant38 ········This·guide·presents·a·catalog·of·security-relevant
39 configuration·settings·for·Chromium.·It·is·a·rendering·of39 configuration·settings·for·Chromium.·It·is·a·rendering·of
40 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)40 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
41 in·order·to·support·security·automation.··The·SCAP·content·is41 in·order·to·support·security·automation.··The·SCAP·content·is
42 is·available·in·the42 is·available·in·the
1.38 KB
./usr/share/xml/scap/ssg/content/ssg-chromium-ds.xml
1.28 KB
./usr/share/xml/scap/ssg/content/ssg-chromium-ds.xml
    
Offset 28, 15 lines modifiedOffset 28, 15 lines modified
28 ········<cpe-dict:title·xml:lang="en-us">Google·Chromium·Browser</cpe-dict:title>28 ········<cpe-dict:title·xml:lang="en-us">Google·Chromium·Browser</cpe-dict:title>
29 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-chromium-cpe-oval.xml">oval:ssg-installed_app_is_chromium:def:1</cpe-dict:check>29 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-chromium-cpe-oval.xml">oval:ssg-installed_app_is_chromium:def:1</cpe-dict:check>
30 ······</cpe-dict:cpe-item>30 ······</cpe-dict:cpe-item>
31 ····</cpe-dict:cpe-list>31 ····</cpe-dict:cpe-list>
32 ··</ds:component>32 ··</ds:component>
33 ··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-xccdf.xml"·timestamp="2022-12-20T09:54:05">33 ··<ds:component·id="scap_org.open-scap_comp_ssg-chromium-xccdf.xml"·timestamp="2022-12-20T09:54:05">
34 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_CHROMIUM"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">34 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_CHROMIUM"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
35 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>35 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
36 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Chromium</xccdf-1.2:title>36 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Chromium</xccdf-1.2:title>
37 ······<xccdf-1.2:description>37 ······<xccdf-1.2:description>
38 ········This·guide·presents·a·catalog·of·security-relevant38 ········This·guide·presents·a·catalog·of·security-relevant
39 configuration·settings·for·Chromium.·It·is·a·rendering·of39 configuration·settings·for·Chromium.·It·is·a·rendering·of
40 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)40 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
41 in·order·to·support·security·automation.··The·SCAP·content·is41 in·order·to·support·security·automation.··The·SCAP·content·is
42 is·available·in·the42 is·available·in·the
1.17 KB
./usr/share/xml/scap/ssg/content/ssg-chromium-xccdf.xml
1.06 KB
./usr/share/xml/scap/ssg/content/ssg-chromium-xccdf.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Benchmark·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_CHROMIUM"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">2 <xccdf-1.2:Benchmark·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_CHROMIUM"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
3 ··<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>3 ··<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Chromium</xccdf-1.2:title>4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Chromium</xccdf-1.2:title>
5 ··<xccdf-1.2:description>5 ··<xccdf-1.2:description>
6 ····This·guide·presents·a·catalog·of·security-relevant6 ····This·guide·presents·a·catalog·of·security-relevant
7 configuration·settings·for·Chromium.·It·is·a·rendering·of7 configuration·settings·for·Chromium.·It·is·a·rendering·of
8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
9 in·order·to·support·security·automation.··The·SCAP·content·is9 in·order·to·support·security·automation.··The·SCAP·content·is
10 is·available·in·the10 is·available·in·the
1.42 KB
./usr/share/xml/scap/ssg/content/ssg-eks-ds-1.2.xml
1.33 KB
./usr/share/xml/scap/ssg/content/ssg-eks-ds-1.2.xml
    
Offset 36, 15 lines modifiedOffset 36, 15 lines modified
36 ········<cpe-dict:title·xml:lang="en-us">Amazon·Elastic·Kubernetes·Service·Node</cpe-dict:title>36 ········<cpe-dict:title·xml:lang="en-us">Amazon·Elastic·Kubernetes·Service·Node</cpe-dict:title>
37 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-eks-cpe-oval.xml">oval:ssg-installed_app_is_eks_node:def:1</cpe-dict:check>37 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-eks-cpe-oval.xml">oval:ssg-installed_app_is_eks_node:def:1</cpe-dict:check>
38 ······</cpe-dict:cpe-item>38 ······</cpe-dict:cpe-item>
39 ····</cpe-dict:cpe-list>39 ····</cpe-dict:cpe-list>
40 ··</ds:component>40 ··</ds:component>
41 ··<ds:component·id="scap_org.open-scap_comp_ssg-eks-xccdf.xml"·timestamp="2022-12-20T09:54:05">41 ··<ds:component·id="scap_org.open-scap_comp_ssg-eks-xccdf.xml"·timestamp="2022-12-20T09:54:05">
42 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_EKS"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">42 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_EKS"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
43 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>43 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
44 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Amazon·Elastic·Kubernetes·Service</xccdf-1.2:title>44 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Amazon·Elastic·Kubernetes·Service</xccdf-1.2:title>
45 ······<xccdf-1.2:description>45 ······<xccdf-1.2:description>
46 ········This·guide·presents·a·catalog·of·security-relevant46 ········This·guide·presents·a·catalog·of·security-relevant
47 configuration·settings·for·Amazon·Elastic·Kubernetes·Service.·It·is·a·rendering·of47 configuration·settings·for·Amazon·Elastic·Kubernetes·Service.·It·is·a·rendering·of
48 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)48 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
49 in·order·to·support·security·automation.··The·SCAP·content·is49 in·order·to·support·security·automation.··The·SCAP·content·is
50 is·available·in·the50 is·available·in·the
1.41 KB
./usr/share/xml/scap/ssg/content/ssg-eks-ds.xml
1.32 KB
./usr/share/xml/scap/ssg/content/ssg-eks-ds.xml
    
Offset 36, 15 lines modifiedOffset 36, 15 lines modified
36 ········<cpe-dict:title·xml:lang="en-us">Amazon·Elastic·Kubernetes·Service·Node</cpe-dict:title>36 ········<cpe-dict:title·xml:lang="en-us">Amazon·Elastic·Kubernetes·Service·Node</cpe-dict:title>
37 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-eks-cpe-oval.xml">oval:ssg-installed_app_is_eks_node:def:1</cpe-dict:check>37 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-eks-cpe-oval.xml">oval:ssg-installed_app_is_eks_node:def:1</cpe-dict:check>
38 ······</cpe-dict:cpe-item>38 ······</cpe-dict:cpe-item>
39 ····</cpe-dict:cpe-list>39 ····</cpe-dict:cpe-list>
40 ··</ds:component>40 ··</ds:component>
41 ··<ds:component·id="scap_org.open-scap_comp_ssg-eks-xccdf.xml"·timestamp="2022-12-20T09:54:05">41 ··<ds:component·id="scap_org.open-scap_comp_ssg-eks-xccdf.xml"·timestamp="2022-12-20T09:54:05">
42 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_EKS"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">42 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_EKS"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
43 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>43 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
44 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Amazon·Elastic·Kubernetes·Service</xccdf-1.2:title>44 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Amazon·Elastic·Kubernetes·Service</xccdf-1.2:title>
45 ······<xccdf-1.2:description>45 ······<xccdf-1.2:description>
46 ········This·guide·presents·a·catalog·of·security-relevant46 ········This·guide·presents·a·catalog·of·security-relevant
47 configuration·settings·for·Amazon·Elastic·Kubernetes·Service.·It·is·a·rendering·of47 configuration·settings·for·Amazon·Elastic·Kubernetes·Service.·It·is·a·rendering·of
48 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)48 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
49 in·order·to·support·security·automation.··The·SCAP·content·is49 in·order·to·support·security·automation.··The·SCAP·content·is
50 is·available·in·the50 is·available·in·the
1.25 KB
./usr/share/xml/scap/ssg/content/ssg-eks-xccdf.xml
1.15 KB
./usr/share/xml/scap/ssg/content/ssg-eks-xccdf.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_EKS"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_EKS"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
3 ··<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>3 ··<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Amazon·Elastic·Kubernetes·Service</xccdf-1.2:title>4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Amazon·Elastic·Kubernetes·Service</xccdf-1.2:title>
5 ··<xccdf-1.2:description>5 ··<xccdf-1.2:description>
6 ····This·guide·presents·a·catalog·of·security-relevant6 ····This·guide·presents·a·catalog·of·security-relevant
7 configuration·settings·for·Amazon·Elastic·Kubernetes·Service.·It·is·a·rendering·of7 configuration·settings·for·Amazon·Elastic·Kubernetes·Service.·It·is·a·rendering·of
8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
9 in·order·to·support·security·automation.··The·SCAP·content·is9 in·order·to·support·security·automation.··The·SCAP·content·is
10 is·available·in·the10 is·available·in·the
1.38 KB
./usr/share/xml/scap/ssg/content/ssg-firefox-ds-1.2.xml
1.27 KB
./usr/share/xml/scap/ssg/content/ssg-firefox-ds-1.2.xml
    
Offset 28, 15 lines modifiedOffset 28, 15 lines modified
28 ········<cpe-dict:title·xml:lang="en-us">Mozilla·Firefox</cpe-dict:title>28 ········<cpe-dict:title·xml:lang="en-us">Mozilla·Firefox</cpe-dict:title>
29 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-firefox-cpe-oval.xml">oval:ssg-installed_app_is_firefox:def:1</cpe-dict:check>29 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-firefox-cpe-oval.xml">oval:ssg-installed_app_is_firefox:def:1</cpe-dict:check>
30 ······</cpe-dict:cpe-item>30 ······</cpe-dict:cpe-item>
31 ····</cpe-dict:cpe-list>31 ····</cpe-dict:cpe-list>
32 ··</ds:component>32 ··</ds:component>
33 ··<ds:component·id="scap_org.open-scap_comp_ssg-firefox-xccdf.xml"·timestamp="2022-12-20T09:54:05">33 ··<ds:component·id="scap_org.open-scap_comp_ssg-firefox-xccdf.xml"·timestamp="2022-12-20T09:54:05">
34 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_FIREFOX"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">34 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_FIREFOX"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
35 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>35 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
36 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Firefox</xccdf-1.2:title>36 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Firefox</xccdf-1.2:title>
37 ······<xccdf-1.2:description>37 ······<xccdf-1.2:description>
38 ········This·guide·presents·a·catalog·of·security-relevant38 ········This·guide·presents·a·catalog·of·security-relevant
39 configuration·settings·for·Firefox.·It·is·a·rendering·of39 configuration·settings·for·Firefox.·It·is·a·rendering·of
40 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)40 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
41 in·order·to·support·security·automation.··The·SCAP·content·is41 in·order·to·support·security·automation.··The·SCAP·content·is
42 is·available·in·the42 is·available·in·the
1.36 KB
./usr/share/xml/scap/ssg/content/ssg-firefox-ds.xml
1.26 KB
./usr/share/xml/scap/ssg/content/ssg-firefox-ds.xml
    
Offset 28, 15 lines modifiedOffset 28, 15 lines modified
28 ········<cpe-dict:title·xml:lang="en-us">Mozilla·Firefox</cpe-dict:title>28 ········<cpe-dict:title·xml:lang="en-us">Mozilla·Firefox</cpe-dict:title>
29 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-firefox-cpe-oval.xml">oval:ssg-installed_app_is_firefox:def:1</cpe-dict:check>29 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-firefox-cpe-oval.xml">oval:ssg-installed_app_is_firefox:def:1</cpe-dict:check>
30 ······</cpe-dict:cpe-item>30 ······</cpe-dict:cpe-item>
31 ····</cpe-dict:cpe-list>31 ····</cpe-dict:cpe-list>
32 ··</ds:component>32 ··</ds:component>
33 ··<ds:component·id="scap_org.open-scap_comp_ssg-firefox-xccdf.xml"·timestamp="2022-12-20T09:54:05">33 ··<ds:component·id="scap_org.open-scap_comp_ssg-firefox-xccdf.xml"·timestamp="2022-12-20T09:54:05">
34 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_FIREFOX"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">34 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_FIREFOX"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
35 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>35 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
36 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Firefox</xccdf-1.2:title>36 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Firefox</xccdf-1.2:title>
37 ······<xccdf-1.2:description>37 ······<xccdf-1.2:description>
38 ········This·guide·presents·a·catalog·of·security-relevant38 ········This·guide·presents·a·catalog·of·security-relevant
39 configuration·settings·for·Firefox.·It·is·a·rendering·of39 configuration·settings·for·Firefox.·It·is·a·rendering·of
40 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)40 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
41 in·order·to·support·security·automation.··The·SCAP·content·is41 in·order·to·support·security·automation.··The·SCAP·content·is
42 is·available·in·the42 is·available·in·the
1.17 KB
./usr/share/xml/scap/ssg/content/ssg-firefox-xccdf.xml
1.06 KB
./usr/share/xml/scap/ssg/content/ssg-firefox-xccdf.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Benchmark·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_FIREFOX"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">2 <xccdf-1.2:Benchmark·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_FIREFOX"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
3 ··<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>3 ··<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Firefox</xccdf-1.2:title>4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Firefox</xccdf-1.2:title>
5 ··<xccdf-1.2:description>5 ··<xccdf-1.2:description>
6 ····This·guide·presents·a·catalog·of·security-relevant6 ····This·guide·presents·a·catalog·of·security-relevant
7 configuration·settings·for·Firefox.·It·is·a·rendering·of7 configuration·settings·for·Firefox.·It·is·a·rendering·of
8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
9 in·order·to·support·security·automation.··The·SCAP·content·is9 in·order·to·support·security·automation.··The·SCAP·content·is
10 is·available·in·the10 is·available·in·the
2.5 MB
ssg-debderived_0.1.65-1_all.deb
452 B
file list
    
Offset 1, 3 lines modifiedOffset 1, 3 lines modified
1 -rw-r--r--···0········0········0········4·2022-12-20·09:54:05.000000·debian-binary1 -rw-r--r--···0········0········0········4·2022-12-20·09:54:05.000000·debian-binary
2 -rw-r--r--···0········0········0·····2784·2022-12-20·09:54:05.000000·control.tar.xz2 -rw-r--r--···0········0········0·····2780·2022-12-20·09:54:05.000000·control.tar.xz
3 -rw-r--r--···0········0········0··3375696·2022-12-20·09:54:05.000000·data.tar.xz3 -rw-r--r--···0········0········0··3377336·2022-12-20·09:54:05.000000·data.tar.xz
98.0 B
control.tar.xz
70.0 B
control.tar
48.0 B
./md5sums
30.0 B
./md5sums
Files differ
2.5 MB
data.tar.xz
2.5 MB
data.tar
2.02 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu1604-guide-anssi_np_nt28_average.html
    
Offset 14286, 16 lines modifiedOffset 14286, 16 lines modified
00037cd0:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p00037cd0:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p
00037ce0:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version00037ce0:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version
00037cf0:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.6500037cf0:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.65
00037d00:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul00037d00:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul
00037d10:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra00037d10:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra
00037d20:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····00037d20:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····
00037d30:·2020·2020·2020·2020·2020·2020·2020·2020··················00037d30:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037d40:·2861·7320·6f66·2032·3032·342d·3031·2d31··(as·of·2024-01-100037d40:·2861·7320·6f66·2032·3032·352d·3032·2d31··(as·of·2025-02-1
00037d50:·3429·0a20·2020·2020·2020·2020·2020·2020··4).·············00037d50:·3529·0a20·2020·2020·2020·2020·2020·2020··5).·············
00037d60:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d00037d60:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d
00037d70:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·00037d70:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·
00037d80:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol00037d80:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol
00037d90:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x00037d90:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x
00037da0:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj00037da0:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj
00037db0:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou00037db0:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou
00037dc0:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System00037dc0:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System
645 B
html2text {}
    
Offset 37, 15 lines modifiedOffset 37, 15 lines modified
37 *****·Profile·Information·*****37 *****·Profile·Information·*****
38 Profile·Title·Profile·for·ANSSI·DAT-NT28·Average·(Intermediate)·Level38 Profile·Title·Profile·for·ANSSI·DAT-NT28·Average·(Intermediate)·Level
39 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_np_nt28_average39 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_np_nt28_average
40 ***·CPE·Platforms·***40 ***·CPE·Platforms·***
41 ····*·cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~41 ····*·cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
42 *****·Revision·History·*****42 *****·Revision·History·*****
43 Current·version:·0.1.6543 Current·version:·0.1.65
44 ····*·draft·(as·of·2024-01-14)44 ····*·draft·(as·of·2025-02-15)
45 *****·Table·of·Contents·*****45 *****·Table·of·Contents·*****
46 ···1.·System_Settings46 ···1.·System_Settings
47 ·········1.·Installing_and_Maintaining_Software47 ·········1.·Installing_and_Maintaining_Software
48 ·········2.·Configure_Syslog48 ·········2.·Configure_Syslog
49 ·········3.·File_Permissions_and_Masks49 ·········3.·File_Permissions_and_Masks
50 ···2.·Services50 ···2.·Services
51 ·········1.·APT_service_configuration51 ·········1.·APT_service_configuration
1.9 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu1604-guide-anssi_np_nt28_high.html
    
Offset 14288, 15 lines modifiedOffset 14288, 15 lines modified
00037cf0:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v00037cf0:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v
00037d00:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>00037d00:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>
00037d10:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><00037d10:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><
00037d20:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro00037d20:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro
00037d30:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong00037d30:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong
00037d40:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············00037d40:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············
00037d50:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·20200037d50:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·202
00037d60:·342d·3031·2d31·3429·0a20·2020·2020·2020··4-01-14).·······00037d60:·352d·3032·2d31·3529·0a20·2020·2020·2020··5-02-15).·······
00037d70:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></00037d70:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></
00037d80:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab00037d80:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab
00037d90:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</00037d90:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</
00037da0:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr00037da0:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr
00037db0:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s00037db0:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s
00037dc0:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten00037dc0:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten
00037dd0:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">00037dd0:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">
667 B
html2text {}
    
Offset 38, 15 lines modifiedOffset 38, 15 lines modified
38 *****·Profile·Information·*****38 *****·Profile·Information·*****
39 Profile·Title·Profile·for·ANSSI·DAT-NT28·High·(Enforced)·Level39 Profile·Title·Profile·for·ANSSI·DAT-NT28·High·(Enforced)·Level
40 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_np_nt28_high40 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_np_nt28_high
41 ***·CPE·Platforms·***41 ***·CPE·Platforms·***
42 ····*·cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~42 ····*·cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
43 *****·Revision·History·*****43 *****·Revision·History·*****
44 Current·version:·0.1.6544 Current·version:·0.1.65
45 ····*·draft·(as·of·2024-01-14)45 ····*·draft·(as·of·2025-02-15)
46 *****·Table·of·Contents·*****46 *****·Table·of·Contents·*****
47 ···1.·System_Settings47 ···1.·System_Settings
48 ·········1.·Installing_and_Maintaining_Software48 ·········1.·Installing_and_Maintaining_Software
49 ·········2.·System_Accounting_with_auditd49 ·········2.·System_Accounting_with_auditd
50 ·········3.·GRUB2_bootloader_configuration50 ·········3.·GRUB2_bootloader_configuration
51 ·········4.·Configure_Syslog51 ·········4.·Configure_Syslog
52 ·········5.·File_Permissions_and_Masks52 ·········5.·File_Permissions_and_Masks
1.87 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu1604-guide-anssi_np_nt28_minimal.html
    
Offset 14281, 15 lines modifiedOffset 14281, 15 lines modified
00037c80:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current00037c80:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current
00037c90:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron00037c90:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron
00037ca0:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong00037ca0:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong
00037cb0:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st00037cb0:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st
00037cc0:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro00037cc0:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro
00037cd0:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············00037cd0:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············
00037ce0:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·200037ce0:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·2
00037cf0:·3032·342d·3031·2d31·3429·0a20·2020·2020··024-01-14).·····00037cf0:·3032·352d·3032·2d31·3529·0a20·2020·2020··025-02-15).·····
00037d00:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>00037d00:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>
00037d10:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T00037d10:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T
00037d20:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents00037d20:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents
00037d30:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·00037d30:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·
00037d40:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org00037d40:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org
00037d50:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont00037d50:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont
00037d60:·656e·745f·6772·6f75·705f·7379·7374·656d··ent_group_system00037d60:·656e·745f·6772·6f75·705f·7379·7374·656d··ent_group_system
633 B
html2text {}
    
Offset 36, 15 lines modifiedOffset 36, 15 lines modified
36 *****·Profile·Information·*****36 *****·Profile·Information·*****
37 Profile·Title·Profile·for·ANSSI·DAT-NT28·Minimal·Level37 Profile·Title·Profile·for·ANSSI·DAT-NT28·Minimal·Level
38 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_np_nt28_minimal38 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_np_nt28_minimal
39 ***·CPE·Platforms·***39 ***·CPE·Platforms·***
40 ····*·cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~40 ····*·cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
41 *****·Revision·History·*****41 *****·Revision·History·*****
42 Current·version:·0.1.6542 Current·version:·0.1.65
43 ····*·draft·(as·of·2024-01-14)43 ····*·draft·(as·of·2025-02-15)
44 *****·Table·of·Contents·*****44 *****·Table·of·Contents·*****
45 ···1.·System_Settings45 ···1.·System_Settings
46 ·········1.·Installing_and_Maintaining_Software46 ·········1.·Installing_and_Maintaining_Software
47 ·········2.·File_Permissions_and_Masks47 ·········2.·File_Permissions_and_Masks
48 ···2.·Services48 ···2.·Services
49 ·········1.·APT_service_configuration49 ·········1.·APT_service_configuration
50 ·········2.·Deprecated_services50 ·········2.·Deprecated_services
1.89 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu1604-guide-anssi_np_nt28_restrictive.html
    
Offset 14285, 15 lines modifiedOffset 14285, 15 lines modified
00037cc0:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current00037cc0:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current
00037cd0:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron00037cd0:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron
00037ce0:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong00037ce0:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong
00037cf0:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st00037cf0:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st
00037d00:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro00037d00:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro
00037d10:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············00037d10:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············
00037d20:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·200037d20:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·2
00037d30:·3032·342d·3031·2d31·3429·0a20·2020·2020··024-01-14).·····00037d30:·3032·352d·3032·2d31·3529·0a20·2020·2020··025-02-15).·····
00037d40:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>00037d40:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>
00037d50:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T00037d50:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T
00037d60:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents00037d60:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents
00037d70:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·00037d70:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·
00037d80:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org00037d80:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org
00037d90:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont00037d90:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont
00037da0:·656e·745f·6772·6f75·705f·7379·7374·656d··ent_group_system00037da0:·656e·745f·6772·6f75·705f·7379·7374·656d··ent_group_system
642 B
html2text {}
    
Offset 37, 15 lines modifiedOffset 37, 15 lines modified
37 *****·Profile·Information·*****37 *****·Profile·Information·*****
38 Profile·Title·Profile·for·ANSSI·DAT-NT28·Restrictive·Level38 Profile·Title·Profile·for·ANSSI·DAT-NT28·Restrictive·Level
39 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_np_nt28_restrictive39 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_np_nt28_restrictive
40 ***·CPE·Platforms·***40 ***·CPE·Platforms·***
41 ····*·cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~41 ····*·cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
42 *****·Revision·History·*****42 *****·Revision·History·*****
43 Current·version:·0.1.6543 Current·version:·0.1.65
44 ····*·draft·(as·of·2024-01-14)44 ····*·draft·(as·of·2025-02-15)
45 *****·Table·of·Contents·*****45 *****·Table·of·Contents·*****
46 ···1.·System_Settings46 ···1.·System_Settings
47 ·········1.·Installing_and_Maintaining_Software47 ·········1.·Installing_and_Maintaining_Software
48 ·········2.·System_Accounting_with_auditd48 ·········2.·System_Accounting_with_auditd
49 ·········3.·Configure_Syslog49 ·········3.·Configure_Syslog
50 ·········4.·File_Permissions_and_Masks50 ·········4.·File_Permissions_and_Masks
51 ···2.·Services51 ···2.·Services
1.98 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu1604-guide-standard.html
    
Offset 14287, 16 lines modifiedOffset 14287, 16 lines modified
00037ce0:·7669·7369·6f6e·2048·6973·746f·7279·3c2f··vision·History</00037ce0:·7669·7369·6f6e·2048·6973·746f·7279·3c2f··vision·History</
00037cf0:·6832·3e3c·703e·4375·7272·656e·7420·7665··h2><p>Current·ve00037cf0:·6832·3e3c·703e·4375·7272·656e·7420·7665··h2><p>Current·ve
00037d00:·7273·696f·6e3a·203c·7374·726f·6e67·3e30··rsion:·<strong>000037d00:·7273·696f·6e3a·203c·7374·726f·6e67·3e30··rsion:·<strong>0
00037d10:·2e31·2e36·353c·2f73·7472·6f6e·673e·3c2f··.1.65</strong></00037d10:·2e31·2e36·353c·2f73·7472·6f6e·673e·3c2f··.1.65</strong></
00037d20:·703e·3c75·6c3e·3c6c·693e·3c73·7472·6f6e··p><ul><li><stron00037d20:·703e·3c75·6c3e·3c6c·693e·3c73·7472·6f6e··p><ul><li><stron
00037d30:·673e·6472·6166·743c·2f73·7472·6f6e·673e··g>draft</strong>00037d30:·673e·6472·6166·743c·2f73·7472·6f6e·673e··g>draft</strong>
00037d40:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············00037d40:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············
00037d50:·2020·2020·2028·6173·206f·6620·3230·3234·······(as·of·202400037d50:·2020·2020·2028·6173·206f·6620·3230·3235·······(as·of·2025
00037d60:·2d30·312d·3134·290a·2020·2020·2020·2020··-01-14).········00037d60:·2d30·322d·3135·290a·2020·2020·2020·2020··-02-15).········
00037d70:·2020·2020·2020·2020·3c2f·6c69·3e3c·2f75··········</li></u00037d70:·2020·2020·2020·2020·3c2f·6c69·3e3c·2f75··········</li></u
00037d80:·6c3e·3c2f·6469·763e·3c68·323e·5461·626c··l></div><h2>Tabl00037d80:·6c3e·3c2f·6469·763e·3c68·323e·5461·626c··l></div><h2>Tabl
00037d90:·6520·6f66·2043·6f6e·7465·6e74·733c·2f68··e·of·Contents</h00037d90:·6520·6f66·2043·6f6e·7465·6e74·733c·2f68··e·of·Contents</h
00037da0:·323e·3c6f·6c3e·3c6c·693e·3c61·2068·7265··2><ol><li><a·hre00037da0:·323e·3c6f·6c3e·3c6c·693e·3c61·2068·7265··2><ol><li><a·hre
00037db0:·663d·2223·7863·6364·665f·6f72·672e·7373··f="#xccdf_org.ss00037db0:·663d·2223·7863·6364·665f·6f72·672e·7373··f="#xccdf_org.ss
00037dc0:·6770·726f·6a65·6374·2e63·6f6e·7465·6e74··gproject.content00037dc0:·6770·726f·6a65·6374·2e63·6f6e·7465·6e74··gproject.content
00037dd0:·5f67·726f·7570·5f73·7973·7465·6d22·3e53··_group_system">S00037dd0:·5f67·726f·7570·5f73·7973·7465·6d22·3e53··_group_system">S
630 B
html2text {}
    
Offset 38, 15 lines modifiedOffset 38, 15 lines modified
38 *****·Profile·Information·*****38 *****·Profile·Information·*****
39 Profile·Title·Standard·System·Security·Profile·for·Ubuntu·16.0439 Profile·Title·Standard·System·Security·Profile·for·Ubuntu·16.04
40 Profile·ID····xccdf_org.ssgproject.content_profile_standard40 Profile·ID····xccdf_org.ssgproject.content_profile_standard
41 ***·CPE·Platforms·***41 ***·CPE·Platforms·***
42 ····*·cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~42 ····*·cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~
43 *****·Revision·History·*****43 *****·Revision·History·*****
44 Current·version:·0.1.6544 Current·version:·0.1.65
45 ····*·draft·(as·of·2024-01-14)45 ····*·draft·(as·of·2025-02-15)
46 *****·Table·of·Contents·*****46 *****·Table·of·Contents·*****
47 ···1.·System_Settings47 ···1.·System_Settings
48 ·········1.·Installing_and_Maintaining_Software48 ·········1.·Installing_and_Maintaining_Software
49 ·········2.·System_Accounting_with_auditd49 ·········2.·System_Accounting_with_auditd
50 ·········3.·Configure_Syslog50 ·········3.·Configure_Syslog
51 ·········4.·File_Permissions_and_Masks51 ·········4.·File_Permissions_and_Masks
52 ···2.·Services52 ···2.·Services
2.02 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu1804-guide-anssi_np_nt28_average.html
    
Offset 14286, 16 lines modifiedOffset 14286, 16 lines modified
00037cd0:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p00037cd0:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p
00037ce0:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version00037ce0:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version
00037cf0:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.6500037cf0:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.65
00037d00:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul00037d00:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul
00037d10:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra00037d10:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra
00037d20:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····00037d20:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····
00037d30:·2020·2020·2020·2020·2020·2020·2020·2020··················00037d30:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037d40:·2861·7320·6f66·2032·3032·342d·3031·2d31··(as·of·2024-01-100037d40:·2861·7320·6f66·2032·3032·352d·3032·2d31··(as·of·2025-02-1
00037d50:·3429·0a20·2020·2020·2020·2020·2020·2020··4).·············00037d50:·3529·0a20·2020·2020·2020·2020·2020·2020··5).·············
00037d60:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d00037d60:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d
00037d70:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·00037d70:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·
00037d80:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol00037d80:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol
00037d90:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x00037d90:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x
00037da0:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj00037da0:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj
00037db0:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou00037db0:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou
00037dc0:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System00037dc0:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System
645 B
html2text {}
    
Offset 37, 15 lines modifiedOffset 37, 15 lines modified
37 *****·Profile·Information·*****37 *****·Profile·Information·*****
38 Profile·Title·Profile·for·ANSSI·DAT-NT28·Average·(Intermediate)·Level38 Profile·Title·Profile·for·ANSSI·DAT-NT28·Average·(Intermediate)·Level
39 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_np_nt28_average39 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_np_nt28_average
40 ***·CPE·Platforms·***40 ***·CPE·Platforms·***
41 ····*·cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~41 ····*·cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
42 *****·Revision·History·*****42 *****·Revision·History·*****
43 Current·version:·0.1.6543 Current·version:·0.1.65
44 ····*·draft·(as·of·2024-01-14)44 ····*·draft·(as·of·2025-02-15)
45 *****·Table·of·Contents·*****45 *****·Table·of·Contents·*****
46 ···1.·System_Settings46 ···1.·System_Settings
47 ·········1.·Installing_and_Maintaining_Software47 ·········1.·Installing_and_Maintaining_Software
48 ·········2.·Configure_Syslog48 ·········2.·Configure_Syslog
49 ·········3.·File_Permissions_and_Masks49 ·········3.·File_Permissions_and_Masks
50 ···2.·Services50 ···2.·Services
51 ·········1.·APT_service_configuration51 ·········1.·APT_service_configuration
1.9 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu1804-guide-anssi_np_nt28_high.html
    
Offset 14288, 15 lines modifiedOffset 14288, 15 lines modified
00037cf0:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v00037cf0:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v
00037d00:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>00037d00:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>
00037d10:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><00037d10:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><
00037d20:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro00037d20:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro
00037d30:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong00037d30:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong
00037d40:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············00037d40:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············
00037d50:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·20200037d50:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·202
00037d60:·342d·3031·2d31·3429·0a20·2020·2020·2020··4-01-14).·······00037d60:·352d·3032·2d31·3529·0a20·2020·2020·2020··5-02-15).·······
00037d70:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></00037d70:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></
00037d80:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab00037d80:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab
00037d90:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</00037d90:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</
00037da0:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr00037da0:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr
00037db0:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s00037db0:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s
00037dc0:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten00037dc0:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten
00037dd0:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">00037dd0:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">
667 B
html2text {}
    
Offset 38, 15 lines modifiedOffset 38, 15 lines modified
38 *****·Profile·Information·*****38 *****·Profile·Information·*****
39 Profile·Title·Profile·for·ANSSI·DAT-NT28·High·(Enforced)·Level39 Profile·Title·Profile·for·ANSSI·DAT-NT28·High·(Enforced)·Level
40 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_np_nt28_high40 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_np_nt28_high
41 ***·CPE·Platforms·***41 ***·CPE·Platforms·***
42 ····*·cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~42 ····*·cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
43 *****·Revision·History·*****43 *****·Revision·History·*****
44 Current·version:·0.1.6544 Current·version:·0.1.65
45 ····*·draft·(as·of·2024-01-14)45 ····*·draft·(as·of·2025-02-15)
46 *****·Table·of·Contents·*****46 *****·Table·of·Contents·*****
47 ···1.·System_Settings47 ···1.·System_Settings
48 ·········1.·Installing_and_Maintaining_Software48 ·········1.·Installing_and_Maintaining_Software
49 ·········2.·System_Accounting_with_auditd49 ·········2.·System_Accounting_with_auditd
50 ·········3.·GRUB2_bootloader_configuration50 ·········3.·GRUB2_bootloader_configuration
51 ·········4.·Configure_Syslog51 ·········4.·Configure_Syslog
52 ·········5.·File_Permissions_and_Masks52 ·········5.·File_Permissions_and_Masks
1.87 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu1804-guide-anssi_np_nt28_minimal.html
    
Offset 14281, 15 lines modifiedOffset 14281, 15 lines modified
00037c80:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current00037c80:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current
00037c90:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron00037c90:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron
00037ca0:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong00037ca0:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong
00037cb0:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st00037cb0:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st
00037cc0:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro00037cc0:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro
00037cd0:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············00037cd0:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············
00037ce0:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·200037ce0:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·2
00037cf0:·3032·342d·3031·2d31·3429·0a20·2020·2020··024-01-14).·····00037cf0:·3032·352d·3032·2d31·3529·0a20·2020·2020··025-02-15).·····
00037d00:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>00037d00:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>
00037d10:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T00037d10:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T
00037d20:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents00037d20:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents
00037d30:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·00037d30:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·
00037d40:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org00037d40:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org
00037d50:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont00037d50:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont
00037d60:·656e·745f·6772·6f75·705f·7379·7374·656d··ent_group_system00037d60:·656e·745f·6772·6f75·705f·7379·7374·656d··ent_group_system
633 B
html2text {}
    
Offset 36, 15 lines modifiedOffset 36, 15 lines modified
36 *****·Profile·Information·*****36 *****·Profile·Information·*****
37 Profile·Title·Profile·for·ANSSI·DAT-NT28·Minimal·Level37 Profile·Title·Profile·for·ANSSI·DAT-NT28·Minimal·Level
38 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_np_nt28_minimal38 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_np_nt28_minimal
39 ***·CPE·Platforms·***39 ***·CPE·Platforms·***
40 ····*·cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~40 ····*·cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
41 *****·Revision·History·*****41 *****·Revision·History·*****
42 Current·version:·0.1.6542 Current·version:·0.1.65
43 ····*·draft·(as·of·2024-01-14)43 ····*·draft·(as·of·2025-02-15)
44 *****·Table·of·Contents·*****44 *****·Table·of·Contents·*****
45 ···1.·System_Settings45 ···1.·System_Settings
46 ·········1.·Installing_and_Maintaining_Software46 ·········1.·Installing_and_Maintaining_Software
47 ·········2.·File_Permissions_and_Masks47 ·········2.·File_Permissions_and_Masks
48 ···2.·Services48 ···2.·Services
49 ·········1.·APT_service_configuration49 ·········1.·APT_service_configuration
50 ·········2.·Deprecated_services50 ·········2.·Deprecated_services
1.89 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu1804-guide-anssi_np_nt28_restrictive.html
    
Offset 14285, 15 lines modifiedOffset 14285, 15 lines modified
00037cc0:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current00037cc0:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current
00037cd0:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron00037cd0:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron
00037ce0:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong00037ce0:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong
00037cf0:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st00037cf0:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st
00037d00:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro00037d00:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro
00037d10:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············00037d10:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············
00037d20:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·200037d20:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·2
00037d30:·3032·342d·3031·2d31·3429·0a20·2020·2020··024-01-14).·····00037d30:·3032·352d·3032·2d31·3529·0a20·2020·2020··025-02-15).·····
00037d40:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>00037d40:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>
00037d50:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T00037d50:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T
00037d60:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents00037d60:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents
00037d70:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·00037d70:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·
00037d80:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org00037d80:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org
00037d90:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont00037d90:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont
00037da0:·656e·745f·6772·6f75·705f·7379·7374·656d··ent_group_system00037da0:·656e·745f·6772·6f75·705f·7379·7374·656d··ent_group_system
642 B
html2text {}
    
Offset 37, 15 lines modifiedOffset 37, 15 lines modified
37 *****·Profile·Information·*****37 *****·Profile·Information·*****
38 Profile·Title·Profile·for·ANSSI·DAT-NT28·Restrictive·Level38 Profile·Title·Profile·for·ANSSI·DAT-NT28·Restrictive·Level
39 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_np_nt28_restrictive39 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_np_nt28_restrictive
40 ***·CPE·Platforms·***40 ***·CPE·Platforms·***
41 ····*·cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~41 ····*·cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
42 *****·Revision·History·*****42 *****·Revision·History·*****
43 Current·version:·0.1.6543 Current·version:·0.1.65
44 ····*·draft·(as·of·2024-01-14)44 ····*·draft·(as·of·2025-02-15)
45 *****·Table·of·Contents·*****45 *****·Table·of·Contents·*****
46 ···1.·System_Settings46 ···1.·System_Settings
47 ·········1.·Installing_and_Maintaining_Software47 ·········1.·Installing_and_Maintaining_Software
48 ·········2.·System_Accounting_with_auditd48 ·········2.·System_Accounting_with_auditd
49 ·········3.·Configure_Syslog49 ·········3.·Configure_Syslog
50 ·········4.·File_Permissions_and_Masks50 ·········4.·File_Permissions_and_Masks
51 ···2.·Services51 ···2.·Services
1.83 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu1804-guide-cis.html
    
Offset 14282, 15 lines modifiedOffset 14282, 15 lines modified
00037c90:·6f72·793c·2f68·323e·3c70·3e43·7572·7265··ory</h2><p>Curre00037c90:·6f72·793c·2f68·323e·3c70·3e43·7572·7265··ory</h2><p>Curre
00037ca0:·6e74·2076·6572·7369·6f6e·3a20·3c73·7472··nt·version:·<str00037ca0:·6e74·2076·6572·7369·6f6e·3a20·3c73·7472··nt·version:·<str
00037cb0:·6f6e·673e·302e·312e·3635·3c2f·7374·726f··ong>0.1.65</stro00037cb0:·6f6e·673e·302e·312e·3635·3c2f·7374·726f··ong>0.1.65</stro
00037cc0:·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c··ng></p><ul><li><00037cc0:·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c··ng></p><ul><li><
00037cd0:·7374·726f·6e67·3e64·7261·6674·3c2f·7374··strong>draft</st00037cd0:·7374·726f·6e67·3e64·7261·6674·3c2f·7374··strong>draft</st
00037ce0:·726f·6e67·3e0a·2020·2020·2020·2020·2020··rong>.··········00037ce0:·726f·6e67·3e0a·2020·2020·2020·2020·2020··rong>.··········
00037cf0:·2020·2020·2020·2020·2020·2861·7320·6f66············(as·of00037cf0:·2020·2020·2020·2020·2020·2861·7320·6f66············(as·of
00037d00:·2032·3032·342d·3031·2d31·3429·0a20·2020···2024-01-14).···00037d00:·2032·3032·352d·3032·2d31·3529·0a20·2020···2025-02-15).···
00037d10:·2020·2020·2020·2020·2020·2020·203c·2f6c···············</l00037d10:·2020·2020·2020·2020·2020·2020·203c·2f6c···············</l
00037d20:·693e·3c2f·756c·3e3c·2f64·6976·3e3c·6832··i></ul></div><h200037d20:·693e·3c2f·756c·3e3c·2f64·6976·3e3c·6832··i></ul></div><h2
00037d30:·3e54·6162·6c65·206f·6620·436f·6e74·656e··>Table·of·Conten00037d30:·3e54·6162·6c65·206f·6620·436f·6e74·656e··>Table·of·Conten
00037d40:·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c··ts</h2><ol><li><00037d40:·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c··ts</h2><ol><li><
00037d50:·6120·6872·6566·3d22·2378·6363·6466·5f6f··a·href="#xccdf_o00037d50:·6120·6872·6566·3d22·2378·6363·6466·5f6f··a·href="#xccdf_o
00037d60:·7267·2e73·7367·7072·6f6a·6563·742e·636f··rg.ssgproject.co00037d60:·7267·2e73·7367·7072·6f6a·6563·742e·636f··rg.ssgproject.co
00037d70:·6e74·656e·745f·6772·6f75·705f·7379·7374··ntent_group_syst00037d70:·6e74·656e·745f·6772·6f75·705f·7379·7374··ntent_group_syst
625 B
html2text {}
    
Offset 37, 15 lines modifiedOffset 37, 15 lines modified
37 *****·Profile·Information·*****37 *****·Profile·Information·*****
38 Profile·Title·CIS·Ubuntu·18.04·LTS·Benchmark38 Profile·Title·CIS·Ubuntu·18.04·LTS·Benchmark
39 Profile·ID····xccdf_org.ssgproject.content_profile_cis39 Profile·ID····xccdf_org.ssgproject.content_profile_cis
40 ***·CPE·Platforms·***40 ***·CPE·Platforms·***
41 ····*·cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~41 ····*·cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
42 *****·Revision·History·*****42 *****·Revision·History·*****
43 Current·version:·0.1.6543 Current·version:·0.1.65
44 ····*·draft·(as·of·2024-01-14)44 ····*·draft·(as·of·2025-02-15)
45 *****·Table·of·Contents·*****45 *****·Table·of·Contents·*****
46 ···1.·System_Settings46 ···1.·System_Settings
47 ·········1.·Installing_and_Maintaining_Software47 ·········1.·Installing_and_Maintaining_Software
48 ·········2.·System_Accounting_with_auditd48 ·········2.·System_Accounting_with_auditd
49 ·········3.·Network_Configuration_and_Firewalls49 ·········3.·Network_Configuration_and_Firewalls
50 ·········4.·File_Permissions_and_Masks50 ·········4.·File_Permissions_and_Masks
51 ···2.·Services51 ···2.·Services
1.98 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu1804-guide-standard.html
    
Offset 14287, 16 lines modifiedOffset 14287, 16 lines modified
00037ce0:·7669·7369·6f6e·2048·6973·746f·7279·3c2f··vision·History</00037ce0:·7669·7369·6f6e·2048·6973·746f·7279·3c2f··vision·History</
00037cf0:·6832·3e3c·703e·4375·7272·656e·7420·7665··h2><p>Current·ve00037cf0:·6832·3e3c·703e·4375·7272·656e·7420·7665··h2><p>Current·ve
00037d00:·7273·696f·6e3a·203c·7374·726f·6e67·3e30··rsion:·<strong>000037d00:·7273·696f·6e3a·203c·7374·726f·6e67·3e30··rsion:·<strong>0
00037d10:·2e31·2e36·353c·2f73·7472·6f6e·673e·3c2f··.1.65</strong></00037d10:·2e31·2e36·353c·2f73·7472·6f6e·673e·3c2f··.1.65</strong></
00037d20:·703e·3c75·6c3e·3c6c·693e·3c73·7472·6f6e··p><ul><li><stron00037d20:·703e·3c75·6c3e·3c6c·693e·3c73·7472·6f6e··p><ul><li><stron
00037d30:·673e·6472·6166·743c·2f73·7472·6f6e·673e··g>draft</strong>00037d30:·673e·6472·6166·743c·2f73·7472·6f6e·673e··g>draft</strong>
00037d40:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············00037d40:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············
00037d50:·2020·2020·2028·6173·206f·6620·3230·3234·······(as·of·202400037d50:·2020·2020·2028·6173·206f·6620·3230·3235·······(as·of·2025
00037d60:·2d30·312d·3134·290a·2020·2020·2020·2020··-01-14).········00037d60:·2d30·322d·3135·290a·2020·2020·2020·2020··-02-15).········
00037d70:·2020·2020·2020·2020·3c2f·6c69·3e3c·2f75··········</li></u00037d70:·2020·2020·2020·2020·3c2f·6c69·3e3c·2f75··········</li></u
00037d80:·6c3e·3c2f·6469·763e·3c68·323e·5461·626c··l></div><h2>Tabl00037d80:·6c3e·3c2f·6469·763e·3c68·323e·5461·626c··l></div><h2>Tabl
00037d90:·6520·6f66·2043·6f6e·7465·6e74·733c·2f68··e·of·Contents</h00037d90:·6520·6f66·2043·6f6e·7465·6e74·733c·2f68··e·of·Contents</h
00037da0:·323e·3c6f·6c3e·3c6c·693e·3c61·2068·7265··2><ol><li><a·hre00037da0:·323e·3c6f·6c3e·3c6c·693e·3c61·2068·7265··2><ol><li><a·hre
00037db0:·663d·2223·7863·6364·665f·6f72·672e·7373··f="#xccdf_org.ss00037db0:·663d·2223·7863·6364·665f·6f72·672e·7373··f="#xccdf_org.ss
00037dc0:·6770·726f·6a65·6374·2e63·6f6e·7465·6e74··gproject.content00037dc0:·6770·726f·6a65·6374·2e63·6f6e·7465·6e74··gproject.content
00037dd0:·5f67·726f·7570·5f73·7973·7465·6d22·3e53··_group_system">S00037dd0:·5f67·726f·7570·5f73·7973·7465·6d22·3e53··_group_system">S
630 B
html2text {}
    
Offset 38, 15 lines modifiedOffset 38, 15 lines modified
38 *****·Profile·Information·*****38 *****·Profile·Information·*****
39 Profile·Title·Standard·System·Security·Profile·for·Ubuntu·18.0439 Profile·Title·Standard·System·Security·Profile·for·Ubuntu·18.04
40 Profile·ID····xccdf_org.ssgproject.content_profile_standard40 Profile·ID····xccdf_org.ssgproject.content_profile_standard
41 ***·CPE·Platforms·***41 ***·CPE·Platforms·***
42 ····*·cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~42 ····*·cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
43 *****·Revision·History·*****43 *****·Revision·History·*****
44 Current·version:·0.1.6544 Current·version:·0.1.65
45 ····*·draft·(as·of·2024-01-14)45 ····*·draft·(as·of·2025-02-15)
46 *****·Table·of·Contents·*****46 *****·Table·of·Contents·*****
47 ···1.·System_Settings47 ···1.·System_Settings
48 ·········1.·Installing_and_Maintaining_Software48 ·········1.·Installing_and_Maintaining_Software
49 ·········2.·System_Accounting_with_auditd49 ·········2.·System_Accounting_with_auditd
50 ·········3.·Configure_Syslog50 ·········3.·Configure_Syslog
51 ·········4.·File_Permissions_and_Masks51 ·········4.·File_Permissions_and_Masks
52 ···2.·Services52 ···2.·Services
1.9 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu2004-guide-cis_level1_server.html
    
Offset 14284, 15 lines modifiedOffset 14284, 15 lines modified
00037cb0:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C00037cb0:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C
00037cc0:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·00037cc0:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·
00037cd0:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</00037cd0:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</
00037ce0:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><00037ce0:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><
00037cf0:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft00037cf0:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft
00037d00:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······00037d00:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······
00037d10:·2020·2020·2020·2020·2020·2020·2020·2861················(a00037d10:·2020·2020·2020·2020·2020·2020·2020·2861················(a
00037d20:·7320·6f66·2032·3032·342d·3031·2d31·3429··s·of·2024-01-14)00037d20:·7320·6f66·2032·3032·352d·3032·2d31·3529··s·of·2025-02-15)
00037d30:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············00037d30:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············
00037d40:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div00037d40:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div
00037d50:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co00037d50:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co
00037d60:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><00037d60:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><
00037d70:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc00037d70:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc
00037d80:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec00037d80:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec
00037d90:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_00037d90:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_
665 B
html2text {}
    
Offset 37, 15 lines modifiedOffset 37, 15 lines modified
37 *****·Profile·Information·*****37 *****·Profile·Information·*****
38 Profile·Title·CIS·Ubuntu·20.04·Level·1·Server·Benchmark38 Profile·Title·CIS·Ubuntu·20.04·Level·1·Server·Benchmark
39 Profile·ID····xccdf_org.ssgproject.content_profile_cis_level1_server39 Profile·ID····xccdf_org.ssgproject.content_profile_cis_level1_server
40 ***·CPE·Platforms·***40 ***·CPE·Platforms·***
41 ····*·cpe:/o:canonical:ubuntu_linux:20.04::~~lts~~~41 ····*·cpe:/o:canonical:ubuntu_linux:20.04::~~lts~~~
42 *****·Revision·History·*****42 *****·Revision·History·*****
43 Current·version:·0.1.6543 Current·version:·0.1.65
44 ····*·draft·(as·of·2024-01-14)44 ····*·draft·(as·of·2025-02-15)
45 *****·Table·of·Contents·*****45 *****·Table·of·Contents·*****
46 ···1.·System_Settings46 ···1.·System_Settings
47 ·········1.·Installing_and_Maintaining_Software47 ·········1.·Installing_and_Maintaining_Software
48 ·········2.·Account_and_Access_Control48 ·········2.·Account_and_Access_Control
49 ·········3.·GRUB2_bootloader_configuration49 ·········3.·GRUB2_bootloader_configuration
50 ·········4.·Configure_Syslog50 ·········4.·Configure_Syslog
51 ·········5.·Network_Configuration_and_Firewalls51 ·········5.·Network_Configuration_and_Firewalls
1.92 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu2004-guide-cis_level1_workstation.html
    
Offset 14285, 15 lines modifiedOffset 14285, 15 lines modified
00037cc0:·6973·746f·7279·3c2f·6832·3e3c·703e·4375··istory</h2><p>Cu00037cc0:·6973·746f·7279·3c2f·6832·3e3c·703e·4375··istory</h2><p>Cu
00037cd0:·7272·656e·7420·7665·7273·696f·6e3a·203c··rrent·version:·<00037cd0:·7272·656e·7420·7665·7273·696f·6e3a·203c··rrent·version:·<
00037ce0:·7374·726f·6e67·3e30·2e31·2e36·353c·2f73··strong>0.1.65</s00037ce0:·7374·726f·6e67·3e30·2e31·2e36·353c·2f73··strong>0.1.65</s
00037cf0:·7472·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c··trong></p><ul><l00037cf0:·7472·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c··trong></p><ul><l
00037d00:·693e·3c73·7472·6f6e·673e·6472·6166·743c··i><strong>draft<00037d00:·693e·3c73·7472·6f6e·673e·6472·6166·743c··i><strong>draft<
00037d10:·2f73·7472·6f6e·673e·0a20·2020·2020·2020··/strong>.·······00037d10:·2f73·7472·6f6e·673e·0a20·2020·2020·2020··/strong>.·······
00037d20:·2020·2020·2020·2020·2020·2020·2028·6173···············(as00037d20:·2020·2020·2020·2020·2020·2020·2028·6173···············(as
00037d30:·206f·6620·3230·3234·2d30·312d·3134·290a···of·2024-01-14).00037d30:·206f·6620·3230·3235·2d30·322d·3135·290a···of·2025-02-15).
00037d40:·2020·2020·2020·2020·2020·2020·2020·2020··················00037d40:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037d50:·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469·763e··</li></ul></div>00037d50:·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469·763e··</li></ul></div>
00037d60:·3c68·323e·5461·626c·6520·6f66·2043·6f6e··<h2>Table·of·Con00037d60:·3c68·323e·5461·626c·6520·6f66·2043·6f6e··<h2>Table·of·Con
00037d70:·7465·6e74·733c·2f68·323e·3c6f·6c3e·3c6c··tents</h2><ol><l00037d70:·7465·6e74·733c·2f68·323e·3c6f·6c3e·3c6c··tents</h2><ol><l
00037d80:·693e·3c61·2068·7265·663d·2223·7863·6364··i><a·href="#xccd00037d80:·693e·3c61·2068·7265·663d·2223·7863·6364··i><a·href="#xccd
00037d90:·665f·6f72·672e·7373·6770·726f·6a65·6374··f_org.ssgproject00037d90:·665f·6f72·672e·7373·6770·726f·6a65·6374··f_org.ssgproject
00037da0:·2e63·6f6e·7465·6e74·5f67·726f·7570·5f73··.content_group_s00037da0:·2e63·6f6e·7465·6e74·5f67·726f·7570·5f73··.content_group_s
675 B
html2text {}
    
Offset 37, 15 lines modifiedOffset 37, 15 lines modified
37 *****·Profile·Information·*****37 *****·Profile·Information·*****
38 Profile·Title·CIS·Ubuntu·20.04·Level·1·Workstation·Benchmark38 Profile·Title·CIS·Ubuntu·20.04·Level·1·Workstation·Benchmark
39 Profile·ID····xccdf_org.ssgproject.content_profile_cis_level1_workstation39 Profile·ID····xccdf_org.ssgproject.content_profile_cis_level1_workstation
40 ***·CPE·Platforms·***40 ***·CPE·Platforms·***
41 ····*·cpe:/o:canonical:ubuntu_linux:20.04::~~lts~~~41 ····*·cpe:/o:canonical:ubuntu_linux:20.04::~~lts~~~
42 *****·Revision·History·*****42 *****·Revision·History·*****
43 Current·version:·0.1.6543 Current·version:·0.1.65
44 ····*·draft·(as·of·2024-01-14)44 ····*·draft·(as·of·2025-02-15)
45 *****·Table·of·Contents·*****45 *****·Table·of·Contents·*****
46 ···1.·System_Settings46 ···1.·System_Settings
47 ·········1.·Installing_and_Maintaining_Software47 ·········1.·Installing_and_Maintaining_Software
48 ·········2.·Account_and_Access_Control48 ·········2.·Account_and_Access_Control
49 ·········3.·GRUB2_bootloader_configuration49 ·········3.·GRUB2_bootloader_configuration
50 ·········4.·Configure_Syslog50 ·········4.·Configure_Syslog
51 ·········5.·Network_Configuration_and_Firewalls51 ·········5.·Network_Configuration_and_Firewalls
1.89 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu2004-guide-cis_level2_server.html
    
Offset 14284, 15 lines modifiedOffset 14284, 15 lines modified
00037cb0:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C00037cb0:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C
00037cc0:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·00037cc0:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·
00037cd0:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</00037cd0:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</
00037ce0:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><00037ce0:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><
00037cf0:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft00037cf0:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft
00037d00:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······00037d00:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······
00037d10:·2020·2020·2020·2020·2020·2020·2020·2861················(a00037d10:·2020·2020·2020·2020·2020·2020·2020·2861················(a
00037d20:·7320·6f66·2032·3032·342d·3031·2d31·3429··s·of·2024-01-14)00037d20:·7320·6f66·2032·3032·352d·3032·2d31·3529··s·of·2025-02-15)
00037d30:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············00037d30:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············
00037d40:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div00037d40:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div
00037d50:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co00037d50:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co
00037d60:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><00037d60:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><
00037d70:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc00037d70:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc
00037d80:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec00037d80:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec
00037d90:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_00037d90:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_
659 B
html2text {}
    
Offset 37, 15 lines modifiedOffset 37, 15 lines modified
37 *****·Profile·Information·*****37 *****·Profile·Information·*****
38 Profile·Title·CIS·Ubuntu·20.04·Level·2·Server·Benchmark38 Profile·Title·CIS·Ubuntu·20.04·Level·2·Server·Benchmark
39 Profile·ID····xccdf_org.ssgproject.content_profile_cis_level2_server39 Profile·ID····xccdf_org.ssgproject.content_profile_cis_level2_server
40 ***·CPE·Platforms·***40 ***·CPE·Platforms·***
41 ····*·cpe:/o:canonical:ubuntu_linux:20.04::~~lts~~~41 ····*·cpe:/o:canonical:ubuntu_linux:20.04::~~lts~~~
42 *****·Revision·History·*****42 *****·Revision·History·*****
43 Current·version:·0.1.6543 Current·version:·0.1.65
44 ····*·draft·(as·of·2024-01-14)44 ····*·draft·(as·of·2025-02-15)
45 *****·Table·of·Contents·*****45 *****·Table·of·Contents·*****
46 ···1.·System_Settings46 ···1.·System_Settings
47 ·········1.·Installing_and_Maintaining_Software47 ·········1.·Installing_and_Maintaining_Software
48 ·········2.·Account_and_Access_Control48 ·········2.·Account_and_Access_Control
49 ·········3.·System_Accounting_with_auditd49 ·········3.·System_Accounting_with_auditd
50 ·········4.·GRUB2_bootloader_configuration50 ·········4.·GRUB2_bootloader_configuration
51 ·········5.·Configure_Syslog51 ·········5.·Configure_Syslog
1.91 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu2004-guide-cis_level2_workstation.html
    
Offset 14285, 15 lines modifiedOffset 14285, 15 lines modified
00037cc0:·6973·746f·7279·3c2f·6832·3e3c·703e·4375··istory</h2><p>Cu00037cc0:·6973·746f·7279·3c2f·6832·3e3c·703e·4375··istory</h2><p>Cu
00037cd0:·7272·656e·7420·7665·7273·696f·6e3a·203c··rrent·version:·<00037cd0:·7272·656e·7420·7665·7273·696f·6e3a·203c··rrent·version:·<
00037ce0:·7374·726f·6e67·3e30·2e31·2e36·353c·2f73··strong>0.1.65</s00037ce0:·7374·726f·6e67·3e30·2e31·2e36·353c·2f73··strong>0.1.65</s
00037cf0:·7472·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c··trong></p><ul><l00037cf0:·7472·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c··trong></p><ul><l
00037d00:·693e·3c73·7472·6f6e·673e·6472·6166·743c··i><strong>draft<00037d00:·693e·3c73·7472·6f6e·673e·6472·6166·743c··i><strong>draft<
00037d10:·2f73·7472·6f6e·673e·0a20·2020·2020·2020··/strong>.·······00037d10:·2f73·7472·6f6e·673e·0a20·2020·2020·2020··/strong>.·······
00037d20:·2020·2020·2020·2020·2020·2020·2028·6173···············(as00037d20:·2020·2020·2020·2020·2020·2020·2028·6173···············(as
00037d30:·206f·6620·3230·3234·2d30·312d·3134·290a···of·2024-01-14).00037d30:·206f·6620·3230·3235·2d30·322d·3135·290a···of·2025-02-15).
00037d40:·2020·2020·2020·2020·2020·2020·2020·2020··················00037d40:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037d50:·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469·763e··</li></ul></div>00037d50:·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469·763e··</li></ul></div>
00037d60:·3c68·323e·5461·626c·6520·6f66·2043·6f6e··<h2>Table·of·Con00037d60:·3c68·323e·5461·626c·6520·6f66·2043·6f6e··<h2>Table·of·Con
00037d70:·7465·6e74·733c·2f68·323e·3c6f·6c3e·3c6c··tents</h2><ol><l00037d70:·7465·6e74·733c·2f68·323e·3c6f·6c3e·3c6c··tents</h2><ol><l
00037d80:·693e·3c61·2068·7265·663d·2223·7863·6364··i><a·href="#xccd00037d80:·693e·3c61·2068·7265·663d·2223·7863·6364··i><a·href="#xccd
00037d90:·665f·6f72·672e·7373·6770·726f·6a65·6374··f_org.ssgproject00037d90:·665f·6f72·672e·7373·6770·726f·6a65·6374··f_org.ssgproject
00037da0:·2e63·6f6e·7465·6e74·5f67·726f·7570·5f73··.content_group_s00037da0:·2e63·6f6e·7465·6e74·5f67·726f·7570·5f73··.content_group_s
669 B
html2text {}
    
Offset 37, 15 lines modifiedOffset 37, 15 lines modified
37 *****·Profile·Information·*****37 *****·Profile·Information·*****
38 Profile·Title·CIS·Ubuntu·20.04·Level·2·Workstation·Benchmark38 Profile·Title·CIS·Ubuntu·20.04·Level·2·Workstation·Benchmark
39 Profile·ID····xccdf_org.ssgproject.content_profile_cis_level2_workstation39 Profile·ID····xccdf_org.ssgproject.content_profile_cis_level2_workstation
40 ***·CPE·Platforms·***40 ***·CPE·Platforms·***
41 ····*·cpe:/o:canonical:ubuntu_linux:20.04::~~lts~~~41 ····*·cpe:/o:canonical:ubuntu_linux:20.04::~~lts~~~
42 *****·Revision·History·*****42 *****·Revision·History·*****
43 Current·version:·0.1.6543 Current·version:·0.1.65
44 ····*·draft·(as·of·2024-01-14)44 ····*·draft·(as·of·2025-02-15)
45 *****·Table·of·Contents·*****45 *****·Table·of·Contents·*****
46 ···1.·System_Settings46 ···1.·System_Settings
47 ·········1.·Installing_and_Maintaining_Software47 ·········1.·Installing_and_Maintaining_Software
48 ·········2.·Account_and_Access_Control48 ·········2.·Account_and_Access_Control
49 ·········3.·System_Accounting_with_auditd49 ·········3.·System_Accounting_with_auditd
50 ·········4.·GRUB2_bootloader_configuration50 ·········4.·GRUB2_bootloader_configuration
51 ·········5.·Configure_Syslog51 ·········5.·Configure_Syslog
2.0 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu2004-guide-standard.html
    
Offset 14287, 16 lines modifiedOffset 14287, 16 lines modified
00037ce0:·7669·7369·6f6e·2048·6973·746f·7279·3c2f··vision·History</00037ce0:·7669·7369·6f6e·2048·6973·746f·7279·3c2f··vision·History</
00037cf0:·6832·3e3c·703e·4375·7272·656e·7420·7665··h2><p>Current·ve00037cf0:·6832·3e3c·703e·4375·7272·656e·7420·7665··h2><p>Current·ve
00037d00:·7273·696f·6e3a·203c·7374·726f·6e67·3e30··rsion:·<strong>000037d00:·7273·696f·6e3a·203c·7374·726f·6e67·3e30··rsion:·<strong>0
00037d10:·2e31·2e36·353c·2f73·7472·6f6e·673e·3c2f··.1.65</strong></00037d10:·2e31·2e36·353c·2f73·7472·6f6e·673e·3c2f··.1.65</strong></
00037d20:·703e·3c75·6c3e·3c6c·693e·3c73·7472·6f6e··p><ul><li><stron00037d20:·703e·3c75·6c3e·3c6c·693e·3c73·7472·6f6e··p><ul><li><stron
00037d30:·673e·6472·6166·743c·2f73·7472·6f6e·673e··g>draft</strong>00037d30:·673e·6472·6166·743c·2f73·7472·6f6e·673e··g>draft</strong>
00037d40:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············00037d40:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············
00037d50:·2020·2020·2028·6173·206f·6620·3230·3234·······(as·of·202400037d50:·2020·2020·2028·6173·206f·6620·3230·3235·······(as·of·2025
00037d60:·2d30·312d·3134·290a·2020·2020·2020·2020··-01-14).········00037d60:·2d30·322d·3135·290a·2020·2020·2020·2020··-02-15).········
00037d70:·2020·2020·2020·2020·3c2f·6c69·3e3c·2f75··········</li></u00037d70:·2020·2020·2020·2020·3c2f·6c69·3e3c·2f75··········</li></u
00037d80:·6c3e·3c2f·6469·763e·3c68·323e·5461·626c··l></div><h2>Tabl00037d80:·6c3e·3c2f·6469·763e·3c68·323e·5461·626c··l></div><h2>Tabl
00037d90:·6520·6f66·2043·6f6e·7465·6e74·733c·2f68··e·of·Contents</h00037d90:·6520·6f66·2043·6f6e·7465·6e74·733c·2f68··e·of·Contents</h
00037da0:·323e·3c6f·6c3e·3c6c·693e·3c61·2068·7265··2><ol><li><a·hre00037da0:·323e·3c6f·6c3e·3c6c·693e·3c61·2068·7265··2><ol><li><a·hre
00037db0:·663d·2223·7863·6364·665f·6f72·672e·7373··f="#xccdf_org.ss00037db0:·663d·2223·7863·6364·665f·6f72·672e·7373··f="#xccdf_org.ss
00037dc0:·6770·726f·6a65·6374·2e63·6f6e·7465·6e74··gproject.content00037dc0:·6770·726f·6a65·6374·2e63·6f6e·7465·6e74··gproject.content
00037dd0:·5f67·726f·7570·5f73·7973·7465·6d22·3e53··_group_system">S00037dd0:·5f67·726f·7570·5f73·7973·7465·6d22·3e53··_group_system">S
654 B
html2text {}
    
Offset 38, 15 lines modifiedOffset 38, 15 lines modified
38 *****·Profile·Information·*****38 *****·Profile·Information·*****
39 Profile·Title·Standard·System·Security·Profile·for·Ubuntu·20.0439 Profile·Title·Standard·System·Security·Profile·for·Ubuntu·20.04
40 Profile·ID····xccdf_org.ssgproject.content_profile_standard40 Profile·ID····xccdf_org.ssgproject.content_profile_standard
41 ***·CPE·Platforms·***41 ***·CPE·Platforms·***
42 ····*·cpe:/o:canonical:ubuntu_linux:20.04::~~lts~~~42 ····*·cpe:/o:canonical:ubuntu_linux:20.04::~~lts~~~
43 *****·Revision·History·*****43 *****·Revision·History·*****
44 Current·version:·0.1.6544 Current·version:·0.1.65
45 ····*·draft·(as·of·2024-01-14)45 ····*·draft·(as·of·2025-02-15)
46 *****·Table·of·Contents·*****46 *****·Table·of·Contents·*****
47 ···1.·System_Settings47 ···1.·System_Settings
48 ·········1.·Installing_and_Maintaining_Software48 ·········1.·Installing_and_Maintaining_Software
49 ·········2.·Account_and_Access_Control49 ·········2.·Account_and_Access_Control
50 ·········3.·System_Accounting_with_auditd50 ·········3.·System_Accounting_with_auditd
51 ·········4.·Configure_Syslog51 ·········4.·Configure_Syslog
52 ·········5.·File_Permissions_and_Masks52 ·········5.·File_Permissions_and_Masks
2.0 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu2004-guide-stig.html
    
Offset 14297, 16 lines modifiedOffset 14297, 16 lines modified
00037d80:·7369·6f6e·2048·6973·746f·7279·3c2f·6832··sion·History</h200037d80:·7369·6f6e·2048·6973·746f·7279·3c2f·6832··sion·History</h2
00037d90:·3e3c·703e·4375·7272·656e·7420·7665·7273··><p>Current·vers00037d90:·3e3c·703e·4375·7272·656e·7420·7665·7273··><p>Current·vers
00037da0:·696f·6e3a·203c·7374·726f·6e67·3e30·2e31··ion:·<strong>0.100037da0:·696f·6e3a·203c·7374·726f·6e67·3e30·2e31··ion:·<strong>0.1
00037db0:·2e36·353c·2f73·7472·6f6e·673e·3c2f·703e··.65</strong></p>00037db0:·2e36·353c·2f73·7472·6f6e·673e·3c2f·703e··.65</strong></p>
00037dc0:·3c75·6c3e·3c6c·693e·3c73·7472·6f6e·673e··<ul><li><strong>00037dc0:·3c75·6c3e·3c6c·693e·3c73·7472·6f6e·673e··<ul><li><strong>
00037dd0:·6472·6166·743c·2f73·7472·6f6e·673e·0a20··draft</strong>.·00037dd0:·6472·6166·743c·2f73·7472·6f6e·673e·0a20··draft</strong>.·
00037de0:·2020·2020·2020·2020·2020·2020·2020·2020··················00037de0:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037df0:·2020·2028·6173·206f·6620·3230·3234·2d30·····(as·of·2024-000037df0:·2020·2028·6173·206f·6620·3230·3235·2d30·····(as·of·2025-0
00037e00:·312d·3134·290a·2020·2020·2020·2020·2020··1-14).··········00037e00:·322d·3135·290a·2020·2020·2020·2020·2020··2-15).··········
00037e10:·2020·2020·2020·3c2f·6c69·3e3c·2f75·6c3e········</li></ul>00037e10:·2020·2020·2020·3c2f·6c69·3e3c·2f75·6c3e········</li></ul>
00037e20:·3c2f·6469·763e·3c68·323e·5461·626c·6520··</div><h2>Table·00037e20:·3c2f·6469·763e·3c68·323e·5461·626c·6520··</div><h2>Table·
00037e30:·6f66·2043·6f6e·7465·6e74·733c·2f68·323e··of·Contents</h2>00037e30:·6f66·2043·6f6e·7465·6e74·733c·2f68·323e··of·Contents</h2>
00037e40:·3c6f·6c3e·3c6c·693e·3c61·2068·7265·663d··<ol><li><a·href=00037e40:·3c6f·6c3e·3c6c·693e·3c61·2068·7265·663d··<ol><li><a·href=
00037e50:·2223·7863·6364·665f·6f72·672e·7373·6770··"#xccdf_org.ssgp00037e50:·2223·7863·6364·665f·6f72·672e·7373·6770··"#xccdf_org.ssgp
00037e60:·726f·6a65·6374·2e63·6f6e·7465·6e74·5f67··roject.content_g00037e60:·726f·6a65·6374·2e63·6f6e·7465·6e74·5f67··roject.content_g
00037e70:·726f·7570·5f73·7973·7465·6d22·3e53·7973··roup_system">Sys00037e70:·726f·7570·5f73·7973·7465·6d22·3e53·7973··roup_system">Sys
657 B
html2text {}
    
Offset 41, 15 lines modifiedOffset 41, 15 lines modified
41 Profile·Title·Canonical·Ubuntu·20.04·LTS·Security·Technical·Implementation41 Profile·Title·Canonical·Ubuntu·20.04·LTS·Security·Technical·Implementation
42 ··············Guide·(STIG)·V1R142 ··············Guide·(STIG)·V1R1
43 Profile·ID····xccdf_org.ssgproject.content_profile_stig43 Profile·ID····xccdf_org.ssgproject.content_profile_stig
44 ***·CPE·Platforms·***44 ***·CPE·Platforms·***
45 ····*·cpe:/o:canonical:ubuntu_linux:20.04::~~lts~~~45 ····*·cpe:/o:canonical:ubuntu_linux:20.04::~~lts~~~
46 *****·Revision·History·*****46 *****·Revision·History·*****
47 Current·version:·0.1.6547 Current·version:·0.1.65
48 ····*·draft·(as·of·2024-01-14)48 ····*·draft·(as·of·2025-02-15)
49 *****·Table·of·Contents·*****49 *****·Table·of·Contents·*****
50 ···1.·System_Settings50 ···1.·System_Settings
51 ·········1.·Installing_and_Maintaining_Software51 ·········1.·Installing_and_Maintaining_Software
52 ·········2.·Account_and_Access_Control52 ·········2.·Account_and_Access_Control
53 ·········3.·System_Accounting_with_auditd53 ·········3.·System_Accounting_with_auditd
54 ·········4.·AppArmor54 ·········4.·AppArmor
55 ·········5.·GRUB2_bootloader_configuration55 ·········5.·GRUB2_bootloader_configuration
1.9 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu2204-guide-cis_level1_server.html
    
Offset 14284, 15 lines modifiedOffset 14284, 15 lines modified
00037cb0:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C00037cb0:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C
00037cc0:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·00037cc0:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·
00037cd0:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</00037cd0:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</
00037ce0:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><00037ce0:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><
00037cf0:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft00037cf0:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft
00037d00:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······00037d00:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······
00037d10:·2020·2020·2020·2020·2020·2020·2020·2861················(a00037d10:·2020·2020·2020·2020·2020·2020·2020·2861················(a
00037d20:·7320·6f66·2032·3032·342d·3031·2d31·3429··s·of·2024-01-14)00037d20:·7320·6f66·2032·3032·352d·3032·2d31·3529··s·of·2025-02-15)
00037d30:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············00037d30:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············
00037d40:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div00037d40:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div
00037d50:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co00037d50:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co
00037d60:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><00037d60:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><
00037d70:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc00037d70:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc
00037d80:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec00037d80:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec
00037d90:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_00037d90:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_
665 B
html2text {}
    
Offset 37, 15 lines modifiedOffset 37, 15 lines modified
37 *****·Profile·Information·*****37 *****·Profile·Information·*****
38 Profile·Title·CIS·Ubuntu·22.04·Level·1·Server·Benchmark38 Profile·Title·CIS·Ubuntu·22.04·Level·1·Server·Benchmark
39 Profile·ID····xccdf_org.ssgproject.content_profile_cis_level1_server39 Profile·ID····xccdf_org.ssgproject.content_profile_cis_level1_server
40 ***·CPE·Platforms·***40 ***·CPE·Platforms·***
41 ····*·cpe:/o:canonical:ubuntu_linux:22.04::~~lts~~~41 ····*·cpe:/o:canonical:ubuntu_linux:22.04::~~lts~~~
42 *****·Revision·History·*****42 *****·Revision·History·*****
43 Current·version:·0.1.6543 Current·version:·0.1.65
44 ····*·draft·(as·of·2024-01-14)44 ····*·draft·(as·of·2025-02-15)
45 *****·Table·of·Contents·*****45 *****·Table·of·Contents·*****
46 ···1.·System_Settings46 ···1.·System_Settings
47 ·········1.·Installing_and_Maintaining_Software47 ·········1.·Installing_and_Maintaining_Software
48 ·········2.·Account_and_Access_Control48 ·········2.·Account_and_Access_Control
49 ·········3.·GRUB2_bootloader_configuration49 ·········3.·GRUB2_bootloader_configuration
50 ·········4.·Configure_Syslog50 ·········4.·Configure_Syslog
51 ·········5.·Network_Configuration_and_Firewalls51 ·········5.·Network_Configuration_and_Firewalls
1.92 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu2204-guide-cis_level1_workstation.html
    
Offset 14285, 15 lines modifiedOffset 14285, 15 lines modified
00037cc0:·6973·746f·7279·3c2f·6832·3e3c·703e·4375··istory</h2><p>Cu00037cc0:·6973·746f·7279·3c2f·6832·3e3c·703e·4375··istory</h2><p>Cu
00037cd0:·7272·656e·7420·7665·7273·696f·6e3a·203c··rrent·version:·<00037cd0:·7272·656e·7420·7665·7273·696f·6e3a·203c··rrent·version:·<
00037ce0:·7374·726f·6e67·3e30·2e31·2e36·353c·2f73··strong>0.1.65</s00037ce0:·7374·726f·6e67·3e30·2e31·2e36·353c·2f73··strong>0.1.65</s
00037cf0:·7472·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c··trong></p><ul><l00037cf0:·7472·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c··trong></p><ul><l
00037d00:·693e·3c73·7472·6f6e·673e·6472·6166·743c··i><strong>draft<00037d00:·693e·3c73·7472·6f6e·673e·6472·6166·743c··i><strong>draft<
00037d10:·2f73·7472·6f6e·673e·0a20·2020·2020·2020··/strong>.·······00037d10:·2f73·7472·6f6e·673e·0a20·2020·2020·2020··/strong>.·······
00037d20:·2020·2020·2020·2020·2020·2020·2028·6173···············(as00037d20:·2020·2020·2020·2020·2020·2020·2028·6173···············(as
00037d30:·206f·6620·3230·3234·2d30·312d·3134·290a···of·2024-01-14).00037d30:·206f·6620·3230·3235·2d30·322d·3135·290a···of·2025-02-15).
00037d40:·2020·2020·2020·2020·2020·2020·2020·2020··················00037d40:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037d50:·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469·763e··</li></ul></div>00037d50:·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469·763e··</li></ul></div>
00037d60:·3c68·323e·5461·626c·6520·6f66·2043·6f6e··<h2>Table·of·Con00037d60:·3c68·323e·5461·626c·6520·6f66·2043·6f6e··<h2>Table·of·Con
00037d70:·7465·6e74·733c·2f68·323e·3c6f·6c3e·3c6c··tents</h2><ol><l00037d70:·7465·6e74·733c·2f68·323e·3c6f·6c3e·3c6c··tents</h2><ol><l
00037d80:·693e·3c61·2068·7265·663d·2223·7863·6364··i><a·href="#xccd00037d80:·693e·3c61·2068·7265·663d·2223·7863·6364··i><a·href="#xccd
00037d90:·665f·6f72·672e·7373·6770·726f·6a65·6374··f_org.ssgproject00037d90:·665f·6f72·672e·7373·6770·726f·6a65·6374··f_org.ssgproject
00037da0:·2e63·6f6e·7465·6e74·5f67·726f·7570·5f73··.content_group_s00037da0:·2e63·6f6e·7465·6e74·5f67·726f·7570·5f73··.content_group_s
675 B
html2text {}
    
Offset 37, 15 lines modifiedOffset 37, 15 lines modified
37 *****·Profile·Information·*****37 *****·Profile·Information·*****
38 Profile·Title·CIS·Ubuntu·22.04·Level·1·Workstation·Benchmark38 Profile·Title·CIS·Ubuntu·22.04·Level·1·Workstation·Benchmark
39 Profile·ID····xccdf_org.ssgproject.content_profile_cis_level1_workstation39 Profile·ID····xccdf_org.ssgproject.content_profile_cis_level1_workstation
40 ***·CPE·Platforms·***40 ***·CPE·Platforms·***
41 ····*·cpe:/o:canonical:ubuntu_linux:22.04::~~lts~~~41 ····*·cpe:/o:canonical:ubuntu_linux:22.04::~~lts~~~
42 *****·Revision·History·*****42 *****·Revision·History·*****
43 Current·version:·0.1.6543 Current·version:·0.1.65
44 ····*·draft·(as·of·2024-01-14)44 ····*·draft·(as·of·2025-02-15)
45 *****·Table·of·Contents·*****45 *****·Table·of·Contents·*****
46 ···1.·System_Settings46 ···1.·System_Settings
47 ·········1.·Installing_and_Maintaining_Software47 ·········1.·Installing_and_Maintaining_Software
48 ·········2.·Account_and_Access_Control48 ·········2.·Account_and_Access_Control
49 ·········3.·GRUB2_bootloader_configuration49 ·········3.·GRUB2_bootloader_configuration
50 ·········4.·Configure_Syslog50 ·········4.·Configure_Syslog
51 ·········5.·Network_Configuration_and_Firewalls51 ·········5.·Network_Configuration_and_Firewalls
701 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu2204-guide-cis_level2_server.html
    
Offset 14284, 15 lines modifiedOffset 14284, 15 lines modified
00037cb0:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C00037cb0:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C
00037cc0:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·00037cc0:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·
00037cd0:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</00037cd0:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</
00037ce0:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><00037ce0:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><
00037cf0:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft00037cf0:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft
00037d00:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······00037d00:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······
00037d10:·2020·2020·2020·2020·2020·2020·2020·2861················(a00037d10:·2020·2020·2020·2020·2020·2020·2020·2861················(a
00037d20:·7320·6f66·2032·3032·342d·3031·2d31·3429··s·of·2024-01-14)00037d20:·7320·6f66·2032·3032·352d·3032·2d31·3529··s·of·2025-02-15)
00037d30:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············00037d30:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············
00037d40:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div00037d40:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div
00037d50:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co00037d50:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co
00037d60:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><00037d60:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><
00037d70:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc00037d70:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc
00037d80:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec00037d80:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec
00037d90:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_00037d90:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_
Offset 40731, 23 lines modifiedOffset 40731, 23 lines modified
0009f1a0:·7265·640a·2020·2d20·7265·7374·7269·6374··red.··-·restrict0009f1a0:·7265·640a·2020·2d20·7265·7374·7269·6374··red.··-·restrict
0009f1b0:·5f73·7472·6174·6567·790a·0a2d·206e·616d··_strategy..-·nam0009f1b0:·5f73·7472·6174·6567·790a·0a2d·206e·616d··_strategy..-·nam
0009f1c0:·653a·2053·6574·2061·7263·6869·7465·6374··e:·Set·architect0009f1c0:·653a·2053·6574·2061·7263·6869·7465·6374··e:·Set·architect
0009f1d0:·7572·6520·666f·7220·6175·6469·7420·6368··ure·for·audit·ch0009f1d0:·7572·6520·666f·7220·6175·6469·7420·6368··ure·for·audit·ch
0009f1e0:·6d6f·6420·7461·736b·730a·2020·7365·745f··mod·tasks.··set_0009f1e0:·6d6f·6420·7461·736b·730a·2020·7365·745f··mod·tasks.··set_
0009f1f0:·6661·6374·3a0a·2020·2020·6175·6469·745f··fact:.····audit_0009f1f0:·6661·6374·3a0a·2020·2020·6175·6469·745f··fact:.····audit_
0009f200:·6172·6368·3a20·6236·340a·2020·7768·656e··arch:·b64.··when0009f200:·6172·6368·3a20·6236·340a·2020·7768·656e··arch:·b64.··when
0009f210:·3a0a·2020·2d20·616e·7369·626c·655f·7669··:.··-·ansible_vi 
0009f220:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ 
0009f230:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke 
0009f240:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open 
0009f250:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·" 
0009f260:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-· 
0009f270:·2722·6175·6469·7464·2220·696e·2061·6e73··'"auditd"·in·ans 
0009f280:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0009f210:·3a0a·2020·2d20·2722·6175·6469·7464·2220··:.··-·'"auditd"·
 0009f220:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 0009f230:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a
 0009f240:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
 0009f250:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
 0009f260:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
 0009f270:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
 0009f280:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
0009f290:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible0009f290:·6572·225d·0a20·202d·2061·6e73·6962·6c65··er"].··-·ansible
0009f2a0:·5f61·7263·6869·7465·6374·7572·6520·3d3d··_architecture·==0009f2a0:·5f61·7263·6869·7465·6374·7572·6520·3d3d··_architecture·==
0009f2b0:·2022·6161·7263·6836·3422·206f·7220·616e···"aarch64"·or·an0009f2b0:·2022·6161·7263·6836·3422·206f·7220·616e···"aarch64"·or·an
0009f2c0:·7369·626c·655f·6172·6368·6974·6563·7475··sible_architectu0009f2c0:·7369·626c·655f·6172·6368·6974·6563·7475··sible_architectu
0009f2d0:·7265·203d·3d20·2270·7063·3634·2220·6f72··re·==·"ppc64"·or0009f2d0:·7265·203d·3d20·2270·7063·3634·2220·6f72··re·==·"ppc64"·or
0009f2e0:·2061·6e73·6962·6c65·5f61·7263·6869·7465···ansible_archite0009f2e0:·2061·6e73·6962·6c65·5f61·7263·6869·7465···ansible_archite
0009f2f0:·6374·7572·650a·2020·2020·3d3d·2022·7070··cture.····==·"pp0009f2f0:·6374·7572·650a·2020·2020·3d3d·2022·7070··cture.····==·"pp
0009f300:·6336·346c·6522·206f·7220·616e·7369·626c··c64le"·or·ansibl0009f300:·6336·346c·6522·206f·7220·616e·7369·626c··c64le"·or·ansibl
Offset 41052, 23 lines modifiedOffset 41052, 23 lines modified
000a05b0:·2d46·206b·6579·3d70·6572·6d5f·6d6f·640a··-F·key=perm_mod.000a05b0:·2d46·206b·6579·3d70·6572·6d5f·6d6f·640a··-F·key=perm_mod.
000a05c0:·2020·2020·2020·6372·6561·7465·3a20·7472········create:·tr000a05c0:·2020·2020·2020·6372·6561·7465·3a20·7472········create:·tr
000a05d0:·7565·0a20·2020·2020·206d·6f64·653a·206f··ue.······mode:·o000a05d0:·7565·0a20·2020·2020·206d·6f64·653a·206f··ue.······mode:·o
000a05e0:·2d72·7778·0a20·2020·2020·2073·7461·7465··-rwx.······state000a05e0:·2d72·7778·0a20·2020·2020·2073·7461·7465··-rwx.······state
000a05f0:·3a20·7072·6573·656e·740a·2020·2020·7768··:·present.····wh000a05f0:·3a20·7072·6573·656e·740a·2020·2020·7768··:·present.····wh
000a0600:·656e·3a20·7379·7363·616c·6c73·5f66·6f75··en:·syscalls_fou000a0600:·656e·3a20·7379·7363·616c·6c73·5f66·6f75··en:·syscalls_fou
000a0610:·6e64·207c·206c·656e·6774·6820·3d3d·2030··nd·|·length·==·0000a0610:·6e64·207c·206c·656e·6774·6820·3d3d·2030··nd·|·length·==·0
000a0620:·0a20·2077·6865·6e3a·0a20·202d·2061·6e73··.··when:.··-·ans000a0620:·0a20·2077·6865·6e3a·0a20·202d·2027·2261··.··when:.··-·'"a
000a0630:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat 
000a0640:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in· 
000a0650:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc" 
000a0660:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod 
000a0670:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container 
000a0680:·225d·0a20·202d·2027·2261·7564·6974·6422··"].··-·'"auditd" 
000a0690:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
000a06a0:·732e·7061·636b·6167·6573·270a·2020·7461··s.packages'.··ta000a0630:·7564·6974·6422·2069·6e20·616e·7369·626c··uditd"·in·ansibl
 000a0640:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
 000a0650:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
 000a0660:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
 000a0670:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
 000a0680:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
 000a0690:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
 000a06a0:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta
000a06b0:·6773·3a0a·2020·2d20·434a·4953·2d35·2e34··gs:.··-·CJIS-5.4000a06b0:·6773·3a0a·2020·2d20·434a·4953·2d35·2e34··gs:.··-·CJIS-5.4
000a06c0:·2e31·2e31·0a20·202d·204e·4953·542d·3830··.1.1.··-·NIST-80000a06c0:·2e31·2e31·0a20·202d·204e·4953·542d·3830··.1.1.··-·NIST-80
000a06d0:·302d·3137·312d·332e·312e·370a·2020·2d20··0-171-3.1.7.··-·000a06d0:·302d·3137·312d·332e·312e·370a·2020·2d20··0-171-3.1.7.··-·
000a06e0:·4e49·5354·2d38·3030·2d35·332d·4155·2d31··NIST-800-53-AU-1000a06e0:·4e49·5354·2d38·3030·2d35·332d·4155·2d31··NIST-800-53-AU-1
000a06f0:·3228·6329·0a20·202d·204e·4953·542d·3830··2(c).··-·NIST-80000a06f0:·3228·6329·0a20·202d·204e·4953·542d·3830··2(c).··-·NIST-80
000a0700:·302d·3533·2d41·552d·3228·6429·0a20·202d··0-53-AU-2(d).··-000a0700:·302d·3533·2d41·552d·3228·6429·0a20·202d··0-53-AU-2(d).··-
000a0710:·204e·4953·542d·3830·302d·3533·2d43·4d2d···NIST-800-53-CM-000a0710:·204e·4953·542d·3830·302d·3533·2d43·4d2d···NIST-800-53-CM-
Offset 41362, 23 lines modifiedOffset 41362, 23 lines modified
000a1910:·206b·6579·3d70·6572·6d5f·6d6f·640a·2020···key=perm_mod.··000a1910:·206b·6579·3d70·6572·6d5f·6d6f·640a·2020···key=perm_mod.··
000a1920:·2020·2020·6372·6561·7465·3a20·7472·7565······create:·true000a1920:·2020·2020·6372·6561·7465·3a20·7472·7565······create:·true
000a1930:·0a20·2020·2020·206d·6f64·653a·206f·2d72··.······mode:·o-r000a1930:·0a20·2020·2020·206d·6f64·653a·206f·2d72··.······mode:·o-r
000a1940:·7778·0a20·2020·2020·2073·7461·7465·3a20··wx.······state:·000a1940:·7778·0a20·2020·2020·2073·7461·7465·3a20··wx.······state:·
000a1950:·7072·6573·656e·740a·2020·2020·7768·656e··present.····when000a1950:·7072·6573·656e·740a·2020·2020·7768·656e··present.····when
000a1960:·3a20·7379·7363·616c·6c73·5f66·6f75·6e64··:·syscalls_found000a1960:·3a20·7379·7363·616c·6c73·5f66·6f75·6e64··:·syscalls_found
000a1970:·207c·206c·656e·6774·6820·3d3d·2030·0a20···|·length·==·0.·000a1970:·207c·206c·656e·6774·6820·3d3d·2030·0a20···|·length·==·0.·
000a1980:·2077·6865·6e3a·0a20·202d·2061·6e73·6962···when:.··-·ansib000a1980:·2077·6865·6e3a·0a20·202d·2027·2261·7564···when:.··-·'"aud
000a1990:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio 
000a19a0:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·[" 
000a19b0:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",· 
000a19c0:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma 
000a19d0:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"] 
000a19e0:·0a20·202d·2027·2261·7564·6974·6422·2069··.··-·'"auditd"·i 
000a19f0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
000a1a00:·7061·636b·6167·6573·270a·2020·2d20·6175··packages'.··-·au000a1990:·6974·6422·2069·6e20·616e·7369·626c·655f··itd"·in·ansible_
 000a19a0:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.
 000a19b0:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt
 000a19c0:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type·
 000a19d0:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker"
 000a19e0:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz
 000a19f0:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co
 000a1a00:·6e74·6169·6e65·7222·5d0a·2020·2d20·6175··ntainer"].··-·au
000a1a10:·6469·745f·6172·6368·203d·3d20·2262·3634··dit_arch·==·"b64000a1a10:·6469·745f·6172·6368·203d·3d20·2262·3634··dit_arch·==·"b64
000a1a20:·220a·2020·7461·6773·3a0a·2020·2d20·434a··".··tags:.··-·CJ000a1a20:·220a·2020·7461·6773·3a0a·2020·2d20·434a··".··tags:.··-·CJ
000a1a30:·4953·2d35·2e34·2e31·2e31·0a20·202d·204e··IS-5.4.1.1.··-·N000a1a30:·4953·2d35·2e34·2e31·2e31·0a20·202d·204e··IS-5.4.1.1.··-·N
000a1a40:·4953·542d·3830·302d·3137·312d·332e·312e··IST-800-171-3.1.000a1a40:·4953·542d·3830·302d·3137·312d·332e·312e··IST-800-171-3.1.
000a1a50:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5000a1a50:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5
000a1a60:·332d·4155·2d31·3228·6329·0a20·202d·204e··3-AU-12(c).··-·N000a1a60:·332d·4155·2d31·3228·6329·0a20·202d·204e··3-AU-12(c).··-·N
000a1a70:·4953·542d·3830·302d·3533·2d41·552d·3228··IST-800-53-AU-2(000a1a70:·4953·542d·3830·302d·3533·2d41·552d·3228··IST-800-53-AU-2(
Offset 41410, 26 lines modifiedOffset 41410, 26 lines modified
000a1c10:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="000a1c10:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="
000a1c20:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c000a1c20:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c
000a1c30:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm000a1c30:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm
000a1c40:·3132·3231·3422·3e3c·7072·653e·3c63·6f64··12214"><pre><cod000a1c40:·3132·3231·3422·3e3c·7072·653e·3c63·6f64··12214"><pre><cod
000a1c50:·653e·2320·5265·6d65·6469·6174·696f·6e20··e>#·Remediation·000a1c50:·653e·2320·5265·6d65·6469·6174·696f·6e20··e>#·Remediation·
000a1c60:·6973·2061·7070·6c69·6361·626c·6520·6f6e··is·applicable·on000a1c60:·6973·2061·7070·6c69·6361·626c·6520·6f6e··is·applicable·on
000a1c70:·6c79·2069·6e20·6365·7274·6169·6e20·706c··ly·in·certain·pl000a1c70:·6c79·2069·6e20·6365·7274·6169·6e20·706c··ly·in·certain·pl
000a1c80:·6174·666f·726d·730a·6966·205b·2021·202d··atforms.if·[·!·-000a1c80:·6174·666f·726d·730a·6966·2064·706b·672d··atforms.if·dpkg-
000a1c90:·6620·2f2e·646f·636b·6572·656e·7620·5d20··f·/.dockerenv·]·000a1c90:·7175·6572·7920·2d2d·7368·6f77·202d·2d73··query·--show·--s
 000a1ca0:·686f·7766·6f72·6d61·743d·2724·7b64·623a··howformat='${db:
 000a1cb0:·5374·6174·7573·2d53·7461·7475·737d·5c6e··Status-Status}\n
 000a1cc0:·2720·2761·7564·6974·6427·2032·2667·743b··'·'auditd'·2&gt;
 000a1cd0:·2f64·6576·2f6e·756c·6c20·7c20·6772·6570··/dev/null·|·grep
 000a1ce0:·202d·7120·696e·7374·616c·6c65·6420·2661···-q·installed·&a
000a1ca0:·2661·6d70·3b26·616d·703b·205b·2021·202d··&amp;&amp;·[·!·-000a1cf0:·6d70·3b26·616d·703b·205b·2021·202d·6620··mp;&amp;·[·!·-f·
 000a1d00:·2f2e·646f·636b·6572·656e·7620·5d20·2661··/.dockerenv·]·&a
 000a1d10:·6d70·3b26·616d·703b·205b·2021·202d·6620··mp;&amp;·[·!·-f·
000a1cb0:·6620·2f72·756e·2f2e·636f·6e74·6169·6e65··f·/run/.containe000a1d20:·2f72·756e·2f2e·636f·6e74·6169·6e65·7265··/run/.containere
Max diff block lines reached; 540184/550250 bytes (98.17%) of diff not shown.
163 KB
html2text {}
    
Offset 37, 15 lines modifiedOffset 37, 15 lines modified
37 *****·Profile·Information·*****37 *****·Profile·Information·*****
38 Profile·Title·CIS·Ubuntu·22.04·Level·2·Server·Benchmark38 Profile·Title·CIS·Ubuntu·22.04·Level·2·Server·Benchmark
39 Profile·ID····xccdf_org.ssgproject.content_profile_cis_level2_server39 Profile·ID····xccdf_org.ssgproject.content_profile_cis_level2_server
40 ***·CPE·Platforms·***40 ***·CPE·Platforms·***
41 ····*·cpe:/o:canonical:ubuntu_linux:22.04::~~lts~~~41 ····*·cpe:/o:canonical:ubuntu_linux:22.04::~~lts~~~
42 *****·Revision·History·*****42 *****·Revision·History·*****
43 Current·version:·0.1.6543 Current·version:·0.1.65
44 ····*·draft·(as·of·2024-01-14)44 ····*·draft·(as·of·2025-02-15)
45 *****·Table·of·Contents·*****45 *****·Table·of·Contents·*****
46 ···1.·System_Settings46 ···1.·System_Settings
47 ·········1.·Installing_and_Maintaining_Software47 ·········1.·Installing_and_Maintaining_Software
48 ·········2.·Account_and_Access_Control48 ·········2.·Account_and_Access_Control
49 ·········3.·System_Accounting_with_auditd49 ·········3.·System_Accounting_with_auditd
50 ·········4.·GRUB2_bootloader_configuration50 ·········4.·GRUB2_bootloader_configuration
51 ·········5.·Configure_Syslog51 ·········5.·Configure_Syslog
Offset 3343, 16 lines modifiedOffset 3343, 16 lines modified
3343 ··-·reboot_required3343 ··-·reboot_required
3344 ··-·restrict_strategy3344 ··-·restrict_strategy
  
3345 -·name:·Set·architecture·for·audit·chmod·tasks3345 -·name:·Set·architecture·for·audit·chmod·tasks
3346 ··set_fact:3346 ··set_fact:
3347 ····audit_arch:·b643347 ····audit_arch:·b64
3348 ··when:3348 ··when:
3349 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3350 ··-·'"auditd"·in·ansible_facts.packages'3349 ··-·'"auditd"·in·ansible_facts.packages'
 3350 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3351 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture3351 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
3352 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"3352 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
3353 ··tags:3353 ··tags:
3354 ··-·CJIS-5.4.1.13354 ··-·CJIS-5.4.1.1
3355 ··-·NIST-800-171-3.1.73355 ··-·NIST-800-171-3.1.7
3356 ··-·NIST-800-53-AU-12(c)3356 ··-·NIST-800-53-AU-12(c)
3357 ··-·NIST-800-53-AU-2(d)3357 ··-·NIST-800-53-AU-2(d)
Offset 3488, 16 lines modifiedOffset 3488, 16 lines modified
3488 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10003488 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
3489 ········-F·auid!=unset·-F·key=perm_mod3489 ········-F·auid!=unset·-F·key=perm_mod
3490 ······create:·true3490 ······create:·true
3491 ······mode:·o-rwx3491 ······mode:·o-rwx
3492 ······state:·present3492 ······state:·present
3493 ····when:·syscalls_found·|·length·==·03493 ····when:·syscalls_found·|·length·==·0
3494 ··when:3494 ··when:
3495 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3496 ··-·'"auditd"·in·ansible_facts.packages'3495 ··-·'"auditd"·in·ansible_facts.packages'
 3496 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3497 ··tags:3497 ··tags:
3498 ··-·CJIS-5.4.1.13498 ··-·CJIS-5.4.1.1
3499 ··-·NIST-800-171-3.1.73499 ··-·NIST-800-171-3.1.7
3500 ··-·NIST-800-53-AU-12(c)3500 ··-·NIST-800-53-AU-12(c)
3501 ··-·NIST-800-53-AU-2(d)3501 ··-·NIST-800-53-AU-2(d)
3502 ··-·NIST-800-53-CM-6(a)3502 ··-·NIST-800-53-CM-6(a)
3503 ··-·PCI-DSS-Req-10.5.53503 ··-·PCI-DSS-Req-10.5.5
Offset 3631, 16 lines modifiedOffset 3631, 16 lines modified
3631 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10003631 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
3632 ········-F·auid!=unset·-F·key=perm_mod3632 ········-F·auid!=unset·-F·key=perm_mod
3633 ······create:·true3633 ······create:·true
3634 ······mode:·o-rwx3634 ······mode:·o-rwx
3635 ······state:·present3635 ······state:·present
3636 ····when:·syscalls_found·|·length·==·03636 ····when:·syscalls_found·|·length·==·0
3637 ··when:3637 ··when:
3638 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3639 ··-·'"auditd"·in·ansible_facts.packages'3638 ··-·'"auditd"·in·ansible_facts.packages'
 3639 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3640 ··-·audit_arch·==·"b64"3640 ··-·audit_arch·==·"b64"
3641 ··tags:3641 ··tags:
3642 ··-·CJIS-5.4.1.13642 ··-·CJIS-5.4.1.1
3643 ··-·NIST-800-171-3.1.73643 ··-·NIST-800-171-3.1.7
3644 ··-·NIST-800-53-AU-12(c)3644 ··-·NIST-800-53-AU-12(c)
3645 ··-·NIST-800-53-AU-2(d)3645 ··-·NIST-800-53-AU-2(d)
3646 ··-·NIST-800-53-CM-6(a)3646 ··-·NIST-800-53-CM-6(a)
Offset 3649, 16 lines modifiedOffset 3649, 16 lines modified
3649 ··-·low_complexity3649 ··-·low_complexity
3650 ··-·low_disruption3650 ··-·low_disruption
3651 ··-·medium_severity3651 ··-·medium_severity
3652 ··-·reboot_required3652 ··-·reboot_required
3653 ··-·restrict_strategy3653 ··-·restrict_strategy
3654 Remediation_Shell_script_⇲3654 Remediation_Shell_script_⇲
3655 #·Remediation·is·applicable·only·in·certain·platforms3655 #·Remediation·is·applicable·only·in·certain·platforms
3656 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·dpkg-query·--show·--showformat='${db:Status- 
3657 Status}\n'·'auditd'·2>/dev/null·|·grep·-q·installed;·then3656 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'auditd'·2>/dev/null·|·grep·-q·installed·&&·[·!·-
 3657 f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
3658 #·First·perform·the·remediation·of·the·syscall·rule3658 #·First·perform·the·remediation·of·the·syscall·rule
3659 #·Retrieve·hardware·architecture·of·the·underlying·system3659 #·Retrieve·hardware·architecture·of·the·underlying·system
3660 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")3660 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
3661 for·ARCH·in·"${RULE_ARCHS[@]}"3661 for·ARCH·in·"${RULE_ARCHS[@]}"
3662 do3662 do
Offset 4049, 16 lines modifiedOffset 4049, 16 lines modified
4049 ··-·reboot_required4049 ··-·reboot_required
4050 ··-·restrict_strategy4050 ··-·restrict_strategy
  
4051 -·name:·Set·architecture·for·audit·chown·tasks4051 -·name:·Set·architecture·for·audit·chown·tasks
4052 ··set_fact:4052 ··set_fact:
4053 ····audit_arch:·b644053 ····audit_arch:·b64
4054 ··when:4054 ··when:
4055 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4056 ··-·'"auditd"·in·ansible_facts.packages'4055 ··-·'"auditd"·in·ansible_facts.packages'
 4056 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4057 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture4057 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
4058 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"4058 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
4059 ··tags:4059 ··tags:
4060 ··-·CJIS-5.4.1.14060 ··-·CJIS-5.4.1.1
4061 ··-·NIST-800-171-3.1.74061 ··-·NIST-800-171-3.1.7
4062 ··-·NIST-800-53-AU-12(c)4062 ··-·NIST-800-53-AU-12(c)
4063 ··-·NIST-800-53-AU-2(d)4063 ··-·NIST-800-53-AU-2(d)
Offset 4196, 16 lines modifiedOffset 4196, 16 lines modified
4196 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10004196 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
4197 ········-F·auid!=unset·-F·key=perm_mod4197 ········-F·auid!=unset·-F·key=perm_mod
4198 ······create:·true4198 ······create:·true
4199 ······mode:·o-rwx4199 ······mode:·o-rwx
4200 ······state:·present4200 ······state:·present
4201 ····when:·syscalls_found·|·length·==·04201 ····when:·syscalls_found·|·length·==·0
4202 ··when:4202 ··when:
4203 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4204 ··-·'"auditd"·in·ansible_facts.packages'4203 ··-·'"auditd"·in·ansible_facts.packages'
 4204 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4205 ··tags:4205 ··tags:
4206 ··-·CJIS-5.4.1.14206 ··-·CJIS-5.4.1.1
4207 ··-·NIST-800-171-3.1.74207 ··-·NIST-800-171-3.1.7
4208 ··-·NIST-800-53-AU-12(c)4208 ··-·NIST-800-53-AU-12(c)
4209 ··-·NIST-800-53-AU-2(d)4209 ··-·NIST-800-53-AU-2(d)
4210 ··-·NIST-800-53-CM-6(a)4210 ··-·NIST-800-53-CM-6(a)
4211 ··-·PCI-DSS-Req-10.5.54211 ··-·PCI-DSS-Req-10.5.5
Offset 4341, 16 lines modifiedOffset 4341, 16 lines modified
4341 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10004341 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
4342 ········-F·auid!=unset·-F·key=perm_mod4342 ········-F·auid!=unset·-F·key=perm_mod
4343 ······create:·true4343 ······create:·true
Max diff block lines reached; 162554/167398 bytes (97.11%) of diff not shown.
701 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu2204-guide-cis_level2_workstation.html
    
Offset 14285, 15 lines modifiedOffset 14285, 15 lines modified
00037cc0:·6973·746f·7279·3c2f·6832·3e3c·703e·4375··istory</h2><p>Cu00037cc0:·6973·746f·7279·3c2f·6832·3e3c·703e·4375··istory</h2><p>Cu
00037cd0:·7272·656e·7420·7665·7273·696f·6e3a·203c··rrent·version:·<00037cd0:·7272·656e·7420·7665·7273·696f·6e3a·203c··rrent·version:·<
00037ce0:·7374·726f·6e67·3e30·2e31·2e36·353c·2f73··strong>0.1.65</s00037ce0:·7374·726f·6e67·3e30·2e31·2e36·353c·2f73··strong>0.1.65</s
00037cf0:·7472·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c··trong></p><ul><l00037cf0:·7472·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c··trong></p><ul><l
00037d00:·693e·3c73·7472·6f6e·673e·6472·6166·743c··i><strong>draft<00037d00:·693e·3c73·7472·6f6e·673e·6472·6166·743c··i><strong>draft<
00037d10:·2f73·7472·6f6e·673e·0a20·2020·2020·2020··/strong>.·······00037d10:·2f73·7472·6f6e·673e·0a20·2020·2020·2020··/strong>.·······
00037d20:·2020·2020·2020·2020·2020·2020·2028·6173···············(as00037d20:·2020·2020·2020·2020·2020·2020·2028·6173···············(as
00037d30:·206f·6620·3230·3234·2d30·312d·3134·290a···of·2024-01-14).00037d30:·206f·6620·3230·3235·2d30·322d·3135·290a···of·2025-02-15).
00037d40:·2020·2020·2020·2020·2020·2020·2020·2020··················00037d40:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037d50:·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469·763e··</li></ul></div>00037d50:·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469·763e··</li></ul></div>
00037d60:·3c68·323e·5461·626c·6520·6f66·2043·6f6e··<h2>Table·of·Con00037d60:·3c68·323e·5461·626c·6520·6f66·2043·6f6e··<h2>Table·of·Con
00037d70:·7465·6e74·733c·2f68·323e·3c6f·6c3e·3c6c··tents</h2><ol><l00037d70:·7465·6e74·733c·2f68·323e·3c6f·6c3e·3c6c··tents</h2><ol><l
00037d80:·693e·3c61·2068·7265·663d·2223·7863·6364··i><a·href="#xccd00037d80:·693e·3c61·2068·7265·663d·2223·7863·6364··i><a·href="#xccd
00037d90:·665f·6f72·672e·7373·6770·726f·6a65·6374··f_org.ssgproject00037d90:·665f·6f72·672e·7373·6770·726f·6a65·6374··f_org.ssgproject
00037da0:·2e63·6f6e·7465·6e74·5f67·726f·7570·5f73··.content_group_s00037da0:·2e63·6f6e·7465·6e74·5f67·726f·7570·5f73··.content_group_s
Offset 42285, 23 lines modifiedOffset 42285, 23 lines modified
000a52c0:·6972·6564·0a20·202d·2072·6573·7472·6963··ired.··-·restric000a52c0:·6972·6564·0a20·202d·2072·6573·7472·6963··ired.··-·restric
000a52d0:·745f·7374·7261·7465·6779·0a0a·2d20·6e61··t_strategy..-·na000a52d0:·745f·7374·7261·7465·6779·0a0a·2d20·6e61··t_strategy..-·na
000a52e0:·6d65·3a20·5365·7420·6172·6368·6974·6563··me:·Set·architec000a52e0:·6d65·3a20·5365·7420·6172·6368·6974·6563··me:·Set·architec
000a52f0:·7475·7265·2066·6f72·2061·7564·6974·2063··ture·for·audit·c000a52f0:·7475·7265·2066·6f72·2061·7564·6974·2063··ture·for·audit·c
000a5300:·686d·6f64·2074·6173·6b73·0a20·2073·6574··hmod·tasks.··set000a5300:·686d·6f64·2074·6173·6b73·0a20·2073·6574··hmod·tasks.··set
000a5310:·5f66·6163·743a·0a20·2020·2061·7564·6974··_fact:.····audit000a5310:·5f66·6163·743a·0a20·2020·2061·7564·6974··_fact:.····audit
000a5320:·5f61·7263·683a·2062·3634·0a20·2077·6865··_arch:·b64.··whe000a5320:·5f61·7263·683a·2062·3634·0a20·2077·6865··_arch:·b64.··whe
000a5330:·6e3a·0a20·202d·2061·6e73·6962·6c65·5f76··n:.··-·ansible_v 
000a5340:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty 
000a5350:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock 
000a5360:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope 
000a5370:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",· 
000a5380:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··- 
000a5390:·2027·2261·7564·6974·6422·2069·6e20·616e···'"auditd"·in·an 
000a53a0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack000a5330:·6e3a·0a20·202d·2027·2261·7564·6974·6422··n:.··-·'"auditd"
 000a5340:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 000a5350:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·
 000a5360:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
 000a5370:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
 000a5380:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
 000a5390:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
 000a53a0:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
000a53b0:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl000a53b0:·6e65·7222·5d0a·2020·2d20·616e·7369·626c··ner"].··-·ansibl
000a53c0:·655f·6172·6368·6974·6563·7475·7265·203d··e_architecture·=000a53c0:·655f·6172·6368·6974·6563·7475·7265·203d··e_architecture·=
000a53d0:·3d20·2261·6172·6368·3634·2220·6f72·2061··=·"aarch64"·or·a000a53d0:·3d20·2261·6172·6368·3634·2220·6f72·2061··=·"aarch64"·or·a
000a53e0:·6e73·6962·6c65·5f61·7263·6869·7465·6374··nsible_architect000a53e0:·6e73·6962·6c65·5f61·7263·6869·7465·6374··nsible_architect
000a53f0:·7572·6520·3d3d·2022·7070·6336·3422·206f··ure·==·"ppc64"·o000a53f0:·7572·6520·3d3d·2022·7070·6336·3422·206f··ure·==·"ppc64"·o
000a5400:·7220·616e·7369·626c·655f·6172·6368·6974··r·ansible_archit000a5400:·7220·616e·7369·626c·655f·6172·6368·6974··r·ansible_archit
000a5410:·6563·7475·7265·0a20·2020·203d·3d20·2270··ecture.····==·"p000a5410:·6563·7475·7265·0a20·2020·203d·3d20·2270··ecture.····==·"p
000a5420:·7063·3634·6c65·2220·6f72·2061·6e73·6962··pc64le"·or·ansib000a5420:·7063·3634·6c65·2220·6f72·2061·6e73·6962··pc64le"·or·ansib
Offset 42606, 23 lines modifiedOffset 42606, 23 lines modified
000a66d0:·202d·4620·6b65·793d·7065·726d·5f6d·6f64···-F·key=perm_mod000a66d0:·202d·4620·6b65·793d·7065·726d·5f6d·6f64···-F·key=perm_mod
000a66e0:·0a20·2020·2020·2063·7265·6174·653a·2074··.······create:·t000a66e0:·0a20·2020·2020·2063·7265·6174·653a·2074··.······create:·t
000a66f0:·7275·650a·2020·2020·2020·6d6f·6465·3a20··rue.······mode:·000a66f0:·7275·650a·2020·2020·2020·6d6f·6465·3a20··rue.······mode:·
000a6700:·6f2d·7277·780a·2020·2020·2020·7374·6174··o-rwx.······stat000a6700:·6f2d·7277·780a·2020·2020·2020·7374·6174··o-rwx.······stat
000a6710:·653a·2070·7265·7365·6e74·0a20·2020·2077··e:·present.····w000a6710:·653a·2070·7265·7365·6e74·0a20·2020·2077··e:·present.····w
000a6720:·6865·6e3a·2073·7973·6361·6c6c·735f·666f··hen:·syscalls_fo000a6720:·6865·6e3a·2073·7973·6361·6c6c·735f·666f··hen:·syscalls_fo
000a6730:·756e·6420·7c20·6c65·6e67·7468·203d·3d20··und·|·length·==·000a6730:·756e·6420·7c20·6c65·6e67·7468·203d·3d20··und·|·length·==·
000a6740:·300a·2020·7768·656e·3a0a·2020·2d20·616e··0.··when:.··-·an000a6740:·300a·2020·7768·656e·3a0a·2020·2d20·2722··0.··when:.··-·'"
000a6750:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza 
000a6760:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in 
000a6770:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc 
000a6780:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po 
000a6790:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe 
000a67a0:·7222·5d0a·2020·2d20·2722·6175·6469·7464··r"].··-·'"auditd 
000a67b0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
000a67c0:·7473·2e70·6163·6b61·6765·7327·0a20·2074··ts.packages'.··t000a6750:·6175·6469·7464·2220·696e·2061·6e73·6962··auditd"·in·ansib
 000a6760:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
 000a6770:·7327·0a20·202d·2061·6e73·6962·6c65·5f76··s'.··-·ansible_v
 000a6780:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
 000a6790:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
 000a67a0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
 000a67b0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
 000a67c0:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t
000a67d0:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.000a67d0:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.
000a67e0:·342e·312e·310a·2020·2d20·4e49·5354·2d38··4.1.1.··-·NIST-8000a67e0:·342e·312e·310a·2020·2d20·4e49·5354·2d38··4.1.1.··-·NIST-8
000a67f0:·3030·2d31·3731·2d33·2e31·2e37·0a20·202d··00-171-3.1.7.··-000a67f0:·3030·2d31·3731·2d33·2e31·2e37·0a20·202d··00-171-3.1.7.··-
000a6800:·204e·4953·542d·3830·302d·3533·2d41·552d···NIST-800-53-AU-000a6800:·204e·4953·542d·3830·302d·3533·2d41·552d···NIST-800-53-AU-
000a6810:·3132·2863·290a·2020·2d20·4e49·5354·2d38··12(c).··-·NIST-8000a6810:·3132·2863·290a·2020·2d20·4e49·5354·2d38··12(c).··-·NIST-8
000a6820:·3030·2d35·332d·4155·2d32·2864·290a·2020··00-53-AU-2(d).··000a6820:·3030·2d35·332d·4155·2d32·2864·290a·2020··00-53-AU-2(d).··
000a6830:·2d20·4e49·5354·2d38·3030·2d35·332d·434d··-·NIST-800-53-CM000a6830:·2d20·4e49·5354·2d38·3030·2d35·332d·434d··-·NIST-800-53-CM
Offset 42916, 23 lines modifiedOffset 42916, 23 lines modified
000a7a30:·4620·6b65·793d·7065·726d·5f6d·6f64·0a20··F·key=perm_mod.·000a7a30:·4620·6b65·793d·7065·726d·5f6d·6f64·0a20··F·key=perm_mod.·
000a7a40:·2020·2020·2063·7265·6174·653a·2074·7275·······create:·tru000a7a40:·2020·2020·2063·7265·6174·653a·2074·7275·······create:·tru
000a7a50:·650a·2020·2020·2020·6d6f·6465·3a20·6f2d··e.······mode:·o-000a7a50:·650a·2020·2020·2020·6d6f·6465·3a20·6f2d··e.······mode:·o-
000a7a60:·7277·780a·2020·2020·2020·7374·6174·653a··rwx.······state:000a7a60:·7277·780a·2020·2020·2020·7374·6174·653a··rwx.······state:
000a7a70:·2070·7265·7365·6e74·0a20·2020·2077·6865···present.····whe000a7a70:·2070·7265·7365·6e74·0a20·2020·2077·6865···present.····whe
000a7a80:·6e3a·2073·7973·6361·6c6c·735f·666f·756e··n:·syscalls_foun000a7a80:·6e3a·2073·7973·6361·6c6c·735f·666f·756e··n:·syscalls_foun
000a7a90:·6420·7c20·6c65·6e67·7468·203d·3d20·300a··d·|·length·==·0.000a7a90:·6420·7c20·6c65·6e67·7468·203d·3d20·300a··d·|·length·==·0.
000a7aa0:·2020·7768·656e·3a0a·2020·2d20·616e·7369····when:.··-·ansi000a7aa0:·2020·7768·656e·3a0a·2020·2d20·2722·6175····when:.··-·'"au
000a7ab0:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati 
000a7ac0:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[ 
000a7ad0:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc", 
000a7ae0:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm 
000a7af0:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container" 
000a7b00:·5d0a·2020·2d20·2722·6175·6469·7464·2220··].··-·'"auditd"· 
000a7b10:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
000a7b20:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a000a7ab0:·6469·7464·2220·696e·2061·6e73·6962·6c65··ditd"·in·ansible
 000a7ac0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 000a7ad0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
 000a7ae0:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
 000a7af0:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
 000a7b00:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
 000a7b10:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
 000a7b20:·6f6e·7461·696e·6572·225d·0a20·202d·2061··ontainer"].··-·a
000a7b30:·7564·6974·5f61·7263·6820·3d3d·2022·6236··udit_arch·==·"b6000a7b30:·7564·6974·5f61·7263·6820·3d3d·2022·6236··udit_arch·==·"b6
000a7b40:·3422·0a20·2074·6167·733a·0a20·202d·2043··4".··tags:.··-·C000a7b40:·3422·0a20·2074·6167·733a·0a20·202d·2043··4".··tags:.··-·C
000a7b50:·4a49·532d·352e·342e·312e·310a·2020·2d20··JIS-5.4.1.1.··-·000a7b50:·4a49·532d·352e·342e·312e·310a·2020·2d20··JIS-5.4.1.1.··-·
000a7b60:·4e49·5354·2d38·3030·2d31·3731·2d33·2e31··NIST-800-171-3.1000a7b60:·4e49·5354·2d38·3030·2d31·3731·2d33·2e31··NIST-800-171-3.1
000a7b70:·2e37·0a20·202d·204e·4953·542d·3830·302d··.7.··-·NIST-800-000a7b70:·2e37·0a20·202d·204e·4953·542d·3830·302d··.7.··-·NIST-800-
000a7b80:·3533·2d41·552d·3132·2863·290a·2020·2d20··53-AU-12(c).··-·000a7b80:·3533·2d41·552d·3132·2863·290a·2020·2d20··53-AU-12(c).··-·
000a7b90:·4e49·5354·2d38·3030·2d35·332d·4155·2d32··NIST-800-53-AU-2000a7b90:·4e49·5354·2d38·3030·2d35·332d·4155·2d32··NIST-800-53-AU-2
Offset 42964, 26 lines modifiedOffset 42964, 26 lines modified
000a7d30:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=000a7d30:·3e3c·6272·3e3c·6469·7620·636c·6173·733d··><br><div·class=
000a7d40:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·000a7d40:·2270·616e·656c·2d63·6f6c·6c61·7073·6520··"panel-collapse·
000a7d50:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id000a7d50:·636f·6c6c·6170·7365·2220·6964·3d22·6964··collapse"·id="id
000a7d60:·6d31·3232·3134·223e·3c70·7265·3e3c·636f··m12214"><pre><co000a7d60:·6d31·3232·3134·223e·3c70·7265·3e3c·636f··m12214"><pre><co
000a7d70:·6465·3e23·2052·656d·6564·6961·7469·6f6e··de>#·Remediation000a7d70:·6465·3e23·2052·656d·6564·6961·7469·6f6e··de>#·Remediation
000a7d80:·2069·7320·6170·706c·6963·6162·6c65·206f···is·applicable·o000a7d80:·2069·7320·6170·706c·6963·6162·6c65·206f···is·applicable·o
000a7d90:·6e6c·7920·696e·2063·6572·7461·696e·2070··nly·in·certain·p000a7d90:·6e6c·7920·696e·2063·6572·7461·696e·2070··nly·in·certain·p
000a7da0:·6c61·7466·6f72·6d73·0a69·6620·5b20·2120··latforms.if·[·!·000a7da0:·6c61·7466·6f72·6d73·0a69·6620·6470·6b67··latforms.if·dpkg
000a7db0:·2d66·202f·2e64·6f63·6b65·7265·6e76·205d··-f·/.dockerenv·]000a7db0:·2d71·7565·7279·202d·2d73·686f·7720·2d2d··-query·--show·--
 000a7dc0:·7368·6f77·666f·726d·6174·3d27·247b·6462··showformat='${db
 000a7dd0:·3a53·7461·7475·732d·5374·6174·7573·7d5c··:Status-Status}\
 000a7de0:·6e27·2027·6175·6469·7464·2720·3226·6774··n'·'auditd'·2&gt
 000a7df0:·3b2f·6465·762f·6e75·6c6c·207c·2067·7265··;/dev/null·|·gre
 000a7e00:·7020·2d71·2069·6e73·7461·6c6c·6564·2026··p·-q·installed·&
000a7dc0:·2026·616d·703b·2661·6d70·3b20·5b20·2120···&amp;&amp;·[·!·000a7e10:·616d·703b·2661·6d70·3b20·5b20·2120·2d66··amp;&amp;·[·!·-f
 000a7e20:·202f·2e64·6f63·6b65·7265·6e76·205d·2026···/.dockerenv·]·&
 000a7e30:·616d·703b·2661·6d70·3b20·5b20·2120·2d66··amp;&amp;·[·!·-f
000a7dd0:·2d66·202f·7275·6e2f·2e63·6f6e·7461·696e··-f·/run/.contain000a7e40:·202f·7275·6e2f·2e63·6f6e·7461·696e·6572···/run/.container
Max diff block lines reached; 540602/550668 bytes (98.17%) of diff not shown.
164 KB
html2text {}
    
Offset 37, 15 lines modifiedOffset 37, 15 lines modified
37 *****·Profile·Information·*****37 *****·Profile·Information·*****
38 Profile·Title·CIS·Ubuntu·22.04·Level·2·Workstation·Benchmark38 Profile·Title·CIS·Ubuntu·22.04·Level·2·Workstation·Benchmark
39 Profile·ID····xccdf_org.ssgproject.content_profile_cis_level2_workstation39 Profile·ID····xccdf_org.ssgproject.content_profile_cis_level2_workstation
40 ***·CPE·Platforms·***40 ***·CPE·Platforms·***
41 ····*·cpe:/o:canonical:ubuntu_linux:22.04::~~lts~~~41 ····*·cpe:/o:canonical:ubuntu_linux:22.04::~~lts~~~
42 *****·Revision·History·*****42 *****·Revision·History·*****
43 Current·version:·0.1.6543 Current·version:·0.1.65
44 ····*·draft·(as·of·2024-01-14)44 ····*·draft·(as·of·2025-02-15)
45 *****·Table·of·Contents·*****45 *****·Table·of·Contents·*****
46 ···1.·System_Settings46 ···1.·System_Settings
47 ·········1.·Installing_and_Maintaining_Software47 ·········1.·Installing_and_Maintaining_Software
48 ·········2.·Account_and_Access_Control48 ·········2.·Account_and_Access_Control
49 ·········3.·System_Accounting_with_auditd49 ·········3.·System_Accounting_with_auditd
50 ·········4.·GRUB2_bootloader_configuration50 ·········4.·GRUB2_bootloader_configuration
51 ·········5.·Configure_Syslog51 ·········5.·Configure_Syslog
Offset 3580, 16 lines modifiedOffset 3580, 16 lines modified
3580 ··-·reboot_required3580 ··-·reboot_required
3581 ··-·restrict_strategy3581 ··-·restrict_strategy
  
3582 -·name:·Set·architecture·for·audit·chmod·tasks3582 -·name:·Set·architecture·for·audit·chmod·tasks
3583 ··set_fact:3583 ··set_fact:
3584 ····audit_arch:·b643584 ····audit_arch:·b64
3585 ··when:3585 ··when:
3586 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3587 ··-·'"auditd"·in·ansible_facts.packages'3586 ··-·'"auditd"·in·ansible_facts.packages'
 3587 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3588 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture3588 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
3589 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"3589 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
3590 ··tags:3590 ··tags:
3591 ··-·CJIS-5.4.1.13591 ··-·CJIS-5.4.1.1
3592 ··-·NIST-800-171-3.1.73592 ··-·NIST-800-171-3.1.7
3593 ··-·NIST-800-53-AU-12(c)3593 ··-·NIST-800-53-AU-12(c)
3594 ··-·NIST-800-53-AU-2(d)3594 ··-·NIST-800-53-AU-2(d)
Offset 3725, 16 lines modifiedOffset 3725, 16 lines modified
3725 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10003725 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
3726 ········-F·auid!=unset·-F·key=perm_mod3726 ········-F·auid!=unset·-F·key=perm_mod
3727 ······create:·true3727 ······create:·true
3728 ······mode:·o-rwx3728 ······mode:·o-rwx
3729 ······state:·present3729 ······state:·present
3730 ····when:·syscalls_found·|·length·==·03730 ····when:·syscalls_found·|·length·==·0
3731 ··when:3731 ··when:
3732 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3733 ··-·'"auditd"·in·ansible_facts.packages'3732 ··-·'"auditd"·in·ansible_facts.packages'
 3733 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3734 ··tags:3734 ··tags:
3735 ··-·CJIS-5.4.1.13735 ··-·CJIS-5.4.1.1
3736 ··-·NIST-800-171-3.1.73736 ··-·NIST-800-171-3.1.7
3737 ··-·NIST-800-53-AU-12(c)3737 ··-·NIST-800-53-AU-12(c)
3738 ··-·NIST-800-53-AU-2(d)3738 ··-·NIST-800-53-AU-2(d)
3739 ··-·NIST-800-53-CM-6(a)3739 ··-·NIST-800-53-CM-6(a)
3740 ··-·PCI-DSS-Req-10.5.53740 ··-·PCI-DSS-Req-10.5.5
Offset 3868, 16 lines modifiedOffset 3868, 16 lines modified
3868 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10003868 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
3869 ········-F·auid!=unset·-F·key=perm_mod3869 ········-F·auid!=unset·-F·key=perm_mod
3870 ······create:·true3870 ······create:·true
3871 ······mode:·o-rwx3871 ······mode:·o-rwx
3872 ······state:·present3872 ······state:·present
3873 ····when:·syscalls_found·|·length·==·03873 ····when:·syscalls_found·|·length·==·0
3874 ··when:3874 ··when:
3875 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3876 ··-·'"auditd"·in·ansible_facts.packages'3875 ··-·'"auditd"·in·ansible_facts.packages'
 3876 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3877 ··-·audit_arch·==·"b64"3877 ··-·audit_arch·==·"b64"
3878 ··tags:3878 ··tags:
3879 ··-·CJIS-5.4.1.13879 ··-·CJIS-5.4.1.1
3880 ··-·NIST-800-171-3.1.73880 ··-·NIST-800-171-3.1.7
3881 ··-·NIST-800-53-AU-12(c)3881 ··-·NIST-800-53-AU-12(c)
3882 ··-·NIST-800-53-AU-2(d)3882 ··-·NIST-800-53-AU-2(d)
3883 ··-·NIST-800-53-CM-6(a)3883 ··-·NIST-800-53-CM-6(a)
Offset 3886, 16 lines modifiedOffset 3886, 16 lines modified
3886 ··-·low_complexity3886 ··-·low_complexity
3887 ··-·low_disruption3887 ··-·low_disruption
3888 ··-·medium_severity3888 ··-·medium_severity
3889 ··-·reboot_required3889 ··-·reboot_required
3890 ··-·restrict_strategy3890 ··-·restrict_strategy
3891 Remediation_Shell_script_⇲3891 Remediation_Shell_script_⇲
3892 #·Remediation·is·applicable·only·in·certain·platforms3892 #·Remediation·is·applicable·only·in·certain·platforms
3893 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·dpkg-query·--show·--showformat='${db:Status- 
3894 Status}\n'·'auditd'·2>/dev/null·|·grep·-q·installed;·then3893 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'auditd'·2>/dev/null·|·grep·-q·installed·&&·[·!·-
 3894 f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
3895 #·First·perform·the·remediation·of·the·syscall·rule3895 #·First·perform·the·remediation·of·the·syscall·rule
3896 #·Retrieve·hardware·architecture·of·the·underlying·system3896 #·Retrieve·hardware·architecture·of·the·underlying·system
3897 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")3897 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
3898 for·ARCH·in·"${RULE_ARCHS[@]}"3898 for·ARCH·in·"${RULE_ARCHS[@]}"
3899 do3899 do
Offset 4286, 16 lines modifiedOffset 4286, 16 lines modified
4286 ··-·reboot_required4286 ··-·reboot_required
4287 ··-·restrict_strategy4287 ··-·restrict_strategy
  
4288 -·name:·Set·architecture·for·audit·chown·tasks4288 -·name:·Set·architecture·for·audit·chown·tasks
4289 ··set_fact:4289 ··set_fact:
4290 ····audit_arch:·b644290 ····audit_arch:·b64
4291 ··when:4291 ··when:
4292 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4293 ··-·'"auditd"·in·ansible_facts.packages'4292 ··-·'"auditd"·in·ansible_facts.packages'
 4293 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4294 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture4294 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
4295 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"4295 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
4296 ··tags:4296 ··tags:
4297 ··-·CJIS-5.4.1.14297 ··-·CJIS-5.4.1.1
4298 ··-·NIST-800-171-3.1.74298 ··-·NIST-800-171-3.1.7
4299 ··-·NIST-800-53-AU-12(c)4299 ··-·NIST-800-53-AU-12(c)
4300 ··-·NIST-800-53-AU-2(d)4300 ··-·NIST-800-53-AU-2(d)
Offset 4433, 16 lines modifiedOffset 4433, 16 lines modified
4433 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10004433 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
4434 ········-F·auid!=unset·-F·key=perm_mod4434 ········-F·auid!=unset·-F·key=perm_mod
4435 ······create:·true4435 ······create:·true
4436 ······mode:·o-rwx4436 ······mode:·o-rwx
4437 ······state:·present4437 ······state:·present
4438 ····when:·syscalls_found·|·length·==·04438 ····when:·syscalls_found·|·length·==·0
4439 ··when:4439 ··when:
4440 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4441 ··-·'"auditd"·in·ansible_facts.packages'4440 ··-·'"auditd"·in·ansible_facts.packages'
 4441 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4442 ··tags:4442 ··tags:
4443 ··-·CJIS-5.4.1.14443 ··-·CJIS-5.4.1.1
4444 ··-·NIST-800-171-3.1.74444 ··-·NIST-800-171-3.1.7
4445 ··-·NIST-800-53-AU-12(c)4445 ··-·NIST-800-53-AU-12(c)
4446 ··-·NIST-800-53-AU-2(d)4446 ··-·NIST-800-53-AU-2(d)
4447 ··-·NIST-800-53-CM-6(a)4447 ··-·NIST-800-53-CM-6(a)
4448 ··-·PCI-DSS-Req-10.5.54448 ··-·PCI-DSS-Req-10.5.5
Offset 4578, 16 lines modifiedOffset 4578, 16 lines modified
4578 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10004578 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
4579 ········-F·auid!=unset·-F·key=perm_mod4579 ········-F·auid!=unset·-F·key=perm_mod
4580 ······create:·true4580 ······create:·true
Max diff block lines reached; 162556/167410 bytes (97.10%) of diff not shown.
2.0 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu2204-guide-standard.html
    
Offset 14287, 16 lines modifiedOffset 14287, 16 lines modified
00037ce0:·7669·7369·6f6e·2048·6973·746f·7279·3c2f··vision·History</00037ce0:·7669·7369·6f6e·2048·6973·746f·7279·3c2f··vision·History</
00037cf0:·6832·3e3c·703e·4375·7272·656e·7420·7665··h2><p>Current·ve00037cf0:·6832·3e3c·703e·4375·7272·656e·7420·7665··h2><p>Current·ve
00037d00:·7273·696f·6e3a·203c·7374·726f·6e67·3e30··rsion:·<strong>000037d00:·7273·696f·6e3a·203c·7374·726f·6e67·3e30··rsion:·<strong>0
00037d10:·2e31·2e36·353c·2f73·7472·6f6e·673e·3c2f··.1.65</strong></00037d10:·2e31·2e36·353c·2f73·7472·6f6e·673e·3c2f··.1.65</strong></
00037d20:·703e·3c75·6c3e·3c6c·693e·3c73·7472·6f6e··p><ul><li><stron00037d20:·703e·3c75·6c3e·3c6c·693e·3c73·7472·6f6e··p><ul><li><stron
00037d30:·673e·6472·6166·743c·2f73·7472·6f6e·673e··g>draft</strong>00037d30:·673e·6472·6166·743c·2f73·7472·6f6e·673e··g>draft</strong>
00037d40:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············00037d40:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············
00037d50:·2020·2020·2028·6173·206f·6620·3230·3234·······(as·of·202400037d50:·2020·2020·2028·6173·206f·6620·3230·3235·······(as·of·2025
00037d60:·2d30·312d·3134·290a·2020·2020·2020·2020··-01-14).········00037d60:·2d30·322d·3135·290a·2020·2020·2020·2020··-02-15).········
00037d70:·2020·2020·2020·2020·3c2f·6c69·3e3c·2f75··········</li></u00037d70:·2020·2020·2020·2020·3c2f·6c69·3e3c·2f75··········</li></u
00037d80:·6c3e·3c2f·6469·763e·3c68·323e·5461·626c··l></div><h2>Tabl00037d80:·6c3e·3c2f·6469·763e·3c68·323e·5461·626c··l></div><h2>Tabl
00037d90:·6520·6f66·2043·6f6e·7465·6e74·733c·2f68··e·of·Contents</h00037d90:·6520·6f66·2043·6f6e·7465·6e74·733c·2f68··e·of·Contents</h
00037da0:·323e·3c6f·6c3e·3c6c·693e·3c61·2068·7265··2><ol><li><a·hre00037da0:·323e·3c6f·6c3e·3c6c·693e·3c61·2068·7265··2><ol><li><a·hre
00037db0:·663d·2223·7863·6364·665f·6f72·672e·7373··f="#xccdf_org.ss00037db0:·663d·2223·7863·6364·665f·6f72·672e·7373··f="#xccdf_org.ss
00037dc0:·6770·726f·6a65·6374·2e63·6f6e·7465·6e74··gproject.content00037dc0:·6770·726f·6a65·6374·2e63·6f6e·7465·6e74··gproject.content
00037dd0:·5f67·726f·7570·5f73·7973·7465·6d22·3e53··_group_system">S00037dd0:·5f67·726f·7570·5f73·7973·7465·6d22·3e53··_group_system">S
654 B
html2text {}
    
Offset 38, 15 lines modifiedOffset 38, 15 lines modified
38 *****·Profile·Information·*****38 *****·Profile·Information·*****
39 Profile·Title·Standard·System·Security·Profile·for·Ubuntu·22.0439 Profile·Title·Standard·System·Security·Profile·for·Ubuntu·22.04
40 Profile·ID····xccdf_org.ssgproject.content_profile_standard40 Profile·ID····xccdf_org.ssgproject.content_profile_standard
41 ***·CPE·Platforms·***41 ***·CPE·Platforms·***
42 ····*·cpe:/o:canonical:ubuntu_linux:22.04::~~lts~~~42 ····*·cpe:/o:canonical:ubuntu_linux:22.04::~~lts~~~
43 *****·Revision·History·*****43 *****·Revision·History·*****
44 Current·version:·0.1.6544 Current·version:·0.1.65
45 ····*·draft·(as·of·2024-01-14)45 ····*·draft·(as·of·2025-02-15)
46 *****·Table·of·Contents·*****46 *****·Table·of·Contents·*****
47 ···1.·System_Settings47 ···1.·System_Settings
48 ·········1.·Installing_and_Maintaining_Software48 ·········1.·Installing_and_Maintaining_Software
49 ·········2.·Account_and_Access_Control49 ·········2.·Account_and_Access_Control
50 ·········3.·System_Accounting_with_auditd50 ·········3.·System_Accounting_with_auditd
51 ·········4.·Configure_Syslog51 ·········4.·Configure_Syslog
52 ·········5.·File_Permissions_and_Masks52 ·········5.·File_Permissions_and_Masks
133 KB
./usr/share/scap-security-guide/ansible/ubuntu2204-playbook-cis_level2_server.yml
Ordering differences only
    
Offset 1152, 16 lines modifiedOffset 1152, 16 lines modified
  
1152 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension1152 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
1153 ······find:1153 ······find:
1154 ········paths:·/etc/audit/rules.d/1154 ········paths:·/etc/audit/rules.d/
1155 ········patterns:·'*.rules'1155 ········patterns:·'*.rules'
1156 ······register:·find_rules_d1156 ······register:·find_rules_d
1157 ······when:1157 ······when:
1158 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1159 ······-·'"auditd"·in·ansible_facts.packages'1158 ······-·'"auditd"·in·ansible_facts.packages'
 1159 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1160 ······tags:1160 ······tags:
1161 ······-·CJIS-5.4.1.11161 ······-·CJIS-5.4.1.1
1162 ······-·NIST-800-171-3.3.11162 ······-·NIST-800-171-3.3.1
1163 ······-·NIST-800-171-3.4.31163 ······-·NIST-800-171-3.4.3
1164 ······-·NIST-800-53-AC-6(9)1164 ······-·NIST-800-53-AC-6(9)
1165 ······-·NIST-800-53-CM-6(a)1165 ······-·NIST-800-53-CM-6(a)
1166 ······-·PCI-DSS-Req-10.5.21166 ······-·PCI-DSS-Req-10.5.2
Offset 1176, 16 lines modifiedOffset 1176, 16 lines modified
1176 ······lineinfile:1176 ······lineinfile:
1177 ········path:·'{{·item·}}'1177 ········path:·'{{·item·}}'
1178 ········regexp:·^\s*(?:-e)\s+.*$1178 ········regexp:·^\s*(?:-e)\s+.*$
1179 ········state:·absent1179 ········state:·absent
1180 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']1180 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
1181 ········}}'1181 ········}}'
1182 ······when:1182 ······when:
1183 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1184 ······-·'"auditd"·in·ansible_facts.packages'1183 ······-·'"auditd"·in·ansible_facts.packages'
 1184 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1185 ······tags:1185 ······tags:
1186 ······-·CJIS-5.4.1.11186 ······-·CJIS-5.4.1.1
1187 ······-·NIST-800-171-3.3.11187 ······-·NIST-800-171-3.3.1
1188 ······-·NIST-800-171-3.4.31188 ······-·NIST-800-171-3.4.3
1189 ······-·NIST-800-53-AC-6(9)1189 ······-·NIST-800-53-AC-6(9)
1190 ······-·NIST-800-53-CM-6(a)1190 ······-·NIST-800-53-CM-6(a)
1191 ······-·PCI-DSS-Req-10.5.21191 ······-·PCI-DSS-Req-10.5.2
Offset 1202, 16 lines modifiedOffset 1202, 16 lines modified
1202 ········create:·true1202 ········create:·true
1203 ········line:·-e·21203 ········line:·-e·2
1204 ········mode:·o-rwx1204 ········mode:·o-rwx
1205 ······loop:1205 ······loop:
1206 ······-·/etc/audit/audit.rules1206 ······-·/etc/audit/audit.rules
1207 ······-·/etc/audit/rules.d/immutable.rules1207 ······-·/etc/audit/rules.d/immutable.rules
1208 ······when:1208 ······when:
1209 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1210 ······-·'"auditd"·in·ansible_facts.packages'1209 ······-·'"auditd"·in·ansible_facts.packages'
 1210 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1211 ······tags:1211 ······tags:
1212 ······-·CJIS-5.4.1.11212 ······-·CJIS-5.4.1.1
1213 ······-·NIST-800-171-3.3.11213 ······-·NIST-800-171-3.3.1
1214 ······-·NIST-800-171-3.4.31214 ······-·NIST-800-171-3.4.3
1215 ······-·NIST-800-53-AC-6(9)1215 ······-·NIST-800-53-AC-6(9)
1216 ······-·NIST-800-53-CM-6(a)1216 ······-·NIST-800-53-CM-6(a)
1217 ······-·PCI-DSS-Req-10.5.21217 ······-·PCI-DSS-Req-10.5.2
Offset 1246, 16 lines modifiedOffset 1246, 16 lines modified
1246 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/1246 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
1247 ······find:1247 ······find:
1248 ········paths:·/etc/audit/rules.d1248 ········paths:·/etc/audit/rules.d
1249 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+1249 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
1250 ········patterns:·'*.rules'1250 ········patterns:·'*.rules'
1251 ······register:·find_existing_watch_rules_d1251 ······register:·find_existing_watch_rules_d
1252 ······when:1252 ······when:
1253 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1254 ······-·'"auditd"·in·ansible_facts.packages'1253 ······-·'"auditd"·in·ansible_facts.packages'
 1254 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1255 ······tags:1255 ······tags:
1256 ······-·CJIS-5.4.1.11256 ······-·CJIS-5.4.1.1
1257 ······-·NIST-800-171-3.1.71257 ······-·NIST-800-171-3.1.7
1258 ······-·NIST-800-53-AC-2(7)(b)1258 ······-·NIST-800-53-AC-2(7)(b)
1259 ······-·NIST-800-53-AC-6(9)1259 ······-·NIST-800-53-AC-6(9)
1260 ······-·NIST-800-53-AU-12(c)1260 ······-·NIST-800-53-AU-12(c)
1261 ······-·NIST-800-53-AU-2(d)1261 ······-·NIST-800-53-AU-2(d)
Offset 1272, 16 lines modifiedOffset 1272, 16 lines modified
1272 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions1272 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
1273 ······find:1273 ······find:
1274 ········paths:·/etc/audit/rules.d1274 ········paths:·/etc/audit/rules.d
1275 ········contains:·^.*(?:-F·key=|-k\s+)actions$1275 ········contains:·^.*(?:-F·key=|-k\s+)actions$
1276 ········patterns:·'*.rules'1276 ········patterns:·'*.rules'
1277 ······register:·find_watch_key1277 ······register:·find_watch_key
1278 ······when:1278 ······when:
1279 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1280 ······-·'"auditd"·in·ansible_facts.packages'1279 ······-·'"auditd"·in·ansible_facts.packages'
 1280 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1281 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched1281 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
1282 ········==·01282 ········==·0
1283 ······tags:1283 ······tags:
1284 ······-·CJIS-5.4.1.11284 ······-·CJIS-5.4.1.1
1285 ······-·NIST-800-171-3.1.71285 ······-·NIST-800-171-3.1.7
1286 ······-·NIST-800-53-AC-2(7)(b)1286 ······-·NIST-800-53-AC-2(7)(b)
1287 ······-·NIST-800-53-AC-6(9)1287 ······-·NIST-800-53-AC-6(9)
Offset 1298, 16 lines modifiedOffset 1298, 16 lines modified
1298 ······-·restrict_strategy1298 ······-·restrict_strategy
  
1299 ····-·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule1299 ····-·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule
1300 ······set_fact:1300 ······set_fact:
1301 ········all_files:1301 ········all_files:
1302 ········-·/etc/audit/rules.d/actions.rules1302 ········-·/etc/audit/rules.d/actions.rules
1303 ······when:1303 ······when:
1304 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1305 ······-·'"auditd"·in·ansible_facts.packages'1304 ······-·'"auditd"·in·ansible_facts.packages'
 1305 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1306 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched1306 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
1307 ········is·defined·and·find_existing_watch_rules_d.matched·==·01307 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1308 ······tags:1308 ······tags:
1309 ······-·CJIS-5.4.1.11309 ······-·CJIS-5.4.1.1
1310 ······-·NIST-800-171-3.1.71310 ······-·NIST-800-171-3.1.7
1311 ······-·NIST-800-53-AC-2(7)(b)1311 ······-·NIST-800-53-AC-2(7)(b)
1312 ······-·NIST-800-53-AC-6(9)1312 ······-·NIST-800-53-AC-6(9)
Offset 1324, 16 lines modifiedOffset 1324, 16 lines modified
1324 ······-·restrict_strategy1324 ······-·restrict_strategy
  
1325 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule1325 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
1326 ······set_fact:1326 ······set_fact:
1327 ········all_files:1327 ········all_files:
1328 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'1328 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
1329 ······when:1329 ······when:
1330 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1331 ······-·'"auditd"·in·ansible_facts.packages'1330 ······-·'"auditd"·in·ansible_facts.packages'
 1331 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1332 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched1332 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
1333 ········is·defined·and·find_existing_watch_rules_d.matched·==·01333 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1334 ······tags:1334 ······tags:
1335 ······-·CJIS-5.4.1.11335 ······-·CJIS-5.4.1.1
1336 ······-·NIST-800-171-3.1.71336 ······-·NIST-800-171-3.1.7
1337 ······-·NIST-800-53-AC-2(7)(b)1337 ······-·NIST-800-53-AC-2(7)(b)
1338 ······-·NIST-800-53-AC-6(9)1338 ······-·NIST-800-53-AC-6(9)
Offset 1352, 16 lines modifiedOffset 1352, 16 lines modified
1352 ····-·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/1352 ····-·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/
Max diff block lines reached; 130561/135598 bytes (96.29%) of diff not shown.
133 KB
./usr/share/scap-security-guide/ansible/ubuntu2204-playbook-cis_level2_workstation.yml
Ordering differences only
    
Offset 1121, 16 lines modifiedOffset 1121, 16 lines modified
  
1121 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension1121 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
1122 ······find:1122 ······find:
1123 ········paths:·/etc/audit/rules.d/1123 ········paths:·/etc/audit/rules.d/
1124 ········patterns:·'*.rules'1124 ········patterns:·'*.rules'
1125 ······register:·find_rules_d1125 ······register:·find_rules_d
1126 ······when:1126 ······when:
1127 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1128 ······-·'"auditd"·in·ansible_facts.packages'1127 ······-·'"auditd"·in·ansible_facts.packages'
 1128 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1129 ······tags:1129 ······tags:
1130 ······-·CJIS-5.4.1.11130 ······-·CJIS-5.4.1.1
1131 ······-·NIST-800-171-3.3.11131 ······-·NIST-800-171-3.3.1
1132 ······-·NIST-800-171-3.4.31132 ······-·NIST-800-171-3.4.3
1133 ······-·NIST-800-53-AC-6(9)1133 ······-·NIST-800-53-AC-6(9)
1134 ······-·NIST-800-53-CM-6(a)1134 ······-·NIST-800-53-CM-6(a)
1135 ······-·PCI-DSS-Req-10.5.21135 ······-·PCI-DSS-Req-10.5.2
Offset 1145, 16 lines modifiedOffset 1145, 16 lines modified
1145 ······lineinfile:1145 ······lineinfile:
1146 ········path:·'{{·item·}}'1146 ········path:·'{{·item·}}'
1147 ········regexp:·^\s*(?:-e)\s+.*$1147 ········regexp:·^\s*(?:-e)\s+.*$
1148 ········state:·absent1148 ········state:·absent
1149 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']1149 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
1150 ········}}'1150 ········}}'
1151 ······when:1151 ······when:
1152 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1153 ······-·'"auditd"·in·ansible_facts.packages'1152 ······-·'"auditd"·in·ansible_facts.packages'
 1153 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1154 ······tags:1154 ······tags:
1155 ······-·CJIS-5.4.1.11155 ······-·CJIS-5.4.1.1
1156 ······-·NIST-800-171-3.3.11156 ······-·NIST-800-171-3.3.1
1157 ······-·NIST-800-171-3.4.31157 ······-·NIST-800-171-3.4.3
1158 ······-·NIST-800-53-AC-6(9)1158 ······-·NIST-800-53-AC-6(9)
1159 ······-·NIST-800-53-CM-6(a)1159 ······-·NIST-800-53-CM-6(a)
1160 ······-·PCI-DSS-Req-10.5.21160 ······-·PCI-DSS-Req-10.5.2
Offset 1171, 16 lines modifiedOffset 1171, 16 lines modified
1171 ········create:·true1171 ········create:·true
1172 ········line:·-e·21172 ········line:·-e·2
1173 ········mode:·o-rwx1173 ········mode:·o-rwx
1174 ······loop:1174 ······loop:
1175 ······-·/etc/audit/audit.rules1175 ······-·/etc/audit/audit.rules
1176 ······-·/etc/audit/rules.d/immutable.rules1176 ······-·/etc/audit/rules.d/immutable.rules
1177 ······when:1177 ······when:
1178 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1179 ······-·'"auditd"·in·ansible_facts.packages'1178 ······-·'"auditd"·in·ansible_facts.packages'
 1179 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1180 ······tags:1180 ······tags:
1181 ······-·CJIS-5.4.1.11181 ······-·CJIS-5.4.1.1
1182 ······-·NIST-800-171-3.3.11182 ······-·NIST-800-171-3.3.1
1183 ······-·NIST-800-171-3.4.31183 ······-·NIST-800-171-3.4.3
1184 ······-·NIST-800-53-AC-6(9)1184 ······-·NIST-800-53-AC-6(9)
1185 ······-·NIST-800-53-CM-6(a)1185 ······-·NIST-800-53-CM-6(a)
1186 ······-·PCI-DSS-Req-10.5.21186 ······-·PCI-DSS-Req-10.5.2
Offset 1215, 16 lines modifiedOffset 1215, 16 lines modified
1215 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/1215 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
1216 ······find:1216 ······find:
1217 ········paths:·/etc/audit/rules.d1217 ········paths:·/etc/audit/rules.d
1218 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+1218 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
1219 ········patterns:·'*.rules'1219 ········patterns:·'*.rules'
1220 ······register:·find_existing_watch_rules_d1220 ······register:·find_existing_watch_rules_d
1221 ······when:1221 ······when:
1222 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1223 ······-·'"auditd"·in·ansible_facts.packages'1222 ······-·'"auditd"·in·ansible_facts.packages'
 1223 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1224 ······tags:1224 ······tags:
1225 ······-·CJIS-5.4.1.11225 ······-·CJIS-5.4.1.1
1226 ······-·NIST-800-171-3.1.71226 ······-·NIST-800-171-3.1.7
1227 ······-·NIST-800-53-AC-2(7)(b)1227 ······-·NIST-800-53-AC-2(7)(b)
1228 ······-·NIST-800-53-AC-6(9)1228 ······-·NIST-800-53-AC-6(9)
1229 ······-·NIST-800-53-AU-12(c)1229 ······-·NIST-800-53-AU-12(c)
1230 ······-·NIST-800-53-AU-2(d)1230 ······-·NIST-800-53-AU-2(d)
Offset 1241, 16 lines modifiedOffset 1241, 16 lines modified
1241 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions1241 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
1242 ······find:1242 ······find:
1243 ········paths:·/etc/audit/rules.d1243 ········paths:·/etc/audit/rules.d
1244 ········contains:·^.*(?:-F·key=|-k\s+)actions$1244 ········contains:·^.*(?:-F·key=|-k\s+)actions$
1245 ········patterns:·'*.rules'1245 ········patterns:·'*.rules'
1246 ······register:·find_watch_key1246 ······register:·find_watch_key
1247 ······when:1247 ······when:
1248 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1249 ······-·'"auditd"·in·ansible_facts.packages'1248 ······-·'"auditd"·in·ansible_facts.packages'
 1249 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1250 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched1250 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
1251 ········==·01251 ········==·0
1252 ······tags:1252 ······tags:
1253 ······-·CJIS-5.4.1.11253 ······-·CJIS-5.4.1.1
1254 ······-·NIST-800-171-3.1.71254 ······-·NIST-800-171-3.1.7
1255 ······-·NIST-800-53-AC-2(7)(b)1255 ······-·NIST-800-53-AC-2(7)(b)
1256 ······-·NIST-800-53-AC-6(9)1256 ······-·NIST-800-53-AC-6(9)
Offset 1267, 16 lines modifiedOffset 1267, 16 lines modified
1267 ······-·restrict_strategy1267 ······-·restrict_strategy
  
1268 ····-·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule1268 ····-·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule
1269 ······set_fact:1269 ······set_fact:
1270 ········all_files:1270 ········all_files:
1271 ········-·/etc/audit/rules.d/actions.rules1271 ········-·/etc/audit/rules.d/actions.rules
1272 ······when:1272 ······when:
1273 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1274 ······-·'"auditd"·in·ansible_facts.packages'1273 ······-·'"auditd"·in·ansible_facts.packages'
 1274 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1275 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched1275 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
1276 ········is·defined·and·find_existing_watch_rules_d.matched·==·01276 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1277 ······tags:1277 ······tags:
1278 ······-·CJIS-5.4.1.11278 ······-·CJIS-5.4.1.1
1279 ······-·NIST-800-171-3.1.71279 ······-·NIST-800-171-3.1.7
1280 ······-·NIST-800-53-AC-2(7)(b)1280 ······-·NIST-800-53-AC-2(7)(b)
1281 ······-·NIST-800-53-AC-6(9)1281 ······-·NIST-800-53-AC-6(9)
Offset 1293, 16 lines modifiedOffset 1293, 16 lines modified
1293 ······-·restrict_strategy1293 ······-·restrict_strategy
  
1294 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule1294 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
1295 ······set_fact:1295 ······set_fact:
1296 ········all_files:1296 ········all_files:
1297 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'1297 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
1298 ······when:1298 ······when:
1299 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1300 ······-·'"auditd"·in·ansible_facts.packages'1299 ······-·'"auditd"·in·ansible_facts.packages'
 1300 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1301 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched1301 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
1302 ········is·defined·and·find_existing_watch_rules_d.matched·==·01302 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1303 ······tags:1303 ······tags:
1304 ······-·CJIS-5.4.1.11304 ······-·CJIS-5.4.1.1
1305 ······-·NIST-800-171-3.1.71305 ······-·NIST-800-171-3.1.7
1306 ······-·NIST-800-53-AC-2(7)(b)1306 ······-·NIST-800-53-AC-2(7)(b)
1307 ······-·NIST-800-53-AC-6(9)1307 ······-·NIST-800-53-AC-6(9)
Offset 1321, 16 lines modifiedOffset 1321, 16 lines modified
1321 ····-·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/1321 ····-·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/
Max diff block lines reached; 130561/135598 bytes (96.29%) of diff not shown.
1.43 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu1604-ds-1.2.xml
1.31 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu1604-ds-1.2.xml
    
Offset 92, 15 lines modifiedOffset 92, 15 lines modified
92 ········<cpe-dict:title·xml:lang="en-us">Ubuntu·release·16.04·(Xenial)</cpe-dict:title>92 ········<cpe-dict:title·xml:lang="en-us">Ubuntu·release·16.04·(Xenial)</cpe-dict:title>
93 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ubuntu1604-cpe-oval.xml">oval:ssg-installed_OS_is_ubuntu1604:def:1</cpe-dict:check>93 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ubuntu1604-cpe-oval.xml">oval:ssg-installed_OS_is_ubuntu1604:def:1</cpe-dict:check>
94 ······</cpe-dict:cpe-item>94 ······</cpe-dict:cpe-item>
95 ····</cpe-dict:cpe-list>95 ····</cpe-dict:cpe-list>
96 ··</ds:component>96 ··</ds:component>
97 ··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1604-xccdf.xml"·timestamp="2022-12-20T09:54:05">97 ··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1604-xccdf.xml"·timestamp="2022-12-20T09:54:05">
98 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UBUNTU-XENIAL"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">98 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UBUNTU-XENIAL"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
99 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>99 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
100 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·16.04</xccdf-1.2:title>100 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·16.04</xccdf-1.2:title>
101 ······<xccdf-1.2:description>101 ······<xccdf-1.2:description>
102 ········This·guide·presents·a·catalog·of·security-relevant102 ········This·guide·presents·a·catalog·of·security-relevant
103 configuration·settings·for·Ubuntu·16.04.·It·is·a·rendering·of103 configuration·settings·for·Ubuntu·16.04.·It·is·a·rendering·of
104 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)104 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
105 in·order·to·support·security·automation.··The·SCAP·content·is105 in·order·to·support·security·automation.··The·SCAP·content·is
106 is·available·in·the106 is·available·in·the
1.41 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu1604-ds.xml
1.31 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu1604-ds.xml
    
Offset 94, 15 lines modifiedOffset 94, 15 lines modified
94 ········<cpe-dict:title·xml:lang="en-us">Ubuntu·release·16.04·(Xenial)</cpe-dict:title>94 ········<cpe-dict:title·xml:lang="en-us">Ubuntu·release·16.04·(Xenial)</cpe-dict:title>
95 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ubuntu1604-cpe-oval.xml">oval:ssg-installed_OS_is_ubuntu1604:def:1</cpe-dict:check>95 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ubuntu1604-cpe-oval.xml">oval:ssg-installed_OS_is_ubuntu1604:def:1</cpe-dict:check>
96 ······</cpe-dict:cpe-item>96 ······</cpe-dict:cpe-item>
97 ····</cpe-dict:cpe-list>97 ····</cpe-dict:cpe-list>
98 ··</ds:component>98 ··</ds:component>
99 ··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1604-xccdf.xml"·timestamp="2022-12-20T09:54:05">99 ··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1604-xccdf.xml"·timestamp="2022-12-20T09:54:05">
100 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UBUNTU-XENIAL"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">100 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UBUNTU-XENIAL"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
101 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>101 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
102 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·16.04</xccdf-1.2:title>102 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·16.04</xccdf-1.2:title>
103 ······<xccdf-1.2:description>103 ······<xccdf-1.2:description>
104 ········This·guide·presents·a·catalog·of·security-relevant104 ········This·guide·presents·a·catalog·of·security-relevant
105 configuration·settings·for·Ubuntu·16.04.·It·is·a·rendering·of105 configuration·settings·for·Ubuntu·16.04.·It·is·a·rendering·of
106 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)106 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
107 in·order·to·support·security·automation.··The·SCAP·content·is107 in·order·to·support·security·automation.··The·SCAP·content·is
108 is·available·in·the108 is·available·in·the
1.24 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu1604-xccdf.xml
1.13 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu1604-xccdf.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_UBUNTU-XENIAL"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_UBUNTU-XENIAL"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
3 ··<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>3 ··<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·16.04</xccdf-1.2:title>4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·16.04</xccdf-1.2:title>
5 ··<xccdf-1.2:description>5 ··<xccdf-1.2:description>
6 ····This·guide·presents·a·catalog·of·security-relevant6 ····This·guide·presents·a·catalog·of·security-relevant
7 configuration·settings·for·Ubuntu·16.04.·It·is·a·rendering·of7 configuration·settings·for·Ubuntu·16.04.·It·is·a·rendering·of
8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
9 in·order·to·support·security·automation.··The·SCAP·content·is9 in·order·to·support·security·automation.··The·SCAP·content·is
10 is·available·in·the10 is·available·in·the
1.44 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu1804-ds-1.2.xml
1.32 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu1804-ds-1.2.xml
    
Offset 100, 15 lines modifiedOffset 100, 15 lines modified
100 ········<cpe-dict:title·xml:lang="en-us">Ubuntu·release·18.04·(Bionic·Beaver)</cpe-dict:title>100 ········<cpe-dict:title·xml:lang="en-us">Ubuntu·release·18.04·(Bionic·Beaver)</cpe-dict:title>
101 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ubuntu1804-cpe-oval.xml">oval:ssg-installed_OS_is_ubuntu1804:def:1</cpe-dict:check>101 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ubuntu1804-cpe-oval.xml">oval:ssg-installed_OS_is_ubuntu1804:def:1</cpe-dict:check>
102 ······</cpe-dict:cpe-item>102 ······</cpe-dict:cpe-item>
103 ····</cpe-dict:cpe-list>103 ····</cpe-dict:cpe-list>
104 ··</ds:component>104 ··</ds:component>
105 ··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1804-xccdf.xml"·timestamp="2022-12-20T09:54:05">105 ··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1804-xccdf.xml"·timestamp="2022-12-20T09:54:05">
106 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UBUNTU-BIONIC"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">106 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UBUNTU-BIONIC"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
107 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>107 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
108 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·18.04</xccdf-1.2:title>108 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·18.04</xccdf-1.2:title>
109 ······<xccdf-1.2:description>109 ······<xccdf-1.2:description>
110 ········This·guide·presents·a·catalog·of·security-relevant110 ········This·guide·presents·a·catalog·of·security-relevant
111 configuration·settings·for·Ubuntu·18.04.·It·is·a·rendering·of111 configuration·settings·for·Ubuntu·18.04.·It·is·a·rendering·of
112 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)112 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
113 in·order·to·support·security·automation.··The·SCAP·content·is113 in·order·to·support·security·automation.··The·SCAP·content·is
114 is·available·in·the114 is·available·in·the
1.42 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu1804-ds.xml
1.31 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu1804-ds.xml
    
Offset 100, 15 lines modifiedOffset 100, 15 lines modified
100 ········<cpe-dict:title·xml:lang="en-us">Ubuntu·release·18.04·(Bionic·Beaver)</cpe-dict:title>100 ········<cpe-dict:title·xml:lang="en-us">Ubuntu·release·18.04·(Bionic·Beaver)</cpe-dict:title>
101 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ubuntu1804-cpe-oval.xml">oval:ssg-installed_OS_is_ubuntu1804:def:1</cpe-dict:check>101 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ubuntu1804-cpe-oval.xml">oval:ssg-installed_OS_is_ubuntu1804:def:1</cpe-dict:check>
102 ······</cpe-dict:cpe-item>102 ······</cpe-dict:cpe-item>
103 ····</cpe-dict:cpe-list>103 ····</cpe-dict:cpe-list>
104 ··</ds:component>104 ··</ds:component>
105 ··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1804-xccdf.xml"·timestamp="2022-12-20T09:54:05">105 ··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu1804-xccdf.xml"·timestamp="2022-12-20T09:54:05">
106 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UBUNTU-BIONIC"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">106 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UBUNTU-BIONIC"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
107 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>107 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
108 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·18.04</xccdf-1.2:title>108 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·18.04</xccdf-1.2:title>
109 ······<xccdf-1.2:description>109 ······<xccdf-1.2:description>
110 ········This·guide·presents·a·catalog·of·security-relevant110 ········This·guide·presents·a·catalog·of·security-relevant
111 configuration·settings·for·Ubuntu·18.04.·It·is·a·rendering·of111 configuration·settings·for·Ubuntu·18.04.·It·is·a·rendering·of
112 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)112 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
113 in·order·to·support·security·automation.··The·SCAP·content·is113 in·order·to·support·security·automation.··The·SCAP·content·is
114 is·available·in·the114 is·available·in·the
1.24 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu1804-xccdf.xml
1.13 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu1804-xccdf.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_UBUNTU-BIONIC"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_UBUNTU-BIONIC"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
3 ··<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>3 ··<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·18.04</xccdf-1.2:title>4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·18.04</xccdf-1.2:title>
5 ··<xccdf-1.2:description>5 ··<xccdf-1.2:description>
6 ····This·guide·presents·a·catalog·of·security-relevant6 ····This·guide·presents·a·catalog·of·security-relevant
7 configuration·settings·for·Ubuntu·18.04.·It·is·a·rendering·of7 configuration·settings·for·Ubuntu·18.04.·It·is·a·rendering·of
8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
9 in·order·to·support·security·automation.··The·SCAP·content·is9 in·order·to·support·security·automation.··The·SCAP·content·is
10 is·available·in·the10 is·available·in·the
1.43 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2004-ds-1.2.xml
1.32 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2004-ds-1.2.xml
    
Offset 100, 15 lines modifiedOffset 100, 15 lines modified
100 ········<cpe-dict:title·xml:lang="en-us">Ubuntu·release·20.04·(Focal·Fossa)</cpe-dict:title>100 ········<cpe-dict:title·xml:lang="en-us">Ubuntu·release·20.04·(Focal·Fossa)</cpe-dict:title>
101 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ubuntu2004-cpe-oval.xml">oval:ssg-installed_OS_is_ubuntu2004:def:1</cpe-dict:check>101 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ubuntu2004-cpe-oval.xml">oval:ssg-installed_OS_is_ubuntu2004:def:1</cpe-dict:check>
102 ······</cpe-dict:cpe-item>102 ······</cpe-dict:cpe-item>
103 ····</cpe-dict:cpe-list>103 ····</cpe-dict:cpe-list>
104 ··</ds:component>104 ··</ds:component>
105 ··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu2004-xccdf.xml"·timestamp="2022-12-20T09:54:05">105 ··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu2004-xccdf.xml"·timestamp="2022-12-20T09:54:05">
106 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UBUNTU_20-04"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">106 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UBUNTU_20-04"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
107 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>107 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
108 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·20.04</xccdf-1.2:title>108 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·20.04</xccdf-1.2:title>
109 ······<xccdf-1.2:description>109 ······<xccdf-1.2:description>
110 ········This·guide·presents·a·catalog·of·security-relevant110 ········This·guide·presents·a·catalog·of·security-relevant
111 configuration·settings·for·Ubuntu·20.04.·It·is·a·rendering·of111 configuration·settings·for·Ubuntu·20.04.·It·is·a·rendering·of
112 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)112 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
113 in·order·to·support·security·automation.··The·SCAP·content·is113 in·order·to·support·security·automation.··The·SCAP·content·is
114 is·available·in·the114 is·available·in·the
1.42 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2004-ds.xml
1.31 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2004-ds.xml
    
Offset 100, 15 lines modifiedOffset 100, 15 lines modified
100 ········<cpe-dict:title·xml:lang="en-us">Ubuntu·release·20.04·(Focal·Fossa)</cpe-dict:title>100 ········<cpe-dict:title·xml:lang="en-us">Ubuntu·release·20.04·(Focal·Fossa)</cpe-dict:title>
101 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ubuntu2004-cpe-oval.xml">oval:ssg-installed_OS_is_ubuntu2004:def:1</cpe-dict:check>101 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ubuntu2004-cpe-oval.xml">oval:ssg-installed_OS_is_ubuntu2004:def:1</cpe-dict:check>
102 ······</cpe-dict:cpe-item>102 ······</cpe-dict:cpe-item>
103 ····</cpe-dict:cpe-list>103 ····</cpe-dict:cpe-list>
104 ··</ds:component>104 ··</ds:component>
105 ··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu2004-xccdf.xml"·timestamp="2022-12-20T09:54:05">105 ··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu2004-xccdf.xml"·timestamp="2022-12-20T09:54:05">
106 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UBUNTU_20-04"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">106 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UBUNTU_20-04"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
107 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>107 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
108 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·20.04</xccdf-1.2:title>108 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·20.04</xccdf-1.2:title>
109 ······<xccdf-1.2:description>109 ······<xccdf-1.2:description>
110 ········This·guide·presents·a·catalog·of·security-relevant110 ········This·guide·presents·a·catalog·of·security-relevant
111 configuration·settings·for·Ubuntu·20.04.·It·is·a·rendering·of111 configuration·settings·for·Ubuntu·20.04.·It·is·a·rendering·of
112 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)112 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
113 in·order·to·support·security·automation.··The·SCAP·content·is113 in·order·to·support·security·automation.··The·SCAP·content·is
114 is·available·in·the114 is·available·in·the
1.24 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2004-xccdf.xml
1.13 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2004-xccdf.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_UBUNTU_20-04"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_UBUNTU_20-04"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
3 ··<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>3 ··<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·20.04</xccdf-1.2:title>4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·20.04</xccdf-1.2:title>
5 ··<xccdf-1.2:description>5 ··<xccdf-1.2:description>
6 ····This·guide·presents·a·catalog·of·security-relevant6 ····This·guide·presents·a·catalog·of·security-relevant
7 configuration·settings·for·Ubuntu·20.04.·It·is·a·rendering·of7 configuration·settings·for·Ubuntu·20.04.·It·is·a·rendering·of
8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
9 in·order·to·support·security·automation.··The·SCAP·content·is9 in·order·to·support·security·automation.··The·SCAP·content·is
10 is·available·in·the10 is·available·in·the
282 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2204-ds-1.2.xml
281 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2204-ds-1.2.xml
    
Offset 100, 15 lines modifiedOffset 100, 15 lines modified
100 ········<cpe-dict:title·xml:lang="en-us">Ubuntu·release·22.04·(Focal·Fossa)</cpe-dict:title>100 ········<cpe-dict:title·xml:lang="en-us">Ubuntu·release·22.04·(Focal·Fossa)</cpe-dict:title>
101 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ubuntu2204-cpe-oval.xml">oval:ssg-installed_OS_is_ubuntu2204:def:1</cpe-dict:check>101 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ubuntu2204-cpe-oval.xml">oval:ssg-installed_OS_is_ubuntu2204:def:1</cpe-dict:check>
102 ······</cpe-dict:cpe-item>102 ······</cpe-dict:cpe-item>
103 ····</cpe-dict:cpe-list>103 ····</cpe-dict:cpe-list>
104 ··</ds:component>104 ··</ds:component>
105 ··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu2204-xccdf.xml"·timestamp="2022-12-20T09:54:05">105 ··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu2204-xccdf.xml"·timestamp="2022-12-20T09:54:05">
106 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UBUNTU_22-04"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">106 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UBUNTU_22-04"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
107 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>107 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
108 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·22.04</xccdf-1.2:title>108 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·22.04</xccdf-1.2:title>
109 ······<xccdf-1.2:description>109 ······<xccdf-1.2:description>
110 ········This·guide·presents·a·catalog·of·security-relevant110 ········This·guide·presents·a·catalog·of·security-relevant
111 configuration·settings·for·Ubuntu·22.04.·It·is·a·rendering·of111 configuration·settings·for·Ubuntu·22.04.·It·is·a·rendering·of
112 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)112 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
113 in·order·to·support·security·automation.··The·SCAP·content·is113 in·order·to·support·security·automation.··The·SCAP·content·is
114 is·available·in·the114 is·available·in·the
Offset 15798, 16 lines modifiedOffset 15798, 16 lines modified
  
15798 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension15798 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
15799 ··find:15799 ··find:
15800 ····paths:·/etc/audit/rules.d/15800 ····paths:·/etc/audit/rules.d/
15801 ····patterns:·'*.rules'15801 ····patterns:·'*.rules'
15802 ··register:·find_rules_d15802 ··register:·find_rules_d
15803 ··when:15803 ··when:
15804 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
15805 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'15804 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
 15805 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
15806 ··tags:15806 ··tags:
15807 ··-·CJIS-5.4.1.115807 ··-·CJIS-5.4.1.1
15808 ··-·NIST-800-171-3.3.115808 ··-·NIST-800-171-3.3.1
15809 ··-·NIST-800-171-3.4.315809 ··-·NIST-800-171-3.4.3
15810 ··-·NIST-800-53-AC-6(9)15810 ··-·NIST-800-53-AC-6(9)
15811 ··-·NIST-800-53-CM-6(a)15811 ··-·NIST-800-53-CM-6(a)
15812 ··-·PCI-DSS-Req-10.5.215812 ··-·PCI-DSS-Req-10.5.2
Offset 15822, 16 lines modifiedOffset 15822, 16 lines modified
15822 ··lineinfile:15822 ··lineinfile:
15823 ····path:·'{{·item·}}'15823 ····path:·'{{·item·}}'
15824 ····regexp:·^\s*(?:-e)\s+.*$15824 ····regexp:·^\s*(?:-e)\s+.*$
15825 ····state:·absent15825 ····state:·absent
15826 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']15826 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
15827 ····}}'15827 ····}}'
15828 ··when:15828 ··when:
15829 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
15830 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'15829 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
 15830 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
15831 ··tags:15831 ··tags:
15832 ··-·CJIS-5.4.1.115832 ··-·CJIS-5.4.1.1
15833 ··-·NIST-800-171-3.3.115833 ··-·NIST-800-171-3.3.1
15834 ··-·NIST-800-171-3.4.315834 ··-·NIST-800-171-3.4.3
15835 ··-·NIST-800-53-AC-6(9)15835 ··-·NIST-800-53-AC-6(9)
15836 ··-·NIST-800-53-CM-6(a)15836 ··-·NIST-800-53-CM-6(a)
15837 ··-·PCI-DSS-Req-10.5.215837 ··-·PCI-DSS-Req-10.5.2
Offset 15848, 16 lines modifiedOffset 15848, 16 lines modified
15848 ····create:·true15848 ····create:·true
15849 ····line:·-e·215849 ····line:·-e·2
15850 ····mode:·o-rwx15850 ····mode:·o-rwx
15851 ··loop:15851 ··loop:
15852 ··-·/etc/audit/audit.rules15852 ··-·/etc/audit/audit.rules
15853 ··-·/etc/audit/rules.d/immutable.rules15853 ··-·/etc/audit/rules.d/immutable.rules
15854 ··when:15854 ··when:
15855 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
15856 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'15855 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
 15856 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
15857 ··tags:15857 ··tags:
15858 ··-·CJIS-5.4.1.115858 ··-·CJIS-5.4.1.1
15859 ··-·NIST-800-171-3.3.115859 ··-·NIST-800-171-3.3.1
15860 ··-·NIST-800-171-3.4.315860 ··-·NIST-800-171-3.4.3
15861 ··-·NIST-800-53-AC-6(9)15861 ··-·NIST-800-53-AC-6(9)
15862 ··-·NIST-800-53-CM-6(a)15862 ··-·NIST-800-53-CM-6(a)
15863 ··-·PCI-DSS-Req-10.5.215863 ··-·PCI-DSS-Req-10.5.2
Offset 16201, 16 lines modifiedOffset 16201, 16 lines modified
16201 ··-·reboot_required16201 ··-·reboot_required
16202 ··-·restrict_strategy16202 ··-·restrict_strategy
  
16203 -·name:·Set·architecture·for·audit·mount·tasks16203 -·name:·Set·architecture·for·audit·mount·tasks
16204 ··set_fact:16204 ··set_fact:
16205 ····audit_arch:·b6416205 ····audit_arch:·b64
16206 ··when:16206 ··when:
16207 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
16208 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'16207 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
 16208 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
16209 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture16209 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
16210 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;16210 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
16211 ··tags:16211 ··tags:
16212 ··-·CJIS-5.4.1.116212 ··-·CJIS-5.4.1.1
16213 ··-·NIST-800-171-3.1.716213 ··-·NIST-800-171-3.1.7
16214 ··-·NIST-800-53-AC-6(9)16214 ··-·NIST-800-53-AC-6(9)
16215 ··-·NIST-800-53-AU-12(c)16215 ··-·NIST-800-53-AU-12(c)
Offset 16341, 16 lines modifiedOffset 16341, 16 lines modified
16341 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=100016341 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=1000
16342 ········-F·auid!=unset·-F·key=perm_mod16342 ········-F·auid!=unset·-F·key=perm_mod
16343 ······create:·true16343 ······create:·true
16344 ······mode:·o-rwx16344 ······mode:·o-rwx
16345 ······state:·present16345 ······state:·present
16346 ····when:·syscalls_found·|·length·==·016346 ····when:·syscalls_found·|·length·==·0
16347 ··when:16347 ··when:
16348 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
16349 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'16348 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
 16349 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
16350 ··tags:16350 ··tags:
16351 ··-·CJIS-5.4.1.116351 ··-·CJIS-5.4.1.1
16352 ··-·NIST-800-171-3.1.716352 ··-·NIST-800-171-3.1.7
16353 ··-·NIST-800-53-AC-6(9)16353 ··-·NIST-800-53-AC-6(9)
16354 ··-·NIST-800-53-AU-12(c)16354 ··-·NIST-800-53-AU-12(c)
16355 ··-·NIST-800-53-AU-2(d)16355 ··-·NIST-800-53-AU-2(d)
16356 ··-·NIST-800-53-CM-6(a)16356 ··-·NIST-800-53-CM-6(a)
Offset 16479, 16 lines modifiedOffset 16479, 16 lines modified
16479 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=100016479 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=1000
16480 ········-F·auid!=unset·-F·key=perm_mod16480 ········-F·auid!=unset·-F·key=perm_mod
16481 ······create:·true16481 ······create:·true
16482 ······mode:·o-rwx16482 ······mode:·o-rwx
16483 ······state:·present16483 ······state:·present
16484 ····when:·syscalls_found·|·length·==·016484 ····when:·syscalls_found·|·length·==·0
16485 ··when:16485 ··when:
16486 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
16487 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'16486 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
 16487 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
16488 ··-·audit_arch·==·&quot;b64&quot;16488 ··-·audit_arch·==·&quot;b64&quot;
16489 ··tags:16489 ··tags:
16490 ··-·CJIS-5.4.1.116490 ··-·CJIS-5.4.1.1
16491 ··-·NIST-800-171-3.1.716491 ··-·NIST-800-171-3.1.7
16492 ··-·NIST-800-53-AC-6(9)16492 ··-·NIST-800-53-AC-6(9)
16493 ··-·NIST-800-53-AU-12(c)16493 ··-·NIST-800-53-AU-12(c)
16494 ··-·NIST-800-53-AU-2(d)16494 ··-·NIST-800-53-AU-2(d)
Offset 16497, 15 lines modifiedOffset 16497, 15 lines modified
16497 ··-·audit_rules_media_export16497 ··-·audit_rules_media_export
16498 ··-·low_complexity16498 ··-·low_complexity
16499 ··-·low_disruption16499 ··-·low_disruption
Max diff block lines reached; 282396/288134 bytes (98.01%) of diff not shown.
282 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2204-ds.xml
281 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2204-ds.xml
    
Offset 100, 15 lines modifiedOffset 100, 15 lines modified
100 ········<cpe-dict:title·xml:lang="en-us">Ubuntu·release·22.04·(Focal·Fossa)</cpe-dict:title>100 ········<cpe-dict:title·xml:lang="en-us">Ubuntu·release·22.04·(Focal·Fossa)</cpe-dict:title>
101 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ubuntu2204-cpe-oval.xml">oval:ssg-installed_OS_is_ubuntu2204:def:1</cpe-dict:check>101 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ubuntu2204-cpe-oval.xml">oval:ssg-installed_OS_is_ubuntu2204:def:1</cpe-dict:check>
102 ······</cpe-dict:cpe-item>102 ······</cpe-dict:cpe-item>
103 ····</cpe-dict:cpe-list>103 ····</cpe-dict:cpe-list>
104 ··</ds:component>104 ··</ds:component>
105 ··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu2204-xccdf.xml"·timestamp="2022-12-20T09:54:05">105 ··<ds:component·id="scap_org.open-scap_comp_ssg-ubuntu2204-xccdf.xml"·timestamp="2022-12-20T09:54:05">
106 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UBUNTU_22-04"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">106 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UBUNTU_22-04"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
107 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>107 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
108 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·22.04</xccdf-1.2:title>108 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·22.04</xccdf-1.2:title>
109 ······<xccdf-1.2:description>109 ······<xccdf-1.2:description>
110 ········This·guide·presents·a·catalog·of·security-relevant110 ········This·guide·presents·a·catalog·of·security-relevant
111 configuration·settings·for·Ubuntu·22.04.·It·is·a·rendering·of111 configuration·settings·for·Ubuntu·22.04.·It·is·a·rendering·of
112 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)112 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
113 in·order·to·support·security·automation.··The·SCAP·content·is113 in·order·to·support·security·automation.··The·SCAP·content·is
114 is·available·in·the114 is·available·in·the
Offset 15798, 16 lines modifiedOffset 15798, 16 lines modified
  
15798 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension15798 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
15799 ··find:15799 ··find:
15800 ····paths:·/etc/audit/rules.d/15800 ····paths:·/etc/audit/rules.d/
15801 ····patterns:·'*.rules'15801 ····patterns:·'*.rules'
15802 ··register:·find_rules_d15802 ··register:·find_rules_d
15803 ··when:15803 ··when:
15804 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
15805 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'15804 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
 15805 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
15806 ··tags:15806 ··tags:
15807 ··-·CJIS-5.4.1.115807 ··-·CJIS-5.4.1.1
15808 ··-·NIST-800-171-3.3.115808 ··-·NIST-800-171-3.3.1
15809 ··-·NIST-800-171-3.4.315809 ··-·NIST-800-171-3.4.3
15810 ··-·NIST-800-53-AC-6(9)15810 ··-·NIST-800-53-AC-6(9)
15811 ··-·NIST-800-53-CM-6(a)15811 ··-·NIST-800-53-CM-6(a)
15812 ··-·PCI-DSS-Req-10.5.215812 ··-·PCI-DSS-Req-10.5.2
Offset 15822, 16 lines modifiedOffset 15822, 16 lines modified
15822 ··lineinfile:15822 ··lineinfile:
15823 ····path:·'{{·item·}}'15823 ····path:·'{{·item·}}'
15824 ····regexp:·^\s*(?:-e)\s+.*$15824 ····regexp:·^\s*(?:-e)\s+.*$
15825 ····state:·absent15825 ····state:·absent
15826 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']15826 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
15827 ····}}'15827 ····}}'
15828 ··when:15828 ··when:
15829 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
15830 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'15829 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
 15830 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
15831 ··tags:15831 ··tags:
15832 ··-·CJIS-5.4.1.115832 ··-·CJIS-5.4.1.1
15833 ··-·NIST-800-171-3.3.115833 ··-·NIST-800-171-3.3.1
15834 ··-·NIST-800-171-3.4.315834 ··-·NIST-800-171-3.4.3
15835 ··-·NIST-800-53-AC-6(9)15835 ··-·NIST-800-53-AC-6(9)
15836 ··-·NIST-800-53-CM-6(a)15836 ··-·NIST-800-53-CM-6(a)
15837 ··-·PCI-DSS-Req-10.5.215837 ··-·PCI-DSS-Req-10.5.2
Offset 15848, 16 lines modifiedOffset 15848, 16 lines modified
15848 ····create:·true15848 ····create:·true
15849 ····line:·-e·215849 ····line:·-e·2
15850 ····mode:·o-rwx15850 ····mode:·o-rwx
15851 ··loop:15851 ··loop:
15852 ··-·/etc/audit/audit.rules15852 ··-·/etc/audit/audit.rules
15853 ··-·/etc/audit/rules.d/immutable.rules15853 ··-·/etc/audit/rules.d/immutable.rules
15854 ··when:15854 ··when:
15855 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
15856 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'15855 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
 15856 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
15857 ··tags:15857 ··tags:
15858 ··-·CJIS-5.4.1.115858 ··-·CJIS-5.4.1.1
15859 ··-·NIST-800-171-3.3.115859 ··-·NIST-800-171-3.3.1
15860 ··-·NIST-800-171-3.4.315860 ··-·NIST-800-171-3.4.3
15861 ··-·NIST-800-53-AC-6(9)15861 ··-·NIST-800-53-AC-6(9)
15862 ··-·NIST-800-53-CM-6(a)15862 ··-·NIST-800-53-CM-6(a)
15863 ··-·PCI-DSS-Req-10.5.215863 ··-·PCI-DSS-Req-10.5.2
Offset 16201, 16 lines modifiedOffset 16201, 16 lines modified
16201 ··-·reboot_required16201 ··-·reboot_required
16202 ··-·restrict_strategy16202 ··-·restrict_strategy
  
16203 -·name:·Set·architecture·for·audit·mount·tasks16203 -·name:·Set·architecture·for·audit·mount·tasks
16204 ··set_fact:16204 ··set_fact:
16205 ····audit_arch:·b6416205 ····audit_arch:·b64
16206 ··when:16206 ··when:
16207 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
16208 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'16207 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
 16208 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
16209 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture16209 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
16210 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;16210 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
16211 ··tags:16211 ··tags:
16212 ··-·CJIS-5.4.1.116212 ··-·CJIS-5.4.1.1
16213 ··-·NIST-800-171-3.1.716213 ··-·NIST-800-171-3.1.7
16214 ··-·NIST-800-53-AC-6(9)16214 ··-·NIST-800-53-AC-6(9)
16215 ··-·NIST-800-53-AU-12(c)16215 ··-·NIST-800-53-AU-12(c)
Offset 16341, 16 lines modifiedOffset 16341, 16 lines modified
16341 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=100016341 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=1000
16342 ········-F·auid!=unset·-F·key=perm_mod16342 ········-F·auid!=unset·-F·key=perm_mod
16343 ······create:·true16343 ······create:·true
16344 ······mode:·o-rwx16344 ······mode:·o-rwx
16345 ······state:·present16345 ······state:·present
16346 ····when:·syscalls_found·|·length·==·016346 ····when:·syscalls_found·|·length·==·0
16347 ··when:16347 ··when:
16348 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
16349 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'16348 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
 16349 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
16350 ··tags:16350 ··tags:
16351 ··-·CJIS-5.4.1.116351 ··-·CJIS-5.4.1.1
16352 ··-·NIST-800-171-3.1.716352 ··-·NIST-800-171-3.1.7
16353 ··-·NIST-800-53-AC-6(9)16353 ··-·NIST-800-53-AC-6(9)
16354 ··-·NIST-800-53-AU-12(c)16354 ··-·NIST-800-53-AU-12(c)
16355 ··-·NIST-800-53-AU-2(d)16355 ··-·NIST-800-53-AU-2(d)
16356 ··-·NIST-800-53-CM-6(a)16356 ··-·NIST-800-53-CM-6(a)
Offset 16479, 16 lines modifiedOffset 16479, 16 lines modified
16479 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=100016479 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=1000
16480 ········-F·auid!=unset·-F·key=perm_mod16480 ········-F·auid!=unset·-F·key=perm_mod
16481 ······create:·true16481 ······create:·true
16482 ······mode:·o-rwx16482 ······mode:·o-rwx
16483 ······state:·present16483 ······state:·present
16484 ····when:·syscalls_found·|·length·==·016484 ····when:·syscalls_found·|·length·==·0
16485 ··when:16485 ··when:
16486 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
16487 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'16486 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
 16487 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
16488 ··-·audit_arch·==·&quot;b64&quot;16488 ··-·audit_arch·==·&quot;b64&quot;
16489 ··tags:16489 ··tags:
16490 ··-·CJIS-5.4.1.116490 ··-·CJIS-5.4.1.1
16491 ··-·NIST-800-171-3.1.716491 ··-·NIST-800-171-3.1.7
16492 ··-·NIST-800-53-AC-6(9)16492 ··-·NIST-800-53-AC-6(9)
16493 ··-·NIST-800-53-AU-12(c)16493 ··-·NIST-800-53-AU-12(c)
16494 ··-·NIST-800-53-AU-2(d)16494 ··-·NIST-800-53-AU-2(d)
Offset 16497, 15 lines modifiedOffset 16497, 15 lines modified
16497 ··-·audit_rules_media_export16497 ··-·audit_rules_media_export
16498 ··-·low_complexity16498 ··-·low_complexity
16499 ··-·low_disruption16499 ··-·low_disruption
Max diff block lines reached; 282396/288134 bytes (98.01%) of diff not shown.
281 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2204-xccdf.xml
281 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2204-xccdf.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_UBUNTU_22-04"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_UBUNTU_22-04"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
3 ··<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>3 ··<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·22.04</xccdf-1.2:title>4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Ubuntu·22.04</xccdf-1.2:title>
5 ··<xccdf-1.2:description>5 ··<xccdf-1.2:description>
6 ····This·guide·presents·a·catalog·of·security-relevant6 ····This·guide·presents·a·catalog·of·security-relevant
7 configuration·settings·for·Ubuntu·22.04.·It·is·a·rendering·of7 configuration·settings·for·Ubuntu·22.04.·It·is·a·rendering·of
8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
9 in·order·to·support·security·automation.··The·SCAP·content·is9 in·order·to·support·security·automation.··The·SCAP·content·is
10 is·available·in·the10 is·available·in·the
Offset 15694, 16 lines modifiedOffset 15694, 16 lines modified
  
15694 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension15694 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
15695 ··find:15695 ··find:
15696 ····paths:·/etc/audit/rules.d/15696 ····paths:·/etc/audit/rules.d/
15697 ····patterns:·'*.rules'15697 ····patterns:·'*.rules'
15698 ··register:·find_rules_d15698 ··register:·find_rules_d
15699 ··when:15699 ··when:
15700 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
15701 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'15700 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
 15701 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
15702 ··tags:15702 ··tags:
15703 ··-·CJIS-5.4.1.115703 ··-·CJIS-5.4.1.1
15704 ··-·NIST-800-171-3.3.115704 ··-·NIST-800-171-3.3.1
15705 ··-·NIST-800-171-3.4.315705 ··-·NIST-800-171-3.4.3
15706 ··-·NIST-800-53-AC-6(9)15706 ··-·NIST-800-53-AC-6(9)
15707 ··-·NIST-800-53-CM-6(a)15707 ··-·NIST-800-53-CM-6(a)
15708 ··-·PCI-DSS-Req-10.5.215708 ··-·PCI-DSS-Req-10.5.2
Offset 15718, 16 lines modifiedOffset 15718, 16 lines modified
15718 ··lineinfile:15718 ··lineinfile:
15719 ····path:·'{{·item·}}'15719 ····path:·'{{·item·}}'
15720 ····regexp:·^\s*(?:-e)\s+.*$15720 ····regexp:·^\s*(?:-e)\s+.*$
15721 ····state:·absent15721 ····state:·absent
15722 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']15722 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
15723 ····}}'15723 ····}}'
15724 ··when:15724 ··when:
15725 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
15726 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'15725 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
 15726 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
15727 ··tags:15727 ··tags:
15728 ··-·CJIS-5.4.1.115728 ··-·CJIS-5.4.1.1
15729 ··-·NIST-800-171-3.3.115729 ··-·NIST-800-171-3.3.1
15730 ··-·NIST-800-171-3.4.315730 ··-·NIST-800-171-3.4.3
15731 ··-·NIST-800-53-AC-6(9)15731 ··-·NIST-800-53-AC-6(9)
15732 ··-·NIST-800-53-CM-6(a)15732 ··-·NIST-800-53-CM-6(a)
15733 ··-·PCI-DSS-Req-10.5.215733 ··-·PCI-DSS-Req-10.5.2
Offset 15744, 16 lines modifiedOffset 15744, 16 lines modified
15744 ····create:·true15744 ····create:·true
15745 ····line:·-e·215745 ····line:·-e·2
15746 ····mode:·o-rwx15746 ····mode:·o-rwx
15747 ··loop:15747 ··loop:
15748 ··-·/etc/audit/audit.rules15748 ··-·/etc/audit/audit.rules
15749 ··-·/etc/audit/rules.d/immutable.rules15749 ··-·/etc/audit/rules.d/immutable.rules
15750 ··when:15750 ··when:
15751 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
15752 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'15751 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
 15752 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
15753 ··tags:15753 ··tags:
15754 ··-·CJIS-5.4.1.115754 ··-·CJIS-5.4.1.1
15755 ··-·NIST-800-171-3.3.115755 ··-·NIST-800-171-3.3.1
15756 ··-·NIST-800-171-3.4.315756 ··-·NIST-800-171-3.4.3
15757 ··-·NIST-800-53-AC-6(9)15757 ··-·NIST-800-53-AC-6(9)
15758 ··-·NIST-800-53-CM-6(a)15758 ··-·NIST-800-53-CM-6(a)
15759 ··-·PCI-DSS-Req-10.5.215759 ··-·PCI-DSS-Req-10.5.2
Offset 16097, 16 lines modifiedOffset 16097, 16 lines modified
16097 ··-·reboot_required16097 ··-·reboot_required
16098 ··-·restrict_strategy16098 ··-·restrict_strategy
  
16099 -·name:·Set·architecture·for·audit·mount·tasks16099 -·name:·Set·architecture·for·audit·mount·tasks
16100 ··set_fact:16100 ··set_fact:
16101 ····audit_arch:·b6416101 ····audit_arch:·b64
16102 ··when:16102 ··when:
16103 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
16104 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'16103 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
 16104 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
16105 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture16105 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
16106 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;16106 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
16107 ··tags:16107 ··tags:
16108 ··-·CJIS-5.4.1.116108 ··-·CJIS-5.4.1.1
16109 ··-·NIST-800-171-3.1.716109 ··-·NIST-800-171-3.1.7
16110 ··-·NIST-800-53-AC-6(9)16110 ··-·NIST-800-53-AC-6(9)
16111 ··-·NIST-800-53-AU-12(c)16111 ··-·NIST-800-53-AU-12(c)
Offset 16237, 16 lines modifiedOffset 16237, 16 lines modified
16237 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=100016237 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=1000
16238 ········-F·auid!=unset·-F·key=perm_mod16238 ········-F·auid!=unset·-F·key=perm_mod
16239 ······create:·true16239 ······create:·true
16240 ······mode:·o-rwx16240 ······mode:·o-rwx
16241 ······state:·present16241 ······state:·present
16242 ····when:·syscalls_found·|·length·==·016242 ····when:·syscalls_found·|·length·==·0
16243 ··when:16243 ··when:
16244 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
16245 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'16244 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
 16245 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
16246 ··tags:16246 ··tags:
16247 ··-·CJIS-5.4.1.116247 ··-·CJIS-5.4.1.1
16248 ··-·NIST-800-171-3.1.716248 ··-·NIST-800-171-3.1.7
16249 ··-·NIST-800-53-AC-6(9)16249 ··-·NIST-800-53-AC-6(9)
16250 ··-·NIST-800-53-AU-12(c)16250 ··-·NIST-800-53-AU-12(c)
16251 ··-·NIST-800-53-AU-2(d)16251 ··-·NIST-800-53-AU-2(d)
16252 ··-·NIST-800-53-CM-6(a)16252 ··-·NIST-800-53-CM-6(a)
Offset 16375, 16 lines modifiedOffset 16375, 16 lines modified
16375 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=100016375 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=1000
16376 ········-F·auid!=unset·-F·key=perm_mod16376 ········-F·auid!=unset·-F·key=perm_mod
16377 ······create:·true16377 ······create:·true
16378 ······mode:·o-rwx16378 ······mode:·o-rwx
16379 ······state:·present16379 ······state:·present
16380 ····when:·syscalls_found·|·length·==·016380 ····when:·syscalls_found·|·length·==·0
16381 ··when:16381 ··when:
16382 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
16383 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'16382 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
 16383 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
16384 ··-·audit_arch·==·&quot;b64&quot;16384 ··-·audit_arch·==·&quot;b64&quot;
16385 ··tags:16385 ··tags:
16386 ··-·CJIS-5.4.1.116386 ··-·CJIS-5.4.1.1
16387 ··-·NIST-800-171-3.1.716387 ··-·NIST-800-171-3.1.7
16388 ··-·NIST-800-53-AC-6(9)16388 ··-·NIST-800-53-AC-6(9)
16389 ··-·NIST-800-53-AU-12(c)16389 ··-·NIST-800-53-AU-12(c)
16390 ··-·NIST-800-53-AU-2(d)16390 ··-·NIST-800-53-AU-2(d)
Offset 16393, 15 lines modifiedOffset 16393, 15 lines modified
16393 ··-·audit_rules_media_export16393 ··-·audit_rules_media_export
16394 ··-·low_complexity16394 ··-·low_complexity
16395 ··-·low_disruption16395 ··-·low_disruption
16396 ··-·medium_severity16396 ··-·medium_severity
16397 ··-·reboot_required16397 ··-·reboot_required
16398 ··-·restrict_strategy</xccdf-1.2:fix>16398 ··-·restrict_strategy</xccdf-1.2:fix>
16399 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_media_export">#·Remediation·is·applicable·only·in·certain·platforms16399 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_media_export">#·Remediation·is·applicable·only·in·certain·platforms
16400 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'auditd'·2&gt;/dev/null·|·grep·-q·installed;·then16400 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'auditd'·2&gt;/dev/null·|·grep·-q·installed·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then
Max diff block lines reached; 281023/287134 bytes (97.87%) of diff not shown.
27.4 KB
ssg-debian_0.1.65-1_all.deb
452 B
file list
    
Offset 1, 3 lines modifiedOffset 1, 3 lines modified
1 -rw-r--r--···0········0········0········4·2022-12-20·09:54:05.000000·debian-binary1 -rw-r--r--···0········0········0········4·2022-12-20·09:54:05.000000·debian-binary
2 -rw-r--r--···0········0········0·····1820·2022-12-20·09:54:05.000000·control.tar.xz2 -rw-r--r--···0········0········0·····1824·2022-12-20·09:54:05.000000·control.tar.xz
3 -rw-r--r--···0········0········0···826668·2022-12-20·09:54:05.000000·data.tar.xz3 -rw-r--r--···0········0········0···826676·2022-12-20·09:54:05.000000·data.tar.xz
98.0 B
control.tar.xz
70.0 B
control.tar
48.0 B
./md5sums
30.0 B
./md5sums
Files differ
26.8 KB
data.tar.xz
26.8 KB
data.tar
1.86 KB
./usr/share/doc/ssg-debian/ssg-debian10-guide-anssi_np_nt28_average.html
    
Offset 14284, 15 lines modifiedOffset 14284, 15 lines modified
00037cb0:·3c2f·6832·3e3c·703e·4375·7272·656e·7420··</h2><p>Current·00037cb0:·3c2f·6832·3e3c·703e·4375·7272·656e·7420··</h2><p>Current·
00037cc0:·7665·7273·696f·6e3a·203c·7374·726f·6e67··version:·<strong00037cc0:·7665·7273·696f·6e3a·203c·7374·726f·6e67··version:·<strong
00037cd0:·3e30·2e31·2e36·353c·2f73·7472·6f6e·673e··>0.1.65</strong>00037cd0:·3e30·2e31·2e36·353c·2f73·7472·6f6e·673e··>0.1.65</strong>
00037ce0:·3c2f·703e·3c75·6c3e·3c6c·693e·3c73·7472··</p><ul><li><str00037ce0:·3c2f·703e·3c75·6c3e·3c6c·693e·3c73·7472··</p><ul><li><str
00037cf0:·6f6e·673e·6472·6166·743c·2f73·7472·6f6e··ong>draft</stron00037cf0:·6f6e·673e·6472·6166·743c·2f73·7472·6f6e··ong>draft</stron
00037d00:·673e·0a20·2020·2020·2020·2020·2020·2020··g>.·············00037d00:·673e·0a20·2020·2020·2020·2020·2020·2020··g>.·············
00037d10:·2020·2020·2020·2028·6173·206f·6620·3230·········(as·of·2000037d10:·2020·2020·2020·2028·6173·206f·6620·3230·········(as·of·20
00037d20:·3234·2d30·312d·3134·290a·2020·2020·2020··24-01-14).······00037d20:·3235·2d30·322d·3135·290a·2020·2020·2020··25-02-15).······
00037d30:·2020·2020·2020·2020·2020·3c2f·6c69·3e3c············</li><00037d30:·2020·2020·2020·2020·2020·3c2f·6c69·3e3c············</li><
00037d40:·2f75·6c3e·3c2f·6469·763e·3c68·323e·5461··/ul></div><h2>Ta00037d40:·2f75·6c3e·3c2f·6469·763e·3c68·323e·5461··/ul></div><h2>Ta
00037d50:·626c·6520·6f66·2043·6f6e·7465·6e74·733c··ble·of·Contents<00037d50:·626c·6520·6f66·2043·6f6e·7465·6e74·733c··ble·of·Contents<
00037d60:·2f68·323e·3c6f·6c3e·3c6c·693e·3c61·2068··/h2><ol><li><a·h00037d60:·2f68·323e·3c6f·6c3e·3c6c·693e·3c61·2068··/h2><ol><li><a·h
00037d70:·7265·663d·2223·7863·6364·665f·6f72·672e··ref="#xccdf_org.00037d70:·7265·663d·2223·7863·6364·665f·6f72·672e··ref="#xccdf_org.
00037d80:·7373·6770·726f·6a65·6374·2e63·6f6e·7465··ssgproject.conte00037d80:·7373·6770·726f·6a65·6374·2e63·6f6e·7465··ssgproject.conte
00037d90:·6e74·5f67·726f·7570·5f73·7973·7465·6d22··nt_group_system"00037d90:·6e74·5f67·726f·7570·5f73·7973·7465·6d22··nt_group_system"
629 B
html2text {}
    
Offset 37, 15 lines modifiedOffset 37, 15 lines modified
37 *****·Profile·Information·*****37 *****·Profile·Information·*****
38 Profile·Title·Profile·for·ANSSI·DAT-NT28·Average·(Intermediate)·Level38 Profile·Title·Profile·for·ANSSI·DAT-NT28·Average·(Intermediate)·Level
39 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_np_nt28_average39 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_np_nt28_average
40 ***·CPE·Platforms·***40 ***·CPE·Platforms·***
41 ····*·cpe:/o:debian:debian_linux:1041 ····*·cpe:/o:debian:debian_linux:10
42 *****·Revision·History·*****42 *****·Revision·History·*****
43 Current·version:·0.1.6543 Current·version:·0.1.65
44 ····*·draft·(as·of·2024-01-14)44 ····*·draft·(as·of·2025-02-15)
45 *****·Table·of·Contents·*****45 *****·Table·of·Contents·*****
46 ···1.·System_Settings46 ···1.·System_Settings
47 ·········1.·Installing_and_Maintaining_Software47 ·········1.·Installing_and_Maintaining_Software
48 ·········2.·Configure_Syslog48 ·········2.·Configure_Syslog
49 ·········3.·File_Permissions_and_Masks49 ·········3.·File_Permissions_and_Masks
50 ···2.·Services50 ···2.·Services
51 ·········1.·APT_service_configuration51 ·········1.·APT_service_configuration
1.87 KB
./usr/share/doc/ssg-debian/ssg-debian10-guide-anssi_np_nt28_high.html
    
Offset 14285, 15 lines modifiedOffset 14285, 15 lines modified
00037cc0:·6973·746f·7279·3c2f·6832·3e3c·703e·4375··istory</h2><p>Cu00037cc0:·6973·746f·7279·3c2f·6832·3e3c·703e·4375··istory</h2><p>Cu
00037cd0:·7272·656e·7420·7665·7273·696f·6e3a·203c··rrent·version:·<00037cd0:·7272·656e·7420·7665·7273·696f·6e3a·203c··rrent·version:·<
00037ce0:·7374·726f·6e67·3e30·2e31·2e36·353c·2f73··strong>0.1.65</s00037ce0:·7374·726f·6e67·3e30·2e31·2e36·353c·2f73··strong>0.1.65</s
00037cf0:·7472·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c··trong></p><ul><l00037cf0:·7472·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c··trong></p><ul><l
00037d00:·693e·3c73·7472·6f6e·673e·6472·6166·743c··i><strong>draft<00037d00:·693e·3c73·7472·6f6e·673e·6472·6166·743c··i><strong>draft<
00037d10:·2f73·7472·6f6e·673e·0a20·2020·2020·2020··/strong>.·······00037d10:·2f73·7472·6f6e·673e·0a20·2020·2020·2020··/strong>.·······
00037d20:·2020·2020·2020·2020·2020·2020·2028·6173···············(as00037d20:·2020·2020·2020·2020·2020·2020·2028·6173···············(as
00037d30:·206f·6620·3230·3234·2d30·312d·3134·290a···of·2024-01-14).00037d30:·206f·6620·3230·3235·2d30·322d·3135·290a···of·2025-02-15).
00037d40:·2020·2020·2020·2020·2020·2020·2020·2020··················00037d40:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037d50:·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469·763e··</li></ul></div>00037d50:·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469·763e··</li></ul></div>
00037d60:·3c68·323e·5461·626c·6520·6f66·2043·6f6e··<h2>Table·of·Con00037d60:·3c68·323e·5461·626c·6520·6f66·2043·6f6e··<h2>Table·of·Con
00037d70:·7465·6e74·733c·2f68·323e·3c6f·6c3e·3c6c··tents</h2><ol><l00037d70:·7465·6e74·733c·2f68·323e·3c6f·6c3e·3c6c··tents</h2><ol><l
00037d80:·693e·3c61·2068·7265·663d·2223·7863·6364··i><a·href="#xccd00037d80:·693e·3c61·2068·7265·663d·2223·7863·6364··i><a·href="#xccd
00037d90:·665f·6f72·672e·7373·6770·726f·6a65·6374··f_org.ssgproject00037d90:·665f·6f72·672e·7373·6770·726f·6a65·6374··f_org.ssgproject
00037da0:·2e63·6f6e·7465·6e74·5f67·726f·7570·5f73··.content_group_s00037da0:·2e63·6f6e·7465·6e74·5f67·726f·7570·5f73··.content_group_s
651 B
html2text {}
    
Offset 38, 15 lines modifiedOffset 38, 15 lines modified
38 *****·Profile·Information·*****38 *****·Profile·Information·*****
39 Profile·Title·Profile·for·ANSSI·DAT-NT28·High·(Enforced)·Level39 Profile·Title·Profile·for·ANSSI·DAT-NT28·High·(Enforced)·Level
40 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_np_nt28_high40 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_np_nt28_high
41 ***·CPE·Platforms·***41 ***·CPE·Platforms·***
42 ····*·cpe:/o:debian:debian_linux:1042 ····*·cpe:/o:debian:debian_linux:10
43 *****·Revision·History·*****43 *****·Revision·History·*****
44 Current·version:·0.1.6544 Current·version:·0.1.65
45 ····*·draft·(as·of·2024-01-14)45 ····*·draft·(as·of·2025-02-15)
46 *****·Table·of·Contents·*****46 *****·Table·of·Contents·*****
47 ···1.·System_Settings47 ···1.·System_Settings
48 ·········1.·Installing_and_Maintaining_Software48 ·········1.·Installing_and_Maintaining_Software
49 ·········2.·System_Accounting_with_auditd49 ·········2.·System_Accounting_with_auditd
50 ·········3.·GRUB2_bootloader_configuration50 ·········3.·GRUB2_bootloader_configuration
51 ·········4.·Configure_Syslog51 ·········4.·Configure_Syslog
52 ·········5.·File_Permissions_and_Masks52 ·········5.·File_Permissions_and_Masks
1.84 KB
./usr/share/doc/ssg-debian/ssg-debian10-guide-anssi_np_nt28_minimal.html
    
Offset 14278, 15 lines modifiedOffset 14278, 15 lines modified
00037c50:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>00037c50:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>
00037c60:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:00037c60:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:
00037c70:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<00037c70:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<
00037c80:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>00037c80:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>
00037c90:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf00037c90:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf
00037ca0:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····00037ca0:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····
00037cb0:·2020·2020·2020·2020·2020·2020·2020·2028·················(00037cb0:·2020·2020·2020·2020·2020·2020·2020·2028·················(
00037cc0:·6173·206f·6620·3230·3234·2d30·312d·3134··as·of·2024-01-1400037cc0:·6173·206f·6620·3230·3235·2d30·322d·3135··as·of·2025-02-15
00037cd0:·290a·2020·2020·2020·2020·2020·2020·2020··).··············00037cd0:·290a·2020·2020·2020·2020·2020·2020·2020··).··············
00037ce0:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di00037ce0:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di
00037cf0:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C00037cf0:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C
00037d00:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>00037d00:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>
00037d10:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc00037d10:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc
00037d20:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje00037d20:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje
00037d30:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group00037d30:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group
614 B
html2text {}
    
Offset 36, 15 lines modifiedOffset 36, 15 lines modified
36 *****·Profile·Information·*****36 *****·Profile·Information·*****
37 Profile·Title·Profile·for·ANSSI·DAT-NT28·Minimal·Level37 Profile·Title·Profile·for·ANSSI·DAT-NT28·Minimal·Level
38 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_np_nt28_minimal38 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_np_nt28_minimal
39 ***·CPE·Platforms·***39 ***·CPE·Platforms·***
40 ····*·cpe:/o:debian:debian_linux:1040 ····*·cpe:/o:debian:debian_linux:10
41 *****·Revision·History·*****41 *****·Revision·History·*****
42 Current·version:·0.1.6542 Current·version:·0.1.65
43 ····*·draft·(as·of·2024-01-14)43 ····*·draft·(as·of·2025-02-15)
44 *****·Table·of·Contents·*****44 *****·Table·of·Contents·*****
45 ···1.·System_Settings45 ···1.·System_Settings
46 ·········1.·Installing_and_Maintaining_Software46 ·········1.·Installing_and_Maintaining_Software
47 ·········2.·Configure_Syslog47 ·········2.·Configure_Syslog
48 ·········3.·File_Permissions_and_Masks48 ·········3.·File_Permissions_and_Masks
49 ···2.·Services49 ···2.·Services
50 ·········1.·APT_service_configuration50 ·········1.·APT_service_configuration
1.86 KB
./usr/share/doc/ssg-debian/ssg-debian10-guide-anssi_np_nt28_restrictive.html
    
Offset 14282, 15 lines modifiedOffset 14282, 15 lines modified
00037c90:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>00037c90:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>
00037ca0:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:00037ca0:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:
00037cb0:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<00037cb0:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<
00037cc0:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>00037cc0:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>
00037cd0:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf00037cd0:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf
00037ce0:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····00037ce0:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····
00037cf0:·2020·2020·2020·2020·2020·2020·2020·2028·················(00037cf0:·2020·2020·2020·2020·2020·2020·2020·2028·················(
00037d00:·6173·206f·6620·3230·3234·2d30·312d·3134··as·of·2024-01-1400037d00:·6173·206f·6620·3230·3235·2d30·322d·3135··as·of·2025-02-15
00037d10:·290a·2020·2020·2020·2020·2020·2020·2020··).··············00037d10:·290a·2020·2020·2020·2020·2020·2020·2020··).··············
00037d20:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di00037d20:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di
00037d30:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C00037d30:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C
00037d40:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>00037d40:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>
00037d50:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc00037d50:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc
00037d60:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje00037d60:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje
00037d70:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group00037d70:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group
626 B
html2text {}
    
Offset 37, 15 lines modifiedOffset 37, 15 lines modified
37 *****·Profile·Information·*****37 *****·Profile·Information·*****
38 Profile·Title·Profile·for·ANSSI·DAT-NT28·Restrictive·Level38 Profile·Title·Profile·for·ANSSI·DAT-NT28·Restrictive·Level
39 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_np_nt28_restrictive39 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_np_nt28_restrictive
40 ***·CPE·Platforms·***40 ***·CPE·Platforms·***
41 ····*·cpe:/o:debian:debian_linux:1041 ····*·cpe:/o:debian:debian_linux:10
42 *****·Revision·History·*****42 *****·Revision·History·*****
43 Current·version:·0.1.6543 Current·version:·0.1.65
44 ····*·draft·(as·of·2024-01-14)44 ····*·draft·(as·of·2025-02-15)
45 *****·Table·of·Contents·*****45 *****·Table·of·Contents·*****
46 ···1.·System_Settings46 ···1.·System_Settings
47 ·········1.·Installing_and_Maintaining_Software47 ·········1.·Installing_and_Maintaining_Software
48 ·········2.·System_Accounting_with_auditd48 ·········2.·System_Accounting_with_auditd
49 ·········3.·Configure_Syslog49 ·········3.·Configure_Syslog
50 ·········4.·File_Permissions_and_Masks50 ·········4.·File_Permissions_and_Masks
51 ···2.·Services51 ···2.·Services
1.95 KB
./usr/share/doc/ssg-debian/ssg-debian10-guide-standard.html
    
Offset 14284, 16 lines modifiedOffset 14284, 16 lines modified
00037cb0:·696f·6e20·4869·7374·6f72·793c·2f68·323e··ion·History</h2>00037cb0:·696f·6e20·4869·7374·6f72·793c·2f68·323e··ion·History</h2>
00037cc0:·3c70·3e43·7572·7265·6e74·2076·6572·7369··<p>Current·versi00037cc0:·3c70·3e43·7572·7265·6e74·2076·6572·7369··<p>Current·versi
00037cd0:·6f6e·3a20·3c73·7472·6f6e·673e·302e·312e··on:·<strong>0.1.00037cd0:·6f6e·3a20·3c73·7472·6f6e·673e·302e·312e··on:·<strong>0.1.
00037ce0:·3635·3c2f·7374·726f·6e67·3e3c·2f70·3e3c··65</strong></p><00037ce0:·3635·3c2f·7374·726f·6e67·3e3c·2f70·3e3c··65</strong></p><
00037cf0:·756c·3e3c·6c69·3e3c·7374·726f·6e67·3e64··ul><li><strong>d00037cf0:·756c·3e3c·6c69·3e3c·7374·726f·6e67·3e64··ul><li><strong>d
00037d00:·7261·6674·3c2f·7374·726f·6e67·3e0a·2020··raft</strong>.··00037d00:·7261·6674·3c2f·7374·726f·6e67·3e0a·2020··raft</strong>.··
00037d10:·2020·2020·2020·2020·2020·2020·2020·2020··················00037d10:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037d20:·2020·2861·7320·6f66·2032·3032·342d·3031····(as·of·2024-0100037d20:·2020·2861·7320·6f66·2032·3032·352d·3032····(as·of·2025-02
00037d30:·2d31·3429·0a20·2020·2020·2020·2020·2020··-14).···········00037d30:·2d31·3529·0a20·2020·2020·2020·2020·2020··-15).···········
00037d40:·2020·2020·203c·2f6c·693e·3c2f·756c·3e3c·······</li></ul><00037d40:·2020·2020·203c·2f6c·693e·3c2f·756c·3e3c·······</li></ul><
00037d50:·2f64·6976·3e3c·6832·3e54·6162·6c65·206f··/div><h2>Table·o00037d50:·2f64·6976·3e3c·6832·3e54·6162·6c65·206f··/div><h2>Table·o
00037d60:·6620·436f·6e74·656e·7473·3c2f·6832·3e3c··f·Contents</h2><00037d60:·6620·436f·6e74·656e·7473·3c2f·6832·3e3c··f·Contents</h2><
00037d70:·6f6c·3e3c·6c69·3e3c·6120·6872·6566·3d22··ol><li><a·href="00037d70:·6f6c·3e3c·6c69·3e3c·6120·6872·6566·3d22··ol><li><a·href="
00037d80:·2378·6363·6466·5f6f·7267·2e73·7367·7072··#xccdf_org.ssgpr00037d80:·2378·6363·6466·5f6f·7267·2e73·7367·7072··#xccdf_org.ssgpr
00037d90:·6f6a·6563·742e·636f·6e74·656e·745f·6772··oject.content_gr00037d90:·6f6a·6563·742e·636f·6e74·656e·745f·6772··oject.content_gr
00037da0:·6f75·705f·7379·7374·656d·223e·5379·7374··oup_system">Syst00037da0:·6f75·705f·7379·7374·656d·223e·5379·7374··oup_system">Syst
611 B
html2text {}
    
Offset 38, 15 lines modifiedOffset 38, 15 lines modified
38 *****·Profile·Information·*****38 *****·Profile·Information·*****
39 Profile·Title·Standard·System·Security·Profile·for·Debian·1039 Profile·Title·Standard·System·Security·Profile·for·Debian·10
40 Profile·ID····xccdf_org.ssgproject.content_profile_standard40 Profile·ID····xccdf_org.ssgproject.content_profile_standard
41 ***·CPE·Platforms·***41 ***·CPE·Platforms·***
42 ····*·cpe:/o:debian:debian_linux:1042 ····*·cpe:/o:debian:debian_linux:10
43 *****·Revision·History·*****43 *****·Revision·History·*****
44 Current·version:·0.1.6544 Current·version:·0.1.65
45 ····*·draft·(as·of·2024-01-14)45 ····*·draft·(as·of·2025-02-15)
46 *****·Table·of·Contents·*****46 *****·Table·of·Contents·*****
47 ···1.·System_Settings47 ···1.·System_Settings
48 ·········1.·Installing_and_Maintaining_Software48 ·········1.·Installing_and_Maintaining_Software
49 ·········2.·System_Accounting_with_auditd49 ·········2.·System_Accounting_with_auditd
50 ·········3.·Configure_Syslog50 ·········3.·Configure_Syslog
51 ·········4.·File_Permissions_and_Masks51 ·········4.·File_Permissions_and_Masks
52 ···2.·Services52 ···2.·Services
1.86 KB
./usr/share/doc/ssg-debian/ssg-debian11-guide-anssi_np_nt28_average.html
    
Offset 14284, 15 lines modifiedOffset 14284, 15 lines modified
00037cb0:·3c2f·6832·3e3c·703e·4375·7272·656e·7420··</h2><p>Current·00037cb0:·3c2f·6832·3e3c·703e·4375·7272·656e·7420··</h2><p>Current·
00037cc0:·7665·7273·696f·6e3a·203c·7374·726f·6e67··version:·<strong00037cc0:·7665·7273·696f·6e3a·203c·7374·726f·6e67··version:·<strong
00037cd0:·3e30·2e31·2e36·353c·2f73·7472·6f6e·673e··>0.1.65</strong>00037cd0:·3e30·2e31·2e36·353c·2f73·7472·6f6e·673e··>0.1.65</strong>
00037ce0:·3c2f·703e·3c75·6c3e·3c6c·693e·3c73·7472··</p><ul><li><str00037ce0:·3c2f·703e·3c75·6c3e·3c6c·693e·3c73·7472··</p><ul><li><str
00037cf0:·6f6e·673e·6472·6166·743c·2f73·7472·6f6e··ong>draft</stron00037cf0:·6f6e·673e·6472·6166·743c·2f73·7472·6f6e··ong>draft</stron
00037d00:·673e·0a20·2020·2020·2020·2020·2020·2020··g>.·············00037d00:·673e·0a20·2020·2020·2020·2020·2020·2020··g>.·············
00037d10:·2020·2020·2020·2028·6173·206f·6620·3230·········(as·of·2000037d10:·2020·2020·2020·2028·6173·206f·6620·3230·········(as·of·20
00037d20:·3234·2d30·312d·3134·290a·2020·2020·2020··24-01-14).······00037d20:·3235·2d30·322d·3135·290a·2020·2020·2020··25-02-15).······
00037d30:·2020·2020·2020·2020·2020·3c2f·6c69·3e3c············</li><00037d30:·2020·2020·2020·2020·2020·3c2f·6c69·3e3c············</li><
00037d40:·2f75·6c3e·3c2f·6469·763e·3c68·323e·5461··/ul></div><h2>Ta00037d40:·2f75·6c3e·3c2f·6469·763e·3c68·323e·5461··/ul></div><h2>Ta
00037d50:·626c·6520·6f66·2043·6f6e·7465·6e74·733c··ble·of·Contents<00037d50:·626c·6520·6f66·2043·6f6e·7465·6e74·733c··ble·of·Contents<
00037d60:·2f68·323e·3c6f·6c3e·3c6c·693e·3c61·2068··/h2><ol><li><a·h00037d60:·2f68·323e·3c6f·6c3e·3c6c·693e·3c61·2068··/h2><ol><li><a·h
00037d70:·7265·663d·2223·7863·6364·665f·6f72·672e··ref="#xccdf_org.00037d70:·7265·663d·2223·7863·6364·665f·6f72·672e··ref="#xccdf_org.
00037d80:·7373·6770·726f·6a65·6374·2e63·6f6e·7465··ssgproject.conte00037d80:·7373·6770·726f·6a65·6374·2e63·6f6e·7465··ssgproject.conte
00037d90:·6e74·5f67·726f·7570·5f73·7973·7465·6d22··nt_group_system"00037d90:·6e74·5f67·726f·7570·5f73·7973·7465·6d22··nt_group_system"
629 B
html2text {}
    
Offset 37, 15 lines modifiedOffset 37, 15 lines modified
37 *****·Profile·Information·*****37 *****·Profile·Information·*****
38 Profile·Title·Profile·for·ANSSI·DAT-NT28·Average·(Intermediate)·Level38 Profile·Title·Profile·for·ANSSI·DAT-NT28·Average·(Intermediate)·Level
39 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_np_nt28_average39 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_np_nt28_average
40 ***·CPE·Platforms·***40 ***·CPE·Platforms·***
41 ····*·cpe:/o:debian:debian_linux:1141 ····*·cpe:/o:debian:debian_linux:11
42 *****·Revision·History·*****42 *****·Revision·History·*****
43 Current·version:·0.1.6543 Current·version:·0.1.65
44 ····*·draft·(as·of·2024-01-14)44 ····*·draft·(as·of·2025-02-15)
45 *****·Table·of·Contents·*****45 *****·Table·of·Contents·*****
46 ···1.·System_Settings46 ···1.·System_Settings
47 ·········1.·Installing_and_Maintaining_Software47 ·········1.·Installing_and_Maintaining_Software
48 ·········2.·Configure_Syslog48 ·········2.·Configure_Syslog
49 ·········3.·File_Permissions_and_Masks49 ·········3.·File_Permissions_and_Masks
50 ···2.·Services50 ···2.·Services
51 ·········1.·APT_service_configuration51 ·········1.·APT_service_configuration
1.87 KB
./usr/share/doc/ssg-debian/ssg-debian11-guide-anssi_np_nt28_high.html
    
Offset 14285, 15 lines modifiedOffset 14285, 15 lines modified
00037cc0:·6973·746f·7279·3c2f·6832·3e3c·703e·4375··istory</h2><p>Cu00037cc0:·6973·746f·7279·3c2f·6832·3e3c·703e·4375··istory</h2><p>Cu
00037cd0:·7272·656e·7420·7665·7273·696f·6e3a·203c··rrent·version:·<00037cd0:·7272·656e·7420·7665·7273·696f·6e3a·203c··rrent·version:·<
00037ce0:·7374·726f·6e67·3e30·2e31·2e36·353c·2f73··strong>0.1.65</s00037ce0:·7374·726f·6e67·3e30·2e31·2e36·353c·2f73··strong>0.1.65</s
00037cf0:·7472·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c··trong></p><ul><l00037cf0:·7472·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c··trong></p><ul><l
00037d00:·693e·3c73·7472·6f6e·673e·6472·6166·743c··i><strong>draft<00037d00:·693e·3c73·7472·6f6e·673e·6472·6166·743c··i><strong>draft<
00037d10:·2f73·7472·6f6e·673e·0a20·2020·2020·2020··/strong>.·······00037d10:·2f73·7472·6f6e·673e·0a20·2020·2020·2020··/strong>.·······
00037d20:·2020·2020·2020·2020·2020·2020·2028·6173···············(as00037d20:·2020·2020·2020·2020·2020·2020·2028·6173···············(as
00037d30:·206f·6620·3230·3234·2d30·312d·3134·290a···of·2024-01-14).00037d30:·206f·6620·3230·3235·2d30·322d·3135·290a···of·2025-02-15).
00037d40:·2020·2020·2020·2020·2020·2020·2020·2020··················00037d40:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037d50:·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469·763e··</li></ul></div>00037d50:·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469·763e··</li></ul></div>
00037d60:·3c68·323e·5461·626c·6520·6f66·2043·6f6e··<h2>Table·of·Con00037d60:·3c68·323e·5461·626c·6520·6f66·2043·6f6e··<h2>Table·of·Con
00037d70:·7465·6e74·733c·2f68·323e·3c6f·6c3e·3c6c··tents</h2><ol><l00037d70:·7465·6e74·733c·2f68·323e·3c6f·6c3e·3c6c··tents</h2><ol><l
00037d80:·693e·3c61·2068·7265·663d·2223·7863·6364··i><a·href="#xccd00037d80:·693e·3c61·2068·7265·663d·2223·7863·6364··i><a·href="#xccd
00037d90:·665f·6f72·672e·7373·6770·726f·6a65·6374··f_org.ssgproject00037d90:·665f·6f72·672e·7373·6770·726f·6a65·6374··f_org.ssgproject
00037da0:·2e63·6f6e·7465·6e74·5f67·726f·7570·5f73··.content_group_s00037da0:·2e63·6f6e·7465·6e74·5f67·726f·7570·5f73··.content_group_s
651 B
html2text {}
    
Offset 38, 15 lines modifiedOffset 38, 15 lines modified
38 *****·Profile·Information·*****38 *****·Profile·Information·*****
39 Profile·Title·Profile·for·ANSSI·DAT-NT28·High·(Enforced)·Level39 Profile·Title·Profile·for·ANSSI·DAT-NT28·High·(Enforced)·Level
40 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_np_nt28_high40 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_np_nt28_high
41 ***·CPE·Platforms·***41 ***·CPE·Platforms·***
42 ····*·cpe:/o:debian:debian_linux:1142 ····*·cpe:/o:debian:debian_linux:11
43 *****·Revision·History·*****43 *****·Revision·History·*****
44 Current·version:·0.1.6544 Current·version:·0.1.65
45 ····*·draft·(as·of·2024-01-14)45 ····*·draft·(as·of·2025-02-15)
46 *****·Table·of·Contents·*****46 *****·Table·of·Contents·*****
47 ···1.·System_Settings47 ···1.·System_Settings
48 ·········1.·Installing_and_Maintaining_Software48 ·········1.·Installing_and_Maintaining_Software
49 ·········2.·System_Accounting_with_auditd49 ·········2.·System_Accounting_with_auditd
50 ·········3.·GRUB2_bootloader_configuration50 ·········3.·GRUB2_bootloader_configuration
51 ·········4.·Configure_Syslog51 ·········4.·Configure_Syslog
52 ·········5.·File_Permissions_and_Masks52 ·········5.·File_Permissions_and_Masks
1.84 KB
./usr/share/doc/ssg-debian/ssg-debian11-guide-anssi_np_nt28_minimal.html
    
Offset 14278, 15 lines modifiedOffset 14278, 15 lines modified
00037c50:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>00037c50:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>
00037c60:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:00037c60:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:
00037c70:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<00037c70:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<
00037c80:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>00037c80:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>
00037c90:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf00037c90:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf
00037ca0:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····00037ca0:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····
00037cb0:·2020·2020·2020·2020·2020·2020·2020·2028·················(00037cb0:·2020·2020·2020·2020·2020·2020·2020·2028·················(
00037cc0:·6173·206f·6620·3230·3234·2d30·312d·3134··as·of·2024-01-1400037cc0:·6173·206f·6620·3230·3235·2d30·322d·3135··as·of·2025-02-15
00037cd0:·290a·2020·2020·2020·2020·2020·2020·2020··).··············00037cd0:·290a·2020·2020·2020·2020·2020·2020·2020··).··············
00037ce0:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di00037ce0:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di
00037cf0:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C00037cf0:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C
00037d00:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>00037d00:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>
00037d10:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc00037d10:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc
00037d20:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje00037d20:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje
00037d30:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group00037d30:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group
614 B
html2text {}
    
Offset 36, 15 lines modifiedOffset 36, 15 lines modified
36 *****·Profile·Information·*****36 *****·Profile·Information·*****
37 Profile·Title·Profile·for·ANSSI·DAT-NT28·Minimal·Level37 Profile·Title·Profile·for·ANSSI·DAT-NT28·Minimal·Level
38 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_np_nt28_minimal38 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_np_nt28_minimal
39 ***·CPE·Platforms·***39 ***·CPE·Platforms·***
40 ····*·cpe:/o:debian:debian_linux:1140 ····*·cpe:/o:debian:debian_linux:11
41 *****·Revision·History·*****41 *****·Revision·History·*****
42 Current·version:·0.1.6542 Current·version:·0.1.65
43 ····*·draft·(as·of·2024-01-14)43 ····*·draft·(as·of·2025-02-15)
44 *****·Table·of·Contents·*****44 *****·Table·of·Contents·*****
45 ···1.·System_Settings45 ···1.·System_Settings
46 ·········1.·Installing_and_Maintaining_Software46 ·········1.·Installing_and_Maintaining_Software
47 ·········2.·Configure_Syslog47 ·········2.·Configure_Syslog
48 ·········3.·File_Permissions_and_Masks48 ·········3.·File_Permissions_and_Masks
49 ···2.·Services49 ···2.·Services
50 ·········1.·APT_service_configuration50 ·········1.·APT_service_configuration
1.86 KB
./usr/share/doc/ssg-debian/ssg-debian11-guide-anssi_np_nt28_restrictive.html
    
Offset 14282, 15 lines modifiedOffset 14282, 15 lines modified
00037c90:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>00037c90:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>
00037ca0:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:00037ca0:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:
00037cb0:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<00037cb0:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<
00037cc0:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>00037cc0:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>
00037cd0:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf00037cd0:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf
00037ce0:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····00037ce0:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····
00037cf0:·2020·2020·2020·2020·2020·2020·2020·2028·················(00037cf0:·2020·2020·2020·2020·2020·2020·2020·2028·················(
00037d00:·6173·206f·6620·3230·3234·2d30·312d·3134··as·of·2024-01-1400037d00:·6173·206f·6620·3230·3235·2d30·322d·3135··as·of·2025-02-15
00037d10:·290a·2020·2020·2020·2020·2020·2020·2020··).··············00037d10:·290a·2020·2020·2020·2020·2020·2020·2020··).··············
00037d20:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di00037d20:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di
00037d30:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C00037d30:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C
00037d40:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>00037d40:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>
00037d50:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc00037d50:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc
00037d60:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje00037d60:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje
00037d70:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group00037d70:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group
626 B
html2text {}
    
Offset 37, 15 lines modifiedOffset 37, 15 lines modified
37 *****·Profile·Information·*****37 *****·Profile·Information·*****
38 Profile·Title·Profile·for·ANSSI·DAT-NT28·Restrictive·Level38 Profile·Title·Profile·for·ANSSI·DAT-NT28·Restrictive·Level
39 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_np_nt28_restrictive39 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_np_nt28_restrictive
40 ***·CPE·Platforms·***40 ***·CPE·Platforms·***
41 ····*·cpe:/o:debian:debian_linux:1141 ····*·cpe:/o:debian:debian_linux:11
42 *****·Revision·History·*****42 *****·Revision·History·*****
43 Current·version:·0.1.6543 Current·version:·0.1.65
44 ····*·draft·(as·of·2024-01-14)44 ····*·draft·(as·of·2025-02-15)
45 *****·Table·of·Contents·*****45 *****·Table·of·Contents·*****
46 ···1.·System_Settings46 ···1.·System_Settings
47 ·········1.·Installing_and_Maintaining_Software47 ·········1.·Installing_and_Maintaining_Software
48 ·········2.·System_Accounting_with_auditd48 ·········2.·System_Accounting_with_auditd
49 ·········3.·Configure_Syslog49 ·········3.·Configure_Syslog
50 ·········4.·File_Permissions_and_Masks50 ·········4.·File_Permissions_and_Masks
51 ···2.·Services51 ···2.·Services
1.95 KB
./usr/share/doc/ssg-debian/ssg-debian11-guide-standard.html
    
Offset 14284, 16 lines modifiedOffset 14284, 16 lines modified
00037cb0:·696f·6e20·4869·7374·6f72·793c·2f68·323e··ion·History</h2>00037cb0:·696f·6e20·4869·7374·6f72·793c·2f68·323e··ion·History</h2>
00037cc0:·3c70·3e43·7572·7265·6e74·2076·6572·7369··<p>Current·versi00037cc0:·3c70·3e43·7572·7265·6e74·2076·6572·7369··<p>Current·versi
00037cd0:·6f6e·3a20·3c73·7472·6f6e·673e·302e·312e··on:·<strong>0.1.00037cd0:·6f6e·3a20·3c73·7472·6f6e·673e·302e·312e··on:·<strong>0.1.
00037ce0:·3635·3c2f·7374·726f·6e67·3e3c·2f70·3e3c··65</strong></p><00037ce0:·3635·3c2f·7374·726f·6e67·3e3c·2f70·3e3c··65</strong></p><
00037cf0:·756c·3e3c·6c69·3e3c·7374·726f·6e67·3e64··ul><li><strong>d00037cf0:·756c·3e3c·6c69·3e3c·7374·726f·6e67·3e64··ul><li><strong>d
00037d00:·7261·6674·3c2f·7374·726f·6e67·3e0a·2020··raft</strong>.··00037d00:·7261·6674·3c2f·7374·726f·6e67·3e0a·2020··raft</strong>.··
00037d10:·2020·2020·2020·2020·2020·2020·2020·2020··················00037d10:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037d20:·2020·2861·7320·6f66·2032·3032·342d·3031····(as·of·2024-0100037d20:·2020·2861·7320·6f66·2032·3032·352d·3032····(as·of·2025-02
00037d30:·2d31·3429·0a20·2020·2020·2020·2020·2020··-14).···········00037d30:·2d31·3529·0a20·2020·2020·2020·2020·2020··-15).···········
00037d40:·2020·2020·203c·2f6c·693e·3c2f·756c·3e3c·······</li></ul><00037d40:·2020·2020·203c·2f6c·693e·3c2f·756c·3e3c·······</li></ul><
00037d50:·2f64·6976·3e3c·6832·3e54·6162·6c65·206f··/div><h2>Table·o00037d50:·2f64·6976·3e3c·6832·3e54·6162·6c65·206f··/div><h2>Table·o
00037d60:·6620·436f·6e74·656e·7473·3c2f·6832·3e3c··f·Contents</h2><00037d60:·6620·436f·6e74·656e·7473·3c2f·6832·3e3c··f·Contents</h2><
00037d70:·6f6c·3e3c·6c69·3e3c·6120·6872·6566·3d22··ol><li><a·href="00037d70:·6f6c·3e3c·6c69·3e3c·6120·6872·6566·3d22··ol><li><a·href="
00037d80:·2378·6363·6466·5f6f·7267·2e73·7367·7072··#xccdf_org.ssgpr00037d80:·2378·6363·6466·5f6f·7267·2e73·7367·7072··#xccdf_org.ssgpr
00037d90:·6f6a·6563·742e·636f·6e74·656e·745f·6772··oject.content_gr00037d90:·6f6a·6563·742e·636f·6e74·656e·745f·6772··oject.content_gr
00037da0:·6f75·705f·7379·7374·656d·223e·5379·7374··oup_system">Syst00037da0:·6f75·705f·7379·7374·656d·223e·5379·7374··oup_system">Syst
611 B
html2text {}
    
Offset 38, 15 lines modifiedOffset 38, 15 lines modified
38 *****·Profile·Information·*****38 *****·Profile·Information·*****
39 Profile·Title·Standard·System·Security·Profile·for·Debian·1139 Profile·Title·Standard·System·Security·Profile·for·Debian·11
40 Profile·ID····xccdf_org.ssgproject.content_profile_standard40 Profile·ID····xccdf_org.ssgproject.content_profile_standard
41 ***·CPE·Platforms·***41 ***·CPE·Platforms·***
42 ····*·cpe:/o:debian:debian_linux:1142 ····*·cpe:/o:debian:debian_linux:11
43 *****·Revision·History·*****43 *****·Revision·History·*****
44 Current·version:·0.1.6544 Current·version:·0.1.65
45 ····*·draft·(as·of·2024-01-14)45 ····*·draft·(as·of·2025-02-15)
46 *****·Table·of·Contents·*****46 *****·Table·of·Contents·*****
47 ···1.·System_Settings47 ···1.·System_Settings
48 ·········1.·Installing_and_Maintaining_Software48 ·········1.·Installing_and_Maintaining_Software
49 ·········2.·System_Accounting_with_auditd49 ·········2.·System_Accounting_with_auditd
50 ·········3.·Configure_Syslog50 ·········3.·Configure_Syslog
51 ·········4.·File_Permissions_and_Masks51 ·········4.·File_Permissions_and_Masks
52 ···2.·Services52 ···2.·Services
1.39 KB
./usr/share/xml/scap/ssg/content/ssg-debian10-ds-1.2.xml
1.28 KB
./usr/share/xml/scap/ssg/content/ssg-debian10-ds-1.2.xml
    
Offset 96, 15 lines modifiedOffset 96, 15 lines modified
96 ········<cpe-dict:title·xml:lang="en-us">Debian·Linux·10</cpe-dict:title>96 ········<cpe-dict:title·xml:lang="en-us">Debian·Linux·10</cpe-dict:title>
97 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-debian10-cpe-oval.xml">oval:ssg-installed_OS_is_debian10:def:1</cpe-dict:check>97 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-debian10-cpe-oval.xml">oval:ssg-installed_OS_is_debian10:def:1</cpe-dict:check>
98 ······</cpe-dict:cpe-item>98 ······</cpe-dict:cpe-item>
99 ····</cpe-dict:cpe-list>99 ····</cpe-dict:cpe-list>
100 ··</ds:component>100 ··</ds:component>
101 ··<ds:component·id="scap_org.open-scap_comp_ssg-debian10-xccdf.xml"·timestamp="2022-12-20T09:54:05">101 ··<ds:component·id="scap_org.open-scap_comp_ssg-debian10-xccdf.xml"·timestamp="2022-12-20T09:54:05">
102 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_DEBIAN-10"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">102 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_DEBIAN-10"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
103 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>103 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
104 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Debian·10</xccdf-1.2:title>104 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Debian·10</xccdf-1.2:title>
105 ······<xccdf-1.2:description>105 ······<xccdf-1.2:description>
106 ········This·guide·presents·a·catalog·of·security-relevant106 ········This·guide·presents·a·catalog·of·security-relevant
107 configuration·settings·for·Debian·10.·It·is·a·rendering·of107 configuration·settings·for·Debian·10.·It·is·a·rendering·of
108 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)108 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
109 in·order·to·support·security·automation.··The·SCAP·content·is109 in·order·to·support·security·automation.··The·SCAP·content·is
110 is·available·in·the110 is·available·in·the
1.37 KB
./usr/share/xml/scap/ssg/content/ssg-debian10-ds.xml
1.27 KB
./usr/share/xml/scap/ssg/content/ssg-debian10-ds.xml
    
Offset 96, 15 lines modifiedOffset 96, 15 lines modified
96 ········<cpe-dict:title·xml:lang="en-us">Debian·Linux·10</cpe-dict:title>96 ········<cpe-dict:title·xml:lang="en-us">Debian·Linux·10</cpe-dict:title>
97 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-debian10-cpe-oval.xml">oval:ssg-installed_OS_is_debian10:def:1</cpe-dict:check>97 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-debian10-cpe-oval.xml">oval:ssg-installed_OS_is_debian10:def:1</cpe-dict:check>
98 ······</cpe-dict:cpe-item>98 ······</cpe-dict:cpe-item>
99 ····</cpe-dict:cpe-list>99 ····</cpe-dict:cpe-list>
100 ··</ds:component>100 ··</ds:component>
101 ··<ds:component·id="scap_org.open-scap_comp_ssg-debian10-xccdf.xml"·timestamp="2022-12-20T09:54:05">101 ··<ds:component·id="scap_org.open-scap_comp_ssg-debian10-xccdf.xml"·timestamp="2022-12-20T09:54:05">
102 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_DEBIAN-10"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">102 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_DEBIAN-10"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
103 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>103 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
104 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Debian·10</xccdf-1.2:title>104 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Debian·10</xccdf-1.2:title>
105 ······<xccdf-1.2:description>105 ······<xccdf-1.2:description>
106 ········This·guide·presents·a·catalog·of·security-relevant106 ········This·guide·presents·a·catalog·of·security-relevant
107 configuration·settings·for·Debian·10.·It·is·a·rendering·of107 configuration·settings·for·Debian·10.·It·is·a·rendering·of
108 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)108 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
109 in·order·to·support·security·automation.··The·SCAP·content·is109 in·order·to·support·security·automation.··The·SCAP·content·is
110 is·available·in·the110 is·available·in·the
1.22 KB
./usr/share/xml/scap/ssg/content/ssg-debian10-xccdf.xml
1.12 KB
./usr/share/xml/scap/ssg/content/ssg-debian10-xccdf.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_DEBIAN-10"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_DEBIAN-10"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
3 ··<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>3 ··<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Debian·10</xccdf-1.2:title>4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Debian·10</xccdf-1.2:title>
5 ··<xccdf-1.2:description>5 ··<xccdf-1.2:description>
6 ····This·guide·presents·a·catalog·of·security-relevant6 ····This·guide·presents·a·catalog·of·security-relevant
7 configuration·settings·for·Debian·10.·It·is·a·rendering·of7 configuration·settings·for·Debian·10.·It·is·a·rendering·of
8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
9 in·order·to·support·security·automation.··The·SCAP·content·is9 in·order·to·support·security·automation.··The·SCAP·content·is
10 is·available·in·the10 is·available·in·the
1.39 KB
./usr/share/xml/scap/ssg/content/ssg-debian11-ds-1.2.xml
1.28 KB
./usr/share/xml/scap/ssg/content/ssg-debian11-ds-1.2.xml
    
Offset 96, 15 lines modifiedOffset 96, 15 lines modified
96 ········<cpe-dict:title·xml:lang="en-us">Debian·Linux·11</cpe-dict:title>96 ········<cpe-dict:title·xml:lang="en-us">Debian·Linux·11</cpe-dict:title>
97 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-debian11-cpe-oval.xml">oval:ssg-installed_OS_is_debian11:def:1</cpe-dict:check>97 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-debian11-cpe-oval.xml">oval:ssg-installed_OS_is_debian11:def:1</cpe-dict:check>
98 ······</cpe-dict:cpe-item>98 ······</cpe-dict:cpe-item>
99 ····</cpe-dict:cpe-list>99 ····</cpe-dict:cpe-list>
100 ··</ds:component>100 ··</ds:component>
101 ··<ds:component·id="scap_org.open-scap_comp_ssg-debian11-xccdf.xml"·timestamp="2022-12-20T09:54:05">101 ··<ds:component·id="scap_org.open-scap_comp_ssg-debian11-xccdf.xml"·timestamp="2022-12-20T09:54:05">
102 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_DEBIAN-11"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">102 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_DEBIAN-11"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
103 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>103 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
104 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Debian·11</xccdf-1.2:title>104 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Debian·11</xccdf-1.2:title>
105 ······<xccdf-1.2:description>105 ······<xccdf-1.2:description>
106 ········This·guide·presents·a·catalog·of·security-relevant106 ········This·guide·presents·a·catalog·of·security-relevant
107 configuration·settings·for·Debian·11.·It·is·a·rendering·of107 configuration·settings·for·Debian·11.·It·is·a·rendering·of
108 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)108 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
109 in·order·to·support·security·automation.··The·SCAP·content·is109 in·order·to·support·security·automation.··The·SCAP·content·is
110 is·available·in·the110 is·available·in·the
1.37 KB
./usr/share/xml/scap/ssg/content/ssg-debian11-ds.xml
1.27 KB
./usr/share/xml/scap/ssg/content/ssg-debian11-ds.xml
    
Offset 96, 15 lines modifiedOffset 96, 15 lines modified
96 ········<cpe-dict:title·xml:lang="en-us">Debian·Linux·11</cpe-dict:title>96 ········<cpe-dict:title·xml:lang="en-us">Debian·Linux·11</cpe-dict:title>
97 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-debian11-cpe-oval.xml">oval:ssg-installed_OS_is_debian11:def:1</cpe-dict:check>97 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-debian11-cpe-oval.xml">oval:ssg-installed_OS_is_debian11:def:1</cpe-dict:check>
98 ······</cpe-dict:cpe-item>98 ······</cpe-dict:cpe-item>
99 ····</cpe-dict:cpe-list>99 ····</cpe-dict:cpe-list>
100 ··</ds:component>100 ··</ds:component>
101 ··<ds:component·id="scap_org.open-scap_comp_ssg-debian11-xccdf.xml"·timestamp="2022-12-20T09:54:05">101 ··<ds:component·id="scap_org.open-scap_comp_ssg-debian11-xccdf.xml"·timestamp="2022-12-20T09:54:05">
102 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_DEBIAN-11"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">102 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_DEBIAN-11"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
103 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>103 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
104 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Debian·11</xccdf-1.2:title>104 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Debian·11</xccdf-1.2:title>
105 ······<xccdf-1.2:description>105 ······<xccdf-1.2:description>
106 ········This·guide·presents·a·catalog·of·security-relevant106 ········This·guide·presents·a·catalog·of·security-relevant
107 configuration·settings·for·Debian·11.·It·is·a·rendering·of107 configuration·settings·for·Debian·11.·It·is·a·rendering·of
108 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)108 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
109 in·order·to·support·security·automation.··The·SCAP·content·is109 in·order·to·support·security·automation.··The·SCAP·content·is
110 is·available·in·the110 is·available·in·the
1.22 KB
./usr/share/xml/scap/ssg/content/ssg-debian11-xccdf.xml
1.12 KB
./usr/share/xml/scap/ssg/content/ssg-debian11-xccdf.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_DEBIAN-11"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_DEBIAN-11"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
3 ··<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>3 ··<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Debian·11</xccdf-1.2:title>4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Debian·11</xccdf-1.2:title>
5 ··<xccdf-1.2:description>5 ··<xccdf-1.2:description>
6 ····This·guide·presents·a·catalog·of·security-relevant6 ····This·guide·presents·a·catalog·of·security-relevant
7 configuration·settings·for·Debian·11.·It·is·a·rendering·of7 configuration·settings·for·Debian·11.·It·is·a·rendering·of
8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
9 in·order·to·support·security·automation.··The·SCAP·content·is9 in·order·to·support·security·automation.··The·SCAP·content·is
10 is·available·in·the10 is·available·in·the
50.2 MB
ssg-nondebian_0.1.65-1_all.deb
367 B
file list
    
Offset 1, 3 lines modifiedOffset 1, 3 lines modified
1 -rw-r--r--···0········0········0········4·2022-12-20·09:54:05.000000·debian-binary1 -rw-r--r--···0········0········0········4·2022-12-20·09:54:05.000000·debian-binary
2 -rw-r--r--···0········0········0····15428·2022-12-20·09:54:05.000000·control.tar.xz2 -rw-r--r--···0········0········0····15428·2022-12-20·09:54:05.000000·control.tar.xz
3 -rw-r--r--···0········0········0·40201988·2022-12-20·09:54:05.000000·data.tar.xz3 -rw-r--r--···0········0········0·40202904·2022-12-20·09:54:05.000000·data.tar.xz
98.0 B
control.tar.xz
70.0 B
control.tar
48.0 B
./md5sums
30.0 B
./md5sums
Files differ
50.2 MB
data.tar.xz
50.2 MB
data.tar
24.1 KB
./usr/share/doc/ssg-nondebian/ssg-alinux2-guide-cis.html
    
Offset 14293, 16 lines modifiedOffset 14293, 16 lines modified
00037d40:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p00037d40:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p
00037d50:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version00037d50:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version
00037d60:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.6500037d60:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.65
00037d70:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul00037d70:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul
00037d80:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra00037d80:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra
00037d90:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····00037d90:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····
00037da0:·2020·2020·2020·2020·2020·2020·2020·2020··················00037da0:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037db0:·2861·7320·6f66·2032·3032·342d·3031·2d31··(as·of·2024-01-100037db0:·2861·7320·6f66·2032·3032·352d·3032·2d31··(as·of·2025-02-1
00037dc0:·3429·0a20·2020·2020·2020·2020·2020·2020··4).·············00037dc0:·3529·0a20·2020·2020·2020·2020·2020·2020··5).·············
00037dd0:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d00037dd0:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d
00037de0:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·00037de0:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·
00037df0:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol00037df0:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol
00037e00:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x00037e00:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x
00037e10:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj00037e10:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj
00037e20:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou00037e20:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou
00037e30:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System00037e30:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System
Offset 83079, 22 lines modifiedOffset 83079, 22 lines modified
00144860:·2054·6573·7420·666f·7220·6578·6973·7465···Test·for·existe00144860:·2054·6573·7420·666f·7220·6578·6973·7465···Test·for·existe
00144870:·6e63·6520·2f62·6f6f·742f·6772·7562·322f··nce·/boot/grub2/00144870:·6e63·6520·2f62·6f6f·742f·6772·7562·322f··nce·/boot/grub2/
00144880:·6772·7562·2e63·6667·0a20·2073·7461·743a··grub.cfg.··stat:00144880:·6772·7562·2e63·6667·0a20·2073·7461·743a··grub.cfg.··stat:
00144890:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot00144890:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot
001448a0:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.001448a0:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.
001448b0:·2020·7265·6769·7374·6572·3a20·6669·6c65····register:·file001448b0:·2020·7265·6769·7374·6572·3a20·6669·6c65····register:·file
001448c0:·5f65·7869·7374·730a·2020·7768·656e·3a0a··_exists.··when:.001448c0:·5f65·7869·7374·730a·2020·7768·656e·3a0a··_exists.··when:.
001448d0:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm 
001448e0:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f 
001448f0:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.· 
00144900:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"· 
00144910:·6e6f·7420·696e·2061·6e73·6962·6c65·5f6d··not·in·ansible_m 
00144920:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr 
00144930:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·|001448d0:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi"
 001448e0:·206e·6f74·2069·6e20·616e·7369·626c·655f···not·in·ansible_
 001448f0:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att
 00144900:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")·
 00144910:·7c20·6c69·7374·270a·2020·2d20·2722·6772··|·list'.··-·'"gr
 00144920:·7562·322d·636f·6d6d·6f6e·2220·696e·2061··ub2-common"·in·a
 00144930:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
00144940:·206c·6973·7427·0a20·202d·2061·6e73·6962···list'.··-·ansib00144940:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib
00144950:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio00144950:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio
00144960:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["00144960:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["
00144970:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·00144970:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·
00144980:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma00144980:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma
00144990:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]00144990:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]
001449a0:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI001449a0:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI
001449b0:·532d·352e·352e·322e·320a·2020·2d20·4e49··S-5.5.2.2.··-·NI001449b0:·532d·352e·352e·322e·320a·2020·2d20·4e49··S-5.5.2.2.··-·NI
Offset 83115, 22 lines modifiedOffset 83115, 22 lines modified
00144aa0:·3a20·456e·7375·7265·2067·726f·7570·206f··:·Ensure·group·o00144aa0:·3a20·456e·7375·7265·2067·726f·7570·206f··:·Ensure·group·o
00144ab0:·776e·6572·2030·206f·6e20·2f62·6f6f·742f··wner·0·on·/boot/00144ab0:·776e·6572·2030·206f·6e20·2f62·6f6f·742f··wner·0·on·/boot/
00144ac0:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·00144ac0:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·
00144ad0:·2066·696c·653a·0a20·2020·2070·6174·683a···file:.····path:00144ad0:·2066·696c·653a·0a20·2020·2070·6174·683a···file:.····path:
00144ae0:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru00144ae0:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
00144af0:·622e·6366·670a·2020·2020·6772·6f75·703a··b.cfg.····group:00144af0:·622e·6366·670a·2020·2020·6772·6f75·703a··b.cfg.····group:
00144b00:·2027·3027·0a20·2077·6865·6e3a·0a20·202d···'0'.··when:.··-00144b00:·2027·3027·0a20·2077·6865·6e3a·0a20·202d···'0'.··when:.··-
 00144b10:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no
 00144b20:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou
 00144b30:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib
00144b10:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common" 
00144b20:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
00144b30:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-· 
00144b40:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not 
00144b50:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun 
00144b60:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu 
00144b70:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li00144b40:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l
 00144b50:·6973·7427·0a20·202d·2027·2267·7275·6232··ist'.··-·'"grub2
 00144b60:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi
 00144b70:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
00144b80:·7374·270a·2020·2d20·616e·7369·626c·655f··st'.··-·ansible_00144b80:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_
00144b90:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t00144b90:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
00144ba0:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc00144ba0:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
00144bb0:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op00144bb0:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
00144bc0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",00144bc0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
00144bd0:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··00144bd0:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
00144be0:·2d20·6669·6c65·5f65·7869·7374·732e·7374··-·file_exists.st00144be0:·2d20·6669·6c65·5f65·7869·7374·732e·7374··-·file_exists.st
00144bf0:·6174·2069·7320·6465·6669·6e65·6420·616e··at·is·defined·an00144bf0:·6174·2069·7320·6465·6669·6e65·6420·616e··at·is·defined·an
Offset 83180, 19 lines modifiedOffset 83180, 19 lines modified
00144eb0:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy00144eb0:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy
00144ec0:·3a3c·2f74·683e·3c74·643e·636f·6e66·6967··:</th><td>config00144ec0:·3a3c·2f74·683e·3c74·643e·636f·6e66·6967··:</th><td>config
00144ed0:·7572·653c·2f74·643e·3c2f·7472·3e3c·2f74··ure</td></tr></t00144ed0:·7572·653c·2f74·643e·3c2f·7472·3e3c·2f74··ure</td></tr></t
00144ee0:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>00144ee0:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>
00144ef0:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is00144ef0:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is
00144f00:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only00144f00:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only
00144f10:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat00144f10:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat
00144f20:·666f·726d·730a·6966·2072·706d·202d·2d71··forms.if·rpm·--q00144f20:·666f·726d·730a·6966·205b·2021·202d·6620··forms.if·[·!·-f·
00144f30:·7569·6574·202d·7120·6772·7562·322d·636f··uiet·-q·grub2-co 
00144f40:·6d6d·6f6e·2026·616d·703b·2661·6d70·3b20··mmon·&amp;&amp;· 
00144f50:·5b20·2120·2d66·202f·7379·732f·6669·726d··[·!·-f·/sys/firm 
00144f60:·7761·7265·2f65·6669·205d·2026·616d·703b··ware/efi·]·&amp;00144f30:·2f73·7973·2f66·6972·6d77·6172·652f·6566··/sys/firmware/ef
 00144f40:·6920·5d20·2661·6d70·3b26·616d·703b·2072··i·]·&amp;&amp;·r
 00144f50:·706d·202d·2d71·7569·6574·202d·7120·6772··pm·--quiet·-q·gr
 00144f60:·7562·322d·636f·6d6d·6f6e·2026·616d·703b··ub2-common·&amp;
00144f70:·2661·6d70·3b20·7b20·5b20·2120·2d66·202f··&amp;·{·[·!·-f·/00144f70:·2661·6d70·3b20·7b20·5b20·2120·2d66·202f··&amp;·{·[·!·-f·/
00144f80:·2e64·6f63·6b65·7265·6e76·205d·2026·616d··.dockerenv·]·&am00144f80:·2e64·6f63·6b65·7265·6e76·205d·2026·616d··.dockerenv·]·&am
00144f90:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/00144f90:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/
00144fa0:·7275·6e2f·2e63·6f6e·7461·696e·6572·656e··run/.containeren00144fa0:·7275·6e2f·2e63·6f6e·7461·696e·6572·656e··run/.containeren
00144fb0:·7620·5d3b·207d·3b20·7468·656e·0a0a·6368··v·];·};·then..ch00144fb0:·7620·5d3b·207d·3b20·7468·656e·0a0a·6368··v·];·};·then..ch
00144fc0:·6772·7020·3020·2f62·6f6f·742f·6772·7562··grp·0·/boot/grub00144fc0:·6772·7020·3020·2f62·6f6f·742f·6772·7562··grp·0·/boot/grub
00144fd0:·322f·6772·7562·2e63·6667·0a0a·656c·7365··2/grub.cfg..else00144fd0:·322f·6772·7562·2e63·6667·0a0a·656c·7365··2/grub.cfg..else
Offset 83658, 22 lines modifiedOffset 83658, 22 lines modified
00146c90:·616d·653a·2054·6573·7420·666f·7220·6578··ame:·Test·for·ex00146c90:·616d·653a·2054·6573·7420·666f·7220·6578··ame:·Test·for·ex
00146ca0:·6973·7465·6e63·6520·2f62·6f6f·742f·6772··istence·/boot/gr00146ca0:·6973·7465·6e63·6520·2f62·6f6f·742f·6772··istence·/boot/gr
00146cb0:·7562·322f·6772·7562·2e63·6667·0a20·2073··ub2/grub.cfg.··s00146cb0:·7562·322f·6772·7562·2e63·6667·0a20·2073··ub2/grub.cfg.··s
00146cc0:·7461·743a·0a20·2020·2070·6174·683a·202f··tat:.····path:·/00146cc0:·7461·743a·0a20·2020·2070·6174·683a·202f··tat:.····path:·/
00146cd0:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.00146cd0:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
00146ce0:·6366·670a·2020·7265·6769·7374·6572·3a20··cfg.··register:·00146ce0:·6366·670a·2020·7265·6769·7374·6572·3a20··cfg.··register:·
00146cf0:·6669·6c65·5f65·7869·7374·730a·2020·7768··file_exists.··wh00146cf0:·6669·6c65·5f65·7869·7374·730a·2020·7768··file_exists.··wh
00146d00:·656e·3a0a·2020·2d20·2722·6772·7562·322d··en:.··-·'"grub2-00146d00:·656e·3a0a·2020·2d20·2722·2f62·6f6f·742f··en:.··-·'"/boot/
00146d10:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib 
00146d20:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package 
00146d30:·7327·0a20·202d·2027·222f·626f·6f74·2f65··s'.··-·'"/boot/e 
00146d40:·6669·2220·6e6f·7420·696e·2061·6e73·6962··fi"·not·in·ansib 
00146d50:·6c65·5f6d·6f75·6e74·7320·7c20·6d61·7028··le_mounts·|·map( 
00146d60:·6174·7472·6962·7574·653d·226d·6f75·6e74··attribute="mount 
00146d70:·2229·207c·206c·6973·7427·0a20·202d·2061··")·|·list'.··-·a00146d10:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi
 00146d20:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map
 00146d30:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun
 00146d40:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-·
 00146d50:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"·
 00146d60:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 00146d70:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a
00146d80:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz00146d80:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
00146d90:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i00146d90:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
00146da0:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx00146da0:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
00146db0:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p00146db0:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
00146dc0:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain00146dc0:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
00146dd0:·6572·225d·0a20·2074·6167·733a·0a20·202d··er"].··tags:.··-00146dd0:·6572·225d·0a20·2074·6167·733a·0a20·202d··er"].··tags:.··-
00146de0:·2043·4a49·532d·352e·352e·322e·320a·2020···CJIS-5.5.2.2.··00146de0:·2043·4a49·532d·352e·352e·322e·320a·2020···CJIS-5.5.2.2.··
Offset 83693, 22 lines modifiedOffset 83693, 22 lines modified
Max diff block lines reached; 9488/18752 bytes (50.60%) of diff not shown.
5.69 KB
html2text {}
    
Offset 39, 15 lines modifiedOffset 39, 15 lines modified
39 *****·Profile·Information·*****39 *****·Profile·Information·*****
40 Profile·Title·CIS·Aliyun·Linux·2·Benchmark·for·Level·240 Profile·Title·CIS·Aliyun·Linux·2·Benchmark·for·Level·2
41 Profile·ID····xccdf_org.ssgproject.content_profile_cis41 Profile·ID····xccdf_org.ssgproject.content_profile_cis
42 ***·CPE·Platforms·***42 ***·CPE·Platforms·***
43 ····*·cpe:/o:alinux:alibaba_cloud_linux:243 ····*·cpe:/o:alinux:alibaba_cloud_linux:2
44 *****·Revision·History·*****44 *****·Revision·History·*****
45 Current·version:·0.1.6545 Current·version:·0.1.65
46 ····*·draft·(as·of·2024-01-14)46 ····*·draft·(as·of·2025-02-15)
47 *****·Table·of·Contents·*****47 *****·Table·of·Contents·*****
48 ···1.·System_Settings48 ···1.·System_Settings
49 ·········1.·Installing_and_Maintaining_Software49 ·········1.·Installing_and_Maintaining_Software
50 ·········2.·Account_and_Access_Control50 ·········2.·Account_and_Access_Control
51 ·········3.·System_Accounting_with_auditd51 ·········3.·System_Accounting_with_auditd
52 ·········4.·GRUB2_bootloader_configuration52 ·········4.·GRUB2_bootloader_configuration
53 ·········5.·Configure_Syslog53 ·········5.·Configure_Syslog
Offset 6294, 16 lines modifiedOffset 6294, 16 lines modified
6294 ··-·no_reboot_needed6294 ··-·no_reboot_needed
  
6295 -·name:·Test·for·existence·/boot/grub2/grub.cfg6295 -·name:·Test·for·existence·/boot/grub2/grub.cfg
6296 ··stat:6296 ··stat:
6297 ····path:·/boot/grub2/grub.cfg6297 ····path:·/boot/grub2/grub.cfg
6298 ··register:·file_exists6298 ··register:·file_exists
6299 ··when:6299 ··when:
6300 ··-·'"grub2-common"·in·ansible_facts.packages' 
6301 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'6300 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 6301 ··-·'"grub2-common"·in·ansible_facts.packages'
6302 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]6302 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6303 ··tags:6303 ··tags:
6304 ··-·CJIS-5.5.2.26304 ··-·CJIS-5.5.2.2
6305 ··-·NIST-800-171-3.4.56305 ··-·NIST-800-171-3.4.5
6306 ··-·NIST-800-53-AC-6(1)6306 ··-·NIST-800-53-AC-6(1)
6307 ··-·NIST-800-53-CM-6(a)6307 ··-·NIST-800-53-CM-6(a)
6308 ··-·PCI-DSS-Req-7.16308 ··-·PCI-DSS-Req-7.1
Offset 6315, 16 lines modifiedOffset 6315, 16 lines modified
6315 ··-·no_reboot_needed6315 ··-·no_reboot_needed
  
6316 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg6316 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
6317 ··file:6317 ··file:
6318 ····path:·/boot/grub2/grub.cfg6318 ····path:·/boot/grub2/grub.cfg
6319 ····group:·'0'6319 ····group:·'0'
6320 ··when:6320 ··when:
6321 ··-·'"grub2-common"·in·ansible_facts.packages' 
6322 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'6321 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 6322 ··-·'"grub2-common"·in·ansible_facts.packages'
6323 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]6323 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6324 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists6324 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
6325 ··tags:6325 ··tags:
6326 ··-·CJIS-5.5.2.26326 ··-·CJIS-5.5.2.2
6327 ··-·NIST-800-171-3.4.56327 ··-·NIST-800-171-3.4.5
6328 ··-·NIST-800-53-AC-6(1)6328 ··-·NIST-800-53-AC-6(1)
6329 ··-·NIST-800-53-CM-6(a)6329 ··-·NIST-800-53-CM-6(a)
Offset 6336, 15 lines modifiedOffset 6336, 15 lines modified
6336 ··-·medium_severity6336 ··-·medium_severity
6337 ··-·no_reboot_needed6337 ··-·no_reboot_needed
6338 Remediation_Shell_script_⇲6338 Remediation_Shell_script_⇲
6339 Complexity:·low6339 Complexity:·low
6340 Disruption:·low6340 Disruption:·low
6341 Strategy:···configure6341 Strategy:···configure
6342 #·Remediation·is·applicable·only·in·certain·platforms6342 #·Remediation·is·applicable·only·in·certain·platforms
6343 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};6343 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};
6344 then6344 then
  
6345 chgrp·0·/boot/grub2/grub.cfg6345 chgrp·0·/boot/grub2/grub.cfg
  
6346 else6346 else
6347 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'6347 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
6348 fi6348 fi
Offset 6382, 16 lines modifiedOffset 6382, 16 lines modified
6382 ··-·no_reboot_needed6382 ··-·no_reboot_needed
  
6383 -·name:·Test·for·existence·/boot/grub2/grub.cfg6383 -·name:·Test·for·existence·/boot/grub2/grub.cfg
6384 ··stat:6384 ··stat:
6385 ····path:·/boot/grub2/grub.cfg6385 ····path:·/boot/grub2/grub.cfg
6386 ··register:·file_exists6386 ··register:·file_exists
6387 ··when:6387 ··when:
6388 ··-·'"grub2-common"·in·ansible_facts.packages' 
6389 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'6388 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 6389 ··-·'"grub2-common"·in·ansible_facts.packages'
6390 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]6390 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6391 ··tags:6391 ··tags:
6392 ··-·CJIS-5.5.2.26392 ··-·CJIS-5.5.2.2
6393 ··-·NIST-800-171-3.4.56393 ··-·NIST-800-171-3.4.5
6394 ··-·NIST-800-53-AC-6(1)6394 ··-·NIST-800-53-AC-6(1)
6395 ··-·NIST-800-53-CM-6(a)6395 ··-·NIST-800-53-CM-6(a)
6396 ··-·PCI-DSS-Req-7.16396 ··-·PCI-DSS-Req-7.1
Offset 6403, 16 lines modifiedOffset 6403, 16 lines modified
6403 ··-·no_reboot_needed6403 ··-·no_reboot_needed
  
6404 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg6404 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
6405 ··file:6405 ··file:
6406 ····path:·/boot/grub2/grub.cfg6406 ····path:·/boot/grub2/grub.cfg
6407 ····owner:·'0'6407 ····owner:·'0'
6408 ··when:6408 ··when:
6409 ··-·'"grub2-common"·in·ansible_facts.packages' 
6410 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'6409 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 6410 ··-·'"grub2-common"·in·ansible_facts.packages'
6411 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]6411 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6412 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists6412 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
6413 ··tags:6413 ··tags:
6414 ··-·CJIS-5.5.2.26414 ··-·CJIS-5.5.2.2
6415 ··-·NIST-800-171-3.4.56415 ··-·NIST-800-171-3.4.5
6416 ··-·NIST-800-53-AC-6(1)6416 ··-·NIST-800-53-AC-6(1)
6417 ··-·NIST-800-53-CM-6(a)6417 ··-·NIST-800-53-CM-6(a)
Offset 6424, 15 lines modifiedOffset 6424, 15 lines modified
6424 ··-·medium_severity6424 ··-·medium_severity
6425 ··-·no_reboot_needed6425 ··-·no_reboot_needed
6426 Remediation_Shell_script_⇲6426 Remediation_Shell_script_⇲
6427 Complexity:·low6427 Complexity:·low
6428 Disruption:·low6428 Disruption:·low
6429 Strategy:···configure6429 Strategy:···configure
6430 #·Remediation·is·applicable·only·in·certain·platforms6430 #·Remediation·is·applicable·only·in·certain·platforms
6431 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};6431 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};
6432 then6432 then
  
6433 chown·0·/boot/grub2/grub.cfg6433 chown·0·/boot/grub2/grub.cfg
  
6434 else6434 else
6435 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'6435 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
6436 fi6436 fi
Offset 6468, 16 lines modifiedOffset 6468, 16 lines modified
6468 ··-·no_reboot_needed6468 ··-·no_reboot_needed
  
6469 -·name:·Test·for·existence·/boot/grub2/grub.cfg6469 -·name:·Test·for·existence·/boot/grub2/grub.cfg
6470 ··stat:6470 ··stat:
6471 ····path:·/boot/grub2/grub.cfg6471 ····path:·/boot/grub2/grub.cfg
6472 ··register:·file_exists6472 ··register:·file_exists
6473 ··when:6473 ··when:
Max diff block lines reached; 1488/5807 bytes (25.62%) of diff not shown.
24.0 KB
./usr/share/doc/ssg-nondebian/ssg-alinux2-guide-cis_l1.html
    
Offset 14293, 16 lines modifiedOffset 14293, 16 lines modified
00037d40:·7369·6f6e·2048·6973·746f·7279·3c2f·6832··sion·History</h200037d40:·7369·6f6e·2048·6973·746f·7279·3c2f·6832··sion·History</h2
00037d50:·3e3c·703e·4375·7272·656e·7420·7665·7273··><p>Current·vers00037d50:·3e3c·703e·4375·7272·656e·7420·7665·7273··><p>Current·vers
00037d60:·696f·6e3a·203c·7374·726f·6e67·3e30·2e31··ion:·<strong>0.100037d60:·696f·6e3a·203c·7374·726f·6e67·3e30·2e31··ion:·<strong>0.1
00037d70:·2e36·353c·2f73·7472·6f6e·673e·3c2f·703e··.65</strong></p>00037d70:·2e36·353c·2f73·7472·6f6e·673e·3c2f·703e··.65</strong></p>
00037d80:·3c75·6c3e·3c6c·693e·3c73·7472·6f6e·673e··<ul><li><strong>00037d80:·3c75·6c3e·3c6c·693e·3c73·7472·6f6e·673e··<ul><li><strong>
00037d90:·6472·6166·743c·2f73·7472·6f6e·673e·0a20··draft</strong>.·00037d90:·6472·6166·743c·2f73·7472·6f6e·673e·0a20··draft</strong>.·
00037da0:·2020·2020·2020·2020·2020·2020·2020·2020··················00037da0:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037db0:·2020·2028·6173·206f·6620·3230·3234·2d30·····(as·of·2024-000037db0:·2020·2028·6173·206f·6620·3230·3235·2d30·····(as·of·2025-0
00037dc0:·312d·3134·290a·2020·2020·2020·2020·2020··1-14).··········00037dc0:·322d·3135·290a·2020·2020·2020·2020·2020··2-15).··········
00037dd0:·2020·2020·2020·3c2f·6c69·3e3c·2f75·6c3e········</li></ul>00037dd0:·2020·2020·2020·3c2f·6c69·3e3c·2f75·6c3e········</li></ul>
00037de0:·3c2f·6469·763e·3c68·323e·5461·626c·6520··</div><h2>Table·00037de0:·3c2f·6469·763e·3c68·323e·5461·626c·6520··</div><h2>Table·
00037df0:·6f66·2043·6f6e·7465·6e74·733c·2f68·323e··of·Contents</h2>00037df0:·6f66·2043·6f6e·7465·6e74·733c·2f68·323e··of·Contents</h2>
00037e00:·3c6f·6c3e·3c6c·693e·3c61·2068·7265·663d··<ol><li><a·href=00037e00:·3c6f·6c3e·3c6c·693e·3c61·2068·7265·663d··<ol><li><a·href=
00037e10:·2223·7863·6364·665f·6f72·672e·7373·6770··"#xccdf_org.ssgp00037e10:·2223·7863·6364·665f·6f72·672e·7373·6770··"#xccdf_org.ssgp
00037e20:·726f·6a65·6374·2e63·6f6e·7465·6e74·5f67··roject.content_g00037e20:·726f·6a65·6374·2e63·6f6e·7465·6e74·5f67··roject.content_g
00037e30:·726f·7570·5f73·7973·7465·6d22·3e53·7973··roup_system">Sys00037e30:·726f·7570·5f73·7973·7465·6d22·3e53·7973··roup_system">Sys
Offset 36890, 22 lines modifiedOffset 36890, 22 lines modified
00090190:·2d20·6e61·6d65·3a20·5465·7374·2066·6f72··-·name:·Test·for00090190:·2d20·6e61·6d65·3a20·5465·7374·2066·6f72··-·name:·Test·for
000901a0:·2065·7869·7374·656e·6365·202f·626f·6f74···existence·/boot000901a0:·2065·7869·7374·656e·6365·202f·626f·6f74···existence·/boot
000901b0:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.000901b0:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.
000901c0:·2020·7374·6174·3a0a·2020·2020·7061·7468····stat:.····path000901c0:·2020·7374·6174·3a0a·2020·2020·7061·7468····stat:.····path
000901d0:·3a20·2f62·6f6f·742f·6772·7562·322f·6772··:·/boot/grub2/gr000901d0:·3a20·2f62·6f6f·742f·6772·7562·322f·6772··:·/boot/grub2/gr
000901e0:·7562·2e63·6667·0a20·2072·6567·6973·7465··ub.cfg.··registe000901e0:·7562·2e63·6667·0a20·2072·6567·6973·7465··ub.cfg.··registe
000901f0:·723a·2066·696c·655f·6578·6973·7473·0a20··r:·file_exists.·000901f0:·723a·2066·696c·655f·6578·6973·7473·0a20··r:·file_exists.·
00090200:·2077·6865·6e3a·0a20·202d·2027·2267·7275···when:.··-·'"gru00090200:·2077·6865·6e3a·0a20·202d·2027·222f·626f···when:.··-·'"/bo
00090210:·6232·2d63·6f6d·6d6f·6e22·2069·6e20·616e··b2-common"·in·an 
00090220:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack 
00090230:·6167·6573·270a·2020·2d20·2722·2f62·6f6f··ages'.··-·'"/boo 
00090240:·742f·6566·6922·206e·6f74·2069·6e20·616e··t/efi"·not·in·an 
00090250:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m 
00090260:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo 
00090270:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.··00090210:·6f74·2f65·6669·2220·6e6f·7420·696e·2061··ot/efi"·not·in·a
 00090220:·6e73·6962·6c65·5f6d·6f75·6e74·7320·7c20··nsible_mounts·|·
 00090230:·6d61·7028·6174·7472·6962·7574·653d·226d··map(attribute="m
 00090240:·6f75·6e74·2229·207c·206c·6973·7427·0a20··ount")·|·list'.·
 00090250:·202d·2027·2267·7275·6232·2d63·6f6d·6d6f···-·'"grub2-commo
 00090260:·6e22·2069·6e20·616e·7369·626c·655f·6661··n"·in·ansible_fa
 00090270:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
00090280:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua00090280:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
00090290:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no00090290:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
000902a0:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·000902a0:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
000902b0:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",000902b0:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
000902c0:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont000902c0:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
000902d0:·6169·6e65·7222·5d0a·2020·7461·6773·3a0a··ainer"].··tags:.000902d0:·6169·6e65·7222·5d0a·2020·7461·6773·3a0a··ainer"].··tags:.
000902e0:·2020·2d20·434a·4953·2d35·2e35·2e32·2e32····-·CJIS-5.5.2.2000902e0:·2020·2d20·434a·4953·2d35·2e35·2e32·2e32····-·CJIS-5.5.2.2
Offset 36926, 22 lines modifiedOffset 36926, 22 lines modified
000903d0:·0a2d·206e·616d·653a·2045·6e73·7572·6520··.-·name:·Ensure·000903d0:·0a2d·206e·616d·653a·2045·6e73·7572·6520··.-·name:·Ensure·
000903e0:·6772·6f75·7020·6f77·6e65·7220·3020·6f6e··group·owner·0·on000903e0:·6772·6f75·7020·6f77·6e65·7220·3020·6f6e··group·owner·0·on
000903f0:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru000903f0:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
00090400:·622e·6366·670a·2020·6669·6c65·3a0a·2020··b.cfg.··file:.··00090400:·622e·6366·670a·2020·6669·6c65·3a0a·2020··b.cfg.··file:.··
00090410:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr00090410:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr
00090420:·7562·322f·6772·7562·2e63·6667·0a20·2020··ub2/grub.cfg.···00090420:·7562·322f·6772·7562·2e63·6667·0a20·2020··ub2/grub.cfg.···
00090430:·2067·726f·7570·3a20·2730·270a·2020·7768···group:·'0'.··wh00090430:·2067·726f·7570·3a20·2730·270a·2020·7768···group:·'0'.··wh
00090440:·656e·3a0a·2020·2d20·2722·6772·7562·322d··en:.··-·'"grub2-00090440:·656e·3a0a·2020·2d20·2722·2f62·6f6f·742f··en:.··-·'"/boot/
00090450:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib 
00090460:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package 
00090470:·7327·0a20·202d·2027·222f·626f·6f74·2f65··s'.··-·'"/boot/e 
00090480:·6669·2220·6e6f·7420·696e·2061·6e73·6962··fi"·not·in·ansib 
00090490:·6c65·5f6d·6f75·6e74·7320·7c20·6d61·7028··le_mounts·|·map( 
000904a0:·6174·7472·6962·7574·653d·226d·6f75·6e74··attribute="mount 
000904b0:·2229·207c·206c·6973·7427·0a20·202d·2061··")·|·list'.··-·a00090450:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi
 00090460:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map
 00090470:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun
 00090480:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-·
 00090490:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"·
 000904a0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 000904b0:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a
000904c0:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz000904c0:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
000904d0:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i000904d0:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
000904e0:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx000904e0:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
000904f0:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p000904f0:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
00090500:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain00090500:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
00090510:·6572·225d·0a20·202d·2066·696c·655f·6578··er"].··-·file_ex00090510:·6572·225d·0a20·202d·2066·696c·655f·6578··er"].··-·file_ex
00090520:·6973·7473·2e73·7461·7420·6973·2064·6566··ists.stat·is·def00090520:·6973·7473·2e73·7461·7420·6973·2064·6566··ists.stat·is·def
Offset 36992, 19 lines modifiedOffset 36992, 19 lines modified
000907f0:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td000907f0:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td
00090800:·3e63·6f6e·6669·6775·7265·3c2f·7464·3e3c··>configure</td><00090800:·3e63·6f6e·6669·6775·7265·3c2f·7464·3e3c··>configure</td><
00090810:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre00090810:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre
00090820:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia00090820:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia
00090830:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab00090830:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab
00090840:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa00090840:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa
00090850:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·00090850:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·
00090860:·7270·6d20·2d2d·7175·6965·7420·2d71·2067··rpm·--quiet·-q·g 
00090870:·7275·6232·2d63·6f6d·6d6f·6e20·2661·6d70··rub2-common·&amp 
00090880:·3b26·616d·703b·205b·2021·202d·6620·2f73··;&amp;·[·!·-f·/s 
00090890:·7973·2f66·6972·6d77·6172·652f·6566·6920··ys/firmware/efi·00090860:·5b20·2120·2d66·202f·7379·732f·6669·726d··[·!·-f·/sys/firm
 00090870:·7761·7265·2f65·6669·205d·2026·616d·703b··ware/efi·]·&amp;
 00090880:·2661·6d70·3b20·7270·6d20·2d2d·7175·6965··&amp;·rpm·--quie
 00090890:·7420·2d71·2067·7275·6232·2d63·6f6d·6d6f··t·-q·grub2-commo
000908a0:·5d20·2661·6d70·3b26·616d·703b·207b·205b··]·&amp;&amp;·{·[000908a0:·6e20·2661·6d70·3b26·616d·703b·207b·205b··n·&amp;&amp;·{·[
000908b0:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren000908b0:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren
000908c0:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[000908c0:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[
000908d0:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont000908d0:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont
000908e0:·6169·6e65·7265·6e76·205d·3b20·7d3b·2074··ainerenv·];·};·t000908e0:·6169·6e65·7265·6e76·205d·3b20·7d3b·2074··ainerenv·];·};·t
000908f0:·6865·6e0a·0a63·6867·7270·2030·202f·626f··hen..chgrp·0·/bo000908f0:·6865·6e0a·0a63·6867·7270·2030·202f·626f··hen..chgrp·0·/bo
00090900:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf00090900:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
00090910:·670a·0a65·6c73·650a·2020·2020·2667·743b··g..else.····&gt;00090910:·670a·0a65·6c73·650a·2020·2020·2667·743b··g..else.····&gt;
Offset 37470, 21 lines modifiedOffset 37470, 21 lines modified
000925d0:·2066·6f72·2065·7869·7374·656e·6365·202f···for·existence·/000925d0:·2066·6f72·2065·7869·7374·656e·6365·202f···for·existence·/
000925e0:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.000925e0:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
000925f0:·6366·670a·2020·7374·6174·3a0a·2020·2020··cfg.··stat:.····000925f0:·6366·670a·2020·7374·6174·3a0a·2020·2020··cfg.··stat:.····
00092600:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub00092600:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub
00092610:·322f·6772·7562·2e63·6667·0a20·2072·6567··2/grub.cfg.··reg00092610:·322f·6772·7562·2e63·6667·0a20·2072·6567··2/grub.cfg.··reg
00092620:·6973·7465·723a·2066·696c·655f·6578·6973··ister:·file_exis00092620:·6973·7465·723a·2066·696c·655f·6578·6973··ister:·file_exis
00092630:·7473·0a20·2077·6865·6e3a·0a20·202d·2027··ts.··when:.··-·'00092630:·7473·0a20·2077·6865·6e3a·0a20·202d·2027··ts.··when:.··-·'
00092640:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i 
00092650:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
00092660:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'" 
00092670:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i 
00092680:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts 
00092690:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute 
000926a0:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list00092640:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not·
 00092650:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount
 00092660:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut
 00092670:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis
 00092680:·7427·0a20·202d·2027·2267·7275·6232·2d63··t'.··-·'"grub2-c
 00092690:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl
 000926a0:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
000926b0:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi000926b0:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
000926c0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ000926c0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
000926d0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke000926d0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
000926e0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open000926e0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
000926f0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"000926f0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
00092700:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta00092700:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta
00092710:·6773·3a0a·2020·2d20·434a·4953·2d35·2e35··gs:.··-·CJIS-5.500092710:·6773·3a0a·2020·2d20·434a·4953·2d35·2e35··gs:.··-·CJIS-5.5
Offset 37505, 22 lines modifiedOffset 37505, 22 lines modified
00092800:·2d20·6e61·6d65·3a20·456e·7375·7265·206f··-·name:·Ensure·o00092800:·2d20·6e61·6d65·3a20·456e·7375·7265·206f··-·name:·Ensure·o
Max diff block lines reached; 9350/18614 bytes (50.23%) of diff not shown.
5.7 KB
html2text {}
    
Offset 39, 15 lines modifiedOffset 39, 15 lines modified
39 *****·Profile·Information·*****39 *****·Profile·Information·*****
40 Profile·Title·CIS·Aliyun·Linux·2·Benchmark·for·Level·140 Profile·Title·CIS·Aliyun·Linux·2·Benchmark·for·Level·1
41 Profile·ID····xccdf_org.ssgproject.content_profile_cis_l141 Profile·ID····xccdf_org.ssgproject.content_profile_cis_l1
42 ***·CPE·Platforms·***42 ***·CPE·Platforms·***
43 ····*·cpe:/o:alinux:alibaba_cloud_linux:243 ····*·cpe:/o:alinux:alibaba_cloud_linux:2
44 *****·Revision·History·*****44 *****·Revision·History·*****
45 Current·version:·0.1.6545 Current·version:·0.1.65
46 ····*·draft·(as·of·2024-01-14)46 ····*·draft·(as·of·2025-02-15)
47 *****·Table·of·Contents·*****47 *****·Table·of·Contents·*****
48 ···1.·System_Settings48 ···1.·System_Settings
49 ·········1.·Installing_and_Maintaining_Software49 ·········1.·Installing_and_Maintaining_Software
50 ·········2.·Account_and_Access_Control50 ·········2.·Account_and_Access_Control
51 ·········3.·GRUB2_bootloader_configuration51 ·········3.·GRUB2_bootloader_configuration
52 ·········4.·Configure_Syslog52 ·········4.·Configure_Syslog
53 ·········5.·Network_Configuration_and_Firewalls53 ·········5.·Network_Configuration_and_Firewalls
Offset 2423, 16 lines modifiedOffset 2423, 16 lines modified
2423 ··-·no_reboot_needed2423 ··-·no_reboot_needed
  
2424 -·name:·Test·for·existence·/boot/grub2/grub.cfg2424 -·name:·Test·for·existence·/boot/grub2/grub.cfg
2425 ··stat:2425 ··stat:
2426 ····path:·/boot/grub2/grub.cfg2426 ····path:·/boot/grub2/grub.cfg
2427 ··register:·file_exists2427 ··register:·file_exists
2428 ··when:2428 ··when:
2429 ··-·'"grub2-common"·in·ansible_facts.packages' 
2430 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'2429 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 2430 ··-·'"grub2-common"·in·ansible_facts.packages'
2431 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2431 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2432 ··tags:2432 ··tags:
2433 ··-·CJIS-5.5.2.22433 ··-·CJIS-5.5.2.2
2434 ··-·NIST-800-171-3.4.52434 ··-·NIST-800-171-3.4.5
2435 ··-·NIST-800-53-AC-6(1)2435 ··-·NIST-800-53-AC-6(1)
2436 ··-·NIST-800-53-CM-6(a)2436 ··-·NIST-800-53-CM-6(a)
2437 ··-·PCI-DSS-Req-7.12437 ··-·PCI-DSS-Req-7.1
Offset 2444, 16 lines modifiedOffset 2444, 16 lines modified
2444 ··-·no_reboot_needed2444 ··-·no_reboot_needed
  
2445 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg2445 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
2446 ··file:2446 ··file:
2447 ····path:·/boot/grub2/grub.cfg2447 ····path:·/boot/grub2/grub.cfg
2448 ····group:·'0'2448 ····group:·'0'
2449 ··when:2449 ··when:
2450 ··-·'"grub2-common"·in·ansible_facts.packages' 
2451 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'2450 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 2451 ··-·'"grub2-common"·in·ansible_facts.packages'
2452 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2452 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2453 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists2453 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
2454 ··tags:2454 ··tags:
2455 ··-·CJIS-5.5.2.22455 ··-·CJIS-5.5.2.2
2456 ··-·NIST-800-171-3.4.52456 ··-·NIST-800-171-3.4.5
2457 ··-·NIST-800-53-AC-6(1)2457 ··-·NIST-800-53-AC-6(1)
2458 ··-·NIST-800-53-CM-6(a)2458 ··-·NIST-800-53-CM-6(a)
Offset 2465, 15 lines modifiedOffset 2465, 15 lines modified
2465 ··-·medium_severity2465 ··-·medium_severity
2466 ··-·no_reboot_needed2466 ··-·no_reboot_needed
2467 Remediation_Shell_script_⇲2467 Remediation_Shell_script_⇲
2468 Complexity:·low2468 Complexity:·low
2469 Disruption:·low2469 Disruption:·low
2470 Strategy:···configure2470 Strategy:···configure
2471 #·Remediation·is·applicable·only·in·certain·platforms2471 #·Remediation·is·applicable·only·in·certain·platforms
2472 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};2472 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};
2473 then2473 then
  
2474 chgrp·0·/boot/grub2/grub.cfg2474 chgrp·0·/boot/grub2/grub.cfg
  
2475 else2475 else
2476 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'2476 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
2477 fi2477 fi
Offset 2511, 16 lines modifiedOffset 2511, 16 lines modified
2511 ··-·no_reboot_needed2511 ··-·no_reboot_needed
  
2512 -·name:·Test·for·existence·/boot/grub2/grub.cfg2512 -·name:·Test·for·existence·/boot/grub2/grub.cfg
2513 ··stat:2513 ··stat:
2514 ····path:·/boot/grub2/grub.cfg2514 ····path:·/boot/grub2/grub.cfg
2515 ··register:·file_exists2515 ··register:·file_exists
2516 ··when:2516 ··when:
2517 ··-·'"grub2-common"·in·ansible_facts.packages' 
2518 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'2517 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 2518 ··-·'"grub2-common"·in·ansible_facts.packages'
2519 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2519 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2520 ··tags:2520 ··tags:
2521 ··-·CJIS-5.5.2.22521 ··-·CJIS-5.5.2.2
2522 ··-·NIST-800-171-3.4.52522 ··-·NIST-800-171-3.4.5
2523 ··-·NIST-800-53-AC-6(1)2523 ··-·NIST-800-53-AC-6(1)
2524 ··-·NIST-800-53-CM-6(a)2524 ··-·NIST-800-53-CM-6(a)
2525 ··-·PCI-DSS-Req-7.12525 ··-·PCI-DSS-Req-7.1
Offset 2532, 16 lines modifiedOffset 2532, 16 lines modified
2532 ··-·no_reboot_needed2532 ··-·no_reboot_needed
  
2533 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg2533 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
2534 ··file:2534 ··file:
2535 ····path:·/boot/grub2/grub.cfg2535 ····path:·/boot/grub2/grub.cfg
2536 ····owner:·'0'2536 ····owner:·'0'
2537 ··when:2537 ··when:
2538 ··-·'"grub2-common"·in·ansible_facts.packages' 
2539 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'2538 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 2539 ··-·'"grub2-common"·in·ansible_facts.packages'
2540 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2540 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2541 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists2541 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
2542 ··tags:2542 ··tags:
2543 ··-·CJIS-5.5.2.22543 ··-·CJIS-5.5.2.2
2544 ··-·NIST-800-171-3.4.52544 ··-·NIST-800-171-3.4.5
2545 ··-·NIST-800-53-AC-6(1)2545 ··-·NIST-800-53-AC-6(1)
2546 ··-·NIST-800-53-CM-6(a)2546 ··-·NIST-800-53-CM-6(a)
Offset 2553, 15 lines modifiedOffset 2553, 15 lines modified
2553 ··-·medium_severity2553 ··-·medium_severity
2554 ··-·no_reboot_needed2554 ··-·no_reboot_needed
2555 Remediation_Shell_script_⇲2555 Remediation_Shell_script_⇲
2556 Complexity:·low2556 Complexity:·low
2557 Disruption:·low2557 Disruption:·low
2558 Strategy:···configure2558 Strategy:···configure
2559 #·Remediation·is·applicable·only·in·certain·platforms2559 #·Remediation·is·applicable·only·in·certain·platforms
2560 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};2560 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};
2561 then2561 then
  
2562 chown·0·/boot/grub2/grub.cfg2562 chown·0·/boot/grub2/grub.cfg
  
2563 else2563 else
2564 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'2564 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
2565 fi2565 fi
Offset 2597, 16 lines modifiedOffset 2597, 16 lines modified
2597 ··-·no_reboot_needed2597 ··-·no_reboot_needed
  
2598 -·name:·Test·for·existence·/boot/grub2/grub.cfg2598 -·name:·Test·for·existence·/boot/grub2/grub.cfg
2599 ··stat:2599 ··stat:
2600 ····path:·/boot/grub2/grub.cfg2600 ····path:·/boot/grub2/grub.cfg
2601 ··register:·file_exists2601 ··register:·file_exists
2602 ··when:2602 ··when:
Max diff block lines reached; 1488/5816 bytes (25.58%) of diff not shown.
1.86 KB
./usr/share/doc/ssg-nondebian/ssg-alinux2-guide-standard.html
    
Offset 14290, 15 lines modifiedOffset 14290, 15 lines modified
00037d10:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v00037d10:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v
00037d20:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>00037d20:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>
00037d30:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><00037d30:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><
00037d40:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro00037d40:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro
00037d50:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong00037d50:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong
00037d60:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············00037d60:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············
00037d70:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·20200037d70:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·202
00037d80:·342d·3031·2d31·3429·0a20·2020·2020·2020··4-01-14).·······00037d80:·352d·3032·2d31·3529·0a20·2020·2020·2020··5-02-15).·······
00037d90:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></00037d90:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></
00037da0:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab00037da0:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab
00037db0:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</00037db0:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</
00037dc0:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr00037dc0:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr
00037dd0:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s00037dd0:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s
00037de0:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten00037de0:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten
00037df0:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">00037df0:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">
648 B
html2text {}
    
Offset 39, 15 lines modifiedOffset 39, 15 lines modified
39 *****·Profile·Information·*****39 *****·Profile·Information·*****
40 Profile·Title·Standard·System·Security·Profile·for·Alibaba·Cloud·Linux·240 Profile·Title·Standard·System·Security·Profile·for·Alibaba·Cloud·Linux·2
41 Profile·ID····xccdf_org.ssgproject.content_profile_standard41 Profile·ID····xccdf_org.ssgproject.content_profile_standard
42 ***·CPE·Platforms·***42 ***·CPE·Platforms·***
43 ····*·cpe:/o:alinux:alibaba_cloud_linux:243 ····*·cpe:/o:alinux:alibaba_cloud_linux:2
44 *****·Revision·History·*****44 *****·Revision·History·*****
45 Current·version:·0.1.6545 Current·version:·0.1.65
46 ····*·draft·(as·of·2024-01-14)46 ····*·draft·(as·of·2025-02-15)
47 *****·Table·of·Contents·*****47 *****·Table·of·Contents·*****
48 ···1.·System_Settings48 ···1.·System_Settings
49 ·········1.·Installing_and_Maintaining_Software49 ·········1.·Installing_and_Maintaining_Software
50 ·········2.·System_Accounting_with_auditd50 ·········2.·System_Accounting_with_auditd
51 ·········3.·Network_Configuration_and_Firewalls51 ·········3.·Network_Configuration_and_Firewalls
52 ·········4.·File_Permissions_and_Masks52 ·········4.·File_Permissions_and_Masks
53 ···2.·Services53 ···2.·Services
110 KB
./usr/share/doc/ssg-nondebian/ssg-alinux3-guide-cis.html
    
Offset 14295, 15 lines modifiedOffset 14295, 15 lines modified
00037d60:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>00037d60:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>
00037d70:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:00037d70:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:
00037d80:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<00037d80:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<
00037d90:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>00037d90:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>
00037da0:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf00037da0:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf
00037db0:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····00037db0:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····
00037dc0:·2020·2020·2020·2020·2020·2020·2020·2028·················(00037dc0:·2020·2020·2020·2020·2020·2020·2020·2028·················(
00037dd0:·6173·206f·6620·3230·3234·2d30·312d·3134··as·of·2024-01-1400037dd0:·6173·206f·6620·3230·3235·2d30·322d·3135··as·of·2025-02-15
00037de0:·290a·2020·2020·2020·2020·2020·2020·2020··).··············00037de0:·290a·2020·2020·2020·2020·2020·2020·2020··).··············
00037df0:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di00037df0:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di
00037e00:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C00037e00:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C
00037e10:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>00037e10:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>
00037e20:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc00037e20:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc
00037e30:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje00037e30:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje
00037e40:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group00037e40:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group
Offset 41914, 22 lines modifiedOffset 41914, 22 lines modified
000a3b90:·6e65·6564·6564·0a20·202d·2072·6573·7472··needed.··-·restr000a3b90:·6e65·6564·6564·0a20·202d·2072·6573·7472··needed.··-·restr
000a3ba0:·6963·745f·7374·7261·7465·6779·0a0a·2d20··ict_strategy..-·000a3ba0:·6963·745f·7374·7261·7465·6779·0a0a·2d20··ict_strategy..-·
000a3bb0:·6e61·6d65·3a20·5365·7420·6172·6368·6974··name:·Set·archit000a3bb0:·6e61·6d65·3a20·5365·7420·6172·6368·6974··name:·Set·archit
000a3bc0:·6563·7475·7265·2066·6f72·2061·7564·6974··ecture·for·audit000a3bc0:·6563·7475·7265·2066·6f72·2061·7564·6974··ecture·for·audit
000a3bd0:·2074·6173·6b73·0a20·2073·6574·5f66·6163···tasks.··set_fac000a3bd0:·2074·6173·6b73·0a20·2073·6574·5f66·6163···tasks.··set_fac
000a3be0:·743a·0a20·2020·2061·7564·6974·5f61·7263··t:.····audit_arc000a3be0:·743a·0a20·2020·2061·7564·6974·5f61·7263··t:.····audit_arc
000a3bf0:·683a·2062·3634·0a20·2077·6865·6e3a·0a20··h:·b64.··when:.·000a3bf0:·683a·2062·3634·0a20·2077·6865·6e3a·0a20··h:·b64.··when:.·
000a3c00:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu 
000a3c10:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n 
000a3c20:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker", 
000a3c30:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz" 
000a3c40:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con 
000a3c50:·7461·696e·6572·225d·0a20·202d·2027·2261··tainer"].··-·'"a 
000a3c60:·7564·6974·2220·696e·2061·6e73·6962·6c65··udit"·in·ansible 
000a3c70:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'000a3c00:·202d·2027·2261·7564·6974·2220·696e·2061···-·'"audit"·in·a
 000a3c10:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
 000a3c20:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib
 000a3c30:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio
 000a3c40:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["
 000a3c50:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·
 000a3c60:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma
 000a3c70:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]
000a3c80:·0a20·202d·2061·6e73·6962·6c65·5f61·7263··.··-·ansible_arc000a3c80:·0a20·202d·2061·6e73·6962·6c65·5f61·7263··.··-·ansible_arc
000a3c90:·6869·7465·6374·7572·6520·3d3d·2022·6161··hitecture·==·"aa000a3c90:·6869·7465·6374·7572·6520·3d3d·2022·6161··hitecture·==·"aa
000a3ca0:·7263·6836·3422·206f·7220·616e·7369·626c··rch64"·or·ansibl000a3ca0:·7263·6836·3422·206f·7220·616e·7369·626c··rch64"·or·ansibl
000a3cb0:·655f·6172·6368·6974·6563·7475·7265·203d··e_architecture·=000a3cb0:·655f·6172·6368·6974·6563·7475·7265·203d··e_architecture·=
000a3cc0:·3d20·2270·7063·3634·2220·6f72·2061·6e73··=·"ppc64"·or·ans000a3cc0:·3d20·2270·7063·3634·2220·6f72·2061·6e73··=·"ppc64"·or·ans
000a3cd0:·6962·6c65·5f61·7263·6869·7465·6374·7572··ible_architectur000a3cd0:·6962·6c65·5f61·7263·6869·7465·6374·7572··ible_architectur
000a3ce0:·650a·2020·2020·3d3d·2022·7070·6336·346c··e.····==·"ppc64l000a3ce0:·650a·2020·2020·3d3d·2022·7070·6336·346c··e.····==·"ppc64l
Offset 42226, 23 lines modifiedOffset 42226, 23 lines modified
000a4f10:·6d65·5f72·756c·6573·0a20·2020·2020·2063··me_rules.······c000a4f10:·6d65·5f72·756c·6573·0a20·2020·2020·2063··me_rules.······c
000a4f20:·7265·6174·653a·2074·7275·650a·2020·2020··reate:·true.····000a4f20:·7265·6174·653a·2074·7275·650a·2020·2020··reate:·true.····
000a4f30:·2020·6d6f·6465·3a20·6f2d·7277·780a·2020····mode:·o-rwx.··000a4f30:·2020·6d6f·6465·3a20·6f2d·7277·780a·2020····mode:·o-rwx.··
000a4f40:·2020·2020·7374·6174·653a·2070·7265·7365······state:·prese000a4f40:·2020·2020·7374·6174·653a·2070·7265·7365······state:·prese
000a4f50:·6e74·0a20·2020·2077·6865·6e3a·2073·7973··nt.····when:·sys000a4f50:·6e74·0a20·2020·2077·6865·6e3a·2073·7973··nt.····when:·sys
000a4f60:·6361·6c6c·735f·666f·756e·6420·7c20·6c65··calls_found·|·le000a4f60:·6361·6c6c·735f·666f·756e·6420·7c20·6c65··calls_found·|·le
000a4f70:·6e67·7468·203d·3d20·300a·2020·7768·656e··ngth·==·0.··when000a4f70:·6e67·7468·203d·3d20·300a·2020·7768·656e··ngth·==·0.··when
000a4f80:·3a0a·2020·2d20·616e·7369·626c·655f·7669··:.··-·ansible_vi 
000a4f90:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ 
000a4fa0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke 
000a4fb0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open 
000a4fc0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·" 
000a4fd0:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-· 
000a4fe0:·2722·6175·6469·7422·2069·6e20·616e·7369··'"audit"·in·ansi 
000a4ff0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag000a4f80:·3a0a·2020·2d20·2722·6175·6469·7422·2069··:.··-·'"audit"·i
 000a4f90:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
 000a4fa0:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an
 000a4fb0:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
 000a4fc0:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
 000a4fd0:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
 000a4fe0:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
 000a4ff0:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
000a5000:·6573·270a·2020·7461·6773·3a0a·2020·2d20··es'.··tags:.··-·000a5000:·7222·5d0a·2020·7461·6773·3a0a·2020·2d20··r"].··tags:.··-·
000a5010:·434a·4953·2d35·2e34·2e31·2e31·0a20·202d··CJIS-5.4.1.1.··-000a5010:·434a·4953·2d35·2e34·2e31·2e31·0a20·202d··CJIS-5.4.1.1.··-
000a5020:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.000a5020:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.
000a5030:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-800000a5030:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-800
000a5040:·2d35·332d·4143·2d36·2839·290a·2020·2d20··-53-AC-6(9).··-·000a5040:·2d35·332d·4143·2d36·2839·290a·2020·2d20··-53-AC-6(9).··-·
000a5050:·4e49·5354·2d38·3030·2d35·332d·4155·2d31··NIST-800-53-AU-1000a5050:·4e49·5354·2d38·3030·2d35·332d·4155·2d31··NIST-800-53-AU-1
000a5060:·3228·6329·0a20·202d·204e·4953·542d·3830··2(c).··-·NIST-80000a5060:·3228·6329·0a20·202d·204e·4953·542d·3830··2(c).··-·NIST-80
000a5070:·302d·3533·2d41·552d·3228·6429·0a20·202d··0-53-AU-2(d).··-000a5070:·302d·3533·2d41·552d·3228·6429·0a20·202d··0-53-AU-2(d).··-
Offset 42526, 22 lines modifiedOffset 42526, 22 lines modified
000a61d0:·756c·6573·0a20·2020·2020·2063·7265·6174··ules.······creat000a61d0:·756c·6573·0a20·2020·2020·2063·7265·6174··ules.······creat
000a61e0:·653a·2074·7275·650a·2020·2020·2020·6d6f··e:·true.······mo000a61e0:·653a·2074·7275·650a·2020·2020·2020·6d6f··e:·true.······mo
000a61f0:·6465·3a20·6f2d·7277·780a·2020·2020·2020··de:·o-rwx.······000a61f0:·6465·3a20·6f2d·7277·780a·2020·2020·2020··de:·o-rwx.······
000a6200:·7374·6174·653a·2070·7265·7365·6e74·0a20··state:·present.·000a6200:·7374·6174·653a·2070·7265·7365·6e74·0a20··state:·present.·
000a6210:·2020·2077·6865·6e3a·2073·7973·6361·6c6c·····when:·syscall000a6210:·2020·2077·6865·6e3a·2073·7973·6361·6c6c·····when:·syscall
000a6220:·735f·666f·756e·6420·7c20·6c65·6e67·7468··s_found·|·length000a6220:·735f·666f·756e·6420·7c20·6c65·6e67·7468··s_found·|·length
000a6230:·203d·3d20·300a·2020·7768·656e·3a0a·2020···==·0.··when:.··000a6230:·203d·3d20·300a·2020·7768·656e·3a0a·2020···==·0.··when:.··
000a6240:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua 
000a6250:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no 
000a6260:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",· 
000a6270:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz", 
000a6280:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont 
000a6290:·6169·6e65·7222·5d0a·2020·2d20·2722·6175··ainer"].··-·'"au 
000a62a0:·6469·7422·2069·6e20·616e·7369·626c·655f··dit"·in·ansible_ 
000a62b0:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.000a6240:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an
 000a6250:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
 000a6260:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl
 000a6270:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
 000a6280:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
 000a6290:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
 000a62a0:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
 000a62b0:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].
000a62c0:·2020·2d20·6175·6469·745f·6172·6368·203d····-·audit_arch·=000a62c0:·2020·2d20·6175·6469·745f·6172·6368·203d····-·audit_arch·=
000a62d0:·3d20·2262·3634·220a·2020·7461·6773·3a0a··=·"b64".··tags:.000a62d0:·3d20·2262·3634·220a·2020·7461·6773·3a0a··=·"b64".··tags:.
000a62e0:·2020·2d20·434a·4953·2d35·2e34·2e31·2e31····-·CJIS-5.4.1.1000a62e0:·2020·2d20·434a·4953·2d35·2e34·2e31·2e31····-·CJIS-5.4.1.1
000a62f0:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17000a62f0:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17
000a6300:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST000a6300:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST
000a6310:·2d38·3030·2d35·332d·4143·2d36·2839·290a··-800-53-AC-6(9).000a6310:·2d38·3030·2d35·332d·4143·2d36·2839·290a··-800-53-AC-6(9).
000a6320:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-000a6320:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-
Offset 43403, 22 lines modifiedOffset 43403, 22 lines modified
000a98a0:·6565·6465·640a·2020·2d20·7265·7374·7269··eeded.··-·restri000a98a0:·6565·6465·640a·2020·2d20·7265·7374·7269··eeded.··-·restri
000a98b0:·6374·5f73·7472·6174·6567·790a·0a2d·206e··ct_strategy..-·n000a98b0:·6374·5f73·7472·6174·6567·790a·0a2d·206e··ct_strategy..-·n
000a98c0:·616d·653a·2053·6574·2061·7263·6869·7465··ame:·Set·archite000a98c0:·616d·653a·2053·6574·2061·7263·6869·7465··ame:·Set·archite
000a98d0:·6374·7572·6520·666f·7220·6175·6469·7420··cture·for·audit·000a98d0:·6374·7572·6520·666f·7220·6175·6469·7420··cture·for·audit·
000a98e0:·7461·736b·730a·2020·7365·745f·6661·6374··tasks.··set_fact000a98e0:·7461·736b·730a·2020·7365·745f·6661·6374··tasks.··set_fact
000a98f0:·3a0a·2020·2020·6175·6469·745f·6172·6368··:.····audit_arch000a98f0:·3a0a·2020·2020·6175·6469·745f·6172·6368··:.····audit_arch
000a9900:·3a20·6236·340a·2020·7768·656e·3a0a·2020··:·b64.··when:.··000a9900:·3a20·6236·340a·2020·7768·656e·3a0a·2020··:·b64.··when:.··
000a9910:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua 
000a9920:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no 
000a9930:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",· 
000a9940:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz", 
000a9950:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont 
000a9960:·6169·6e65·7222·5d0a·2020·2d20·2722·6175··ainer"].··-·'"au 
000a9970:·6469·7422·2069·6e20·616e·7369·626c·655f··dit"·in·ansible_ 
000a9980:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.000a9910:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an
 000a9920:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
 000a9930:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl
 000a9940:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
 000a9950:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
 000a9960:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
Max diff block lines reached; 77388/86626 bytes (89.34%) of diff not shown.
25.5 KB
html2text {}
    
Offset 40, 15 lines modifiedOffset 40, 15 lines modified
40 *****·Profile·Information·*****40 *****·Profile·Information·*****
41 Profile·Title·CIS·Benchmark·for·Alibaba·Cloud·Linux·3·for·Level·241 Profile·Title·CIS·Benchmark·for·Alibaba·Cloud·Linux·3·for·Level·2
42 Profile·ID····xccdf_org.ssgproject.content_profile_cis42 Profile·ID····xccdf_org.ssgproject.content_profile_cis
43 ***·CPE·Platforms·***43 ***·CPE·Platforms·***
44 ····*·cpe:/o:alinux:alibaba_cloud_linux:344 ····*·cpe:/o:alinux:alibaba_cloud_linux:3
45 *****·Revision·History·*****45 *****·Revision·History·*****
46 Current·version:·0.1.6546 Current·version:·0.1.65
47 ····*·draft·(as·of·2024-01-14)47 ····*·draft·(as·of·2025-02-15)
48 *****·Table·of·Contents·*****48 *****·Table·of·Contents·*****
49 ···1.·System_Settings49 ···1.·System_Settings
50 ·········1.·Installing_and_Maintaining_Software50 ·········1.·Installing_and_Maintaining_Software
51 ·········2.·Account_and_Access_Control51 ·········2.·Account_and_Access_Control
52 ·········3.·System_Accounting_with_auditd52 ·········3.·System_Accounting_with_auditd
53 ·········4.·GRUB2_bootloader_configuration53 ·········4.·GRUB2_bootloader_configuration
54 ·········5.·Configure_Syslog54 ·········5.·Configure_Syslog
Offset 3024, 16 lines modifiedOffset 3024, 16 lines modified
3024 ··-·no_reboot_needed3024 ··-·no_reboot_needed
3025 ··-·restrict_strategy3025 ··-·restrict_strategy
  
3026 -·name:·Set·architecture·for·audit·tasks3026 -·name:·Set·architecture·for·audit·tasks
3027 ··set_fact:3027 ··set_fact:
3028 ····audit_arch:·b643028 ····audit_arch:·b64
3029 ··when:3029 ··when:
3030 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3031 ··-·'"audit"·in·ansible_facts.packages'3030 ··-·'"audit"·in·ansible_facts.packages'
 3031 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3032 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture3032 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
3033 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"3033 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
3034 ··tags:3034 ··tags:
3035 ··-·CJIS-5.4.1.13035 ··-·CJIS-5.4.1.1
3036 ··-·NIST-800-171-3.1.73036 ··-·NIST-800-171-3.1.7
3037 ··-·NIST-800-53-AC-6(9)3037 ··-·NIST-800-53-AC-6(9)
3038 ··-·NIST-800-53-AU-12(c)3038 ··-·NIST-800-53-AU-12(c)
Offset 3166, 16 lines modifiedOffset 3166, 16 lines modified
3166 ······path:·'{{·audit_file·}}'3166 ······path:·'{{·audit_file·}}'
3167 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_time_rules3167 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_time_rules
3168 ······create:·true3168 ······create:·true
3169 ······mode:·o-rwx3169 ······mode:·o-rwx
3170 ······state:·present3170 ······state:·present
3171 ····when:·syscalls_found·|·length·==·03171 ····when:·syscalls_found·|·length·==·0
3172 ··when:3172 ··when:
3173 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3174 ··-·'"audit"·in·ansible_facts.packages'3173 ··-·'"audit"·in·ansible_facts.packages'
 3174 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3175 ··tags:3175 ··tags:
3176 ··-·CJIS-5.4.1.13176 ··-·CJIS-5.4.1.1
3177 ··-·NIST-800-171-3.1.73177 ··-·NIST-800-171-3.1.7
3178 ··-·NIST-800-53-AC-6(9)3178 ··-·NIST-800-53-AC-6(9)
3179 ··-·NIST-800-53-AU-12(c)3179 ··-·NIST-800-53-AU-12(c)
3180 ··-·NIST-800-53-AU-2(d)3180 ··-·NIST-800-53-AU-2(d)
3181 ··-·NIST-800-53-CM-6(a)3181 ··-·NIST-800-53-CM-6(a)
Offset 3305, 16 lines modifiedOffset 3305, 16 lines modified
3305 ······path:·'{{·audit_file·}}'3305 ······path:·'{{·audit_file·}}'
3306 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_time_rules3306 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_time_rules
3307 ······create:·true3307 ······create:·true
3308 ······mode:·o-rwx3308 ······mode:·o-rwx
3309 ······state:·present3309 ······state:·present
3310 ····when:·syscalls_found·|·length·==·03310 ····when:·syscalls_found·|·length·==·0
3311 ··when:3311 ··when:
3312 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3313 ··-·'"audit"·in·ansible_facts.packages'3312 ··-·'"audit"·in·ansible_facts.packages'
 3313 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3314 ··-·audit_arch·==·"b64"3314 ··-·audit_arch·==·"b64"
3315 ··tags:3315 ··tags:
3316 ··-·CJIS-5.4.1.13316 ··-·CJIS-5.4.1.1
3317 ··-·NIST-800-171-3.1.73317 ··-·NIST-800-171-3.1.7
3318 ··-·NIST-800-53-AC-6(9)3318 ··-·NIST-800-53-AC-6(9)
3319 ··-·NIST-800-53-AU-12(c)3319 ··-·NIST-800-53-AU-12(c)
3320 ··-·NIST-800-53-AU-2(d)3320 ··-·NIST-800-53-AU-2(d)
Offset 3380, 16 lines modifiedOffset 3380, 16 lines modified
3380 ··-·no_reboot_needed3380 ··-·no_reboot_needed
3381 ··-·restrict_strategy3381 ··-·restrict_strategy
  
3382 -·name:·Set·architecture·for·audit·tasks3382 -·name:·Set·architecture·for·audit·tasks
3383 ··set_fact:3383 ··set_fact:
3384 ····audit_arch:·b643384 ····audit_arch:·b64
3385 ··when:3385 ··when:
3386 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3387 ··-·'"audit"·in·ansible_facts.packages'3386 ··-·'"audit"·in·ansible_facts.packages'
 3387 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3388 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture3388 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
3389 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"3389 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
3390 ··tags:3390 ··tags:
3391 ··-·CJIS-5.4.1.13391 ··-·CJIS-5.4.1.1
3392 ··-·NIST-800-171-3.1.73392 ··-·NIST-800-171-3.1.7
3393 ··-·NIST-800-53-AC-6(9)3393 ··-·NIST-800-53-AC-6(9)
3394 ··-·NIST-800-53-AU-12(c)3394 ··-·NIST-800-53-AU-12(c)
Offset 3518, 16 lines modifiedOffset 3518, 16 lines modified
3518 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a0=0x0·-F3518 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a0=0x0·-F
3519 ········key=time-change3519 ········key=time-change
3520 ······create:·true3520 ······create:·true
3521 ······mode:·o-rwx3521 ······mode:·o-rwx
3522 ······state:·present3522 ······state:·present
3523 ····when:·syscalls_found·|·length·==·03523 ····when:·syscalls_found·|·length·==·0
3524 ··when:3524 ··when:
3525 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3526 ··-·'"audit"·in·ansible_facts.packages'3525 ··-·'"audit"·in·ansible_facts.packages'
 3526 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3527 ··tags:3527 ··tags:
3528 ··-·CJIS-5.4.1.13528 ··-·CJIS-5.4.1.1
3529 ··-·NIST-800-171-3.1.73529 ··-·NIST-800-171-3.1.7
3530 ··-·NIST-800-53-AC-6(9)3530 ··-·NIST-800-53-AC-6(9)
3531 ··-·NIST-800-53-AU-12(c)3531 ··-·NIST-800-53-AU-12(c)
3532 ··-·NIST-800-53-AU-2(d)3532 ··-·NIST-800-53-AU-2(d)
3533 ··-·NIST-800-53-CM-6(a)3533 ··-·NIST-800-53-CM-6(a)
Offset 3654, 16 lines modifiedOffset 3654, 16 lines modified
3654 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a0=0x0·-F3654 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a0=0x0·-F
3655 ········key=time-change3655 ········key=time-change
3656 ······create:·true3656 ······create:·true
3657 ······mode:·o-rwx3657 ······mode:·o-rwx
3658 ······state:·present3658 ······state:·present
3659 ····when:·syscalls_found·|·length·==·03659 ····when:·syscalls_found·|·length·==·0
3660 ··when:3660 ··when:
3661 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3662 ··-·'"audit"·in·ansible_facts.packages'3661 ··-·'"audit"·in·ansible_facts.packages'
 3662 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3663 ··-·audit_arch·==·"b64"3663 ··-·audit_arch·==·"b64"
3664 ··tags:3664 ··tags:
3665 ··-·CJIS-5.4.1.13665 ··-·CJIS-5.4.1.1
3666 ··-·NIST-800-171-3.1.73666 ··-·NIST-800-171-3.1.7
3667 ··-·NIST-800-53-AC-6(9)3667 ··-·NIST-800-53-AC-6(9)
3668 ··-·NIST-800-53-AU-12(c)3668 ··-·NIST-800-53-AU-12(c)
3669 ··-·NIST-800-53-AU-2(d)3669 ··-·NIST-800-53-AU-2(d)
Offset 3851, 16 lines modifiedOffset 3851, 16 lines modified
3851 ······path:·'{{·audit_file·}}'3851 ······path:·'{{·audit_file·}}'
3852 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_time_rules3852 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_time_rules
3853 ······create:·true3853 ······create:·true
Max diff block lines reached; 21391/26041 bytes (82.14%) of diff not shown.
23.8 KB
./usr/share/doc/ssg-nondebian/ssg-alinux3-guide-cis_l1.html
    
Offset 14295, 16 lines modifiedOffset 14295, 16 lines modified
00037d60:·696f·6e20·4869·7374·6f72·793c·2f68·323e··ion·History</h2>00037d60:·696f·6e20·4869·7374·6f72·793c·2f68·323e··ion·History</h2>
00037d70:·3c70·3e43·7572·7265·6e74·2076·6572·7369··<p>Current·versi00037d70:·3c70·3e43·7572·7265·6e74·2076·6572·7369··<p>Current·versi
00037d80:·6f6e·3a20·3c73·7472·6f6e·673e·302e·312e··on:·<strong>0.1.00037d80:·6f6e·3a20·3c73·7472·6f6e·673e·302e·312e··on:·<strong>0.1.
00037d90:·3635·3c2f·7374·726f·6e67·3e3c·2f70·3e3c··65</strong></p><00037d90:·3635·3c2f·7374·726f·6e67·3e3c·2f70·3e3c··65</strong></p><
00037da0:·756c·3e3c·6c69·3e3c·7374·726f·6e67·3e64··ul><li><strong>d00037da0:·756c·3e3c·6c69·3e3c·7374·726f·6e67·3e64··ul><li><strong>d
00037db0:·7261·6674·3c2f·7374·726f·6e67·3e0a·2020··raft</strong>.··00037db0:·7261·6674·3c2f·7374·726f·6e67·3e0a·2020··raft</strong>.··
00037dc0:·2020·2020·2020·2020·2020·2020·2020·2020··················00037dc0:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037dd0:·2020·2861·7320·6f66·2032·3032·342d·3031····(as·of·2024-0100037dd0:·2020·2861·7320·6f66·2032·3032·352d·3032····(as·of·2025-02
00037de0:·2d31·3429·0a20·2020·2020·2020·2020·2020··-14).···········00037de0:·2d31·3529·0a20·2020·2020·2020·2020·2020··-15).···········
00037df0:·2020·2020·203c·2f6c·693e·3c2f·756c·3e3c·······</li></ul><00037df0:·2020·2020·203c·2f6c·693e·3c2f·756c·3e3c·······</li></ul><
00037e00:·2f64·6976·3e3c·6832·3e54·6162·6c65·206f··/div><h2>Table·o00037e00:·2f64·6976·3e3c·6832·3e54·6162·6c65·206f··/div><h2>Table·o
00037e10:·6620·436f·6e74·656e·7473·3c2f·6832·3e3c··f·Contents</h2><00037e10:·6620·436f·6e74·656e·7473·3c2f·6832·3e3c··f·Contents</h2><
00037e20:·6f6c·3e3c·6c69·3e3c·6120·6872·6566·3d22··ol><li><a·href="00037e20:·6f6c·3e3c·6c69·3e3c·6120·6872·6566·3d22··ol><li><a·href="
00037e30:·2378·6363·6466·5f6f·7267·2e73·7367·7072··#xccdf_org.ssgpr00037e30:·2378·6363·6466·5f6f·7267·2e73·7367·7072··#xccdf_org.ssgpr
00037e40:·6f6a·6563·742e·636f·6e74·656e·745f·6772··oject.content_gr00037e40:·6f6a·6563·742e·636f·6e74·656e·745f·6772··oject.content_gr
00037e50:·6f75·705f·7379·7374·656d·223e·5379·7374··oup_system">Syst00037e50:·6f75·705f·7379·7374·656d·223e·5379·7374··oup_system">Syst
Offset 40145, 21 lines modifiedOffset 40145, 21 lines modified
0009cd00:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc0009cd00:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc
0009cd10:·6520·2f62·6f6f·742f·6772·7562·322f·6772··e·/boot/grub2/gr0009cd10:·6520·2f62·6f6f·742f·6772·7562·322f·6772··e·/boot/grub2/gr
0009cd20:·7562·2e63·6667·0a20·2073·7461·743a·0a20··ub.cfg.··stat:.·0009cd20:·7562·2e63·6667·0a20·2073·7461·743a·0a20··ub.cfg.··stat:.·
0009cd30:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g0009cd30:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g
0009cd40:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··0009cd40:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··
0009cd50:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e0009cd50:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e
0009cd60:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··0009cd60:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··
0009cd70:·2d20·2722·2f62·6f6f·742f·6566·6922·2069··-·'"/boot/efi"·i 
0009cd80:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts 
0009cd90:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute 
0009cda0:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list 
0009cdb0:·270a·2020·2d20·2722·6772·7562·322d·636f··'.··-·'"grub2-co0009cd70:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common
0009cdc0:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible0009cd80:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
0009cdd0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'0009cd90:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-
 0009cda0:·2027·222f·626f·6f74·2f65·6669·2220·696e···'"/boot/efi"·in
 0009cdb0:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts·
 0009cdc0:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute=
 0009cdd0:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list'
0009cde0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir0009cde0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
0009cdf0:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type0009cdf0:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
0009ce00:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker0009ce00:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
0009ce10:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv0009ce10:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
0009ce20:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c0009ce20:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
0009ce30:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag0009ce30:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag
0009ce40:·733a·0a20·202d·2043·4a49·532d·352e·352e··s:.··-·CJIS-5.5.0009ce40:·733a·0a20·202d·2043·4a49·532d·352e·352e··s:.··-·CJIS-5.5.
Offset 40181, 21 lines modifiedOffset 40181, 21 lines modified
0009cf40:·456e·7375·7265·2067·726f·7570·206f·776e··Ensure·group·own0009cf40:·456e·7375·7265·2067·726f·7570·206f·776e··Ensure·group·own
0009cf50:·6572·2030·206f·6e20·2f62·6f6f·742f·6772··er·0·on·/boot/gr0009cf50:·6572·2030·206f·6e20·2f62·6f6f·742f·6772··er·0·on·/boot/gr
0009cf60:·7562·322f·6772·7562·2e63·6667·0a20·2066··ub2/grub.cfg.··f0009cf60:·7562·322f·6772·7562·2e63·6667·0a20·2066··ub2/grub.cfg.··f
0009cf70:·696c·653a·0a20·2020·2070·6174·683a·202f··ile:.····path:·/0009cf70:·696c·653a·0a20·2020·2070·6174·683a·202f··ile:.····path:·/
0009cf80:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.0009cf80:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
0009cf90:·6366·670a·2020·2020·6772·6f75·703a·2027··cfg.····group:·'0009cf90:·6366·670a·2020·2020·6772·6f75·703a·2027··cfg.····group:·'
0009cfa0:·3027·0a20·2077·6865·6e3a·0a20·202d·2027··0'.··when:.··-·'0009cfa0:·3027·0a20·2077·6865·6e3a·0a20·202d·2027··0'.··when:.··-·'
0009cfb0:·222f·626f·6f74·2f65·6669·2220·696e·2061··"/boot/efi"·in·a 
0009cfc0:·6e73·6962·6c65·5f6d·6f75·6e74·7320·7c20··nsible_mounts·|· 
0009cfd0:·6d61·7028·6174·7472·6962·7574·653d·226d··map(attribute="m 
0009cfe0:·6f75·6e74·2229·207c·206c·6973·7427·0a20··ount")·|·list'.· 
0009cff0:·202d·2027·2267·7275·6232·2d63·6f6d·6d6f···-·'"grub2-commo0009cfb0:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i
0009d000:·6e22·2069·6e20·616e·7369·626c·655f·6661··n"·in·ansible_fa0009cfc0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
0009d010:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··0009cfd0:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'"
 0009cfe0:·2f62·6f6f·742f·6566·6922·2069·6e20·616e··/boot/efi"·in·an
 0009cff0:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m
 0009d000:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo
 0009d010:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.··
0009d020:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua0009d020:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
0009d030:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no0009d030:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
0009d040:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·0009d040:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
0009d050:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",0009d050:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
0009d060:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont0009d060:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
0009d070:·6169·6e65·7222·5d0a·2020·2d20·6669·6c65··ainer"].··-·file0009d070:·6169·6e65·7222·5d0a·2020·2d20·6669·6c65··ainer"].··-·file
0009d080:·5f65·7869·7374·732e·7374·6174·2069·7320··_exists.stat·is·0009d080:·5f65·7869·7374·732e·7374·6174·2069·7320··_exists.stat·is·
Offset 40246, 19 lines modifiedOffset 40246, 19 lines modified
0009d350:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<0009d350:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<
0009d360:·2f74·683e·3c74·643e·636f·6e66·6967·7572··/th><td>configur0009d360:·2f74·683e·3c74·643e·636f·6e66·6967·7572··/th><td>configur
0009d370:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab0009d370:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab
0009d380:·6c65·3e3c·7072·653e·3c63·6f64·653e·2320··le><pre><code>#·0009d380:·6c65·3e3c·7072·653e·3c63·6f64·653e·2320··le><pre><code>#·
0009d390:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a0009d390:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a
0009d3a0:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i0009d3a0:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i
0009d3b0:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo0009d3b0:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo
 0009d3c0:·726d·730a·6966·2072·706d·202d·2d71·7569··rms.if·rpm·--qui
0009d3c0:·726d·730a·6966·205b·202d·6620·2f73·7973··rms.if·[·-f·/sys 
0009d3d0:·2f66·6972·6d77·6172·652f·6566·6920·5d20··/firmware/efi·]· 
0009d3e0:·2661·6d70·3b26·616d·703b·2072·706d·202d··&amp;&amp;·rpm·- 
0009d3f0:·2d71·7569·6574·202d·7120·6772·7562·322d··-quiet·-q·grub2-0009d3d0:·6574·202d·7120·6772·7562·322d·636f·6d6d··et·-q·grub2-comm
0009d400:·636f·6d6d·6f6e·2026·616d·703b·2661·6d70··common·&amp;&amp0009d3e0:·6f6e·2026·616d·703b·2661·6d70·3b20·5b20··on·&amp;&amp;·[·
 0009d3f0:·2d66·202f·7379·732f·6669·726d·7761·7265··-f·/sys/firmware
 0009d400:·2f65·6669·205d·2026·616d·703b·2661·6d70··/efi·]·&amp;&amp
0009d410:·3b20·7b20·5b20·2120·2d66·202f·2e64·6f63··;·{·[·!·-f·/.doc0009d410:·3b20·7b20·5b20·2120·2d66·202f·2e64·6f63··;·{·[·!·-f·/.doc
0009d420:·6b65·7265·6e76·205d·2026·616d·703b·2661··kerenv·]·&amp;&a0009d420:·6b65·7265·6e76·205d·2026·616d·703b·2661··kerenv·]·&amp;&a
0009d430:·6d70·3b20·5b20·2120·2d66·202f·7275·6e2f··mp;·[·!·-f·/run/0009d430:·6d70·3b20·5b20·2120·2d66·202f·7275·6e2f··mp;·[·!·-f·/run/
0009d440:·2e63·6f6e·7461·696e·6572·656e·7620·5d3b··.containerenv·];0009d440:·2e63·6f6e·7461·696e·6572·656e·7620·5d3b··.containerenv·];
0009d450:·207d·3b20·7468·656e·0a0a·6368·6772·7020···};·then..chgrp·0009d450:·207d·3b20·7468·656e·0a0a·6368·6772·7020···};·then..chgrp·
0009d460:·3020·2f62·6f6f·742f·6772·7562·322f·6772··0·/boot/grub2/gr0009d460:·3020·2f62·6f6f·742f·6772·7562·322f·6772··0·/boot/grub2/gr
0009d470:·7562·2e63·6667·0a0a·656c·7365·0a20·2020··ub.cfg..else.···0009d470:·7562·2e63·6667·0a0a·656c·7365·0a20·2020··ub.cfg..else.···
Offset 40637, 22 lines modifiedOffset 40637, 22 lines modified
0009ebc0:·2d20·6e61·6d65·3a20·5465·7374·2066·6f72··-·name:·Test·for0009ebc0:·2d20·6e61·6d65·3a20·5465·7374·2066·6f72··-·name:·Test·for
0009ebd0:·2065·7869·7374·656e·6365·202f·626f·6f74···existence·/boot0009ebd0:·2065·7869·7374·656e·6365·202f·626f·6f74···existence·/boot
0009ebe0:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.0009ebe0:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.
0009ebf0:·2020·7374·6174·3a0a·2020·2020·7061·7468····stat:.····path0009ebf0:·2020·7374·6174·3a0a·2020·2020·7061·7468····stat:.····path
0009ec00:·3a20·2f62·6f6f·742f·6772·7562·322f·6772··:·/boot/grub2/gr0009ec00:·3a20·2f62·6f6f·742f·6772·7562·322f·6772··:·/boot/grub2/gr
0009ec10:·7562·2e63·6667·0a20·2072·6567·6973·7465··ub.cfg.··registe0009ec10:·7562·2e63·6667·0a20·2072·6567·6973·7465··ub.cfg.··registe
0009ec20:·723a·2066·696c·655f·6578·6973·7473·0a20··r:·file_exists.·0009ec20:·723a·2066·696c·655f·6578·6973·7473·0a20··r:·file_exists.·
0009ec30:·2077·6865·6e3a·0a20·202d·2027·222f·626f···when:.··-·'"/bo0009ec30:·2077·6865·6e3a·0a20·202d·2027·2267·7275···when:.··-·'"gru
0009ec40:·6f74·2f65·6669·2220·696e·2061·6e73·6962··ot/efi"·in·ansib 
0009ec50:·6c65·5f6d·6f75·6e74·7320·7c20·6d61·7028··le_mounts·|·map( 
0009ec60:·6174·7472·6962·7574·653d·226d·6f75·6e74··attribute="mount 
0009ec70:·2229·207c·206c·6973·7427·0a20·202d·2027··")·|·list'.··-·' 
0009ec80:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i0009ec40:·6232·2d63·6f6d·6d6f·6e22·2069·6e20·616e··b2-common"·in·an
0009ec90:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0009ec50:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
0009eca0:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an0009ec60:·6167·6573·270a·2020·2d20·2722·2f62·6f6f··ages'.··-·'"/boo
 0009ec70:·742f·6566·6922·2069·6e20·616e·7369·626c··t/efi"·in·ansibl
 0009ec80:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a
 0009ec90:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount"
 0009eca0:·2920·7c20·6c69·7374·270a·2020·2d20·616e··)·|·list'.··-·an
0009ecb0:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza0009ecb0:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
0009ecc0:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in0009ecc0:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
0009ecd0:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc0009ecd0:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
0009ece0:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po0009ece0:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
0009ecf0:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe0009ecf0:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
0009ed00:·7222·5d0a·2020·7461·6773·3a0a·2020·2d20··r"].··tags:.··-·0009ed00:·7222·5d0a·2020·7461·6773·3a0a·2020·2d20··r"].··tags:.··-·
0009ed10:·434a·4953·2d35·2e35·2e32·2e32·0a20·202d··CJIS-5.5.2.2.··-0009ed10:·434a·4953·2d35·2e35·2e32·2e32·0a20·202d··CJIS-5.5.2.2.··-
Offset 40672, 22 lines modifiedOffset 40672, 22 lines modified
0009edf0:·6f6f·745f·6e65·6564·6564·0a0a·2d20·6e61··oot_needed..-·na0009edf0:·6f6f·745f·6e65·6564·6564·0a0a·2d20·6e61··oot_needed..-·na
0009ee00:·6d65·3a20·456e·7375·7265·206f·776e·6572··me:·Ensure·owner0009ee00:·6d65·3a20·456e·7375·7265·206f·776e·6572··me:·Ensure·owner
0009ee10:·2030·206f·6e20·2f62·6f6f·742f·6772·7562···0·on·/boot/grub0009ee10:·2030·206f·6e20·2f62·6f6f·742f·6772·7562···0·on·/boot/grub
0009ee20:·322f·6772·7562·2e63·6667·0a20·2066·696c··2/grub.cfg.··fil0009ee20:·322f·6772·7562·2e63·6667·0a20·2066·696c··2/grub.cfg.··fil
0009ee30:·653a·0a20·2020·2070·6174·683a·202f·626f··e:.····path:·/bo0009ee30:·653a·0a20·2020·2070·6174·683a·202f·626f··e:.····path:·/bo
0009ee40:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf0009ee40:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
0009ee50:·670a·2020·2020·6f77·6e65·723a·2027·3027··g.····owner:·'0'0009ee50:·670a·2020·2020·6f77·6e65·723a·2027·3027··g.····owner:·'0'
0009ee60:·0a20·2077·6865·6e3a·0a20·202d·2027·222f··.··when:.··-·'"/0009ee60:·0a20·2077·6865·6e3a·0a20·202d·2027·2267··.··when:.··-·'"g
Max diff block lines reached; 7694/18338 bytes (41.96%) of diff not shown.
5.74 KB
html2text {}
    
Offset 40, 15 lines modifiedOffset 40, 15 lines modified
40 *****·Profile·Information·*****40 *****·Profile·Information·*****
41 Profile·Title·CIS·Benchmark·for·Alibaba·Cloud·Linux·3·for·Level·141 Profile·Title·CIS·Benchmark·for·Alibaba·Cloud·Linux·3·for·Level·1
42 Profile·ID····xccdf_org.ssgproject.content_profile_cis_l142 Profile·ID····xccdf_org.ssgproject.content_profile_cis_l1
43 ***·CPE·Platforms·***43 ***·CPE·Platforms·***
44 ····*·cpe:/o:alinux:alibaba_cloud_linux:344 ····*·cpe:/o:alinux:alibaba_cloud_linux:3
45 *****·Revision·History·*****45 *****·Revision·History·*****
46 Current·version:·0.1.6546 Current·version:·0.1.65
47 ····*·draft·(as·of·2024-01-14)47 ····*·draft·(as·of·2025-02-15)
48 *****·Table·of·Contents·*****48 *****·Table·of·Contents·*****
49 ···1.·System_Settings49 ···1.·System_Settings
50 ·········1.·Installing_and_Maintaining_Software50 ·········1.·Installing_and_Maintaining_Software
51 ·········2.·Account_and_Access_Control51 ·········2.·Account_and_Access_Control
52 ·········3.·GRUB2_bootloader_configuration52 ·········3.·GRUB2_bootloader_configuration
53 ·········4.·Configure_Syslog53 ·········4.·Configure_Syslog
54 ·········5.·Network_Configuration_and_Firewalls54 ·········5.·Network_Configuration_and_Firewalls
Offset 3075, 16 lines modifiedOffset 3075, 16 lines modified
3075 ··-·no_reboot_needed3075 ··-·no_reboot_needed
  
3076 -·name:·Test·for·existence·/boot/grub2/grub.cfg3076 -·name:·Test·for·existence·/boot/grub2/grub.cfg
3077 ··stat:3077 ··stat:
3078 ····path:·/boot/grub2/grub.cfg3078 ····path:·/boot/grub2/grub.cfg
3079 ··register:·file_exists3079 ··register:·file_exists
3080 ··when:3080 ··when:
3081 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3082 ··-·'"grub2-common"·in·ansible_facts.packages'3081 ··-·'"grub2-common"·in·ansible_facts.packages'
 3082 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
3083 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3083 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3084 ··tags:3084 ··tags:
3085 ··-·CJIS-5.5.2.23085 ··-·CJIS-5.5.2.2
3086 ··-·NIST-800-171-3.4.53086 ··-·NIST-800-171-3.4.5
3087 ··-·NIST-800-53-AC-6(1)3087 ··-·NIST-800-53-AC-6(1)
3088 ··-·NIST-800-53-CM-6(a)3088 ··-·NIST-800-53-CM-6(a)
3089 ··-·PCI-DSS-Req-7.13089 ··-·PCI-DSS-Req-7.1
Offset 3096, 16 lines modifiedOffset 3096, 16 lines modified
3096 ··-·no_reboot_needed3096 ··-·no_reboot_needed
  
3097 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg3097 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
3098 ··file:3098 ··file:
3099 ····path:·/boot/grub2/grub.cfg3099 ····path:·/boot/grub2/grub.cfg
3100 ····group:·'0'3100 ····group:·'0'
3101 ··when:3101 ··when:
3102 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3103 ··-·'"grub2-common"·in·ansible_facts.packages'3102 ··-·'"grub2-common"·in·ansible_facts.packages'
 3103 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
3104 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3104 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3105 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists3105 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
3106 ··tags:3106 ··tags:
3107 ··-·CJIS-5.5.2.23107 ··-·CJIS-5.5.2.2
3108 ··-·NIST-800-171-3.4.53108 ··-·NIST-800-171-3.4.5
3109 ··-·NIST-800-53-AC-6(1)3109 ··-·NIST-800-53-AC-6(1)
3110 ··-·NIST-800-53-CM-6(a)3110 ··-·NIST-800-53-CM-6(a)
Offset 3117, 15 lines modifiedOffset 3117, 15 lines modified
3117 ··-·medium_severity3117 ··-·medium_severity
3118 ··-·no_reboot_needed3118 ··-·no_reboot_needed
3119 Remediation_Shell_script_⇲3119 Remediation_Shell_script_⇲
3120 Complexity:·low3120 Complexity:·low
3121 Disruption:·low3121 Disruption:·low
3122 Strategy:···configure3122 Strategy:···configure
3123 #·Remediation·is·applicable·only·in·certain·platforms3123 #·Remediation·is·applicable·only·in·certain·platforms
3124 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/3124 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/
3125 run/.containerenv·];·};·then3125 run/.containerenv·];·};·then
  
3126 chgrp·0·/boot/grub2/grub.cfg3126 chgrp·0·/boot/grub2/grub.cfg
  
3127 else3127 else
3128 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'3128 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
3129 fi3129 fi
Offset 3162, 16 lines modifiedOffset 3162, 16 lines modified
3162 ··-·no_reboot_needed3162 ··-·no_reboot_needed
  
3163 -·name:·Test·for·existence·/boot/grub2/grub.cfg3163 -·name:·Test·for·existence·/boot/grub2/grub.cfg
3164 ··stat:3164 ··stat:
3165 ····path:·/boot/grub2/grub.cfg3165 ····path:·/boot/grub2/grub.cfg
3166 ··register:·file_exists3166 ··register:·file_exists
3167 ··when:3167 ··when:
3168 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3169 ··-·'"grub2-common"·in·ansible_facts.packages'3168 ··-·'"grub2-common"·in·ansible_facts.packages'
 3169 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
3170 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3170 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3171 ··tags:3171 ··tags:
3172 ··-·CJIS-5.5.2.23172 ··-·CJIS-5.5.2.2
3173 ··-·NIST-800-171-3.4.53173 ··-·NIST-800-171-3.4.5
3174 ··-·NIST-800-53-AC-6(1)3174 ··-·NIST-800-53-AC-6(1)
3175 ··-·NIST-800-53-CM-6(a)3175 ··-·NIST-800-53-CM-6(a)
3176 ··-·PCI-DSS-Req-7.13176 ··-·PCI-DSS-Req-7.1
Offset 3183, 16 lines modifiedOffset 3183, 16 lines modified
3183 ··-·no_reboot_needed3183 ··-·no_reboot_needed
  
3184 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg3184 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
3185 ··file:3185 ··file:
3186 ····path:·/boot/grub2/grub.cfg3186 ····path:·/boot/grub2/grub.cfg
3187 ····owner:·'0'3187 ····owner:·'0'
3188 ··when:3188 ··when:
3189 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3190 ··-·'"grub2-common"·in·ansible_facts.packages'3189 ··-·'"grub2-common"·in·ansible_facts.packages'
 3190 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
3191 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3191 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3192 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists3192 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
3193 ··tags:3193 ··tags:
3194 ··-·CJIS-5.5.2.23194 ··-·CJIS-5.5.2.2
3195 ··-·NIST-800-171-3.4.53195 ··-·NIST-800-171-3.4.5
3196 ··-·NIST-800-53-AC-6(1)3196 ··-·NIST-800-53-AC-6(1)
3197 ··-·NIST-800-53-CM-6(a)3197 ··-·NIST-800-53-CM-6(a)
Offset 3204, 15 lines modifiedOffset 3204, 15 lines modified
3204 ··-·medium_severity3204 ··-·medium_severity
3205 ··-·no_reboot_needed3205 ··-·no_reboot_needed
3206 Remediation_Shell_script_⇲3206 Remediation_Shell_script_⇲
3207 Complexity:·low3207 Complexity:·low
3208 Disruption:·low3208 Disruption:·low
3209 Strategy:···configure3209 Strategy:···configure
3210 #·Remediation·is·applicable·only·in·certain·platforms3210 #·Remediation·is·applicable·only·in·certain·platforms
3211 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/3211 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/
3212 run/.containerenv·];·};·then3212 run/.containerenv·];·};·then
  
3213 chown·0·/boot/grub2/grub.cfg3213 chown·0·/boot/grub2/grub.cfg
  
3214 else3214 else
3215 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'3215 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
3216 fi3216 fi
Offset 3247, 16 lines modifiedOffset 3247, 16 lines modified
3247 ··-·no_reboot_needed3247 ··-·no_reboot_needed
  
3248 -·name:·Test·for·existence·/boot/grub2/grub.cfg3248 -·name:·Test·for·existence·/boot/grub2/grub.cfg
3249 ··stat:3249 ··stat:
3250 ····path:·/boot/grub2/grub.cfg3250 ····path:·/boot/grub2/grub.cfg
3251 ··register:·file_exists3251 ··register:·file_exists
3252 ··when:3252 ··when:
Max diff block lines reached; 1501/5852 bytes (25.65%) of diff not shown.
4.68 KB
./usr/share/doc/ssg-nondebian/ssg-alinux3-guide-standard.html
    
Offset 14290, 15 lines modifiedOffset 14290, 15 lines modified
00037d10:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v00037d10:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v
00037d20:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>00037d20:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>
00037d30:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><00037d30:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><
00037d40:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro00037d40:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro
00037d50:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong00037d50:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong
00037d60:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············00037d60:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············
00037d70:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·20200037d70:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·202
00037d80:·342d·3031·2d31·3429·0a20·2020·2020·2020··4-01-14).·······00037d80:·352d·3032·2d31·3529·0a20·2020·2020·2020··5-02-15).·······
00037d90:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></00037d90:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></
00037da0:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab00037da0:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab
00037db0:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</00037db0:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</
00037dc0:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr00037dc0:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr
00037dd0:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s00037dd0:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s
00037de0:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten00037de0:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten
00037df0:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">00037df0:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">
Offset 22916, 20 lines modifiedOffset 22916, 20 lines modified
00059830:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll00059830:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
00059840:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i00059840:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i
00059850:·643d·2269·646d·3134·3333·3722·3e3c·7072··d="idm14337"><pr00059850:·643d·2269·646d·3134·3333·3722·3e3c·7072··d="idm14337"><pr
00059860:·653e·3c63·6f64·653e·2320·5265·6d65·6469··e><code>#·Remedi00059860:·653e·3c63·6f64·653e·2320·5265·6d65·6469··e><code>#·Remedi
00059870:·6174·696f·6e20·6973·2061·7070·6c69·6361··ation·is·applica00059870:·6174·696f·6e20·6973·2061·7070·6c69·6361··ation·is·applica
00059880:·626c·6520·6f6e·6c79·2069·6e20·6365·7274··ble·only·in·cert00059880:·626c·6520·6f6e·6c79·2069·6e20·6365·7274··ble·only·in·cert
00059890:·6169·6e20·706c·6174·666f·726d·730a·6966··ain·platforms.if00059890:·6169·6e20·706c·6174·666f·726d·730a·6966··ain·platforms.if
 000598a0:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q·
 000598b0:·6175·6469·7420·2661·6d70·3b26·616d·703b··audit·&amp;&amp;
000598a0:·205b·2021·202d·6620·2f2e·646f·636b·6572···[·!·-f·/.docker000598c0:·205b·2021·202d·6620·2f2e·646f·636b·6572···[·!·-f·/.docker
000598b0:·656e·7620·5d20·2661·6d70·3b26·616d·703b··env·]·&amp;&amp;000598d0:·656e·7620·5d20·2661·6d70·3b26·616d·703b··env·]·&amp;&amp;
000598c0:·205b·2021·202d·6620·2f72·756e·2f2e·636f···[·!·-f·/run/.co000598e0:·205b·2021·202d·6620·2f72·756e·2f2e·636f···[·!·-f·/run/.co
000598d0:·6e74·6169·6e65·7265·6e76·205d·2026·616d··ntainerenv·]·&am000598f0:·6e74·6169·6e65·7265·6e76·205d·3b20·7468··ntainerenv·];·th
000598e0:·703b·2661·6d70·3b20·7270·6d20·2d2d·7175··p;&amp;·rpm·--qu 
000598f0:·6965·7420·2d71·2061·7564·6974·3b20·7468··iet·-q·audit;·th 
00059900:·656e·0a0a·2320·4669·7273·7420·7065·7266··en..#·First·perf00059900:·656e·0a0a·2320·4669·7273·7420·7065·7266··en..#·First·perf
00059910:·6f72·6d20·7468·6520·7265·6d65·6469·6174··orm·the·remediat00059910:·6f72·6d20·7468·6520·7265·6d65·6469·6174··orm·the·remediat
00059920:·696f·6e20·6f66·2074·6865·2073·7973·6361··ion·of·the·sysca00059920:·696f·6e20·6f66·2074·6865·2073·7973·6361··ion·of·the·sysca
00059930:·6c6c·2072·756c·650a·2320·5265·7472·6965··ll·rule.#·Retrie00059930:·6c6c·2072·756c·650a·2320·5265·7472·6965··ll·rule.#·Retrie
00059940:·7665·2068·6172·6477·6172·6520·6172·6368··ve·hardware·arch00059940:·7665·2068·6172·6477·6172·6520·6172·6368··ve·hardware·arch
00059950:·6974·6563·7475·7265·206f·6620·7468·6520··itecture·of·the·00059950:·6974·6563·7475·7265·206f·6620·7468·6520··itecture·of·the·
00059960:·756e·6465·726c·7969·6e67·2073·7973·7465··underlying·syste00059960:·756e·6465·726c·7969·6e67·2073·7973·7465··underlying·syste
1.68 KB
html2text {}
    
Offset 39, 15 lines modifiedOffset 39, 15 lines modified
39 *****·Profile·Information·*****39 *****·Profile·Information·*****
40 Profile·Title·Standard·System·Security·Profile·for·Alibaba·Cloud·Linux·340 Profile·Title·Standard·System·Security·Profile·for·Alibaba·Cloud·Linux·3
41 Profile·ID····xccdf_org.ssgproject.content_profile_standard41 Profile·ID····xccdf_org.ssgproject.content_profile_standard
42 ***·CPE·Platforms·***42 ***·CPE·Platforms·***
43 ····*·cpe:/o:alinux:alibaba_cloud_linux:343 ····*·cpe:/o:alinux:alibaba_cloud_linux:3
44 *****·Revision·History·*****44 *****·Revision·History·*****
45 Current·version:·0.1.6545 Current·version:·0.1.65
46 ····*·draft·(as·of·2024-01-14)46 ····*·draft·(as·of·2025-02-15)
47 *****·Table·of·Contents·*****47 *****·Table·of·Contents·*****
48 ···1.·System_Settings48 ···1.·System_Settings
49 ·········1.·Installing_and_Maintaining_Software49 ·········1.·Installing_and_Maintaining_Software
50 ·········2.·System_Accounting_with_auditd50 ·········2.·System_Accounting_with_auditd
51 ·········3.·File_Permissions_and_Masks51 ·········3.·File_Permissions_and_Masks
52 ···2.·Services52 ···2.·Services
53 ·········1.·Base_Services53 ·········1.·Base_Services
Offset 943, 15 lines modifiedOffset 943, 15 lines modified
943 ············4.1,·SR_4.3,·SR_5.1,·SR_5.2,·SR_5.3,·SR_6.1,·SR_6.2,·SR_7.1,·SR_7.6,·A.11.2.6,943 ············4.1,·SR_4.3,·SR_5.1,·SR_5.2,·SR_5.3,·SR_6.1,·SR_6.2,·SR_7.1,·SR_7.6,·A.11.2.6,
944 ············A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.7.1,·A.13.1.1,·A.13.2.1,·A.14.1.3,944 ············A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.7.1,·A.13.1.1,·A.13.2.1,·A.14.1.3,
945 ············A.14.2.7,·A.15.2.1,·A.15.2.2,·A.16.1.4,·A.16.1.5,·A.16.1.7,·A.6.2.1,·A.6.2.2,·AU-2(d),945 ············A.14.2.7,·A.15.2.1,·A.15.2.2,·A.16.1.4,·A.16.1.5,·A.16.1.7,·A.6.2.1,·A.6.2.2,·AU-2(d),
946 ············AU-12(c),·AC-6(9),·CM-6(a),·DE.AE-3,·DE.AE-5,·DE.CM-1,·DE.CM-3,·DE.CM-7,·ID.SC-4,946 ············AU-12(c),·AC-6(9),·CM-6(a),·DE.AE-3,·DE.AE-5,·DE.CM-1,·DE.CM-3,·DE.CM-7,·ID.SC-4,
947 ············PR.AC-3,·PR.PT-1,·PR.PT-4,·RS.AN-1,·RS.AN-4,·Req-10.2.7947 ············PR.AC-3,·PR.PT-1,·PR.PT-4,·RS.AN-1,·RS.AN-4,·Req-10.2.7
948 Remediation_Shell_script_⇲948 Remediation_Shell_script_⇲
949 #·Remediation·is·applicable·only·in·certain·platforms949 #·Remediation·is·applicable·only·in·certain·platforms
950 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then950 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
951 #·First·perform·the·remediation·of·the·syscall·rule951 #·First·perform·the·remediation·of·the·syscall·rule
952 #·Retrieve·hardware·architecture·of·the·underlying·system952 #·Retrieve·hardware·architecture·of·the·underlying·system
953 #·Note:·32-bit·and·64-bit·kernel·syscall·numbers·not·always·line·up·=>953 #·Note:·32-bit·and·64-bit·kernel·syscall·numbers·not·always·line·up·=>
954 #·······it's·required·on·a·64-bit·system·to·check·also·for·the·presence954 #·······it's·required·on·a·64-bit·system·to·check·also·for·the·presence
955 #·······of·32-bit's·equivalent·of·the·corresponding·rule.955 #·······of·32-bit's·equivalent·of·the·corresponding·rule.
956 #·······(See·`man·7·audit.rules`·for·details·)956 #·······(See·`man·7·audit.rules`·for·details·)
24.2 KB
./usr/share/doc/ssg-nondebian/ssg-anolis8-guide-standard.html
    
Offset 14280, 16 lines modifiedOffset 14280, 16 lines modified
00037c70:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p00037c70:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p
00037c80:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version00037c80:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version
00037c90:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.6500037c90:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.65
00037ca0:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul00037ca0:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul
00037cb0:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra00037cb0:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra
00037cc0:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····00037cc0:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····
00037cd0:·2020·2020·2020·2020·2020·2020·2020·2020··················00037cd0:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037ce0:·2861·7320·6f66·2032·3032·342d·3031·2d31··(as·of·2024-01-100037ce0:·2861·7320·6f66·2032·3032·352d·3032·2d31··(as·of·2025-02-1
00037cf0:·3429·0a20·2020·2020·2020·2020·2020·2020··4).·············00037cf0:·3529·0a20·2020·2020·2020·2020·2020·2020··5).·············
00037d00:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d00037d00:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d
00037d10:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·00037d10:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·
00037d20:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol00037d20:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol
00037d30:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x00037d30:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x
00037d40:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj00037d40:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj
00037d50:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou00037d50:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou
00037d60:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System00037d60:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System
Offset 37661, 22 lines modifiedOffset 37661, 22 lines modified
000931c0:·616d·653a·2054·6573·7420·666f·7220·6578··ame:·Test·for·ex000931c0:·616d·653a·2054·6573·7420·666f·7220·6578··ame:·Test·for·ex
000931d0:·6973·7465·6e63·6520·2f62·6f6f·742f·6772··istence·/boot/gr000931d0:·6973·7465·6e63·6520·2f62·6f6f·742f·6772··istence·/boot/gr
000931e0:·7562·322f·6772·7562·2e63·6667·0a20·2073··ub2/grub.cfg.··s000931e0:·7562·322f·6772·7562·2e63·6667·0a20·2073··ub2/grub.cfg.··s
000931f0:·7461·743a·0a20·2020·2070·6174·683a·202f··tat:.····path:·/000931f0:·7461·743a·0a20·2020·2070·6174·683a·202f··tat:.····path:·/
00093200:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.00093200:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
00093210:·6366·670a·2020·7265·6769·7374·6572·3a20··cfg.··register:·00093210:·6366·670a·2020·7265·6769·7374·6572·3a20··cfg.··register:·
00093220:·6669·6c65·5f65·7869·7374·730a·2020·7768··file_exists.··wh00093220:·6669·6c65·5f65·7869·7374·730a·2020·7768··file_exists.··wh
00093230:·656e·3a0a·2020·2d20·2722·6772·7562·322d··en:.··-·'"grub2-00093230:·656e·3a0a·2020·2d20·2722·2f62·6f6f·742f··en:.··-·'"/boot/
00093240:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib 
00093250:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package 
00093260:·7327·0a20·202d·2027·222f·626f·6f74·2f65··s'.··-·'"/boot/e 
00093270:·6669·2220·6e6f·7420·696e·2061·6e73·6962··fi"·not·in·ansib 
00093280:·6c65·5f6d·6f75·6e74·7320·7c20·6d61·7028··le_mounts·|·map( 
00093290:·6174·7472·6962·7574·653d·226d·6f75·6e74··attribute="mount 
000932a0:·2229·207c·206c·6973·7427·0a20·202d·2061··")·|·list'.··-·a00093240:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi
 00093250:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map
 00093260:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun
 00093270:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-·
 00093280:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"·
 00093290:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 000932a0:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a
000932b0:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz000932b0:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
000932c0:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i000932c0:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
000932d0:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx000932d0:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
000932e0:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p000932e0:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
000932f0:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain000932f0:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
00093300:·6572·225d·0a20·2074·6167·733a·0a20·202d··er"].··tags:.··-00093300:·6572·225d·0a20·2074·6167·733a·0a20·202d··er"].··tags:.··-
00093310:·2043·4a49·532d·352e·352e·322e·320a·2020···CJIS-5.5.2.2.··00093310:·2043·4a49·532d·352e·352e·322e·320a·2020···CJIS-5.5.2.2.··
Offset 37697, 22 lines modifiedOffset 37697, 22 lines modified
00093400:·6e61·6d65·3a20·456e·7375·7265·2067·726f··name:·Ensure·gro00093400:·6e61·6d65·3a20·456e·7375·7265·2067·726f··name:·Ensure·gro
00093410:·7570·206f·776e·6572·2030·206f·6e20·2f62··up·owner·0·on·/b00093410:·7570·206f·776e·6572·2030·206f·6e20·2f62··up·owner·0·on·/b
00093420:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c00093420:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c
00093430:·6667·0a20·2066·696c·653a·0a20·2020·2070··fg.··file:.····p00093430:·6667·0a20·2066·696c·653a·0a20·2020·2070··fg.··file:.····p
00093440:·6174·683a·202f·626f·6f74·2f67·7275·6232··ath:·/boot/grub200093440:·6174·683a·202f·626f·6f74·2f67·7275·6232··ath:·/boot/grub2
00093450:·2f67·7275·622e·6366·670a·2020·2020·6772··/grub.cfg.····gr00093450:·2f67·7275·622e·6366·670a·2020·2020·6772··/grub.cfg.····gr
00093460:·6f75·703a·2027·3027·0a20·2077·6865·6e3a··oup:·'0'.··when:00093460:·6f75·703a·2027·3027·0a20·2077·6865·6e3a··oup:·'0'.··when:
00093470:·0a20·202d·2027·2267·7275·6232·2d63·6f6d··.··-·'"grub2-com 
00093480:·6d6f·6e22·2069·6e20·616e·7369·626c·655f··mon"·in·ansible_ 
00093490:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'. 
000934a0:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi" 
000934b0:·206e·6f74·2069·6e20·616e·7369·626c·655f···not·in·ansible_ 
000934c0:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att 
000934d0:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")·00093470:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi
 00093480:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible
 00093490:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at
 000934a0:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount")
 000934b0:·207c·206c·6973·7427·0a20·202d·2027·2267···|·list'.··-·'"g
 000934c0:·7275·6232·2d63·6f6d·6d6f·6e22·2069·6e20··rub2-common"·in·
 000934d0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
000934e0:·7c20·6c69·7374·270a·2020·2d20·616e·7369··|·list'.··-·ansi000934e0:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi
000934f0:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati000934f0:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
00093500:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[00093500:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
00093510:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",00093510:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
00093520:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm00093520:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
00093530:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"00093530:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
00093540:·5d0a·2020·2d20·6669·6c65·5f65·7869·7374··].··-·file_exist00093540:·5d0a·2020·2d20·6669·6c65·5f65·7869·7374··].··-·file_exist
00093550:·732e·7374·6174·2069·7320·6465·6669·6e65··s.stat·is·define00093550:·732e·7374·6174·2069·7320·6465·6669·6e65··s.stat·is·define
Offset 37762, 19 lines modifiedOffset 37762, 19 lines modified
00093810:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra00093810:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra
00093820:·7465·6779·3a3c·2f74·683e·3c74·643e·636f··tegy:</th><td>co00093820:·7465·6779·3a3c·2f74·683e·3c74·643e·636f··tegy:</th><td>co
00093830:·6e66·6967·7572·653c·2f74·643e·3c2f·7472··nfigure</td></tr00093830:·6e66·6967·7572·653c·2f74·643e·3c2f·7472··nfigure</td></tr
00093840:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c00093840:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c
00093850:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio00093850:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio
00093860:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·00093860:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·
00093870:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·00093870:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·
00093880:·706c·6174·666f·726d·730a·6966·2072·706d··platforms.if·rpm00093880:·706c·6174·666f·726d·730a·6966·205b·2021··platforms.if·[·!
00093890:·202d·2d71·7569·6574·202d·7120·6772·7562···--quiet·-q·grub 
000938a0:·322d·636f·6d6d·6f6e·2026·616d·703b·2661··2-common·&amp;&a 
000938b0:·6d70·3b20·5b20·2120·2d66·202f·7379·732f··mp;·[·!·-f·/sys/ 
000938c0:·6669·726d·7761·7265·2f65·6669·205d·2026··firmware/efi·]·&00093890:·202d·6620·2f73·7973·2f66·6972·6d77·6172···-f·/sys/firmwar
 000938a0:·652f·6566·6920·5d20·2661·6d70·3b26·616d··e/efi·]·&amp;&am
 000938b0:·703b·2072·706d·202d·2d71·7569·6574·202d··p;·rpm·--quiet·-
 000938c0:·7120·6772·7562·322d·636f·6d6d·6f6e·2026··q·grub2-common·&
000938d0:·616d·703b·2661·6d70·3b20·7b20·5b20·2120··amp;&amp;·{·[·!·000938d0:·616d·703b·2661·6d70·3b20·7b20·5b20·2120··amp;&amp;·{·[·!·
000938e0:·2d66·202f·2e64·6f63·6b65·7265·6e76·205d··-f·/.dockerenv·]000938e0:·2d66·202f·2e64·6f63·6b65·7265·6e76·205d··-f·/.dockerenv·]
000938f0:·2026·616d·703b·2661·6d70·3b20·5b20·2120···&amp;&amp;·[·!·000938f0:·2026·616d·703b·2661·6d70·3b20·5b20·2120···&amp;&amp;·[·!·
00093900:·2d66·202f·7275·6e2f·2e63·6f6e·7461·696e··-f·/run/.contain00093900:·2d66·202f·7275·6e2f·2e63·6f6e·7461·696e··-f·/run/.contain
00093910:·6572·656e·7620·5d3b·207d·3b20·7468·656e··erenv·];·};·then00093910:·6572·656e·7620·5d3b·207d·3b20·7468·656e··erenv·];·};·then
00093920:·0a0a·6368·6772·7020·3020·2f62·6f6f·742f··..chgrp·0·/boot/00093920:·0a0a·6368·6772·7020·3020·2f62·6f6f·742f··..chgrp·0·/boot/
00093930:·6772·7562·322f·6772·7562·2e63·6667·0a0a··grub2/grub.cfg..00093930:·6772·7562·322f·6772·7562·2e63·6667·0a0a··grub2/grub.cfg..
Offset 38236, 22 lines modifiedOffset 38236, 22 lines modified
000955b0:·3a20·5465·7374·2066·6f72·2065·7869·7374··:·Test·for·exist000955b0:·3a20·5465·7374·2066·6f72·2065·7869·7374··:·Test·for·exist
000955c0:·656e·6365·202f·626f·6f74·2f67·7275·6232··ence·/boot/grub2000955c0:·656e·6365·202f·626f·6f74·2f67·7275·6232··ence·/boot/grub2
000955d0:·2f67·7275·622e·6366·670a·2020·7374·6174··/grub.cfg.··stat000955d0:·2f67·7275·622e·6366·670a·2020·7374·6174··/grub.cfg.··stat
000955e0:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo000955e0:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo
000955f0:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg000955f0:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg
00095600:·0a20·2072·6567·6973·7465·723a·2066·696c··.··register:·fil00095600:·0a20·2072·6567·6973·7465·723a·2066·696c··.··register:·fil
00095610:·655f·6578·6973·7473·0a20·2077·6865·6e3a··e_exists.··when:00095610:·655f·6578·6973·7473·0a20·2077·6865·6e3a··e_exists.··when:
00095620:·0a20·202d·2027·2267·7275·6232·2d63·6f6d··.··-·'"grub2-com 
00095630:·6d6f·6e22·2069·6e20·616e·7369·626c·655f··mon"·in·ansible_ 
00095640:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'. 
00095650:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi" 
00095660:·206e·6f74·2069·6e20·616e·7369·626c·655f···not·in·ansible_ 
00095670:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att 
00095680:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")·00095620:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi
 00095630:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible
 00095640:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at
 00095650:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount")
 00095660:·207c·206c·6973·7427·0a20·202d·2027·2267···|·list'.··-·'"g
 00095670:·7275·6232·2d63·6f6d·6d6f·6e22·2069·6e20··rub2-common"·in·
 00095680:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
00095690:·7c20·6c69·7374·270a·2020·2d20·616e·7369··|·list'.··-·ansi00095690:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi
000956a0:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati000956a0:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
000956b0:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[000956b0:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
000956c0:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",000956c0:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
000956d0:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm000956d0:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
000956e0:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"000956e0:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
000956f0:·5d0a·2020·7461·6773·3a0a·2020·2d20·434a··].··tags:.··-·CJ000956f0:·5d0a·2020·7461·6773·3a0a·2020·2d20·434a··].··tags:.··-·CJ
00095700:·4953·2d35·2e35·2e32·2e32·0a20·202d·204e··IS-5.5.2.2.··-·N00095700:·4953·2d35·2e35·2e32·2e32·0a20·202d·204e··IS-5.5.2.2.··-·N
Offset 38271, 22 lines modifiedOffset 38271, 22 lines modified
Max diff block lines reached; 9626/18890 bytes (50.96%) of diff not shown.
5.63 KB
html2text {}
    
Offset 37, 15 lines modifiedOffset 37, 15 lines modified
37 *****·Profile·Information·*****37 *****·Profile·Information·*****
38 Profile·Title·Standard·System·Security·Profile·for·Anolis·OS·838 Profile·Title·Standard·System·Security·Profile·for·Anolis·OS·8
39 Profile·ID····xccdf_org.ssgproject.content_profile_standard39 Profile·ID····xccdf_org.ssgproject.content_profile_standard
40 ***·CPE·Platforms·***40 ***·CPE·Platforms·***
41 ····*·cpe:/o:anolis:anolis_os:841 ····*·cpe:/o:anolis:anolis_os:8
42 *****·Revision·History·*****42 *****·Revision·History·*****
43 Current·version:·0.1.6543 Current·version:·0.1.65
44 ····*·draft·(as·of·2024-01-14)44 ····*·draft·(as·of·2025-02-15)
45 *****·Table·of·Contents·*****45 *****·Table·of·Contents·*****
46 ···1.·System_Settings46 ···1.·System_Settings
47 ·········1.·Installing_and_Maintaining_Software47 ·········1.·Installing_and_Maintaining_Software
48 ·········2.·Account_and_Access_Control48 ·········2.·Account_and_Access_Control
49 ·········3.·System_Accounting_with_auditd49 ·········3.·System_Accounting_with_auditd
50 ·········4.·GRUB2_bootloader_configuration50 ·········4.·GRUB2_bootloader_configuration
51 ·········5.·Configure_Syslog51 ·········5.·Configure_Syslog
Offset 2699, 16 lines modifiedOffset 2699, 16 lines modified
2699 ··-·no_reboot_needed2699 ··-·no_reboot_needed
  
2700 -·name:·Test·for·existence·/boot/grub2/grub.cfg2700 -·name:·Test·for·existence·/boot/grub2/grub.cfg
2701 ··stat:2701 ··stat:
2702 ····path:·/boot/grub2/grub.cfg2702 ····path:·/boot/grub2/grub.cfg
2703 ··register:·file_exists2703 ··register:·file_exists
2704 ··when:2704 ··when:
2705 ··-·'"grub2-common"·in·ansible_facts.packages' 
2706 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'2705 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 2706 ··-·'"grub2-common"·in·ansible_facts.packages'
2707 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2707 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2708 ··tags:2708 ··tags:
2709 ··-·CJIS-5.5.2.22709 ··-·CJIS-5.5.2.2
2710 ··-·NIST-800-171-3.4.52710 ··-·NIST-800-171-3.4.5
2711 ··-·NIST-800-53-AC-6(1)2711 ··-·NIST-800-53-AC-6(1)
2712 ··-·NIST-800-53-CM-6(a)2712 ··-·NIST-800-53-CM-6(a)
2713 ··-·PCI-DSS-Req-7.12713 ··-·PCI-DSS-Req-7.1
Offset 2720, 16 lines modifiedOffset 2720, 16 lines modified
2720 ··-·no_reboot_needed2720 ··-·no_reboot_needed
  
2721 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg2721 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
2722 ··file:2722 ··file:
2723 ····path:·/boot/grub2/grub.cfg2723 ····path:·/boot/grub2/grub.cfg
2724 ····group:·'0'2724 ····group:·'0'
2725 ··when:2725 ··when:
2726 ··-·'"grub2-common"·in·ansible_facts.packages' 
2727 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'2726 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 2727 ··-·'"grub2-common"·in·ansible_facts.packages'
2728 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2728 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2729 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists2729 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
2730 ··tags:2730 ··tags:
2731 ··-·CJIS-5.5.2.22731 ··-·CJIS-5.5.2.2
2732 ··-·NIST-800-171-3.4.52732 ··-·NIST-800-171-3.4.5
2733 ··-·NIST-800-53-AC-6(1)2733 ··-·NIST-800-53-AC-6(1)
2734 ··-·NIST-800-53-CM-6(a)2734 ··-·NIST-800-53-CM-6(a)
Offset 2741, 15 lines modifiedOffset 2741, 15 lines modified
2741 ··-·medium_severity2741 ··-·medium_severity
2742 ··-·no_reboot_needed2742 ··-·no_reboot_needed
2743 Remediation_Shell_script_⇲2743 Remediation_Shell_script_⇲
2744 Complexity:·low2744 Complexity:·low
2745 Disruption:·low2745 Disruption:·low
2746 Strategy:···configure2746 Strategy:···configure
2747 #·Remediation·is·applicable·only·in·certain·platforms2747 #·Remediation·is·applicable·only·in·certain·platforms
2748 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/2748 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/
2749 run/.containerenv·];·};·then2749 run/.containerenv·];·};·then
  
2750 chgrp·0·/boot/grub2/grub.cfg2750 chgrp·0·/boot/grub2/grub.cfg
  
2751 else2751 else
2752 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'2752 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
2753 fi2753 fi
Offset 2788, 16 lines modifiedOffset 2788, 16 lines modified
2788 ··-·no_reboot_needed2788 ··-·no_reboot_needed
  
2789 -·name:·Test·for·existence·/boot/grub2/grub.cfg2789 -·name:·Test·for·existence·/boot/grub2/grub.cfg
2790 ··stat:2790 ··stat:
2791 ····path:·/boot/grub2/grub.cfg2791 ····path:·/boot/grub2/grub.cfg
2792 ··register:·file_exists2792 ··register:·file_exists
2793 ··when:2793 ··when:
2794 ··-·'"grub2-common"·in·ansible_facts.packages' 
2795 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'2794 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 2795 ··-·'"grub2-common"·in·ansible_facts.packages'
2796 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2796 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2797 ··tags:2797 ··tags:
2798 ··-·CJIS-5.5.2.22798 ··-·CJIS-5.5.2.2
2799 ··-·NIST-800-171-3.4.52799 ··-·NIST-800-171-3.4.5
2800 ··-·NIST-800-53-AC-6(1)2800 ··-·NIST-800-53-AC-6(1)
2801 ··-·NIST-800-53-CM-6(a)2801 ··-·NIST-800-53-CM-6(a)
2802 ··-·PCI-DSS-Req-7.12802 ··-·PCI-DSS-Req-7.1
Offset 2809, 16 lines modifiedOffset 2809, 16 lines modified
2809 ··-·no_reboot_needed2809 ··-·no_reboot_needed
  
2810 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg2810 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
2811 ··file:2811 ··file:
2812 ····path:·/boot/grub2/grub.cfg2812 ····path:·/boot/grub2/grub.cfg
2813 ····owner:·'0'2813 ····owner:·'0'
2814 ··when:2814 ··when:
2815 ··-·'"grub2-common"·in·ansible_facts.packages' 
2816 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'2815 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 2816 ··-·'"grub2-common"·in·ansible_facts.packages'
2817 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2817 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2818 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists2818 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
2819 ··tags:2819 ··tags:
2820 ··-·CJIS-5.5.2.22820 ··-·CJIS-5.5.2.2
2821 ··-·NIST-800-171-3.4.52821 ··-·NIST-800-171-3.4.5
2822 ··-·NIST-800-53-AC-6(1)2822 ··-·NIST-800-53-AC-6(1)
2823 ··-·NIST-800-53-CM-6(a)2823 ··-·NIST-800-53-CM-6(a)
Offset 2830, 15 lines modifiedOffset 2830, 15 lines modified
2830 ··-·medium_severity2830 ··-·medium_severity
2831 ··-·no_reboot_needed2831 ··-·no_reboot_needed
2832 Remediation_Shell_script_⇲2832 Remediation_Shell_script_⇲
2833 Complexity:·low2833 Complexity:·low
2834 Disruption:·low2834 Disruption:·low
2835 Strategy:···configure2835 Strategy:···configure
2836 #·Remediation·is·applicable·only·in·certain·platforms2836 #·Remediation·is·applicable·only·in·certain·platforms
2837 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/2837 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/
2838 run/.containerenv·];·};·then2838 run/.containerenv·];·};·then
  
2839 chown·0·/boot/grub2/grub.cfg2839 chown·0·/boot/grub2/grub.cfg
  
2840 else2840 else
2841 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'2841 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
2842 fi2842 fi
Offset 2875, 16 lines modifiedOffset 2875, 16 lines modified
2875 ··-·no_reboot_needed2875 ··-·no_reboot_needed
  
2876 -·name:·Test·for·existence·/boot/grub2/grub.cfg2876 -·name:·Test·for·existence·/boot/grub2/grub.cfg
2877 ··stat:2877 ··stat:
2878 ····path:·/boot/grub2/grub.cfg2878 ····path:·/boot/grub2/grub.cfg
2879 ··register:·file_exists2879 ··register:·file_exists
2880 ··when:2880 ··when:
Max diff block lines reached; 1466/5744 bytes (25.52%) of diff not shown.
541 KB
./usr/share/doc/ssg-nondebian/ssg-centos7-guide-pci-dss.html
    
Offset 14450, 16 lines modifiedOffset 14450, 16 lines modified
00038710:·6973·696f·6e20·4869·7374·6f72·793c·2f68··ision·History</h00038710:·6973·696f·6e20·4869·7374·6f72·793c·2f68··ision·History</h
00038720:·323e·3c70·3e43·7572·7265·6e74·2076·6572··2><p>Current·ver00038720:·323e·3c70·3e43·7572·7265·6e74·2076·6572··2><p>Current·ver
00038730:·7369·6f6e·3a20·3c73·7472·6f6e·673e·302e··sion:·<strong>0.00038730:·7369·6f6e·3a20·3c73·7472·6f6e·673e·302e··sion:·<strong>0.
00038740:·312e·3635·3c2f·7374·726f·6e67·3e3c·2f70··1.65</strong></p00038740:·312e·3635·3c2f·7374·726f·6e67·3e3c·2f70··1.65</strong></p
00038750:·3e3c·756c·3e3c·6c69·3e3c·7374·726f·6e67··><ul><li><strong00038750:·3e3c·756c·3e3c·6c69·3e3c·7374·726f·6e67··><ul><li><strong
00038760:·3e64·7261·6674·3c2f·7374·726f·6e67·3e0a··>draft</strong>.00038760:·3e64·7261·6674·3c2f·7374·726f·6e67·3e0a··>draft</strong>.
00038770:·2020·2020·2020·2020·2020·2020·2020·2020··················00038770:·2020·2020·2020·2020·2020·2020·2020·2020··················
00038780:·2020·2020·2861·7320·6f66·2032·3032·342d······(as·of·2024-00038780:·2020·2020·2861·7320·6f66·2032·3032·352d······(as·of·2025-
00038790:·3031·2d31·3429·0a20·2020·2020·2020·2020··01-14).·········00038790:·3032·2d31·3529·0a20·2020·2020·2020·2020··02-15).·········
000387a0:·2020·2020·2020·203c·2f6c·693e·3c2f·756c·········</li></ul000387a0:·2020·2020·2020·203c·2f6c·693e·3c2f·756c·········</li></ul
000387b0:·3e3c·2f64·6976·3e3c·6832·3e54·6162·6c65··></div><h2>Table000387b0:·3e3c·2f64·6976·3e3c·6832·3e54·6162·6c65··></div><h2>Table
000387c0:·206f·6620·436f·6e74·656e·7473·3c2f·6832···of·Contents</h2000387c0:·206f·6620·436f·6e74·656e·7473·3c2f·6832···of·Contents</h2
000387d0:·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872·6566··><ol><li><a·href000387d0:·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872·6566··><ol><li><a·href
000387e0:·3d22·2378·6363·6466·5f6f·7267·2e73·7367··="#xccdf_org.ssg000387e0:·3d22·2378·6363·6466·5f6f·7267·2e73·7367··="#xccdf_org.ssg
000387f0:·7072·6f6a·6563·742e·636f·6e74·656e·745f··project.content_000387f0:·7072·6f6a·6563·742e·636f·6e74·656e·745f··project.content_
00038800:·6772·6f75·705f·7379·7374·656d·223e·5379··group_system">Sy00038800:·6772·6f75·705f·7379·7374·656d·223e·5379··group_system">Sy
Offset 48543, 23 lines modifiedOffset 48543, 23 lines modified
000bd9e0:·640a·2020·2d20·7265·7374·7269·6374·5f73··d.··-·restrict_s000bd9e0:·640a·2020·2d20·7265·7374·7269·6374·5f73··d.··-·restrict_s
000bd9f0:·7472·6174·6567·790a·0a2d·206e·616d·653a··trategy..-·name:000bd9f0:·7472·6174·6567·790a·0a2d·206e·616d·653a··trategy..-·name:
000bda00:·2053·6574·2061·7263·6869·7465·6374·7572···Set·architectur000bda00:·2053·6574·2061·7263·6869·7465·6374·7572···Set·architectur
000bda10:·6520·666f·7220·6175·6469·7420·6368·6d6f··e·for·audit·chmo000bda10:·6520·666f·7220·6175·6469·7420·6368·6d6f··e·for·audit·chmo
000bda20:·6420·7461·736b·730a·2020·7365·745f·6661··d·tasks.··set_fa000bda20:·6420·7461·736b·730a·2020·7365·745f·6661··d·tasks.··set_fa
000bda30:·6374·3a0a·2020·2020·6175·6469·745f·6172··ct:.····audit_ar000bda30:·6374·3a0a·2020·2020·6175·6469·745f·6172··ct:.····audit_ar
000bda40:·6368·3a20·6236·340a·2020·7768·656e·3a0a··ch:·b64.··when:.000bda40:·6368·3a20·6236·340a·2020·7768·656e·3a0a··ch:·b64.··when:.
000bda50:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt 
000bda60:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type· 
000bda70:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker" 
000bda80:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz 
000bda90:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co 
000bdaa0:·6e74·6169·6e65·7222·5d0a·2020·2d20·2722··ntainer"].··-·'" 
000bdab0:·6175·6469·7422·2069·6e20·616e·7369·626c··audit"·in·ansibl 
000bdac0:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages000bda50:·2020·2d20·2722·6175·6469·7422·2069·6e20····-·'"audit"·in·
 000bda60:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
 000bda70:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi
 000bda80:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
 000bda90:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
 000bdaa0:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
 000bdab0:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
 000bdac0:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
000bdad0:·270a·2020·2d20·616e·7369·626c·655f·6172··'.··-·ansible_ar000bdad0:·5d0a·2020·2d20·616e·7369·626c·655f·6172··].··-·ansible_ar
000bdae0:·6368·6974·6563·7475·7265·203d·3d20·2261··chitecture·==·"a000bdae0:·6368·6974·6563·7475·7265·203d·3d20·2261··chitecture·==·"a
000bdaf0:·6172·6368·3634·2220·6f72·2061·6e73·6962··arch64"·or·ansib000bdaf0:·6172·6368·3634·2220·6f72·2061·6e73·6962··arch64"·or·ansib
000bdb00:·6c65·5f61·7263·6869·7465·6374·7572·6520··le_architecture·000bdb00:·6c65·5f61·7263·6869·7465·6374·7572·6520··le_architecture·
000bdb10:·3d3d·2022·7070·6336·3422·206f·7220·616e··==·"ppc64"·or·an000bdb10:·3d3d·2022·7070·6336·3422·206f·7220·616e··==·"ppc64"·or·an
000bdb20:·7369·626c·655f·6172·6368·6974·6563·7475··sible_architectu000bdb20:·7369·626c·655f·6172·6368·6974·6563·7475··sible_architectu
000bdb30:·7265·0a20·2020·203d·3d20·2270·7063·3634··re.····==·"ppc64000bdb30:·7265·0a20·2020·203d·3d20·2270·7063·3634··re.····==·"ppc64
000bdb40:·6c65·2220·6f72·2061·6e73·6962·6c65·5f61··le"·or·ansible_a000bdb40:·6c65·2220·6f72·2061·6e73·6962·6c65·5f61··le"·or·ansible_a
Offset 48866, 23 lines modifiedOffset 48866, 23 lines modified
000bee10:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······000bee10:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······
000bee20:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···000bee20:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···
000bee30:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·000bee30:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·
000bee40:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres000bee40:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres
000bee50:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy000bee50:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy
000bee60:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l000bee60:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l
000bee70:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe000bee70:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe
000bee80:·6e3a·0a20·202d·2061·6e73·6962·6c65·5f76··n:.··-·ansible_v 
000bee90:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty 
000beea0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock 
000beeb0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope 
000beec0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",· 
000beed0:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··- 
000beee0:·2027·2261·7564·6974·2220·696e·2061·6e73···'"audit"·in·ans 
000beef0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa000bee80:·6e3a·0a20·202d·2027·2261·7564·6974·2220··n:.··-·'"audit"·
 000bee90:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 000beea0:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a
 000beeb0:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
 000beec0:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
 000beed0:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
 000beee0:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
 000beef0:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
000bef00:·6765·7327·0a20·2074·6167·733a·0a20·202d··ges'.··tags:.··-000bef00:·6572·225d·0a20·2074·6167·733a·0a20·202d··er"].··tags:.··-
000bef10:·2043·4a49·532d·352e·342e·312e·310a·2020···CJIS-5.4.1.1.··000bef10:·2043·4a49·532d·352e·342e·312e·310a·2020···CJIS-5.4.1.1.··
000bef20:·2d20·4449·5341·2d53·5449·472d·5248·454c··-·DISA-STIG-RHEL000bef20:·2d20·4449·5341·2d53·5449·472d·5248·454c··-·DISA-STIG-RHEL
000bef30:·2d30·372d·3033·3034·3130·0a20·202d·204e··-07-030410.··-·N000bef30:·2d30·372d·3033·3034·3130·0a20·202d·204e··-07-030410.··-·N
000bef40:·4953·542d·3830·302d·3137·312d·332e·312e··IST-800-171-3.1.000bef40:·4953·542d·3830·302d·3137·312d·332e·312e··IST-800-171-3.1.
000bef50:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5000bef50:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5
000bef60:·332d·4155·2d31·3228·6329·0a20·202d·204e··3-AU-12(c).··-·N000bef60:·332d·4155·2d31·3228·6329·0a20·202d·204e··3-AU-12(c).··-·N
000bef70:·4953·542d·3830·302d·3533·2d41·552d·3228··IST-800-53-AU-2(000bef70:·4953·542d·3830·302d·3533·2d41·552d·3228··IST-800-53-AU-2(
Offset 49178, 22 lines modifiedOffset 49178, 22 lines modified
000c0190:·6d6f·640a·2020·2020·2020·6372·6561·7465··mod.······create000c0190:·6d6f·640a·2020·2020·2020·6372·6561·7465··mod.······create
000c01a0:·3a20·7472·7565·0a20·2020·2020·206d·6f64··:·true.······mod000c01a0:·3a20·7472·7565·0a20·2020·2020·206d·6f64··:·true.······mod
000c01b0:·653a·206f·2d72·7778·0a20·2020·2020·2073··e:·o-rwx.······s000c01b0:·653a·206f·2d72·7778·0a20·2020·2020·2073··e:·o-rwx.······s
000c01c0:·7461·7465·3a20·7072·6573·656e·740a·2020··tate:·present.··000c01c0:·7461·7465·3a20·7072·6573·656e·740a·2020··tate:·present.··
000c01d0:·2020·7768·656e·3a20·7379·7363·616c·6c73····when:·syscalls000c01d0:·2020·7768·656e·3a20·7379·7363·616c·6c73····when:·syscalls
000c01e0:·5f66·6f75·6e64·207c·206c·656e·6774·6820··_found·|·length·000c01e0:·5f66·6f75·6e64·207c·206c·656e·6774·6820··_found·|·length·
000c01f0:·3d3d·2030·0a20·2077·6865·6e3a·0a20·202d··==·0.··when:.··-000c01f0:·3d3d·2030·0a20·2077·6865·6e3a·0a20·202d··==·0.··when:.··-
000c0200:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual 
000c0210:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not 
000c0220:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·" 
000c0230:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",· 
000c0240:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta 
000c0250:·696e·6572·225d·0a20·202d·2027·2261·7564··iner"].··-·'"aud 
000c0260:·6974·2220·696e·2061·6e73·6962·6c65·5f66··it"·in·ansible_f 
000c0270:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·000c0200:·2027·2261·7564·6974·2220·696e·2061·6e73···'"audit"·in·ans
 000c0210:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
 000c0220:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible
 000c0230:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
 000c0240:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
 000c0250:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
 000c0260:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
 000c0270:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
000c0280:·202d·2061·7564·6974·5f61·7263·6820·3d3d···-·audit_arch·==000c0280:·202d·2061·7564·6974·5f61·7263·6820·3d3d···-·audit_arch·==
000c0290:·2022·6236·3422·0a20·2074·6167·733a·0a20···"b64".··tags:.·000c0290:·2022·6236·3422·0a20·2074·6167·733a·0a20···"b64".··tags:.·
000c02a0:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.000c02a0:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.
000c02b0:·2020·2d20·4449·5341·2d53·5449·472d·5248····-·DISA-STIG-RH000c02b0:·2020·2d20·4449·5341·2d53·5449·472d·5248····-·DISA-STIG-RH
000c02c0:·454c·2d30·372d·3033·3034·3130·0a20·202d··EL-07-030410.··-000c02c0:·454c·2d30·372d·3033·3034·3130·0a20·202d··EL-07-030410.··-
000c02d0:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.000c02d0:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.
000c02e0:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-800000c02e0:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-800
Offset 49227, 21 lines modifiedOffset 49227, 21 lines modified
000c04a0:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class000c04a0:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
000c04b0:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse000c04b0:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
000c04c0:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i000c04c0:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
000c04d0:·646d·3137·3133·3322·3e3c·7072·653e·3c63··dm17133"><pre><c000c04d0:·646d·3137·3133·3322·3e3c·7072·653e·3c63··dm17133"><pre><c
000c04e0:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio000c04e0:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio
000c04f0:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·000c04f0:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·
000c0500:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·000c0500:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·
000c0510:·706c·6174·666f·726d·730a·6966·205b·2021··platforms.if·[·!000c0510:·706c·6174·666f·726d·730a·6966·2072·706d··platforms.if·rpm
 000c0520:·202d·2d71·7569·6574·202d·7120·6175·6469···--quiet·-q·audi
 000c0530:·7420·2661·6d70·3b26·616d·703b·205b·2021··t·&amp;&amp;·[·!
000c0520:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·000c0540:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·
000c0530:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!000c0550:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!
000c0540:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai000c0560:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai
 000c0570:·6e65·7265·6e76·205d·3b20·7468·656e·0a0a··nerenv·];·then..
000c0550:·6e65·7265·6e76·205d·2026·616d·703b·2661··nerenv·]·&amp;&a 
000c0560:·6d70·3b20·7270·6d20·2d2d·7175·6965·7420··mp;·rpm·--quiet· 
000c0570:·2d71·2061·7564·6974·3b20·7468·656e·0a0a··-q·audit;·then.. 
000c0580:·2320·4669·7273·7420·7065·7266·6f72·6d20··#·First·perform·000c0580:·2320·4669·7273·7420·7065·7266·6f72·6d20··#·First·perform·
Max diff block lines reached; 407817/417262 bytes (97.74%) of diff not shown.
134 KB
html2text {}
    
Offset 59, 15 lines modifiedOffset 59, 15 lines modified
59 ····*·cpe:/o:redhat:enterprise_linux:7::computenode59 ····*·cpe:/o:redhat:enterprise_linux:7::computenode
60 ····*·cpe:/o:redhat:enterprise_linux:7::server60 ····*·cpe:/o:redhat:enterprise_linux:7::server
61 ····*·cpe:/o:redhat:enterprise_linux:7::workstation61 ····*·cpe:/o:redhat:enterprise_linux:7::workstation
62 ····*·cpe:/o:redhat:enterprise_linux:762 ····*·cpe:/o:redhat:enterprise_linux:7
63 ····*·cpe:/o:centos:centos:763 ····*·cpe:/o:centos:centos:7
64 *****·Revision·History·*****64 *****·Revision·History·*****
65 Current·version:·0.1.6565 Current·version:·0.1.65
66 ····*·draft·(as·of·2024-01-14)66 ····*·draft·(as·of·2025-02-15)
67 *****·Table·of·Contents·*****67 *****·Table·of·Contents·*****
68 ···1.·System_Settings68 ···1.·System_Settings
69 ·········1.·Installing_and_Maintaining_Software69 ·········1.·Installing_and_Maintaining_Software
70 ·········2.·Account_and_Access_Control70 ·········2.·Account_and_Access_Control
71 ·········3.·System_Accounting_with_auditd71 ·········3.·System_Accounting_with_auditd
72 ·········4.·GRUB2_bootloader_configuration72 ·········4.·GRUB2_bootloader_configuration
73 ·········5.·Configure_Syslog73 ·········5.·Configure_Syslog
Offset 6287, 16 lines modifiedOffset 6287, 16 lines modified
6287 ··-·reboot_required6287 ··-·reboot_required
6288 ··-·restrict_strategy6288 ··-·restrict_strategy
  
6289 -·name:·Set·architecture·for·audit·chmod·tasks6289 -·name:·Set·architecture·for·audit·chmod·tasks
6290 ··set_fact:6290 ··set_fact:
6291 ····audit_arch:·b646291 ····audit_arch:·b64
6292 ··when:6292 ··when:
6293 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
6294 ··-·'"audit"·in·ansible_facts.packages'6293 ··-·'"audit"·in·ansible_facts.packages'
 6294 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6295 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture6295 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
6296 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"6296 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
6297 ··tags:6297 ··tags:
6298 ··-·CJIS-5.4.1.16298 ··-·CJIS-5.4.1.1
6299 ··-·DISA-STIG-RHEL-07-0304106299 ··-·DISA-STIG-RHEL-07-030410
6300 ··-·NIST-800-171-3.1.76300 ··-·NIST-800-171-3.1.7
6301 ··-·NIST-800-53-AU-12(c)6301 ··-·NIST-800-53-AU-12(c)
Offset 6433, 16 lines modifiedOffset 6433, 16 lines modified
6433 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10006433 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
6434 ········-F·auid!=unset·-F·key=perm_mod6434 ········-F·auid!=unset·-F·key=perm_mod
6435 ······create:·true6435 ······create:·true
6436 ······mode:·o-rwx6436 ······mode:·o-rwx
6437 ······state:·present6437 ······state:·present
6438 ····when:·syscalls_found·|·length·==·06438 ····when:·syscalls_found·|·length·==·0
6439 ··when:6439 ··when:
6440 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
6441 ··-·'"audit"·in·ansible_facts.packages'6440 ··-·'"audit"·in·ansible_facts.packages'
 6441 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6442 ··tags:6442 ··tags:
6443 ··-·CJIS-5.4.1.16443 ··-·CJIS-5.4.1.1
6444 ··-·DISA-STIG-RHEL-07-0304106444 ··-·DISA-STIG-RHEL-07-030410
6445 ··-·NIST-800-171-3.1.76445 ··-·NIST-800-171-3.1.7
6446 ··-·NIST-800-53-AU-12(c)6446 ··-·NIST-800-53-AU-12(c)
6447 ··-·NIST-800-53-AU-2(d)6447 ··-·NIST-800-53-AU-2(d)
6448 ··-·NIST-800-53-CM-6(a)6448 ··-·NIST-800-53-CM-6(a)
Offset 6577, 16 lines modifiedOffset 6577, 16 lines modified
6577 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10006577 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
6578 ········-F·auid!=unset·-F·key=perm_mod6578 ········-F·auid!=unset·-F·key=perm_mod
6579 ······create:·true6579 ······create:·true
6580 ······mode:·o-rwx6580 ······mode:·o-rwx
6581 ······state:·present6581 ······state:·present
6582 ····when:·syscalls_found·|·length·==·06582 ····when:·syscalls_found·|·length·==·0
6583 ··when:6583 ··when:
6584 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
6585 ··-·'"audit"·in·ansible_facts.packages'6584 ··-·'"audit"·in·ansible_facts.packages'
 6585 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6586 ··-·audit_arch·==·"b64"6586 ··-·audit_arch·==·"b64"
6587 ··tags:6587 ··tags:
6588 ··-·CJIS-5.4.1.16588 ··-·CJIS-5.4.1.1
6589 ··-·DISA-STIG-RHEL-07-0304106589 ··-·DISA-STIG-RHEL-07-030410
6590 ··-·NIST-800-171-3.1.76590 ··-·NIST-800-171-3.1.7
6591 ··-·NIST-800-53-AU-12(c)6591 ··-·NIST-800-53-AU-12(c)
6592 ··-·NIST-800-53-AU-2(d)6592 ··-·NIST-800-53-AU-2(d)
Offset 6596, 15 lines modifiedOffset 6596, 15 lines modified
6596 ··-·low_complexity6596 ··-·low_complexity
6597 ··-·low_disruption6597 ··-·low_disruption
6598 ··-·medium_severity6598 ··-·medium_severity
6599 ··-·reboot_required6599 ··-·reboot_required
6600 ··-·restrict_strategy6600 ··-·restrict_strategy
6601 Remediation_Shell_script_⇲6601 Remediation_Shell_script_⇲
6602 #·Remediation·is·applicable·only·in·certain·platforms6602 #·Remediation·is·applicable·only·in·certain·platforms
6603 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then6603 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
6604 #·First·perform·the·remediation·of·the·syscall·rule6604 #·First·perform·the·remediation·of·the·syscall·rule
6605 #·Retrieve·hardware·architecture·of·the·underlying·system6605 #·Retrieve·hardware·architecture·of·the·underlying·system
6606 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")6606 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
6607 for·ARCH·in·"${RULE_ARCHS[@]}"6607 for·ARCH·in·"${RULE_ARCHS[@]}"
6608 do6608 do
Offset 6965, 16 lines modifiedOffset 6965, 16 lines modified
6965 ··-·reboot_required6965 ··-·reboot_required
6966 ··-·restrict_strategy6966 ··-·restrict_strategy
  
6967 -·name:·Set·architecture·for·audit·chown·tasks6967 -·name:·Set·architecture·for·audit·chown·tasks
6968 ··set_fact:6968 ··set_fact:
6969 ····audit_arch:·b646969 ····audit_arch:·b64
6970 ··when:6970 ··when:
6971 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
6972 ··-·'"audit"·in·ansible_facts.packages'6971 ··-·'"audit"·in·ansible_facts.packages'
 6972 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6973 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture6973 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
6974 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"6974 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
6975 ··tags:6975 ··tags:
6976 ··-·CJIS-5.4.1.16976 ··-·CJIS-5.4.1.1
6977 ··-·DISA-STIG-RHEL-07-0303706977 ··-·DISA-STIG-RHEL-07-030370
6978 ··-·NIST-800-171-3.1.76978 ··-·NIST-800-171-3.1.7
6979 ··-·NIST-800-53-AU-12(c)6979 ··-·NIST-800-53-AU-12(c)
Offset 7113, 16 lines modifiedOffset 7113, 16 lines modified
7113 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10007113 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
7114 ········-F·auid!=unset·-F·key=perm_mod7114 ········-F·auid!=unset·-F·key=perm_mod
7115 ······create:·true7115 ······create:·true
7116 ······mode:·o-rwx7116 ······mode:·o-rwx
7117 ······state:·present7117 ······state:·present
7118 ····when:·syscalls_found·|·length·==·07118 ····when:·syscalls_found·|·length·==·0
7119 ··when:7119 ··when:
7120 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
7121 ··-·'"audit"·in·ansible_facts.packages'7120 ··-·'"audit"·in·ansible_facts.packages'
 7121 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7122 ··tags:7122 ··tags:
7123 ··-·CJIS-5.4.1.17123 ··-·CJIS-5.4.1.1
7124 ··-·DISA-STIG-RHEL-07-0303707124 ··-·DISA-STIG-RHEL-07-030370
7125 ··-·NIST-800-171-3.1.77125 ··-·NIST-800-171-3.1.7
7126 ··-·NIST-800-53-AU-12(c)7126 ··-·NIST-800-53-AU-12(c)
7127 ··-·NIST-800-53-AU-2(d)7127 ··-·NIST-800-53-AU-2(d)
7128 ··-·NIST-800-53-CM-6(a)7128 ··-·NIST-800-53-CM-6(a)
Offset 7259, 16 lines modifiedOffset 7259, 16 lines modified
7259 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10007259 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
7260 ········-F·auid!=unset·-F·key=perm_mod7260 ········-F·auid!=unset·-F·key=perm_mod
7261 ······create:·true7261 ······create:·true
7262 ······mode:·o-rwx7262 ······mode:·o-rwx
7263 ······state:·present7263 ······state:·present
Max diff block lines reached; 132163/136925 bytes (96.52%) of diff not shown.
407 KB
./usr/share/doc/ssg-nondebian/ssg-centos7-guide-standard.html
    
Offset 14457, 16 lines modifiedOffset 14457, 16 lines modified
00038780:·696f·6e20·4869·7374·6f72·793c·2f68·323e··ion·History</h2>00038780:·696f·6e20·4869·7374·6f72·793c·2f68·323e··ion·History</h2>
00038790:·3c70·3e43·7572·7265·6e74·2076·6572·7369··<p>Current·versi00038790:·3c70·3e43·7572·7265·6e74·2076·6572·7369··<p>Current·versi
000387a0:·6f6e·3a20·3c73·7472·6f6e·673e·302e·312e··on:·<strong>0.1.000387a0:·6f6e·3a20·3c73·7472·6f6e·673e·302e·312e··on:·<strong>0.1.
000387b0:·3635·3c2f·7374·726f·6e67·3e3c·2f70·3e3c··65</strong></p><000387b0:·3635·3c2f·7374·726f·6e67·3e3c·2f70·3e3c··65</strong></p><
000387c0:·756c·3e3c·6c69·3e3c·7374·726f·6e67·3e64··ul><li><strong>d000387c0:·756c·3e3c·6c69·3e3c·7374·726f·6e67·3e64··ul><li><strong>d
000387d0:·7261·6674·3c2f·7374·726f·6e67·3e0a·2020··raft</strong>.··000387d0:·7261·6674·3c2f·7374·726f·6e67·3e0a·2020··raft</strong>.··
000387e0:·2020·2020·2020·2020·2020·2020·2020·2020··················000387e0:·2020·2020·2020·2020·2020·2020·2020·2020··················
000387f0:·2020·2861·7320·6f66·2032·3032·342d·3031····(as·of·2024-01000387f0:·2020·2861·7320·6f66·2032·3032·352d·3032····(as·of·2025-02
00038800:·2d31·3429·0a20·2020·2020·2020·2020·2020··-14).···········00038800:·2d31·3529·0a20·2020·2020·2020·2020·2020··-15).···········
00038810:·2020·2020·203c·2f6c·693e·3c2f·756c·3e3c·······</li></ul><00038810:·2020·2020·203c·2f6c·693e·3c2f·756c·3e3c·······</li></ul><
00038820:·2f64·6976·3e3c·6832·3e54·6162·6c65·206f··/div><h2>Table·o00038820:·2f64·6976·3e3c·6832·3e54·6162·6c65·206f··/div><h2>Table·o
00038830:·6620·436f·6e74·656e·7473·3c2f·6832·3e3c··f·Contents</h2><00038830:·6620·436f·6e74·656e·7473·3c2f·6832·3e3c··f·Contents</h2><
00038840:·6f6c·3e3c·6c69·3e3c·6120·6872·6566·3d22··ol><li><a·href="00038840:·6f6c·3e3c·6c69·3e3c·6120·6872·6566·3d22··ol><li><a·href="
00038850:·2378·6363·6466·5f6f·7267·2e73·7367·7072··#xccdf_org.ssgpr00038850:·2378·6363·6466·5f6f·7267·2e73·7367·7072··#xccdf_org.ssgpr
00038860:·6f6a·6563·742e·636f·6e74·656e·745f·6772··oject.content_gr00038860:·6f6a·6563·742e·636f·6e74·656e·745f·6772··oject.content_gr
00038870:·6f75·705f·7379·7374·656d·223e·5379·7374··oup_system">Syst00038870:·6f75·705f·7379·7374·656d·223e·5379·7374··oup_system">Syst
Offset 23962, 23 lines modifiedOffset 23962, 23 lines modified
0005d990:·6571·7569·7265·640a·2020·2d20·7265·7374··equired.··-·rest0005d990:·6571·7569·7265·640a·2020·2d20·7265·7374··equired.··-·rest
0005d9a0:·7269·6374·5f73·7472·6174·6567·790a·0a2d··rict_strategy..-0005d9a0:·7269·6374·5f73·7472·6174·6567·790a·0a2d··rict_strategy..-
0005d9b0:·206e·616d·653a·2053·6574·2061·7263·6869···name:·Set·archi0005d9b0:·206e·616d·653a·2053·6574·2061·7263·6869···name:·Set·archi
0005d9c0:·7465·6374·7572·6520·666f·7220·6175·6469··tecture·for·audi0005d9c0:·7465·6374·7572·6520·666f·7220·6175·6469··tecture·for·audi
0005d9d0:·7420·6368·6d6f·6420·7461·736b·730a·2020··t·chmod·tasks.··0005d9d0:·7420·6368·6d6f·6420·7461·736b·730a·2020··t·chmod·tasks.··
0005d9e0:·7365·745f·6661·6374·3a0a·2020·2020·6175··set_fact:.····au0005d9e0:·7365·745f·6661·6374·3a0a·2020·2020·6175··set_fact:.····au
0005d9f0:·6469·745f·6172·6368·3a20·6236·340a·2020··dit_arch:·b64.··0005d9f0:·6469·745f·6172·6368·3a20·6236·340a·2020··dit_arch:·b64.··
0005da00:·7768·656e·3a0a·2020·2d20·616e·7369·626c··when:.··-·ansibl0005da00:·7768·656e·3a0a·2020·2d20·2722·6175·6469··when:.··-·'"audi
0005da10:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization 
0005da20:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d 
0005da30:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·" 
0005da40:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman 
0005da50:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"]. 
0005da60:·2020·2d20·2722·6175·6469·7422·2069·6e20····-·'"audit"·in· 
0005da70:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa0005da10:·7422·2069·6e20·616e·7369·626c·655f·6661··t"·in·ansible_fa
 0005da20:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
 0005da30:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
 0005da40:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
 0005da50:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
 0005da60:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
 0005da70:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
0005da80:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi0005da80:·6169·6e65·7222·5d0a·2020·2d20·616e·7369··ainer"].··-·ansi
0005da90:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture0005da90:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture
0005daa0:·203d·3d20·2261·6172·6368·3634·2220·6f72···==·"aarch64"·or0005daa0:·203d·3d20·2261·6172·6368·3634·2220·6f72···==·"aarch64"·or
0005dab0:·2061·6e73·6962·6c65·5f61·7263·6869·7465···ansible_archite0005dab0:·2061·6e73·6962·6c65·5f61·7263·6869·7465···ansible_archite
0005dac0:·6374·7572·6520·3d3d·2022·7070·6336·3422··cture·==·"ppc64"0005dac0:·6374·7572·6520·3d3d·2022·7070·6336·3422··cture·==·"ppc64"
0005dad0:·206f·7220·616e·7369·626c·655f·6172·6368···or·ansible_arch0005dad0:·206f·7220·616e·7369·626c·655f·6172·6368···or·ansible_arch
0005dae0:·6974·6563·7475·7265·0a20·2020·203d·3d20··itecture.····==·0005dae0:·6974·6563·7475·7265·0a20·2020·203d·3d20··itecture.····==·
0005daf0:·2270·7063·3634·6c65·2220·6f72·2061·6e73··"ppc64le"·or·ans0005daf0:·2270·7063·3634·6c65·2220·6f72·2061·6e73··"ppc64le"·or·ans
Offset 24285, 23 lines modifiedOffset 24285, 23 lines modified
0005edc0:·2d46·206b·6579·3d70·6572·6d5f·6d6f·640a··-F·key=perm_mod.0005edc0:·2d46·206b·6579·3d70·6572·6d5f·6d6f·640a··-F·key=perm_mod.
0005edd0:·2020·2020·2020·6372·6561·7465·3a20·7472········create:·tr0005edd0:·2020·2020·2020·6372·6561·7465·3a20·7472········create:·tr
0005ede0:·7565·0a20·2020·2020·206d·6f64·653a·206f··ue.······mode:·o0005ede0:·7565·0a20·2020·2020·206d·6f64·653a·206f··ue.······mode:·o
0005edf0:·2d72·7778·0a20·2020·2020·2073·7461·7465··-rwx.······state0005edf0:·2d72·7778·0a20·2020·2020·2073·7461·7465··-rwx.······state
0005ee00:·3a20·7072·6573·656e·740a·2020·2020·7768··:·present.····wh0005ee00:·3a20·7072·6573·656e·740a·2020·2020·7768··:·present.····wh
0005ee10:·656e·3a20·7379·7363·616c·6c73·5f66·6f75··en:·syscalls_fou0005ee10:·656e·3a20·7379·7363·616c·6c73·5f66·6f75··en:·syscalls_fou
0005ee20:·6e64·207c·206c·656e·6774·6820·3d3d·2030··nd·|·length·==·00005ee20:·6e64·207c·206c·656e·6774·6820·3d3d·2030··nd·|·length·==·0
0005ee30:·0a20·2077·6865·6e3a·0a20·202d·2061·6e73··.··when:.··-·ans0005ee30:·0a20·2077·6865·6e3a·0a20·202d·2027·2261··.··when:.··-·'"a
0005ee40:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat 
0005ee50:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in· 
0005ee60:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc" 
0005ee70:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod 
0005ee80:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container 
0005ee90:·225d·0a20·202d·2027·2261·7564·6974·2220··"].··-·'"audit"· 
0005eea0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
0005eeb0:·2e70·6163·6b61·6765·7327·0a20·2074·6167··.packages'.··tag0005ee40:·7564·6974·2220·696e·2061·6e73·6962·6c65··udit"·in·ansible
 0005ee50:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 0005ee60:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
 0005ee70:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
 0005ee80:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
 0005ee90:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
 0005eea0:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
 0005eeb0:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag
0005eec0:·733a·0a20·202d·2043·4a49·532d·352e·342e··s:.··-·CJIS-5.4.0005eec0:·733a·0a20·202d·2043·4a49·532d·352e·342e··s:.··-·CJIS-5.4.
0005eed0:·312e·310a·2020·2d20·4449·5341·2d53·5449··1.1.··-·DISA-STI0005eed0:·312e·310a·2020·2d20·4449·5341·2d53·5449··1.1.··-·DISA-STI
0005eee0:·472d·5248·454c·2d30·372d·3033·3034·3130··G-RHEL-07-0304100005eee0:·472d·5248·454c·2d30·372d·3033·3034·3130··G-RHEL-07-030410
0005eef0:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-170005eef0:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17
0005ef00:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST0005ef00:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST
0005ef10:·2d38·3030·2d35·332d·4155·2d31·3228·6329··-800-53-AU-12(c)0005ef10:·2d38·3030·2d35·332d·4155·2d31·3228·6329··-800-53-AU-12(c)
0005ef20:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-530005ef20:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
Offset 24597, 23 lines modifiedOffset 24597, 23 lines modified
00060140:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······00060140:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······
00060150:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···00060150:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···
00060160:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·00060160:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·
00060170:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres00060170:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres
00060180:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy00060180:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy
00060190:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l00060190:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l
000601a0:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe000601a0:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe
000601b0:·6e3a·0a20·202d·2061·6e73·6962·6c65·5f76··n:.··-·ansible_v 
000601c0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty 
000601d0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock 
000601e0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope 
000601f0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",· 
00060200:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··- 
00060210:·2027·2261·7564·6974·2220·696e·2061·6e73···'"audit"·in·ans 
00060220:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa000601b0:·6e3a·0a20·202d·2027·2261·7564·6974·2220··n:.··-·'"audit"·
 000601c0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 000601d0:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a
 000601e0:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
 000601f0:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
 00060200:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
 00060210:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
 00060220:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
00060230:·6765·7327·0a20·202d·2061·7564·6974·5f61··ges'.··-·audit_a00060230:·6572·225d·0a20·202d·2061·7564·6974·5f61··er"].··-·audit_a
00060240:·7263·6820·3d3d·2022·6236·3422·0a20·2074··rch·==·"b64".··t00060240:·7263·6820·3d3d·2022·6236·3422·0a20·2074··rch·==·"b64".··t
00060250:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.00060250:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.
00060260:·342e·312e·310a·2020·2d20·4449·5341·2d53··4.1.1.··-·DISA-S00060260:·342e·312e·310a·2020·2d20·4449·5341·2d53··4.1.1.··-·DISA-S
00060270:·5449·472d·5248·454c·2d30·372d·3033·3034··TIG-RHEL-07-030400060270:·5449·472d·5248·454c·2d30·372d·3033·3034··TIG-RHEL-07-0304
00060280:·3130·0a20·202d·204e·4953·542d·3830·302d··10.··-·NIST-800-00060280:·3130·0a20·202d·204e·4953·542d·3830·302d··10.··-·NIST-800-
00060290:·3137·312d·332e·312e·370a·2020·2d20·4e49··171-3.1.7.··-·NI00060290:·3137·312d·332e·312e·370a·2020·2d20·4e49··171-3.1.7.··-·NI
000602a0:·5354·2d38·3030·2d35·332d·4155·2d31·3228··ST-800-53-AU-12(000602a0:·5354·2d38·3030·2d35·332d·4155·2d31·3228··ST-800-53-AU-12(
Offset 24647, 20 lines modifiedOffset 24647, 20 lines modified
00060460:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co00060460:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
00060470:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"00060470:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
00060480:·2069·643d·2269·646d·3137·3133·3322·3e3c···id="idm17133"><00060480:·2069·643d·2269·646d·3137·3133·3322·3e3c···id="idm17133"><
00060490:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme00060490:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme
000604a0:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli000604a0:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli
000604b0:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce000604b0:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce
000604c0:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.000604c0:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.
 000604d0:·6966·2072·706d·202d·2d71·7569·6574·202d··if·rpm·--quiet·-
 000604e0:·7120·6175·6469·7420·2661·6d70·3b26·616d··q·audit·&amp;&am
000604d0:·6966·205b·2021·202d·6620·2f2e·646f·636b··if·[·!·-f·/.dock000604f0:·703b·205b·2021·202d·6620·2f2e·646f·636b··p;·[·!·-f·/.dock
000604e0:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am00060500:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am
000604f0:·703b·205b·2021·202d·6620·2f72·756e·2f2e··p;·[·!·-f·/run/.00060510:·703b·205b·2021·202d·6620·2f72·756e·2f2e··p;·[·!·-f·/run/.
00060500:·636f·6e74·6169·6e65·7265·6e76·205d·2026··containerenv·]·&00060520:·636f·6e74·6169·6e65·7265·6e76·205d·3b20··containerenv·];·
00060510:·616d·703b·2661·6d70·3b20·7270·6d20·2d2d··amp;&amp;·rpm·-- 
00060520:·7175·6965·7420·2d71·2061·7564·6974·3b20··quiet·-q·audit;· 
00060530:·7468·656e·0a0a·2320·4669·7273·7420·7065··then..#·First·pe00060530:·7468·656e·0a0a·2320·4669·7273·7420·7065··then..#·First·pe
00060540:·7266·6f72·6d20·7468·6520·7265·6d65·6469··rform·the·remedi00060540:·7266·6f72·6d20·7468·6520·7265·6d65·6469··rform·the·remedi
00060550:·6174·696f·6e20·6f66·2074·6865·2073·7973··ation·of·the·sys00060550:·6174·696f·6e20·6f66·2074·6865·2073·7973··ation·of·the·sys
Max diff block lines reached; 304463/314046 bytes (96.95%) of diff not shown.
100 KB
html2text {}
    
Offset 61, 15 lines modifiedOffset 61, 15 lines modified
61 ····*·cpe:/o:redhat:enterprise_linux:7::computenode61 ····*·cpe:/o:redhat:enterprise_linux:7::computenode
62 ····*·cpe:/o:redhat:enterprise_linux:7::server62 ····*·cpe:/o:redhat:enterprise_linux:7::server
63 ····*·cpe:/o:redhat:enterprise_linux:7::workstation63 ····*·cpe:/o:redhat:enterprise_linux:7::workstation
64 ····*·cpe:/o:redhat:enterprise_linux:764 ····*·cpe:/o:redhat:enterprise_linux:7
65 ····*·cpe:/o:centos:centos:765 ····*·cpe:/o:centos:centos:7
66 *****·Revision·History·*****66 *****·Revision·History·*****
67 Current·version:·0.1.6567 Current·version:·0.1.65
68 ····*·draft·(as·of·2024-01-14)68 ····*·draft·(as·of·2025-02-15)
69 *****·Table·of·Contents·*****69 *****·Table·of·Contents·*****
70 ···1.·System_Settings70 ···1.·System_Settings
71 ·········1.·Installing_and_Maintaining_Software71 ·········1.·Installing_and_Maintaining_Software
72 ·········2.·Account_and_Access_Control72 ·········2.·Account_and_Access_Control
73 ·········3.·System_Accounting_with_auditd73 ·········3.·System_Accounting_with_auditd
74 ·········4.·Configure_Syslog74 ·········4.·Configure_Syslog
75 ·········5.·File_Permissions_and_Masks75 ·········5.·File_Permissions_and_Masks
Offset 1100, 16 lines modifiedOffset 1100, 16 lines modified
1100 ··-·reboot_required1100 ··-·reboot_required
1101 ··-·restrict_strategy1101 ··-·restrict_strategy
  
1102 -·name:·Set·architecture·for·audit·chmod·tasks1102 -·name:·Set·architecture·for·audit·chmod·tasks
1103 ··set_fact:1103 ··set_fact:
1104 ····audit_arch:·b641104 ····audit_arch:·b64
1105 ··when:1105 ··when:
1106 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1107 ··-·'"audit"·in·ansible_facts.packages'1106 ··-·'"audit"·in·ansible_facts.packages'
 1107 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1108 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture1108 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
1109 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"1109 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
1110 ··tags:1110 ··tags:
1111 ··-·CJIS-5.4.1.11111 ··-·CJIS-5.4.1.1
1112 ··-·DISA-STIG-RHEL-07-0304101112 ··-·DISA-STIG-RHEL-07-030410
1113 ··-·NIST-800-171-3.1.71113 ··-·NIST-800-171-3.1.7
1114 ··-·NIST-800-53-AU-12(c)1114 ··-·NIST-800-53-AU-12(c)
Offset 1246, 16 lines modifiedOffset 1246, 16 lines modified
1246 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10001246 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
1247 ········-F·auid!=unset·-F·key=perm_mod1247 ········-F·auid!=unset·-F·key=perm_mod
1248 ······create:·true1248 ······create:·true
1249 ······mode:·o-rwx1249 ······mode:·o-rwx
1250 ······state:·present1250 ······state:·present
1251 ····when:·syscalls_found·|·length·==·01251 ····when:·syscalls_found·|·length·==·0
1252 ··when:1252 ··when:
1253 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1254 ··-·'"audit"·in·ansible_facts.packages'1253 ··-·'"audit"·in·ansible_facts.packages'
 1254 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1255 ··tags:1255 ··tags:
1256 ··-·CJIS-5.4.1.11256 ··-·CJIS-5.4.1.1
1257 ··-·DISA-STIG-RHEL-07-0304101257 ··-·DISA-STIG-RHEL-07-030410
1258 ··-·NIST-800-171-3.1.71258 ··-·NIST-800-171-3.1.7
1259 ··-·NIST-800-53-AU-12(c)1259 ··-·NIST-800-53-AU-12(c)
1260 ··-·NIST-800-53-AU-2(d)1260 ··-·NIST-800-53-AU-2(d)
1261 ··-·NIST-800-53-CM-6(a)1261 ··-·NIST-800-53-CM-6(a)
Offset 1390, 16 lines modifiedOffset 1390, 16 lines modified
1390 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10001390 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
1391 ········-F·auid!=unset·-F·key=perm_mod1391 ········-F·auid!=unset·-F·key=perm_mod
1392 ······create:·true1392 ······create:·true
1393 ······mode:·o-rwx1393 ······mode:·o-rwx
1394 ······state:·present1394 ······state:·present
1395 ····when:·syscalls_found·|·length·==·01395 ····when:·syscalls_found·|·length·==·0
1396 ··when:1396 ··when:
1397 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1398 ··-·'"audit"·in·ansible_facts.packages'1397 ··-·'"audit"·in·ansible_facts.packages'
 1398 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1399 ··-·audit_arch·==·"b64"1399 ··-·audit_arch·==·"b64"
1400 ··tags:1400 ··tags:
1401 ··-·CJIS-5.4.1.11401 ··-·CJIS-5.4.1.1
1402 ··-·DISA-STIG-RHEL-07-0304101402 ··-·DISA-STIG-RHEL-07-030410
1403 ··-·NIST-800-171-3.1.71403 ··-·NIST-800-171-3.1.7
1404 ··-·NIST-800-53-AU-12(c)1404 ··-·NIST-800-53-AU-12(c)
1405 ··-·NIST-800-53-AU-2(d)1405 ··-·NIST-800-53-AU-2(d)
Offset 1409, 15 lines modifiedOffset 1409, 15 lines modified
1409 ··-·low_complexity1409 ··-·low_complexity
1410 ··-·low_disruption1410 ··-·low_disruption
1411 ··-·medium_severity1411 ··-·medium_severity
1412 ··-·reboot_required1412 ··-·reboot_required
1413 ··-·restrict_strategy1413 ··-·restrict_strategy
1414 Remediation_Shell_script_⇲1414 Remediation_Shell_script_⇲
1415 #·Remediation·is·applicable·only·in·certain·platforms1415 #·Remediation·is·applicable·only·in·certain·platforms
1416 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then1416 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
1417 #·First·perform·the·remediation·of·the·syscall·rule1417 #·First·perform·the·remediation·of·the·syscall·rule
1418 #·Retrieve·hardware·architecture·of·the·underlying·system1418 #·Retrieve·hardware·architecture·of·the·underlying·system
1419 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")1419 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
1420 for·ARCH·in·"${RULE_ARCHS[@]}"1420 for·ARCH·in·"${RULE_ARCHS[@]}"
1421 do1421 do
Offset 1778, 16 lines modifiedOffset 1778, 16 lines modified
1778 ··-·reboot_required1778 ··-·reboot_required
1779 ··-·restrict_strategy1779 ··-·restrict_strategy
  
1780 -·name:·Set·architecture·for·audit·chown·tasks1780 -·name:·Set·architecture·for·audit·chown·tasks
1781 ··set_fact:1781 ··set_fact:
1782 ····audit_arch:·b641782 ····audit_arch:·b64
1783 ··when:1783 ··when:
1784 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1785 ··-·'"audit"·in·ansible_facts.packages'1784 ··-·'"audit"·in·ansible_facts.packages'
 1785 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1786 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture1786 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
1787 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"1787 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
1788 ··tags:1788 ··tags:
1789 ··-·CJIS-5.4.1.11789 ··-·CJIS-5.4.1.1
1790 ··-·DISA-STIG-RHEL-07-0303701790 ··-·DISA-STIG-RHEL-07-030370
1791 ··-·NIST-800-171-3.1.71791 ··-·NIST-800-171-3.1.7
1792 ··-·NIST-800-53-AU-12(c)1792 ··-·NIST-800-53-AU-12(c)
Offset 1926, 16 lines modifiedOffset 1926, 16 lines modified
1926 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10001926 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
1927 ········-F·auid!=unset·-F·key=perm_mod1927 ········-F·auid!=unset·-F·key=perm_mod
1928 ······create:·true1928 ······create:·true
1929 ······mode:·o-rwx1929 ······mode:·o-rwx
1930 ······state:·present1930 ······state:·present
1931 ····when:·syscalls_found·|·length·==·01931 ····when:·syscalls_found·|·length·==·0
1932 ··when:1932 ··when:
1933 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1934 ··-·'"audit"·in·ansible_facts.packages'1933 ··-·'"audit"·in·ansible_facts.packages'
 1934 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1935 ··tags:1935 ··tags:
1936 ··-·CJIS-5.4.1.11936 ··-·CJIS-5.4.1.1
1937 ··-·DISA-STIG-RHEL-07-0303701937 ··-·DISA-STIG-RHEL-07-030370
1938 ··-·NIST-800-171-3.1.71938 ··-·NIST-800-171-3.1.7
1939 ··-·NIST-800-53-AU-12(c)1939 ··-·NIST-800-53-AU-12(c)
1940 ··-·NIST-800-53-AU-2(d)1940 ··-·NIST-800-53-AU-2(d)
1941 ··-·NIST-800-53-CM-6(a)1941 ··-·NIST-800-53-CM-6(a)
Offset 2072, 16 lines modifiedOffset 2072, 16 lines modified
2072 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002072 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2073 ········-F·auid!=unset·-F·key=perm_mod2073 ········-F·auid!=unset·-F·key=perm_mod
2074 ······create:·true2074 ······create:·true
2075 ······mode:·o-rwx2075 ······mode:·o-rwx
2076 ······state:·present2076 ······state:·present
Max diff block lines reached; 97603/102361 bytes (95.35%) of diff not shown.
7.1 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-anssi_bp28_enhanced.html
    
Offset 14554, 15 lines modifiedOffset 14554, 15 lines modified
00038d90:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v00038d90:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v
00038da0:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>00038da0:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>
00038db0:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><00038db0:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><
00038dc0:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro00038dc0:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro
00038dd0:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong00038dd0:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong
00038de0:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············00038de0:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············
00038df0:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·20200038df0:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·202
00038e00:·342d·3031·2d31·3429·0a20·2020·2020·2020··4-01-14).·······00038e00:·352d·3032·2d31·3529·0a20·2020·2020·2020··5-02-15).·······
00038e10:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></00038e10:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></
00038e20:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab00038e20:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab
00038e30:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</00038e30:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</
00038e40:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr00038e40:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr
00038e50:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s00038e50:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s
00038e60:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten00038e60:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten
00038e70:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">00038e70:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">
Offset 54859, 23 lines modifiedOffset 54859, 23 lines modified
000d64a0:·7072·6976·696c·6567·6564·0a20·2020·2020··privileged.·····000d64a0:·7072·6976·696c·6567·6564·0a20·2020·2020··privileged.·····
000d64b0:·2063·7265·6174·653a·2074·7275·650a·2020···create:·true.··000d64b0:·2063·7265·6174·653a·2074·7275·650a·2020···create:·true.··
000d64c0:·2020·2020·6d6f·6465·3a20·6f2d·7277·780a······mode:·o-rwx.000d64c0:·2020·2020·6d6f·6465·3a20·6f2d·7277·780a······mode:·o-rwx.
000d64d0:·2020·2020·2020·7374·6174·653a·2070·7265········state:·pre000d64d0:·2020·2020·2020·7374·6174·653a·2070·7265········state:·pre
000d64e0:·7365·6e74·0a20·2020·2077·6865·6e3a·2073··sent.····when:·s000d64e0:·7365·6e74·0a20·2020·2077·6865·6e3a·2073··sent.····when:·s
000d64f0:·7973·6361·6c6c·735f·666f·756e·6420·7c20··yscalls_found·|·000d64f0:·7973·6361·6c6c·735f·666f·756e·6420·7c20··yscalls_found·|·
000d6500:·6c65·6e67·7468·203d·3d20·300a·2020·7768··length·==·0.··wh000d6500:·6c65·6e67·7468·203d·3d20·300a·2020·7768··length·==·0.··wh
000d6510:·656e·3a0a·2020·2d20·2722·6175·6469·7422··en:.··-·'"audit" 
000d6520:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
000d6530:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-· 
000d6540:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali 
000d6550:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not· 
000d6560:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l 
000d6570:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·" 
000d6580:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai000d6510:·656e·3a0a·2020·2d20·616e·7369·626c·655f··en:.··-·ansible_
 000d6520:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
 000d6530:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
 000d6540:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
 000d6550:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
 000d6560:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
 000d6570:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an
 000d6580:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
000d6590:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··000d6590:·6167·6573·270a·2020·7461·6773·3a0a·2020··ages'.··tags:.··
000d65a0:·2d20·4449·5341·2d53·5449·472d·5248·454c··-·DISA-STIG-RHEL000d65a0:·2d20·4449·5341·2d53·5449·472d·5248·454c··-·DISA-STIG-RHEL
000d65b0:·2d30·382d·3033·3035·3530·0a20·202d·204e··-08-030550.··-·N000d65b0:·2d30·382d·3033·3035·3530·0a20·202d·204e··-08-030550.··-·N
000d65c0:·4953·542d·3830·302d·3137·312d·332e·312e··IST-800-171-3.1.000d65c0:·4953·542d·3830·302d·3137·312d·332e·312e··IST-800-171-3.1.
000d65d0:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5000d65d0:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5
000d65e0:·332d·4143·2d36·2839·290a·2020·2d20·4e49··3-AC-6(9).··-·NI000d65e0:·332d·4143·2d36·2839·290a·2020·2d20·4e49··3-AC-6(9).··-·NI
000d65f0:·5354·2d38·3030·2d35·332d·4155·2d31·3228··ST-800-53-AU-12(000d65f0:·5354·2d38·3030·2d35·332d·4155·2d31·3228··ST-800-53-AU-12(
000d6600:·6329·0a20·202d·204e·4953·542d·3830·302d··c).··-·NIST-800-000d6600:·6329·0a20·202d·204e·4953·542d·3830·302d··c).··-·NIST-800-
Offset 54906, 21 lines modifiedOffset 54906, 21 lines modified
000d6790:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla000d6790:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
000d67a0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap000d67a0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
000d67b0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=000d67b0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=
000d67c0:·2269·646d·3335·3834·3122·3e3c·7072·653e··"idm35841"><pre>000d67c0:·2269·646d·3335·3834·3122·3e3c·7072·653e··"idm35841"><pre>
000d67d0:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat000d67d0:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat
000d67e0:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl000d67e0:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl
000d67f0:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai000d67f0:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai
000d6800:·6e20·706c·6174·666f·726d·730a·6966·2072··n·platforms.if·r000d6800:·6e20·706c·6174·666f·726d·730a·6966·205b··n·platforms.if·[
000d6810:·706d·202d·2d71·7569·6574·202d·7120·6175··pm·--quiet·-q·au 
000d6820:·6469·7420·2661·6d70·3b26·616d·703b·205b··dit·&amp;&amp;·[ 
000d6830:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren000d6810:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren
000d6840:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[000d6820:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[
000d6850:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont000d6830:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont
000d6860:·6169·6e65·7265·6e76·205d·3b20·7468·656e··ainerenv·];·then000d6840:·6169·6e65·7265·6e76·205d·2026·616d·703b··ainerenv·]·&amp;
 000d6850:·2661·6d70·3b20·7270·6d20·2d2d·7175·6965··&amp;·rpm·--quie
 000d6860:·7420·2d71·2061·7564·6974·3b20·7468·656e··t·-q·audit;·then
000d6870:·0a0a·4143·5449·4f4e·5f41·5243·485f·4649··..ACTION_ARCH_FI000d6870:·0a0a·4143·5449·4f4e·5f41·5243·485f·4649··..ACTION_ARCH_FI
000d6880:·4c54·4552·533d·222d·6120·616c·7761·7973··LTERS="-a·always000d6880:·4c54·4552·533d·222d·6120·616c·7761·7973··LTERS="-a·always
000d6890:·2c65·7869·7422·0a4f·5448·4552·5f46·494c··,exit".OTHER_FIL000d6890:·2c65·7869·7422·0a4f·5448·4552·5f46·494c··,exit".OTHER_FIL
000d68a0:·5445·5253·3d22·2d46·2070·6174·683d·2f75··TERS="-F·path=/u000d68a0:·5445·5253·3d22·2d46·2070·6174·683d·2f75··TERS="-F·path=/u
000d68b0:·7372·2f62·696e·2f73·7564·6f20·2d46·2070··sr/bin/sudo·-F·p000d68b0:·7372·2f62·696e·2f73·7564·6f20·2d46·2070··sr/bin/sudo·-F·p
000d68c0:·6572·6d3d·7822·0a41·5549·445f·4649·4c54··erm=x".AUID_FILT000d68c0:·6572·6d3d·7822·0a41·5549·445f·4649·4c54··erm=x".AUID_FILT
000d68d0:·4552·533d·222d·4620·6175·6964·2667·743b··ERS="-F·auid&gt;000d68d0:·4552·533d·222d·4620·6175·6964·2667·743b··ERS="-F·auid&gt;
1.76 KB
html2text {}
    
Offset 72, 15 lines modifiedOffset 72, 15 lines modified
72 ····*·cpe:/o:redhat:enterprise_linux:8.772 ····*·cpe:/o:redhat:enterprise_linux:8.7
73 ····*·cpe:/o:redhat:enterprise_linux:8.873 ····*·cpe:/o:redhat:enterprise_linux:8.8
74 ····*·cpe:/o:redhat:enterprise_linux:8.974 ····*·cpe:/o:redhat:enterprise_linux:8.9
75 ····*·cpe:/o:redhat:enterprise_linux:875 ····*·cpe:/o:redhat:enterprise_linux:8
76 ····*·cpe:/o:centos:centos:876 ····*·cpe:/o:centos:centos:8
77 *****·Revision·History·*****77 *****·Revision·History·*****
78 Current·version:·0.1.6578 Current·version:·0.1.65
79 ····*·draft·(as·of·2024-01-14)79 ····*·draft·(as·of·2025-02-15)
80 *****·Table·of·Contents·*****80 *****·Table·of·Contents·*****
81 ···1.·System_Settings81 ···1.·System_Settings
82 ·········1.·Installing_and_Maintaining_Software82 ·········1.·Installing_and_Maintaining_Software
83 ·········2.·Account_and_Access_Control83 ·········2.·Account_and_Access_Control
84 ·········3.·System_Accounting_with_auditd84 ·········3.·System_Accounting_with_auditd
85 ·········4.·GRUB2_bootloader_configuration85 ·········4.·GRUB2_bootloader_configuration
86 ·········5.·Configure_Syslog86 ·········5.·Configure_Syslog
Offset 8157, 16 lines modifiedOffset 8157, 16 lines modified
8157 ······line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x8157 ······line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x
8158 ········-F·auid>=1000·-F·auid!=unset·-F·key=privileged8158 ········-F·auid>=1000·-F·auid!=unset·-F·key=privileged
8159 ······create:·true8159 ······create:·true
8160 ······mode:·o-rwx8160 ······mode:·o-rwx
8161 ······state:·present8161 ······state:·present
8162 ····when:·syscalls_found·|·length·==·08162 ····when:·syscalls_found·|·length·==·0
8163 ··when:8163 ··when:
8164 ··-·'"audit"·in·ansible_facts.packages' 
8165 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8164 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 8165 ··-·'"audit"·in·ansible_facts.packages'
8166 ··tags:8166 ··tags:
8167 ··-·DISA-STIG-RHEL-08-0305508167 ··-·DISA-STIG-RHEL-08-030550
8168 ··-·NIST-800-171-3.1.78168 ··-·NIST-800-171-3.1.7
8169 ··-·NIST-800-53-AC-6(9)8169 ··-·NIST-800-53-AC-6(9)
8170 ··-·NIST-800-53-AU-12(c)8170 ··-·NIST-800-53-AU-12(c)
8171 ··-·NIST-800-53-AU-2(d)8171 ··-·NIST-800-53-AU-2(d)
8172 ··-·NIST-800-53-CM-6(a)8172 ··-·NIST-800-53-CM-6(a)
Offset 8174, 15 lines modifiedOffset 8174, 15 lines modified
8174 ··-·low_complexity8174 ··-·low_complexity
8175 ··-·low_disruption8175 ··-·low_disruption
8176 ··-·medium_severity8176 ··-·medium_severity
8177 ··-·no_reboot_needed8177 ··-·no_reboot_needed
8178 ··-·restrict_strategy8178 ··-·restrict_strategy
8179 Remediation_Shell_script_⇲8179 Remediation_Shell_script_⇲
8180 #·Remediation·is·applicable·only·in·certain·platforms8180 #·Remediation·is·applicable·only·in·certain·platforms
8181 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then8181 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
8182 ACTION_ARCH_FILTERS="-a·always,exit"8182 ACTION_ARCH_FILTERS="-a·always,exit"
8183 OTHER_FILTERS="-F·path=/usr/bin/sudo·-F·perm=x"8183 OTHER_FILTERS="-F·path=/usr/bin/sudo·-F·perm=x"
8184 AUID_FILTERS="-F·auid>=1000·-F·auid!=unset"8184 AUID_FILTERS="-F·auid>=1000·-F·auid!=unset"
8185 SYSCALL=""8185 SYSCALL=""
8186 KEY="privileged"8186 KEY="privileged"
8187 SYSCALL_GROUPING=""8187 SYSCALL_GROUPING=""
6.89 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-anssi_bp28_high.html
    
Offset 14553, 15 lines modifiedOffset 14553, 15 lines modified
00038d80:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v00038d80:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v
00038d90:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>00038d90:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>
00038da0:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><00038da0:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><
00038db0:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro00038db0:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro
00038dc0:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong00038dc0:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong
00038dd0:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············00038dd0:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············
00038de0:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·20200038de0:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·202
00038df0:·342d·3031·2d31·3429·0a20·2020·2020·2020··4-01-14).·······00038df0:·352d·3032·2d31·3529·0a20·2020·2020·2020··5-02-15).·······
00038e00:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></00038e00:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></
00038e10:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab00038e10:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab
00038e20:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</00038e20:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</
00038e30:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr00038e30:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr
00038e40:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s00038e40:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s
00038e50:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten00038e50:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten
00038e60:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">00038e60:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">
Offset 56867, 22 lines modifiedOffset 56867, 22 lines modified
000de220:·6765·640a·2020·2020·2020·6372·6561·7465··ged.······create000de220:·6765·640a·2020·2020·2020·6372·6561·7465··ged.······create
000de230:·3a20·7472·7565·0a20·2020·2020·206d·6f64··:·true.······mod000de230:·3a20·7472·7565·0a20·2020·2020·206d·6f64··:·true.······mod
000de240:·653a·206f·2d72·7778·0a20·2020·2020·2073··e:·o-rwx.······s000de240:·653a·206f·2d72·7778·0a20·2020·2020·2073··e:·o-rwx.······s
000de250:·7461·7465·3a20·7072·6573·656e·740a·2020··tate:·present.··000de250:·7461·7465·3a20·7072·6573·656e·740a·2020··tate:·present.··
000de260:·2020·7768·656e·3a20·7379·7363·616c·6c73····when:·syscalls000de260:·2020·7768·656e·3a20·7379·7363·616c·6c73····when:·syscalls
000de270:·5f66·6f75·6e64·207c·206c·656e·6774·6820··_found·|·length·000de270:·5f66·6f75·6e64·207c·206c·656e·6774·6820··_found·|·length·
000de280:·3d3d·2030·0a20·2077·6865·6e3a·0a20·202d··==·0.··when:.··-000de280:·3d3d·2030·0a20·2077·6865·6e3a·0a20·202d··==·0.··when:.··-
000de290:·2027·2261·7564·6974·2220·696e·2061·6e73···'"audit"·in·ans 
000de2a0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa 
000de2b0:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible 
000de2c0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_ 
000de2d0:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do 
000de2e0:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o 
000de2f0:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman" 
000de300:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·000de290:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
 000de2a0:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
 000de2b0:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
 000de2c0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
 000de2d0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
 000de2e0:·696e·6572·225d·0a20·202d·2027·2261·7564··iner"].··-·'"aud
 000de2f0:·6974·2220·696e·2061·6e73·6962·6c65·5f66··it"·in·ansible_f
 000de300:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
000de310:·2074·6167·733a·0a20·202d·2044·4953·412d···tags:.··-·DISA-000de310:·2074·6167·733a·0a20·202d·2044·4953·412d···tags:.··-·DISA-
000de320:·5354·4947·2d52·4845·4c2d·3038·2d30·3330··STIG-RHEL-08-030000de320:·5354·4947·2d52·4845·4c2d·3038·2d30·3330··STIG-RHEL-08-030
000de330:·3535·300a·2020·2d20·4e49·5354·2d38·3030··550.··-·NIST-800000de330:·3535·300a·2020·2d20·4e49·5354·2d38·3030··550.··-·NIST-800
000de340:·2d31·3731·2d33·2e31·2e37·0a20·202d·204e··-171-3.1.7.··-·N000de340:·2d31·3731·2d33·2e31·2e37·0a20·202d·204e··-171-3.1.7.··-·N
000de350:·4953·542d·3830·302d·3533·2d41·432d·3628··IST-800-53-AC-6(000de350:·4953·542d·3830·302d·3533·2d41·432d·3628··IST-800-53-AC-6(
000de360:·3929·0a20·202d·204e·4953·542d·3830·302d··9).··-·NIST-800-000de360:·3929·0a20·202d·204e·4953·542d·3830·302d··9).··-·NIST-800-
000de370:·3533·2d41·552d·3132·2863·290a·2020·2d20··53-AU-12(c).··-·000de370:·3533·2d41·552d·3132·2863·290a·2020·2d20··53-AU-12(c).··-·
Offset 56914, 21 lines modifiedOffset 56914, 21 lines modified
000de510:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan000de510:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan
000de520:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll000de520:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll
000de530:·6170·7365·2220·6964·3d22·6964·6d33·3538··apse"·id="idm358000de530:·6170·7365·2220·6964·3d22·6964·6d33·3538··apse"·id="idm358
000de540:·3431·223e·3c70·7265·3e3c·636f·6465·3e23··41"><pre><code>#000de540:·3431·223e·3c70·7265·3e3c·636f·6465·3e23··41"><pre><code>#
000de550:·2052·656d·6564·6961·7469·6f6e·2069·7320···Remediation·is·000de550:·2052·656d·6564·6961·7469·6f6e·2069·7320···Remediation·is·
000de560:·6170·706c·6963·6162·6c65·206f·6e6c·7920··applicable·only·000de560:·6170·706c·6963·6162·6c65·206f·6e6c·7920··applicable·only·
000de570:·696e·2063·6572·7461·696e·2070·6c61·7466··in·certain·platf000de570:·696e·2063·6572·7461·696e·2070·6c61·7466··in·certain·platf
000de580:·6f72·6d73·0a69·6620·7270·6d20·2d2d·7175··orms.if·rpm·--qu000de580:·6f72·6d73·0a69·6620·5b20·2120·2d66·202f··orms.if·[·!·-f·/
000de590:·6965·7420·2d71·2061·7564·6974·2026·616d··iet·-q·audit·&am000de590:·2e64·6f63·6b65·7265·6e76·205d·2026·616d··.dockerenv·]·&am
000de5a0:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/000de5a0:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/
000de5b0:·2e64·6f63·6b65·7265·6e76·205d·2026·616d··.dockerenv·]·&am 
000de5c0:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/ 
000de5d0:·7275·6e2f·2e63·6f6e·7461·696e·6572·656e··run/.containeren000de5b0:·7275·6e2f·2e63·6f6e·7461·696e·6572·656e··run/.containeren
 000de5c0:·7620·5d20·2661·6d70·3b26·616d·703b·2072··v·]·&amp;&amp;·r
 000de5d0:·706d·202d·2d71·7569·6574·202d·7120·6175··pm·--quiet·-q·au
000de5e0:·7620·5d3b·2074·6865·6e0a·0a41·4354·494f··v·];·then..ACTIO000de5e0:·6469·743b·2074·6865·6e0a·0a41·4354·494f··dit;·then..ACTIO
000de5f0:·4e5f·4152·4348·5f46·494c·5445·5253·3d22··N_ARCH_FILTERS="000de5f0:·4e5f·4152·4348·5f46·494c·5445·5253·3d22··N_ARCH_FILTERS="
000de600:·2d61·2061·6c77·6179·732c·6578·6974·220a··-a·always,exit".000de600:·2d61·2061·6c77·6179·732c·6578·6974·220a··-a·always,exit".
000de610:·4f54·4845·525f·4649·4c54·4552·533d·222d··OTHER_FILTERS="-000de610:·4f54·4845·525f·4649·4c54·4552·533d·222d··OTHER_FILTERS="-
000de620:·4620·7061·7468·3d2f·7573·722f·6269·6e2f··F·path=/usr/bin/000de620:·4620·7061·7468·3d2f·7573·722f·6269·6e2f··F·path=/usr/bin/
000de630:·7375·646f·202d·4620·7065·726d·3d78·220a··sudo·-F·perm=x".000de630:·7375·646f·202d·4620·7065·726d·3d78·220a··sudo·-F·perm=x".
000de640:·4155·4944·5f46·494c·5445·5253·3d22·2d46··AUID_FILTERS="-F000de640:·4155·4944·5f46·494c·5445·5253·3d22·2d46··AUID_FILTERS="-F
000de650:·2061·7569·6426·6774·3b3d·3130·3030·202d···auid&gt;=1000·-000de650:·2061·7569·6426·6774·3b3d·3130·3030·202d···auid&gt;=1000·-
1.76 KB
html2text {}
    
Offset 72, 15 lines modifiedOffset 72, 15 lines modified
72 ····*·cpe:/o:redhat:enterprise_linux:8.772 ····*·cpe:/o:redhat:enterprise_linux:8.7
73 ····*·cpe:/o:redhat:enterprise_linux:8.873 ····*·cpe:/o:redhat:enterprise_linux:8.8
74 ····*·cpe:/o:redhat:enterprise_linux:8.974 ····*·cpe:/o:redhat:enterprise_linux:8.9
75 ····*·cpe:/o:redhat:enterprise_linux:875 ····*·cpe:/o:redhat:enterprise_linux:8
76 ····*·cpe:/o:centos:centos:876 ····*·cpe:/o:centos:centos:8
77 *****·Revision·History·*****77 *****·Revision·History·*****
78 Current·version:·0.1.6578 Current·version:·0.1.65
79 ····*·draft·(as·of·2024-01-14)79 ····*·draft·(as·of·2025-02-15)
80 *****·Table·of·Contents·*****80 *****·Table·of·Contents·*****
81 ···1.·System_Settings81 ···1.·System_Settings
82 ·········1.·Installing_and_Maintaining_Software82 ·········1.·Installing_and_Maintaining_Software
83 ·········2.·Account_and_Access_Control83 ·········2.·Account_and_Access_Control
84 ·········3.·System_Accounting_with_auditd84 ·········3.·System_Accounting_with_auditd
85 ·········4.·GRUB2_bootloader_configuration85 ·········4.·GRUB2_bootloader_configuration
86 ·········5.·Configure_Syslog86 ·········5.·Configure_Syslog
Offset 8459, 16 lines modifiedOffset 8459, 16 lines modified
8459 ······line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x8459 ······line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x
8460 ········-F·auid>=1000·-F·auid!=unset·-F·key=privileged8460 ········-F·auid>=1000·-F·auid!=unset·-F·key=privileged
8461 ······create:·true8461 ······create:·true
8462 ······mode:·o-rwx8462 ······mode:·o-rwx
8463 ······state:·present8463 ······state:·present
8464 ····when:·syscalls_found·|·length·==·08464 ····when:·syscalls_found·|·length·==·0
8465 ··when:8465 ··when:
8466 ··-·'"audit"·in·ansible_facts.packages' 
8467 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8466 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 8467 ··-·'"audit"·in·ansible_facts.packages'
8468 ··tags:8468 ··tags:
8469 ··-·DISA-STIG-RHEL-08-0305508469 ··-·DISA-STIG-RHEL-08-030550
8470 ··-·NIST-800-171-3.1.78470 ··-·NIST-800-171-3.1.7
8471 ··-·NIST-800-53-AC-6(9)8471 ··-·NIST-800-53-AC-6(9)
8472 ··-·NIST-800-53-AU-12(c)8472 ··-·NIST-800-53-AU-12(c)
8473 ··-·NIST-800-53-AU-2(d)8473 ··-·NIST-800-53-AU-2(d)
8474 ··-·NIST-800-53-CM-6(a)8474 ··-·NIST-800-53-CM-6(a)
Offset 8476, 15 lines modifiedOffset 8476, 15 lines modified
8476 ··-·low_complexity8476 ··-·low_complexity
8477 ··-·low_disruption8477 ··-·low_disruption
8478 ··-·medium_severity8478 ··-·medium_severity
8479 ··-·no_reboot_needed8479 ··-·no_reboot_needed
8480 ··-·restrict_strategy8480 ··-·restrict_strategy
8481 Remediation_Shell_script_⇲8481 Remediation_Shell_script_⇲
8482 #·Remediation·is·applicable·only·in·certain·platforms8482 #·Remediation·is·applicable·only·in·certain·platforms
8483 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then8483 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
8484 ACTION_ARCH_FILTERS="-a·always,exit"8484 ACTION_ARCH_FILTERS="-a·always,exit"
8485 OTHER_FILTERS="-F·path=/usr/bin/sudo·-F·perm=x"8485 OTHER_FILTERS="-F·path=/usr/bin/sudo·-F·perm=x"
8486 AUID_FILTERS="-F·auid>=1000·-F·auid!=unset"8486 AUID_FILTERS="-F·auid>=1000·-F·auid!=unset"
8487 SYSCALL=""8487 SYSCALL=""
8488 KEY="privileged"8488 KEY="privileged"
8489 SYSCALL_GROUPING=""8489 SYSCALL_GROUPING=""
6.98 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-anssi_bp28_intermediary.html
    
Offset 14555, 15 lines modifiedOffset 14555, 15 lines modified
00038da0:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v00038da0:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v
00038db0:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>00038db0:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>
00038dc0:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><00038dc0:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><
00038dd0:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro00038dd0:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro
00038de0:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong00038de0:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong
00038df0:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············00038df0:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············
00038e00:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·20200038e00:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·202
00038e10:·342d·3031·2d31·3429·0a20·2020·2020·2020··4-01-14).·······00038e10:·352d·3032·2d31·3529·0a20·2020·2020·2020··5-02-15).·······
00038e20:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></00038e20:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></
00038e30:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab00038e30:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab
00038e40:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</00038e40:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</
00038e50:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr00038e50:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr
00038e60:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s00038e60:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s
00038e70:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten00038e70:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten
00038e80:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">00038e80:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">
Offset 52529, 23 lines modifiedOffset 52529, 23 lines modified
000cd300:·793d·7072·6976·696c·6567·6564·0a20·2020··y=privileged.···000cd300:·793d·7072·6976·696c·6567·6564·0a20·2020··y=privileged.···
000cd310:·2020·2063·7265·6174·653a·2074·7275·650a·····create:·true.000cd310:·2020·2063·7265·6174·653a·2074·7275·650a·····create:·true.
000cd320:·2020·2020·2020·6d6f·6465·3a20·6f2d·7277········mode:·o-rw000cd320:·2020·2020·2020·6d6f·6465·3a20·6f2d·7277········mode:·o-rw
000cd330:·780a·2020·2020·2020·7374·6174·653a·2070··x.······state:·p000cd330:·780a·2020·2020·2020·7374·6174·653a·2070··x.······state:·p
000cd340:·7265·7365·6e74·0a20·2020·2077·6865·6e3a··resent.····when:000cd340:·7265·7365·6e74·0a20·2020·2077·6865·6e3a··resent.····when:
000cd350:·2073·7973·6361·6c6c·735f·666f·756e·6420···syscalls_found·000cd350:·2073·7973·6361·6c6c·735f·666f·756e·6420···syscalls_found·
000cd360:·7c20·6c65·6e67·7468·203d·3d20·300a·2020··|·length·==·0.··000cd360:·7c20·6c65·6e67·7468·203d·3d20·300a·2020··|·length·==·0.··
000cd370:·7768·656e·3a0a·2020·2d20·2722·6175·6469··when:.··-·'"audi000cd370:·7768·656e·3a0a·2020·2d20·616e·7369·626c··when:.··-·ansibl
000cd380:·7422·2069·6e20·616e·7369·626c·655f·6661··t"·in·ansible_fa 
000cd390:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.·· 
000cd3a0:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua 
000cd3b0:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no 
000cd3c0:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",· 
000cd3d0:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz", 
000cd3e0:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont000cd380:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
 000cd390:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
 000cd3a0:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
 000cd3b0:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
 000cd3c0:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].
 000cd3d0:·2020·2d20·2722·6175·6469·7422·2069·6e20····-·'"audit"·in·
 000cd3e0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
000cd3f0:·6169·6e65·7222·5d0a·2020·7461·6773·3a0a··ainer"].··tags:.000cd3f0:·636b·6167·6573·270a·2020·7461·6773·3a0a··ckages'.··tags:.
000cd400:·2020·2d20·4449·5341·2d53·5449·472d·5248····-·DISA-STIG-RH000cd400:·2020·2d20·4449·5341·2d53·5449·472d·5248····-·DISA-STIG-RH
000cd410:·454c·2d30·382d·3033·3035·3530·0a20·202d··EL-08-030550.··-000cd410:·454c·2d30·382d·3033·3035·3530·0a20·202d··EL-08-030550.··-
000cd420:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.000cd420:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.
000cd430:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-800000cd430:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-800
000cd440:·2d35·332d·4143·2d36·2839·290a·2020·2d20··-53-AC-6(9).··-·000cd440:·2d35·332d·4143·2d36·2839·290a·2020·2d20··-53-AC-6(9).··-·
000cd450:·4e49·5354·2d38·3030·2d35·332d·4155·2d31··NIST-800-53-AU-1000cd450:·4e49·5354·2d38·3030·2d35·332d·4155·2d31··NIST-800-53-AU-1
000cd460:·3228·6329·0a20·202d·204e·4953·542d·3830··2(c).··-·NIST-80000cd460:·3228·6329·0a20·202d·204e·4953·542d·3830··2(c).··-·NIST-80
Offset 52577, 20 lines modifiedOffset 52577, 20 lines modified
000cd600:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll000cd600:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
000cd610:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i000cd610:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i
000cd620:·643d·2269·646d·3335·3834·3122·3e3c·7072··d="idm35841"><pr000cd620:·643d·2269·646d·3335·3834·3122·3e3c·7072··d="idm35841"><pr
000cd630:·653e·3c63·6f64·653e·2320·5265·6d65·6469··e><code>#·Remedi000cd630:·653e·3c63·6f64·653e·2320·5265·6d65·6469··e><code>#·Remedi
000cd640:·6174·696f·6e20·6973·2061·7070·6c69·6361··ation·is·applica000cd640:·6174·696f·6e20·6973·2061·7070·6c69·6361··ation·is·applica
000cd650:·626c·6520·6f6e·6c79·2069·6e20·6365·7274··ble·only·in·cert000cd650:·626c·6520·6f6e·6c79·2069·6e20·6365·7274··ble·only·in·cert
000cd660:·6169·6e20·706c·6174·666f·726d·730a·6966··ain·platforms.if000cd660:·6169·6e20·706c·6174·666f·726d·730a·6966··ain·platforms.if
000cd670:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q· 
000cd680:·6175·6469·7420·2661·6d70·3b26·616d·703b··audit·&amp;&amp; 
000cd690:·205b·2021·202d·6620·2f2e·646f·636b·6572···[·!·-f·/.docker000cd670:·205b·2021·202d·6620·2f2e·646f·636b·6572···[·!·-f·/.docker
000cd6a0:·656e·7620·5d20·2661·6d70·3b26·616d·703b··env·]·&amp;&amp;000cd680:·656e·7620·5d20·2661·6d70·3b26·616d·703b··env·]·&amp;&amp;
000cd6b0:·205b·2021·202d·6620·2f72·756e·2f2e·636f···[·!·-f·/run/.co000cd690:·205b·2021·202d·6620·2f72·756e·2f2e·636f···[·!·-f·/run/.co
000cd6c0:·6e74·6169·6e65·7265·6e76·205d·3b20·7468··ntainerenv·];·th000cd6a0:·6e74·6169·6e65·7265·6e76·205d·2026·616d··ntainerenv·]·&am
 000cd6b0:·703b·2661·6d70·3b20·7270·6d20·2d2d·7175··p;&amp;·rpm·--qu
 000cd6c0:·6965·7420·2d71·2061·7564·6974·3b20·7468··iet·-q·audit;·th
000cd6d0:·656e·0a0a·4143·5449·4f4e·5f41·5243·485f··en..ACTION_ARCH_000cd6d0:·656e·0a0a·4143·5449·4f4e·5f41·5243·485f··en..ACTION_ARCH_
000cd6e0:·4649·4c54·4552·533d·222d·6120·616c·7761··FILTERS="-a·alwa000cd6e0:·4649·4c54·4552·533d·222d·6120·616c·7761··FILTERS="-a·alwa
000cd6f0:·7973·2c65·7869·7422·0a4f·5448·4552·5f46··ys,exit".OTHER_F000cd6f0:·7973·2c65·7869·7422·0a4f·5448·4552·5f46··ys,exit".OTHER_F
000cd700:·494c·5445·5253·3d22·2d46·2070·6174·683d··ILTERS="-F·path=000cd700:·494c·5445·5253·3d22·2d46·2070·6174·683d··ILTERS="-F·path=
000cd710:·2f75·7372·2f62·696e·2f73·7564·6f20·2d46··/usr/bin/sudo·-F000cd710:·2f75·7372·2f62·696e·2f73·7564·6f20·2d46··/usr/bin/sudo·-F
000cd720:·2070·6572·6d3d·7822·0a41·5549·445f·4649···perm=x".AUID_FI000cd720:·2070·6572·6d3d·7822·0a41·5549·445f·4649···perm=x".AUID_FI
000cd730:·4c54·4552·533d·222d·4620·6175·6964·2667··LTERS="-F·auid&g000cd730:·4c54·4552·533d·222d·4620·6175·6964·2667··LTERS="-F·auid&g
1.76 KB
html2text {}
    
Offset 72, 15 lines modifiedOffset 72, 15 lines modified
72 ····*·cpe:/o:redhat:enterprise_linux:8.772 ····*·cpe:/o:redhat:enterprise_linux:8.7
73 ····*·cpe:/o:redhat:enterprise_linux:8.873 ····*·cpe:/o:redhat:enterprise_linux:8.8
74 ····*·cpe:/o:redhat:enterprise_linux:8.974 ····*·cpe:/o:redhat:enterprise_linux:8.9
75 ····*·cpe:/o:redhat:enterprise_linux:875 ····*·cpe:/o:redhat:enterprise_linux:8
76 ····*·cpe:/o:centos:centos:876 ····*·cpe:/o:centos:centos:8
77 *****·Revision·History·*****77 *****·Revision·History·*****
78 Current·version:·0.1.6578 Current·version:·0.1.65
79 ····*·draft·(as·of·2024-01-14)79 ····*·draft·(as·of·2025-02-15)
80 *****·Table·of·Contents·*****80 *****·Table·of·Contents·*****
81 ···1.·System_Settings81 ···1.·System_Settings
82 ·········1.·Installing_and_Maintaining_Software82 ·········1.·Installing_and_Maintaining_Software
83 ·········2.·Account_and_Access_Control83 ·········2.·Account_and_Access_Control
84 ·········3.·System_Accounting_with_auditd84 ·········3.·System_Accounting_with_auditd
85 ·········4.·Configure_Syslog85 ·········4.·Configure_Syslog
86 ·········5.·Network_Configuration_and_Firewalls86 ·········5.·Network_Configuration_and_Firewalls
Offset 7744, 16 lines modifiedOffset 7744, 16 lines modified
7744 ······line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x7744 ······line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x
7745 ········-F·auid>=1000·-F·auid!=unset·-F·key=privileged7745 ········-F·auid>=1000·-F·auid!=unset·-F·key=privileged
7746 ······create:·true7746 ······create:·true
7747 ······mode:·o-rwx7747 ······mode:·o-rwx
7748 ······state:·present7748 ······state:·present
7749 ····when:·syscalls_found·|·length·==·07749 ····when:·syscalls_found·|·length·==·0
7750 ··when:7750 ··when:
7751 ··-·'"audit"·in·ansible_facts.packages' 
7752 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]7751 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 7752 ··-·'"audit"·in·ansible_facts.packages'
7753 ··tags:7753 ··tags:
7754 ··-·DISA-STIG-RHEL-08-0305507754 ··-·DISA-STIG-RHEL-08-030550
7755 ··-·NIST-800-171-3.1.77755 ··-·NIST-800-171-3.1.7
7756 ··-·NIST-800-53-AC-6(9)7756 ··-·NIST-800-53-AC-6(9)
7757 ··-·NIST-800-53-AU-12(c)7757 ··-·NIST-800-53-AU-12(c)
7758 ··-·NIST-800-53-AU-2(d)7758 ··-·NIST-800-53-AU-2(d)
7759 ··-·NIST-800-53-CM-6(a)7759 ··-·NIST-800-53-CM-6(a)
Offset 7761, 15 lines modifiedOffset 7761, 15 lines modified
7761 ··-·low_complexity7761 ··-·low_complexity
7762 ··-·low_disruption7762 ··-·low_disruption
7763 ··-·medium_severity7763 ··-·medium_severity
7764 ··-·no_reboot_needed7764 ··-·no_reboot_needed
7765 ··-·restrict_strategy7765 ··-·restrict_strategy
7766 Remediation_Shell_script_⇲7766 Remediation_Shell_script_⇲
7767 #·Remediation·is·applicable·only·in·certain·platforms7767 #·Remediation·is·applicable·only·in·certain·platforms
7768 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then7768 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
7769 ACTION_ARCH_FILTERS="-a·always,exit"7769 ACTION_ARCH_FILTERS="-a·always,exit"
7770 OTHER_FILTERS="-F·path=/usr/bin/sudo·-F·perm=x"7770 OTHER_FILTERS="-F·path=/usr/bin/sudo·-F·perm=x"
7771 AUID_FILTERS="-F·auid>=1000·-F·auid!=unset"7771 AUID_FILTERS="-F·auid>=1000·-F·auid!=unset"
7772 SYSCALL=""7772 SYSCALL=""
7773 KEY="privileged"7773 KEY="privileged"
7774 SYSCALL_GROUPING=""7774 SYSCALL_GROUPING=""
1.95 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-anssi_bp28_minimal.html
    
Offset 14553, 16 lines modifiedOffset 14553, 16 lines modified
00038d80:·696f·6e20·4869·7374·6f72·793c·2f68·323e··ion·History</h2>00038d80:·696f·6e20·4869·7374·6f72·793c·2f68·323e··ion·History</h2>
00038d90:·3c70·3e43·7572·7265·6e74·2076·6572·7369··<p>Current·versi00038d90:·3c70·3e43·7572·7265·6e74·2076·6572·7369··<p>Current·versi
00038da0:·6f6e·3a20·3c73·7472·6f6e·673e·302e·312e··on:·<strong>0.1.00038da0:·6f6e·3a20·3c73·7472·6f6e·673e·302e·312e··on:·<strong>0.1.
00038db0:·3635·3c2f·7374·726f·6e67·3e3c·2f70·3e3c··65</strong></p><00038db0:·3635·3c2f·7374·726f·6e67·3e3c·2f70·3e3c··65</strong></p><
00038dc0:·756c·3e3c·6c69·3e3c·7374·726f·6e67·3e64··ul><li><strong>d00038dc0:·756c·3e3c·6c69·3e3c·7374·726f·6e67·3e64··ul><li><strong>d
00038dd0:·7261·6674·3c2f·7374·726f·6e67·3e0a·2020··raft</strong>.··00038dd0:·7261·6674·3c2f·7374·726f·6e67·3e0a·2020··raft</strong>.··
00038de0:·2020·2020·2020·2020·2020·2020·2020·2020··················00038de0:·2020·2020·2020·2020·2020·2020·2020·2020··················
00038df0:·2020·2861·7320·6f66·2032·3032·342d·3031····(as·of·2024-0100038df0:·2020·2861·7320·6f66·2032·3032·352d·3032····(as·of·2025-02
00038e00:·2d31·3429·0a20·2020·2020·2020·2020·2020··-14).···········00038e00:·2d31·3529·0a20·2020·2020·2020·2020·2020··-15).···········
00038e10:·2020·2020·203c·2f6c·693e·3c2f·756c·3e3c·······</li></ul><00038e10:·2020·2020·203c·2f6c·693e·3c2f·756c·3e3c·······</li></ul><
00038e20:·2f64·6976·3e3c·6832·3e54·6162·6c65·206f··/div><h2>Table·o00038e20:·2f64·6976·3e3c·6832·3e54·6162·6c65·206f··/div><h2>Table·o
00038e30:·6620·436f·6e74·656e·7473·3c2f·6832·3e3c··f·Contents</h2><00038e30:·6620·436f·6e74·656e·7473·3c2f·6832·3e3c··f·Contents</h2><
00038e40:·6f6c·3e3c·6c69·3e3c·6120·6872·6566·3d22··ol><li><a·href="00038e40:·6f6c·3e3c·6c69·3e3c·6120·6872·6566·3d22··ol><li><a·href="
00038e50:·2378·6363·6466·5f6f·7267·2e73·7367·7072··#xccdf_org.ssgpr00038e50:·2378·6363·6466·5f6f·7267·2e73·7367·7072··#xccdf_org.ssgpr
00038e60:·6f6a·6563·742e·636f·6e74·656e·745f·6772··oject.content_gr00038e60:·6f6a·6563·742e·636f·6e74·656e·745f·6772··oject.content_gr
00038e70:·6f75·705f·7379·7374·656d·223e·5379·7374··oup_system">Syst00038e70:·6f75·705f·7379·7374·656d·223e·5379·7374··oup_system">Syst
588 B
html2text {}
    
Offset 72, 15 lines modifiedOffset 72, 15 lines modified
72 ····*·cpe:/o:redhat:enterprise_linux:8.772 ····*·cpe:/o:redhat:enterprise_linux:8.7
73 ····*·cpe:/o:redhat:enterprise_linux:8.873 ····*·cpe:/o:redhat:enterprise_linux:8.8
74 ····*·cpe:/o:redhat:enterprise_linux:8.974 ····*·cpe:/o:redhat:enterprise_linux:8.9
75 ····*·cpe:/o:redhat:enterprise_linux:875 ····*·cpe:/o:redhat:enterprise_linux:8
76 ····*·cpe:/o:centos:centos:876 ····*·cpe:/o:centos:centos:8
77 *****·Revision·History·*****77 *****·Revision·History·*****
78 Current·version:·0.1.6578 Current·version:·0.1.65
79 ····*·draft·(as·of·2024-01-14)79 ····*·draft·(as·of·2025-02-15)
80 *****·Table·of·Contents·*****80 *****·Table·of·Contents·*****
81 ···1.·System_Settings81 ···1.·System_Settings
82 ·········1.·Installing_and_Maintaining_Software82 ·········1.·Installing_and_Maintaining_Software
83 ·········2.·Account_and_Access_Control83 ·········2.·Account_and_Access_Control
84 ·········3.·Configure_Syslog84 ·········3.·Configure_Syslog
85 ·········4.·File_Permissions_and_Masks85 ·········4.·File_Permissions_and_Masks
86 ···2.·Services86 ···2.·Services
836 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-cis.html
    
Offset 14546, 16 lines modifiedOffset 14546, 16 lines modified
00038d10:·696f·6e20·4869·7374·6f72·793c·2f68·323e··ion·History</h2>00038d10:·696f·6e20·4869·7374·6f72·793c·2f68·323e··ion·History</h2>
00038d20:·3c70·3e43·7572·7265·6e74·2076·6572·7369··<p>Current·versi00038d20:·3c70·3e43·7572·7265·6e74·2076·6572·7369··<p>Current·versi
00038d30:·6f6e·3a20·3c73·7472·6f6e·673e·302e·312e··on:·<strong>0.1.00038d30:·6f6e·3a20·3c73·7472·6f6e·673e·302e·312e··on:·<strong>0.1.
00038d40:·3635·3c2f·7374·726f·6e67·3e3c·2f70·3e3c··65</strong></p><00038d40:·3635·3c2f·7374·726f·6e67·3e3c·2f70·3e3c··65</strong></p><
00038d50:·756c·3e3c·6c69·3e3c·7374·726f·6e67·3e64··ul><li><strong>d00038d50:·756c·3e3c·6c69·3e3c·7374·726f·6e67·3e64··ul><li><strong>d
00038d60:·7261·6674·3c2f·7374·726f·6e67·3e0a·2020··raft</strong>.··00038d60:·7261·6674·3c2f·7374·726f·6e67·3e0a·2020··raft</strong>.··
00038d70:·2020·2020·2020·2020·2020·2020·2020·2020··················00038d70:·2020·2020·2020·2020·2020·2020·2020·2020··················
00038d80:·2020·2861·7320·6f66·2032·3032·342d·3031····(as·of·2024-0100038d80:·2020·2861·7320·6f66·2032·3032·352d·3032····(as·of·2025-02
00038d90:·2d31·3429·0a20·2020·2020·2020·2020·2020··-14).···········00038d90:·2d31·3529·0a20·2020·2020·2020·2020·2020··-15).···········
00038da0:·2020·2020·203c·2f6c·693e·3c2f·756c·3e3c·······</li></ul><00038da0:·2020·2020·203c·2f6c·693e·3c2f·756c·3e3c·······</li></ul><
00038db0:·2f64·6976·3e3c·6832·3e54·6162·6c65·206f··/div><h2>Table·o00038db0:·2f64·6976·3e3c·6832·3e54·6162·6c65·206f··/div><h2>Table·o
00038dc0:·6620·436f·6e74·656e·7473·3c2f·6832·3e3c··f·Contents</h2><00038dc0:·6620·436f·6e74·656e·7473·3c2f·6832·3e3c··f·Contents</h2><
00038dd0:·6f6c·3e3c·6c69·3e3c·6120·6872·6566·3d22··ol><li><a·href="00038dd0:·6f6c·3e3c·6c69·3e3c·6120·6872·6566·3d22··ol><li><a·href="
00038de0:·2378·6363·6466·5f6f·7267·2e73·7367·7072··#xccdf_org.ssgpr00038de0:·2378·6363·6466·5f6f·7267·2e73·7367·7072··#xccdf_org.ssgpr
00038df0:·6f6a·6563·742e·636f·6e74·656e·745f·6772··oject.content_gr00038df0:·6f6a·6563·742e·636f·6e74·656e·745f·6772··oject.content_gr
00038e00:·6f75·705f·7379·7374·656d·223e·5379·7374··oup_system">Syst00038e00:·6f75·705f·7379·7374·656d·223e·5379·7374··oup_system">Syst
Offset 62460, 23 lines modifiedOffset 62460, 23 lines modified
000f3fb0:·6571·7569·7265·640a·2020·2d20·7265·7374··equired.··-·rest000f3fb0:·6571·7569·7265·640a·2020·2d20·7265·7374··equired.··-·rest
000f3fc0:·7269·6374·5f73·7472·6174·6567·790a·0a2d··rict_strategy..-000f3fc0:·7269·6374·5f73·7472·6174·6567·790a·0a2d··rict_strategy..-
000f3fd0:·206e·616d·653a·2053·6574·2061·7263·6869···name:·Set·archi000f3fd0:·206e·616d·653a·2053·6574·2061·7263·6869···name:·Set·archi
000f3fe0:·7465·6374·7572·6520·666f·7220·6175·6469··tecture·for·audi000f3fe0:·7465·6374·7572·6520·666f·7220·6175·6469··tecture·for·audi
000f3ff0:·7420·6368·6d6f·6420·7461·736b·730a·2020··t·chmod·tasks.··000f3ff0:·7420·6368·6d6f·6420·7461·736b·730a·2020··t·chmod·tasks.··
000f4000:·7365·745f·6661·6374·3a0a·2020·2020·6175··set_fact:.····au000f4000:·7365·745f·6661·6374·3a0a·2020·2020·6175··set_fact:.····au
000f4010:·6469·745f·6172·6368·3a20·6236·340a·2020··dit_arch:·b64.··000f4010:·6469·745f·6172·6368·3a20·6236·340a·2020··dit_arch:·b64.··
000f4020:·7768·656e·3a0a·2020·2d20·2722·6175·6469··when:.··-·'"audi000f4020:·7768·656e·3a0a·2020·2d20·616e·7369·626c··when:.··-·ansibl
000f4030:·7422·2069·6e20·616e·7369·626c·655f·6661··t"·in·ansible_fa 
000f4040:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.·· 
000f4050:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua 
000f4060:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no 
000f4070:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",· 
000f4080:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz", 
000f4090:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont000f4030:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
 000f4040:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
 000f4050:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
 000f4060:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
 000f4070:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].
 000f4080:·2020·2d20·2722·6175·6469·7422·2069·6e20····-·'"audit"·in·
 000f4090:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
000f40a0:·6169·6e65·7222·5d0a·2020·2d20·616e·7369··ainer"].··-·ansi000f40a0:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi
000f40b0:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture000f40b0:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture
000f40c0:·203d·3d20·2261·6172·6368·3634·2220·6f72···==·"aarch64"·or000f40c0:·203d·3d20·2261·6172·6368·3634·2220·6f72···==·"aarch64"·or
000f40d0:·2061·6e73·6962·6c65·5f61·7263·6869·7465···ansible_archite000f40d0:·2061·6e73·6962·6c65·5f61·7263·6869·7465···ansible_archite
000f40e0:·6374·7572·6520·3d3d·2022·7070·6336·3422··cture·==·"ppc64"000f40e0:·6374·7572·6520·3d3d·2022·7070·6336·3422··cture·==·"ppc64"
000f40f0:·206f·7220·616e·7369·626c·655f·6172·6368···or·ansible_arch000f40f0:·206f·7220·616e·7369·626c·655f·6172·6368···or·ansible_arch
000f4100:·6974·6563·7475·7265·0a20·2020·203d·3d20··itecture.····==·000f4100:·6974·6563·7475·7265·0a20·2020·203d·3d20··itecture.····==·
000f4110:·2270·7063·3634·6c65·2220·6f72·2061·6e73··"ppc64le"·or·ans000f4110:·2270·7063·3634·6c65·2220·6f72·2061·6e73··"ppc64le"·or·ans
Offset 62783, 23 lines modifiedOffset 62783, 23 lines modified
000f53e0:·2d46·206b·6579·3d70·6572·6d5f·6d6f·640a··-F·key=perm_mod.000f53e0:·2d46·206b·6579·3d70·6572·6d5f·6d6f·640a··-F·key=perm_mod.
000f53f0:·2020·2020·2020·6372·6561·7465·3a20·7472········create:·tr000f53f0:·2020·2020·2020·6372·6561·7465·3a20·7472········create:·tr
000f5400:·7565·0a20·2020·2020·206d·6f64·653a·206f··ue.······mode:·o000f5400:·7565·0a20·2020·2020·206d·6f64·653a·206f··ue.······mode:·o
000f5410:·2d72·7778·0a20·2020·2020·2073·7461·7465··-rwx.······state000f5410:·2d72·7778·0a20·2020·2020·2073·7461·7465··-rwx.······state
000f5420:·3a20·7072·6573·656e·740a·2020·2020·7768··:·present.····wh000f5420:·3a20·7072·6573·656e·740a·2020·2020·7768··:·present.····wh
000f5430:·656e·3a20·7379·7363·616c·6c73·5f66·6f75··en:·syscalls_fou000f5430:·656e·3a20·7379·7363·616c·6c73·5f66·6f75··en:·syscalls_fou
000f5440:·6e64·207c·206c·656e·6774·6820·3d3d·2030··nd·|·length·==·0000f5440:·6e64·207c·206c·656e·6774·6820·3d3d·2030··nd·|·length·==·0
000f5450:·0a20·2077·6865·6e3a·0a20·202d·2027·2261··.··when:.··-·'"a000f5450:·0a20·2077·6865·6e3a·0a20·202d·2061·6e73··.··when:.··-·ans
000f5460:·7564·6974·2220·696e·2061·6e73·6962·6c65··udit"·in·ansible 
000f5470:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages' 
000f5480:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir 
000f5490:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type 
000f54a0:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker 
000f54b0:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv 
000f54c0:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c 
000f54d0:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag000f5460:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
 000f5470:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
 000f5480:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
 000f5490:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
 000f54a0:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
 000f54b0:·225d·0a20·202d·2027·2261·7564·6974·2220··"].··-·'"audit"·
 000f54c0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 000f54d0:·2e70·6163·6b61·6765·7327·0a20·2074·6167··.packages'.··tag
000f54e0:·733a·0a20·202d·2043·4a49·532d·352e·342e··s:.··-·CJIS-5.4.000f54e0:·733a·0a20·202d·2043·4a49·532d·352e·342e··s:.··-·CJIS-5.4.
000f54f0:·312e·310a·2020·2d20·4449·5341·2d53·5449··1.1.··-·DISA-STI000f54f0:·312e·310a·2020·2d20·4449·5341·2d53·5449··1.1.··-·DISA-STI
000f5500:·472d·5248·454c·2d30·382d·3033·3034·3930··G-RHEL-08-030490000f5500:·472d·5248·454c·2d30·382d·3033·3034·3930··G-RHEL-08-030490
000f5510:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17000f5510:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17
000f5520:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST000f5520:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST
000f5530:·2d38·3030·2d35·332d·4155·2d31·3228·6329··-800-53-AU-12(c)000f5530:·2d38·3030·2d35·332d·4155·2d31·3228·6329··-800-53-AU-12(c)
000f5540:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53000f5540:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
Offset 63095, 23 lines modifiedOffset 63095, 23 lines modified
000f6760:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······000f6760:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······
000f6770:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···000f6770:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···
000f6780:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·000f6780:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·
000f6790:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres000f6790:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres
000f67a0:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy000f67a0:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy
000f67b0:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l000f67b0:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l
000f67c0:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe000f67c0:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe
000f67d0:·6e3a·0a20·202d·2027·2261·7564·6974·2220··n:.··-·'"audit"· 
000f67e0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
000f67f0:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a 
000f6800:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz 
000f6810:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i 
000f6820:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx 
000f6830:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p 
000f6840:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain000f67d0:·6e3a·0a20·202d·2061·6e73·6962·6c65·5f76··n:.··-·ansible_v
 000f67e0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
 000f67f0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
 000f6800:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
 000f6810:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
 000f6820:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··-
 000f6830:·2027·2261·7564·6974·2220·696e·2061·6e73···'"audit"·in·ans
 000f6840:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
000f6850:·6572·225d·0a20·202d·2061·7564·6974·5f61··er"].··-·audit_a000f6850:·6765·7327·0a20·202d·2061·7564·6974·5f61··ges'.··-·audit_a
000f6860:·7263·6820·3d3d·2022·6236·3422·0a20·2074··rch·==·"b64".··t000f6860:·7263·6820·3d3d·2022·6236·3422·0a20·2074··rch·==·"b64".··t
000f6870:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.000f6870:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.
000f6880:·342e·312e·310a·2020·2d20·4449·5341·2d53··4.1.1.··-·DISA-S000f6880:·342e·312e·310a·2020·2d20·4449·5341·2d53··4.1.1.··-·DISA-S
000f6890:·5449·472d·5248·454c·2d30·382d·3033·3034··TIG-RHEL-08-0304000f6890:·5449·472d·5248·454c·2d30·382d·3033·3034··TIG-RHEL-08-0304
000f68a0:·3930·0a20·202d·204e·4953·542d·3830·302d··90.··-·NIST-800-000f68a0:·3930·0a20·202d·204e·4953·542d·3830·302d··90.··-·NIST-800-
000f68b0:·3137·312d·332e·312e·370a·2020·2d20·4e49··171-3.1.7.··-·NI000f68b0:·3137·312d·332e·312e·370a·2020·2d20·4e49··171-3.1.7.··-·NI
000f68c0:·5354·2d38·3030·2d35·332d·4155·2d31·3228··ST-800-53-AU-12(000f68c0:·5354·2d38·3030·2d35·332d·4155·2d31·3228··ST-800-53-AU-12(
Offset 63145, 20 lines modifiedOffset 63145, 20 lines modified
000f6a80:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co000f6a80:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
000f6a90:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"000f6a90:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
000f6aa0:·2069·643d·2269·646d·3235·3339·3022·3e3c···id="idm25390"><000f6aa0:·2069·643d·2269·646d·3235·3339·3022·3e3c···id="idm25390"><
000f6ab0:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme000f6ab0:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme
000f6ac0:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli000f6ac0:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli
000f6ad0:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce000f6ad0:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce
000f6ae0:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.000f6ae0:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.
000f6af0:·6966·2072·706d·202d·2d71·7569·6574·202d··if·rpm·--quiet·- 
000f6b00:·7120·6175·6469·7420·2661·6d70·3b26·616d··q·audit·&amp;&am 
000f6b10:·703b·205b·2021·202d·6620·2f2e·646f·636b··p;·[·!·-f·/.dock000f6af0:·6966·205b·2021·202d·6620·2f2e·646f·636b··if·[·!·-f·/.dock
000f6b20:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am000f6b00:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am
000f6b30:·703b·205b·2021·202d·6620·2f72·756e·2f2e··p;·[·!·-f·/run/.000f6b10:·703b·205b·2021·202d·6620·2f72·756e·2f2e··p;·[·!·-f·/run/.
000f6b40:·636f·6e74·6169·6e65·7265·6e76·205d·3b20··containerenv·];·000f6b20:·636f·6e74·6169·6e65·7265·6e76·205d·2026··containerenv·]·&
 000f6b30:·616d·703b·2661·6d70·3b20·7270·6d20·2d2d··amp;&amp;·rpm·--
 000f6b40:·7175·6965·7420·2d71·2061·7564·6974·3b20··quiet·-q·audit;·
000f6b50:·7468·656e·0a0a·2320·4669·7273·7420·7065··then..#·First·pe000f6b50:·7468·656e·0a0a·2320·4669·7273·7420·7065··then..#·First·pe
000f6b60:·7266·6f72·6d20·7468·6520·7265·6d65·6469··rform·the·remedi000f6b60:·7266·6f72·6d20·7468·6520·7265·6d65·6469··rform·the·remedi
000f6b70:·6174·696f·6e20·6f66·2074·6865·2073·7973··ation·of·the·sys000f6b70:·6174·696f·6e20·6f66·2074·6865·2073·7973··ation·of·the·sys
Max diff block lines reached; 651862/661445 bytes (98.55%) of diff not shown.
190 KB
html2text {}
    
Offset 70, 15 lines modifiedOffset 70, 15 lines modified
70 ····*·cpe:/o:redhat:enterprise_linux:8.770 ····*·cpe:/o:redhat:enterprise_linux:8.7
71 ····*·cpe:/o:redhat:enterprise_linux:8.871 ····*·cpe:/o:redhat:enterprise_linux:8.8
72 ····*·cpe:/o:redhat:enterprise_linux:8.972 ····*·cpe:/o:redhat:enterprise_linux:8.9
73 ····*·cpe:/o:redhat:enterprise_linux:873 ····*·cpe:/o:redhat:enterprise_linux:8
74 ····*·cpe:/o:centos:centos:874 ····*·cpe:/o:centos:centos:8
75 *****·Revision·History·*****75 *****·Revision·History·*****
76 Current·version:·0.1.6576 Current·version:·0.1.65
77 ····*·draft·(as·of·2024-01-14)77 ····*·draft·(as·of·2025-02-15)
78 *****·Table·of·Contents·*****78 *****·Table·of·Contents·*****
79 ···1.·System_Settings79 ···1.·System_Settings
80 ·········1.·Installing_and_Maintaining_Software80 ·········1.·Installing_and_Maintaining_Software
81 ·········2.·Account_and_Access_Control81 ·········2.·Account_and_Access_Control
82 ·········3.·System_Accounting_with_auditd82 ·········3.·System_Accounting_with_auditd
83 ·········4.·GRUB2_bootloader_configuration83 ·········4.·GRUB2_bootloader_configuration
84 ·········5.·Configure_Syslog84 ·········5.·Configure_Syslog
Offset 8266, 16 lines modifiedOffset 8266, 16 lines modified
8266 ··-·reboot_required8266 ··-·reboot_required
8267 ··-·restrict_strategy8267 ··-·restrict_strategy
  
8268 -·name:·Set·architecture·for·audit·chmod·tasks8268 -·name:·Set·architecture·for·audit·chmod·tasks
8269 ··set_fact:8269 ··set_fact:
8270 ····audit_arch:·b648270 ····audit_arch:·b64
8271 ··when:8271 ··when:
8272 ··-·'"audit"·in·ansible_facts.packages' 
8273 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8272 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 8273 ··-·'"audit"·in·ansible_facts.packages'
8274 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture8274 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
8275 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"8275 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
8276 ··tags:8276 ··tags:
8277 ··-·CJIS-5.4.1.18277 ··-·CJIS-5.4.1.1
8278 ··-·DISA-STIG-RHEL-08-0304908278 ··-·DISA-STIG-RHEL-08-030490
8279 ··-·NIST-800-171-3.1.78279 ··-·NIST-800-171-3.1.7
8280 ··-·NIST-800-53-AU-12(c)8280 ··-·NIST-800-53-AU-12(c)
Offset 8412, 16 lines modifiedOffset 8412, 16 lines modified
8412 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10008412 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
8413 ········-F·auid!=unset·-F·key=perm_mod8413 ········-F·auid!=unset·-F·key=perm_mod
8414 ······create:·true8414 ······create:·true
8415 ······mode:·o-rwx8415 ······mode:·o-rwx
8416 ······state:·present8416 ······state:·present
8417 ····when:·syscalls_found·|·length·==·08417 ····when:·syscalls_found·|·length·==·0
8418 ··when:8418 ··when:
8419 ··-·'"audit"·in·ansible_facts.packages' 
8420 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8419 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 8420 ··-·'"audit"·in·ansible_facts.packages'
8421 ··tags:8421 ··tags:
8422 ··-·CJIS-5.4.1.18422 ··-·CJIS-5.4.1.1
8423 ··-·DISA-STIG-RHEL-08-0304908423 ··-·DISA-STIG-RHEL-08-030490
8424 ··-·NIST-800-171-3.1.78424 ··-·NIST-800-171-3.1.7
8425 ··-·NIST-800-53-AU-12(c)8425 ··-·NIST-800-53-AU-12(c)
8426 ··-·NIST-800-53-AU-2(d)8426 ··-·NIST-800-53-AU-2(d)
8427 ··-·NIST-800-53-CM-6(a)8427 ··-·NIST-800-53-CM-6(a)
Offset 8556, 16 lines modifiedOffset 8556, 16 lines modified
8556 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10008556 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
8557 ········-F·auid!=unset·-F·key=perm_mod8557 ········-F·auid!=unset·-F·key=perm_mod
8558 ······create:·true8558 ······create:·true
8559 ······mode:·o-rwx8559 ······mode:·o-rwx
8560 ······state:·present8560 ······state:·present
8561 ····when:·syscalls_found·|·length·==·08561 ····when:·syscalls_found·|·length·==·0
8562 ··when:8562 ··when:
8563 ··-·'"audit"·in·ansible_facts.packages' 
8564 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8563 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 8564 ··-·'"audit"·in·ansible_facts.packages'
8565 ··-·audit_arch·==·"b64"8565 ··-·audit_arch·==·"b64"
8566 ··tags:8566 ··tags:
8567 ··-·CJIS-5.4.1.18567 ··-·CJIS-5.4.1.1
8568 ··-·DISA-STIG-RHEL-08-0304908568 ··-·DISA-STIG-RHEL-08-030490
8569 ··-·NIST-800-171-3.1.78569 ··-·NIST-800-171-3.1.7
8570 ··-·NIST-800-53-AU-12(c)8570 ··-·NIST-800-53-AU-12(c)
8571 ··-·NIST-800-53-AU-2(d)8571 ··-·NIST-800-53-AU-2(d)
Offset 8575, 15 lines modifiedOffset 8575, 15 lines modified
8575 ··-·low_complexity8575 ··-·low_complexity
8576 ··-·low_disruption8576 ··-·low_disruption
8577 ··-·medium_severity8577 ··-·medium_severity
8578 ··-·reboot_required8578 ··-·reboot_required
8579 ··-·restrict_strategy8579 ··-·restrict_strategy
8580 Remediation_Shell_script_⇲8580 Remediation_Shell_script_⇲
8581 #·Remediation·is·applicable·only·in·certain·platforms8581 #·Remediation·is·applicable·only·in·certain·platforms
8582 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then8582 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
8583 #·First·perform·the·remediation·of·the·syscall·rule8583 #·First·perform·the·remediation·of·the·syscall·rule
8584 #·Retrieve·hardware·architecture·of·the·underlying·system8584 #·Retrieve·hardware·architecture·of·the·underlying·system
8585 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")8585 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
8586 for·ARCH·in·"${RULE_ARCHS[@]}"8586 for·ARCH·in·"${RULE_ARCHS[@]}"
8587 do8587 do
Offset 8944, 16 lines modifiedOffset 8944, 16 lines modified
8944 ··-·reboot_required8944 ··-·reboot_required
8945 ··-·restrict_strategy8945 ··-·restrict_strategy
  
8946 -·name:·Set·architecture·for·audit·chown·tasks8946 -·name:·Set·architecture·for·audit·chown·tasks
8947 ··set_fact:8947 ··set_fact:
8948 ····audit_arch:·b648948 ····audit_arch:·b64
8949 ··when:8949 ··when:
8950 ··-·'"audit"·in·ansible_facts.packages' 
8951 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8950 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 8951 ··-·'"audit"·in·ansible_facts.packages'
8952 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture8952 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
8953 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"8953 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
8954 ··tags:8954 ··tags:
8955 ··-·CJIS-5.4.1.18955 ··-·CJIS-5.4.1.1
8956 ··-·DISA-STIG-RHEL-08-0304808956 ··-·DISA-STIG-RHEL-08-030480
8957 ··-·NIST-800-171-3.1.78957 ··-·NIST-800-171-3.1.7
8958 ··-·NIST-800-53-AU-12(c)8958 ··-·NIST-800-53-AU-12(c)
Offset 9092, 16 lines modifiedOffset 9092, 16 lines modified
9092 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10009092 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
9093 ········-F·auid!=unset·-F·key=perm_mod9093 ········-F·auid!=unset·-F·key=perm_mod
9094 ······create:·true9094 ······create:·true
9095 ······mode:·o-rwx9095 ······mode:·o-rwx
9096 ······state:·present9096 ······state:·present
9097 ····when:·syscalls_found·|·length·==·09097 ····when:·syscalls_found·|·length·==·0
9098 ··when:9098 ··when:
9099 ··-·'"audit"·in·ansible_facts.packages' 
9100 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]9099 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 9100 ··-·'"audit"·in·ansible_facts.packages'
9101 ··tags:9101 ··tags:
9102 ··-·CJIS-5.4.1.19102 ··-·CJIS-5.4.1.1
9103 ··-·DISA-STIG-RHEL-08-0304809103 ··-·DISA-STIG-RHEL-08-030480
9104 ··-·NIST-800-171-3.1.79104 ··-·NIST-800-171-3.1.7
9105 ··-·NIST-800-53-AU-12(c)9105 ··-·NIST-800-53-AU-12(c)
9106 ··-·NIST-800-53-AU-2(d)9106 ··-·NIST-800-53-AU-2(d)
9107 ··-·NIST-800-53-CM-6(a)9107 ··-·NIST-800-53-CM-6(a)
Offset 9238, 16 lines modifiedOffset 9238, 16 lines modified
9238 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10009238 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
9239 ········-F·auid!=unset·-F·key=perm_mod9239 ········-F·auid!=unset·-F·key=perm_mod
9240 ······create:·true9240 ······create:·true
9241 ······mode:·o-rwx9241 ······mode:·o-rwx
9242 ······state:·present9242 ······state:·present
Max diff block lines reached; 189972/194456 bytes (97.69%) of diff not shown.
91.1 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-cis_server_l1.html
    
Offset 14547, 15 lines modifiedOffset 14547, 15 lines modified
00038d20:·7374·6f72·793c·2f68·323e·3c70·3e43·7572··story</h2><p>Cur00038d20:·7374·6f72·793c·2f68·323e·3c70·3e43·7572··story</h2><p>Cur
00038d30:·7265·6e74·2076·6572·7369·6f6e·3a20·3c73··rent·version:·<s00038d30:·7265·6e74·2076·6572·7369·6f6e·3a20·3c73··rent·version:·<s
00038d40:·7472·6f6e·673e·302e·312e·3635·3c2f·7374··trong>0.1.65</st00038d40:·7472·6f6e·673e·302e·312e·3635·3c2f·7374··trong>0.1.65</st
00038d50:·726f·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69··rong></p><ul><li00038d50:·726f·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69··rong></p><ul><li
00038d60:·3e3c·7374·726f·6e67·3e64·7261·6674·3c2f··><strong>draft</00038d60:·3e3c·7374·726f·6e67·3e64·7261·6674·3c2f··><strong>draft</
00038d70:·7374·726f·6e67·3e0a·2020·2020·2020·2020··strong>.········00038d70:·7374·726f·6e67·3e0a·2020·2020·2020·2020··strong>.········
00038d80:·2020·2020·2020·2020·2020·2020·2861·7320··············(as·00038d80:·2020·2020·2020·2020·2020·2020·2861·7320··············(as·
00038d90:·6f66·2032·3032·342d·3031·2d31·3429·0a20··of·2024-01-14).·00038d90:·6f66·2032·3032·352d·3032·2d31·3529·0a20··of·2025-02-15).·
00038da0:·2020·2020·2020·2020·2020·2020·2020·203c·················<00038da0:·2020·2020·2020·2020·2020·2020·2020·203c·················<
00038db0:·2f6c·693e·3c2f·756c·3e3c·2f64·6976·3e3c··/li></ul></div><00038db0:·2f6c·693e·3c2f·756c·3e3c·2f64·6976·3e3c··/li></ul></div><
00038dc0:·6832·3e54·6162·6c65·206f·6620·436f·6e74··h2>Table·of·Cont00038dc0:·6832·3e54·6162·6c65·206f·6620·436f·6e74··h2>Table·of·Cont
00038dd0:·656e·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69··ents</h2><ol><li00038dd0:·656e·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69··ents</h2><ol><li
00038de0:·3e3c·6120·6872·6566·3d22·2378·6363·6466··><a·href="#xccdf00038de0:·3e3c·6120·6872·6566·3d22·2378·6363·6466··><a·href="#xccdf
00038df0:·5f6f·7267·2e73·7367·7072·6f6a·6563·742e··_org.ssgproject.00038df0:·5f6f·7267·2e73·7367·7072·6f6a·6563·742e··_org.ssgproject.
00038e00:·636f·6e74·656e·745f·6772·6f75·705f·7379··content_group_sy00038e00:·636f·6e74·656e·745f·6772·6f75·705f·7379··content_group_sy
Offset 59536, 22 lines modifiedOffset 59536, 22 lines modified
000e88f0:·6e61·6d65·3a20·5465·7374·2066·6f72·2065··name:·Test·for·e000e88f0:·6e61·6d65·3a20·5465·7374·2066·6f72·2065··name:·Test·for·e
000e8900:·7869·7374·656e·6365·202f·626f·6f74·2f67··xistence·/boot/g000e8900:·7869·7374·656e·6365·202f·626f·6f74·2f67··xistence·/boot/g
000e8910:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··000e8910:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··
000e8920:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:·000e8920:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:·
000e8930:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub000e8930:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
000e8940:·2e63·6667·0a20·2072·6567·6973·7465·723a··.cfg.··register:000e8940:·2e63·6667·0a20·2072·6567·6973·7465·723a··.cfg.··register:
000e8950:·2066·696c·655f·6578·6973·7473·0a20·2077···file_exists.··w000e8950:·2066·696c·655f·6578·6973·7473·0a20·2077···file_exists.··w
000e8960:·6865·6e3a·0a20·202d·2027·2267·7275·6232··hen:.··-·'"grub2000e8960:·6865·6e3a·0a20·202d·2027·222f·626f·6f74··hen:.··-·'"/boot
000e8970:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi 
000e8980:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag 
000e8990:·6573·270a·2020·2d20·2722·2f62·6f6f·742f··es'.··-·'"/boot/ 
000e89a0:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi 
000e89b0:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map 
000e89c0:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun 
000e89d0:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-·000e8970:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans
 000e8980:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma
 000e8990:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou
 000e89a0:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··-
 000e89b0:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common"
 000e89c0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 000e89d0:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·
000e89e0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali000e89e0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
000e89f0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·000e89f0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
000e8a00:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l000e8a00:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
000e8a10:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"000e8a10:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
000e8a20:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai000e8a20:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
000e8a30:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··000e8a30:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··
000e8a40:·2d20·434a·4953·2d35·2e35·2e32·2e32·0a20··-·CJIS-5.5.2.2.·000e8a40:·2d20·434a·4953·2d35·2e35·2e32·2e32·0a20··-·CJIS-5.5.2.2.·
Offset 59572, 22 lines modifiedOffset 59572, 22 lines modified
000e8b30:·206e·616d·653a·2045·6e73·7572·6520·6772···name:·Ensure·gr000e8b30:·206e·616d·653a·2045·6e73·7572·6520·6772···name:·Ensure·gr
000e8b40:·6f75·7020·6f77·6e65·7220·3020·6f6e·202f··oup·owner·0·on·/000e8b40:·6f75·7020·6f77·6e65·7220·3020·6f6e·202f··oup·owner·0·on·/
000e8b50:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.000e8b50:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
000e8b60:·6366·670a·2020·6669·6c65·3a0a·2020·2020··cfg.··file:.····000e8b60:·6366·670a·2020·6669·6c65·3a0a·2020·2020··cfg.··file:.····
000e8b70:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub000e8b70:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub
000e8b80:·322f·6772·7562·2e63·6667·0a20·2020·2067··2/grub.cfg.····g000e8b80:·322f·6772·7562·2e63·6667·0a20·2020·2067··2/grub.cfg.····g
000e8b90:·726f·7570·3a20·2730·270a·2020·7768·656e··roup:·'0'.··when000e8b90:·726f·7570·3a20·2730·270a·2020·7768·656e··roup:·'0'.··when
000e8ba0:·3a0a·2020·2d20·2722·6772·7562·322d·636f··:.··-·'"grub2-co 
000e8bb0:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible 
000e8bc0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages' 
000e8bd0:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi 
000e8be0:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible 
000e8bf0:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at 
000e8c00:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount") 
000e8c10:·207c·206c·6973·7427·0a20·202d·2061·6e73···|·list'.··-·ans000e8ba0:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef
 000e8bb0:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl
 000e8bc0:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a
 000e8bd0:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount"
 000e8be0:·2920·7c20·6c69·7374·270a·2020·2d20·2722··)·|·list'.··-·'"
 000e8bf0:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in
 000e8c00:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p
 000e8c10:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans
000e8c20:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat000e8c20:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
000e8c30:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·000e8c30:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
000e8c40:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"000e8c40:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
000e8c50:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod000e8c50:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
000e8c60:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container000e8c60:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
000e8c70:·225d·0a20·202d·2066·696c·655f·6578·6973··"].··-·file_exis000e8c70:·225d·0a20·202d·2066·696c·655f·6578·6973··"].··-·file_exis
000e8c80:·7473·2e73·7461·7420·6973·2064·6566·696e··ts.stat·is·defin000e8c80:·7473·2e73·7461·7420·6973·2064·6566·696e··ts.stat·is·defin
Offset 59637, 19 lines modifiedOffset 59637, 19 lines modified
000e8f40:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str000e8f40:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str
000e8f50:·6174·6567·793a·3c2f·7468·3e3c·7464·3e63··ategy:</th><td>c000e8f50:·6174·6567·793a·3c2f·7468·3e3c·7464·3e63··ategy:</th><td>c
000e8f60:·6f6e·6669·6775·7265·3c2f·7464·3e3c·2f74··onfigure</td></t000e8f60:·6f6e·6669·6775·7265·3c2f·7464·3e3c·2f74··onfigure</td></t
000e8f70:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><000e8f70:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><
000e8f80:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati000e8f80:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati
000e8f90:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable000e8f90:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable
000e8fa0:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain000e8fa0:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain
000e8fb0:·2070·6c61·7466·6f72·6d73·0a69·6620·7270···platforms.if·rp000e8fb0:·2070·6c61·7466·6f72·6d73·0a69·6620·5b20···platforms.if·[·
000e8fc0:·6d20·2d2d·7175·6965·7420·2d71·2067·7275··m·--quiet·-q·gru 
000e8fd0:·6232·2d63·6f6d·6d6f·6e20·2661·6d70·3b26··b2-common·&amp;& 
000e8fe0:·616d·703b·205b·2021·202d·6620·2f73·7973··amp;·[·!·-f·/sys 
000e8ff0:·2f66·6972·6d77·6172·652f·6566·6920·5d20··/firmware/efi·]·000e8fc0:·2120·2d66·202f·7379·732f·6669·726d·7761··!·-f·/sys/firmwa
 000e8fd0:·7265·2f65·6669·205d·2026·616d·703b·2661··re/efi·]·&amp;&a
 000e8fe0:·6d70·3b20·7270·6d20·2d2d·7175·6965·7420··mp;·rpm·--quiet·
 000e8ff0:·2d71·2067·7275·6232·2d63·6f6d·6d6f·6e20··-q·grub2-common·
000e9000:·2661·6d70·3b26·616d·703b·207b·205b·2021··&amp;&amp;·{·[·!000e9000:·2661·6d70·3b26·616d·703b·207b·205b·2021··&amp;&amp;·{·[·!
000e9010:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·000e9010:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·
000e9020:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!000e9020:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!
000e9030:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai000e9030:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai
000e9040:·6e65·7265·6e76·205d·3b20·7d3b·2074·6865··nerenv·];·};·the000e9040:·6e65·7265·6e76·205d·3b20·7d3b·2074·6865··nerenv·];·};·the
000e9050:·6e0a·0a63·6867·7270·2030·202f·626f·6f74··n..chgrp·0·/boot000e9050:·6e0a·0a63·6867·7270·2030·202f·626f·6f74··n..chgrp·0·/boot
000e9060:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.000e9060:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.
Offset 60140, 21 lines modifiedOffset 60140, 21 lines modified
000eaeb0:·2066·6f72·2065·7869·7374·656e·6365·202f···for·existence·/000eaeb0:·2066·6f72·2065·7869·7374·656e·6365·202f···for·existence·/
000eaec0:·626f·6f74·2f67·7275·6232·2f75·7365·722e··boot/grub2/user.000eaec0:·626f·6f74·2f67·7275·6232·2f75·7365·722e··boot/grub2/user.
000eaed0:·6366·670a·2020·7374·6174·3a0a·2020·2020··cfg.··stat:.····000eaed0:·6366·670a·2020·7374·6174·3a0a·2020·2020··cfg.··stat:.····
000eaee0:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub000eaee0:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub
000eaef0:·322f·7573·6572·2e63·6667·0a20·2072·6567··2/user.cfg.··reg000eaef0:·322f·7573·6572·2e63·6667·0a20·2072·6567··2/user.cfg.··reg
000eaf00:·6973·7465·723a·2066·696c·655f·6578·6973··ister:·file_exis000eaf00:·6973·7465·723a·2066·696c·655f·6578·6973··ister:·file_exis
000eaf10:·7473·0a20·2077·6865·6e3a·0a20·202d·2027··ts.··when:.··-·'000eaf10:·7473·0a20·2077·6865·6e3a·0a20·202d·2027··ts.··when:.··-·'
000eaf20:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i 
000eaf30:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
000eaf40:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'" 
000eaf50:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i 
000eaf60:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts 
000eaf70:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute 
000eaf80:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list000eaf20:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not·
 000eaf30:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount
 000eaf40:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut
 000eaf50:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis
 000eaf60:·7427·0a20·202d·2027·2267·7275·6232·2d63··t'.··-·'"grub2-c
 000eaf70:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl
 000eaf80:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
000eaf90:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi000eaf90:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
000eafa0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ000eafa0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
000eafb0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke000eafb0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
000eafc0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open000eafc0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
000eafd0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"000eafd0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
000eafe0:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta000eafe0:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta
000eaff0:·6773·3a0a·2020·2d20·434a·4953·2d35·2e35··gs:.··-·CJIS-5.5000eaff0:·6773·3a0a·2020·2d20·434a·4953·2d35·2e35··gs:.··-·CJIS-5.5
Offset 60175, 22 lines modifiedOffset 60175, 22 lines modified
000eb0e0:·6564·0a0a·2d20·6e61·6d65·3a20·456e·7375··ed..-·name:·Ensu000eb0e0:·6564·0a0a·2d20·6e61·6d65·3a20·456e·7375··ed..-·name:·Ensu
Max diff block lines reached; 61526/70652 bytes (87.08%) of diff not shown.
22.0 KB
html2text {}
    
Offset 70, 15 lines modifiedOffset 70, 15 lines modified
70 ····*·cpe:/o:redhat:enterprise_linux:8.770 ····*·cpe:/o:redhat:enterprise_linux:8.7
71 ····*·cpe:/o:redhat:enterprise_linux:8.871 ····*·cpe:/o:redhat:enterprise_linux:8.8
72 ····*·cpe:/o:redhat:enterprise_linux:8.972 ····*·cpe:/o:redhat:enterprise_linux:8.9
73 ····*·cpe:/o:redhat:enterprise_linux:873 ····*·cpe:/o:redhat:enterprise_linux:8
74 ····*·cpe:/o:centos:centos:874 ····*·cpe:/o:centos:centos:8
75 *****·Revision·History·*****75 *****·Revision·History·*****
76 Current·version:·0.1.6576 Current·version:·0.1.65
77 ····*·draft·(as·of·2024-01-14)77 ····*·draft·(as·of·2025-02-15)
78 *****·Table·of·Contents·*****78 *****·Table·of·Contents·*****
79 ···1.·System_Settings79 ···1.·System_Settings
80 ·········1.·Installing_and_Maintaining_Software80 ·········1.·Installing_and_Maintaining_Software
81 ·········2.·Account_and_Access_Control81 ·········2.·Account_and_Access_Control
82 ·········3.·GRUB2_bootloader_configuration82 ·········3.·GRUB2_bootloader_configuration
83 ·········4.·Configure_Syslog83 ·········4.·Configure_Syslog
84 ·········5.·Network_Configuration_and_Firewalls84 ·········5.·Network_Configuration_and_Firewalls
Offset 8118, 16 lines modifiedOffset 8118, 16 lines modified
8118 ··-·no_reboot_needed8118 ··-·no_reboot_needed
  
8119 -·name:·Test·for·existence·/boot/grub2/grub.cfg8119 -·name:·Test·for·existence·/boot/grub2/grub.cfg
8120 ··stat:8120 ··stat:
8121 ····path:·/boot/grub2/grub.cfg8121 ····path:·/boot/grub2/grub.cfg
8122 ··register:·file_exists8122 ··register:·file_exists
8123 ··when:8123 ··when:
8124 ··-·'"grub2-common"·in·ansible_facts.packages' 
8125 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'8124 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 8125 ··-·'"grub2-common"·in·ansible_facts.packages'
8126 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8126 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8127 ··tags:8127 ··tags:
8128 ··-·CJIS-5.5.2.28128 ··-·CJIS-5.5.2.2
8129 ··-·NIST-800-171-3.4.58129 ··-·NIST-800-171-3.4.5
8130 ··-·NIST-800-53-AC-6(1)8130 ··-·NIST-800-53-AC-6(1)
8131 ··-·NIST-800-53-CM-6(a)8131 ··-·NIST-800-53-CM-6(a)
8132 ··-·PCI-DSS-Req-7.18132 ··-·PCI-DSS-Req-7.1
Offset 8139, 16 lines modifiedOffset 8139, 16 lines modified
8139 ··-·no_reboot_needed8139 ··-·no_reboot_needed
  
8140 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg8140 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
8141 ··file:8141 ··file:
8142 ····path:·/boot/grub2/grub.cfg8142 ····path:·/boot/grub2/grub.cfg
8143 ····group:·'0'8143 ····group:·'0'
8144 ··when:8144 ··when:
8145 ··-·'"grub2-common"·in·ansible_facts.packages' 
8146 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'8145 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 8146 ··-·'"grub2-common"·in·ansible_facts.packages'
8147 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8147 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8148 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists8148 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
8149 ··tags:8149 ··tags:
8150 ··-·CJIS-5.5.2.28150 ··-·CJIS-5.5.2.2
8151 ··-·NIST-800-171-3.4.58151 ··-·NIST-800-171-3.4.5
8152 ··-·NIST-800-53-AC-6(1)8152 ··-·NIST-800-53-AC-6(1)
8153 ··-·NIST-800-53-CM-6(a)8153 ··-·NIST-800-53-CM-6(a)
Offset 8160, 15 lines modifiedOffset 8160, 15 lines modified
8160 ··-·medium_severity8160 ··-·medium_severity
8161 ··-·no_reboot_needed8161 ··-·no_reboot_needed
8162 Remediation_Shell_script_⇲8162 Remediation_Shell_script_⇲
8163 Complexity:·low8163 Complexity:·low
8164 Disruption:·low8164 Disruption:·low
8165 Strategy:···configure8165 Strategy:···configure
8166 #·Remediation·is·applicable·only·in·certain·platforms8166 #·Remediation·is·applicable·only·in·certain·platforms
8167 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then8167 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
8168 chgrp·0·/boot/grub2/grub.cfg8168 chgrp·0·/boot/grub2/grub.cfg
  
8169 else8169 else
8170 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'8170 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
8171 fi8171 fi
8172 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***8172 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***
Offset 8199, 16 lines modifiedOffset 8199, 16 lines modified
8199 ··-·no_reboot_needed8199 ··-·no_reboot_needed
  
8200 -·name:·Test·for·existence·/boot/grub2/user.cfg8200 -·name:·Test·for·existence·/boot/grub2/user.cfg
8201 ··stat:8201 ··stat:
8202 ····path:·/boot/grub2/user.cfg8202 ····path:·/boot/grub2/user.cfg
8203 ··register:·file_exists8203 ··register:·file_exists
8204 ··when:8204 ··when:
8205 ··-·'"grub2-common"·in·ansible_facts.packages' 
8206 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'8205 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 8206 ··-·'"grub2-common"·in·ansible_facts.packages'
8207 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8207 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8208 ··tags:8208 ··tags:
8209 ··-·CJIS-5.5.2.28209 ··-·CJIS-5.5.2.2
8210 ··-·NIST-800-171-3.4.58210 ··-·NIST-800-171-3.4.5
8211 ··-·NIST-800-53-AC-6(1)8211 ··-·NIST-800-53-AC-6(1)
8212 ··-·NIST-800-53-CM-6(a)8212 ··-·NIST-800-53-CM-6(a)
8213 ··-·PCI-DSS-Req-7.18213 ··-·PCI-DSS-Req-7.1
Offset 8220, 16 lines modifiedOffset 8220, 16 lines modified
8220 ··-·no_reboot_needed8220 ··-·no_reboot_needed
  
8221 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg8221 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
8222 ··file:8222 ··file:
8223 ····path:·/boot/grub2/user.cfg8223 ····path:·/boot/grub2/user.cfg
8224 ····group:·'0'8224 ····group:·'0'
8225 ··when:8225 ··when:
8226 ··-·'"grub2-common"·in·ansible_facts.packages' 
8227 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'8226 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 8227 ··-·'"grub2-common"·in·ansible_facts.packages'
8228 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8228 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8229 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists8229 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
8230 ··tags:8230 ··tags:
8231 ··-·CJIS-5.5.2.28231 ··-·CJIS-5.5.2.2
8232 ··-·NIST-800-171-3.4.58232 ··-·NIST-800-171-3.4.5
8233 ··-·NIST-800-53-AC-6(1)8233 ··-·NIST-800-53-AC-6(1)
8234 ··-·NIST-800-53-CM-6(a)8234 ··-·NIST-800-53-CM-6(a)
Offset 8241, 15 lines modifiedOffset 8241, 15 lines modified
8241 ··-·medium_severity8241 ··-·medium_severity
8242 ··-·no_reboot_needed8242 ··-·no_reboot_needed
8243 Remediation_Shell_script_⇲8243 Remediation_Shell_script_⇲
8244 Complexity:·low8244 Complexity:·low
8245 Disruption:·low8245 Disruption:·low
8246 Strategy:···configure8246 Strategy:···configure
8247 #·Remediation·is·applicable·only·in·certain·platforms8247 #·Remediation·is·applicable·only·in·certain·platforms
8248 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then8248 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
8249 chgrp·0·/boot/grub2/user.cfg8249 chgrp·0·/boot/grub2/user.cfg
  
8250 else8250 else
8251 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'8251 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
8252 fi8252 fi
8253 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***8253 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 8280, 16 lines modifiedOffset 8280, 16 lines modified
8280 ··-·no_reboot_needed8280 ··-·no_reboot_needed
  
8281 -·name:·Test·for·existence·/boot/grub2/grub.cfg8281 -·name:·Test·for·existence·/boot/grub2/grub.cfg
8282 ··stat:8282 ··stat:
8283 ····path:·/boot/grub2/grub.cfg8283 ····path:·/boot/grub2/grub.cfg
8284 ··register:·file_exists8284 ··register:·file_exists
8285 ··when:8285 ··when:
Max diff block lines reached; 18000/22459 bytes (80.15%) of diff not shown.
91.5 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-cis_workstation_l1.html
    
Offset 14548, 16 lines modifiedOffset 14548, 16 lines modified
00038d30:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p00038d30:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p
00038d40:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version00038d40:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version
00038d50:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.6500038d50:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.65
00038d60:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul00038d60:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul
00038d70:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra00038d70:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra
00038d80:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····00038d80:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····
00038d90:·2020·2020·2020·2020·2020·2020·2020·2020··················00038d90:·2020·2020·2020·2020·2020·2020·2020·2020··················
00038da0:·2861·7320·6f66·2032·3032·342d·3031·2d31··(as·of·2024-01-100038da0:·2861·7320·6f66·2032·3032·352d·3032·2d31··(as·of·2025-02-1
00038db0:·3429·0a20·2020·2020·2020·2020·2020·2020··4).·············00038db0:·3529·0a20·2020·2020·2020·2020·2020·2020··5).·············
00038dc0:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d00038dc0:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d
00038dd0:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·00038dd0:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·
00038de0:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol00038de0:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol
00038df0:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x00038df0:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x
00038e00:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj00038e00:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj
00038e10:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou00038e10:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou
00038e20:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System00038e20:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System
Offset 59532, 22 lines modifiedOffset 59532, 22 lines modified
000e88b0:·206e·616d·653a·2054·6573·7420·666f·7220···name:·Test·for·000e88b0:·206e·616d·653a·2054·6573·7420·666f·7220···name:·Test·for·
000e88c0:·6578·6973·7465·6e63·6520·2f62·6f6f·742f··existence·/boot/000e88c0:·6578·6973·7465·6e63·6520·2f62·6f6f·742f··existence·/boot/
000e88d0:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·000e88d0:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·
000e88e0:·2073·7461·743a·0a20·2020·2070·6174·683a···stat:.····path:000e88e0:·2073·7461·743a·0a20·2020·2070·6174·683a···stat:.····path:
000e88f0:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru000e88f0:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
000e8900:·622e·6366·670a·2020·7265·6769·7374·6572··b.cfg.··register000e8900:·622e·6366·670a·2020·7265·6769·7374·6572··b.cfg.··register
000e8910:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··000e8910:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··
000e8920:·7768·656e·3a0a·2020·2d20·2722·6772·7562··when:.··-·'"grub000e8920:·7768·656e·3a0a·2020·2d20·2722·2f62·6f6f··when:.··-·'"/boo
000e8930:·322d·636f·6d6d·6f6e·2220·696e·2061·6e73··2-common"·in·ans 
000e8940:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa 
000e8950:·6765·7327·0a20·202d·2027·222f·626f·6f74··ges'.··-·'"/boot 
000e8960:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans 
000e8970:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma 
000e8980:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou 
000e8990:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··-000e8930:·742f·6566·6922·206e·6f74·2069·6e20·616e··t/efi"·not·in·an
 000e8940:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m
 000e8950:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo
 000e8960:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.··
 000e8970:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common
 000e8980:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
 000e8990:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-
000e89a0:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual000e89a0:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
000e89b0:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not000e89b0:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
000e89c0:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"000e89c0:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
000e89d0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·000e89d0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
000e89e0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta000e89e0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
000e89f0:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·000e89f0:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·
000e8a00:·202d·2043·4a49·532d·352e·352e·322e·320a···-·CJIS-5.5.2.2.000e8a00:·202d·2043·4a49·532d·352e·352e·322e·320a···-·CJIS-5.5.2.2.
Offset 59568, 22 lines modifiedOffset 59568, 22 lines modified
000e8af0:·2d20·6e61·6d65·3a20·456e·7375·7265·2067··-·name:·Ensure·g000e8af0:·2d20·6e61·6d65·3a20·456e·7375·7265·2067··-·name:·Ensure·g
000e8b00:·726f·7570·206f·776e·6572·2030·206f·6e20··roup·owner·0·on·000e8b00:·726f·7570·206f·776e·6572·2030·206f·6e20··roup·owner·0·on·
000e8b10:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub000e8b10:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
000e8b20:·2e63·6667·0a20·2066·696c·653a·0a20·2020··.cfg.··file:.···000e8b20:·2e63·6667·0a20·2066·696c·653a·0a20·2020··.cfg.··file:.···
000e8b30:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru000e8b30:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru
000e8b40:·6232·2f67·7275·622e·6366·670a·2020·2020··b2/grub.cfg.····000e8b40:·6232·2f67·7275·622e·6366·670a·2020·2020··b2/grub.cfg.····
000e8b50:·6772·6f75·703a·2027·3027·0a20·2077·6865··group:·'0'.··whe000e8b50:·6772·6f75·703a·2027·3027·0a20·2077·6865··group:·'0'.··whe
000e8b60:·6e3a·0a20·202d·2027·2267·7275·6232·2d63··n:.··-·'"grub2-c000e8b60:·6e3a·0a20·202d·2027·222f·626f·6f74·2f65··n:.··-·'"/boot/e
000e8b70:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl 
000e8b80:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages 
000e8b90:·270a·2020·2d20·2722·2f62·6f6f·742f·6566··'.··-·'"/boot/ef 
000e8ba0:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl 
000e8bb0:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a 
000e8bc0:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount" 
000e8bd0:·2920·7c20·6c69·7374·270a·2020·2d20·616e··)·|·list'.··-·an000e8b70:·6669·2220·6e6f·7420·696e·2061·6e73·6962··fi"·not·in·ansib
 000e8b80:·6c65·5f6d·6f75·6e74·7320·7c20·6d61·7028··le_mounts·|·map(
 000e8b90:·6174·7472·6962·7574·653d·226d·6f75·6e74··attribute="mount
 000e8ba0:·2229·207c·206c·6973·7427·0a20·202d·2027··")·|·list'.··-·'
 000e8bb0:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i
 000e8bc0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
 000e8bd0:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an
000e8be0:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza000e8be0:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
000e8bf0:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in000e8bf0:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
000e8c00:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc000e8c00:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
000e8c10:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po000e8c10:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
000e8c20:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe000e8c20:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
000e8c30:·7222·5d0a·2020·2d20·6669·6c65·5f65·7869··r"].··-·file_exi000e8c30:·7222·5d0a·2020·2d20·6669·6c65·5f65·7869··r"].··-·file_exi
000e8c40:·7374·732e·7374·6174·2069·7320·6465·6669··sts.stat·is·defi000e8c40:·7374·732e·7374·6174·2069·7320·6465·6669··sts.stat·is·defi
Offset 59633, 19 lines modifiedOffset 59633, 19 lines modified
000e8f00:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St000e8f00:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St
000e8f10:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>000e8f10:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>
000e8f20:·636f·6e66·6967·7572·653c·2f74·643e·3c2f··configure</td></000e8f20:·636f·6e66·6967·7572·653c·2f74·643e·3c2f··configure</td></
000e8f30:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>000e8f30:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>
000e8f40:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat000e8f40:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat
000e8f50:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl000e8f50:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl
000e8f60:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai000e8f60:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai
000e8f70:·6e20·706c·6174·666f·726d·730a·6966·2072··n·platforms.if·r000e8f70:·6e20·706c·6174·666f·726d·730a·6966·205b··n·platforms.if·[
000e8f80:·706d·202d·2d71·7569·6574·202d·7120·6772··pm·--quiet·-q·gr 
000e8f90:·7562·322d·636f·6d6d·6f6e·2026·616d·703b··ub2-common·&amp; 
000e8fa0:·2661·6d70·3b20·5b20·2120·2d66·202f·7379··&amp;·[·!·-f·/sy 
000e8fb0:·732f·6669·726d·7761·7265·2f65·6669·205d··s/firmware/efi·]000e8f80:·2021·202d·6620·2f73·7973·2f66·6972·6d77···!·-f·/sys/firmw
 000e8f90:·6172·652f·6566·6920·5d20·2661·6d70·3b26··are/efi·]·&amp;&
 000e8fa0:·616d·703b·2072·706d·202d·2d71·7569·6574··amp;·rpm·--quiet
 000e8fb0:·202d·7120·6772·7562·322d·636f·6d6d·6f6e···-q·grub2-common
000e8fc0:·2026·616d·703b·2661·6d70·3b20·7b20·5b20···&amp;&amp;·{·[·000e8fc0:·2026·616d·703b·2661·6d70·3b20·7b20·5b20···&amp;&amp;·{·[·
000e8fd0:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv000e8fd0:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv
000e8fe0:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·000e8fe0:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·
000e8ff0:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta000e8ff0:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta
000e9000:·696e·6572·656e·7620·5d3b·207d·3b20·7468··inerenv·];·};·th000e9000:·696e·6572·656e·7620·5d3b·207d·3b20·7468··inerenv·];·};·th
000e9010:·656e·0a0a·6368·6772·7020·3020·2f62·6f6f··en..chgrp·0·/boo000e9010:·656e·0a0a·6368·6772·7020·3020·2f62·6f6f··en..chgrp·0·/boo
000e9020:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg000e9020:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg
Offset 60136, 22 lines modifiedOffset 60136, 22 lines modified
000eae70:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·000eae70:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·
000eae80:·2f62·6f6f·742f·6772·7562·322f·7573·6572··/boot/grub2/user000eae80:·2f62·6f6f·742f·6772·7562·322f·7573·6572··/boot/grub2/user
000eae90:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···000eae90:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···
000eaea0:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru000eaea0:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru
000eaeb0:·6232·2f75·7365·722e·6366·670a·2020·7265··b2/user.cfg.··re000eaeb0:·6232·2f75·7365·722e·6366·670a·2020·7265··b2/user.cfg.··re
000eaec0:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi000eaec0:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi
000eaed0:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·000eaed0:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·
000eaee0:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"· 
000eaef0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
000eaf00:·2e70·6163·6b61·6765·7327·0a20·202d·2027··.packages'.··-·' 
000eaf10:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not· 
000eaf20:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount 
000eaf30:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut 
000eaf40:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis000eaee0:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not
 000eaef0:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun
 000eaf00:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu
 000eaf10:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li
 000eaf20:·7374·270a·2020·2d20·2722·6772·7562·322d··st'.··-·'"grub2-
 000eaf30:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib
 000eaf40:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
000eaf50:·7427·0a20·202d·2061·6e73·6962·6c65·5f76··t'.··-·ansible_v000eaf50:·7327·0a20·202d·2061·6e73·6962·6c65·5f76··s'.··-·ansible_v
000eaf60:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty000eaf60:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
000eaf70:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock000eaf70:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
000eaf80:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope000eaf80:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
000eaf90:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·000eaf90:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
000eafa0:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t000eafa0:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t
000eafb0:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.000eafb0:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.
000eafc0:·352e·322e·320a·2020·2d20·4e49·5354·2d38··5.2.2.··-·NIST-8000eafc0:·352e·322e·320a·2020·2d20·4e49·5354·2d38··5.2.2.··-·NIST-8
Offset 60171, 22 lines modifiedOffset 60171, 22 lines modified
Max diff block lines reached; 61802/71066 bytes (86.96%) of diff not shown.
22.0 KB
html2text {}
    
Offset 71, 15 lines modifiedOffset 71, 15 lines modified
71 ····*·cpe:/o:redhat:enterprise_linux:8.771 ····*·cpe:/o:redhat:enterprise_linux:8.7
72 ····*·cpe:/o:redhat:enterprise_linux:8.872 ····*·cpe:/o:redhat:enterprise_linux:8.8
73 ····*·cpe:/o:redhat:enterprise_linux:8.973 ····*·cpe:/o:redhat:enterprise_linux:8.9
74 ····*·cpe:/o:redhat:enterprise_linux:874 ····*·cpe:/o:redhat:enterprise_linux:8
75 ····*·cpe:/o:centos:centos:875 ····*·cpe:/o:centos:centos:8
76 *****·Revision·History·*****76 *****·Revision·History·*****
77 Current·version:·0.1.6577 Current·version:·0.1.65
78 ····*·draft·(as·of·2024-01-14)78 ····*·draft·(as·of·2025-02-15)
79 *****·Table·of·Contents·*****79 *****·Table·of·Contents·*****
80 ···1.·System_Settings80 ···1.·System_Settings
81 ·········1.·Installing_and_Maintaining_Software81 ·········1.·Installing_and_Maintaining_Software
82 ·········2.·Account_and_Access_Control82 ·········2.·Account_and_Access_Control
83 ·········3.·GRUB2_bootloader_configuration83 ·········3.·GRUB2_bootloader_configuration
84 ·········4.·Configure_Syslog84 ·········4.·Configure_Syslog
85 ·········5.·Network_Configuration_and_Firewalls85 ·········5.·Network_Configuration_and_Firewalls
Offset 8118, 16 lines modifiedOffset 8118, 16 lines modified
8118 ··-·no_reboot_needed8118 ··-·no_reboot_needed
  
8119 -·name:·Test·for·existence·/boot/grub2/grub.cfg8119 -·name:·Test·for·existence·/boot/grub2/grub.cfg
8120 ··stat:8120 ··stat:
8121 ····path:·/boot/grub2/grub.cfg8121 ····path:·/boot/grub2/grub.cfg
8122 ··register:·file_exists8122 ··register:·file_exists
8123 ··when:8123 ··when:
8124 ··-·'"grub2-common"·in·ansible_facts.packages' 
8125 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'8124 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 8125 ··-·'"grub2-common"·in·ansible_facts.packages'
8126 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8126 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8127 ··tags:8127 ··tags:
8128 ··-·CJIS-5.5.2.28128 ··-·CJIS-5.5.2.2
8129 ··-·NIST-800-171-3.4.58129 ··-·NIST-800-171-3.4.5
8130 ··-·NIST-800-53-AC-6(1)8130 ··-·NIST-800-53-AC-6(1)
8131 ··-·NIST-800-53-CM-6(a)8131 ··-·NIST-800-53-CM-6(a)
8132 ··-·PCI-DSS-Req-7.18132 ··-·PCI-DSS-Req-7.1
Offset 8139, 16 lines modifiedOffset 8139, 16 lines modified
8139 ··-·no_reboot_needed8139 ··-·no_reboot_needed
  
8140 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg8140 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
8141 ··file:8141 ··file:
8142 ····path:·/boot/grub2/grub.cfg8142 ····path:·/boot/grub2/grub.cfg
8143 ····group:·'0'8143 ····group:·'0'
8144 ··when:8144 ··when:
8145 ··-·'"grub2-common"·in·ansible_facts.packages' 
8146 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'8145 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 8146 ··-·'"grub2-common"·in·ansible_facts.packages'
8147 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8147 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8148 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists8148 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
8149 ··tags:8149 ··tags:
8150 ··-·CJIS-5.5.2.28150 ··-·CJIS-5.5.2.2
8151 ··-·NIST-800-171-3.4.58151 ··-·NIST-800-171-3.4.5
8152 ··-·NIST-800-53-AC-6(1)8152 ··-·NIST-800-53-AC-6(1)
8153 ··-·NIST-800-53-CM-6(a)8153 ··-·NIST-800-53-CM-6(a)
Offset 8160, 15 lines modifiedOffset 8160, 15 lines modified
8160 ··-·medium_severity8160 ··-·medium_severity
8161 ··-·no_reboot_needed8161 ··-·no_reboot_needed
8162 Remediation_Shell_script_⇲8162 Remediation_Shell_script_⇲
8163 Complexity:·low8163 Complexity:·low
8164 Disruption:·low8164 Disruption:·low
8165 Strategy:···configure8165 Strategy:···configure
8166 #·Remediation·is·applicable·only·in·certain·platforms8166 #·Remediation·is·applicable·only·in·certain·platforms
8167 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then8167 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
8168 chgrp·0·/boot/grub2/grub.cfg8168 chgrp·0·/boot/grub2/grub.cfg
  
8169 else8169 else
8170 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'8170 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
8171 fi8171 fi
8172 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***8172 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***
Offset 8199, 16 lines modifiedOffset 8199, 16 lines modified
8199 ··-·no_reboot_needed8199 ··-·no_reboot_needed
  
8200 -·name:·Test·for·existence·/boot/grub2/user.cfg8200 -·name:·Test·for·existence·/boot/grub2/user.cfg
8201 ··stat:8201 ··stat:
8202 ····path:·/boot/grub2/user.cfg8202 ····path:·/boot/grub2/user.cfg
8203 ··register:·file_exists8203 ··register:·file_exists
8204 ··when:8204 ··when:
8205 ··-·'"grub2-common"·in·ansible_facts.packages' 
8206 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'8205 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 8206 ··-·'"grub2-common"·in·ansible_facts.packages'
8207 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8207 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8208 ··tags:8208 ··tags:
8209 ··-·CJIS-5.5.2.28209 ··-·CJIS-5.5.2.2
8210 ··-·NIST-800-171-3.4.58210 ··-·NIST-800-171-3.4.5
8211 ··-·NIST-800-53-AC-6(1)8211 ··-·NIST-800-53-AC-6(1)
8212 ··-·NIST-800-53-CM-6(a)8212 ··-·NIST-800-53-CM-6(a)
8213 ··-·PCI-DSS-Req-7.18213 ··-·PCI-DSS-Req-7.1
Offset 8220, 16 lines modifiedOffset 8220, 16 lines modified
8220 ··-·no_reboot_needed8220 ··-·no_reboot_needed
  
8221 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg8221 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
8222 ··file:8222 ··file:
8223 ····path:·/boot/grub2/user.cfg8223 ····path:·/boot/grub2/user.cfg
8224 ····group:·'0'8224 ····group:·'0'
8225 ··when:8225 ··when:
8226 ··-·'"grub2-common"·in·ansible_facts.packages' 
8227 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'8226 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 8227 ··-·'"grub2-common"·in·ansible_facts.packages'
8228 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8228 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8229 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists8229 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
8230 ··tags:8230 ··tags:
8231 ··-·CJIS-5.5.2.28231 ··-·CJIS-5.5.2.2
8232 ··-·NIST-800-171-3.4.58232 ··-·NIST-800-171-3.4.5
8233 ··-·NIST-800-53-AC-6(1)8233 ··-·NIST-800-53-AC-6(1)
8234 ··-·NIST-800-53-CM-6(a)8234 ··-·NIST-800-53-CM-6(a)
Offset 8241, 15 lines modifiedOffset 8241, 15 lines modified
8241 ··-·medium_severity8241 ··-·medium_severity
8242 ··-·no_reboot_needed8242 ··-·no_reboot_needed
8243 Remediation_Shell_script_⇲8243 Remediation_Shell_script_⇲
8244 Complexity:·low8244 Complexity:·low
8245 Disruption:·low8245 Disruption:·low
8246 Strategy:···configure8246 Strategy:···configure
8247 #·Remediation·is·applicable·only·in·certain·platforms8247 #·Remediation·is·applicable·only·in·certain·platforms
8248 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then8248 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
8249 chgrp·0·/boot/grub2/user.cfg8249 chgrp·0·/boot/grub2/user.cfg
  
8250 else8250 else
8251 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'8251 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
8252 fi8252 fi
8253 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***8253 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 8280, 16 lines modifiedOffset 8280, 16 lines modified
8280 ··-·no_reboot_needed8280 ··-·no_reboot_needed
  
8281 -·name:·Test·for·existence·/boot/grub2/grub.cfg8281 -·name:·Test·for·existence·/boot/grub2/grub.cfg
8282 ··stat:8282 ··stat:
8283 ····path:·/boot/grub2/grub.cfg8283 ····path:·/boot/grub2/grub.cfg
8284 ··register:·file_exists8284 ··register:·file_exists
8285 ··when:8285 ··when:
Max diff block lines reached; 18000/22459 bytes (80.15%) of diff not shown.
837 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-cis_workstation_l2.html
    
Offset 14548, 16 lines modifiedOffset 14548, 16 lines modified
00038d30:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p00038d30:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p
00038d40:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version00038d40:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version
00038d50:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.6500038d50:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.65
00038d60:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul00038d60:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul
00038d70:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra00038d70:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra
00038d80:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····00038d80:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····
00038d90:·2020·2020·2020·2020·2020·2020·2020·2020··················00038d90:·2020·2020·2020·2020·2020·2020·2020·2020··················
00038da0:·2861·7320·6f66·2032·3032·342d·3031·2d31··(as·of·2024-01-100038da0:·2861·7320·6f66·2032·3032·352d·3032·2d31··(as·of·2025-02-1
00038db0:·3429·0a20·2020·2020·2020·2020·2020·2020··4).·············00038db0:·3529·0a20·2020·2020·2020·2020·2020·2020··5).·············
00038dc0:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d00038dc0:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d
00038dd0:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·00038dd0:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·
00038de0:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol00038de0:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol
00038df0:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x00038df0:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x
00038e00:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj00038e00:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj
00038e10:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou00038e10:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou
00038e20:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System00038e20:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System
Offset 62457, 23 lines modifiedOffset 62457, 23 lines modified
000f3f80:·640a·2020·2d20·7265·7374·7269·6374·5f73··d.··-·restrict_s000f3f80:·640a·2020·2d20·7265·7374·7269·6374·5f73··d.··-·restrict_s
000f3f90:·7472·6174·6567·790a·0a2d·206e·616d·653a··trategy..-·name:000f3f90:·7472·6174·6567·790a·0a2d·206e·616d·653a··trategy..-·name:
000f3fa0:·2053·6574·2061·7263·6869·7465·6374·7572···Set·architectur000f3fa0:·2053·6574·2061·7263·6869·7465·6374·7572···Set·architectur
000f3fb0:·6520·666f·7220·6175·6469·7420·6368·6d6f··e·for·audit·chmo000f3fb0:·6520·666f·7220·6175·6469·7420·6368·6d6f··e·for·audit·chmo
000f3fc0:·6420·7461·736b·730a·2020·7365·745f·6661··d·tasks.··set_fa000f3fc0:·6420·7461·736b·730a·2020·7365·745f·6661··d·tasks.··set_fa
000f3fd0:·6374·3a0a·2020·2020·6175·6469·745f·6172··ct:.····audit_ar000f3fd0:·6374·3a0a·2020·2020·6175·6469·745f·6172··ct:.····audit_ar
000f3fe0:·6368·3a20·6236·340a·2020·7768·656e·3a0a··ch:·b64.··when:.000f3fe0:·6368·3a20·6236·340a·2020·7768·656e·3a0a··ch:·b64.··when:.
000f3ff0:·2020·2d20·2722·6175·6469·7422·2069·6e20····-·'"audit"·in· 
000f4000:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa 
000f4010:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi 
000f4020:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati 
000f4030:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[ 
000f4040:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc", 
000f4050:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm 
000f4060:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"000f3ff0:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt
 000f4000:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type·
 000f4010:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker"
 000f4020:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz
 000f4030:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co
 000f4040:·6e74·6169·6e65·7222·5d0a·2020·2d20·2722··ntainer"].··-·'"
 000f4050:·6175·6469·7422·2069·6e20·616e·7369·626c··audit"·in·ansibl
 000f4060:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
000f4070:·5d0a·2020·2d20·616e·7369·626c·655f·6172··].··-·ansible_ar000f4070:·270a·2020·2d20·616e·7369·626c·655f·6172··'.··-·ansible_ar
000f4080:·6368·6974·6563·7475·7265·203d·3d20·2261··chitecture·==·"a000f4080:·6368·6974·6563·7475·7265·203d·3d20·2261··chitecture·==·"a
000f4090:·6172·6368·3634·2220·6f72·2061·6e73·6962··arch64"·or·ansib000f4090:·6172·6368·3634·2220·6f72·2061·6e73·6962··arch64"·or·ansib
000f40a0:·6c65·5f61·7263·6869·7465·6374·7572·6520··le_architecture·000f40a0:·6c65·5f61·7263·6869·7465·6374·7572·6520··le_architecture·
000f40b0:·3d3d·2022·7070·6336·3422·206f·7220·616e··==·"ppc64"·or·an000f40b0:·3d3d·2022·7070·6336·3422·206f·7220·616e··==·"ppc64"·or·an
000f40c0:·7369·626c·655f·6172·6368·6974·6563·7475··sible_architectu000f40c0:·7369·626c·655f·6172·6368·6974·6563·7475··sible_architectu
000f40d0:·7265·0a20·2020·203d·3d20·2270·7063·3634··re.····==·"ppc64000f40d0:·7265·0a20·2020·203d·3d20·2270·7063·3634··re.····==·"ppc64
000f40e0:·6c65·2220·6f72·2061·6e73·6962·6c65·5f61··le"·or·ansible_a000f40e0:·6c65·2220·6f72·2061·6e73·6962·6c65·5f61··le"·or·ansible_a
Offset 62780, 23 lines modifiedOffset 62780, 23 lines modified
000f53b0:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······000f53b0:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······
000f53c0:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···000f53c0:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···
000f53d0:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·000f53d0:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·
000f53e0:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres000f53e0:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres
000f53f0:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy000f53f0:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy
000f5400:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l000f5400:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l
000f5410:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe000f5410:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe
000f5420:·6e3a·0a20·202d·2027·2261·7564·6974·2220··n:.··-·'"audit"· 
000f5430:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
000f5440:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a 
000f5450:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz 
000f5460:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i 
000f5470:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx 
000f5480:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p 
000f5490:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain000f5420:·6e3a·0a20·202d·2061·6e73·6962·6c65·5f76··n:.··-·ansible_v
 000f5430:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
 000f5440:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
 000f5450:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
 000f5460:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
 000f5470:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··-
 000f5480:·2027·2261·7564·6974·2220·696e·2061·6e73···'"audit"·in·ans
 000f5490:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
000f54a0:·6572·225d·0a20·2074·6167·733a·0a20·202d··er"].··tags:.··-000f54a0:·6765·7327·0a20·2074·6167·733a·0a20·202d··ges'.··tags:.··-
000f54b0:·2043·4a49·532d·352e·342e·312e·310a·2020···CJIS-5.4.1.1.··000f54b0:·2043·4a49·532d·352e·342e·312e·310a·2020···CJIS-5.4.1.1.··
000f54c0:·2d20·4449·5341·2d53·5449·472d·5248·454c··-·DISA-STIG-RHEL000f54c0:·2d20·4449·5341·2d53·5449·472d·5248·454c··-·DISA-STIG-RHEL
000f54d0:·2d30·382d·3033·3034·3930·0a20·202d·204e··-08-030490.··-·N000f54d0:·2d30·382d·3033·3034·3930·0a20·202d·204e··-08-030490.··-·N
000f54e0:·4953·542d·3830·302d·3137·312d·332e·312e··IST-800-171-3.1.000f54e0:·4953·542d·3830·302d·3137·312d·332e·312e··IST-800-171-3.1.
000f54f0:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5000f54f0:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5
000f5500:·332d·4155·2d31·3228·6329·0a20·202d·204e··3-AU-12(c).··-·N000f5500:·332d·4155·2d31·3228·6329·0a20·202d·204e··3-AU-12(c).··-·N
000f5510:·4953·542d·3830·302d·3533·2d41·552d·3228··IST-800-53-AU-2(000f5510:·4953·542d·3830·302d·3533·2d41·552d·3228··IST-800-53-AU-2(
Offset 63092, 22 lines modifiedOffset 63092, 22 lines modified
000f6730:·6d6f·640a·2020·2020·2020·6372·6561·7465··mod.······create000f6730:·6d6f·640a·2020·2020·2020·6372·6561·7465··mod.······create
000f6740:·3a20·7472·7565·0a20·2020·2020·206d·6f64··:·true.······mod000f6740:·3a20·7472·7565·0a20·2020·2020·206d·6f64··:·true.······mod
000f6750:·653a·206f·2d72·7778·0a20·2020·2020·2073··e:·o-rwx.······s000f6750:·653a·206f·2d72·7778·0a20·2020·2020·2073··e:·o-rwx.······s
000f6760:·7461·7465·3a20·7072·6573·656e·740a·2020··tate:·present.··000f6760:·7461·7465·3a20·7072·6573·656e·740a·2020··tate:·present.··
000f6770:·2020·7768·656e·3a20·7379·7363·616c·6c73····when:·syscalls000f6770:·2020·7768·656e·3a20·7379·7363·616c·6c73····when:·syscalls
000f6780:·5f66·6f75·6e64·207c·206c·656e·6774·6820··_found·|·length·000f6780:·5f66·6f75·6e64·207c·206c·656e·6774·6820··_found·|·length·
000f6790:·3d3d·2030·0a20·2077·6865·6e3a·0a20·202d··==·0.··when:.··-000f6790:·3d3d·2030·0a20·2077·6865·6e3a·0a20·202d··==·0.··when:.··-
000f67a0:·2027·2261·7564·6974·2220·696e·2061·6e73···'"audit"·in·ans 
000f67b0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa 
000f67c0:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible 
000f67d0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_ 
000f67e0:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do 
000f67f0:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o 
000f6800:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman" 
000f6810:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·000f67a0:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
 000f67b0:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
 000f67c0:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
 000f67d0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
 000f67e0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
 000f67f0:·696e·6572·225d·0a20·202d·2027·2261·7564··iner"].··-·'"aud
 000f6800:·6974·2220·696e·2061·6e73·6962·6c65·5f66··it"·in·ansible_f
 000f6810:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
000f6820:·202d·2061·7564·6974·5f61·7263·6820·3d3d···-·audit_arch·==000f6820:·202d·2061·7564·6974·5f61·7263·6820·3d3d···-·audit_arch·==
000f6830:·2022·6236·3422·0a20·2074·6167·733a·0a20···"b64".··tags:.·000f6830:·2022·6236·3422·0a20·2074·6167·733a·0a20···"b64".··tags:.·
000f6840:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.000f6840:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.
000f6850:·2020·2d20·4449·5341·2d53·5449·472d·5248····-·DISA-STIG-RH000f6850:·2020·2d20·4449·5341·2d53·5449·472d·5248····-·DISA-STIG-RH
000f6860:·454c·2d30·382d·3033·3034·3930·0a20·202d··EL-08-030490.··-000f6860:·454c·2d30·382d·3033·3034·3930·0a20·202d··EL-08-030490.··-
000f6870:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.000f6870:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.
000f6880:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-800000f6880:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-800
Offset 63141, 21 lines modifiedOffset 63141, 21 lines modified
000f6a40:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class000f6a40:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
000f6a50:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse000f6a50:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
000f6a60:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i000f6a60:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
000f6a70:·646d·3235·3339·3022·3e3c·7072·653e·3c63··dm25390"><pre><c000f6a70:·646d·3235·3339·3022·3e3c·7072·653e·3c63··dm25390"><pre><c
000f6a80:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio000f6a80:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio
000f6a90:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·000f6a90:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·
000f6aa0:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·000f6aa0:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·
000f6ab0:·706c·6174·666f·726d·730a·6966·2072·706d··platforms.if·rpm000f6ab0:·706c·6174·666f·726d·730a·6966·205b·2021··platforms.if·[·!
000f6ac0:·202d·2d71·7569·6574·202d·7120·6175·6469···--quiet·-q·audi 
000f6ad0:·7420·2661·6d70·3b26·616d·703b·205b·2021··t·&amp;&amp;·[·! 
000f6ae0:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·000f6ac0:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·
000f6af0:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!000f6ad0:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!
000f6b00:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai000f6ae0:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai
000f6b10:·6e65·7265·6e76·205d·3b20·7468·656e·0a0a··nerenv·];·then..000f6af0:·6e65·7265·6e76·205d·2026·616d·703b·2661··nerenv·]·&amp;&a
 000f6b00:·6d70·3b20·7270·6d20·2d2d·7175·6965·7420··mp;·rpm·--quiet·
 000f6b10:·2d71·2061·7564·6974·3b20·7468·656e·0a0a··-q·audit;·then..
000f6b20:·2320·4669·7273·7420·7065·7266·6f72·6d20··#·First·perform·000f6b20:·2320·4669·7273·7420·7065·7266·6f72·6d20··#·First·perform·
000f6b30:·7468·6520·7265·6d65·6469·6174·696f·6e20··the·remediation·000f6b30:·7468·6520·7265·6d65·6469·6174·696f·6e20··the·remediation·
Max diff block lines reached; 652897/662411 bytes (98.56%) of diff not shown.
190 KB
html2text {}
    
Offset 71, 15 lines modifiedOffset 71, 15 lines modified
71 ····*·cpe:/o:redhat:enterprise_linux:8.771 ····*·cpe:/o:redhat:enterprise_linux:8.7
72 ····*·cpe:/o:redhat:enterprise_linux:8.872 ····*·cpe:/o:redhat:enterprise_linux:8.8
73 ····*·cpe:/o:redhat:enterprise_linux:8.973 ····*·cpe:/o:redhat:enterprise_linux:8.9
74 ····*·cpe:/o:redhat:enterprise_linux:874 ····*·cpe:/o:redhat:enterprise_linux:8
75 ····*·cpe:/o:centos:centos:875 ····*·cpe:/o:centos:centos:8
76 *****·Revision·History·*****76 *****·Revision·History·*****
77 Current·version:·0.1.6577 Current·version:·0.1.65
78 ····*·draft·(as·of·2024-01-14)78 ····*·draft·(as·of·2025-02-15)
79 *****·Table·of·Contents·*****79 *****·Table·of·Contents·*****
80 ···1.·System_Settings80 ···1.·System_Settings
81 ·········1.·Installing_and_Maintaining_Software81 ·········1.·Installing_and_Maintaining_Software
82 ·········2.·Account_and_Access_Control82 ·········2.·Account_and_Access_Control
83 ·········3.·System_Accounting_with_auditd83 ·········3.·System_Accounting_with_auditd
84 ·········4.·GRUB2_bootloader_configuration84 ·········4.·GRUB2_bootloader_configuration
85 ·········5.·Configure_Syslog85 ·········5.·Configure_Syslog
Offset 8266, 16 lines modifiedOffset 8266, 16 lines modified
8266 ··-·reboot_required8266 ··-·reboot_required
8267 ··-·restrict_strategy8267 ··-·restrict_strategy
  
8268 -·name:·Set·architecture·for·audit·chmod·tasks8268 -·name:·Set·architecture·for·audit·chmod·tasks
8269 ··set_fact:8269 ··set_fact:
8270 ····audit_arch:·b648270 ····audit_arch:·b64
8271 ··when:8271 ··when:
8272 ··-·'"audit"·in·ansible_facts.packages' 
8273 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8272 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 8273 ··-·'"audit"·in·ansible_facts.packages'
8274 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture8274 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
8275 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"8275 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
8276 ··tags:8276 ··tags:
8277 ··-·CJIS-5.4.1.18277 ··-·CJIS-5.4.1.1
8278 ··-·DISA-STIG-RHEL-08-0304908278 ··-·DISA-STIG-RHEL-08-030490
8279 ··-·NIST-800-171-3.1.78279 ··-·NIST-800-171-3.1.7
8280 ··-·NIST-800-53-AU-12(c)8280 ··-·NIST-800-53-AU-12(c)
Offset 8412, 16 lines modifiedOffset 8412, 16 lines modified
8412 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10008412 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
8413 ········-F·auid!=unset·-F·key=perm_mod8413 ········-F·auid!=unset·-F·key=perm_mod
8414 ······create:·true8414 ······create:·true
8415 ······mode:·o-rwx8415 ······mode:·o-rwx
8416 ······state:·present8416 ······state:·present
8417 ····when:·syscalls_found·|·length·==·08417 ····when:·syscalls_found·|·length·==·0
8418 ··when:8418 ··when:
8419 ··-·'"audit"·in·ansible_facts.packages' 
8420 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8419 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 8420 ··-·'"audit"·in·ansible_facts.packages'
8421 ··tags:8421 ··tags:
8422 ··-·CJIS-5.4.1.18422 ··-·CJIS-5.4.1.1
8423 ··-·DISA-STIG-RHEL-08-0304908423 ··-·DISA-STIG-RHEL-08-030490
8424 ··-·NIST-800-171-3.1.78424 ··-·NIST-800-171-3.1.7
8425 ··-·NIST-800-53-AU-12(c)8425 ··-·NIST-800-53-AU-12(c)
8426 ··-·NIST-800-53-AU-2(d)8426 ··-·NIST-800-53-AU-2(d)
8427 ··-·NIST-800-53-CM-6(a)8427 ··-·NIST-800-53-CM-6(a)
Offset 8556, 16 lines modifiedOffset 8556, 16 lines modified
8556 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10008556 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
8557 ········-F·auid!=unset·-F·key=perm_mod8557 ········-F·auid!=unset·-F·key=perm_mod
8558 ······create:·true8558 ······create:·true
8559 ······mode:·o-rwx8559 ······mode:·o-rwx
8560 ······state:·present8560 ······state:·present
8561 ····when:·syscalls_found·|·length·==·08561 ····when:·syscalls_found·|·length·==·0
8562 ··when:8562 ··when:
8563 ··-·'"audit"·in·ansible_facts.packages' 
8564 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8563 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 8564 ··-·'"audit"·in·ansible_facts.packages'
8565 ··-·audit_arch·==·"b64"8565 ··-·audit_arch·==·"b64"
8566 ··tags:8566 ··tags:
8567 ··-·CJIS-5.4.1.18567 ··-·CJIS-5.4.1.1
8568 ··-·DISA-STIG-RHEL-08-0304908568 ··-·DISA-STIG-RHEL-08-030490
8569 ··-·NIST-800-171-3.1.78569 ··-·NIST-800-171-3.1.7
8570 ··-·NIST-800-53-AU-12(c)8570 ··-·NIST-800-53-AU-12(c)
8571 ··-·NIST-800-53-AU-2(d)8571 ··-·NIST-800-53-AU-2(d)
Offset 8575, 15 lines modifiedOffset 8575, 15 lines modified
8575 ··-·low_complexity8575 ··-·low_complexity
8576 ··-·low_disruption8576 ··-·low_disruption
8577 ··-·medium_severity8577 ··-·medium_severity
8578 ··-·reboot_required8578 ··-·reboot_required
8579 ··-·restrict_strategy8579 ··-·restrict_strategy
8580 Remediation_Shell_script_⇲8580 Remediation_Shell_script_⇲
8581 #·Remediation·is·applicable·only·in·certain·platforms8581 #·Remediation·is·applicable·only·in·certain·platforms
8582 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then8582 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
8583 #·First·perform·the·remediation·of·the·syscall·rule8583 #·First·perform·the·remediation·of·the·syscall·rule
8584 #·Retrieve·hardware·architecture·of·the·underlying·system8584 #·Retrieve·hardware·architecture·of·the·underlying·system
8585 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")8585 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
8586 for·ARCH·in·"${RULE_ARCHS[@]}"8586 for·ARCH·in·"${RULE_ARCHS[@]}"
8587 do8587 do
Offset 8944, 16 lines modifiedOffset 8944, 16 lines modified
8944 ··-·reboot_required8944 ··-·reboot_required
8945 ··-·restrict_strategy8945 ··-·restrict_strategy
  
8946 -·name:·Set·architecture·for·audit·chown·tasks8946 -·name:·Set·architecture·for·audit·chown·tasks
8947 ··set_fact:8947 ··set_fact:
8948 ····audit_arch:·b648948 ····audit_arch:·b64
8949 ··when:8949 ··when:
8950 ··-·'"audit"·in·ansible_facts.packages' 
8951 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8950 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 8951 ··-·'"audit"·in·ansible_facts.packages'
8952 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture8952 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
8953 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"8953 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
8954 ··tags:8954 ··tags:
8955 ··-·CJIS-5.4.1.18955 ··-·CJIS-5.4.1.1
8956 ··-·DISA-STIG-RHEL-08-0304808956 ··-·DISA-STIG-RHEL-08-030480
8957 ··-·NIST-800-171-3.1.78957 ··-·NIST-800-171-3.1.7
8958 ··-·NIST-800-53-AU-12(c)8958 ··-·NIST-800-53-AU-12(c)
Offset 9092, 16 lines modifiedOffset 9092, 16 lines modified
9092 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10009092 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
9093 ········-F·auid!=unset·-F·key=perm_mod9093 ········-F·auid!=unset·-F·key=perm_mod
9094 ······create:·true9094 ······create:·true
9095 ······mode:·o-rwx9095 ······mode:·o-rwx
9096 ······state:·present9096 ······state:·present
9097 ····when:·syscalls_found·|·length·==·09097 ····when:·syscalls_found·|·length·==·0
9098 ··when:9098 ··when:
9099 ··-·'"audit"·in·ansible_facts.packages' 
9100 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]9099 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 9100 ··-·'"audit"·in·ansible_facts.packages'
9101 ··tags:9101 ··tags:
9102 ··-·CJIS-5.4.1.19102 ··-·CJIS-5.4.1.1
9103 ··-·DISA-STIG-RHEL-08-0304809103 ··-·DISA-STIG-RHEL-08-030480
9104 ··-·NIST-800-171-3.1.79104 ··-·NIST-800-171-3.1.7
9105 ··-·NIST-800-53-AU-12(c)9105 ··-·NIST-800-53-AU-12(c)
9106 ··-·NIST-800-53-AU-2(d)9106 ··-·NIST-800-53-AU-2(d)
9107 ··-·NIST-800-53-CM-6(a)9107 ··-·NIST-800-53-CM-6(a)
Offset 9238, 16 lines modifiedOffset 9238, 16 lines modified
9238 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10009238 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
9239 ········-F·auid!=unset·-F·key=perm_mod9239 ········-F·auid!=unset·-F·key=perm_mod
9240 ······create:·true9240 ······create:·true
9241 ······mode:·o-rwx9241 ······mode:·o-rwx
9242 ······state:·present9242 ······state:·present
Max diff block lines reached; 189972/194456 bytes (97.69%) of diff not shown.
533 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-cjis.html
    
Offset 14541, 15 lines modifiedOffset 14541, 15 lines modified
00038cc0:·7279·3c2f·6832·3e3c·703e·4375·7272·656e··ry</h2><p>Curren00038cc0:·7279·3c2f·6832·3e3c·703e·4375·7272·656e··ry</h2><p>Curren
00038cd0:·7420·7665·7273·696f·6e3a·203c·7374·726f··t·version:·<stro00038cd0:·7420·7665·7273·696f·6e3a·203c·7374·726f··t·version:·<stro
00038ce0:·6e67·3e30·2e31·2e36·353c·2f73·7472·6f6e··ng>0.1.65</stron00038ce0:·6e67·3e30·2e31·2e36·353c·2f73·7472·6f6e··ng>0.1.65</stron
00038cf0:·673e·3c2f·703e·3c75·6c3e·3c6c·693e·3c73··g></p><ul><li><s00038cf0:·673e·3c2f·703e·3c75·6c3e·3c6c·693e·3c73··g></p><ul><li><s
00038d00:·7472·6f6e·673e·6472·6166·743c·2f73·7472··trong>draft</str00038d00:·7472·6f6e·673e·6472·6166·743c·2f73·7472··trong>draft</str
00038d10:·6f6e·673e·0a20·2020·2020·2020·2020·2020··ong>.···········00038d10:·6f6e·673e·0a20·2020·2020·2020·2020·2020··ong>.···········
00038d20:·2020·2020·2020·2020·2028·6173·206f·6620···········(as·of·00038d20:·2020·2020·2020·2020·2028·6173·206f·6620···········(as·of·
00038d30:·3230·3234·2d30·312d·3134·290a·2020·2020··2024-01-14).····00038d30:·3230·3235·2d30·322d·3135·290a·2020·2020··2025-02-15).····
00038d40:·2020·2020·2020·2020·2020·2020·3c2f·6c69··············</li00038d40:·2020·2020·2020·2020·2020·2020·3c2f·6c69··············</li
00038d50:·3e3c·2f75·6c3e·3c2f·6469·763e·3c68·323e··></ul></div><h2>00038d50:·3e3c·2f75·6c3e·3c2f·6469·763e·3c68·323e··></ul></div><h2>
00038d60:·5461·626c·6520·6f66·2043·6f6e·7465·6e74··Table·of·Content00038d60:·5461·626c·6520·6f66·2043·6f6e·7465·6e74··Table·of·Content
00038d70:·733c·2f68·323e·3c6f·6c3e·3c6c·693e·3c61··s</h2><ol><li><a00038d70:·733c·2f68·323e·3c6f·6c3e·3c6c·693e·3c61··s</h2><ol><li><a
00038d80:·2068·7265·663d·2223·7863·6364·665f·6f72···href="#xccdf_or00038d80:·2068·7265·663d·2223·7863·6364·665f·6f72···href="#xccdf_or
00038d90:·672e·7373·6770·726f·6a65·6374·2e63·6f6e··g.ssgproject.con00038d90:·672e·7373·6770·726f·6a65·6374·2e63·6f6e··g.ssgproject.con
00038da0:·7465·6e74·5f67·726f·7570·5f73·7973·7465··tent_group_syste00038da0:·7465·6e74·5f67·726f·7570·5f73·7973·7465··tent_group_syste
Offset 41827, 23 lines modifiedOffset 41827, 23 lines modified
000a3620:·7265·640a·2020·2d20·7265·7374·7269·6374··red.··-·restrict000a3620:·7265·640a·2020·2d20·7265·7374·7269·6374··red.··-·restrict
000a3630:·5f73·7472·6174·6567·790a·0a2d·206e·616d··_strategy..-·nam000a3630:·5f73·7472·6174·6567·790a·0a2d·206e·616d··_strategy..-·nam
000a3640:·653a·2053·6574·2061·7263·6869·7465·6374··e:·Set·architect000a3640:·653a·2053·6574·2061·7263·6869·7465·6374··e:·Set·architect
000a3650:·7572·6520·666f·7220·6175·6469·7420·6368··ure·for·audit·ch000a3650:·7572·6520·666f·7220·6175·6469·7420·6368··ure·for·audit·ch
000a3660:·6d6f·6420·7461·736b·730a·2020·7365·745f··mod·tasks.··set_000a3660:·6d6f·6420·7461·736b·730a·2020·7365·745f··mod·tasks.··set_
000a3670:·6661·6374·3a0a·2020·2020·6175·6469·745f··fact:.····audit_000a3670:·6661·6374·3a0a·2020·2020·6175·6469·745f··fact:.····audit_
000a3680:·6172·6368·3a20·6236·340a·2020·7768·656e··arch:·b64.··when000a3680:·6172·6368·3a20·6236·340a·2020·7768·656e··arch:·b64.··when
000a3690:·3a0a·2020·2d20·2722·6175·6469·7422·2069··:.··-·'"audit"·i 
000a36a0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
000a36b0:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an 
000a36c0:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza 
000a36d0:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in 
000a36e0:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc 
000a36f0:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po 
000a3700:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe000a3690:·3a0a·2020·2d20·616e·7369·626c·655f·7669··:.··-·ansible_vi
 000a36a0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
 000a36b0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
 000a36c0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
 000a36d0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
 000a36e0:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·
 000a36f0:·2722·6175·6469·7422·2069·6e20·616e·7369··'"audit"·in·ansi
 000a3700:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
000a3710:·7222·5d0a·2020·2d20·616e·7369·626c·655f··r"].··-·ansible_000a3710:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_
000a3720:·6172·6368·6974·6563·7475·7265·203d·3d20··architecture·==·000a3720:·6172·6368·6974·6563·7475·7265·203d·3d20··architecture·==·
000a3730:·2261·6172·6368·3634·2220·6f72·2061·6e73··"aarch64"·or·ans000a3730:·2261·6172·6368·3634·2220·6f72·2061·6e73··"aarch64"·or·ans
000a3740:·6962·6c65·5f61·7263·6869·7465·6374·7572··ible_architectur000a3740:·6962·6c65·5f61·7263·6869·7465·6374·7572··ible_architectur
000a3750:·6520·3d3d·2022·7070·6336·3422·206f·7220··e·==·"ppc64"·or·000a3750:·6520·3d3d·2022·7070·6336·3422·206f·7220··e·==·"ppc64"·or·
000a3760:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec000a3760:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec
000a3770:·7475·7265·0a20·2020·203d·3d20·2270·7063··ture.····==·"ppc000a3770:·7475·7265·0a20·2020·203d·3d20·2270·7063··ture.····==·"ppc
000a3780:·3634·6c65·2220·6f72·2061·6e73·6962·6c65··64le"·or·ansible000a3780:·3634·6c65·2220·6f72·2061·6e73·6962·6c65··64le"·or·ansible
Offset 42150, 23 lines modifiedOffset 42150, 23 lines modified
000a4a50:·6579·3d70·6572·6d5f·6d6f·640a·2020·2020··ey=perm_mod.····000a4a50:·6579·3d70·6572·6d5f·6d6f·640a·2020·2020··ey=perm_mod.····
000a4a60:·2020·6372·6561·7465·3a20·7472·7565·0a20····create:·true.·000a4a60:·2020·6372·6561·7465·3a20·7472·7565·0a20····create:·true.·
000a4a70:·2020·2020·206d·6f64·653a·206f·2d72·7778·······mode:·o-rwx000a4a70:·2020·2020·206d·6f64·653a·206f·2d72·7778·······mode:·o-rwx
000a4a80:·0a20·2020·2020·2073·7461·7465·3a20·7072··.······state:·pr000a4a80:·0a20·2020·2020·2073·7461·7465·3a20·7072··.······state:·pr
000a4a90:·6573·656e·740a·2020·2020·7768·656e·3a20··esent.····when:·000a4a90:·6573·656e·740a·2020·2020·7768·656e·3a20··esent.····when:·
000a4aa0:·7379·7363·616c·6c73·5f66·6f75·6e64·207c··syscalls_found·|000a4aa0:·7379·7363·616c·6c73·5f66·6f75·6e64·207c··syscalls_found·|
000a4ab0:·206c·656e·6774·6820·3d3d·2030·0a20·2077···length·==·0.··w000a4ab0:·206c·656e·6774·6820·3d3d·2030·0a20·2077···length·==·0.··w
000a4ac0:·6865·6e3a·0a20·202d·2027·2261·7564·6974··hen:.··-·'"audit000a4ac0:·6865·6e3a·0a20·202d·2061·6e73·6962·6c65··hen:.··-·ansible
000a4ad0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
000a4ae0:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··- 
000a4af0:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual 
000a4b00:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not 
000a4b10:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·" 
000a4b20:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",· 
000a4b30:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta000a4ad0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
 000a4ae0:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
 000a4af0:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
 000a4b00:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
 000a4b10:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
 000a4b20:·202d·2027·2261·7564·6974·2220·696e·2061···-·'"audit"·in·a
 000a4b30:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
000a4b40:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·000a4b40:·6b61·6765·7327·0a20·2074·6167·733a·0a20··kages'.··tags:.·
000a4b50:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.000a4b50:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.
000a4b60:·2020·2d20·4449·5341·2d53·5449·472d·5248····-·DISA-STIG-RH000a4b60:·2020·2d20·4449·5341·2d53·5449·472d·5248····-·DISA-STIG-RH
000a4b70:·454c·2d30·382d·3033·3034·3930·0a20·202d··EL-08-030490.··-000a4b70:·454c·2d30·382d·3033·3034·3930·0a20·202d··EL-08-030490.··-
000a4b80:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.000a4b80:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.
000a4b90:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-800000a4b90:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-800
000a4ba0:·2d35·332d·4155·2d31·3228·6329·0a20·202d··-53-AU-12(c).··-000a4ba0:·2d35·332d·4155·2d31·3228·6329·0a20·202d··-53-AU-12(c).··-
000a4bb0:·204e·4953·542d·3830·302d·3533·2d41·552d···NIST-800-53-AU-000a4bb0:·204e·4953·542d·3830·302d·3533·2d41·552d···NIST-800-53-AU-
Offset 42462, 22 lines modifiedOffset 42462, 22 lines modified
000a5dd0:·6d5f·6d6f·640a·2020·2020·2020·6372·6561··m_mod.······crea000a5dd0:·6d5f·6d6f·640a·2020·2020·2020·6372·6561··m_mod.······crea
000a5de0:·7465·3a20·7472·7565·0a20·2020·2020·206d··te:·true.······m000a5de0:·7465·3a20·7472·7565·0a20·2020·2020·206d··te:·true.······m
000a5df0:·6f64·653a·206f·2d72·7778·0a20·2020·2020··ode:·o-rwx.·····000a5df0:·6f64·653a·206f·2d72·7778·0a20·2020·2020··ode:·o-rwx.·····
000a5e00:·2073·7461·7465·3a20·7072·6573·656e·740a···state:·present.000a5e00:·2073·7461·7465·3a20·7072·6573·656e·740a···state:·present.
000a5e10:·2020·2020·7768·656e·3a20·7379·7363·616c······when:·syscal000a5e10:·2020·2020·7768·656e·3a20·7379·7363·616c······when:·syscal
000a5e20:·6c73·5f66·6f75·6e64·207c·206c·656e·6774··ls_found·|·lengt000a5e20:·6c73·5f66·6f75·6e64·207c·206c·656e·6774··ls_found·|·lengt
000a5e30:·6820·3d3d·2030·0a20·2077·6865·6e3a·0a20··h·==·0.··when:.·000a5e30:·6820·3d3d·2030·0a20·2077·6865·6e3a·0a20··h·==·0.··when:.·
000a5e40:·202d·2027·2261·7564·6974·2220·696e·2061···-·'"audit"·in·a 
000a5e50:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac 
000a5e60:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib 
000a5e70:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio 
000a5e80:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·[" 
000a5e90:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",· 
000a5ea0:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma 
000a5eb0:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]000a5e40:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu
 000a5e50:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n
 000a5e60:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",
 000a5e70:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"
 000a5e80:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con
 000a5e90:·7461·696e·6572·225d·0a20·202d·2027·2261··tainer"].··-·'"a
 000a5ea0:·7564·6974·2220·696e·2061·6e73·6962·6c65··udit"·in·ansible
 000a5eb0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
000a5ec0:·0a20·202d·2061·7564·6974·5f61·7263·6820··.··-·audit_arch·000a5ec0:·0a20·202d·2061·7564·6974·5f61·7263·6820··.··-·audit_arch·
000a5ed0:·3d3d·2022·6236·3422·0a20·2074·6167·733a··==·"b64".··tags:000a5ed0:·3d3d·2022·6236·3422·0a20·2074·6167·733a··==·"b64".··tags:
000a5ee0:·0a20·202d·2043·4a49·532d·352e·342e·312e··.··-·CJIS-5.4.1.000a5ee0:·0a20·202d·2043·4a49·532d·352e·342e·312e··.··-·CJIS-5.4.1.
000a5ef0:·310a·2020·2d20·4449·5341·2d53·5449·472d··1.··-·DISA-STIG-000a5ef0:·310a·2020·2d20·4449·5341·2d53·5449·472d··1.··-·DISA-STIG-
000a5f00:·5248·454c·2d30·382d·3033·3034·3930·0a20··RHEL-08-030490.·000a5f00:·5248·454c·2d30·382d·3033·3034·3930·0a20··RHEL-08-030490.·
000a5f10:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-000a5f10:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-
000a5f20:·332e·312e·370a·2020·2d20·4e49·5354·2d38··3.1.7.··-·NIST-8000a5f20:·332e·312e·370a·2020·2d20·4e49·5354·2d38··3.1.7.··-·NIST-8
Offset 42511, 21 lines modifiedOffset 42511, 21 lines modified
000a60e0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla000a60e0:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
000a60f0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap000a60f0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
000a6100:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=000a6100:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=
000a6110:·2269·646d·3235·3339·3022·3e3c·7072·653e··"idm25390"><pre>000a6110:·2269·646d·3235·3339·3022·3e3c·7072·653e··"idm25390"><pre>
000a6120:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat000a6120:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat
000a6130:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl000a6130:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl
000a6140:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai000a6140:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai
000a6150:·6e20·706c·6174·666f·726d·730a·6966·2072··n·platforms.if·r000a6150:·6e20·706c·6174·666f·726d·730a·6966·205b··n·platforms.if·[
000a6160:·706d·202d·2d71·7569·6574·202d·7120·6175··pm·--quiet·-q·au 
000a6170:·6469·7420·2661·6d70·3b26·616d·703b·205b··dit·&amp;&amp;·[ 
000a6180:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren000a6160:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren
000a6190:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[000a6170:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[
000a61a0:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont000a6180:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont
000a61b0:·6169·6e65·7265·6e76·205d·3b20·7468·656e··ainerenv·];·then000a6190:·6169·6e65·7265·6e76·205d·2026·616d·703b··ainerenv·]·&amp;
 000a61a0:·2661·6d70·3b20·7270·6d20·2d2d·7175·6965··&amp;·rpm·--quie
 000a61b0:·7420·2d71·2061·7564·6974·3b20·7468·656e··t·-q·audit;·then
000a61c0:·0a0a·2320·4669·7273·7420·7065·7266·6f72··..#·First·perfor000a61c0:·0a0a·2320·4669·7273·7420·7065·7266·6f72··..#·First·perfor
000a61d0:·6d20·7468·6520·7265·6d65·6469·6174·696f··m·the·remediatio000a61d0:·6d20·7468·6520·7265·6d65·6469·6174·696f··m·the·remediatio
000a61e0:·6e20·6f66·2074·6865·2073·7973·6361·6c6c··n·of·the·syscall000a61e0:·6e20·6f66·2074·6865·2073·7973·6361·6c6c··n·of·the·syscall
000a61f0:·2072·756c·650a·2320·5265·7472·6965·7665···rule.#·Retrieve000a61f0:·2072·756c·650a·2320·5265·7472·6965·7665···rule.#·Retrieve
Max diff block lines reached; 407127/416641 bytes (97.72%) of diff not shown.
126 KB
html2text {}
    
Offset 69, 15 lines modifiedOffset 69, 15 lines modified
69 ····*·cpe:/o:redhat:enterprise_linux:8.769 ····*·cpe:/o:redhat:enterprise_linux:8.7
70 ····*·cpe:/o:redhat:enterprise_linux:8.870 ····*·cpe:/o:redhat:enterprise_linux:8.8
71 ····*·cpe:/o:redhat:enterprise_linux:8.971 ····*·cpe:/o:redhat:enterprise_linux:8.9
72 ····*·cpe:/o:redhat:enterprise_linux:872 ····*·cpe:/o:redhat:enterprise_linux:8
73 ····*·cpe:/o:centos:centos:873 ····*·cpe:/o:centos:centos:8
74 *****·Revision·History·*****74 *****·Revision·History·*****
75 Current·version:·0.1.6575 Current·version:·0.1.65
76 ····*·draft·(as·of·2024-01-14)76 ····*·draft·(as·of·2025-02-15)
77 *****·Table·of·Contents·*****77 *****·Table·of·Contents·*****
78 ···1.·System_Settings78 ···1.·System_Settings
79 ·········1.·Installing_and_Maintaining_Software79 ·········1.·Installing_and_Maintaining_Software
80 ·········2.·Account_and_Access_Control80 ·········2.·Account_and_Access_Control
81 ·········3.·System_Accounting_with_auditd81 ·········3.·System_Accounting_with_auditd
82 ·········4.·GRUB2_bootloader_configuration82 ·········4.·GRUB2_bootloader_configuration
83 ·········5.·Network_Configuration_and_Firewalls83 ·········5.·Network_Configuration_and_Firewalls
Offset 4422, 16 lines modifiedOffset 4422, 16 lines modified
4422 ··-·reboot_required4422 ··-·reboot_required
4423 ··-·restrict_strategy4423 ··-·restrict_strategy
  
4424 -·name:·Set·architecture·for·audit·chmod·tasks4424 -·name:·Set·architecture·for·audit·chmod·tasks
4425 ··set_fact:4425 ··set_fact:
4426 ····audit_arch:·b644426 ····audit_arch:·b64
4427 ··when:4427 ··when:
4428 ··-·'"audit"·in·ansible_facts.packages' 
4429 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4428 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4429 ··-·'"audit"·in·ansible_facts.packages'
4430 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture4430 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
4431 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"4431 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
4432 ··tags:4432 ··tags:
4433 ··-·CJIS-5.4.1.14433 ··-·CJIS-5.4.1.1
4434 ··-·DISA-STIG-RHEL-08-0304904434 ··-·DISA-STIG-RHEL-08-030490
4435 ··-·NIST-800-171-3.1.74435 ··-·NIST-800-171-3.1.7
4436 ··-·NIST-800-53-AU-12(c)4436 ··-·NIST-800-53-AU-12(c)
Offset 4568, 16 lines modifiedOffset 4568, 16 lines modified
4568 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10004568 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
4569 ········-F·auid!=unset·-F·key=perm_mod4569 ········-F·auid!=unset·-F·key=perm_mod
4570 ······create:·true4570 ······create:·true
4571 ······mode:·o-rwx4571 ······mode:·o-rwx
4572 ······state:·present4572 ······state:·present
4573 ····when:·syscalls_found·|·length·==·04573 ····when:·syscalls_found·|·length·==·0
4574 ··when:4574 ··when:
4575 ··-·'"audit"·in·ansible_facts.packages' 
4576 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4575 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4576 ··-·'"audit"·in·ansible_facts.packages'
4577 ··tags:4577 ··tags:
4578 ··-·CJIS-5.4.1.14578 ··-·CJIS-5.4.1.1
4579 ··-·DISA-STIG-RHEL-08-0304904579 ··-·DISA-STIG-RHEL-08-030490
4580 ··-·NIST-800-171-3.1.74580 ··-·NIST-800-171-3.1.7
4581 ··-·NIST-800-53-AU-12(c)4581 ··-·NIST-800-53-AU-12(c)
4582 ··-·NIST-800-53-AU-2(d)4582 ··-·NIST-800-53-AU-2(d)
4583 ··-·NIST-800-53-CM-6(a)4583 ··-·NIST-800-53-CM-6(a)
Offset 4712, 16 lines modifiedOffset 4712, 16 lines modified
4712 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10004712 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
4713 ········-F·auid!=unset·-F·key=perm_mod4713 ········-F·auid!=unset·-F·key=perm_mod
4714 ······create:·true4714 ······create:·true
4715 ······mode:·o-rwx4715 ······mode:·o-rwx
4716 ······state:·present4716 ······state:·present
4717 ····when:·syscalls_found·|·length·==·04717 ····when:·syscalls_found·|·length·==·0
4718 ··when:4718 ··when:
4719 ··-·'"audit"·in·ansible_facts.packages' 
4720 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4719 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4720 ··-·'"audit"·in·ansible_facts.packages'
4721 ··-·audit_arch·==·"b64"4721 ··-·audit_arch·==·"b64"
4722 ··tags:4722 ··tags:
4723 ··-·CJIS-5.4.1.14723 ··-·CJIS-5.4.1.1
4724 ··-·DISA-STIG-RHEL-08-0304904724 ··-·DISA-STIG-RHEL-08-030490
4725 ··-·NIST-800-171-3.1.74725 ··-·NIST-800-171-3.1.7
4726 ··-·NIST-800-53-AU-12(c)4726 ··-·NIST-800-53-AU-12(c)
4727 ··-·NIST-800-53-AU-2(d)4727 ··-·NIST-800-53-AU-2(d)
Offset 4731, 15 lines modifiedOffset 4731, 15 lines modified
4731 ··-·low_complexity4731 ··-·low_complexity
4732 ··-·low_disruption4732 ··-·low_disruption
4733 ··-·medium_severity4733 ··-·medium_severity
4734 ··-·reboot_required4734 ··-·reboot_required
4735 ··-·restrict_strategy4735 ··-·restrict_strategy
4736 Remediation_Shell_script_⇲4736 Remediation_Shell_script_⇲
4737 #·Remediation·is·applicable·only·in·certain·platforms4737 #·Remediation·is·applicable·only·in·certain·platforms
4738 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then4738 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
4739 #·First·perform·the·remediation·of·the·syscall·rule4739 #·First·perform·the·remediation·of·the·syscall·rule
4740 #·Retrieve·hardware·architecture·of·the·underlying·system4740 #·Retrieve·hardware·architecture·of·the·underlying·system
4741 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")4741 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
4742 for·ARCH·in·"${RULE_ARCHS[@]}"4742 for·ARCH·in·"${RULE_ARCHS[@]}"
4743 do4743 do
Offset 5100, 16 lines modifiedOffset 5100, 16 lines modified
5100 ··-·reboot_required5100 ··-·reboot_required
5101 ··-·restrict_strategy5101 ··-·restrict_strategy
  
5102 -·name:·Set·architecture·for·audit·chown·tasks5102 -·name:·Set·architecture·for·audit·chown·tasks
5103 ··set_fact:5103 ··set_fact:
5104 ····audit_arch:·b645104 ····audit_arch:·b64
5105 ··when:5105 ··when:
5106 ··-·'"audit"·in·ansible_facts.packages' 
5107 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5106 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5107 ··-·'"audit"·in·ansible_facts.packages'
5108 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture5108 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
5109 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"5109 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
5110 ··tags:5110 ··tags:
5111 ··-·CJIS-5.4.1.15111 ··-·CJIS-5.4.1.1
5112 ··-·DISA-STIG-RHEL-08-0304805112 ··-·DISA-STIG-RHEL-08-030480
5113 ··-·NIST-800-171-3.1.75113 ··-·NIST-800-171-3.1.7
5114 ··-·NIST-800-53-AU-12(c)5114 ··-·NIST-800-53-AU-12(c)
Offset 5248, 16 lines modifiedOffset 5248, 16 lines modified
5248 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10005248 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
5249 ········-F·auid!=unset·-F·key=perm_mod5249 ········-F·auid!=unset·-F·key=perm_mod
5250 ······create:·true5250 ······create:·true
5251 ······mode:·o-rwx5251 ······mode:·o-rwx
5252 ······state:·present5252 ······state:·present
5253 ····when:·syscalls_found·|·length·==·05253 ····when:·syscalls_found·|·length·==·0
5254 ··when:5254 ··when:
5255 ··-·'"audit"·in·ansible_facts.packages' 
5256 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5255 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5256 ··-·'"audit"·in·ansible_facts.packages'
5257 ··tags:5257 ··tags:
5258 ··-·CJIS-5.4.1.15258 ··-·CJIS-5.4.1.1
5259 ··-·DISA-STIG-RHEL-08-0304805259 ··-·DISA-STIG-RHEL-08-030480
5260 ··-·NIST-800-171-3.1.75260 ··-·NIST-800-171-3.1.7
5261 ··-·NIST-800-53-AU-12(c)5261 ··-·NIST-800-53-AU-12(c)
5262 ··-·NIST-800-53-AU-2(d)5262 ··-·NIST-800-53-AU-2(d)
5263 ··-·NIST-800-53-CM-6(a)5263 ··-·NIST-800-53-CM-6(a)
Offset 5394, 16 lines modifiedOffset 5394, 16 lines modified
5394 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10005394 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
5395 ········-F·auid!=unset·-F·key=perm_mod5395 ········-F·auid!=unset·-F·key=perm_mod
5396 ······create:·true5396 ······create:·true
5397 ······mode:·o-rwx5397 ······mode:·o-rwx
5398 ······state:·present5398 ······state:·present
Max diff block lines reached; 124518/129021 bytes (96.51%) of diff not shown.
32.1 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-cui.html
    
Offset 14581, 16 lines modifiedOffset 14581, 16 lines modified
00038f40:·6973·696f·6e20·4869·7374·6f72·793c·2f68··ision·History</h00038f40:·6973·696f·6e20·4869·7374·6f72·793c·2f68··ision·History</h
00038f50:·323e·3c70·3e43·7572·7265·6e74·2076·6572··2><p>Current·ver00038f50:·323e·3c70·3e43·7572·7265·6e74·2076·6572··2><p>Current·ver
00038f60:·7369·6f6e·3a20·3c73·7472·6f6e·673e·302e··sion:·<strong>0.00038f60:·7369·6f6e·3a20·3c73·7472·6f6e·673e·302e··sion:·<strong>0.
00038f70:·312e·3635·3c2f·7374·726f·6e67·3e3c·2f70··1.65</strong></p00038f70:·312e·3635·3c2f·7374·726f·6e67·3e3c·2f70··1.65</strong></p
00038f80:·3e3c·756c·3e3c·6c69·3e3c·7374·726f·6e67··><ul><li><strong00038f80:·3e3c·756c·3e3c·6c69·3e3c·7374·726f·6e67··><ul><li><strong
00038f90:·3e64·7261·6674·3c2f·7374·726f·6e67·3e0a··>draft</strong>.00038f90:·3e64·7261·6674·3c2f·7374·726f·6e67·3e0a··>draft</strong>.
00038fa0:·2020·2020·2020·2020·2020·2020·2020·2020··················00038fa0:·2020·2020·2020·2020·2020·2020·2020·2020··················
00038fb0:·2020·2020·2861·7320·6f66·2032·3032·342d······(as·of·2024-00038fb0:·2020·2020·2861·7320·6f66·2032·3032·352d······(as·of·2025-
00038fc0:·3031·2d31·3429·0a20·2020·2020·2020·2020··01-14).·········00038fc0:·3032·2d31·3529·0a20·2020·2020·2020·2020··02-15).·········
00038fd0:·2020·2020·2020·203c·2f6c·693e·3c2f·756c·········</li></ul00038fd0:·2020·2020·2020·203c·2f6c·693e·3c2f·756c·········</li></ul
00038fe0:·3e3c·2f64·6976·3e3c·6832·3e54·6162·6c65··></div><h2>Table00038fe0:·3e3c·2f64·6976·3e3c·6832·3e54·6162·6c65··></div><h2>Table
00038ff0:·206f·6620·436f·6e74·656e·7473·3c2f·6832···of·Contents</h200038ff0:·206f·6620·436f·6e74·656e·7473·3c2f·6832···of·Contents</h2
00039000:·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872·6566··><ol><li><a·href00039000:·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872·6566··><ol><li><a·href
00039010:·3d22·2378·6363·6466·5f6f·7267·2e73·7367··="#xccdf_org.ssg00039010:·3d22·2378·6363·6466·5f6f·7267·2e73·7367··="#xccdf_org.ssg
00039020:·7072·6f6a·6563·742e·636f·6e74·656e·745f··project.content_00039020:·7072·6f6a·6563·742e·636f·6e74·656e·745f··project.content_
00039030:·6772·6f75·705f·7379·7374·656d·223e·5379··group_system">Sy00039030:·6772·6f75·705f·7379·7374·656d·223e·5379··group_system">Sy
Offset 58501, 23 lines modifiedOffset 58501, 23 lines modified
000e4840:·6567·6578·703a·205e·5c73·2a66·6c75·7368··egexp:·^\s*flush000e4840:·6567·6578·703a·205e·5c73·2a66·6c75·7368··egexp:·^\s*flush
000e4850:·5c73·2a3d·5c73·2a2e·2a24·0a20·2020·206c··\s*=\s*.*$.····l000e4850:·5c73·2a3d·5c73·2a2e·2a24·0a20·2020·206c··\s*=\s*.*$.····l
000e4860:·696e·653a·2066·6c75·7368·203d·207b·7b20··ine:·flush·=·{{·000e4860:·696e·653a·2066·6c75·7368·203d·207b·7b20··ine:·flush·=·{{·
000e4870:·7661·725f·6175·6469·7464·5f66·6c75·7368··var_auditd_flush000e4870:·7661·725f·6175·6469·7464·5f66·6c75·7368··var_auditd_flush
000e4880:·207d·7d0a·2020·2020·7374·6174·653a·2070···}}.····state:·p000e4880:·207d·7d0a·2020·2020·7374·6174·653a·2070···}}.····state:·p
000e4890:·7265·7365·6e74·0a20·2020·2063·7265·6174··resent.····creat000e4890:·7265·7365·6e74·0a20·2020·2063·7265·6174··resent.····creat
000e48a0:·653a·2074·7275·650a·2020·7768·656e·3a0a··e:·true.··when:.000e48a0:·653a·2074·7275·650a·2020·7768·656e·3a0a··e:·true.··when:.
000e48b0:·2020·2d20·2722·6175·6469·7422·2069·6e20····-·'"audit"·in· 
000e48c0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa 
000e48d0:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi 
000e48e0:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati 
000e48f0:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[ 
000e4900:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc", 
000e4910:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm 
000e4920:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"000e48b0:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt
 000e48c0:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type·
 000e48d0:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker"
 000e48e0:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz
 000e48f0:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co
 000e4900:·6e74·6169·6e65·7222·5d0a·2020·2d20·2722··ntainer"].··-·'"
 000e4910:·6175·6469·7422·2069·6e20·616e·7369·626c··audit"·in·ansibl
 000e4920:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
000e4930:·5d0a·2020·7461·6773·3a0a·2020·2d20·4e49··].··tags:.··-·NI000e4930:·270a·2020·7461·6773·3a0a·2020·2d20·4e49··'.··tags:.··-·NI
000e4940:·5354·2d38·3030·2d31·3731·2d33·2e33·2e31··ST-800-171-3.3.1000e4940:·5354·2d38·3030·2d31·3731·2d33·2e33·2e31··ST-800-171-3.3.1
000e4950:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53000e4950:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
000e4960:·2d41·552d·3131·0a20·202d·204e·4953·542d··-AU-11.··-·NIST-000e4960:·2d41·552d·3131·0a20·202d·204e·4953·542d··-AU-11.··-·NIST-
000e4970:·3830·302d·3533·2d43·4d2d·3628·6129·0a20··800-53-CM-6(a).·000e4970:·3830·302d·3533·2d43·4d2d·3628·6129·0a20··800-53-CM-6(a).·
000e4980:·202d·2061·7564·6974·645f·6461·7461·5f72···-·auditd_data_r000e4980:·202d·2061·7564·6974·645f·6461·7461·5f72···-·auditd_data_r
000e4990:·6574·656e·7469·6f6e·5f66·6c75·7368·0a20··etention_flush.·000e4990:·6574·656e·7469·6f6e·5f66·6c75·7368·0a20··etention_flush.·
000e49a0:·202d·206c·6f77·5f63·6f6d·706c·6578·6974···-·low_complexit000e49a0:·202d·206c·6f77·5f63·6f6d·706c·6578·6974···-·low_complexit
Offset 58543, 20 lines modifiedOffset 58543, 20 lines modified
000e4ae0:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col000e4ae0:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col
000e4af0:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·000e4af0:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·
000e4b00:·6964·3d22·6964·6d33·3832·3436·223e·3c70··id="idm38246"><p000e4b00:·6964·3d22·6964·6d33·3832·3436·223e·3c70··id="idm38246"><p
000e4b10:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed000e4b10:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed
000e4b20:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic000e4b20:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic
000e4b30:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer000e4b30:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer
000e4b40:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i000e4b40:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i
000e4b50:·6620·7270·6d20·2d2d·7175·6965·7420·2d71··f·rpm·--quiet·-q 
000e4b60:·2061·7564·6974·2026·616d·703b·2661·6d70···audit·&amp;&amp 
000e4b70:·3b20·5b20·2120·2d66·202f·2e64·6f63·6b65··;·[·!·-f·/.docke000e4b50:·6620·5b20·2120·2d66·202f·2e64·6f63·6b65··f·[·!·-f·/.docke
000e4b80:·7265·6e76·205d·2026·616d·703b·2661·6d70··renv·]·&amp;&amp000e4b60:·7265·6e76·205d·2026·616d·703b·2661·6d70··renv·]·&amp;&amp
000e4b90:·3b20·5b20·2120·2d66·202f·7275·6e2f·2e63··;·[·!·-f·/run/.c000e4b70:·3b20·5b20·2120·2d66·202f·7275·6e2f·2e63··;·[·!·-f·/run/.c
000e4ba0:·6f6e·7461·696e·6572·656e·7620·5d3b·2074··ontainerenv·];·t000e4b80:·6f6e·7461·696e·6572·656e·7620·5d20·2661··ontainerenv·]·&a
 000e4b90:·6d70·3b26·616d·703b·2072·706d·202d·2d71··mp;&amp;·rpm·--q
 000e4ba0:·7569·6574·202d·7120·6175·6469·743b·2074··uiet·-q·audit;·t
000e4bb0:·6865·6e0a·0a76·6172·5f61·7564·6974·645f··hen..var_auditd_000e4bb0:·6865·6e0a·0a76·6172·5f61·7564·6974·645f··hen..var_auditd_
000e4bc0:·666c·7573·683d·273c·6162·6272·2074·6974··flush='<abbr·tit000e4bc0:·666c·7573·683d·273c·6162·6272·2074·6974··flush='<abbr·tit
000e4bd0:·6c65·3d22·6672·6f6d·2050·726f·6669·6c65··le="from·Profile000e4bd0:·6c65·3d22·6672·6f6d·2050·726f·6669·6c65··le="from·Profile
000e4be0:·2f72·6566·696e·652d·7661·6c75·653a·2078··/refine-value:·x000e4be0:·2f72·6566·696e·652d·7661·6c75·653a·2078··/refine-value:·x
000e4bf0:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj000e4bf0:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj
000e4c00:·6563·742e·636f·6e74·656e·745f·7661·6c75··ect.content_valu000e4c00:·6563·742e·636f·6e74·656e·745f·7661·6c75··ect.content_valu
000e4c10:·655f·7661·725f·6175·6469·7464·5f66·6c75··e_var_auditd_flu000e4c10:·655f·7661·725f·6175·6469·7464·5f66·6c75··e_var_auditd_flu
Offset 59012, 23 lines modifiedOffset 59012, 23 lines modified
000e6830:·6175·6469·742f·6175·6469·7464·2e63·6f6e··audit/auditd.con000e6830:·6175·6469·742f·6175·6469·7464·2e63·6f6e··audit/auditd.con
000e6840:·660a·2020·2020·2020·6372·6561·7465·3a20··f.······create:·000e6840:·660a·2020·2020·2020·6372·6561·7465·3a20··f.······create:·
000e6850:·7472·7565·0a20·2020·2020·2072·6567·6578··true.······regex000e6850:·7472·7565·0a20·2020·2020·2072·6567·6578··true.······regex
000e6860:·703a·2028·3f69·295e·5c73·2a66·7265·715c··p:·(?i)^\s*freq\000e6860:·703a·2028·3f69·295e·5c73·2a66·7265·715c··p:·(?i)^\s*freq\
000e6870:·732a·3d5c·732a·0a20·2020·2020·206c·696e··s*=\s*.······lin000e6870:·732a·3d5c·732a·0a20·2020·2020·206c·696e··s*=\s*.······lin
000e6880:·653a·2066·7265·7120·3d20·3530·0a20·2020··e:·freq·=·50.···000e6880:·653a·2066·7265·7120·3d20·3530·0a20·2020··e:·freq·=·50.···
000e6890:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen000e6890:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen
000e68a0:·740a·2020·7768·656e·3a0a·2020·2d20·2722··t.··when:.··-·'"000e68a0:·740a·2020·7768·656e·3a0a·2020·2d20·616e··t.··when:.··-·an
000e68b0:·6175·6469·7422·2069·6e20·616e·7369·626c··audit"·in·ansibl 
000e68c0:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages 
000e68d0:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi 
000e68e0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ 
000e68f0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke 
000e6900:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open 
000e6910:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·" 
000e6920:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta000e68b0:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
 000e68c0:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
 000e68d0:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
 000e68e0:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
 000e68f0:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
 000e6900:·7222·5d0a·2020·2d20·2722·6175·6469·7422··r"].··-·'"audit"
 000e6910:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 000e6920:·732e·7061·636b·6167·6573·270a·2020·7461··s.packages'.··ta
000e6930:·6773·3a0a·2020·2d20·4e49·5354·2d38·3030··gs:.··-·NIST-800000e6930:·6773·3a0a·2020·2d20·4e49·5354·2d38·3030··gs:.··-·NIST-800
000e6940:·2d35·332d·434d·2d36·0a20·202d·2061·7564··-53-CM-6.··-·aud000e6940:·2d35·332d·434d·2d36·0a20·202d·2061·7564··-53-CM-6.··-·aud
000e6950:·6974·645f·6672·6571·0a20·202d·206c·6f77··itd_freq.··-·low000e6950:·6974·645f·6672·6571·0a20·202d·206c·6f77··itd_freq.··-·low
000e6960:·5f63·6f6d·706c·6578·6974·790a·2020·2d20··_complexity.··-·000e6960:·5f63·6f6d·706c·6578·6974·790a·2020·2d20··_complexity.··-·
000e6970:·6c6f·775f·6469·7372·7570·7469·6f6e·0a20··low_disruption.·000e6970:·6c6f·775f·6469·7372·7570·7469·6f6e·0a20··low_disruption.·
000e6980:·202d·206d·6564·6975·6d5f·7365·7665·7269···-·medium_severi000e6980:·202d·206d·6564·6975·6d5f·7365·7665·7269···-·medium_severi
000e6990:·7479·0a20·202d·206e·6f5f·7265·626f·6f74··ty.··-·no_reboot000e6990:·7479·0a20·202d·206e·6f5f·7265·626f·6f74··ty.··-·no_reboot
Offset 59063, 20 lines modifiedOffset 59063, 20 lines modified
000e6b60:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t000e6b60:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t
000e6b70:·683e·3c74·643e·7265·7374·7269·6374·3c2f··h><td>restrict</000e6b70:·683e·3c74·643e·7265·7374·7269·6374·3c2f··h><td>restrict</
000e6b80:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>000e6b80:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>
000e6b90:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem000e6b90:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem
000e6ba0:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl000e6ba0:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl
000e6bb0:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c000e6bb0:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c
000e6bc0:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms000e6bc0:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms
000e6bd0:·0a69·6620·7270·6d20·2d2d·7175·6965·7420··.if·rpm·--quiet· 
000e6be0:·2d71·2061·7564·6974·2026·616d·703b·2661··-q·audit·&amp;&a 
000e6bf0:·6d70·3b20·5b20·2120·2d66·202f·2e64·6f63··mp;·[·!·-f·/.doc000e6bd0:·0a69·6620·5b20·2120·2d66·202f·2e64·6f63··.if·[·!·-f·/.doc
000e6c00:·6b65·7265·6e76·205d·2026·616d·703b·2661··kerenv·]·&amp;&a000e6be0:·6b65·7265·6e76·205d·2026·616d·703b·2661··kerenv·]·&amp;&a
000e6c10:·6d70·3b20·5b20·2120·2d66·202f·7275·6e2f··mp;·[·!·-f·/run/000e6bf0:·6d70·3b20·5b20·2120·2d66·202f·7275·6e2f··mp;·[·!·-f·/run/
000e6c20:·2e63·6f6e·7461·696e·6572·656e·7620·5d3b··.containerenv·];000e6c00:·2e63·6f6e·7461·696e·6572·656e·7620·5d20··.containerenv·]·
 000e6c10:·2661·6d70·3b26·616d·703b·2072·706d·202d··&amp;&amp;·rpm·-
 000e6c20:·2d71·7569·6574·202d·7120·6175·6469·743b··-quiet·-q·audit;
000e6c30:·2074·6865·6e0a·0a69·6620·5b20·2d65·2022···then..if·[·-e·"000e6c30:·2074·6865·6e0a·0a69·6620·5b20·2d65·2022···then..if·[·-e·"
000e6c40:·2f65·7463·2f61·7564·6974·2f61·7564·6974··/etc/audit/audit000e6c40:·2f65·7463·2f61·7564·6974·2f61·7564·6974··/etc/audit/audit
000e6c50:·642e·636f·6e66·2220·5d20·3b20·7468·656e··d.conf"·]·;·then000e6c50:·642e·636f·6e66·2220·5d20·3b20·7468·656e··d.conf"·]·;·then
000e6c60:·0a20·2020·200a·2020·2020·4c43·5f41·4c4c··.····.····LC_ALL000e6c60:·0a20·2020·200a·2020·2020·4c43·5f41·4c4c··.····.····LC_ALL
000e6c70:·3d43·2073·6564·202d·6920·222f·5e5c·732a··=C·sed·-i·"/^\s*000e6c70:·3d43·2073·6564·202d·6920·222f·5e5c·732a··=C·sed·-i·"/^\s*
000e6c80:·6672·6571·5c73·2a3d·5c73·2a2f·4964·2220··freq\s*=\s*/Id"·000e6c80:·6672·6571·5c73·2a3d·5c73·2a2f·4964·2220··freq\s*=\s*/Id"·
000e6c90:·222f·6574·632f·6175·6469·742f·6175·6469··"/etc/audit/audi000e6c90:·222f·6574·632f·6175·6469·742f·6175·6469··"/etc/audit/audi
Offset 59486, 23 lines modifiedOffset 59486, 23 lines modified
000e85d0:·6174·653a·2074·7275·650a·2020·2020·2020··ate:·true.······000e85d0:·6174·653a·2074·7275·650a·2020·2020·2020··ate:·true.······
000e85e0:·7265·6765·7870·3a20·283f·6929·5e5c·732a··regexp:·(?i)^\s*000e85e0:·7265·6765·7870·3a20·283f·6929·5e5c·732a··regexp:·(?i)^\s*
Max diff block lines reached; 16328/25937 bytes (62.95%) of diff not shown.
6.64 KB
html2text {}
    
Offset 79, 15 lines modifiedOffset 79, 15 lines modified
79 ····*·cpe:/o:redhat:enterprise_linux:8.779 ····*·cpe:/o:redhat:enterprise_linux:8.7
80 ····*·cpe:/o:redhat:enterprise_linux:8.880 ····*·cpe:/o:redhat:enterprise_linux:8.8
81 ····*·cpe:/o:redhat:enterprise_linux:8.981 ····*·cpe:/o:redhat:enterprise_linux:8.9
82 ····*·cpe:/o:redhat:enterprise_linux:882 ····*·cpe:/o:redhat:enterprise_linux:8
83 ····*·cpe:/o:centos:centos:883 ····*·cpe:/o:centos:centos:8
84 *****·Revision·History·*****84 *****·Revision·History·*****
85 Current·version:·0.1.6585 Current·version:·0.1.65
86 ····*·draft·(as·of·2024-01-14)86 ····*·draft·(as·of·2025-02-15)
87 *****·Table·of·Contents·*****87 *****·Table·of·Contents·*****
88 ···1.·System_Settings88 ···1.·System_Settings
89 ·········1.·Installing_and_Maintaining_Software89 ·········1.·Installing_and_Maintaining_Software
90 ·········2.·Account_and_Access_Control90 ·········2.·Account_and_Access_Control
91 ·········3.·System_Accounting_with_auditd91 ·········3.·System_Accounting_with_auditd
92 ·········4.·GRUB2_bootloader_configuration92 ·········4.·GRUB2_bootloader_configuration
93 ·········5.·zIPL_bootloader_configuration93 ·········5.·zIPL_bootloader_configuration
Offset 7769, 29 lines modifiedOffset 7769, 29 lines modified
7769 ··lineinfile:7769 ··lineinfile:
7770 ····dest:·/etc/audit/auditd.conf7770 ····dest:·/etc/audit/auditd.conf
7771 ····regexp:·^\s*flush\s*=\s*.*$7771 ····regexp:·^\s*flush\s*=\s*.*$
7772 ····line:·flush·=·{{·var_auditd_flush·}}7772 ····line:·flush·=·{{·var_auditd_flush·}}
7773 ····state:·present7773 ····state:·present
7774 ····create:·true7774 ····create:·true
7775 ··when:7775 ··when:
7776 ··-·'"audit"·in·ansible_facts.packages' 
7777 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]7776 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 7777 ··-·'"audit"·in·ansible_facts.packages'
7778 ··tags:7778 ··tags:
7779 ··-·NIST-800-171-3.3.17779 ··-·NIST-800-171-3.3.1
7780 ··-·NIST-800-53-AU-117780 ··-·NIST-800-53-AU-11
7781 ··-·NIST-800-53-CM-6(a)7781 ··-·NIST-800-53-CM-6(a)
7782 ··-·auditd_data_retention_flush7782 ··-·auditd_data_retention_flush
7783 ··-·low_complexity7783 ··-·low_complexity
7784 ··-·low_disruption7784 ··-·low_disruption
7785 ··-·medium_severity7785 ··-·medium_severity
7786 ··-·no_reboot_needed7786 ··-·no_reboot_needed
7787 ··-·restrict_strategy7787 ··-·restrict_strategy
7788 Remediation_Shell_script_⇲7788 Remediation_Shell_script_⇲
7789 #·Remediation·is·applicable·only·in·certain·platforms7789 #·Remediation·is·applicable·only·in·certain·platforms
7790 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then7790 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
7791 var_auditd_flush='incremental_async'7791 var_auditd_flush='incremental_async'
  
  
7792 AUDITCONFIG=/etc/audit/auditd.conf7792 AUDITCONFIG=/etc/audit/auditd.conf
  
7793 #·if·flush·is·present,·flush·param·edited·to·var_auditd_flush7793 #·if·flush·is·present,·flush·param·edited·to·var_auditd_flush
Offset 7888, 30 lines modifiedOffset 7888, 30 lines modified
7888 ····lineinfile:7888 ····lineinfile:
7889 ······path:·/etc/audit/auditd.conf7889 ······path:·/etc/audit/auditd.conf
7890 ······create:·true7890 ······create:·true
7891 ······regexp:·(?i)^\s*freq\s*=\s*7891 ······regexp:·(?i)^\s*freq\s*=\s*
7892 ······line:·freq·=·507892 ······line:·freq·=·50
7893 ······state:·present7893 ······state:·present
7894 ··when:7894 ··when:
7895 ··-·'"audit"·in·ansible_facts.packages' 
7896 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]7895 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 7896 ··-·'"audit"·in·ansible_facts.packages'
7897 ··tags:7897 ··tags:
7898 ··-·NIST-800-53-CM-67898 ··-·NIST-800-53-CM-6
7899 ··-·auditd_freq7899 ··-·auditd_freq
7900 ··-·low_complexity7900 ··-·low_complexity
7901 ··-·low_disruption7901 ··-·low_disruption
7902 ··-·medium_severity7902 ··-·medium_severity
7903 ··-·no_reboot_needed7903 ··-·no_reboot_needed
7904 ··-·restrict_strategy7904 ··-·restrict_strategy
7905 Remediation_Shell_script_⇲7905 Remediation_Shell_script_⇲
7906 Complexity:·low7906 Complexity:·low
7907 Disruption:·low7907 Disruption:·low
7908 Strategy:···restrict7908 Strategy:···restrict
7909 #·Remediation·is·applicable·only·in·certain·platforms7909 #·Remediation·is·applicable·only·in·certain·platforms
7910 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then7910 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
7911 if·[·-e·"/etc/audit/auditd.conf"·]·;·then7911 if·[·-e·"/etc/audit/auditd.conf"·]·;·then
  
7912 ····LC_ALL=C·sed·-i·"/^\s*freq\s*=\s*/Id"·"/etc/audit/auditd.conf"7912 ····LC_ALL=C·sed·-i·"/^\s*freq\s*=\s*/Id"·"/etc/audit/auditd.conf"
7913 else7913 else
7914 ····touch·"/etc/audit/auditd.conf"7914 ····touch·"/etc/audit/auditd.conf"
7915 fi7915 fi
Offset 7994, 31 lines modifiedOffset 7994, 31 lines modified
7994 ····lineinfile:7994 ····lineinfile:
7995 ······path:·/etc/audit/auditd.conf7995 ······path:·/etc/audit/auditd.conf
7996 ······create:·true7996 ······create:·true
7997 ······regexp:·(?i)^\s*local_events\s*=\s*7997 ······regexp:·(?i)^\s*local_events\s*=\s*
7998 ······line:·local_events·=·yes7998 ······line:·local_events·=·yes
7999 ······state:·present7999 ······state:·present
8000 ··when:8000 ··when:
8001 ··-·'"audit"·in·ansible_facts.packages' 
8002 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8001 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 8002 ··-·'"audit"·in·ansible_facts.packages'
8003 ··tags:8003 ··tags:
8004 ··-·DISA-STIG-RHEL-08-0300618004 ··-·DISA-STIG-RHEL-08-030061
8005 ··-·NIST-800-53-CM-68005 ··-·NIST-800-53-CM-6
8006 ··-·auditd_local_events8006 ··-·auditd_local_events
8007 ··-·low_complexity8007 ··-·low_complexity
8008 ··-·low_disruption8008 ··-·low_disruption
8009 ··-·medium_severity8009 ··-·medium_severity
8010 ··-·no_reboot_needed8010 ··-·no_reboot_needed
8011 ··-·restrict_strategy8011 ··-·restrict_strategy
8012 Remediation_Shell_script_⇲8012 Remediation_Shell_script_⇲
8013 Complexity:·low8013 Complexity:·low
8014 Disruption:·low8014 Disruption:·low
8015 Strategy:···restrict8015 Strategy:···restrict
8016 #·Remediation·is·applicable·only·in·certain·platforms8016 #·Remediation·is·applicable·only·in·certain·platforms
8017 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then8017 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
8018 if·[·-e·"/etc/audit/auditd.conf"·]·;·then8018 if·[·-e·"/etc/audit/auditd.conf"·]·;·then
  
8019 ····LC_ALL=C·sed·-i·"/^\s*local_events\s*=\s*/Id"·"/etc/audit/auditd.conf"8019 ····LC_ALL=C·sed·-i·"/^\s*local_events\s*=\s*/Id"·"/etc/audit/auditd.conf"
8020 else8020 else
8021 ····touch·"/etc/audit/auditd.conf"8021 ····touch·"/etc/audit/auditd.conf"
8022 fi8022 fi
Offset 8102, 16 lines modifiedOffset 8102, 16 lines modified
8102 ····lineinfile:8102 ····lineinfile:
8103 ······path:·/etc/audit/auditd.conf8103 ······path:·/etc/audit/auditd.conf
8104 ······create:·true8104 ······create:·true
8105 ······regexp:·(?i)^\s*log_format\s*=\s*8105 ······regexp:·(?i)^\s*log_format\s*=\s*
8106 ······line:·log_format·=·ENRICHED8106 ······line:·log_format·=·ENRICHED
8107 ······state:·present8107 ······state:·present
8108 ··when:8108 ··when:
8109 ··-·'"audit"·in·ansible_facts.packages' 
8110 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8109 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 8110 ··-·'"audit"·in·ansible_facts.packages'
8111 ··tags:8111 ··tags:
8112 ··-·DISA-STIG-RHEL-08-0300638112 ··-·DISA-STIG-RHEL-08-030063
8113 ··-·NIST-800-53-AU-38113 ··-·NIST-800-53-AU-3
8114 ··-·NIST-800-53-CM-68114 ··-·NIST-800-53-CM-6
8115 ··-·auditd_log_format8115 ··-·auditd_log_format
Max diff block lines reached; 2647/6779 bytes (39.05%) of diff not shown.
357 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-e8.html
    
Offset 14548, 15 lines modifiedOffset 14548, 15 lines modified
00038d30:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>00038d30:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>
00038d40:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:00038d40:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:
00038d50:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<00038d50:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<
00038d60:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>00038d60:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>
00038d70:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf00038d70:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf
00038d80:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····00038d80:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····
00038d90:·2020·2020·2020·2020·2020·2020·2020·2028·················(00038d90:·2020·2020·2020·2020·2020·2020·2020·2028·················(
00038da0:·6173·206f·6620·3230·3234·2d30·312d·3134··as·of·2024-01-1400038da0:·6173·206f·6620·3230·3235·2d30·322d·3135··as·of·2025-02-15
00038db0:·290a·2020·2020·2020·2020·2020·2020·2020··).··············00038db0:·290a·2020·2020·2020·2020·2020·2020·2020··).··············
00038dc0:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di00038dc0:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di
00038dd0:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C00038dd0:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C
00038de0:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>00038de0:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>
00038df0:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc00038df0:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc
00038e00:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje00038e00:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje
00038e10:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group00038e10:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group
Offset 29272, 23 lines modifiedOffset 29272, 23 lines modified
00072570:·6564·0a20·202d·2072·6573·7472·6963·745f··ed.··-·restrict_00072570:·6564·0a20·202d·2072·6573·7472·6963·745f··ed.··-·restrict_
00072580:·7374·7261·7465·6779·0a0a·2d20·6e61·6d65··strategy..-·name00072580:·7374·7261·7465·6779·0a0a·2d20·6e61·6d65··strategy..-·name
00072590:·3a20·5365·7420·6172·6368·6974·6563·7475··:·Set·architectu00072590:·3a20·5365·7420·6172·6368·6974·6563·7475··:·Set·architectu
000725a0:·7265·2066·6f72·2061·7564·6974·2063·686d··re·for·audit·chm000725a0:·7265·2066·6f72·2061·7564·6974·2063·686d··re·for·audit·chm
000725b0:·6f64·2074·6173·6b73·0a20·2073·6574·5f66··od·tasks.··set_f000725b0:·6f64·2074·6173·6b73·0a20·2073·6574·5f66··od·tasks.··set_f
000725c0:·6163·743a·0a20·2020·2061·7564·6974·5f61··act:.····audit_a000725c0:·6163·743a·0a20·2020·2061·7564·6974·5f61··act:.····audit_a
000725d0:·7263·683a·2062·3634·0a20·2077·6865·6e3a··rch:·b64.··when:000725d0:·7263·683a·2062·3634·0a20·2077·6865·6e3a··rch:·b64.··when:
000725e0:·0a20·202d·2027·2261·7564·6974·2220·696e··.··-·'"audit"·in 
000725f0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
00072600:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans 
00072610:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat 
00072620:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in· 
00072630:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc" 
00072640:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod 
00072650:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container000725e0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
 000725f0:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
 00072600:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
 00072610:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
 00072620:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
 00072630:·6f6e·7461·696e·6572·225d·0a20·202d·2027··ontainer"].··-·'
 00072640:·2261·7564·6974·2220·696e·2061·6e73·6962··"audit"·in·ansib
 00072650:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
00072660:·225d·0a20·202d·2061·6e73·6962·6c65·5f61··"].··-·ansible_a00072660:·7327·0a20·202d·2061·6e73·6962·6c65·5f61··s'.··-·ansible_a
00072670:·7263·6869·7465·6374·7572·6520·3d3d·2022··rchitecture·==·"00072670:·7263·6869·7465·6374·7572·6520·3d3d·2022··rchitecture·==·"
00072680:·6161·7263·6836·3422·206f·7220·616e·7369··aarch64"·or·ansi00072680:·6161·7263·6836·3422·206f·7220·616e·7369··aarch64"·or·ansi
00072690:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture00072690:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture
000726a0:·203d·3d20·2270·7063·3634·2220·6f72·2061···==·"ppc64"·or·a000726a0:·203d·3d20·2270·7063·3634·2220·6f72·2061···==·"ppc64"·or·a
000726b0:·6e73·6962·6c65·5f61·7263·6869·7465·6374··nsible_architect000726b0:·6e73·6962·6c65·5f61·7263·6869·7465·6374··nsible_architect
000726c0:·7572·650a·2020·2020·3d3d·2022·7070·6336··ure.····==·"ppc6000726c0:·7572·650a·2020·2020·3d3d·2022·7070·6336··ure.····==·"ppc6
000726d0:·346c·6522·206f·7220·616e·7369·626c·655f··4le"·or·ansible_000726d0:·346c·6522·206f·7220·616e·7369·626c·655f··4le"·or·ansible_
Offset 29595, 23 lines modifiedOffset 29595, 23 lines modified
000739a0:·793d·7065·726d·5f6d·6f64·0a20·2020·2020··y=perm_mod.·····000739a0:·793d·7065·726d·5f6d·6f64·0a20·2020·2020··y=perm_mod.·····
000739b0:·2063·7265·6174·653a·2074·7275·650a·2020···create:·true.··000739b0:·2063·7265·6174·653a·2074·7275·650a·2020···create:·true.··
000739c0:·2020·2020·6d6f·6465·3a20·6f2d·7277·780a······mode:·o-rwx.000739c0:·2020·2020·6d6f·6465·3a20·6f2d·7277·780a······mode:·o-rwx.
000739d0:·2020·2020·2020·7374·6174·653a·2070·7265········state:·pre000739d0:·2020·2020·2020·7374·6174·653a·2070·7265········state:·pre
000739e0:·7365·6e74·0a20·2020·2077·6865·6e3a·2073··sent.····when:·s000739e0:·7365·6e74·0a20·2020·2077·6865·6e3a·2073··sent.····when:·s
000739f0:·7973·6361·6c6c·735f·666f·756e·6420·7c20··yscalls_found·|·000739f0:·7973·6361·6c6c·735f·666f·756e·6420·7c20··yscalls_found·|·
00073a00:·6c65·6e67·7468·203d·3d20·300a·2020·7768··length·==·0.··wh00073a00:·6c65·6e67·7468·203d·3d20·300a·2020·7768··length·==·0.··wh
00073a10:·656e·3a0a·2020·2d20·2722·6175·6469·7422··en:.··-·'"audit" 
00073a20:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
00073a30:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-· 
00073a40:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali 
00073a50:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not· 
00073a60:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l 
00073a70:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·" 
00073a80:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai00073a10:·656e·3a0a·2020·2d20·616e·7369·626c·655f··en:.··-·ansible_
 00073a20:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
 00073a30:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
 00073a40:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
 00073a50:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
 00073a60:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
 00073a70:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an
 00073a80:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
00073a90:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··00073a90:·6167·6573·270a·2020·7461·6773·3a0a·2020··ages'.··tags:.··
00073aa0:·2d20·434a·4953·2d35·2e34·2e31·2e31·0a20··-·CJIS-5.4.1.1.·00073aa0:·2d20·434a·4953·2d35·2e34·2e31·2e31·0a20··-·CJIS-5.4.1.1.·
00073ab0:·202d·2044·4953·412d·5354·4947·2d52·4845···-·DISA-STIG-RHE00073ab0:·202d·2044·4953·412d·5354·4947·2d52·4845···-·DISA-STIG-RHE
00073ac0:·4c2d·3038·2d30·3330·3439·300a·2020·2d20··L-08-030490.··-·00073ac0:·4c2d·3038·2d30·3330·3439·300a·2020·2d20··L-08-030490.··-·
00073ad0:·4e49·5354·2d38·3030·2d31·3731·2d33·2e31··NIST-800-171-3.100073ad0:·4e49·5354·2d38·3030·2d31·3731·2d33·2e31··NIST-800-171-3.1
00073ae0:·2e37·0a20·202d·204e·4953·542d·3830·302d··.7.··-·NIST-800-00073ae0:·2e37·0a20·202d·204e·4953·542d·3830·302d··.7.··-·NIST-800-
00073af0:·3533·2d41·552d·3132·2863·290a·2020·2d20··53-AU-12(c).··-·00073af0:·3533·2d41·552d·3132·2863·290a·2020·2d20··53-AU-12(c).··-·
00073b00:·4e49·5354·2d38·3030·2d35·332d·4155·2d32··NIST-800-53-AU-200073b00:·4e49·5354·2d38·3030·2d35·332d·4155·2d32··NIST-800-53-AU-2
Offset 29907, 22 lines modifiedOffset 29907, 22 lines modified
00074d20:·5f6d·6f64·0a20·2020·2020·2063·7265·6174··_mod.······creat00074d20:·5f6d·6f64·0a20·2020·2020·2063·7265·6174··_mod.······creat
00074d30:·653a·2074·7275·650a·2020·2020·2020·6d6f··e:·true.······mo00074d30:·653a·2074·7275·650a·2020·2020·2020·6d6f··e:·true.······mo
00074d40:·6465·3a20·6f2d·7277·780a·2020·2020·2020··de:·o-rwx.······00074d40:·6465·3a20·6f2d·7277·780a·2020·2020·2020··de:·o-rwx.······
00074d50:·7374·6174·653a·2070·7265·7365·6e74·0a20··state:·present.·00074d50:·7374·6174·653a·2070·7265·7365·6e74·0a20··state:·present.·
00074d60:·2020·2077·6865·6e3a·2073·7973·6361·6c6c·····when:·syscall00074d60:·2020·2077·6865·6e3a·2073·7973·6361·6c6c·····when:·syscall
00074d70:·735f·666f·756e·6420·7c20·6c65·6e67·7468··s_found·|·length00074d70:·735f·666f·756e·6420·7c20·6c65·6e67·7468··s_found·|·length
00074d80:·203d·3d20·300a·2020·7768·656e·3a0a·2020···==·0.··when:.··00074d80:·203d·3d20·300a·2020·7768·656e·3a0a·2020···==·0.··when:.··
00074d90:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an 
00074da0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack 
00074db0:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl 
00074dc0:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization 
00074dd0:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d 
00074de0:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·" 
00074df0:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman 
00074e00:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].00074d90:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
 00074da0:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
 00074db0:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
 00074dc0:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
 00074dd0:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
 00074de0:·6169·6e65·7222·5d0a·2020·2d20·2722·6175··ainer"].··-·'"au
 00074df0:·6469·7422·2069·6e20·616e·7369·626c·655f··dit"·in·ansible_
 00074e00:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.
00074e10:·2020·2d20·6175·6469·745f·6172·6368·203d····-·audit_arch·=00074e10:·2020·2d20·6175·6469·745f·6172·6368·203d····-·audit_arch·=
00074e20:·3d20·2262·3634·220a·2020·7461·6773·3a0a··=·"b64".··tags:.00074e20:·3d20·2262·3634·220a·2020·7461·6773·3a0a··=·"b64".··tags:.
00074e30:·2020·2d20·434a·4953·2d35·2e34·2e31·2e31····-·CJIS-5.4.1.100074e30:·2020·2d20·434a·4953·2d35·2e34·2e31·2e31····-·CJIS-5.4.1.1
00074e40:·0a20·202d·2044·4953·412d·5354·4947·2d52··.··-·DISA-STIG-R00074e40:·0a20·202d·2044·4953·412d·5354·4947·2d52··.··-·DISA-STIG-R
00074e50:·4845·4c2d·3038·2d30·3330·3439·300a·2020··HEL-08-030490.··00074e50:·4845·4c2d·3038·2d30·3330·3439·300a·2020··HEL-08-030490.··
00074e60:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-300074e60:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-3
00074e70:·2e31·2e37·0a20·202d·204e·4953·542d·3830··.1.7.··-·NIST-8000074e70:·2e31·2e37·0a20·202d·204e·4953·542d·3830··.1.7.··-·NIST-80
Offset 29956, 21 lines modifiedOffset 29956, 21 lines modified
00075030:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas00075030:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas
00075040:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps00075040:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps
00075050:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="00075050:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="
00075060:·6964·6d32·3533·3930·223e·3c70·7265·3e3c··idm25390"><pre><00075060:·6964·6d32·3533·3930·223e·3c70·7265·3e3c··idm25390"><pre><
00075070:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati00075070:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati
00075080:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable00075080:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable
00075090:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain00075090:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain
000750a0:·2070·6c61·7466·6f72·6d73·0a69·6620·7270···platforms.if·rp000750a0:·2070·6c61·7466·6f72·6d73·0a69·6620·5b20···platforms.if·[·
000750b0:·6d20·2d2d·7175·6965·7420·2d71·2061·7564··m·--quiet·-q·aud 
000750c0:·6974·2026·616d·703b·2661·6d70·3b20·5b20··it·&amp;&amp;·[· 
000750d0:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv000750b0:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv
000750e0:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·000750c0:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·
000750f0:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta000750d0:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta
00075100:·696e·6572·656e·7620·5d3b·2074·6865·6e0a··inerenv·];·then.000750e0:·696e·6572·656e·7620·5d20·2661·6d70·3b26··inerenv·]·&amp;&
 000750f0:·616d·703b·2072·706d·202d·2d71·7569·6574··amp;·rpm·--quiet
 00075100:·202d·7120·6175·6469·743b·2074·6865·6e0a···-q·audit;·then.
00075110:·0a23·2046·6972·7374·2070·6572·666f·726d··.#·First·perform00075110:·0a23·2046·6972·7374·2070·6572·666f·726d··.#·First·perform
00075120:·2074·6865·2072·656d·6564·6961·7469·6f6e···the·remediation00075120:·2074·6865·2072·656d·6564·6961·7469·6f6e···the·remediation
00075130:·206f·6620·7468·6520·7379·7363·616c·6c20···of·the·syscall·00075130:·206f·6620·7468·6520·7379·7363·616c·6c20···of·the·syscall·
Max diff block lines reached; 271091/280536 bytes (96.63%) of diff not shown.
83.0 KB
html2text {}
    
Offset 70, 15 lines modifiedOffset 70, 15 lines modified
70 ····*·cpe:/o:redhat:enterprise_linux:8.770 ····*·cpe:/o:redhat:enterprise_linux:8.7
71 ····*·cpe:/o:redhat:enterprise_linux:8.871 ····*·cpe:/o:redhat:enterprise_linux:8.8
72 ····*·cpe:/o:redhat:enterprise_linux:8.972 ····*·cpe:/o:redhat:enterprise_linux:8.9
73 ····*·cpe:/o:redhat:enterprise_linux:873 ····*·cpe:/o:redhat:enterprise_linux:8
74 ····*·cpe:/o:centos:centos:874 ····*·cpe:/o:centos:centos:8
75 *****·Revision·History·*****75 *****·Revision·History·*****
76 Current·version:·0.1.6576 Current·version:·0.1.65
77 ····*·draft·(as·of·2024-01-14)77 ····*·draft·(as·of·2025-02-15)
78 *****·Table·of·Contents·*****78 *****·Table·of·Contents·*****
79 ···1.·System_Settings79 ···1.·System_Settings
80 ·········1.·Installing_and_Maintaining_Software80 ·········1.·Installing_and_Maintaining_Software
81 ·········2.·Account_and_Access_Control81 ·········2.·Account_and_Access_Control
82 ·········3.·System_Accounting_with_auditd82 ·········3.·System_Accounting_with_auditd
83 ·········4.·Configure_Syslog83 ·········4.·Configure_Syslog
84 ·········5.·Network_Configuration_and_Firewalls84 ·········5.·Network_Configuration_and_Firewalls
Offset 1889, 16 lines modifiedOffset 1889, 16 lines modified
1889 ··-·reboot_required1889 ··-·reboot_required
1890 ··-·restrict_strategy1890 ··-·restrict_strategy
  
1891 -·name:·Set·architecture·for·audit·chmod·tasks1891 -·name:·Set·architecture·for·audit·chmod·tasks
1892 ··set_fact:1892 ··set_fact:
1893 ····audit_arch:·b641893 ····audit_arch:·b64
1894 ··when:1894 ··when:
1895 ··-·'"audit"·in·ansible_facts.packages' 
1896 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1895 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1896 ··-·'"audit"·in·ansible_facts.packages'
1897 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture1897 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
1898 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"1898 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
1899 ··tags:1899 ··tags:
1900 ··-·CJIS-5.4.1.11900 ··-·CJIS-5.4.1.1
1901 ··-·DISA-STIG-RHEL-08-0304901901 ··-·DISA-STIG-RHEL-08-030490
1902 ··-·NIST-800-171-3.1.71902 ··-·NIST-800-171-3.1.7
1903 ··-·NIST-800-53-AU-12(c)1903 ··-·NIST-800-53-AU-12(c)
Offset 2035, 16 lines modifiedOffset 2035, 16 lines modified
2035 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002035 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2036 ········-F·auid!=unset·-F·key=perm_mod2036 ········-F·auid!=unset·-F·key=perm_mod
2037 ······create:·true2037 ······create:·true
2038 ······mode:·o-rwx2038 ······mode:·o-rwx
2039 ······state:·present2039 ······state:·present
2040 ····when:·syscalls_found·|·length·==·02040 ····when:·syscalls_found·|·length·==·0
2041 ··when:2041 ··when:
2042 ··-·'"audit"·in·ansible_facts.packages' 
2043 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2042 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 2043 ··-·'"audit"·in·ansible_facts.packages'
2044 ··tags:2044 ··tags:
2045 ··-·CJIS-5.4.1.12045 ··-·CJIS-5.4.1.1
2046 ··-·DISA-STIG-RHEL-08-0304902046 ··-·DISA-STIG-RHEL-08-030490
2047 ··-·NIST-800-171-3.1.72047 ··-·NIST-800-171-3.1.7
2048 ··-·NIST-800-53-AU-12(c)2048 ··-·NIST-800-53-AU-12(c)
2049 ··-·NIST-800-53-AU-2(d)2049 ··-·NIST-800-53-AU-2(d)
2050 ··-·NIST-800-53-CM-6(a)2050 ··-·NIST-800-53-CM-6(a)
Offset 2179, 16 lines modifiedOffset 2179, 16 lines modified
2179 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002179 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2180 ········-F·auid!=unset·-F·key=perm_mod2180 ········-F·auid!=unset·-F·key=perm_mod
2181 ······create:·true2181 ······create:·true
2182 ······mode:·o-rwx2182 ······mode:·o-rwx
2183 ······state:·present2183 ······state:·present
2184 ····when:·syscalls_found·|·length·==·02184 ····when:·syscalls_found·|·length·==·0
2185 ··when:2185 ··when:
2186 ··-·'"audit"·in·ansible_facts.packages' 
2187 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2186 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 2187 ··-·'"audit"·in·ansible_facts.packages'
2188 ··-·audit_arch·==·"b64"2188 ··-·audit_arch·==·"b64"
2189 ··tags:2189 ··tags:
2190 ··-·CJIS-5.4.1.12190 ··-·CJIS-5.4.1.1
2191 ··-·DISA-STIG-RHEL-08-0304902191 ··-·DISA-STIG-RHEL-08-030490
2192 ··-·NIST-800-171-3.1.72192 ··-·NIST-800-171-3.1.7
2193 ··-·NIST-800-53-AU-12(c)2193 ··-·NIST-800-53-AU-12(c)
2194 ··-·NIST-800-53-AU-2(d)2194 ··-·NIST-800-53-AU-2(d)
Offset 2198, 15 lines modifiedOffset 2198, 15 lines modified
2198 ··-·low_complexity2198 ··-·low_complexity
2199 ··-·low_disruption2199 ··-·low_disruption
2200 ··-·medium_severity2200 ··-·medium_severity
2201 ··-·reboot_required2201 ··-·reboot_required
2202 ··-·restrict_strategy2202 ··-·restrict_strategy
2203 Remediation_Shell_script_⇲2203 Remediation_Shell_script_⇲
2204 #·Remediation·is·applicable·only·in·certain·platforms2204 #·Remediation·is·applicable·only·in·certain·platforms
2205 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then2205 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
2206 #·First·perform·the·remediation·of·the·syscall·rule2206 #·First·perform·the·remediation·of·the·syscall·rule
2207 #·Retrieve·hardware·architecture·of·the·underlying·system2207 #·Retrieve·hardware·architecture·of·the·underlying·system
2208 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")2208 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
2209 for·ARCH·in·"${RULE_ARCHS[@]}"2209 for·ARCH·in·"${RULE_ARCHS[@]}"
2210 do2210 do
Offset 2567, 16 lines modifiedOffset 2567, 16 lines modified
2567 ··-·reboot_required2567 ··-·reboot_required
2568 ··-·restrict_strategy2568 ··-·restrict_strategy
  
2569 -·name:·Set·architecture·for·audit·chown·tasks2569 -·name:·Set·architecture·for·audit·chown·tasks
2570 ··set_fact:2570 ··set_fact:
2571 ····audit_arch:·b642571 ····audit_arch:·b64
2572 ··when:2572 ··when:
2573 ··-·'"audit"·in·ansible_facts.packages' 
2574 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2573 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 2574 ··-·'"audit"·in·ansible_facts.packages'
2575 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture2575 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
2576 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"2576 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
2577 ··tags:2577 ··tags:
2578 ··-·CJIS-5.4.1.12578 ··-·CJIS-5.4.1.1
2579 ··-·DISA-STIG-RHEL-08-0304802579 ··-·DISA-STIG-RHEL-08-030480
2580 ··-·NIST-800-171-3.1.72580 ··-·NIST-800-171-3.1.7
2581 ··-·NIST-800-53-AU-12(c)2581 ··-·NIST-800-53-AU-12(c)
Offset 2715, 16 lines modifiedOffset 2715, 16 lines modified
2715 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002715 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2716 ········-F·auid!=unset·-F·key=perm_mod2716 ········-F·auid!=unset·-F·key=perm_mod
2717 ······create:·true2717 ······create:·true
2718 ······mode:·o-rwx2718 ······mode:·o-rwx
2719 ······state:·present2719 ······state:·present
2720 ····when:·syscalls_found·|·length·==·02720 ····when:·syscalls_found·|·length·==·0
2721 ··when:2721 ··when:
2722 ··-·'"audit"·in·ansible_facts.packages' 
2723 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2722 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 2723 ··-·'"audit"·in·ansible_facts.packages'
2724 ··tags:2724 ··tags:
2725 ··-·CJIS-5.4.1.12725 ··-·CJIS-5.4.1.1
2726 ··-·DISA-STIG-RHEL-08-0304802726 ··-·DISA-STIG-RHEL-08-030480
2727 ··-·NIST-800-171-3.1.72727 ··-·NIST-800-171-3.1.7
2728 ··-·NIST-800-53-AU-12(c)2728 ··-·NIST-800-53-AU-12(c)
2729 ··-·NIST-800-53-AU-2(d)2729 ··-·NIST-800-53-AU-2(d)
2730 ··-·NIST-800-53-CM-6(a)2730 ··-·NIST-800-53-CM-6(a)
Offset 2861, 16 lines modifiedOffset 2861, 16 lines modified
2861 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002861 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2862 ········-F·auid!=unset·-F·key=perm_mod2862 ········-F·auid!=unset·-F·key=perm_mod
2863 ······create:·true2863 ······create:·true
2864 ······mode:·o-rwx2864 ······mode:·o-rwx
2865 ······state:·present2865 ······state:·present
Max diff block lines reached; 80507/84996 bytes (94.72%) of diff not shown.
920 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-hipaa.html
    
Offset 14568, 15 lines modifiedOffset 14568, 15 lines modified
00038e70:·746f·7279·3c2f·6832·3e3c·703e·4375·7272··tory</h2><p>Curr00038e70:·746f·7279·3c2f·6832·3e3c·703e·4375·7272··tory</h2><p>Curr
00038e80:·656e·7420·7665·7273·696f·6e3a·203c·7374··ent·version:·<st00038e80:·656e·7420·7665·7273·696f·6e3a·203c·7374··ent·version:·<st
00038e90:·726f·6e67·3e30·2e31·2e36·353c·2f73·7472··rong>0.1.65</str00038e90:·726f·6e67·3e30·2e31·2e36·353c·2f73·7472··rong>0.1.65</str
00038ea0:·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c·693e··ong></p><ul><li>00038ea0:·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c·693e··ong></p><ul><li>
00038eb0:·3c73·7472·6f6e·673e·6472·6166·743c·2f73··<strong>draft</s00038eb0:·3c73·7472·6f6e·673e·6472·6166·743c·2f73··<strong>draft</s
00038ec0:·7472·6f6e·673e·0a20·2020·2020·2020·2020··trong>.·········00038ec0:·7472·6f6e·673e·0a20·2020·2020·2020·2020··trong>.·········
00038ed0:·2020·2020·2020·2020·2020·2028·6173·206f·············(as·o00038ed0:·2020·2020·2020·2020·2020·2028·6173·206f·············(as·o
00038ee0:·6620·3230·3234·2d30·312d·3134·290a·2020··f·2024-01-14).··00038ee0:·6620·3230·3235·2d30·322d·3135·290a·2020··f·2025-02-15).··
00038ef0:·2020·2020·2020·2020·2020·2020·2020·3c2f················</00038ef0:·2020·2020·2020·2020·2020·2020·2020·3c2f················</
00038f00:·6c69·3e3c·2f75·6c3e·3c2f·6469·763e·3c68··li></ul></div><h00038f00:·6c69·3e3c·2f75·6c3e·3c2f·6469·763e·3c68··li></ul></div><h
00038f10:·323e·5461·626c·6520·6f66·2043·6f6e·7465··2>Table·of·Conte00038f10:·323e·5461·626c·6520·6f66·2043·6f6e·7465··2>Table·of·Conte
00038f20:·6e74·733c·2f68·323e·3c6f·6c3e·3c6c·693e··nts</h2><ol><li>00038f20:·6e74·733c·2f68·323e·3c6f·6c3e·3c6c·693e··nts</h2><ol><li>
00038f30:·3c61·2068·7265·663d·2223·7863·6364·665f··<a·href="#xccdf_00038f30:·3c61·2068·7265·663d·2223·7863·6364·665f··<a·href="#xccdf_
00038f40:·6f72·672e·7373·6770·726f·6a65·6374·2e63··org.ssgproject.c00038f40:·6f72·672e·7373·6770·726f·6a65·6374·2e63··org.ssgproject.c
00038f50:·6f6e·7465·6e74·5f67·726f·7570·5f73·7973··ontent_group_sys00038f50:·6f6e·7465·6e74·5f67·726f·7570·5f73·7973··ontent_group_sys
Offset 32905, 23 lines modifiedOffset 32905, 23 lines modified
00080880:·6571·7569·7265·640a·2020·2d20·7265·7374··equired.··-·rest00080880:·6571·7569·7265·640a·2020·2d20·7265·7374··equired.··-·rest
00080890:·7269·6374·5f73·7472·6174·6567·790a·0a2d··rict_strategy..-00080890:·7269·6374·5f73·7472·6174·6567·790a·0a2d··rict_strategy..-
000808a0:·206e·616d·653a·2053·6574·2061·7263·6869···name:·Set·archi000808a0:·206e·616d·653a·2053·6574·2061·7263·6869···name:·Set·archi
000808b0:·7465·6374·7572·6520·666f·7220·6175·6469··tecture·for·audi000808b0:·7465·6374·7572·6520·666f·7220·6175·6469··tecture·for·audi
000808c0:·7420·6368·6d6f·6420·7461·736b·730a·2020··t·chmod·tasks.··000808c0:·7420·6368·6d6f·6420·7461·736b·730a·2020··t·chmod·tasks.··
000808d0:·7365·745f·6661·6374·3a0a·2020·2020·6175··set_fact:.····au000808d0:·7365·745f·6661·6374·3a0a·2020·2020·6175··set_fact:.····au
000808e0:·6469·745f·6172·6368·3a20·6236·340a·2020··dit_arch:·b64.··000808e0:·6469·745f·6172·6368·3a20·6236·340a·2020··dit_arch:·b64.··
000808f0:·7768·656e·3a0a·2020·2d20·2722·6175·6469··when:.··-·'"audi000808f0:·7768·656e·3a0a·2020·2d20·616e·7369·626c··when:.··-·ansibl
00080900:·7422·2069·6e20·616e·7369·626c·655f·6661··t"·in·ansible_fa 
00080910:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.·· 
00080920:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua 
00080930:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no 
00080940:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",· 
00080950:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz", 
00080960:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont00080900:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
 00080910:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
 00080920:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
 00080930:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
 00080940:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].
 00080950:·2020·2d20·2722·6175·6469·7422·2069·6e20····-·'"audit"·in·
 00080960:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
00080970:·6169·6e65·7222·5d0a·2020·2d20·616e·7369··ainer"].··-·ansi00080970:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi
00080980:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture00080980:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture
00080990:·203d·3d20·2261·6172·6368·3634·2220·6f72···==·"aarch64"·or00080990:·203d·3d20·2261·6172·6368·3634·2220·6f72···==·"aarch64"·or
000809a0:·2061·6e73·6962·6c65·5f61·7263·6869·7465···ansible_archite000809a0:·2061·6e73·6962·6c65·5f61·7263·6869·7465···ansible_archite
000809b0:·6374·7572·6520·3d3d·2022·7070·6336·3422··cture·==·"ppc64"000809b0:·6374·7572·6520·3d3d·2022·7070·6336·3422··cture·==·"ppc64"
000809c0:·206f·7220·616e·7369·626c·655f·6172·6368···or·ansible_arch000809c0:·206f·7220·616e·7369·626c·655f·6172·6368···or·ansible_arch
000809d0:·6974·6563·7475·7265·0a20·2020·203d·3d20··itecture.····==·000809d0:·6974·6563·7475·7265·0a20·2020·203d·3d20··itecture.····==·
000809e0:·2270·7063·3634·6c65·2220·6f72·2061·6e73··"ppc64le"·or·ans000809e0:·2270·7063·3634·6c65·2220·6f72·2061·6e73··"ppc64le"·or·ans
Offset 33228, 23 lines modifiedOffset 33228, 23 lines modified
00081cb0:·2d46·206b·6579·3d70·6572·6d5f·6d6f·640a··-F·key=perm_mod.00081cb0:·2d46·206b·6579·3d70·6572·6d5f·6d6f·640a··-F·key=perm_mod.
00081cc0:·2020·2020·2020·6372·6561·7465·3a20·7472········create:·tr00081cc0:·2020·2020·2020·6372·6561·7465·3a20·7472········create:·tr
00081cd0:·7565·0a20·2020·2020·206d·6f64·653a·206f··ue.······mode:·o00081cd0:·7565·0a20·2020·2020·206d·6f64·653a·206f··ue.······mode:·o
00081ce0:·2d72·7778·0a20·2020·2020·2073·7461·7465··-rwx.······state00081ce0:·2d72·7778·0a20·2020·2020·2073·7461·7465··-rwx.······state
00081cf0:·3a20·7072·6573·656e·740a·2020·2020·7768··:·present.····wh00081cf0:·3a20·7072·6573·656e·740a·2020·2020·7768··:·present.····wh
00081d00:·656e·3a20·7379·7363·616c·6c73·5f66·6f75··en:·syscalls_fou00081d00:·656e·3a20·7379·7363·616c·6c73·5f66·6f75··en:·syscalls_fou
00081d10:·6e64·207c·206c·656e·6774·6820·3d3d·2030··nd·|·length·==·000081d10:·6e64·207c·206c·656e·6774·6820·3d3d·2030··nd·|·length·==·0
00081d20:·0a20·2077·6865·6e3a·0a20·202d·2027·2261··.··when:.··-·'"a00081d20:·0a20·2077·6865·6e3a·0a20·202d·2061·6e73··.··when:.··-·ans
00081d30:·7564·6974·2220·696e·2061·6e73·6962·6c65··udit"·in·ansible 
00081d40:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages' 
00081d50:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir 
00081d60:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type 
00081d70:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker 
00081d80:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv 
00081d90:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c 
00081da0:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag00081d30:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
 00081d40:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
 00081d50:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
 00081d60:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
 00081d70:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
 00081d80:·225d·0a20·202d·2027·2261·7564·6974·2220··"].··-·'"audit"·
 00081d90:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 00081da0:·2e70·6163·6b61·6765·7327·0a20·2074·6167··.packages'.··tag
00081db0:·733a·0a20·202d·2043·4a49·532d·352e·342e··s:.··-·CJIS-5.4.00081db0:·733a·0a20·202d·2043·4a49·532d·352e·342e··s:.··-·CJIS-5.4.
00081dc0:·312e·310a·2020·2d20·4449·5341·2d53·5449··1.1.··-·DISA-STI00081dc0:·312e·310a·2020·2d20·4449·5341·2d53·5449··1.1.··-·DISA-STI
00081dd0:·472d·5248·454c·2d30·382d·3033·3034·3930··G-RHEL-08-03049000081dd0:·472d·5248·454c·2d30·382d·3033·3034·3930··G-RHEL-08-030490
00081de0:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-1700081de0:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17
00081df0:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST00081df0:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST
00081e00:·2d38·3030·2d35·332d·4155·2d31·3228·6329··-800-53-AU-12(c)00081e00:·2d38·3030·2d35·332d·4155·2d31·3228·6329··-800-53-AU-12(c)
00081e10:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-5300081e10:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
Offset 33540, 23 lines modifiedOffset 33540, 23 lines modified
00083030:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······00083030:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······
00083040:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···00083040:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···
00083050:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·00083050:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·
00083060:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres00083060:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres
00083070:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy00083070:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy
00083080:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l00083080:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l
00083090:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe00083090:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe
000830a0:·6e3a·0a20·202d·2027·2261·7564·6974·2220··n:.··-·'"audit"· 
000830b0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
000830c0:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a 
000830d0:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz 
000830e0:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i 
000830f0:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx 
00083100:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p 
00083110:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain000830a0:·6e3a·0a20·202d·2061·6e73·6962·6c65·5f76··n:.··-·ansible_v
 000830b0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
 000830c0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
 000830d0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
 000830e0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
 000830f0:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··-
 00083100:·2027·2261·7564·6974·2220·696e·2061·6e73···'"audit"·in·ans
 00083110:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
00083120:·6572·225d·0a20·202d·2061·7564·6974·5f61··er"].··-·audit_a00083120:·6765·7327·0a20·202d·2061·7564·6974·5f61··ges'.··-·audit_a
00083130:·7263·6820·3d3d·2022·6236·3422·0a20·2074··rch·==·"b64".··t00083130:·7263·6820·3d3d·2022·6236·3422·0a20·2074··rch·==·"b64".··t
00083140:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.00083140:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.
00083150:·342e·312e·310a·2020·2d20·4449·5341·2d53··4.1.1.··-·DISA-S00083150:·342e·312e·310a·2020·2d20·4449·5341·2d53··4.1.1.··-·DISA-S
00083160:·5449·472d·5248·454c·2d30·382d·3033·3034··TIG-RHEL-08-030400083160:·5449·472d·5248·454c·2d30·382d·3033·3034··TIG-RHEL-08-0304
00083170:·3930·0a20·202d·204e·4953·542d·3830·302d··90.··-·NIST-800-00083170:·3930·0a20·202d·204e·4953·542d·3830·302d··90.··-·NIST-800-
00083180:·3137·312d·332e·312e·370a·2020·2d20·4e49··171-3.1.7.··-·NI00083180:·3137·312d·332e·312e·370a·2020·2d20·4e49··171-3.1.7.··-·NI
00083190:·5354·2d38·3030·2d35·332d·4155·2d31·3228··ST-800-53-AU-12(00083190:·5354·2d38·3030·2d35·332d·4155·2d31·3228··ST-800-53-AU-12(
Offset 33590, 20 lines modifiedOffset 33590, 20 lines modified
00083350:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co00083350:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
00083360:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"00083360:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
00083370:·2069·643d·2269·646d·3235·3339·3022·3e3c···id="idm25390"><00083370:·2069·643d·2269·646d·3235·3339·3022·3e3c···id="idm25390"><
00083380:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme00083380:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme
00083390:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli00083390:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli
000833a0:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce000833a0:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce
000833b0:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.000833b0:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.
000833c0:·6966·2072·706d·202d·2d71·7569·6574·202d··if·rpm·--quiet·- 
000833d0:·7120·6175·6469·7420·2661·6d70·3b26·616d··q·audit·&amp;&am 
000833e0:·703b·205b·2021·202d·6620·2f2e·646f·636b··p;·[·!·-f·/.dock000833c0:·6966·205b·2021·202d·6620·2f2e·646f·636b··if·[·!·-f·/.dock
000833f0:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am000833d0:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am
00083400:·703b·205b·2021·202d·6620·2f72·756e·2f2e··p;·[·!·-f·/run/.000833e0:·703b·205b·2021·202d·6620·2f72·756e·2f2e··p;·[·!·-f·/run/.
00083410:·636f·6e74·6169·6e65·7265·6e76·205d·3b20··containerenv·];·000833f0:·636f·6e74·6169·6e65·7265·6e76·205d·2026··containerenv·]·&
 00083400:·616d·703b·2661·6d70·3b20·7270·6d20·2d2d··amp;&amp;·rpm·--
 00083410:·7175·6965·7420·2d71·2061·7564·6974·3b20··quiet·-q·audit;·
00083420:·7468·656e·0a0a·2320·4669·7273·7420·7065··then..#·First·pe00083420:·7468·656e·0a0a·2320·4669·7273·7420·7065··then..#·First·pe
00083430:·7266·6f72·6d20·7468·6520·7265·6d65·6469··rform·the·remedi00083430:·7266·6f72·6d20·7468·6520·7265·6d65·6469··rform·the·remedi
00083440:·6174·696f·6e20·6f66·2074·6865·2073·7973··ation·of·the·sys00083440:·6174·696f·6e20·6f66·2074·6865·2073·7973··ation·of·the·sys
00083450:·6361·6c6c·2072·756c·650a·2320·5265·7472··call·rule.#·Retr00083450:·6361·6c6c·2072·756c·650a·2320·5265·7472··call·rule.#·Retr
Max diff block lines reached; 719546/729060 bytes (98.70%) of diff not shown.
208 KB
html2text {}
    
Offset 75, 15 lines modifiedOffset 75, 15 lines modified
75 ····*·cpe:/o:redhat:enterprise_linux:8.775 ····*·cpe:/o:redhat:enterprise_linux:8.7
76 ····*·cpe:/o:redhat:enterprise_linux:8.876 ····*·cpe:/o:redhat:enterprise_linux:8.8
77 ····*·cpe:/o:redhat:enterprise_linux:8.977 ····*·cpe:/o:redhat:enterprise_linux:8.9
78 ····*·cpe:/o:redhat:enterprise_linux:878 ····*·cpe:/o:redhat:enterprise_linux:8
79 ····*·cpe:/o:centos:centos:879 ····*·cpe:/o:centos:centos:8
80 *****·Revision·History·*****80 *****·Revision·History·*****
81 Current·version:·0.1.6581 Current·version:·0.1.65
82 ····*·draft·(as·of·2024-01-14)82 ····*·draft·(as·of·2025-02-15)
83 *****·Table·of·Contents·*****83 *****·Table·of·Contents·*****
84 ···1.·System_Settings84 ···1.·System_Settings
85 ·········1.·Installing_and_Maintaining_Software85 ·········1.·Installing_and_Maintaining_Software
86 ·········2.·Account_and_Access_Control86 ·········2.·Account_and_Access_Control
87 ·········3.·System_Accounting_with_auditd87 ·········3.·System_Accounting_with_auditd
88 ·········4.·GRUB2_bootloader_configuration88 ·········4.·GRUB2_bootloader_configuration
89 ·········5.·Configure_Syslog89 ·········5.·Configure_Syslog
Offset 2298, 16 lines modifiedOffset 2298, 16 lines modified
2298 ··-·reboot_required2298 ··-·reboot_required
2299 ··-·restrict_strategy2299 ··-·restrict_strategy
  
2300 -·name:·Set·architecture·for·audit·chmod·tasks2300 -·name:·Set·architecture·for·audit·chmod·tasks
2301 ··set_fact:2301 ··set_fact:
2302 ····audit_arch:·b642302 ····audit_arch:·b64
2303 ··when:2303 ··when:
2304 ··-·'"audit"·in·ansible_facts.packages' 
2305 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2304 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 2305 ··-·'"audit"·in·ansible_facts.packages'
2306 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture2306 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
2307 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"2307 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
2308 ··tags:2308 ··tags:
2309 ··-·CJIS-5.4.1.12309 ··-·CJIS-5.4.1.1
2310 ··-·DISA-STIG-RHEL-08-0304902310 ··-·DISA-STIG-RHEL-08-030490
2311 ··-·NIST-800-171-3.1.72311 ··-·NIST-800-171-3.1.7
2312 ··-·NIST-800-53-AU-12(c)2312 ··-·NIST-800-53-AU-12(c)
Offset 2444, 16 lines modifiedOffset 2444, 16 lines modified
2444 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002444 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2445 ········-F·auid!=unset·-F·key=perm_mod2445 ········-F·auid!=unset·-F·key=perm_mod
2446 ······create:·true2446 ······create:·true
2447 ······mode:·o-rwx2447 ······mode:·o-rwx
2448 ······state:·present2448 ······state:·present
2449 ····when:·syscalls_found·|·length·==·02449 ····when:·syscalls_found·|·length·==·0
2450 ··when:2450 ··when:
2451 ··-·'"audit"·in·ansible_facts.packages' 
2452 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2451 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 2452 ··-·'"audit"·in·ansible_facts.packages'
2453 ··tags:2453 ··tags:
2454 ··-·CJIS-5.4.1.12454 ··-·CJIS-5.4.1.1
2455 ··-·DISA-STIG-RHEL-08-0304902455 ··-·DISA-STIG-RHEL-08-030490
2456 ··-·NIST-800-171-3.1.72456 ··-·NIST-800-171-3.1.7
2457 ··-·NIST-800-53-AU-12(c)2457 ··-·NIST-800-53-AU-12(c)
2458 ··-·NIST-800-53-AU-2(d)2458 ··-·NIST-800-53-AU-2(d)
2459 ··-·NIST-800-53-CM-6(a)2459 ··-·NIST-800-53-CM-6(a)
Offset 2588, 16 lines modifiedOffset 2588, 16 lines modified
2588 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002588 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2589 ········-F·auid!=unset·-F·key=perm_mod2589 ········-F·auid!=unset·-F·key=perm_mod
2590 ······create:·true2590 ······create:·true
2591 ······mode:·o-rwx2591 ······mode:·o-rwx
2592 ······state:·present2592 ······state:·present
2593 ····when:·syscalls_found·|·length·==·02593 ····when:·syscalls_found·|·length·==·0
2594 ··when:2594 ··when:
2595 ··-·'"audit"·in·ansible_facts.packages' 
2596 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2595 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 2596 ··-·'"audit"·in·ansible_facts.packages'
2597 ··-·audit_arch·==·"b64"2597 ··-·audit_arch·==·"b64"
2598 ··tags:2598 ··tags:
2599 ··-·CJIS-5.4.1.12599 ··-·CJIS-5.4.1.1
2600 ··-·DISA-STIG-RHEL-08-0304902600 ··-·DISA-STIG-RHEL-08-030490
2601 ··-·NIST-800-171-3.1.72601 ··-·NIST-800-171-3.1.7
2602 ··-·NIST-800-53-AU-12(c)2602 ··-·NIST-800-53-AU-12(c)
2603 ··-·NIST-800-53-AU-2(d)2603 ··-·NIST-800-53-AU-2(d)
Offset 2607, 15 lines modifiedOffset 2607, 15 lines modified
2607 ··-·low_complexity2607 ··-·low_complexity
2608 ··-·low_disruption2608 ··-·low_disruption
2609 ··-·medium_severity2609 ··-·medium_severity
2610 ··-·reboot_required2610 ··-·reboot_required
2611 ··-·restrict_strategy2611 ··-·restrict_strategy
2612 Remediation_Shell_script_⇲2612 Remediation_Shell_script_⇲
2613 #·Remediation·is·applicable·only·in·certain·platforms2613 #·Remediation·is·applicable·only·in·certain·platforms
2614 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then2614 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
2615 #·First·perform·the·remediation·of·the·syscall·rule2615 #·First·perform·the·remediation·of·the·syscall·rule
2616 #·Retrieve·hardware·architecture·of·the·underlying·system2616 #·Retrieve·hardware·architecture·of·the·underlying·system
2617 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")2617 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
2618 for·ARCH·in·"${RULE_ARCHS[@]}"2618 for·ARCH·in·"${RULE_ARCHS[@]}"
2619 do2619 do
Offset 2976, 16 lines modifiedOffset 2976, 16 lines modified
2976 ··-·reboot_required2976 ··-·reboot_required
2977 ··-·restrict_strategy2977 ··-·restrict_strategy
  
2978 -·name:·Set·architecture·for·audit·chown·tasks2978 -·name:·Set·architecture·for·audit·chown·tasks
2979 ··set_fact:2979 ··set_fact:
2980 ····audit_arch:·b642980 ····audit_arch:·b64
2981 ··when:2981 ··when:
2982 ··-·'"audit"·in·ansible_facts.packages' 
2983 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2982 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 2983 ··-·'"audit"·in·ansible_facts.packages'
2984 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture2984 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
2985 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"2985 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
2986 ··tags:2986 ··tags:
2987 ··-·CJIS-5.4.1.12987 ··-·CJIS-5.4.1.1
2988 ··-·DISA-STIG-RHEL-08-0304802988 ··-·DISA-STIG-RHEL-08-030480
2989 ··-·NIST-800-171-3.1.72989 ··-·NIST-800-171-3.1.7
2990 ··-·NIST-800-53-AU-12(c)2990 ··-·NIST-800-53-AU-12(c)
Offset 3124, 16 lines modifiedOffset 3124, 16 lines modified
3124 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10003124 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
3125 ········-F·auid!=unset·-F·key=perm_mod3125 ········-F·auid!=unset·-F·key=perm_mod
3126 ······create:·true3126 ······create:·true
3127 ······mode:·o-rwx3127 ······mode:·o-rwx
3128 ······state:·present3128 ······state:·present
3129 ····when:·syscalls_found·|·length·==·03129 ····when:·syscalls_found·|·length·==·0
3130 ··when:3130 ··when:
3131 ··-·'"audit"·in·ansible_facts.packages' 
3132 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3131 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3132 ··-·'"audit"·in·ansible_facts.packages'
3133 ··tags:3133 ··tags:
3134 ··-·CJIS-5.4.1.13134 ··-·CJIS-5.4.1.1
3135 ··-·DISA-STIG-RHEL-08-0304803135 ··-·DISA-STIG-RHEL-08-030480
3136 ··-·NIST-800-171-3.1.73136 ··-·NIST-800-171-3.1.7
3137 ··-·NIST-800-53-AU-12(c)3137 ··-·NIST-800-53-AU-12(c)
3138 ··-·NIST-800-53-AU-2(d)3138 ··-·NIST-800-53-AU-2(d)
3139 ··-·NIST-800-53-CM-6(a)3139 ··-·NIST-800-53-CM-6(a)
Offset 3270, 16 lines modifiedOffset 3270, 16 lines modified
3270 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10003270 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
3271 ········-F·auid!=unset·-F·key=perm_mod3271 ········-F·auid!=unset·-F·key=perm_mod
3272 ······create:·true3272 ······create:·true
3273 ······mode:·o-rwx3273 ······mode:·o-rwx
3274 ······state:·present3274 ······state:·present
Max diff block lines reached; 207983/212467 bytes (97.89%) of diff not shown.
437 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-ism_o.html
    
Offset 14561, 15 lines modifiedOffset 14561, 15 lines modified
00038e00:·746f·7279·3c2f·6832·3e3c·703e·4375·7272··tory</h2><p>Curr00038e00:·746f·7279·3c2f·6832·3e3c·703e·4375·7272··tory</h2><p>Curr
00038e10:·656e·7420·7665·7273·696f·6e3a·203c·7374··ent·version:·<st00038e10:·656e·7420·7665·7273·696f·6e3a·203c·7374··ent·version:·<st
00038e20:·726f·6e67·3e30·2e31·2e36·353c·2f73·7472··rong>0.1.65</str00038e20:·726f·6e67·3e30·2e31·2e36·353c·2f73·7472··rong>0.1.65</str
00038e30:·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c·693e··ong></p><ul><li>00038e30:·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c·693e··ong></p><ul><li>
00038e40:·3c73·7472·6f6e·673e·6472·6166·743c·2f73··<strong>draft</s00038e40:·3c73·7472·6f6e·673e·6472·6166·743c·2f73··<strong>draft</s
00038e50:·7472·6f6e·673e·0a20·2020·2020·2020·2020··trong>.·········00038e50:·7472·6f6e·673e·0a20·2020·2020·2020·2020··trong>.·········
00038e60:·2020·2020·2020·2020·2020·2028·6173·206f·············(as·o00038e60:·2020·2020·2020·2020·2020·2028·6173·206f·············(as·o
00038e70:·6620·3230·3234·2d30·312d·3134·290a·2020··f·2024-01-14).··00038e70:·6620·3230·3235·2d30·322d·3135·290a·2020··f·2025-02-15).··
00038e80:·2020·2020·2020·2020·2020·2020·2020·3c2f················</00038e80:·2020·2020·2020·2020·2020·2020·2020·3c2f················</
00038e90:·6c69·3e3c·2f75·6c3e·3c2f·6469·763e·3c68··li></ul></div><h00038e90:·6c69·3e3c·2f75·6c3e·3c2f·6469·763e·3c68··li></ul></div><h
00038ea0:·323e·5461·626c·6520·6f66·2043·6f6e·7465··2>Table·of·Conte00038ea0:·323e·5461·626c·6520·6f66·2043·6f6e·7465··2>Table·of·Conte
00038eb0:·6e74·733c·2f68·323e·3c6f·6c3e·3c6c·693e··nts</h2><ol><li>00038eb0:·6e74·733c·2f68·323e·3c6f·6c3e·3c6c·693e··nts</h2><ol><li>
00038ec0:·3c61·2068·7265·663d·2223·7863·6364·665f··<a·href="#xccdf_00038ec0:·3c61·2068·7265·663d·2223·7863·6364·665f··<a·href="#xccdf_
00038ed0:·6f72·672e·7373·6770·726f·6a65·6374·2e63··org.ssgproject.c00038ed0:·6f72·672e·7373·6770·726f·6a65·6374·2e63··org.ssgproject.c
00038ee0:·6f6e·7465·6e74·5f67·726f·7570·5f73·7973··ontent_group_sys00038ee0:·6f6e·7465·6e74·5f67·726f·7570·5f73·7973··ontent_group_sys
Offset 48891, 23 lines modifiedOffset 48891, 23 lines modified
000befa0:·7265·640a·2020·2d20·7265·7374·7269·6374··red.··-·restrict000befa0:·7265·640a·2020·2d20·7265·7374·7269·6374··red.··-·restrict
000befb0:·5f73·7472·6174·6567·790a·0a2d·206e·616d··_strategy..-·nam000befb0:·5f73·7472·6174·6567·790a·0a2d·206e·616d··_strategy..-·nam
000befc0:·653a·2053·6574·2061·7263·6869·7465·6374··e:·Set·architect000befc0:·653a·2053·6574·2061·7263·6869·7465·6374··e:·Set·architect
000befd0:·7572·6520·666f·7220·6175·6469·7420·6368··ure·for·audit·ch000befd0:·7572·6520·666f·7220·6175·6469·7420·6368··ure·for·audit·ch
000befe0:·6d6f·6420·7461·736b·730a·2020·7365·745f··mod·tasks.··set_000befe0:·6d6f·6420·7461·736b·730a·2020·7365·745f··mod·tasks.··set_
000beff0:·6661·6374·3a0a·2020·2020·6175·6469·745f··fact:.····audit_000beff0:·6661·6374·3a0a·2020·2020·6175·6469·745f··fact:.····audit_
000bf000:·6172·6368·3a20·6236·340a·2020·7768·656e··arch:·b64.··when000bf000:·6172·6368·3a20·6236·340a·2020·7768·656e··arch:·b64.··when
000bf010:·3a0a·2020·2d20·2722·6175·6469·7422·2069··:.··-·'"audit"·i 
000bf020:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
000bf030:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an 
000bf040:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza 
000bf050:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in 
000bf060:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc 
000bf070:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po 
000bf080:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe000bf010:·3a0a·2020·2d20·616e·7369·626c·655f·7669··:.··-·ansible_vi
 000bf020:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
 000bf030:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
 000bf040:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
 000bf050:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
 000bf060:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·
 000bf070:·2722·6175·6469·7422·2069·6e20·616e·7369··'"audit"·in·ansi
 000bf080:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
000bf090:·7222·5d0a·2020·2d20·616e·7369·626c·655f··r"].··-·ansible_000bf090:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_
000bf0a0:·6172·6368·6974·6563·7475·7265·203d·3d20··architecture·==·000bf0a0:·6172·6368·6974·6563·7475·7265·203d·3d20··architecture·==·
000bf0b0:·2261·6172·6368·3634·2220·6f72·2061·6e73··"aarch64"·or·ans000bf0b0:·2261·6172·6368·3634·2220·6f72·2061·6e73··"aarch64"·or·ans
000bf0c0:·6962·6c65·5f61·7263·6869·7465·6374·7572··ible_architectur000bf0c0:·6962·6c65·5f61·7263·6869·7465·6374·7572··ible_architectur
000bf0d0:·6520·3d3d·2022·7070·6336·3422·206f·7220··e·==·"ppc64"·or·000bf0d0:·6520·3d3d·2022·7070·6336·3422·206f·7220··e·==·"ppc64"·or·
000bf0e0:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec000bf0e0:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec
000bf0f0:·7475·7265·0a20·2020·203d·3d20·2270·7063··ture.····==·"ppc000bf0f0:·7475·7265·0a20·2020·203d·3d20·2270·7063··ture.····==·"ppc
000bf100:·3634·6c65·2220·6f72·2061·6e73·6962·6c65··64le"·or·ansible000bf100:·3634·6c65·2220·6f72·2061·6e73·6962·6c65··64le"·or·ansible
Offset 49214, 23 lines modifiedOffset 49214, 23 lines modified
000c03d0:·6579·3d70·6572·6d5f·6d6f·640a·2020·2020··ey=perm_mod.····000c03d0:·6579·3d70·6572·6d5f·6d6f·640a·2020·2020··ey=perm_mod.····
000c03e0:·2020·6372·6561·7465·3a20·7472·7565·0a20····create:·true.·000c03e0:·2020·6372·6561·7465·3a20·7472·7565·0a20····create:·true.·
000c03f0:·2020·2020·206d·6f64·653a·206f·2d72·7778·······mode:·o-rwx000c03f0:·2020·2020·206d·6f64·653a·206f·2d72·7778·······mode:·o-rwx
000c0400:·0a20·2020·2020·2073·7461·7465·3a20·7072··.······state:·pr000c0400:·0a20·2020·2020·2073·7461·7465·3a20·7072··.······state:·pr
000c0410:·6573·656e·740a·2020·2020·7768·656e·3a20··esent.····when:·000c0410:·6573·656e·740a·2020·2020·7768·656e·3a20··esent.····when:·
000c0420:·7379·7363·616c·6c73·5f66·6f75·6e64·207c··syscalls_found·|000c0420:·7379·7363·616c·6c73·5f66·6f75·6e64·207c··syscalls_found·|
000c0430:·206c·656e·6774·6820·3d3d·2030·0a20·2077···length·==·0.··w000c0430:·206c·656e·6774·6820·3d3d·2030·0a20·2077···length·==·0.··w
000c0440:·6865·6e3a·0a20·202d·2027·2261·7564·6974··hen:.··-·'"audit000c0440:·6865·6e3a·0a20·202d·2061·6e73·6962·6c65··hen:.··-·ansible
000c0450:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
000c0460:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··- 
000c0470:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual 
000c0480:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not 
000c0490:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·" 
000c04a0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",· 
000c04b0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta000c0450:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
 000c0460:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
 000c0470:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
 000c0480:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
 000c0490:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
 000c04a0:·202d·2027·2261·7564·6974·2220·696e·2061···-·'"audit"·in·a
 000c04b0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
000c04c0:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·000c04c0:·6b61·6765·7327·0a20·2074·6167·733a·0a20··kages'.··tags:.·
000c04d0:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.000c04d0:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.
000c04e0:·2020·2d20·4449·5341·2d53·5449·472d·5248····-·DISA-STIG-RH000c04e0:·2020·2d20·4449·5341·2d53·5449·472d·5248····-·DISA-STIG-RH
000c04f0:·454c·2d30·382d·3033·3034·3930·0a20·202d··EL-08-030490.··-000c04f0:·454c·2d30·382d·3033·3034·3930·0a20·202d··EL-08-030490.··-
000c0500:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.000c0500:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.
000c0510:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-800000c0510:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-800
000c0520:·2d35·332d·4155·2d31·3228·6329·0a20·202d··-53-AU-12(c).··-000c0520:·2d35·332d·4155·2d31·3228·6329·0a20·202d··-53-AU-12(c).··-
000c0530:·204e·4953·542d·3830·302d·3533·2d41·552d···NIST-800-53-AU-000c0530:·204e·4953·542d·3830·302d·3533·2d41·552d···NIST-800-53-AU-
Offset 49526, 22 lines modifiedOffset 49526, 22 lines modified
000c1750:·6d5f·6d6f·640a·2020·2020·2020·6372·6561··m_mod.······crea000c1750:·6d5f·6d6f·640a·2020·2020·2020·6372·6561··m_mod.······crea
000c1760:·7465·3a20·7472·7565·0a20·2020·2020·206d··te:·true.······m000c1760:·7465·3a20·7472·7565·0a20·2020·2020·206d··te:·true.······m
000c1770:·6f64·653a·206f·2d72·7778·0a20·2020·2020··ode:·o-rwx.·····000c1770:·6f64·653a·206f·2d72·7778·0a20·2020·2020··ode:·o-rwx.·····
000c1780:·2073·7461·7465·3a20·7072·6573·656e·740a···state:·present.000c1780:·2073·7461·7465·3a20·7072·6573·656e·740a···state:·present.
000c1790:·2020·2020·7768·656e·3a20·7379·7363·616c······when:·syscal000c1790:·2020·2020·7768·656e·3a20·7379·7363·616c······when:·syscal
000c17a0:·6c73·5f66·6f75·6e64·207c·206c·656e·6774··ls_found·|·lengt000c17a0:·6c73·5f66·6f75·6e64·207c·206c·656e·6774··ls_found·|·lengt
000c17b0:·6820·3d3d·2030·0a20·2077·6865·6e3a·0a20··h·==·0.··when:.·000c17b0:·6820·3d3d·2030·0a20·2077·6865·6e3a·0a20··h·==·0.··when:.·
000c17c0:·202d·2027·2261·7564·6974·2220·696e·2061···-·'"audit"·in·a 
000c17d0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac 
000c17e0:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib 
000c17f0:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio 
000c1800:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·[" 
000c1810:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",· 
000c1820:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma 
000c1830:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]000c17c0:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu
 000c17d0:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n
 000c17e0:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",
 000c17f0:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"
 000c1800:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con
 000c1810:·7461·696e·6572·225d·0a20·202d·2027·2261··tainer"].··-·'"a
 000c1820:·7564·6974·2220·696e·2061·6e73·6962·6c65··udit"·in·ansible
 000c1830:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
000c1840:·0a20·202d·2061·7564·6974·5f61·7263·6820··.··-·audit_arch·000c1840:·0a20·202d·2061·7564·6974·5f61·7263·6820··.··-·audit_arch·
000c1850:·3d3d·2022·6236·3422·0a20·2074·6167·733a··==·"b64".··tags:000c1850:·3d3d·2022·6236·3422·0a20·2074·6167·733a··==·"b64".··tags:
000c1860:·0a20·202d·2043·4a49·532d·352e·342e·312e··.··-·CJIS-5.4.1.000c1860:·0a20·202d·2043·4a49·532d·352e·342e·312e··.··-·CJIS-5.4.1.
000c1870:·310a·2020·2d20·4449·5341·2d53·5449·472d··1.··-·DISA-STIG-000c1870:·310a·2020·2d20·4449·5341·2d53·5449·472d··1.··-·DISA-STIG-
000c1880:·5248·454c·2d30·382d·3033·3034·3930·0a20··RHEL-08-030490.·000c1880:·5248·454c·2d30·382d·3033·3034·3930·0a20··RHEL-08-030490.·
000c1890:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-000c1890:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-
000c18a0:·332e·312e·370a·2020·2d20·4e49·5354·2d38··3.1.7.··-·NIST-8000c18a0:·332e·312e·370a·2020·2d20·4e49·5354·2d38··3.1.7.··-·NIST-8
Offset 49575, 21 lines modifiedOffset 49575, 21 lines modified
000c1a60:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla000c1a60:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
000c1a70:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap000c1a70:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
000c1a80:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=000c1a80:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=
000c1a90:·2269·646d·3235·3339·3022·3e3c·7072·653e··"idm25390"><pre>000c1a90:·2269·646d·3235·3339·3022·3e3c·7072·653e··"idm25390"><pre>
000c1aa0:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat000c1aa0:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat
000c1ab0:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl000c1ab0:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl
000c1ac0:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai000c1ac0:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai
000c1ad0:·6e20·706c·6174·666f·726d·730a·6966·2072··n·platforms.if·r000c1ad0:·6e20·706c·6174·666f·726d·730a·6966·205b··n·platforms.if·[
000c1ae0:·706d·202d·2d71·7569·6574·202d·7120·6175··pm·--quiet·-q·au 
000c1af0:·6469·7420·2661·6d70·3b26·616d·703b·205b··dit·&amp;&amp;·[ 
000c1b00:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren000c1ae0:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren
000c1b10:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[000c1af0:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[
000c1b20:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont000c1b00:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont
000c1b30:·6169·6e65·7265·6e76·205d·3b20·7468·656e··ainerenv·];·then000c1b10:·6169·6e65·7265·6e76·205d·2026·616d·703b··ainerenv·]·&amp;
 000c1b20:·2661·6d70·3b20·7270·6d20·2d2d·7175·6965··&amp;·rpm·--quie
 000c1b30:·7420·2d71·2061·7564·6974·3b20·7468·656e··t·-q·audit;·then
000c1b40:·0a0a·2320·4669·7273·7420·7065·7266·6f72··..#·First·perfor000c1b40:·0a0a·2320·4669·7273·7420·7065·7266·6f72··..#·First·perfor
000c1b50:·6d20·7468·6520·7265·6d65·6469·6174·696f··m·the·remediatio000c1b50:·6d20·7468·6520·7265·6d65·6469·6174·696f··m·the·remediatio
000c1b60:·6e20·6f66·2074·6865·2073·7973·6361·6c6c··n·of·the·syscall000c1b60:·6e20·6f66·2074·6865·2073·7973·6361·6c6c··n·of·the·syscall
000c1b70:·2072·756c·650a·2320·5265·7472·6965·7665···rule.#·Retrieve000c1b70:·2072·756c·650a·2320·5265·7472·6965·7665···rule.#·Retrieve
Max diff block lines reached; 333764/343278 bytes (97.23%) of diff not shown.
102 KB
html2text {}
    
Offset 73, 15 lines modifiedOffset 73, 15 lines modified
73 ····*·cpe:/o:redhat:enterprise_linux:8.773 ····*·cpe:/o:redhat:enterprise_linux:8.7
74 ····*·cpe:/o:redhat:enterprise_linux:8.874 ····*·cpe:/o:redhat:enterprise_linux:8.8
75 ····*·cpe:/o:redhat:enterprise_linux:8.975 ····*·cpe:/o:redhat:enterprise_linux:8.9
76 ····*·cpe:/o:redhat:enterprise_linux:876 ····*·cpe:/o:redhat:enterprise_linux:8
77 ····*·cpe:/o:centos:centos:877 ····*·cpe:/o:centos:centos:8
78 *****·Revision·History·*****78 *****·Revision·History·*****
79 Current·version:·0.1.6579 Current·version:·0.1.65
80 ····*·draft·(as·of·2024-01-14)80 ····*·draft·(as·of·2025-02-15)
81 *****·Table·of·Contents·*****81 *****·Table·of·Contents·*****
82 ···1.·System_Settings82 ···1.·System_Settings
83 ·········1.·Installing_and_Maintaining_Software83 ·········1.·Installing_and_Maintaining_Software
84 ·········2.·Account_and_Access_Control84 ·········2.·Account_and_Access_Control
85 ·········3.·System_Accounting_with_auditd85 ·········3.·System_Accounting_with_auditd
86 ·········4.·Configure_Syslog86 ·········4.·Configure_Syslog
87 ·········5.·Network_Configuration_and_Firewalls87 ·········5.·Network_Configuration_and_Firewalls
Offset 6401, 16 lines modifiedOffset 6401, 16 lines modified
6401 ··-·reboot_required6401 ··-·reboot_required
6402 ··-·restrict_strategy6402 ··-·restrict_strategy
  
6403 -·name:·Set·architecture·for·audit·chmod·tasks6403 -·name:·Set·architecture·for·audit·chmod·tasks
6404 ··set_fact:6404 ··set_fact:
6405 ····audit_arch:·b646405 ····audit_arch:·b64
6406 ··when:6406 ··when:
6407 ··-·'"audit"·in·ansible_facts.packages' 
6408 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]6407 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 6408 ··-·'"audit"·in·ansible_facts.packages'
6409 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture6409 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
6410 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"6410 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
6411 ··tags:6411 ··tags:
6412 ··-·CJIS-5.4.1.16412 ··-·CJIS-5.4.1.1
6413 ··-·DISA-STIG-RHEL-08-0304906413 ··-·DISA-STIG-RHEL-08-030490
6414 ··-·NIST-800-171-3.1.76414 ··-·NIST-800-171-3.1.7
6415 ··-·NIST-800-53-AU-12(c)6415 ··-·NIST-800-53-AU-12(c)
Offset 6547, 16 lines modifiedOffset 6547, 16 lines modified
6547 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10006547 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
6548 ········-F·auid!=unset·-F·key=perm_mod6548 ········-F·auid!=unset·-F·key=perm_mod
6549 ······create:·true6549 ······create:·true
6550 ······mode:·o-rwx6550 ······mode:·o-rwx
6551 ······state:·present6551 ······state:·present
6552 ····when:·syscalls_found·|·length·==·06552 ····when:·syscalls_found·|·length·==·0
6553 ··when:6553 ··when:
6554 ··-·'"audit"·in·ansible_facts.packages' 
6555 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]6554 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 6555 ··-·'"audit"·in·ansible_facts.packages'
6556 ··tags:6556 ··tags:
6557 ··-·CJIS-5.4.1.16557 ··-·CJIS-5.4.1.1
6558 ··-·DISA-STIG-RHEL-08-0304906558 ··-·DISA-STIG-RHEL-08-030490
6559 ··-·NIST-800-171-3.1.76559 ··-·NIST-800-171-3.1.7
6560 ··-·NIST-800-53-AU-12(c)6560 ··-·NIST-800-53-AU-12(c)
6561 ··-·NIST-800-53-AU-2(d)6561 ··-·NIST-800-53-AU-2(d)
6562 ··-·NIST-800-53-CM-6(a)6562 ··-·NIST-800-53-CM-6(a)
Offset 6691, 16 lines modifiedOffset 6691, 16 lines modified
6691 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10006691 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
6692 ········-F·auid!=unset·-F·key=perm_mod6692 ········-F·auid!=unset·-F·key=perm_mod
6693 ······create:·true6693 ······create:·true
6694 ······mode:·o-rwx6694 ······mode:·o-rwx
6695 ······state:·present6695 ······state:·present
6696 ····when:·syscalls_found·|·length·==·06696 ····when:·syscalls_found·|·length·==·0
6697 ··when:6697 ··when:
6698 ··-·'"audit"·in·ansible_facts.packages' 
6699 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]6698 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 6699 ··-·'"audit"·in·ansible_facts.packages'
6700 ··-·audit_arch·==·"b64"6700 ··-·audit_arch·==·"b64"
6701 ··tags:6701 ··tags:
6702 ··-·CJIS-5.4.1.16702 ··-·CJIS-5.4.1.1
6703 ··-·DISA-STIG-RHEL-08-0304906703 ··-·DISA-STIG-RHEL-08-030490
6704 ··-·NIST-800-171-3.1.76704 ··-·NIST-800-171-3.1.7
6705 ··-·NIST-800-53-AU-12(c)6705 ··-·NIST-800-53-AU-12(c)
6706 ··-·NIST-800-53-AU-2(d)6706 ··-·NIST-800-53-AU-2(d)
Offset 6710, 15 lines modifiedOffset 6710, 15 lines modified
6710 ··-·low_complexity6710 ··-·low_complexity
6711 ··-·low_disruption6711 ··-·low_disruption
6712 ··-·medium_severity6712 ··-·medium_severity
6713 ··-·reboot_required6713 ··-·reboot_required
6714 ··-·restrict_strategy6714 ··-·restrict_strategy
6715 Remediation_Shell_script_⇲6715 Remediation_Shell_script_⇲
6716 #·Remediation·is·applicable·only·in·certain·platforms6716 #·Remediation·is·applicable·only·in·certain·platforms
6717 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then6717 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
6718 #·First·perform·the·remediation·of·the·syscall·rule6718 #·First·perform·the·remediation·of·the·syscall·rule
6719 #·Retrieve·hardware·architecture·of·the·underlying·system6719 #·Retrieve·hardware·architecture·of·the·underlying·system
6720 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")6720 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
6721 for·ARCH·in·"${RULE_ARCHS[@]}"6721 for·ARCH·in·"${RULE_ARCHS[@]}"
6722 do6722 do
Offset 7079, 16 lines modifiedOffset 7079, 16 lines modified
7079 ··-·reboot_required7079 ··-·reboot_required
7080 ··-·restrict_strategy7080 ··-·restrict_strategy
  
7081 -·name:·Set·architecture·for·audit·chown·tasks7081 -·name:·Set·architecture·for·audit·chown·tasks
7082 ··set_fact:7082 ··set_fact:
7083 ····audit_arch:·b647083 ····audit_arch:·b64
7084 ··when:7084 ··when:
7085 ··-·'"audit"·in·ansible_facts.packages' 
7086 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]7085 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 7086 ··-·'"audit"·in·ansible_facts.packages'
7087 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture7087 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
7088 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"7088 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
7089 ··tags:7089 ··tags:
7090 ··-·CJIS-5.4.1.17090 ··-·CJIS-5.4.1.1
7091 ··-·DISA-STIG-RHEL-08-0304807091 ··-·DISA-STIG-RHEL-08-030480
7092 ··-·NIST-800-171-3.1.77092 ··-·NIST-800-171-3.1.7
7093 ··-·NIST-800-53-AU-12(c)7093 ··-·NIST-800-53-AU-12(c)
Offset 7227, 16 lines modifiedOffset 7227, 16 lines modified
7227 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10007227 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
7228 ········-F·auid!=unset·-F·key=perm_mod7228 ········-F·auid!=unset·-F·key=perm_mod
7229 ······create:·true7229 ······create:·true
7230 ······mode:·o-rwx7230 ······mode:·o-rwx
7231 ······state:·present7231 ······state:·present
7232 ····when:·syscalls_found·|·length·==·07232 ····when:·syscalls_found·|·length·==·0
7233 ··when:7233 ··when:
7234 ··-·'"audit"·in·ansible_facts.packages' 
7235 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]7234 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 7235 ··-·'"audit"·in·ansible_facts.packages'
7236 ··tags:7236 ··tags:
7237 ··-·CJIS-5.4.1.17237 ··-·CJIS-5.4.1.1
7238 ··-·DISA-STIG-RHEL-08-0304807238 ··-·DISA-STIG-RHEL-08-030480
7239 ··-·NIST-800-171-3.1.77239 ··-·NIST-800-171-3.1.7
7240 ··-·NIST-800-53-AU-12(c)7240 ··-·NIST-800-53-AU-12(c)
7241 ··-·NIST-800-53-AU-2(d)7241 ··-·NIST-800-53-AU-2(d)
7242 ··-·NIST-800-53-CM-6(a)7242 ··-·NIST-800-53-CM-6(a)
Offset 7373, 16 lines modifiedOffset 7373, 16 lines modified
7373 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10007373 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
7374 ········-F·auid!=unset·-F·key=perm_mod7374 ········-F·auid!=unset·-F·key=perm_mod
7375 ······create:·true7375 ······create:·true
7376 ······mode:·o-rwx7376 ······mode:·o-rwx
7377 ······state:·present7377 ······state:·present
Max diff block lines reached; 99757/104246 bytes (95.69%) of diff not shown.
31.9 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-ospp.html
    
Offset 14555, 15 lines modifiedOffset 14555, 15 lines modified
00038da0:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current00038da0:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current
00038db0:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron00038db0:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron
00038dc0:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong00038dc0:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong
00038dd0:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st00038dd0:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st
00038de0:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro00038de0:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro
00038df0:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············00038df0:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············
00038e00:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·200038e00:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·2
00038e10:·3032·342d·3031·2d31·3429·0a20·2020·2020··024-01-14).·····00038e10:·3032·352d·3032·2d31·3529·0a20·2020·2020··025-02-15).·····
00038e20:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>00038e20:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>
00038e30:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T00038e30:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T
00038e40:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents00038e40:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents
00038e50:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·00038e50:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·
00038e60:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org00038e60:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org
00038e70:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont00038e70:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont
00038e80:·656e·745f·6772·6f75·705f·7379·7374·656d··ent_group_system00038e80:·656e·745f·6772·6f75·705f·7379·7374·656d··ent_group_system
Offset 58474, 23 lines modifiedOffset 58474, 23 lines modified
000e4690:·2020·2072·6567·6578·703a·205e·5c73·2a66·····regexp:·^\s*f000e4690:·2020·2072·6567·6578·703a·205e·5c73·2a66·····regexp:·^\s*f
000e46a0:·6c75·7368·5c73·2a3d·5c73·2a2e·2a24·0a20··lush\s*=\s*.*$.·000e46a0:·6c75·7368·5c73·2a3d·5c73·2a2e·2a24·0a20··lush\s*=\s*.*$.·
000e46b0:·2020·206c·696e·653a·2066·6c75·7368·203d·····line:·flush·=000e46b0:·2020·206c·696e·653a·2066·6c75·7368·203d·····line:·flush·=
000e46c0:·207b·7b20·7661·725f·6175·6469·7464·5f66···{{·var_auditd_f000e46c0:·207b·7b20·7661·725f·6175·6469·7464·5f66···{{·var_auditd_f
000e46d0:·6c75·7368·207d·7d0a·2020·2020·7374·6174··lush·}}.····stat000e46d0:·6c75·7368·207d·7d0a·2020·2020·7374·6174··lush·}}.····stat
000e46e0:·653a·2070·7265·7365·6e74·0a20·2020·2063··e:·present.····c000e46e0:·653a·2070·7265·7365·6e74·0a20·2020·2063··e:·present.····c
000e46f0:·7265·6174·653a·2074·7275·650a·2020·7768··reate:·true.··wh000e46f0:·7265·6174·653a·2074·7275·650a·2020·7768··reate:·true.··wh
000e4700:·656e·3a0a·2020·2d20·2722·6175·6469·7422··en:.··-·'"audit" 
000e4710:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
000e4720:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-· 
000e4730:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali 
000e4740:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not· 
000e4750:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l 
000e4760:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·" 
000e4770:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai000e4700:·656e·3a0a·2020·2d20·616e·7369·626c·655f··en:.··-·ansible_
 000e4710:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
 000e4720:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
 000e4730:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
 000e4740:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
 000e4750:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
 000e4760:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an
 000e4770:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
000e4780:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··000e4780:·6167·6573·270a·2020·7461·6773·3a0a·2020··ages'.··tags:.··
000e4790:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-3000e4790:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-3
000e47a0:·2e33·2e31·0a20·202d·204e·4953·542d·3830··.3.1.··-·NIST-80000e47a0:·2e33·2e31·0a20·202d·204e·4953·542d·3830··.3.1.··-·NIST-80
000e47b0:·302d·3533·2d41·552d·3131·0a20·202d·204e··0-53-AU-11.··-·N000e47b0:·302d·3533·2d41·552d·3131·0a20·202d·204e··0-53-AU-11.··-·N
000e47c0:·4953·542d·3830·302d·3533·2d43·4d2d·3628··IST-800-53-CM-6(000e47c0:·4953·542d·3830·302d·3533·2d43·4d2d·3628··IST-800-53-CM-6(
000e47d0:·6129·0a20·202d·2061·7564·6974·645f·6461··a).··-·auditd_da000e47d0:·6129·0a20·202d·2061·7564·6974·645f·6461··a).··-·auditd_da
000e47e0:·7461·5f72·6574·656e·7469·6f6e·5f66·6c75··ta_retention_flu000e47e0:·7461·5f72·6574·656e·7469·6f6e·5f66·6c75··ta_retention_flu
000e47f0:·7368·0a20·202d·206c·6f77·5f63·6f6d·706c··sh.··-·low_compl000e47f0:·7368·0a20·202d·206c·6f77·5f63·6f6d·706c··sh.··-·low_compl
Offset 58516, 21 lines modifiedOffset 58516, 21 lines modified
000e4930:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel000e4930:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel
000e4940:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap000e4940:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap
000e4950:·7365·2220·6964·3d22·6964·6d33·3832·3436··se"·id="idm38246000e4950:·7365·2220·6964·3d22·6964·6d33·3832·3436··se"·id="idm38246
000e4960:·223e·3c70·7265·3e3c·636f·6465·3e23·2052··"><pre><code>#·R000e4960:·223e·3c70·7265·3e3c·636f·6465·3e23·2052··"><pre><code>#·R
000e4970:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap000e4970:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap
000e4980:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in000e4980:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in
000e4990:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor000e4990:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor
000e49a0:·6d73·0a69·6620·7270·6d20·2d2d·7175·6965··ms.if·rpm·--quie 
000e49b0:·7420·2d71·2061·7564·6974·2026·616d·703b··t·-q·audit·&amp; 
000e49c0:·2661·6d70·3b20·5b20·2120·2d66·202f·2e64··&amp;·[·!·-f·/.d000e49a0:·6d73·0a69·6620·5b20·2120·2d66·202f·2e64··ms.if·[·!·-f·/.d
000e49d0:·6f63·6b65·7265·6e76·205d·2026·616d·703b··ockerenv·]·&amp;000e49b0:·6f63·6b65·7265·6e76·205d·2026·616d·703b··ockerenv·]·&amp;
000e49e0:·2661·6d70·3b20·5b20·2120·2d66·202f·7275··&amp;·[·!·-f·/ru000e49c0:·2661·6d70·3b20·5b20·2120·2d66·202f·7275··&amp;·[·!·-f·/ru
000e49f0:·6e2f·2e63·6f6e·7461·696e·6572·656e·7620··n/.containerenv·000e49d0:·6e2f·2e63·6f6e·7461·696e·6572·656e·7620··n/.containerenv·
 000e49e0:·5d20·2661·6d70·3b26·616d·703b·2072·706d··]·&amp;&amp;·rpm
 000e49f0:·202d·2d71·7569·6574·202d·7120·6175·6469···--quiet·-q·audi
000e4a00:·5d3b·2074·6865·6e0a·0a76·6172·5f61·7564··];·then..var_aud000e4a00:·743b·2074·6865·6e0a·0a76·6172·5f61·7564··t;·then..var_aud
000e4a10:·6974·645f·666c·7573·683d·273c·6162·6272··itd_flush='<abbr000e4a10:·6974·645f·666c·7573·683d·273c·6162·6272··itd_flush='<abbr
000e4a20:·2074·6974·6c65·3d22·6672·6f6d·2050·726f···title="from·Pro000e4a20:·2074·6974·6c65·3d22·6672·6f6d·2050·726f···title="from·Pro
000e4a30:·6669·6c65·2f72·6566·696e·652d·7661·6c75··file/refine-valu000e4a30:·6669·6c65·2f72·6566·696e·652d·7661·6c75··file/refine-valu
000e4a40:·653a·2078·6363·6466·5f6f·7267·2e73·7367··e:·xccdf_org.ssg000e4a40:·653a·2078·6363·6466·5f6f·7267·2e73·7367··e:·xccdf_org.ssg
000e4a50:·7072·6f6a·6563·742e·636f·6e74·656e·745f··project.content_000e4a50:·7072·6f6a·6563·742e·636f·6e74·656e·745f··project.content_
000e4a60:·7661·6c75·655f·7661·725f·6175·6469·7464··value_var_auditd000e4a60:·7661·6c75·655f·7661·725f·6175·6469·7464··value_var_auditd
000e4a70:·5f66·6c75·7368·223e·696e·6372·656d·656e··_flush">incremen000e4a70:·5f66·6c75·7368·223e·696e·6372·656d·656e··_flush">incremen
Offset 58986, 22 lines modifiedOffset 58986, 22 lines modified
000e6690:·2e63·6f6e·660a·2020·2020·2020·6372·6561··.conf.······crea000e6690:·2e63·6f6e·660a·2020·2020·2020·6372·6561··.conf.······crea
000e66a0:·7465·3a20·7472·7565·0a20·2020·2020·2072··te:·true.······r000e66a0:·7465·3a20·7472·7565·0a20·2020·2020·2072··te:·true.······r
000e66b0:·6567·6578·703a·2028·3f69·295e·5c73·2a66··egexp:·(?i)^\s*f000e66b0:·6567·6578·703a·2028·3f69·295e·5c73·2a66··egexp:·(?i)^\s*f
000e66c0:·7265·715c·732a·3d5c·732a·0a20·2020·2020··req\s*=\s*.·····000e66c0:·7265·715c·732a·3d5c·732a·0a20·2020·2020··req\s*=\s*.·····
000e66d0:·206c·696e·653a·2066·7265·7120·3d20·3530···line:·freq·=·50000e66d0:·206c·696e·653a·2066·7265·7120·3d20·3530···line:·freq·=·50
000e66e0:·0a20·2020·2020·2073·7461·7465·3a20·7072··.······state:·pr000e66e0:·0a20·2020·2020·2073·7461·7465·3a20·7072··.······state:·pr
000e66f0:·6573·656e·740a·2020·7768·656e·3a0a·2020··esent.··when:.··000e66f0:·6573·656e·740a·2020·7768·656e·3a0a·2020··esent.··when:.··
000e6700:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an 
000e6710:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack 
000e6720:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl 
000e6730:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization 
000e6740:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d 
000e6750:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·" 
000e6760:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman 
000e6770:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].000e6700:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
 000e6710:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
 000e6720:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
 000e6730:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
 000e6740:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
 000e6750:·6169·6e65·7222·5d0a·2020·2d20·2722·6175··ainer"].··-·'"au
 000e6760:·6469·7422·2069·6e20·616e·7369·626c·655f··dit"·in·ansible_
 000e6770:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.
000e6780:·2020·7461·6773·3a0a·2020·2d20·4e49·5354····tags:.··-·NIST000e6780:·2020·7461·6773·3a0a·2020·2d20·4e49·5354····tags:.··-·NIST
000e6790:·2d38·3030·2d35·332d·434d·2d36·0a20·202d··-800-53-CM-6.··-000e6790:·2d38·3030·2d35·332d·434d·2d36·0a20·202d··-800-53-CM-6.··-
000e67a0:·2061·7564·6974·645f·6672·6571·0a20·202d···auditd_freq.··-000e67a0:·2061·7564·6974·645f·6672·6571·0a20·202d···auditd_freq.··-
000e67b0:·206c·6f77·5f63·6f6d·706c·6578·6974·790a···low_complexity.000e67b0:·206c·6f77·5f63·6f6d·706c·6578·6974·790a···low_complexity.
000e67c0:·2020·2d20·6c6f·775f·6469·7372·7570·7469····-·low_disrupti000e67c0:·2020·2d20·6c6f·775f·6469·7372·7570·7469····-·low_disrupti
000e67d0:·6f6e·0a20·202d·206d·6564·6975·6d5f·7365··on.··-·medium_se000e67d0:·6f6e·0a20·202d·206d·6564·6975·6d5f·7365··on.··-·medium_se
000e67e0:·7665·7269·7479·0a20·202d·206e·6f5f·7265··verity.··-·no_re000e67e0:·7665·7269·7479·0a20·202d·206e·6f5f·7265··verity.··-·no_re
Offset 59036, 21 lines modifiedOffset 59036, 21 lines modified
000e69b0:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy000e69b0:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy
000e69c0:·3a3c·2f74·683e·3c74·643e·7265·7374·7269··:</th><td>restri000e69c0:·3a3c·2f74·683e·3c74·643e·7265·7374·7269··:</th><td>restri
000e69d0:·6374·3c2f·7464·3e3c·2f74·723e·3c2f·7461··ct</td></tr></ta000e69d0:·6374·3c2f·7464·3e3c·2f74·723e·3c2f·7461··ct</td></tr></ta
000e69e0:·626c·653e·3c70·7265·3e3c·636f·6465·3e23··ble><pre><code>#000e69e0:·626c·653e·3c70·7265·3e3c·636f·6465·3e23··ble><pre><code>#
000e69f0:·2052·656d·6564·6961·7469·6f6e·2069·7320···Remediation·is·000e69f0:·2052·656d·6564·6961·7469·6f6e·2069·7320···Remediation·is·
000e6a00:·6170·706c·6963·6162·6c65·206f·6e6c·7920··applicable·only·000e6a00:·6170·706c·6963·6162·6c65·206f·6e6c·7920··applicable·only·
000e6a10:·696e·2063·6572·7461·696e·2070·6c61·7466··in·certain·platf000e6a10:·696e·2063·6572·7461·696e·2070·6c61·7466··in·certain·platf
000e6a20:·6f72·6d73·0a69·6620·7270·6d20·2d2d·7175··orms.if·rpm·--qu000e6a20:·6f72·6d73·0a69·6620·5b20·2120·2d66·202f··orms.if·[·!·-f·/
000e6a30:·6965·7420·2d71·2061·7564·6974·2026·616d··iet·-q·audit·&am000e6a30:·2e64·6f63·6b65·7265·6e76·205d·2026·616d··.dockerenv·]·&am
000e6a40:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/000e6a40:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/
000e6a50:·2e64·6f63·6b65·7265·6e76·205d·2026·616d··.dockerenv·]·&am 
000e6a60:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/ 
000e6a70:·7275·6e2f·2e63·6f6e·7461·696e·6572·656e··run/.containeren000e6a50:·7275·6e2f·2e63·6f6e·7461·696e·6572·656e··run/.containeren
 000e6a60:·7620·5d20·2661·6d70·3b26·616d·703b·2072··v·]·&amp;&amp;·r
 000e6a70:·706d·202d·2d71·7569·6574·202d·7120·6175··pm·--quiet·-q·au
000e6a80:·7620·5d3b·2074·6865·6e0a·0a69·6620·5b20··v·];·then..if·[·000e6a80:·6469·743b·2074·6865·6e0a·0a69·6620·5b20··dit;·then..if·[·
000e6a90:·2d65·2022·2f65·7463·2f61·7564·6974·2f61··-e·"/etc/audit/a000e6a90:·2d65·2022·2f65·7463·2f61·7564·6974·2f61··-e·"/etc/audit/a
000e6aa0:·7564·6974·642e·636f·6e66·2220·5d20·3b20··uditd.conf"·]·;·000e6aa0:·7564·6974·642e·636f·6e66·2220·5d20·3b20··uditd.conf"·]·;·
000e6ab0:·7468·656e·0a20·2020·200a·2020·2020·4c43··then.····.····LC000e6ab0:·7468·656e·0a20·2020·200a·2020·2020·4c43··then.····.····LC
000e6ac0:·5f41·4c4c·3d43·2073·6564·202d·6920·222f··_ALL=C·sed·-i·"/000e6ac0:·5f41·4c4c·3d43·2073·6564·202d·6920·222f··_ALL=C·sed·-i·"/
000e6ad0:·5e5c·732a·6672·6571·5c73·2a3d·5c73·2a2f··^\s*freq\s*=\s*/000e6ad0:·5e5c·732a·6672·6571·5c73·2a3d·5c73·2a2f··^\s*freq\s*=\s*/
000e6ae0:·4964·2220·222f·6574·632f·6175·6469·742f··Id"·"/etc/audit/000e6ae0:·4964·2220·222f·6574·632f·6175·6469·742f··Id"·"/etc/audit/
000e6af0:·6175·6469·7464·2e63·6f6e·6622·0a65·6c73··auditd.conf".els000e6af0:·6175·6469·7464·2e63·6f6e·6622·0a65·6c73··auditd.conf".els
Offset 59459, 23 lines modifiedOffset 59459, 23 lines modified
000e8420:·2063·7265·6174·653a·2074·7275·650a·2020···create:·true.··000e8420:·2063·7265·6174·653a·2074·7275·650a·2020···create:·true.··
000e8430:·2020·2020·7265·6765·7870·3a20·283f·6929······regexp:·(?i)000e8430:·2020·2020·7265·6765·7870·3a20·283f·6929······regexp:·(?i)
Max diff block lines reached; 16190/25730 bytes (62.92%) of diff not shown.
6.64 KB
html2text {}
    
Offset 71, 15 lines modifiedOffset 71, 15 lines modified
71 ····*·cpe:/o:redhat:enterprise_linux:8.771 ····*·cpe:/o:redhat:enterprise_linux:8.7
72 ····*·cpe:/o:redhat:enterprise_linux:8.872 ····*·cpe:/o:redhat:enterprise_linux:8.8
73 ····*·cpe:/o:redhat:enterprise_linux:8.973 ····*·cpe:/o:redhat:enterprise_linux:8.9
74 ····*·cpe:/o:redhat:enterprise_linux:874 ····*·cpe:/o:redhat:enterprise_linux:8
75 ····*·cpe:/o:centos:centos:875 ····*·cpe:/o:centos:centos:8
76 *****·Revision·History·*****76 *****·Revision·History·*****
77 Current·version:·0.1.6577 Current·version:·0.1.65
78 ····*·draft·(as·of·2024-01-14)78 ····*·draft·(as·of·2025-02-15)
79 *****·Table·of·Contents·*****79 *****·Table·of·Contents·*****
80 ···1.·System_Settings80 ···1.·System_Settings
81 ·········1.·Installing_and_Maintaining_Software81 ·········1.·Installing_and_Maintaining_Software
82 ·········2.·Account_and_Access_Control82 ·········2.·Account_and_Access_Control
83 ·········3.·System_Accounting_with_auditd83 ·········3.·System_Accounting_with_auditd
84 ·········4.·GRUB2_bootloader_configuration84 ·········4.·GRUB2_bootloader_configuration
85 ·········5.·zIPL_bootloader_configuration85 ·········5.·zIPL_bootloader_configuration
Offset 7761, 29 lines modifiedOffset 7761, 29 lines modified
7761 ··lineinfile:7761 ··lineinfile:
7762 ····dest:·/etc/audit/auditd.conf7762 ····dest:·/etc/audit/auditd.conf
7763 ····regexp:·^\s*flush\s*=\s*.*$7763 ····regexp:·^\s*flush\s*=\s*.*$
7764 ····line:·flush·=·{{·var_auditd_flush·}}7764 ····line:·flush·=·{{·var_auditd_flush·}}
7765 ····state:·present7765 ····state:·present
7766 ····create:·true7766 ····create:·true
7767 ··when:7767 ··when:
7768 ··-·'"audit"·in·ansible_facts.packages' 
7769 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]7768 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 7769 ··-·'"audit"·in·ansible_facts.packages'
7770 ··tags:7770 ··tags:
7771 ··-·NIST-800-171-3.3.17771 ··-·NIST-800-171-3.3.1
7772 ··-·NIST-800-53-AU-117772 ··-·NIST-800-53-AU-11
7773 ··-·NIST-800-53-CM-6(a)7773 ··-·NIST-800-53-CM-6(a)
7774 ··-·auditd_data_retention_flush7774 ··-·auditd_data_retention_flush
7775 ··-·low_complexity7775 ··-·low_complexity
7776 ··-·low_disruption7776 ··-·low_disruption
7777 ··-·medium_severity7777 ··-·medium_severity
7778 ··-·no_reboot_needed7778 ··-·no_reboot_needed
7779 ··-·restrict_strategy7779 ··-·restrict_strategy
7780 Remediation_Shell_script_⇲7780 Remediation_Shell_script_⇲
7781 #·Remediation·is·applicable·only·in·certain·platforms7781 #·Remediation·is·applicable·only·in·certain·platforms
7782 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then7782 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
7783 var_auditd_flush='incremental_async'7783 var_auditd_flush='incremental_async'
  
  
7784 AUDITCONFIG=/etc/audit/auditd.conf7784 AUDITCONFIG=/etc/audit/auditd.conf
  
7785 #·if·flush·is·present,·flush·param·edited·to·var_auditd_flush7785 #·if·flush·is·present,·flush·param·edited·to·var_auditd_flush
Offset 7880, 30 lines modifiedOffset 7880, 30 lines modified
7880 ····lineinfile:7880 ····lineinfile:
7881 ······path:·/etc/audit/auditd.conf7881 ······path:·/etc/audit/auditd.conf
7882 ······create:·true7882 ······create:·true
7883 ······regexp:·(?i)^\s*freq\s*=\s*7883 ······regexp:·(?i)^\s*freq\s*=\s*
7884 ······line:·freq·=·507884 ······line:·freq·=·50
7885 ······state:·present7885 ······state:·present
7886 ··when:7886 ··when:
7887 ··-·'"audit"·in·ansible_facts.packages' 
7888 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]7887 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 7888 ··-·'"audit"·in·ansible_facts.packages'
7889 ··tags:7889 ··tags:
7890 ··-·NIST-800-53-CM-67890 ··-·NIST-800-53-CM-6
7891 ··-·auditd_freq7891 ··-·auditd_freq
7892 ··-·low_complexity7892 ··-·low_complexity
7893 ··-·low_disruption7893 ··-·low_disruption
7894 ··-·medium_severity7894 ··-·medium_severity
7895 ··-·no_reboot_needed7895 ··-·no_reboot_needed
7896 ··-·restrict_strategy7896 ··-·restrict_strategy
7897 Remediation_Shell_script_⇲7897 Remediation_Shell_script_⇲
7898 Complexity:·low7898 Complexity:·low
7899 Disruption:·low7899 Disruption:·low
7900 Strategy:···restrict7900 Strategy:···restrict
7901 #·Remediation·is·applicable·only·in·certain·platforms7901 #·Remediation·is·applicable·only·in·certain·platforms
7902 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then7902 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
7903 if·[·-e·"/etc/audit/auditd.conf"·]·;·then7903 if·[·-e·"/etc/audit/auditd.conf"·]·;·then
  
7904 ····LC_ALL=C·sed·-i·"/^\s*freq\s*=\s*/Id"·"/etc/audit/auditd.conf"7904 ····LC_ALL=C·sed·-i·"/^\s*freq\s*=\s*/Id"·"/etc/audit/auditd.conf"
7905 else7905 else
7906 ····touch·"/etc/audit/auditd.conf"7906 ····touch·"/etc/audit/auditd.conf"
7907 fi7907 fi
Offset 7986, 31 lines modifiedOffset 7986, 31 lines modified
7986 ····lineinfile:7986 ····lineinfile:
7987 ······path:·/etc/audit/auditd.conf7987 ······path:·/etc/audit/auditd.conf
7988 ······create:·true7988 ······create:·true
7989 ······regexp:·(?i)^\s*local_events\s*=\s*7989 ······regexp:·(?i)^\s*local_events\s*=\s*
7990 ······line:·local_events·=·yes7990 ······line:·local_events·=·yes
7991 ······state:·present7991 ······state:·present
7992 ··when:7992 ··when:
7993 ··-·'"audit"·in·ansible_facts.packages' 
7994 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]7993 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 7994 ··-·'"audit"·in·ansible_facts.packages'
7995 ··tags:7995 ··tags:
7996 ··-·DISA-STIG-RHEL-08-0300617996 ··-·DISA-STIG-RHEL-08-030061
7997 ··-·NIST-800-53-CM-67997 ··-·NIST-800-53-CM-6
7998 ··-·auditd_local_events7998 ··-·auditd_local_events
7999 ··-·low_complexity7999 ··-·low_complexity
8000 ··-·low_disruption8000 ··-·low_disruption
8001 ··-·medium_severity8001 ··-·medium_severity
8002 ··-·no_reboot_needed8002 ··-·no_reboot_needed
8003 ··-·restrict_strategy8003 ··-·restrict_strategy
8004 Remediation_Shell_script_⇲8004 Remediation_Shell_script_⇲
8005 Complexity:·low8005 Complexity:·low
8006 Disruption:·low8006 Disruption:·low
8007 Strategy:···restrict8007 Strategy:···restrict
8008 #·Remediation·is·applicable·only·in·certain·platforms8008 #·Remediation·is·applicable·only·in·certain·platforms
8009 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then8009 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
8010 if·[·-e·"/etc/audit/auditd.conf"·]·;·then8010 if·[·-e·"/etc/audit/auditd.conf"·]·;·then
  
8011 ····LC_ALL=C·sed·-i·"/^\s*local_events\s*=\s*/Id"·"/etc/audit/auditd.conf"8011 ····LC_ALL=C·sed·-i·"/^\s*local_events\s*=\s*/Id"·"/etc/audit/auditd.conf"
8012 else8012 else
8013 ····touch·"/etc/audit/auditd.conf"8013 ····touch·"/etc/audit/auditd.conf"
8014 fi8014 fi
Offset 8094, 16 lines modifiedOffset 8094, 16 lines modified
8094 ····lineinfile:8094 ····lineinfile:
8095 ······path:·/etc/audit/auditd.conf8095 ······path:·/etc/audit/auditd.conf
8096 ······create:·true8096 ······create:·true
8097 ······regexp:·(?i)^\s*log_format\s*=\s*8097 ······regexp:·(?i)^\s*log_format\s*=\s*
8098 ······line:·log_format·=·ENRICHED8098 ······line:·log_format·=·ENRICHED
8099 ······state:·present8099 ······state:·present
8100 ··when:8100 ··when:
8101 ··-·'"audit"·in·ansible_facts.packages' 
8102 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8101 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 8102 ··-·'"audit"·in·ansible_facts.packages'
8103 ··tags:8103 ··tags:
8104 ··-·DISA-STIG-RHEL-08-0300638104 ··-·DISA-STIG-RHEL-08-030063
8105 ··-·NIST-800-53-AU-38105 ··-·NIST-800-53-AU-3
8106 ··-·NIST-800-53-CM-68106 ··-·NIST-800-53-CM-6
8107 ··-·auditd_log_format8107 ··-·auditd_log_format
Max diff block lines reached; 2647/6779 bytes (39.05%) of diff not shown.
804 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-pci-dss.html
    
Offset 14532, 15 lines modifiedOffset 14532, 15 lines modified
00038c30:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C00038c30:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C
00038c40:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·00038c40:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·
00038c50:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</00038c50:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</
00038c60:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><00038c60:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><
00038c70:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft00038c70:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft
00038c80:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······00038c80:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······
00038c90:·2020·2020·2020·2020·2020·2020·2020·2861················(a00038c90:·2020·2020·2020·2020·2020·2020·2020·2861················(a
00038ca0:·7320·6f66·2032·3032·342d·3031·2d31·3429··s·of·2024-01-14)00038ca0:·7320·6f66·2032·3032·352d·3032·2d31·3529··s·of·2025-02-15)
00038cb0:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············00038cb0:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············
00038cc0:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div00038cc0:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div
00038cd0:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co00038cd0:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co
00038ce0:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><00038ce0:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><
00038cf0:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc00038cf0:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc
00038d00:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec00038d00:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec
00038d10:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_00038d10:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_
Offset 54634, 23 lines modifiedOffset 54634, 23 lines modified
000d5690:·5f72·6571·7569·7265·640a·2020·2d20·7265··_required.··-·re000d5690:·5f72·6571·7569·7265·640a·2020·2d20·7265··_required.··-·re
000d56a0:·7374·7269·6374·5f73·7472·6174·6567·790a··strict_strategy.000d56a0:·7374·7269·6374·5f73·7472·6174·6567·790a··strict_strategy.
000d56b0:·0a2d·206e·616d·653a·2053·6574·2061·7263··.-·name:·Set·arc000d56b0:·0a2d·206e·616d·653a·2053·6574·2061·7263··.-·name:·Set·arc
000d56c0:·6869·7465·6374·7572·6520·666f·7220·6175··hitecture·for·au000d56c0:·6869·7465·6374·7572·6520·666f·7220·6175··hitecture·for·au
000d56d0:·6469·7420·6368·6d6f·6420·7461·736b·730a··dit·chmod·tasks.000d56d0:·6469·7420·6368·6d6f·6420·7461·736b·730a··dit·chmod·tasks.
000d56e0:·2020·7365·745f·6661·6374·3a0a·2020·2020····set_fact:.····000d56e0:·2020·7365·745f·6661·6374·3a0a·2020·2020····set_fact:.····
000d56f0:·6175·6469·745f·6172·6368·3a20·6236·340a··audit_arch:·b64.000d56f0:·6175·6469·745f·6172·6368·3a20·6236·340a··audit_arch:·b64.
000d5700:·2020·7768·656e·3a0a·2020·2d20·2722·6175····when:.··-·'"au000d5700:·2020·7768·656e·3a0a·2020·2d20·616e·7369····when:.··-·ansi
000d5710:·6469·7422·2069·6e20·616e·7369·626c·655f··dit"·in·ansible_ 
000d5720:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'. 
000d5730:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt 
000d5740:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type· 
000d5750:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker" 
000d5760:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz 
000d5770:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co 
000d5780:·6e74·6169·6e65·7222·5d0a·2020·2d20·616e··ntainer"].··-·an000d5710:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
 000d5720:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
 000d5730:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
 000d5740:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
 000d5750:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
 000d5760:·5d0a·2020·2d20·2722·6175·6469·7422·2069··].··-·'"audit"·i
 000d5770:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
 000d5780:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an
000d5790:·7369·626c·655f·6172·6368·6974·6563·7475··sible_architectu000d5790:·7369·626c·655f·6172·6368·6974·6563·7475··sible_architectu
000d57a0:·7265·203d·3d20·2261·6172·6368·3634·2220··re·==·"aarch64"·000d57a0:·7265·203d·3d20·2261·6172·6368·3634·2220··re·==·"aarch64"·
000d57b0:·6f72·2061·6e73·6962·6c65·5f61·7263·6869··or·ansible_archi000d57b0:·6f72·2061·6e73·6962·6c65·5f61·7263·6869··or·ansible_archi
000d57c0:·7465·6374·7572·6520·3d3d·2022·7070·6336··tecture·==·"ppc6000d57c0:·7465·6374·7572·6520·3d3d·2022·7070·6336··tecture·==·"ppc6
000d57d0:·3422·206f·7220·616e·7369·626c·655f·6172··4"·or·ansible_ar000d57d0:·3422·206f·7220·616e·7369·626c·655f·6172··4"·or·ansible_ar
000d57e0:·6368·6974·6563·7475·7265·0a20·2020·203d··chitecture.····=000d57e0:·6368·6974·6563·7475·7265·0a20·2020·203d··chitecture.····=
000d57f0:·3d20·2270·7063·3634·6c65·2220·6f72·2061··=·"ppc64le"·or·a000d57f0:·3d20·2270·7063·3634·6c65·2220·6f72·2061··=·"ppc64le"·or·a
Offset 54957, 23 lines modifiedOffset 54957, 23 lines modified
000d6ac0:·7420·2d46·206b·6579·3d70·6572·6d5f·6d6f··t·-F·key=perm_mo000d6ac0:·7420·2d46·206b·6579·3d70·6572·6d5f·6d6f··t·-F·key=perm_mo
000d6ad0:·640a·2020·2020·2020·6372·6561·7465·3a20··d.······create:·000d6ad0:·640a·2020·2020·2020·6372·6561·7465·3a20··d.······create:·
000d6ae0:·7472·7565·0a20·2020·2020·206d·6f64·653a··true.······mode:000d6ae0:·7472·7565·0a20·2020·2020·206d·6f64·653a··true.······mode:
000d6af0:·206f·2d72·7778·0a20·2020·2020·2073·7461···o-rwx.······sta000d6af0:·206f·2d72·7778·0a20·2020·2020·2073·7461···o-rwx.······sta
000d6b00:·7465·3a20·7072·6573·656e·740a·2020·2020··te:·present.····000d6b00:·7465·3a20·7072·6573·656e·740a·2020·2020··te:·present.····
000d6b10:·7768·656e·3a20·7379·7363·616c·6c73·5f66··when:·syscalls_f000d6b10:·7768·656e·3a20·7379·7363·616c·6c73·5f66··when:·syscalls_f
000d6b20:·6f75·6e64·207c·206c·656e·6774·6820·3d3d··ound·|·length·==000d6b20:·6f75·6e64·207c·206c·656e·6774·6820·3d3d··ound·|·length·==
000d6b30:·2030·0a20·2077·6865·6e3a·0a20·202d·2027···0.··when:.··-·'000d6b30:·2030·0a20·2077·6865·6e3a·0a20·202d·2061···0.··when:.··-·a
000d6b40:·2261·7564·6974·2220·696e·2061·6e73·6962··"audit"·in·ansib 
000d6b50:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package 
000d6b60:·7327·0a20·202d·2061·6e73·6962·6c65·5f76··s'.··-·ansible_v 
000d6b70:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty 
000d6b80:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock 
000d6b90:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope 
000d6ba0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",· 
000d6bb0:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t000d6b40:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
 000d6b50:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
 000d6b60:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
 000d6b70:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
 000d6b80:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
 000d6b90:·6572·225d·0a20·202d·2027·2261·7564·6974··er"].··-·'"audit
 000d6ba0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
 000d6bb0:·7473·2e70·6163·6b61·6765·7327·0a20·2074··ts.packages'.··t
000d6bc0:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.000d6bc0:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.
000d6bd0:·342e·312e·310a·2020·2d20·4449·5341·2d53··4.1.1.··-·DISA-S000d6bd0:·342e·312e·310a·2020·2d20·4449·5341·2d53··4.1.1.··-·DISA-S
000d6be0:·5449·472d·5248·454c·2d30·382d·3033·3034··TIG-RHEL-08-0304000d6be0:·5449·472d·5248·454c·2d30·382d·3033·3034··TIG-RHEL-08-0304
000d6bf0:·3930·0a20·202d·204e·4953·542d·3830·302d··90.··-·NIST-800-000d6bf0:·3930·0a20·202d·204e·4953·542d·3830·302d··90.··-·NIST-800-
000d6c00:·3137·312d·332e·312e·370a·2020·2d20·4e49··171-3.1.7.··-·NI000d6c00:·3137·312d·332e·312e·370a·2020·2d20·4e49··171-3.1.7.··-·NI
000d6c10:·5354·2d38·3030·2d35·332d·4155·2d31·3228··ST-800-53-AU-12(000d6c10:·5354·2d38·3030·2d35·332d·4155·2d31·3228··ST-800-53-AU-12(
000d6c20:·6329·0a20·202d·204e·4953·542d·3830·302d··c).··-·NIST-800-000d6c20:·6329·0a20·202d·204e·4953·542d·3830·302d··c).··-·NIST-800-
Offset 55269, 23 lines modifiedOffset 55269, 23 lines modified
000d7e40:·6579·3d70·6572·6d5f·6d6f·640a·2020·2020··ey=perm_mod.····000d7e40:·6579·3d70·6572·6d5f·6d6f·640a·2020·2020··ey=perm_mod.····
000d7e50:·2020·6372·6561·7465·3a20·7472·7565·0a20····create:·true.·000d7e50:·2020·6372·6561·7465·3a20·7472·7565·0a20····create:·true.·
000d7e60:·2020·2020·206d·6f64·653a·206f·2d72·7778·······mode:·o-rwx000d7e60:·2020·2020·206d·6f64·653a·206f·2d72·7778·······mode:·o-rwx
000d7e70:·0a20·2020·2020·2073·7461·7465·3a20·7072··.······state:·pr000d7e70:·0a20·2020·2020·2073·7461·7465·3a20·7072··.······state:·pr
000d7e80:·6573·656e·740a·2020·2020·7768·656e·3a20··esent.····when:·000d7e80:·6573·656e·740a·2020·2020·7768·656e·3a20··esent.····when:·
000d7e90:·7379·7363·616c·6c73·5f66·6f75·6e64·207c··syscalls_found·|000d7e90:·7379·7363·616c·6c73·5f66·6f75·6e64·207c··syscalls_found·|
000d7ea0:·206c·656e·6774·6820·3d3d·2030·0a20·2077···length·==·0.··w000d7ea0:·206c·656e·6774·6820·3d3d·2030·0a20·2077···length·==·0.··w
000d7eb0:·6865·6e3a·0a20·202d·2027·2261·7564·6974··hen:.··-·'"audit000d7eb0:·6865·6e3a·0a20·202d·2061·6e73·6962·6c65··hen:.··-·ansible
000d7ec0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
000d7ed0:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··- 
000d7ee0:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual 
000d7ef0:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not 
000d7f00:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·" 
000d7f10:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",· 
000d7f20:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta000d7ec0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
 000d7ed0:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
 000d7ee0:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
 000d7ef0:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
 000d7f00:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
 000d7f10:·202d·2027·2261·7564·6974·2220·696e·2061···-·'"audit"·in·a
 000d7f20:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
000d7f30:·696e·6572·225d·0a20·202d·2061·7564·6974··iner"].··-·audit000d7f30:·6b61·6765·7327·0a20·202d·2061·7564·6974··kages'.··-·audit
000d7f40:·5f61·7263·6820·3d3d·2022·6236·3422·0a20··_arch·==·"b64".·000d7f40:·5f61·7263·6820·3d3d·2022·6236·3422·0a20··_arch·==·"b64".·
000d7f50:·2074·6167·733a·0a20·202d·2043·4a49·532d···tags:.··-·CJIS-000d7f50:·2074·6167·733a·0a20·202d·2043·4a49·532d···tags:.··-·CJIS-
000d7f60:·352e·342e·312e·310a·2020·2d20·4449·5341··5.4.1.1.··-·DISA000d7f60:·352e·342e·312e·310a·2020·2d20·4449·5341··5.4.1.1.··-·DISA
000d7f70:·2d53·5449·472d·5248·454c·2d30·382d·3033··-STIG-RHEL-08-03000d7f70:·2d53·5449·472d·5248·454c·2d30·382d·3033··-STIG-RHEL-08-03
000d7f80:·3034·3930·0a20·202d·204e·4953·542d·3830··0490.··-·NIST-80000d7f80:·3034·3930·0a20·202d·204e·4953·542d·3830··0490.··-·NIST-80
000d7f90:·302d·3137·312d·332e·312e·370a·2020·2d20··0-171-3.1.7.··-·000d7f90:·302d·3137·312d·332e·312e·370a·2020·2d20··0-171-3.1.7.··-·
000d7fa0:·4e49·5354·2d38·3030·2d35·332d·4155·2d31··NIST-800-53-AU-1000d7fa0:·4e49·5354·2d38·3030·2d35·332d·4155·2d31··NIST-800-53-AU-1
Offset 55319, 20 lines modifiedOffset 55319, 20 lines modified
000d8160:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-000d8160:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-
000d8170:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps000d8170:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps
000d8180:·6522·2069·643d·2269·646d·3235·3339·3022··e"·id="idm25390"000d8180:·6522·2069·643d·2269·646d·3235·3339·3022··e"·id="idm25390"
000d8190:·3e3c·7072·653e·3c63·6f64·653e·2320·5265··><pre><code>#·Re000d8190:·3e3c·7072·653e·3c63·6f64·653e·2320·5265··><pre><code>#·Re
000d81a0:·6d65·6469·6174·696f·6e20·6973·2061·7070··mediation·is·app000d81a0:·6d65·6469·6174·696f·6e20·6973·2061·7070··mediation·is·app
000d81b0:·6c69·6361·626c·6520·6f6e·6c79·2069·6e20··licable·only·in·000d81b0:·6c69·6361·626c·6520·6f6e·6c79·2069·6e20··licable·only·in·
000d81c0:·6365·7274·6169·6e20·706c·6174·666f·726d··certain·platform000d81c0:·6365·7274·6169·6e20·706c·6174·666f·726d··certain·platform
000d81d0:·730a·6966·2072·706d·202d·2d71·7569·6574··s.if·rpm·--quiet 
000d81e0:·202d·7120·6175·6469·7420·2661·6d70·3b26···-q·audit·&amp;& 
000d81f0:·616d·703b·205b·2021·202d·6620·2f2e·646f··amp;·[·!·-f·/.do000d81d0:·730a·6966·205b·2021·202d·6620·2f2e·646f··s.if·[·!·-f·/.do
000d8200:·636b·6572·656e·7620·5d20·2661·6d70·3b26··ckerenv·]·&amp;&000d81e0:·636b·6572·656e·7620·5d20·2661·6d70·3b26··ckerenv·]·&amp;&
000d8210:·616d·703b·205b·2021·202d·6620·2f72·756e··amp;·[·!·-f·/run000d81f0:·616d·703b·205b·2021·202d·6620·2f72·756e··amp;·[·!·-f·/run
000d8220:·2f2e·636f·6e74·6169·6e65·7265·6e76·205d··/.containerenv·]000d8200:·2f2e·636f·6e74·6169·6e65·7265·6e76·205d··/.containerenv·]
 000d8210:·2026·616d·703b·2661·6d70·3b20·7270·6d20···&amp;&amp;·rpm·
 000d8220:·2d2d·7175·6965·7420·2d71·2061·7564·6974··--quiet·-q·audit
000d8230:·3b20·7468·656e·0a0a·2320·4669·7273·7420··;·then..#·First·000d8230:·3b20·7468·656e·0a0a·2320·4669·7273·7420··;·then..#·First·
000d8240:·7065·7266·6f72·6d20·7468·6520·7265·6d65··perform·the·reme000d8240:·7065·7266·6f72·6d20·7468·6520·7265·6d65··perform·the·reme
000d8250:·6469·6174·696f·6e20·6f66·2074·6865·2073··diation·of·the·s000d8250:·6469·6174·696f·6e20·6f66·2074·6865·2073··diation·of·the·s
000d8260:·7973·6361·6c6c·2072·756c·650a·2320·5265··yscall·rule.#·Re000d8260:·7973·6361·6c6c·2072·756c·650a·2320·5265··yscall·rule.#·Re
Max diff block lines reached; 625407/634921 bytes (98.50%) of diff not shown.
184 KB
html2text {}
    
Offset 66, 15 lines modifiedOffset 66, 15 lines modified
66 ····*·cpe:/o:redhat:enterprise_linux:8.766 ····*·cpe:/o:redhat:enterprise_linux:8.7
67 ····*·cpe:/o:redhat:enterprise_linux:8.867 ····*·cpe:/o:redhat:enterprise_linux:8.8
68 ····*·cpe:/o:redhat:enterprise_linux:8.968 ····*·cpe:/o:redhat:enterprise_linux:8.9
69 ····*·cpe:/o:redhat:enterprise_linux:869 ····*·cpe:/o:redhat:enterprise_linux:8
70 ····*·cpe:/o:centos:centos:870 ····*·cpe:/o:centos:centos:8
71 *****·Revision·History·*****71 *****·Revision·History·*****
72 Current·version:·0.1.6572 Current·version:·0.1.65
73 ····*·draft·(as·of·2024-01-14)73 ····*·draft·(as·of·2025-02-15)
74 *****·Table·of·Contents·*****74 *****·Table·of·Contents·*****
75 ···1.·System_Settings75 ···1.·System_Settings
76 ·········1.·Installing_and_Maintaining_Software76 ·········1.·Installing_and_Maintaining_Software
77 ·········2.·Account_and_Access_Control77 ·········2.·Account_and_Access_Control
78 ·········3.·System_Accounting_with_auditd78 ·········3.·System_Accounting_with_auditd
79 ·········4.·GRUB2_bootloader_configuration79 ·········4.·GRUB2_bootloader_configuration
80 ·········5.·Configure_Syslog80 ·········5.·Configure_Syslog
Offset 7375, 16 lines modifiedOffset 7375, 16 lines modified
7375 ··-·reboot_required7375 ··-·reboot_required
7376 ··-·restrict_strategy7376 ··-·restrict_strategy
  
7377 -·name:·Set·architecture·for·audit·chmod·tasks7377 -·name:·Set·architecture·for·audit·chmod·tasks
7378 ··set_fact:7378 ··set_fact:
7379 ····audit_arch:·b647379 ····audit_arch:·b64
7380 ··when:7380 ··when:
7381 ··-·'"audit"·in·ansible_facts.packages' 
7382 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]7381 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 7382 ··-·'"audit"·in·ansible_facts.packages'
7383 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture7383 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
7384 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"7384 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
7385 ··tags:7385 ··tags:
7386 ··-·CJIS-5.4.1.17386 ··-·CJIS-5.4.1.1
7387 ··-·DISA-STIG-RHEL-08-0304907387 ··-·DISA-STIG-RHEL-08-030490
7388 ··-·NIST-800-171-3.1.77388 ··-·NIST-800-171-3.1.7
7389 ··-·NIST-800-53-AU-12(c)7389 ··-·NIST-800-53-AU-12(c)
Offset 7521, 16 lines modifiedOffset 7521, 16 lines modified
7521 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10007521 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
7522 ········-F·auid!=unset·-F·key=perm_mod7522 ········-F·auid!=unset·-F·key=perm_mod
7523 ······create:·true7523 ······create:·true
7524 ······mode:·o-rwx7524 ······mode:·o-rwx
7525 ······state:·present7525 ······state:·present
7526 ····when:·syscalls_found·|·length·==·07526 ····when:·syscalls_found·|·length·==·0
7527 ··when:7527 ··when:
7528 ··-·'"audit"·in·ansible_facts.packages' 
7529 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]7528 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 7529 ··-·'"audit"·in·ansible_facts.packages'
7530 ··tags:7530 ··tags:
7531 ··-·CJIS-5.4.1.17531 ··-·CJIS-5.4.1.1
7532 ··-·DISA-STIG-RHEL-08-0304907532 ··-·DISA-STIG-RHEL-08-030490
7533 ··-·NIST-800-171-3.1.77533 ··-·NIST-800-171-3.1.7
7534 ··-·NIST-800-53-AU-12(c)7534 ··-·NIST-800-53-AU-12(c)
7535 ··-·NIST-800-53-AU-2(d)7535 ··-·NIST-800-53-AU-2(d)
7536 ··-·NIST-800-53-CM-6(a)7536 ··-·NIST-800-53-CM-6(a)
Offset 7665, 16 lines modifiedOffset 7665, 16 lines modified
7665 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10007665 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
7666 ········-F·auid!=unset·-F·key=perm_mod7666 ········-F·auid!=unset·-F·key=perm_mod
7667 ······create:·true7667 ······create:·true
7668 ······mode:·o-rwx7668 ······mode:·o-rwx
7669 ······state:·present7669 ······state:·present
7670 ····when:·syscalls_found·|·length·==·07670 ····when:·syscalls_found·|·length·==·0
7671 ··when:7671 ··when:
7672 ··-·'"audit"·in·ansible_facts.packages' 
7673 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]7672 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 7673 ··-·'"audit"·in·ansible_facts.packages'
7674 ··-·audit_arch·==·"b64"7674 ··-·audit_arch·==·"b64"
7675 ··tags:7675 ··tags:
7676 ··-·CJIS-5.4.1.17676 ··-·CJIS-5.4.1.1
7677 ··-·DISA-STIG-RHEL-08-0304907677 ··-·DISA-STIG-RHEL-08-030490
7678 ··-·NIST-800-171-3.1.77678 ··-·NIST-800-171-3.1.7
7679 ··-·NIST-800-53-AU-12(c)7679 ··-·NIST-800-53-AU-12(c)
7680 ··-·NIST-800-53-AU-2(d)7680 ··-·NIST-800-53-AU-2(d)
Offset 7684, 15 lines modifiedOffset 7684, 15 lines modified
7684 ··-·low_complexity7684 ··-·low_complexity
7685 ··-·low_disruption7685 ··-·low_disruption
7686 ··-·medium_severity7686 ··-·medium_severity
7687 ··-·reboot_required7687 ··-·reboot_required
7688 ··-·restrict_strategy7688 ··-·restrict_strategy
7689 Remediation_Shell_script_⇲7689 Remediation_Shell_script_⇲
7690 #·Remediation·is·applicable·only·in·certain·platforms7690 #·Remediation·is·applicable·only·in·certain·platforms
7691 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then7691 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
7692 #·First·perform·the·remediation·of·the·syscall·rule7692 #·First·perform·the·remediation·of·the·syscall·rule
7693 #·Retrieve·hardware·architecture·of·the·underlying·system7693 #·Retrieve·hardware·architecture·of·the·underlying·system
7694 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")7694 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
7695 for·ARCH·in·"${RULE_ARCHS[@]}"7695 for·ARCH·in·"${RULE_ARCHS[@]}"
7696 do7696 do
Offset 8053, 16 lines modifiedOffset 8053, 16 lines modified
8053 ··-·reboot_required8053 ··-·reboot_required
8054 ··-·restrict_strategy8054 ··-·restrict_strategy
  
8055 -·name:·Set·architecture·for·audit·chown·tasks8055 -·name:·Set·architecture·for·audit·chown·tasks
8056 ··set_fact:8056 ··set_fact:
8057 ····audit_arch:·b648057 ····audit_arch:·b64
8058 ··when:8058 ··when:
8059 ··-·'"audit"·in·ansible_facts.packages' 
8060 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8059 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 8060 ··-·'"audit"·in·ansible_facts.packages'
8061 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture8061 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
8062 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"8062 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
8063 ··tags:8063 ··tags:
8064 ··-·CJIS-5.4.1.18064 ··-·CJIS-5.4.1.1
8065 ··-·DISA-STIG-RHEL-08-0304808065 ··-·DISA-STIG-RHEL-08-030480
8066 ··-·NIST-800-171-3.1.78066 ··-·NIST-800-171-3.1.7
8067 ··-·NIST-800-53-AU-12(c)8067 ··-·NIST-800-53-AU-12(c)
Offset 8201, 16 lines modifiedOffset 8201, 16 lines modified
8201 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10008201 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
8202 ········-F·auid!=unset·-F·key=perm_mod8202 ········-F·auid!=unset·-F·key=perm_mod
8203 ······create:·true8203 ······create:·true
8204 ······mode:·o-rwx8204 ······mode:·o-rwx
8205 ······state:·present8205 ······state:·present
8206 ····when:·syscalls_found·|·length·==·08206 ····when:·syscalls_found·|·length·==·0
8207 ··when:8207 ··when:
8208 ··-·'"audit"·in·ansible_facts.packages' 
8209 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8208 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 8209 ··-·'"audit"·in·ansible_facts.packages'
8210 ··tags:8210 ··tags:
8211 ··-·CJIS-5.4.1.18211 ··-·CJIS-5.4.1.1
8212 ··-·DISA-STIG-RHEL-08-0304808212 ··-·DISA-STIG-RHEL-08-030480
8213 ··-·NIST-800-171-3.1.78213 ··-·NIST-800-171-3.1.7
8214 ··-·NIST-800-53-AU-12(c)8214 ··-·NIST-800-53-AU-12(c)
8215 ··-·NIST-800-53-AU-2(d)8215 ··-·NIST-800-53-AU-2(d)
8216 ··-·NIST-800-53-CM-6(a)8216 ··-·NIST-800-53-CM-6(a)
Offset 8347, 16 lines modifiedOffset 8347, 16 lines modified
8347 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10008347 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
8348 ········-F·auid!=unset·-F·key=perm_mod8348 ········-F·auid!=unset·-F·key=perm_mod
8349 ······create:·true8349 ······create:·true
8350 ······mode:·o-rwx8350 ······mode:·o-rwx
8351 ······state:·present8351 ······state:·present
Max diff block lines reached; 183714/188198 bytes (97.62%) of diff not shown.
28.1 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-rht-ccp.html
    
Offset 14540, 15 lines modifiedOffset 14540, 15 lines modified
00038cb0:·6973·746f·7279·3c2f·6832·3e3c·703e·4375··istory</h2><p>Cu00038cb0:·6973·746f·7279·3c2f·6832·3e3c·703e·4375··istory</h2><p>Cu
00038cc0:·7272·656e·7420·7665·7273·696f·6e3a·203c··rrent·version:·<00038cc0:·7272·656e·7420·7665·7273·696f·6e3a·203c··rrent·version:·<
00038cd0:·7374·726f·6e67·3e30·2e31·2e36·353c·2f73··strong>0.1.65</s00038cd0:·7374·726f·6e67·3e30·2e31·2e36·353c·2f73··strong>0.1.65</s
00038ce0:·7472·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c··trong></p><ul><l00038ce0:·7472·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c··trong></p><ul><l
00038cf0:·693e·3c73·7472·6f6e·673e·6472·6166·743c··i><strong>draft<00038cf0:·693e·3c73·7472·6f6e·673e·6472·6166·743c··i><strong>draft<
00038d00:·2f73·7472·6f6e·673e·0a20·2020·2020·2020··/strong>.·······00038d00:·2f73·7472·6f6e·673e·0a20·2020·2020·2020··/strong>.·······
00038d10:·2020·2020·2020·2020·2020·2020·2028·6173···············(as00038d10:·2020·2020·2020·2020·2020·2020·2028·6173···············(as
00038d20:·206f·6620·3230·3234·2d30·312d·3134·290a···of·2024-01-14).00038d20:·206f·6620·3230·3235·2d30·322d·3135·290a···of·2025-02-15).
00038d30:·2020·2020·2020·2020·2020·2020·2020·2020··················00038d30:·2020·2020·2020·2020·2020·2020·2020·2020··················
00038d40:·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469·763e··</li></ul></div>00038d40:·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469·763e··</li></ul></div>
00038d50:·3c68·323e·5461·626c·6520·6f66·2043·6f6e··<h2>Table·of·Con00038d50:·3c68·323e·5461·626c·6520·6f66·2043·6f6e··<h2>Table·of·Con
00038d60:·7465·6e74·733c·2f68·323e·3c6f·6c3e·3c6c··tents</h2><ol><l00038d60:·7465·6e74·733c·2f68·323e·3c6f·6c3e·3c6c··tents</h2><ol><l
00038d70:·693e·3c61·2068·7265·663d·2223·7863·6364··i><a·href="#xccd00038d70:·693e·3c61·2068·7265·663d·2223·7863·6364··i><a·href="#xccd
00038d80:·665f·6f72·672e·7373·6770·726f·6a65·6374··f_org.ssgproject00038d80:·665f·6f72·672e·7373·6770·726f·6a65·6374··f_org.ssgproject
00038d90:·2e63·6f6e·7465·6e74·5f67·726f·7570·5f73··.content_group_s00038d90:·2e63·6f6e·7465·6e74·5f67·726f·7570·5f73··.content_group_s
Offset 43928, 21 lines modifiedOffset 43928, 21 lines modified
000ab970:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane000ab970:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane
000ab980:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla000ab980:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla
000ab990:·7073·6522·2069·643d·2269·646d·3235·3232··pse"·id="idm2522000ab990:·7073·6522·2069·643d·2269·646d·3235·3232··pse"·id="idm2522
000ab9a0:·3722·3e3c·7072·653e·3c63·6f64·653e·2320··7"><pre><code>#·000ab9a0:·3722·3e3c·7072·653e·3c63·6f64·653e·2320··7"><pre><code>#·
000ab9b0:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a000ab9b0:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a
000ab9c0:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i000ab9c0:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i
000ab9d0:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo000ab9d0:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo
000ab9e0:·726d·730a·6966·2072·706d·202d·2d71·7569··rms.if·rpm·--qui 
000ab9f0:·6574·202d·7120·6175·6469·7420·2661·6d70··et·-q·audit·&amp 
000aba00:·3b26·616d·703b·205b·2021·202d·6620·2f2e··;&amp;·[·!·-f·/.000ab9e0:·726d·730a·6966·205b·2021·202d·6620·2f2e··rms.if·[·!·-f·/.
000aba10:·646f·636b·6572·656e·7620·5d20·2661·6d70··dockerenv·]·&amp000ab9f0:·646f·636b·6572·656e·7620·5d20·2661·6d70··dockerenv·]·&amp
000aba20:·3b26·616d·703b·205b·2021·202d·6620·2f72··;&amp;·[·!·-f·/r000aba00:·3b26·616d·703b·205b·2021·202d·6620·2f72··;&amp;·[·!·-f·/r
000aba30:·756e·2f2e·636f·6e74·6169·6e65·7265·6e76··un/.containerenv000aba10:·756e·2f2e·636f·6e74·6169·6e65·7265·6e76··un/.containerenv
 000aba20:·205d·2026·616d·703b·2661·6d70·3b20·7270···]·&amp;&amp;·rp
 000aba30:·6d20·2d2d·7175·6965·7420·2d71·2061·7564··m·--quiet·-q·aud
000aba40:·205d·3b20·7468·656e·0a0a·6966·204c·435f···];·then..if·LC_000aba40:·6974·3b20·7468·656e·0a0a·6966·204c·435f··it;·then..if·LC_
000aba50:·414c·4c3d·4320·6772·6570·202d·6977·205e··ALL=C·grep·-iw·^000aba50:·414c·4c3d·4320·6772·6570·202d·6977·205e··ALL=C·grep·-iw·^
000aba60:·6c6f·675f·6669·6c65·202f·6574·632f·6175··log_file·/etc/au000aba60:·6c6f·675f·6669·6c65·202f·6574·632f·6175··log_file·/etc/au
000aba70:·6469·742f·6175·6469·7464·2e63·6f6e·663b··dit/auditd.conf;000aba70:·6469·742f·6175·6469·7464·2e63·6f6e·663b··dit/auditd.conf;
000aba80:·2074·6865·6e0a·2020·2020·4649·4c45·3d24···then.····FILE=$000aba80:·2074·6865·6e0a·2020·2020·4649·4c45·3d24···then.····FILE=$
000aba90:·2861·776b·202d·4620·223d·2220·272f·5e6c··(awk·-F·"="·'/^l000aba90:·2861·776b·202d·4620·223d·2220·272f·5e6c··(awk·-F·"="·'/^l
000abaa0:·6f67·5f66·696c·652f·207b·7072·696e·7420··og_file/·{print·000abaa0:·6f67·5f66·696c·652f·207b·7072·696e·7420··og_file/·{print·
000abab0:·2432·7d27·202f·6574·632f·6175·6469·742f··$2}'·/etc/audit/000abab0:·2432·7d27·202f·6574·632f·6175·6469·742f··$2}'·/etc/audit/
Offset 44578, 22 lines modifiedOffset 44578, 22 lines modified
000ae210:·2d20·6e61·6d65·3a20·5465·7374·2066·6f72··-·name:·Test·for000ae210:·2d20·6e61·6d65·3a20·5465·7374·2066·6f72··-·name:·Test·for
000ae220:·2065·7869·7374·656e·6365·202f·626f·6f74···existence·/boot000ae220:·2065·7869·7374·656e·6365·202f·626f·6f74···existence·/boot
000ae230:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.000ae230:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.
000ae240:·2020·7374·6174·3a0a·2020·2020·7061·7468····stat:.····path000ae240:·2020·7374·6174·3a0a·2020·2020·7061·7468····stat:.····path
000ae250:·3a20·2f62·6f6f·742f·6772·7562·322f·6772··:·/boot/grub2/gr000ae250:·3a20·2f62·6f6f·742f·6772·7562·322f·6772··:·/boot/grub2/gr
000ae260:·7562·2e63·6667·0a20·2072·6567·6973·7465··ub.cfg.··registe000ae260:·7562·2e63·6667·0a20·2072·6567·6973·7465··ub.cfg.··registe
000ae270:·723a·2066·696c·655f·6578·6973·7473·0a20··r:·file_exists.·000ae270:·723a·2066·696c·655f·6578·6973·7473·0a20··r:·file_exists.·
000ae280:·2077·6865·6e3a·0a20·202d·2027·2267·7275···when:.··-·'"gru000ae280:·2077·6865·6e3a·0a20·202d·2027·222f·626f···when:.··-·'"/bo
000ae290:·6232·2d63·6f6d·6d6f·6e22·2069·6e20·616e··b2-common"·in·an 
000ae2a0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack 
000ae2b0:·6167·6573·270a·2020·2d20·2722·2f62·6f6f··ages'.··-·'"/boo 
000ae2c0:·742f·6566·6922·206e·6f74·2069·6e20·616e··t/efi"·not·in·an 
000ae2d0:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m 
000ae2e0:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo 
000ae2f0:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.··000ae290:·6f74·2f65·6669·2220·6e6f·7420·696e·2061··ot/efi"·not·in·a
 000ae2a0:·6e73·6962·6c65·5f6d·6f75·6e74·7320·7c20··nsible_mounts·|·
 000ae2b0:·6d61·7028·6174·7472·6962·7574·653d·226d··map(attribute="m
 000ae2c0:·6f75·6e74·2229·207c·206c·6973·7427·0a20··ount")·|·list'.·
 000ae2d0:·202d·2027·2267·7275·6232·2d63·6f6d·6d6f···-·'"grub2-commo
 000ae2e0:·6e22·2069·6e20·616e·7369·626c·655f·6661··n"·in·ansible_fa
 000ae2f0:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
000ae300:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua000ae300:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
000ae310:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no000ae310:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
000ae320:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·000ae320:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
000ae330:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",000ae330:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
000ae340:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont000ae340:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
000ae350:·6169·6e65·7222·5d0a·2020·7461·6773·3a0a··ainer"].··tags:.000ae350:·6169·6e65·7222·5d0a·2020·7461·6773·3a0a··ainer"].··tags:.
000ae360:·2020·2d20·434a·4953·2d35·2e35·2e32·2e32····-·CJIS-5.5.2.2000ae360:·2020·2d20·434a·4953·2d35·2e35·2e32·2e32····-·CJIS-5.5.2.2
Offset 44614, 22 lines modifiedOffset 44614, 22 lines modified
000ae450:·0a2d·206e·616d·653a·2045·6e73·7572·6520··.-·name:·Ensure·000ae450:·0a2d·206e·616d·653a·2045·6e73·7572·6520··.-·name:·Ensure·
000ae460:·6772·6f75·7020·6f77·6e65·7220·3020·6f6e··group·owner·0·on000ae460:·6772·6f75·7020·6f77·6e65·7220·3020·6f6e··group·owner·0·on
000ae470:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru000ae470:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
000ae480:·622e·6366·670a·2020·6669·6c65·3a0a·2020··b.cfg.··file:.··000ae480:·622e·6366·670a·2020·6669·6c65·3a0a·2020··b.cfg.··file:.··
000ae490:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr000ae490:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr
000ae4a0:·7562·322f·6772·7562·2e63·6667·0a20·2020··ub2/grub.cfg.···000ae4a0:·7562·322f·6772·7562·2e63·6667·0a20·2020··ub2/grub.cfg.···
000ae4b0:·2067·726f·7570·3a20·2730·270a·2020·7768···group:·'0'.··wh000ae4b0:·2067·726f·7570·3a20·2730·270a·2020·7768···group:·'0'.··wh
000ae4c0:·656e·3a0a·2020·2d20·2722·6772·7562·322d··en:.··-·'"grub2-000ae4c0:·656e·3a0a·2020·2d20·2722·2f62·6f6f·742f··en:.··-·'"/boot/
000ae4d0:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib 
000ae4e0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package 
000ae4f0:·7327·0a20·202d·2027·222f·626f·6f74·2f65··s'.··-·'"/boot/e 
000ae500:·6669·2220·6e6f·7420·696e·2061·6e73·6962··fi"·not·in·ansib 
000ae510:·6c65·5f6d·6f75·6e74·7320·7c20·6d61·7028··le_mounts·|·map( 
000ae520:·6174·7472·6962·7574·653d·226d·6f75·6e74··attribute="mount 
000ae530:·2229·207c·206c·6973·7427·0a20·202d·2061··")·|·list'.··-·a000ae4d0:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi
 000ae4e0:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map
 000ae4f0:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun
 000ae500:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-·
 000ae510:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"·
 000ae520:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 000ae530:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a
000ae540:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz000ae540:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
000ae550:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i000ae550:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
000ae560:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx000ae560:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
000ae570:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p000ae570:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
000ae580:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain000ae580:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
000ae590:·6572·225d·0a20·202d·2066·696c·655f·6578··er"].··-·file_ex000ae590:·6572·225d·0a20·202d·2066·696c·655f·6578··er"].··-·file_ex
000ae5a0:·6973·7473·2e73·7461·7420·6973·2064·6566··ists.stat·is·def000ae5a0:·6973·7473·2e73·7461·7420·6973·2064·6566··ists.stat·is·def
Offset 44680, 19 lines modifiedOffset 44680, 19 lines modified
000ae870:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td000ae870:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td
000ae880:·3e63·6f6e·6669·6775·7265·3c2f·7464·3e3c··>configure</td><000ae880:·3e63·6f6e·6669·6775·7265·3c2f·7464·3e3c··>configure</td><
000ae890:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre000ae890:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre
000ae8a0:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia000ae8a0:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia
000ae8b0:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab000ae8b0:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab
000ae8c0:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa000ae8c0:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa
000ae8d0:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·000ae8d0:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·
000ae8e0:·7270·6d20·2d2d·7175·6965·7420·2d71·2067··rpm·--quiet·-q·g 
000ae8f0:·7275·6232·2d63·6f6d·6d6f·6e20·2661·6d70··rub2-common·&amp 
000ae900:·3b26·616d·703b·205b·2021·202d·6620·2f73··;&amp;·[·!·-f·/s 
000ae910:·7973·2f66·6972·6d77·6172·652f·6566·6920··ys/firmware/efi·000ae8e0:·5b20·2120·2d66·202f·7379·732f·6669·726d··[·!·-f·/sys/firm
 000ae8f0:·7761·7265·2f65·6669·205d·2026·616d·703b··ware/efi·]·&amp;
 000ae900:·2661·6d70·3b20·7270·6d20·2d2d·7175·6965··&amp;·rpm·--quie
 000ae910:·7420·2d71·2067·7275·6232·2d63·6f6d·6d6f··t·-q·grub2-commo
000ae920:·5d20·2661·6d70·3b26·616d·703b·207b·205b··]·&amp;&amp;·{·[000ae920:·6e20·2661·6d70·3b26·616d·703b·207b·205b··n·&amp;&amp;·{·[
000ae930:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren000ae930:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren
000ae940:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[000ae940:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[
000ae950:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont000ae950:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont
000ae960:·6169·6e65·7265·6e76·205d·3b20·7d3b·2074··ainerenv·];·};·t000ae960:·6169·6e65·7265·6e76·205d·3b20·7d3b·2074··ainerenv·];·};·t
000ae970:·6865·6e0a·0a63·6867·7270·2030·202f·626f··hen..chgrp·0·/bo000ae970:·6865·6e0a·0a63·6867·7270·2030·202f·626f··hen..chgrp·0·/bo
000ae980:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf000ae980:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
000ae990:·670a·0a65·6c73·650a·2020·2020·2667·743b··g..else.····&gt;000ae990:·670a·0a65·6c73·650a·2020·2020·2667·743b··g..else.····&gt;
Offset 45158, 22 lines modifiedOffset 45158, 22 lines modified
000b0650:·7374·2066·6f72·2065·7869·7374·656e·6365··st·for·existence000b0650:·7374·2066·6f72·2065·7869·7374·656e·6365··st·for·existence
000b0660:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru000b0660:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
000b0670:·622e·6366·670a·2020·7374·6174·3a0a·2020··b.cfg.··stat:.··000b0670:·622e·6366·670a·2020·7374·6174·3a0a·2020··b.cfg.··stat:.··
000b0680:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr000b0680:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr
000b0690:·7562·322f·6772·7562·2e63·6667·0a20·2072··ub2/grub.cfg.··r000b0690:·7562·322f·6772·7562·2e63·6667·0a20·2072··ub2/grub.cfg.··r
000b06a0:·6567·6973·7465·723a·2066·696c·655f·6578··egister:·file_ex000b06a0:·6567·6973·7465·723a·2066·696c·655f·6578··egister:·file_ex
Max diff block lines reached; 11239/20710 bytes (54.27%) of diff not shown.
7.76 KB
html2text {}
    
Offset 68, 15 lines modifiedOffset 68, 15 lines modified
68 ····*·cpe:/o:redhat:enterprise_linux:8.768 ····*·cpe:/o:redhat:enterprise_linux:8.7
69 ····*·cpe:/o:redhat:enterprise_linux:8.869 ····*·cpe:/o:redhat:enterprise_linux:8.8
70 ····*·cpe:/o:redhat:enterprise_linux:8.970 ····*·cpe:/o:redhat:enterprise_linux:8.9
71 ····*·cpe:/o:redhat:enterprise_linux:871 ····*·cpe:/o:redhat:enterprise_linux:8
72 ····*·cpe:/o:centos:centos:872 ····*·cpe:/o:centos:centos:8
73 *****·Revision·History·*****73 *****·Revision·History·*****
74 Current·version:·0.1.6574 Current·version:·0.1.65
75 ····*·draft·(as·of·2024-01-14)75 ····*·draft·(as·of·2025-02-15)
76 *****·Table·of·Contents·*****76 *****·Table·of·Contents·*****
77 ···1.·System_Settings77 ···1.·System_Settings
78 ·········1.·Installing_and_Maintaining_Software78 ·········1.·Installing_and_Maintaining_Software
79 ·········2.·Account_and_Access_Control79 ·········2.·Account_and_Access_Control
80 ·········3.·System_Accounting_with_auditd80 ·········3.·System_Accounting_with_auditd
81 ·········4.·GRUB2_bootloader_configuration81 ·········4.·GRUB2_bootloader_configuration
82 ·········5.·Network_Configuration_and_Firewalls82 ·········5.·Network_Configuration_and_Firewalls
Offset 4766, 15 lines modifiedOffset 4766, 15 lines modified
4766 By·default,·audit_log_file·is·"/var/log/audit/audit.log".4766 By·default,·audit_log_file·is·"/var/log/audit/audit.log".
4767 Rationale:·················If·users·can·write·to·audit·logs,·audit·trails·can·be·modified·or·destroyed.4767 Rationale:·················If·users·can·write·to·audit·logs,·audit·trails·can·be·modified·or·destroyed.
4768 Severity: ················medium4768 Severity: ················medium
4769 Rule·ID:···················xccdf_org.ssgproject.content_rule_file_permissions_var_log_audit4769 Rule·ID:···················xccdf_org.ssgproject.content_rule_file_permissions_var_log_audit
4770 Identifiers·and·References·References: ·1,·11,·12,·13,·14,·15,·16,·18,·19,·3,·4,·5,·6,·7,·8,·5.4.1.1,·APO01.06,·APO11.04,·APO12.06,·BAI03.05,·BAI08.02,·DSS02.02,·DSS02.04,·DSS02.07,·DSS03.01,·DSS05.04,·DSS05.07,·DSS06.02,·MEA02.01,·3.3.1,·CCI-000162,·CCI-000163,·CCI-000164,·CCI-001314,·4.2.3.10,·4.3.3.3.9,·4.3.3.5.8,·4.3.3.7.3,·4.3.4.4.7,·4.3.4.5.6,·4.3.4.5.7,·4.3.4.5.8,·4.4.2.1,·4.4.2.2,·4.4.2.4,·SR_2.1,·SR_2.10,·SR_2.11,·SR_2.12,·SR_2.8,·SR_2.9,·SR_5.2,·SR_6.1,·A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.16.1.4,·A.16.1.5,·A.16.1.7,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5,·CIP-003-8_R5.1.1,·CIP-003-8_R5.3,·CIP-004-6_R2.3,·CIP-007-3_R2.1,·CIP-007-3_R2.2,·CIP-007-3_R2.3,·CIP-007-3_R5.1,·CIP-007-3_R5.1.1,·CIP-007-3_R5.1.2,·CM-6(a),·AC-6(1),·AU-9(4),·DE.AE-3,·DE.AE-5,·PR.AC-4,·PR.DS-5,·PR.PT-1,·RS.AN-1,·RS.AN-4,·Req-10.5,·SRG-OS-000057-GPOS-00027,·SRG-OS-000058-GPOS-00028,·SRG-OS-000059-GPOS-00029,·SRG-OS-000206-GPOS-00084,·SV-230396r627750_rule4770 Identifiers·and·References·References: ·1,·11,·12,·13,·14,·15,·16,·18,·19,·3,·4,·5,·6,·7,·8,·5.4.1.1,·APO01.06,·APO11.04,·APO12.06,·BAI03.05,·BAI08.02,·DSS02.02,·DSS02.04,·DSS02.07,·DSS03.01,·DSS05.04,·DSS05.07,·DSS06.02,·MEA02.01,·3.3.1,·CCI-000162,·CCI-000163,·CCI-000164,·CCI-001314,·4.2.3.10,·4.3.3.3.9,·4.3.3.5.8,·4.3.3.7.3,·4.3.4.4.7,·4.3.4.5.6,·4.3.4.5.7,·4.3.4.5.8,·4.4.2.1,·4.4.2.2,·4.4.2.4,·SR_2.1,·SR_2.10,·SR_2.11,·SR_2.12,·SR_2.8,·SR_2.9,·SR_5.2,·SR_6.1,·A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.16.1.4,·A.16.1.5,·A.16.1.7,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5,·CIP-003-8_R5.1.1,·CIP-003-8_R5.3,·CIP-004-6_R2.3,·CIP-007-3_R2.1,·CIP-007-3_R2.2,·CIP-007-3_R2.3,·CIP-007-3_R5.1,·CIP-007-3_R5.1.1,·CIP-007-3_R5.1.2,·CM-6(a),·AC-6(1),·AU-9(4),·DE.AE-3,·DE.AE-5,·PR.AC-4,·PR.DS-5,·PR.PT-1,·RS.AN-1,·RS.AN-4,·Req-10.5,·SRG-OS-000057-GPOS-00027,·SRG-OS-000058-GPOS-00028,·SRG-OS-000059-GPOS-00029,·SRG-OS-000206-GPOS-00084,·SV-230396r627750_rule
4771 Remediation_Shell_script_⇲4771 Remediation_Shell_script_⇲
4772 #·Remediation·is·applicable·only·in·certain·platforms4772 #·Remediation·is·applicable·only·in·certain·platforms
4773 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then4773 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
4774 if·LC_ALL=C·grep·-iw·^log_file·/etc/audit/auditd.conf;·then4774 if·LC_ALL=C·grep·-iw·^log_file·/etc/audit/auditd.conf;·then
4775 ····FILE=$(awk·-F·"="·'/^log_file/·{print·$2}'·/etc/audit/auditd.conf·|·tr·-d·'·')4775 ····FILE=$(awk·-F·"="·'/^log_file/·{print·$2}'·/etc/audit/auditd.conf·|·tr·-d·'·')
4776 else4776 else
4777 ····FILE="/var/log/audit/audit.log"4777 ····FILE="/var/log/audit/audit.log"
4778 fi4778 fi
  
Offset 4816, 16 lines modifiedOffset 4816, 16 lines modified
4816 ··-·no_reboot_needed4816 ··-·no_reboot_needed
  
4817 -·name:·Test·for·existence·/boot/grub2/grub.cfg4817 -·name:·Test·for·existence·/boot/grub2/grub.cfg
4818 ··stat:4818 ··stat:
4819 ····path:·/boot/grub2/grub.cfg4819 ····path:·/boot/grub2/grub.cfg
4820 ··register:·file_exists4820 ··register:·file_exists
4821 ··when:4821 ··when:
4822 ··-·'"grub2-common"·in·ansible_facts.packages' 
4823 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'4822 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 4823 ··-·'"grub2-common"·in·ansible_facts.packages'
4824 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4824 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4825 ··tags:4825 ··tags:
4826 ··-·CJIS-5.5.2.24826 ··-·CJIS-5.5.2.2
4827 ··-·NIST-800-171-3.4.54827 ··-·NIST-800-171-3.4.5
4828 ··-·NIST-800-53-AC-6(1)4828 ··-·NIST-800-53-AC-6(1)
4829 ··-·NIST-800-53-CM-6(a)4829 ··-·NIST-800-53-CM-6(a)
4830 ··-·PCI-DSS-Req-7.14830 ··-·PCI-DSS-Req-7.1
Offset 4837, 16 lines modifiedOffset 4837, 16 lines modified
4837 ··-·no_reboot_needed4837 ··-·no_reboot_needed
  
4838 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg4838 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
4839 ··file:4839 ··file:
4840 ····path:·/boot/grub2/grub.cfg4840 ····path:·/boot/grub2/grub.cfg
4841 ····group:·'0'4841 ····group:·'0'
4842 ··when:4842 ··when:
4843 ··-·'"grub2-common"·in·ansible_facts.packages' 
4844 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'4843 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 4844 ··-·'"grub2-common"·in·ansible_facts.packages'
4845 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4845 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4846 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists4846 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
4847 ··tags:4847 ··tags:
4848 ··-·CJIS-5.5.2.24848 ··-·CJIS-5.5.2.2
4849 ··-·NIST-800-171-3.4.54849 ··-·NIST-800-171-3.4.5
4850 ··-·NIST-800-53-AC-6(1)4850 ··-·NIST-800-53-AC-6(1)
4851 ··-·NIST-800-53-CM-6(a)4851 ··-·NIST-800-53-CM-6(a)
Offset 4858, 15 lines modifiedOffset 4858, 15 lines modified
4858 ··-·medium_severity4858 ··-·medium_severity
4859 ··-·no_reboot_needed4859 ··-·no_reboot_needed
4860 Remediation_Shell_script_⇲4860 Remediation_Shell_script_⇲
4861 Complexity:·low4861 Complexity:·low
4862 Disruption:·low4862 Disruption:·low
4863 Strategy:···configure4863 Strategy:···configure
4864 #·Remediation·is·applicable·only·in·certain·platforms4864 #·Remediation·is·applicable·only·in·certain·platforms
4865 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then4865 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
4866 chgrp·0·/boot/grub2/grub.cfg4866 chgrp·0·/boot/grub2/grub.cfg
  
4867 else4867 else
4868 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'4868 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
4869 fi4869 fi
4870 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***4870 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 4897, 16 lines modifiedOffset 4897, 16 lines modified
4897 ··-·no_reboot_needed4897 ··-·no_reboot_needed
  
4898 -·name:·Test·for·existence·/boot/grub2/grub.cfg4898 -·name:·Test·for·existence·/boot/grub2/grub.cfg
4899 ··stat:4899 ··stat:
4900 ····path:·/boot/grub2/grub.cfg4900 ····path:·/boot/grub2/grub.cfg
4901 ··register:·file_exists4901 ··register:·file_exists
4902 ··when:4902 ··when:
4903 ··-·'"grub2-common"·in·ansible_facts.packages' 
4904 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'4903 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 4904 ··-·'"grub2-common"·in·ansible_facts.packages'
4905 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4905 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4906 ··tags:4906 ··tags:
4907 ··-·CJIS-5.5.2.24907 ··-·CJIS-5.5.2.2
4908 ··-·NIST-800-171-3.4.54908 ··-·NIST-800-171-3.4.5
4909 ··-·NIST-800-53-AC-6(1)4909 ··-·NIST-800-53-AC-6(1)
4910 ··-·NIST-800-53-CM-6(a)4910 ··-·NIST-800-53-CM-6(a)
4911 ··-·PCI-DSS-Req-7.14911 ··-·PCI-DSS-Req-7.1
Offset 4918, 16 lines modifiedOffset 4918, 16 lines modified
4918 ··-·no_reboot_needed4918 ··-·no_reboot_needed
  
4919 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg4919 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
4920 ··file:4920 ··file:
4921 ····path:·/boot/grub2/grub.cfg4921 ····path:·/boot/grub2/grub.cfg
4922 ····owner:·'0'4922 ····owner:·'0'
4923 ··when:4923 ··when:
4924 ··-·'"grub2-common"·in·ansible_facts.packages' 
4925 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'4924 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 4925 ··-·'"grub2-common"·in·ansible_facts.packages'
4926 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4926 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4927 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists4927 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
4928 ··tags:4928 ··tags:
4929 ··-·CJIS-5.5.2.24929 ··-·CJIS-5.5.2.2
4930 ··-·NIST-800-171-3.4.54930 ··-·NIST-800-171-3.4.5
4931 ··-·NIST-800-53-AC-6(1)4931 ··-·NIST-800-53-AC-6(1)
4932 ··-·NIST-800-53-CM-6(a)4932 ··-·NIST-800-53-CM-6(a)
Offset 4939, 15 lines modifiedOffset 4939, 15 lines modified
4939 ··-·medium_severity4939 ··-·medium_severity
4940 ··-·no_reboot_needed4940 ··-·no_reboot_needed
4941 Remediation_Shell_script_⇲4941 Remediation_Shell_script_⇲
4942 Complexity:·low4942 Complexity:·low
4943 Disruption:·low4943 Disruption:·low
4944 Strategy:···configure4944 Strategy:···configure
4945 #·Remediation·is·applicable·only·in·certain·platforms4945 #·Remediation·is·applicable·only·in·certain·platforms
Max diff block lines reached; 2013/7921 bytes (25.41%) of diff not shown.
399 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-standard.html
    
Offset 14539, 15 lines modifiedOffset 14539, 15 lines modified
00038ca0:·7374·6f72·793c·2f68·323e·3c70·3e43·7572··story</h2><p>Cur00038ca0:·7374·6f72·793c·2f68·323e·3c70·3e43·7572··story</h2><p>Cur
00038cb0:·7265·6e74·2076·6572·7369·6f6e·3a20·3c73··rent·version:·<s00038cb0:·7265·6e74·2076·6572·7369·6f6e·3a20·3c73··rent·version:·<s
00038cc0:·7472·6f6e·673e·302e·312e·3635·3c2f·7374··trong>0.1.65</st00038cc0:·7472·6f6e·673e·302e·312e·3635·3c2f·7374··trong>0.1.65</st
00038cd0:·726f·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69··rong></p><ul><li00038cd0:·726f·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69··rong></p><ul><li
00038ce0:·3e3c·7374·726f·6e67·3e64·7261·6674·3c2f··><strong>draft</00038ce0:·3e3c·7374·726f·6e67·3e64·7261·6674·3c2f··><strong>draft</
00038cf0:·7374·726f·6e67·3e0a·2020·2020·2020·2020··strong>.········00038cf0:·7374·726f·6e67·3e0a·2020·2020·2020·2020··strong>.········
00038d00:·2020·2020·2020·2020·2020·2020·2861·7320··············(as·00038d00:·2020·2020·2020·2020·2020·2020·2861·7320··············(as·
00038d10:·6f66·2032·3032·342d·3031·2d31·3429·0a20··of·2024-01-14).·00038d10:·6f66·2032·3032·352d·3032·2d31·3529·0a20··of·2025-02-15).·
00038d20:·2020·2020·2020·2020·2020·2020·2020·203c·················<00038d20:·2020·2020·2020·2020·2020·2020·2020·203c·················<
00038d30:·2f6c·693e·3c2f·756c·3e3c·2f64·6976·3e3c··/li></ul></div><00038d30:·2f6c·693e·3c2f·756c·3e3c·2f64·6976·3e3c··/li></ul></div><
00038d40:·6832·3e54·6162·6c65·206f·6620·436f·6e74··h2>Table·of·Cont00038d40:·6832·3e54·6162·6c65·206f·6620·436f·6e74··h2>Table·of·Cont
00038d50:·656e·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69··ents</h2><ol><li00038d50:·656e·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69··ents</h2><ol><li
00038d60:·3e3c·6120·6872·6566·3d22·2378·6363·6466··><a·href="#xccdf00038d60:·3e3c·6120·6872·6566·3d22·2378·6363·6466··><a·href="#xccdf
00038d70:·5f6f·7267·2e73·7367·7072·6f6a·6563·742e··_org.ssgproject.00038d70:·5f6f·7267·2e73·7367·7072·6f6a·6563·742e··_org.ssgproject.
00038d80:·636f·6e74·656e·745f·6772·6f75·705f·7379··content_group_sy00038d80:·636f·6e74·656e·745f·6772·6f75·705f·7379··content_group_sy
Offset 26446, 23 lines modifiedOffset 26446, 23 lines modified
000674d0:·7175·6972·6564·0a20·202d·2072·6573·7472··quired.··-·restr000674d0:·7175·6972·6564·0a20·202d·2072·6573·7472··quired.··-·restr
000674e0:·6963·745f·7374·7261·7465·6779·0a0a·2d20··ict_strategy..-·000674e0:·6963·745f·7374·7261·7465·6779·0a0a·2d20··ict_strategy..-·
000674f0:·6e61·6d65·3a20·5365·7420·6172·6368·6974··name:·Set·archit000674f0:·6e61·6d65·3a20·5365·7420·6172·6368·6974··name:·Set·archit
00067500:·6563·7475·7265·2066·6f72·2061·7564·6974··ecture·for·audit00067500:·6563·7475·7265·2066·6f72·2061·7564·6974··ecture·for·audit
00067510:·2063·686d·6f64·2074·6173·6b73·0a20·2073···chmod·tasks.··s00067510:·2063·686d·6f64·2074·6173·6b73·0a20·2073···chmod·tasks.··s
00067520:·6574·5f66·6163·743a·0a20·2020·2061·7564··et_fact:.····aud00067520:·6574·5f66·6163·743a·0a20·2020·2061·7564··et_fact:.····aud
00067530:·6974·5f61·7263·683a·2062·3634·0a20·2077··it_arch:·b64.··w00067530:·6974·5f61·7263·683a·2062·3634·0a20·2077··it_arch:·b64.··w
00067540:·6865·6e3a·0a20·202d·2027·2261·7564·6974··hen:.··-·'"audit00067540:·6865·6e3a·0a20·202d·2061·6e73·6962·6c65··hen:.··-·ansible
00067550:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
00067560:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··- 
00067570:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual 
00067580:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not 
00067590:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·" 
000675a0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",· 
000675b0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta00067550:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
 00067560:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
 00067570:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
 00067580:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
 00067590:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
 000675a0:·202d·2027·2261·7564·6974·2220·696e·2061···-·'"audit"·in·a
 000675b0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
000675c0:·696e·6572·225d·0a20·202d·2061·6e73·6962··iner"].··-·ansib000675c0:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib
000675d0:·6c65·5f61·7263·6869·7465·6374·7572·6520··le_architecture·000675d0:·6c65·5f61·7263·6869·7465·6374·7572·6520··le_architecture·
000675e0:·3d3d·2022·6161·7263·6836·3422·206f·7220··==·"aarch64"·or·000675e0:·3d3d·2022·6161·7263·6836·3422·206f·7220··==·"aarch64"·or·
000675f0:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec000675f0:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec
00067600:·7475·7265·203d·3d20·2270·7063·3634·2220··ture·==·"ppc64"·00067600:·7475·7265·203d·3d20·2270·7063·3634·2220··ture·==·"ppc64"·
00067610:·6f72·2061·6e73·6962·6c65·5f61·7263·6869··or·ansible_archi00067610:·6f72·2061·6e73·6962·6c65·5f61·7263·6869··or·ansible_archi
00067620:·7465·6374·7572·650a·2020·2020·3d3d·2022··tecture.····==·"00067620:·7465·6374·7572·650a·2020·2020·3d3d·2022··tecture.····==·"
00067630:·7070·6336·346c·6522·206f·7220·616e·7369··ppc64le"·or·ansi00067630:·7070·6336·346c·6522·206f·7220·616e·7369··ppc64le"·or·ansi
Offset 26769, 23 lines modifiedOffset 26769, 23 lines modified
00068900:·4620·6b65·793d·7065·726d·5f6d·6f64·0a20··F·key=perm_mod.·00068900:·4620·6b65·793d·7065·726d·5f6d·6f64·0a20··F·key=perm_mod.·
00068910:·2020·2020·2063·7265·6174·653a·2074·7275·······create:·tru00068910:·2020·2020·2063·7265·6174·653a·2074·7275·······create:·tru
00068920:·650a·2020·2020·2020·6d6f·6465·3a20·6f2d··e.······mode:·o-00068920:·650a·2020·2020·2020·6d6f·6465·3a20·6f2d··e.······mode:·o-
00068930:·7277·780a·2020·2020·2020·7374·6174·653a··rwx.······state:00068930:·7277·780a·2020·2020·2020·7374·6174·653a··rwx.······state:
00068940:·2070·7265·7365·6e74·0a20·2020·2077·6865···present.····whe00068940:·2070·7265·7365·6e74·0a20·2020·2077·6865···present.····whe
00068950:·6e3a·2073·7973·6361·6c6c·735f·666f·756e··n:·syscalls_foun00068950:·6e3a·2073·7973·6361·6c6c·735f·666f·756e··n:·syscalls_foun
00068960:·6420·7c20·6c65·6e67·7468·203d·3d20·300a··d·|·length·==·0.00068960:·6420·7c20·6c65·6e67·7468·203d·3d20·300a··d·|·length·==·0.
00068970:·2020·7768·656e·3a0a·2020·2d20·2722·6175····when:.··-·'"au00068970:·2020·7768·656e·3a0a·2020·2d20·616e·7369····when:.··-·ansi
00068980:·6469·7422·2069·6e20·616e·7369·626c·655f··dit"·in·ansible_ 
00068990:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'. 
000689a0:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt 
000689b0:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type· 
000689c0:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker" 
000689d0:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz 
000689e0:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co 
000689f0:·6e74·6169·6e65·7222·5d0a·2020·7461·6773··ntainer"].··tags00068980:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
 00068990:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
 000689a0:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
 000689b0:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
 000689c0:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
 000689d0:·5d0a·2020·2d20·2722·6175·6469·7422·2069··].··-·'"audit"·i
 000689e0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
 000689f0:·7061·636b·6167·6573·270a·2020·7461·6773··packages'.··tags
00068a00:·3a0a·2020·2d20·434a·4953·2d35·2e34·2e31··:.··-·CJIS-5.4.100068a00:·3a0a·2020·2d20·434a·4953·2d35·2e34·2e31··:.··-·CJIS-5.4.1
00068a10:·2e31·0a20·202d·2044·4953·412d·5354·4947··.1.··-·DISA-STIG00068a10:·2e31·0a20·202d·2044·4953·412d·5354·4947··.1.··-·DISA-STIG
00068a20:·2d52·4845·4c2d·3038·2d30·3330·3439·300a··-RHEL-08-030490.00068a20:·2d52·4845·4c2d·3038·2d30·3330·3439·300a··-RHEL-08-030490.
00068a30:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-17100068a30:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-171
00068a40:·2d33·2e31·2e37·0a20·202d·204e·4953·542d··-3.1.7.··-·NIST-00068a40:·2d33·2e31·2e37·0a20·202d·204e·4953·542d··-3.1.7.··-·NIST-
00068a50:·3830·302d·3533·2d41·552d·3132·2863·290a··800-53-AU-12(c).00068a50:·3830·302d·3533·2d41·552d·3132·2863·290a··800-53-AU-12(c).
00068a60:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-00068a60:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-
Offset 27081, 23 lines modifiedOffset 27081, 23 lines modified
00069c80:·7065·726d·5f6d·6f64·0a20·2020·2020·2063··perm_mod.······c00069c80:·7065·726d·5f6d·6f64·0a20·2020·2020·2063··perm_mod.······c
00069c90:·7265·6174·653a·2074·7275·650a·2020·2020··reate:·true.····00069c90:·7265·6174·653a·2074·7275·650a·2020·2020··reate:·true.····
00069ca0:·2020·6d6f·6465·3a20·6f2d·7277·780a·2020····mode:·o-rwx.··00069ca0:·2020·6d6f·6465·3a20·6f2d·7277·780a·2020····mode:·o-rwx.··
00069cb0:·2020·2020·7374·6174·653a·2070·7265·7365······state:·prese00069cb0:·2020·2020·7374·6174·653a·2070·7265·7365······state:·prese
00069cc0:·6e74·0a20·2020·2077·6865·6e3a·2073·7973··nt.····when:·sys00069cc0:·6e74·0a20·2020·2077·6865·6e3a·2073·7973··nt.····when:·sys
00069cd0:·6361·6c6c·735f·666f·756e·6420·7c20·6c65··calls_found·|·le00069cd0:·6361·6c6c·735f·666f·756e·6420·7c20·6c65··calls_found·|·le
00069ce0:·6e67·7468·203d·3d20·300a·2020·7768·656e··ngth·==·0.··when00069ce0:·6e67·7468·203d·3d20·300a·2020·7768·656e··ngth·==·0.··when
00069cf0:·3a0a·2020·2d20·2722·6175·6469·7422·2069··:.··-·'"audit"·i 
00069d00:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
00069d10:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an 
00069d20:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza 
00069d30:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in 
00069d40:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc 
00069d50:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po 
00069d60:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe00069cf0:·3a0a·2020·2d20·616e·7369·626c·655f·7669··:.··-·ansible_vi
 00069d00:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
 00069d10:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
 00069d20:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
 00069d30:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
 00069d40:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·
 00069d50:·2722·6175·6469·7422·2069·6e20·616e·7369··'"audit"·in·ansi
 00069d60:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
00069d70:·7222·5d0a·2020·2d20·6175·6469·745f·6172··r"].··-·audit_ar00069d70:·6573·270a·2020·2d20·6175·6469·745f·6172··es'.··-·audit_ar
00069d80:·6368·203d·3d20·2262·3634·220a·2020·7461··ch·==·"b64".··ta00069d80:·6368·203d·3d20·2262·3634·220a·2020·7461··ch·==·"b64".··ta
00069d90:·6773·3a0a·2020·2d20·434a·4953·2d35·2e34··gs:.··-·CJIS-5.400069d90:·6773·3a0a·2020·2d20·434a·4953·2d35·2e34··gs:.··-·CJIS-5.4
00069da0:·2e31·2e31·0a20·202d·2044·4953·412d·5354··.1.1.··-·DISA-ST00069da0:·2e31·2e31·0a20·202d·2044·4953·412d·5354··.1.1.··-·DISA-ST
00069db0:·4947·2d52·4845·4c2d·3038·2d30·3330·3439··IG-RHEL-08-0304900069db0:·4947·2d52·4845·4c2d·3038·2d30·3330·3439··IG-RHEL-08-03049
00069dc0:·300a·2020·2d20·4e49·5354·2d38·3030·2d31··0.··-·NIST-800-100069dc0:·300a·2020·2d20·4e49·5354·2d38·3030·2d31··0.··-·NIST-800-1
00069dd0:·3731·2d33·2e31·2e37·0a20·202d·204e·4953··71-3.1.7.··-·NIS00069dd0:·3731·2d33·2e31·2e37·0a20·202d·204e·4953··71-3.1.7.··-·NIS
00069de0:·542d·3830·302d·3533·2d41·552d·3132·2863··T-800-53-AU-12(c00069de0:·542d·3830·302d·3533·2d41·552d·3132·2863··T-800-53-AU-12(c
Offset 27131, 20 lines modifiedOffset 27131, 20 lines modified
00069fa0:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col00069fa0:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col
00069fb0:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·00069fb0:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·
00069fc0:·6964·3d22·6964·6d32·3533·3930·223e·3c70··id="idm25390"><p00069fc0:·6964·3d22·6964·6d32·3533·3930·223e·3c70··id="idm25390"><p
00069fd0:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed00069fd0:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed
00069fe0:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic00069fe0:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic
00069ff0:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer00069ff0:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer
0006a000:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i0006a000:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i
0006a010:·6620·7270·6d20·2d2d·7175·6965·7420·2d71··f·rpm·--quiet·-q 
0006a020:·2061·7564·6974·2026·616d·703b·2661·6d70···audit·&amp;&amp 
0006a030:·3b20·5b20·2120·2d66·202f·2e64·6f63·6b65··;·[·!·-f·/.docke0006a010:·6620·5b20·2120·2d66·202f·2e64·6f63·6b65··f·[·!·-f·/.docke
0006a040:·7265·6e76·205d·2026·616d·703b·2661·6d70··renv·]·&amp;&amp0006a020:·7265·6e76·205d·2026·616d·703b·2661·6d70··renv·]·&amp;&amp
0006a050:·3b20·5b20·2120·2d66·202f·7275·6e2f·2e63··;·[·!·-f·/run/.c0006a030:·3b20·5b20·2120·2d66·202f·7275·6e2f·2e63··;·[·!·-f·/run/.c
0006a060:·6f6e·7461·696e·6572·656e·7620·5d3b·2074··ontainerenv·];·t0006a040:·6f6e·7461·696e·6572·656e·7620·5d20·2661··ontainerenv·]·&a
 0006a050:·6d70·3b26·616d·703b·2072·706d·202d·2d71··mp;&amp;·rpm·--q
 0006a060:·7569·6574·202d·7120·6175·6469·743b·2074··uiet·-q·audit;·t
0006a070:·6865·6e0a·0a23·2046·6972·7374·2070·6572··hen..#·First·per0006a070:·6865·6e0a·0a23·2046·6972·7374·2070·6572··hen..#·First·per
0006a080:·666f·726d·2074·6865·2072·656d·6564·6961··form·the·remedia0006a080:·666f·726d·2074·6865·2072·656d·6564·6961··form·the·remedia
0006a090:·7469·6f6e·206f·6620·7468·6520·7379·7363··tion·of·the·sysc0006a090:·7469·6f6e·206f·6620·7468·6520·7379·7363··tion·of·the·sysc
0006a0a0:·616c·6c20·7275·6c65·0a23·2052·6574·7269··all·rule.#·Retri0006a0a0:·616c·6c20·7275·6c65·0a23·2052·6574·7269··all·rule.#·Retri
Max diff block lines reached; 303016/312530 bytes (96.96%) of diff not shown.
93.9 KB
html2text {}
    
Offset 68, 15 lines modifiedOffset 68, 15 lines modified
68 ····*·cpe:/o:redhat:enterprise_linux:8.768 ····*·cpe:/o:redhat:enterprise_linux:8.7
69 ····*·cpe:/o:redhat:enterprise_linux:8.869 ····*·cpe:/o:redhat:enterprise_linux:8.8
70 ····*·cpe:/o:redhat:enterprise_linux:8.970 ····*·cpe:/o:redhat:enterprise_linux:8.9
71 ····*·cpe:/o:redhat:enterprise_linux:871 ····*·cpe:/o:redhat:enterprise_linux:8
72 ····*·cpe:/o:centos:centos:872 ····*·cpe:/o:centos:centos:8
73 *****·Revision·History·*****73 *****·Revision·History·*****
74 Current·version:·0.1.6574 Current·version:·0.1.65
75 ····*·draft·(as·of·2024-01-14)75 ····*·draft·(as·of·2025-02-15)
76 *****·Table·of·Contents·*****76 *****·Table·of·Contents·*****
77 ···1.·System_Settings77 ···1.·System_Settings
78 ·········1.·Installing_and_Maintaining_Software78 ·········1.·Installing_and_Maintaining_Software
79 ·········2.·Account_and_Access_Control79 ·········2.·Account_and_Access_Control
80 ·········3.·System_Accounting_with_auditd80 ·········3.·System_Accounting_with_auditd
81 ·········4.·Configure_Syslog81 ·········4.·Configure_Syslog
82 ·········5.·File_Permissions_and_Masks82 ·········5.·File_Permissions_and_Masks
Offset 1454, 16 lines modifiedOffset 1454, 16 lines modified
1454 ··-·reboot_required1454 ··-·reboot_required
1455 ··-·restrict_strategy1455 ··-·restrict_strategy
  
1456 -·name:·Set·architecture·for·audit·chmod·tasks1456 -·name:·Set·architecture·for·audit·chmod·tasks
1457 ··set_fact:1457 ··set_fact:
1458 ····audit_arch:·b641458 ····audit_arch:·b64
1459 ··when:1459 ··when:
1460 ··-·'"audit"·in·ansible_facts.packages' 
1461 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1460 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1461 ··-·'"audit"·in·ansible_facts.packages'
1462 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture1462 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
1463 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"1463 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
1464 ··tags:1464 ··tags:
1465 ··-·CJIS-5.4.1.11465 ··-·CJIS-5.4.1.1
1466 ··-·DISA-STIG-RHEL-08-0304901466 ··-·DISA-STIG-RHEL-08-030490
1467 ··-·NIST-800-171-3.1.71467 ··-·NIST-800-171-3.1.7
1468 ··-·NIST-800-53-AU-12(c)1468 ··-·NIST-800-53-AU-12(c)
Offset 1600, 16 lines modifiedOffset 1600, 16 lines modified
1600 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10001600 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
1601 ········-F·auid!=unset·-F·key=perm_mod1601 ········-F·auid!=unset·-F·key=perm_mod
1602 ······create:·true1602 ······create:·true
1603 ······mode:·o-rwx1603 ······mode:·o-rwx
1604 ······state:·present1604 ······state:·present
1605 ····when:·syscalls_found·|·length·==·01605 ····when:·syscalls_found·|·length·==·0
1606 ··when:1606 ··when:
1607 ··-·'"audit"·in·ansible_facts.packages' 
1608 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1607 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1608 ··-·'"audit"·in·ansible_facts.packages'
1609 ··tags:1609 ··tags:
1610 ··-·CJIS-5.4.1.11610 ··-·CJIS-5.4.1.1
1611 ··-·DISA-STIG-RHEL-08-0304901611 ··-·DISA-STIG-RHEL-08-030490
1612 ··-·NIST-800-171-3.1.71612 ··-·NIST-800-171-3.1.7
1613 ··-·NIST-800-53-AU-12(c)1613 ··-·NIST-800-53-AU-12(c)
1614 ··-·NIST-800-53-AU-2(d)1614 ··-·NIST-800-53-AU-2(d)
1615 ··-·NIST-800-53-CM-6(a)1615 ··-·NIST-800-53-CM-6(a)
Offset 1744, 16 lines modifiedOffset 1744, 16 lines modified
1744 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10001744 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
1745 ········-F·auid!=unset·-F·key=perm_mod1745 ········-F·auid!=unset·-F·key=perm_mod
1746 ······create:·true1746 ······create:·true
1747 ······mode:·o-rwx1747 ······mode:·o-rwx
1748 ······state:·present1748 ······state:·present
1749 ····when:·syscalls_found·|·length·==·01749 ····when:·syscalls_found·|·length·==·0
1750 ··when:1750 ··when:
1751 ··-·'"audit"·in·ansible_facts.packages' 
1752 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1751 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1752 ··-·'"audit"·in·ansible_facts.packages'
1753 ··-·audit_arch·==·"b64"1753 ··-·audit_arch·==·"b64"
1754 ··tags:1754 ··tags:
1755 ··-·CJIS-5.4.1.11755 ··-·CJIS-5.4.1.1
1756 ··-·DISA-STIG-RHEL-08-0304901756 ··-·DISA-STIG-RHEL-08-030490
1757 ··-·NIST-800-171-3.1.71757 ··-·NIST-800-171-3.1.7
1758 ··-·NIST-800-53-AU-12(c)1758 ··-·NIST-800-53-AU-12(c)
1759 ··-·NIST-800-53-AU-2(d)1759 ··-·NIST-800-53-AU-2(d)
Offset 1763, 15 lines modifiedOffset 1763, 15 lines modified
1763 ··-·low_complexity1763 ··-·low_complexity
1764 ··-·low_disruption1764 ··-·low_disruption
1765 ··-·medium_severity1765 ··-·medium_severity
1766 ··-·reboot_required1766 ··-·reboot_required
1767 ··-·restrict_strategy1767 ··-·restrict_strategy
1768 Remediation_Shell_script_⇲1768 Remediation_Shell_script_⇲
1769 #·Remediation·is·applicable·only·in·certain·platforms1769 #·Remediation·is·applicable·only·in·certain·platforms
1770 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then1770 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
1771 #·First·perform·the·remediation·of·the·syscall·rule1771 #·First·perform·the·remediation·of·the·syscall·rule
1772 #·Retrieve·hardware·architecture·of·the·underlying·system1772 #·Retrieve·hardware·architecture·of·the·underlying·system
1773 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")1773 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
1774 for·ARCH·in·"${RULE_ARCHS[@]}"1774 for·ARCH·in·"${RULE_ARCHS[@]}"
1775 do1775 do
Offset 2132, 16 lines modifiedOffset 2132, 16 lines modified
2132 ··-·reboot_required2132 ··-·reboot_required
2133 ··-·restrict_strategy2133 ··-·restrict_strategy
  
2134 -·name:·Set·architecture·for·audit·chown·tasks2134 -·name:·Set·architecture·for·audit·chown·tasks
2135 ··set_fact:2135 ··set_fact:
2136 ····audit_arch:·b642136 ····audit_arch:·b64
2137 ··when:2137 ··when:
2138 ··-·'"audit"·in·ansible_facts.packages' 
2139 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2138 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 2139 ··-·'"audit"·in·ansible_facts.packages'
2140 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture2140 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
2141 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"2141 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
2142 ··tags:2142 ··tags:
2143 ··-·CJIS-5.4.1.12143 ··-·CJIS-5.4.1.1
2144 ··-·DISA-STIG-RHEL-08-0304802144 ··-·DISA-STIG-RHEL-08-030480
2145 ··-·NIST-800-171-3.1.72145 ··-·NIST-800-171-3.1.7
2146 ··-·NIST-800-53-AU-12(c)2146 ··-·NIST-800-53-AU-12(c)
Offset 2280, 16 lines modifiedOffset 2280, 16 lines modified
2280 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002280 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2281 ········-F·auid!=unset·-F·key=perm_mod2281 ········-F·auid!=unset·-F·key=perm_mod
2282 ······create:·true2282 ······create:·true
2283 ······mode:·o-rwx2283 ······mode:·o-rwx
2284 ······state:·present2284 ······state:·present
2285 ····when:·syscalls_found·|·length·==·02285 ····when:·syscalls_found·|·length·==·0
2286 ··when:2286 ··when:
2287 ··-·'"audit"·in·ansible_facts.packages' 
2288 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2287 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 2288 ··-·'"audit"·in·ansible_facts.packages'
2289 ··tags:2289 ··tags:
2290 ··-·CJIS-5.4.1.12290 ··-·CJIS-5.4.1.1
2291 ··-·DISA-STIG-RHEL-08-0304802291 ··-·DISA-STIG-RHEL-08-030480
2292 ··-·NIST-800-171-3.1.72292 ··-·NIST-800-171-3.1.7
2293 ··-·NIST-800-53-AU-12(c)2293 ··-·NIST-800-53-AU-12(c)
2294 ··-·NIST-800-53-AU-2(d)2294 ··-·NIST-800-53-AU-2(d)
2295 ··-·NIST-800-53-CM-6(a)2295 ··-·NIST-800-53-CM-6(a)
Offset 2426, 16 lines modifiedOffset 2426, 16 lines modified
2426 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002426 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2427 ········-F·auid!=unset·-F·key=perm_mod2427 ········-F·auid!=unset·-F·key=perm_mod
2428 ······create:·true2428 ······create:·true
2429 ······mode:·o-rwx2429 ······mode:·o-rwx
2430 ······state:·present2430 ······state:·present
Max diff block lines reached; 91629/96109 bytes (95.34%) of diff not shown.
750 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-stig.html
    
Offset 14558, 16 lines modifiedOffset 14558, 16 lines modified
00038dd0:·7669·7369·6f6e·2048·6973·746f·7279·3c2f··vision·History</00038dd0:·7669·7369·6f6e·2048·6973·746f·7279·3c2f··vision·History</
00038de0:·6832·3e3c·703e·4375·7272·656e·7420·7665··h2><p>Current·ve00038de0:·6832·3e3c·703e·4375·7272·656e·7420·7665··h2><p>Current·ve
00038df0:·7273·696f·6e3a·203c·7374·726f·6e67·3e30··rsion:·<strong>000038df0:·7273·696f·6e3a·203c·7374·726f·6e67·3e30··rsion:·<strong>0
00038e00:·2e31·2e36·353c·2f73·7472·6f6e·673e·3c2f··.1.65</strong></00038e00:·2e31·2e36·353c·2f73·7472·6f6e·673e·3c2f··.1.65</strong></
00038e10:·703e·3c75·6c3e·3c6c·693e·3c73·7472·6f6e··p><ul><li><stron00038e10:·703e·3c75·6c3e·3c6c·693e·3c73·7472·6f6e··p><ul><li><stron
00038e20:·673e·6472·6166·743c·2f73·7472·6f6e·673e··g>draft</strong>00038e20:·673e·6472·6166·743c·2f73·7472·6f6e·673e··g>draft</strong>
00038e30:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············00038e30:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············
00038e40:·2020·2020·2028·6173·206f·6620·3230·3234·······(as·of·202400038e40:·2020·2020·2028·6173·206f·6620·3230·3235·······(as·of·2025
00038e50:·2d30·312d·3134·290a·2020·2020·2020·2020··-01-14).········00038e50:·2d30·322d·3135·290a·2020·2020·2020·2020··-02-15).········
00038e60:·2020·2020·2020·2020·3c2f·6c69·3e3c·2f75··········</li></u00038e60:·2020·2020·2020·2020·3c2f·6c69·3e3c·2f75··········</li></u
00038e70:·6c3e·3c2f·6469·763e·3c68·323e·5461·626c··l></div><h2>Tabl00038e70:·6c3e·3c2f·6469·763e·3c68·323e·5461·626c··l></div><h2>Tabl
00038e80:·6520·6f66·2043·6f6e·7465·6e74·733c·2f68··e·of·Contents</h00038e80:·6520·6f66·2043·6f6e·7465·6e74·733c·2f68··e·of·Contents</h
00038e90:·323e·3c6f·6c3e·3c6c·693e·3c61·2068·7265··2><ol><li><a·hre00038e90:·323e·3c6f·6c3e·3c6c·693e·3c61·2068·7265··2><ol><li><a·hre
00038ea0:·663d·2223·7863·6364·665f·6f72·672e·7373··f="#xccdf_org.ss00038ea0:·663d·2223·7863·6364·665f·6f72·672e·7373··f="#xccdf_org.ss
00038eb0:·6770·726f·6a65·6374·2e63·6f6e·7465·6e74··gproject.content00038eb0:·6770·726f·6a65·6374·2e63·6f6e·7465·6e74··gproject.content
00038ec0:·5f67·726f·7570·5f73·7973·7465·6d22·3e53··_group_system">S00038ec0:·5f67·726f·7570·5f73·7973·7465·6d22·3e53··_group_system">S
Offset 103074, 23 lines modifiedOffset 103074, 23 lines modified
00192a10:·6f74·5f72·6571·7569·7265·640a·2020·2d20··ot_required.··-·00192a10:·6f74·5f72·6571·7569·7265·640a·2020·2d20··ot_required.··-·
00192a20:·7265·7374·7269·6374·5f73·7472·6174·6567··restrict_strateg00192a20:·7265·7374·7269·6374·5f73·7472·6174·6567··restrict_strateg
00192a30:·790a·0a2d·206e·616d·653a·2053·6574·2061··y..-·name:·Set·a00192a30:·790a·0a2d·206e·616d·653a·2053·6574·2061··y..-·name:·Set·a
00192a40:·7263·6869·7465·6374·7572·6520·666f·7220··rchitecture·for·00192a40:·7263·6869·7465·6374·7572·6520·666f·7220··rchitecture·for·
00192a50:·6175·6469·7420·6368·6d6f·6420·7461·736b··audit·chmod·task00192a50:·6175·6469·7420·6368·6d6f·6420·7461·736b··audit·chmod·task
00192a60:·730a·2020·7365·745f·6661·6374·3a0a·2020··s.··set_fact:.··00192a60:·730a·2020·7365·745f·6661·6374·3a0a·2020··s.··set_fact:.··
00192a70:·2020·6175·6469·745f·6172·6368·3a20·6236····audit_arch:·b600192a70:·2020·6175·6469·745f·6172·6368·3a20·6236····audit_arch:·b6
00192a80:·340a·2020·7768·656e·3a0a·2020·2d20·2722··4.··when:.··-·'"00192a80:·340a·2020·7768·656e·3a0a·2020·2d20·616e··4.··when:.··-·an
00192a90:·6175·6469·7422·2069·6e20·616e·7369·626c··audit"·in·ansibl 
00192aa0:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages 
00192ab0:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi 
00192ac0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ 
00192ad0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke 
00192ae0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open 
00192af0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·" 
00192b00:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·00192a90:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
 00192aa0:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
 00192ab0:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
 00192ac0:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
 00192ad0:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
 00192ae0:·7222·5d0a·2020·2d20·2722·6175·6469·7422··r"].··-·'"audit"
 00192af0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 00192b00:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·
00192b10:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec00192b10:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec
00192b20:·7475·7265·203d·3d20·2261·6172·6368·3634··ture·==·"aarch6400192b20:·7475·7265·203d·3d20·2261·6172·6368·3634··ture·==·"aarch64
00192b30:·2220·6f72·2061·6e73·6962·6c65·5f61·7263··"·or·ansible_arc00192b30:·2220·6f72·2061·6e73·6962·6c65·5f61·7263··"·or·ansible_arc
00192b40:·6869·7465·6374·7572·6520·3d3d·2022·7070··hitecture·==·"pp00192b40:·6869·7465·6374·7572·6520·3d3d·2022·7070··hitecture·==·"pp
00192b50:·6336·3422·206f·7220·616e·7369·626c·655f··c64"·or·ansible_00192b50:·6336·3422·206f·7220·616e·7369·626c·655f··c64"·or·ansible_
00192b60:·6172·6368·6974·6563·7475·7265·0a20·2020··architecture.···00192b60:·6172·6368·6974·6563·7475·7265·0a20·2020··architecture.···
00192b70:·203d·3d20·2270·7063·3634·6c65·2220·6f72···==·"ppc64le"·or00192b70:·203d·3d20·2270·7063·3634·6c65·2220·6f72···==·"ppc64le"·or
Offset 103398, 22 lines modifiedOffset 103398, 22 lines modified
00193e50:·6d6f·640a·2020·2020·2020·6372·6561·7465··mod.······create00193e50:·6d6f·640a·2020·2020·2020·6372·6561·7465··mod.······create
00193e60:·3a20·7472·7565·0a20·2020·2020·206d·6f64··:·true.······mod00193e60:·3a20·7472·7565·0a20·2020·2020·206d·6f64··:·true.······mod
00193e70:·653a·206f·2d72·7778·0a20·2020·2020·2073··e:·o-rwx.······s00193e70:·653a·206f·2d72·7778·0a20·2020·2020·2073··e:·o-rwx.······s
00193e80:·7461·7465·3a20·7072·6573·656e·740a·2020··tate:·present.··00193e80:·7461·7465·3a20·7072·6573·656e·740a·2020··tate:·present.··
00193e90:·2020·7768·656e·3a20·7379·7363·616c·6c73····when:·syscalls00193e90:·2020·7768·656e·3a20·7379·7363·616c·6c73····when:·syscalls
00193ea0:·5f66·6f75·6e64·207c·206c·656e·6774·6820··_found·|·length·00193ea0:·5f66·6f75·6e64·207c·206c·656e·6774·6820··_found·|·length·
00193eb0:·3d3d·2030·0a20·2077·6865·6e3a·0a20·202d··==·0.··when:.··-00193eb0:·3d3d·2030·0a20·2077·6865·6e3a·0a20·202d··==·0.··when:.··-
00193ec0:·2027·2261·7564·6974·2220·696e·2061·6e73···'"audit"·in·ans 
00193ed0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa 
00193ee0:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible 
00193ef0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_ 
00193f00:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do 
00193f10:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o 
00193f20:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman" 
00193f30:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·00193ec0:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
 00193ed0:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
 00193ee0:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
 00193ef0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
 00193f00:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
 00193f10:·696e·6572·225d·0a20·202d·2027·2261·7564··iner"].··-·'"aud
 00193f20:·6974·2220·696e·2061·6e73·6962·6c65·5f66··it"·in·ansible_f
 00193f30:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
00193f40:·2074·6167·733a·0a20·202d·2043·4a49·532d···tags:.··-·CJIS-00193f40:·2074·6167·733a·0a20·202d·2043·4a49·532d···tags:.··-·CJIS-
00193f50:·352e·342e·312e·310a·2020·2d20·4449·5341··5.4.1.1.··-·DISA00193f50:·352e·342e·312e·310a·2020·2d20·4449·5341··5.4.1.1.··-·DISA
00193f60:·2d53·5449·472d·5248·454c·2d30·382d·3033··-STIG-RHEL-08-0300193f60:·2d53·5449·472d·5248·454c·2d30·382d·3033··-STIG-RHEL-08-03
00193f70:·3034·3930·0a20·202d·204e·4953·542d·3830··0490.··-·NIST-8000193f70:·3034·3930·0a20·202d·204e·4953·542d·3830··0490.··-·NIST-80
00193f80:·302d·3137·312d·332e·312e·370a·2020·2d20··0-171-3.1.7.··-·00193f80:·302d·3137·312d·332e·312e·370a·2020·2d20··0-171-3.1.7.··-·
00193f90:·4e49·5354·2d38·3030·2d35·332d·4155·2d31··NIST-800-53-AU-100193f90:·4e49·5354·2d38·3030·2d35·332d·4155·2d31··NIST-800-53-AU-1
00193fa0:·3228·6329·0a20·202d·204e·4953·542d·3830··2(c).··-·NIST-8000193fa0:·3228·6329·0a20·202d·204e·4953·542d·3830··2(c).··-·NIST-80
Offset 103709, 23 lines modifiedOffset 103709, 23 lines modified
001951c0:·206b·6579·3d70·6572·6d5f·6d6f·640a·2020···key=perm_mod.··001951c0:·206b·6579·3d70·6572·6d5f·6d6f·640a·2020···key=perm_mod.··
001951d0:·2020·2020·6372·6561·7465·3a20·7472·7565······create:·true001951d0:·2020·2020·6372·6561·7465·3a20·7472·7565······create:·true
001951e0:·0a20·2020·2020·206d·6f64·653a·206f·2d72··.······mode:·o-r001951e0:·0a20·2020·2020·206d·6f64·653a·206f·2d72··.······mode:·o-r
001951f0:·7778·0a20·2020·2020·2073·7461·7465·3a20··wx.······state:·001951f0:·7778·0a20·2020·2020·2073·7461·7465·3a20··wx.······state:·
00195200:·7072·6573·656e·740a·2020·2020·7768·656e··present.····when00195200:·7072·6573·656e·740a·2020·2020·7768·656e··present.····when
00195210:·3a20·7379·7363·616c·6c73·5f66·6f75·6e64··:·syscalls_found00195210:·3a20·7379·7363·616c·6c73·5f66·6f75·6e64··:·syscalls_found
00195220:·207c·206c·656e·6774·6820·3d3d·2030·0a20···|·length·==·0.·00195220:·207c·206c·656e·6774·6820·3d3d·2030·0a20···|·length·==·0.·
00195230:·2077·6865·6e3a·0a20·202d·2027·2261·7564···when:.··-·'"aud00195230:·2077·6865·6e3a·0a20·202d·2061·6e73·6962···when:.··-·ansib
00195240:·6974·2220·696e·2061·6e73·6962·6c65·5f66··it"·in·ansible_f 
00195250:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.· 
00195260:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu 
00195270:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n 
00195280:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker", 
00195290:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz" 
001952a0:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con 
001952b0:·7461·696e·6572·225d·0a20·202d·2061·7564··tainer"].··-·aud00195240:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio
 00195250:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["
 00195260:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·
 00195270:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma
 00195280:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]
 00195290:·0a20·202d·2027·2261·7564·6974·2220·696e··.··-·'"audit"·in
 001952a0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p
 001952b0:·6163·6b61·6765·7327·0a20·202d·2061·7564··ackages'.··-·aud
001952c0:·6974·5f61·7263·6820·3d3d·2022·6236·3422··it_arch·==·"b64"001952c0:·6974·5f61·7263·6820·3d3d·2022·6236·3422··it_arch·==·"b64"
001952d0:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI001952d0:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI
001952e0:·532d·352e·342e·312e·310a·2020·2d20·4449··S-5.4.1.1.··-·DI001952e0:·532d·352e·342e·312e·310a·2020·2d20·4449··S-5.4.1.1.··-·DI
001952f0:·5341·2d53·5449·472d·5248·454c·2d30·382d··SA-STIG-RHEL-08-001952f0:·5341·2d53·5449·472d·5248·454c·2d30·382d··SA-STIG-RHEL-08-
00195300:·3033·3034·3930·0a20·202d·204e·4953·542d··030490.··-·NIST-00195300:·3033·3034·3930·0a20·202d·204e·4953·542d··030490.··-·NIST-
00195310:·3830·302d·3137·312d·332e·312e·370a·2020··800-171-3.1.7.··00195310:·3830·302d·3137·312d·332e·312e·370a·2020··800-171-3.1.7.··
00195320:·2d20·4e49·5354·2d38·3030·2d35·332d·4155··-·NIST-800-53-AU00195320:·2d20·4e49·5354·2d38·3030·2d35·332d·4155··-·NIST-800-53-AU
Offset 103759, 21 lines modifiedOffset 103759, 21 lines modified
001954e0:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane001954e0:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane
001954f0:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla001954f0:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla
00195500:·7073·6522·2069·643d·2269·646d·3235·3339··pse"·id="idm253900195500:·7073·6522·2069·643d·2269·646d·3235·3339··pse"·id="idm2539
00195510:·3022·3e3c·7072·653e·3c63·6f64·653e·2320··0"><pre><code>#·00195510:·3022·3e3c·7072·653e·3c63·6f64·653e·2320··0"><pre><code>#·
00195520:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a00195520:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a
00195530:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i00195530:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i
00195540:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo00195540:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo
00195550:·726d·730a·6966·2072·706d·202d·2d71·7569··rms.if·rpm·--qui 
00195560:·6574·202d·7120·6175·6469·7420·2661·6d70··et·-q·audit·&amp 
00195570:·3b26·616d·703b·205b·2021·202d·6620·2f2e··;&amp;·[·!·-f·/.00195550:·726d·730a·6966·205b·2021·202d·6620·2f2e··rms.if·[·!·-f·/.
00195580:·646f·636b·6572·656e·7620·5d20·2661·6d70··dockerenv·]·&amp00195560:·646f·636b·6572·656e·7620·5d20·2661·6d70··dockerenv·]·&amp
00195590:·3b26·616d·703b·205b·2021·202d·6620·2f72··;&amp;·[·!·-f·/r00195570:·3b26·616d·703b·205b·2021·202d·6620·2f72··;&amp;·[·!·-f·/r
001955a0:·756e·2f2e·636f·6e74·6169·6e65·7265·6e76··un/.containerenv00195580:·756e·2f2e·636f·6e74·6169·6e65·7265·6e76··un/.containerenv
 00195590:·205d·2026·616d·703b·2661·6d70·3b20·7270···]·&amp;&amp;·rp
 001955a0:·6d20·2d2d·7175·6965·7420·2d71·2061·7564··m·--quiet·-q·aud
001955b0:·205d·3b20·7468·656e·0a0a·2320·4669·7273···];·then..#·Firs001955b0:·6974·3b20·7468·656e·0a0a·2320·4669·7273··it;·then..#·Firs
001955c0:·7420·7065·7266·6f72·6d20·7468·6520·7265··t·perform·the·re001955c0:·7420·7065·7266·6f72·6d20·7468·6520·7265··t·perform·the·re
001955d0:·6d65·6469·6174·696f·6e20·6f66·2074·6865··mediation·of·the001955d0:·6d65·6469·6174·696f·6e20·6f66·2074·6865··mediation·of·the
Max diff block lines reached; 579792/589314 bytes (98.38%) of diff not shown.
174 KB
html2text {}
    
Offset 72, 15 lines modifiedOffset 72, 15 lines modified
72 ····*·cpe:/o:redhat:enterprise_linux:8.772 ····*·cpe:/o:redhat:enterprise_linux:8.7
73 ····*·cpe:/o:redhat:enterprise_linux:8.873 ····*·cpe:/o:redhat:enterprise_linux:8.8
74 ····*·cpe:/o:redhat:enterprise_linux:8.974 ····*·cpe:/o:redhat:enterprise_linux:8.9
75 ····*·cpe:/o:redhat:enterprise_linux:875 ····*·cpe:/o:redhat:enterprise_linux:8
76 ····*·cpe:/o:centos:centos:876 ····*·cpe:/o:centos:centos:8
77 *****·Revision·History·*****77 *****·Revision·History·*****
78 Current·version:·0.1.6578 Current·version:·0.1.65
79 ····*·draft·(as·of·2024-01-14)79 ····*·draft·(as·of·2025-02-15)
80 *****·Table·of·Contents·*****80 *****·Table·of·Contents·*****
81 ···1.·System_Settings81 ···1.·System_Settings
82 ·········1.·Installing_and_Maintaining_Software82 ·········1.·Installing_and_Maintaining_Software
83 ·········2.·Account_and_Access_Control83 ·········2.·Account_and_Access_Control
84 ·········3.·System_Accounting_with_auditd84 ·········3.·System_Accounting_with_auditd
85 ·········4.·GRUB2_bootloader_configuration85 ·········4.·GRUB2_bootloader_configuration
86 ·········5.·Configure_Syslog86 ·········5.·Configure_Syslog
Offset 17204, 16 lines modifiedOffset 17204, 16 lines modified
17204 ··-·reboot_required17204 ··-·reboot_required
17205 ··-·restrict_strategy17205 ··-·restrict_strategy
  
17206 -·name:·Set·architecture·for·audit·chmod·tasks17206 -·name:·Set·architecture·for·audit·chmod·tasks
17207 ··set_fact:17207 ··set_fact:
17208 ····audit_arch:·b6417208 ····audit_arch:·b64
17209 ··when:17209 ··when:
17210 ··-·'"audit"·in·ansible_facts.packages' 
17211 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]17210 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 17211 ··-·'"audit"·in·ansible_facts.packages'
17212 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture17212 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
17213 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"17213 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
17214 ··tags:17214 ··tags:
17215 ··-·CJIS-5.4.1.117215 ··-·CJIS-5.4.1.1
17216 ··-·DISA-STIG-RHEL-08-03049017216 ··-·DISA-STIG-RHEL-08-030490
17217 ··-·NIST-800-171-3.1.717217 ··-·NIST-800-171-3.1.7
17218 ··-·NIST-800-53-AU-12(c)17218 ··-·NIST-800-53-AU-12(c)
Offset 17350, 16 lines modifiedOffset 17350, 16 lines modified
17350 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100017350 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
17351 ········-F·auid!=unset·-F·key=perm_mod17351 ········-F·auid!=unset·-F·key=perm_mod
17352 ······create:·true17352 ······create:·true
17353 ······mode:·o-rwx17353 ······mode:·o-rwx
17354 ······state:·present17354 ······state:·present
17355 ····when:·syscalls_found·|·length·==·017355 ····when:·syscalls_found·|·length·==·0
17356 ··when:17356 ··when:
17357 ··-·'"audit"·in·ansible_facts.packages' 
17358 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]17357 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 17358 ··-·'"audit"·in·ansible_facts.packages'
17359 ··tags:17359 ··tags:
17360 ··-·CJIS-5.4.1.117360 ··-·CJIS-5.4.1.1
17361 ··-·DISA-STIG-RHEL-08-03049017361 ··-·DISA-STIG-RHEL-08-030490
17362 ··-·NIST-800-171-3.1.717362 ··-·NIST-800-171-3.1.7
17363 ··-·NIST-800-53-AU-12(c)17363 ··-·NIST-800-53-AU-12(c)
17364 ··-·NIST-800-53-AU-2(d)17364 ··-·NIST-800-53-AU-2(d)
17365 ··-·NIST-800-53-CM-6(a)17365 ··-·NIST-800-53-CM-6(a)
Offset 17494, 16 lines modifiedOffset 17494, 16 lines modified
17494 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100017494 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
17495 ········-F·auid!=unset·-F·key=perm_mod17495 ········-F·auid!=unset·-F·key=perm_mod
17496 ······create:·true17496 ······create:·true
17497 ······mode:·o-rwx17497 ······mode:·o-rwx
17498 ······state:·present17498 ······state:·present
17499 ····when:·syscalls_found·|·length·==·017499 ····when:·syscalls_found·|·length·==·0
17500 ··when:17500 ··when:
17501 ··-·'"audit"·in·ansible_facts.packages' 
17502 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]17501 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 17502 ··-·'"audit"·in·ansible_facts.packages'
17503 ··-·audit_arch·==·"b64"17503 ··-·audit_arch·==·"b64"
17504 ··tags:17504 ··tags:
17505 ··-·CJIS-5.4.1.117505 ··-·CJIS-5.4.1.1
17506 ··-·DISA-STIG-RHEL-08-03049017506 ··-·DISA-STIG-RHEL-08-030490
17507 ··-·NIST-800-171-3.1.717507 ··-·NIST-800-171-3.1.7
17508 ··-·NIST-800-53-AU-12(c)17508 ··-·NIST-800-53-AU-12(c)
17509 ··-·NIST-800-53-AU-2(d)17509 ··-·NIST-800-53-AU-2(d)
Offset 17513, 15 lines modifiedOffset 17513, 15 lines modified
17513 ··-·low_complexity17513 ··-·low_complexity
17514 ··-·low_disruption17514 ··-·low_disruption
17515 ··-·medium_severity17515 ··-·medium_severity
17516 ··-·reboot_required17516 ··-·reboot_required
17517 ··-·restrict_strategy17517 ··-·restrict_strategy
17518 Remediation_Shell_script_⇲17518 Remediation_Shell_script_⇲
17519 #·Remediation·is·applicable·only·in·certain·platforms17519 #·Remediation·is·applicable·only·in·certain·platforms
17520 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then17520 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
17521 #·First·perform·the·remediation·of·the·syscall·rule17521 #·First·perform·the·remediation·of·the·syscall·rule
17522 #·Retrieve·hardware·architecture·of·the·underlying·system17522 #·Retrieve·hardware·architecture·of·the·underlying·system
17523 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")17523 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
17524 for·ARCH·in·"${RULE_ARCHS[@]}"17524 for·ARCH·in·"${RULE_ARCHS[@]}"
17525 do17525 do
Offset 17882, 16 lines modifiedOffset 17882, 16 lines modified
17882 ··-·reboot_required17882 ··-·reboot_required
17883 ··-·restrict_strategy17883 ··-·restrict_strategy
  
17884 -·name:·Set·architecture·for·audit·chown·tasks17884 -·name:·Set·architecture·for·audit·chown·tasks
17885 ··set_fact:17885 ··set_fact:
17886 ····audit_arch:·b6417886 ····audit_arch:·b64
17887 ··when:17887 ··when:
17888 ··-·'"audit"·in·ansible_facts.packages' 
17889 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]17888 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 17889 ··-·'"audit"·in·ansible_facts.packages'
17890 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture17890 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
17891 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"17891 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
17892 ··tags:17892 ··tags:
17893 ··-·CJIS-5.4.1.117893 ··-·CJIS-5.4.1.1
17894 ··-·DISA-STIG-RHEL-08-03048017894 ··-·DISA-STIG-RHEL-08-030480
17895 ··-·NIST-800-171-3.1.717895 ··-·NIST-800-171-3.1.7
17896 ··-·NIST-800-53-AU-12(c)17896 ··-·NIST-800-53-AU-12(c)
Offset 18030, 16 lines modifiedOffset 18030, 16 lines modified
18030 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100018030 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
18031 ········-F·auid!=unset·-F·key=perm_mod18031 ········-F·auid!=unset·-F·key=perm_mod
18032 ······create:·true18032 ······create:·true
18033 ······mode:·o-rwx18033 ······mode:·o-rwx
18034 ······state:·present18034 ······state:·present
18035 ····when:·syscalls_found·|·length·==·018035 ····when:·syscalls_found·|·length·==·0
18036 ··when:18036 ··when:
18037 ··-·'"audit"·in·ansible_facts.packages' 
18038 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]18037 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 18038 ··-·'"audit"·in·ansible_facts.packages'
18039 ··tags:18039 ··tags:
18040 ··-·CJIS-5.4.1.118040 ··-·CJIS-5.4.1.1
18041 ··-·DISA-STIG-RHEL-08-03048018041 ··-·DISA-STIG-RHEL-08-030480
18042 ··-·NIST-800-171-3.1.718042 ··-·NIST-800-171-3.1.7
18043 ··-·NIST-800-53-AU-12(c)18043 ··-·NIST-800-53-AU-12(c)
18044 ··-·NIST-800-53-AU-2(d)18044 ··-·NIST-800-53-AU-2(d)
18045 ··-·NIST-800-53-CM-6(a)18045 ··-·NIST-800-53-CM-6(a)
Offset 18176, 16 lines modifiedOffset 18176, 16 lines modified
18176 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100018176 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
18177 ········-F·auid!=unset·-F·key=perm_mod18177 ········-F·auid!=unset·-F·key=perm_mod
18178 ······create:·true18178 ······create:·true
18179 ······mode:·o-rwx18179 ······mode:·o-rwx
18180 ······state:·present18180 ······state:·present
Max diff block lines reached; 173637/178135 bytes (97.47%) of diff not shown.
746 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-stig_gui.html
    
Offset 14583, 15 lines modifiedOffset 14583, 15 lines modified
00038f60:·7279·3c2f·6832·3e3c·703e·4375·7272·656e··ry</h2><p>Curren00038f60:·7279·3c2f·6832·3e3c·703e·4375·7272·656e··ry</h2><p>Curren
00038f70:·7420·7665·7273·696f·6e3a·203c·7374·726f··t·version:·<stro00038f70:·7420·7665·7273·696f·6e3a·203c·7374·726f··t·version:·<stro
00038f80:·6e67·3e30·2e31·2e36·353c·2f73·7472·6f6e··ng>0.1.65</stron00038f80:·6e67·3e30·2e31·2e36·353c·2f73·7472·6f6e··ng>0.1.65</stron
00038f90:·673e·3c2f·703e·3c75·6c3e·3c6c·693e·3c73··g></p><ul><li><s00038f90:·673e·3c2f·703e·3c75·6c3e·3c6c·693e·3c73··g></p><ul><li><s
00038fa0:·7472·6f6e·673e·6472·6166·743c·2f73·7472··trong>draft</str00038fa0:·7472·6f6e·673e·6472·6166·743c·2f73·7472··trong>draft</str
00038fb0:·6f6e·673e·0a20·2020·2020·2020·2020·2020··ong>.···········00038fb0:·6f6e·673e·0a20·2020·2020·2020·2020·2020··ong>.···········
00038fc0:·2020·2020·2020·2020·2028·6173·206f·6620···········(as·of·00038fc0:·2020·2020·2020·2020·2028·6173·206f·6620···········(as·of·
00038fd0:·3230·3234·2d30·312d·3134·290a·2020·2020··2024-01-14).····00038fd0:·3230·3235·2d30·322d·3135·290a·2020·2020··2025-02-15).····
00038fe0:·2020·2020·2020·2020·2020·2020·3c2f·6c69··············</li00038fe0:·2020·2020·2020·2020·2020·2020·3c2f·6c69··············</li
00038ff0:·3e3c·2f75·6c3e·3c2f·6469·763e·3c68·323e··></ul></div><h2>00038ff0:·3e3c·2f75·6c3e·3c2f·6469·763e·3c68·323e··></ul></div><h2>
00039000:·5461·626c·6520·6f66·2043·6f6e·7465·6e74··Table·of·Content00039000:·5461·626c·6520·6f66·2043·6f6e·7465·6e74··Table·of·Content
00039010:·733c·2f68·323e·3c6f·6c3e·3c6c·693e·3c61··s</h2><ol><li><a00039010:·733c·2f68·323e·3c6f·6c3e·3c6c·693e·3c61··s</h2><ol><li><a
00039020:·2068·7265·663d·2223·7863·6364·665f·6f72···href="#xccdf_or00039020:·2068·7265·663d·2223·7863·6364·665f·6f72···href="#xccdf_or
00039030:·672e·7373·6770·726f·6a65·6374·2e63·6f6e··g.ssgproject.con00039030:·672e·7373·6770·726f·6a65·6374·2e63·6f6e··g.ssgproject.con
00039040:·7465·6e74·5f67·726f·7570·5f73·7973·7465··tent_group_syste00039040:·7465·6e74·5f67·726f·7570·5f73·7973·7465··tent_group_syste
Offset 102785, 23 lines modifiedOffset 102785, 23 lines modified
00191800:·7175·6972·6564·0a20·202d·2072·6573·7472··quired.··-·restr00191800:·7175·6972·6564·0a20·202d·2072·6573·7472··quired.··-·restr
00191810:·6963·745f·7374·7261·7465·6779·0a0a·2d20··ict_strategy..-·00191810:·6963·745f·7374·7261·7465·6779·0a0a·2d20··ict_strategy..-·
00191820:·6e61·6d65·3a20·5365·7420·6172·6368·6974··name:·Set·archit00191820:·6e61·6d65·3a20·5365·7420·6172·6368·6974··name:·Set·archit
00191830:·6563·7475·7265·2066·6f72·2061·7564·6974··ecture·for·audit00191830:·6563·7475·7265·2066·6f72·2061·7564·6974··ecture·for·audit
00191840:·2063·686d·6f64·2074·6173·6b73·0a20·2073···chmod·tasks.··s00191840:·2063·686d·6f64·2074·6173·6b73·0a20·2073···chmod·tasks.··s
00191850:·6574·5f66·6163·743a·0a20·2020·2061·7564··et_fact:.····aud00191850:·6574·5f66·6163·743a·0a20·2020·2061·7564··et_fact:.····aud
00191860:·6974·5f61·7263·683a·2062·3634·0a20·2077··it_arch:·b64.··w00191860:·6974·5f61·7263·683a·2062·3634·0a20·2077··it_arch:·b64.··w
00191870:·6865·6e3a·0a20·202d·2027·2261·7564·6974··hen:.··-·'"audit00191870:·6865·6e3a·0a20·202d·2061·6e73·6962·6c65··hen:.··-·ansible
00191880:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
00191890:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··- 
001918a0:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual 
001918b0:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not 
001918c0:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·" 
001918d0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",· 
001918e0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta00191880:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
 00191890:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
 001918a0:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
 001918b0:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
 001918c0:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
 001918d0:·202d·2027·2261·7564·6974·2220·696e·2061···-·'"audit"·in·a
 001918e0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
001918f0:·696e·6572·225d·0a20·202d·2061·6e73·6962··iner"].··-·ansib001918f0:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib
00191900:·6c65·5f61·7263·6869·7465·6374·7572·6520··le_architecture·00191900:·6c65·5f61·7263·6869·7465·6374·7572·6520··le_architecture·
00191910:·3d3d·2022·6161·7263·6836·3422·206f·7220··==·"aarch64"·or·00191910:·3d3d·2022·6161·7263·6836·3422·206f·7220··==·"aarch64"·or·
00191920:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec00191920:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec
00191930:·7475·7265·203d·3d20·2270·7063·3634·2220··ture·==·"ppc64"·00191930:·7475·7265·203d·3d20·2270·7063·3634·2220··ture·==·"ppc64"·
00191940:·6f72·2061·6e73·6962·6c65·5f61·7263·6869··or·ansible_archi00191940:·6f72·2061·6e73·6962·6c65·5f61·7263·6869··or·ansible_archi
00191950:·7465·6374·7572·650a·2020·2020·3d3d·2022··tecture.····==·"00191950:·7465·6374·7572·650a·2020·2020·3d3d·2022··tecture.····==·"
00191960:·7070·6336·346c·6522·206f·7220·616e·7369··ppc64le"·or·ansi00191960:·7070·6336·346c·6522·206f·7220·616e·7369··ppc64le"·or·ansi
Offset 103108, 23 lines modifiedOffset 103108, 23 lines modified
00192c30:·4620·6b65·793d·7065·726d·5f6d·6f64·0a20··F·key=perm_mod.·00192c30:·4620·6b65·793d·7065·726d·5f6d·6f64·0a20··F·key=perm_mod.·
00192c40:·2020·2020·2063·7265·6174·653a·2074·7275·······create:·tru00192c40:·2020·2020·2063·7265·6174·653a·2074·7275·······create:·tru
00192c50:·650a·2020·2020·2020·6d6f·6465·3a20·6f2d··e.······mode:·o-00192c50:·650a·2020·2020·2020·6d6f·6465·3a20·6f2d··e.······mode:·o-
00192c60:·7277·780a·2020·2020·2020·7374·6174·653a··rwx.······state:00192c60:·7277·780a·2020·2020·2020·7374·6174·653a··rwx.······state:
00192c70:·2070·7265·7365·6e74·0a20·2020·2077·6865···present.····whe00192c70:·2070·7265·7365·6e74·0a20·2020·2077·6865···present.····whe
00192c80:·6e3a·2073·7973·6361·6c6c·735f·666f·756e··n:·syscalls_foun00192c80:·6e3a·2073·7973·6361·6c6c·735f·666f·756e··n:·syscalls_foun
00192c90:·6420·7c20·6c65·6e67·7468·203d·3d20·300a··d·|·length·==·0.00192c90:·6420·7c20·6c65·6e67·7468·203d·3d20·300a··d·|·length·==·0.
00192ca0:·2020·7768·656e·3a0a·2020·2d20·2722·6175····when:.··-·'"au00192ca0:·2020·7768·656e·3a0a·2020·2d20·616e·7369····when:.··-·ansi
00192cb0:·6469·7422·2069·6e20·616e·7369·626c·655f··dit"·in·ansible_ 
00192cc0:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'. 
00192cd0:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt 
00192ce0:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type· 
00192cf0:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker" 
00192d00:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz 
00192d10:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co 
00192d20:·6e74·6169·6e65·7222·5d0a·2020·7461·6773··ntainer"].··tags00192cb0:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
 00192cc0:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
 00192cd0:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
 00192ce0:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
 00192cf0:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
 00192d00:·5d0a·2020·2d20·2722·6175·6469·7422·2069··].··-·'"audit"·i
 00192d10:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
 00192d20:·7061·636b·6167·6573·270a·2020·7461·6773··packages'.··tags
00192d30:·3a0a·2020·2d20·434a·4953·2d35·2e34·2e31··:.··-·CJIS-5.4.100192d30:·3a0a·2020·2d20·434a·4953·2d35·2e34·2e31··:.··-·CJIS-5.4.1
00192d40:·2e31·0a20·202d·2044·4953·412d·5354·4947··.1.··-·DISA-STIG00192d40:·2e31·0a20·202d·2044·4953·412d·5354·4947··.1.··-·DISA-STIG
00192d50:·2d52·4845·4c2d·3038·2d30·3330·3439·300a··-RHEL-08-030490.00192d50:·2d52·4845·4c2d·3038·2d30·3330·3439·300a··-RHEL-08-030490.
00192d60:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-17100192d60:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-171
00192d70:·2d33·2e31·2e37·0a20·202d·204e·4953·542d··-3.1.7.··-·NIST-00192d70:·2d33·2e31·2e37·0a20·202d·204e·4953·542d··-3.1.7.··-·NIST-
00192d80:·3830·302d·3533·2d41·552d·3132·2863·290a··800-53-AU-12(c).00192d80:·3830·302d·3533·2d41·552d·3132·2863·290a··800-53-AU-12(c).
00192d90:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-00192d90:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-
Offset 103420, 23 lines modifiedOffset 103420, 23 lines modified
00193fb0:·7065·726d·5f6d·6f64·0a20·2020·2020·2063··perm_mod.······c00193fb0:·7065·726d·5f6d·6f64·0a20·2020·2020·2063··perm_mod.······c
00193fc0:·7265·6174·653a·2074·7275·650a·2020·2020··reate:·true.····00193fc0:·7265·6174·653a·2074·7275·650a·2020·2020··reate:·true.····
00193fd0:·2020·6d6f·6465·3a20·6f2d·7277·780a·2020····mode:·o-rwx.··00193fd0:·2020·6d6f·6465·3a20·6f2d·7277·780a·2020····mode:·o-rwx.··
00193fe0:·2020·2020·7374·6174·653a·2070·7265·7365······state:·prese00193fe0:·2020·2020·7374·6174·653a·2070·7265·7365······state:·prese
00193ff0:·6e74·0a20·2020·2077·6865·6e3a·2073·7973··nt.····when:·sys00193ff0:·6e74·0a20·2020·2077·6865·6e3a·2073·7973··nt.····when:·sys
00194000:·6361·6c6c·735f·666f·756e·6420·7c20·6c65··calls_found·|·le00194000:·6361·6c6c·735f·666f·756e·6420·7c20·6c65··calls_found·|·le
00194010:·6e67·7468·203d·3d20·300a·2020·7768·656e··ngth·==·0.··when00194010:·6e67·7468·203d·3d20·300a·2020·7768·656e··ngth·==·0.··when
00194020:·3a0a·2020·2d20·2722·6175·6469·7422·2069··:.··-·'"audit"·i 
00194030:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
00194040:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an 
00194050:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza 
00194060:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in 
00194070:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc 
00194080:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po 
00194090:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe00194020:·3a0a·2020·2d20·616e·7369·626c·655f·7669··:.··-·ansible_vi
 00194030:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
 00194040:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
 00194050:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
 00194060:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
 00194070:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·
 00194080:·2722·6175·6469·7422·2069·6e20·616e·7369··'"audit"·in·ansi
 00194090:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
001940a0:·7222·5d0a·2020·2d20·6175·6469·745f·6172··r"].··-·audit_ar001940a0:·6573·270a·2020·2d20·6175·6469·745f·6172··es'.··-·audit_ar
001940b0:·6368·203d·3d20·2262·3634·220a·2020·7461··ch·==·"b64".··ta001940b0:·6368·203d·3d20·2262·3634·220a·2020·7461··ch·==·"b64".··ta
001940c0:·6773·3a0a·2020·2d20·434a·4953·2d35·2e34··gs:.··-·CJIS-5.4001940c0:·6773·3a0a·2020·2d20·434a·4953·2d35·2e34··gs:.··-·CJIS-5.4
001940d0:·2e31·2e31·0a20·202d·2044·4953·412d·5354··.1.1.··-·DISA-ST001940d0:·2e31·2e31·0a20·202d·2044·4953·412d·5354··.1.1.··-·DISA-ST
001940e0:·4947·2d52·4845·4c2d·3038·2d30·3330·3439··IG-RHEL-08-03049001940e0:·4947·2d52·4845·4c2d·3038·2d30·3330·3439··IG-RHEL-08-03049
001940f0:·300a·2020·2d20·4e49·5354·2d38·3030·2d31··0.··-·NIST-800-1001940f0:·300a·2020·2d20·4e49·5354·2d38·3030·2d31··0.··-·NIST-800-1
00194100:·3731·2d33·2e31·2e37·0a20·202d·204e·4953··71-3.1.7.··-·NIS00194100:·3731·2d33·2e31·2e37·0a20·202d·204e·4953··71-3.1.7.··-·NIS
00194110:·542d·3830·302d·3533·2d41·552d·3132·2863··T-800-53-AU-12(c00194110:·542d·3830·302d·3533·2d41·552d·3132·2863··T-800-53-AU-12(c
Offset 103470, 20 lines modifiedOffset 103470, 20 lines modified
001942d0:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col001942d0:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col
001942e0:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·001942e0:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·
001942f0:·6964·3d22·6964·6d32·3533·3930·223e·3c70··id="idm25390"><p001942f0:·6964·3d22·6964·6d32·3533·3930·223e·3c70··id="idm25390"><p
00194300:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed00194300:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed
00194310:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic00194310:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic
00194320:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer00194320:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer
00194330:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i00194330:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i
00194340:·6620·7270·6d20·2d2d·7175·6965·7420·2d71··f·rpm·--quiet·-q 
00194350:·2061·7564·6974·2026·616d·703b·2661·6d70···audit·&amp;&amp 
00194360:·3b20·5b20·2120·2d66·202f·2e64·6f63·6b65··;·[·!·-f·/.docke00194340:·6620·5b20·2120·2d66·202f·2e64·6f63·6b65··f·[·!·-f·/.docke
00194370:·7265·6e76·205d·2026·616d·703b·2661·6d70··renv·]·&amp;&amp00194350:·7265·6e76·205d·2026·616d·703b·2661·6d70··renv·]·&amp;&amp
00194380:·3b20·5b20·2120·2d66·202f·7275·6e2f·2e63··;·[·!·-f·/run/.c00194360:·3b20·5b20·2120·2d66·202f·7275·6e2f·2e63··;·[·!·-f·/run/.c
00194390:·6f6e·7461·696e·6572·656e·7620·5d3b·2074··ontainerenv·];·t00194370:·6f6e·7461·696e·6572·656e·7620·5d20·2661··ontainerenv·]·&a
 00194380:·6d70·3b26·616d·703b·2072·706d·202d·2d71··mp;&amp;·rpm·--q
 00194390:·7569·6574·202d·7120·6175·6469·743b·2074··uiet·-q·audit;·t
001943a0:·6865·6e0a·0a23·2046·6972·7374·2070·6572··hen..#·First·per001943a0:·6865·6e0a·0a23·2046·6972·7374·2070·6572··hen..#·First·per
001943b0:·666f·726d·2074·6865·2072·656d·6564·6961··form·the·remedia001943b0:·666f·726d·2074·6865·2072·656d·6564·6961··form·the·remedia
001943c0:·7469·6f6e·206f·6620·7468·6520·7379·7363··tion·of·the·sysc001943c0:·7469·6f6e·206f·6620·7468·6520·7379·7363··tion·of·the·sysc
001943d0:·616c·6c20·7275·6c65·0a23·2052·6574·7269··all·rule.#·Retri001943d0:·616c·6c20·7275·6c65·0a23·2052·6574·7269··all·rule.#·Retri
Max diff block lines reached; 575859/585381 bytes (98.37%) of diff not shown.
174 KB
html2text {}
    
Offset 78, 15 lines modifiedOffset 78, 15 lines modified
78 ····*·cpe:/o:redhat:enterprise_linux:8.778 ····*·cpe:/o:redhat:enterprise_linux:8.7
79 ····*·cpe:/o:redhat:enterprise_linux:8.879 ····*·cpe:/o:redhat:enterprise_linux:8.8
80 ····*·cpe:/o:redhat:enterprise_linux:8.980 ····*·cpe:/o:redhat:enterprise_linux:8.9
81 ····*·cpe:/o:redhat:enterprise_linux:881 ····*·cpe:/o:redhat:enterprise_linux:8
82 ····*·cpe:/o:centos:centos:882 ····*·cpe:/o:centos:centos:8
83 *****·Revision·History·*****83 *****·Revision·History·*****
84 Current·version:·0.1.6584 Current·version:·0.1.65
85 ····*·draft·(as·of·2024-01-14)85 ····*·draft·(as·of·2025-02-15)
86 *****·Table·of·Contents·*****86 *****·Table·of·Contents·*****
87 ···1.·System_Settings87 ···1.·System_Settings
88 ·········1.·Installing_and_Maintaining_Software88 ·········1.·Installing_and_Maintaining_Software
89 ·········2.·Account_and_Access_Control89 ·········2.·Account_and_Access_Control
90 ·········3.·System_Accounting_with_auditd90 ·········3.·System_Accounting_with_auditd
91 ·········4.·GRUB2_bootloader_configuration91 ·········4.·GRUB2_bootloader_configuration
92 ·········5.·Configure_Syslog92 ·········5.·Configure_Syslog
Offset 17153, 16 lines modifiedOffset 17153, 16 lines modified
17153 ··-·reboot_required17153 ··-·reboot_required
17154 ··-·restrict_strategy17154 ··-·restrict_strategy
  
17155 -·name:·Set·architecture·for·audit·chmod·tasks17155 -·name:·Set·architecture·for·audit·chmod·tasks
17156 ··set_fact:17156 ··set_fact:
17157 ····audit_arch:·b6417157 ····audit_arch:·b64
17158 ··when:17158 ··when:
17159 ··-·'"audit"·in·ansible_facts.packages' 
17160 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]17159 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 17160 ··-·'"audit"·in·ansible_facts.packages'
17161 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture17161 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
17162 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"17162 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
17163 ··tags:17163 ··tags:
17164 ··-·CJIS-5.4.1.117164 ··-·CJIS-5.4.1.1
17165 ··-·DISA-STIG-RHEL-08-03049017165 ··-·DISA-STIG-RHEL-08-030490
17166 ··-·NIST-800-171-3.1.717166 ··-·NIST-800-171-3.1.7
17167 ··-·NIST-800-53-AU-12(c)17167 ··-·NIST-800-53-AU-12(c)
Offset 17299, 16 lines modifiedOffset 17299, 16 lines modified
17299 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100017299 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
17300 ········-F·auid!=unset·-F·key=perm_mod17300 ········-F·auid!=unset·-F·key=perm_mod
17301 ······create:·true17301 ······create:·true
17302 ······mode:·o-rwx17302 ······mode:·o-rwx
17303 ······state:·present17303 ······state:·present
17304 ····when:·syscalls_found·|·length·==·017304 ····when:·syscalls_found·|·length·==·0
17305 ··when:17305 ··when:
17306 ··-·'"audit"·in·ansible_facts.packages' 
17307 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]17306 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 17307 ··-·'"audit"·in·ansible_facts.packages'
17308 ··tags:17308 ··tags:
17309 ··-·CJIS-5.4.1.117309 ··-·CJIS-5.4.1.1
17310 ··-·DISA-STIG-RHEL-08-03049017310 ··-·DISA-STIG-RHEL-08-030490
17311 ··-·NIST-800-171-3.1.717311 ··-·NIST-800-171-3.1.7
17312 ··-·NIST-800-53-AU-12(c)17312 ··-·NIST-800-53-AU-12(c)
17313 ··-·NIST-800-53-AU-2(d)17313 ··-·NIST-800-53-AU-2(d)
17314 ··-·NIST-800-53-CM-6(a)17314 ··-·NIST-800-53-CM-6(a)
Offset 17443, 16 lines modifiedOffset 17443, 16 lines modified
17443 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100017443 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
17444 ········-F·auid!=unset·-F·key=perm_mod17444 ········-F·auid!=unset·-F·key=perm_mod
17445 ······create:·true17445 ······create:·true
17446 ······mode:·o-rwx17446 ······mode:·o-rwx
17447 ······state:·present17447 ······state:·present
17448 ····when:·syscalls_found·|·length·==·017448 ····when:·syscalls_found·|·length·==·0
17449 ··when:17449 ··when:
17450 ··-·'"audit"·in·ansible_facts.packages' 
17451 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]17450 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 17451 ··-·'"audit"·in·ansible_facts.packages'
17452 ··-·audit_arch·==·"b64"17452 ··-·audit_arch·==·"b64"
17453 ··tags:17453 ··tags:
17454 ··-·CJIS-5.4.1.117454 ··-·CJIS-5.4.1.1
17455 ··-·DISA-STIG-RHEL-08-03049017455 ··-·DISA-STIG-RHEL-08-030490
17456 ··-·NIST-800-171-3.1.717456 ··-·NIST-800-171-3.1.7
17457 ··-·NIST-800-53-AU-12(c)17457 ··-·NIST-800-53-AU-12(c)
17458 ··-·NIST-800-53-AU-2(d)17458 ··-·NIST-800-53-AU-2(d)
Offset 17462, 15 lines modifiedOffset 17462, 15 lines modified
17462 ··-·low_complexity17462 ··-·low_complexity
17463 ··-·low_disruption17463 ··-·low_disruption
17464 ··-·medium_severity17464 ··-·medium_severity
17465 ··-·reboot_required17465 ··-·reboot_required
17466 ··-·restrict_strategy17466 ··-·restrict_strategy
17467 Remediation_Shell_script_⇲17467 Remediation_Shell_script_⇲
17468 #·Remediation·is·applicable·only·in·certain·platforms17468 #·Remediation·is·applicable·only·in·certain·platforms
17469 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then17469 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
17470 #·First·perform·the·remediation·of·the·syscall·rule17470 #·First·perform·the·remediation·of·the·syscall·rule
17471 #·Retrieve·hardware·architecture·of·the·underlying·system17471 #·Retrieve·hardware·architecture·of·the·underlying·system
17472 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")17472 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
17473 for·ARCH·in·"${RULE_ARCHS[@]}"17473 for·ARCH·in·"${RULE_ARCHS[@]}"
17474 do17474 do
Offset 17831, 16 lines modifiedOffset 17831, 16 lines modified
17831 ··-·reboot_required17831 ··-·reboot_required
17832 ··-·restrict_strategy17832 ··-·restrict_strategy
  
17833 -·name:·Set·architecture·for·audit·chown·tasks17833 -·name:·Set·architecture·for·audit·chown·tasks
17834 ··set_fact:17834 ··set_fact:
17835 ····audit_arch:·b6417835 ····audit_arch:·b64
17836 ··when:17836 ··when:
17837 ··-·'"audit"·in·ansible_facts.packages' 
17838 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]17837 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 17838 ··-·'"audit"·in·ansible_facts.packages'
17839 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture17839 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
17840 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"17840 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
17841 ··tags:17841 ··tags:
17842 ··-·CJIS-5.4.1.117842 ··-·CJIS-5.4.1.1
17843 ··-·DISA-STIG-RHEL-08-03048017843 ··-·DISA-STIG-RHEL-08-030480
17844 ··-·NIST-800-171-3.1.717844 ··-·NIST-800-171-3.1.7
17845 ··-·NIST-800-53-AU-12(c)17845 ··-·NIST-800-53-AU-12(c)
Offset 17979, 16 lines modifiedOffset 17979, 16 lines modified
17979 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100017979 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
17980 ········-F·auid!=unset·-F·key=perm_mod17980 ········-F·auid!=unset·-F·key=perm_mod
17981 ······create:·true17981 ······create:·true
17982 ······mode:·o-rwx17982 ······mode:·o-rwx
17983 ······state:·present17983 ······state:·present
17984 ····when:·syscalls_found·|·length·==·017984 ····when:·syscalls_found·|·length·==·0
17985 ··when:17985 ··when:
17986 ··-·'"audit"·in·ansible_facts.packages' 
17987 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]17986 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 17987 ··-·'"audit"·in·ansible_facts.packages'
17988 ··tags:17988 ··tags:
17989 ··-·CJIS-5.4.1.117989 ··-·CJIS-5.4.1.1
17990 ··-·DISA-STIG-RHEL-08-03048017990 ··-·DISA-STIG-RHEL-08-030480
17991 ··-·NIST-800-171-3.1.717991 ··-·NIST-800-171-3.1.7
17992 ··-·NIST-800-53-AU-12(c)17992 ··-·NIST-800-53-AU-12(c)
17993 ··-·NIST-800-53-AU-2(d)17993 ··-·NIST-800-53-AU-2(d)
17994 ··-·NIST-800-53-CM-6(a)17994 ··-·NIST-800-53-CM-6(a)
Offset 18125, 16 lines modifiedOffset 18125, 16 lines modified
18125 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100018125 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
18126 ········-F·auid!=unset·-F·key=perm_mod18126 ········-F·auid!=unset·-F·key=perm_mod
18127 ······create:·true18127 ······create:·true
18128 ······mode:·o-rwx18128 ······mode:·o-rwx
18129 ······state:·present18129 ······state:·present
Max diff block lines reached; 173637/178135 bytes (97.47%) of diff not shown.
1.98 KB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-anssi_bp28_enhanced.html
    
Offset 14418, 16 lines modifiedOffset 14418, 16 lines modified
00038510:·7369·6f6e·2048·6973·746f·7279·3c2f·6832··sion·History</h200038510:·7369·6f6e·2048·6973·746f·7279·3c2f·6832··sion·History</h2
00038520:·3e3c·703e·4375·7272·656e·7420·7665·7273··><p>Current·vers00038520:·3e3c·703e·4375·7272·656e·7420·7665·7273··><p>Current·vers
00038530:·696f·6e3a·203c·7374·726f·6e67·3e30·2e31··ion:·<strong>0.100038530:·696f·6e3a·203c·7374·726f·6e67·3e30·2e31··ion:·<strong>0.1
00038540:·2e36·353c·2f73·7472·6f6e·673e·3c2f·703e··.65</strong></p>00038540:·2e36·353c·2f73·7472·6f6e·673e·3c2f·703e··.65</strong></p>
00038550:·3c75·6c3e·3c6c·693e·3c73·7472·6f6e·673e··<ul><li><strong>00038550:·3c75·6c3e·3c6c·693e·3c73·7472·6f6e·673e··<ul><li><strong>
00038560:·6472·6166·743c·2f73·7472·6f6e·673e·0a20··draft</strong>.·00038560:·6472·6166·743c·2f73·7472·6f6e·673e·0a20··draft</strong>.·
00038570:·2020·2020·2020·2020·2020·2020·2020·2020··················00038570:·2020·2020·2020·2020·2020·2020·2020·2020··················
00038580:·2020·2028·6173·206f·6620·3230·3234·2d30·····(as·of·2024-000038580:·2020·2028·6173·206f·6620·3230·3235·2d30·····(as·of·2025-0
00038590:·312d·3134·290a·2020·2020·2020·2020·2020··1-14).··········00038590:·322d·3135·290a·2020·2020·2020·2020·2020··2-15).··········
000385a0:·2020·2020·2020·3c2f·6c69·3e3c·2f75·6c3e········</li></ul>000385a0:·2020·2020·2020·3c2f·6c69·3e3c·2f75·6c3e········</li></ul>
000385b0:·3c2f·6469·763e·3c68·323e·5461·626c·6520··</div><h2>Table·000385b0:·3c2f·6469·763e·3c68·323e·5461·626c·6520··</div><h2>Table·
000385c0:·6f66·2043·6f6e·7465·6e74·733c·2f68·323e··of·Contents</h2>000385c0:·6f66·2043·6f6e·7465·6e74·733c·2f68·323e··of·Contents</h2>
000385d0:·3c6f·6c3e·3c6c·693e·3c61·2068·7265·663d··<ol><li><a·href=000385d0:·3c6f·6c3e·3c6c·693e·3c61·2068·7265·663d··<ol><li><a·href=
000385e0:·2223·7863·6364·665f·6f72·672e·7373·6770··"#xccdf_org.ssgp000385e0:·2223·7863·6364·665f·6f72·672e·7373·6770··"#xccdf_org.ssgp
000385f0:·726f·6a65·6374·2e63·6f6e·7465·6e74·5f67··roject.content_g000385f0:·726f·6a65·6374·2e63·6f6e·7465·6e74·5f67··roject.content_g
00038600:·726f·7570·5f73·7973·7465·6d22·3e53·7973··roup_system">Sys00038600:·726f·7570·5f73·7973·7465·6d22·3e53·7973··roup_system">Sys
627 B
html2text {}
    
Offset 61, 15 lines modifiedOffset 61, 15 lines modified
61 Profile·Title·ANSSI-BP-028·(enhanced)61 Profile·Title·ANSSI-BP-028·(enhanced)
62 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced62 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced
63 ***·CPE·Platforms·***63 ***·CPE·Platforms·***
64 ····*·cpe:/o:redhat:enterprise_linux:964 ····*·cpe:/o:redhat:enterprise_linux:9
65 ····*·cpe:/o:centos:centos:965 ····*·cpe:/o:centos:centos:9
66 *****·Revision·History·*****66 *****·Revision·History·*****
67 Current·version:·0.1.6567 Current·version:·0.1.65
68 ····*·draft·(as·of·2024-01-14)68 ····*·draft·(as·of·2025-02-15)
69 *****·Table·of·Contents·*****69 *****·Table·of·Contents·*****
70 ···1.·System_Settings70 ···1.·System_Settings
71 ·········1.·Installing_and_Maintaining_Software71 ·········1.·Installing_and_Maintaining_Software
72 ·········2.·Account_and_Access_Control72 ·········2.·Account_and_Access_Control
73 ·········3.·System_Accounting_with_auditd73 ·········3.·System_Accounting_with_auditd
74 ·········4.·GRUB2_bootloader_configuration74 ·········4.·GRUB2_bootloader_configuration
75 ·········5.·Configure_Syslog75 ·········5.·Configure_Syslog
1.97 KB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-anssi_bp28_high.html
    
Offset 14417, 16 lines modifiedOffset 14417, 16 lines modified
00038500:·7369·6f6e·2048·6973·746f·7279·3c2f·6832··sion·History</h200038500:·7369·6f6e·2048·6973·746f·7279·3c2f·6832··sion·History</h2
00038510:·3e3c·703e·4375·7272·656e·7420·7665·7273··><p>Current·vers00038510:·3e3c·703e·4375·7272·656e·7420·7665·7273··><p>Current·vers
00038520:·696f·6e3a·203c·7374·726f·6e67·3e30·2e31··ion:·<strong>0.100038520:·696f·6e3a·203c·7374·726f·6e67·3e30·2e31··ion:·<strong>0.1
00038530:·2e36·353c·2f73·7472·6f6e·673e·3c2f·703e··.65</strong></p>00038530:·2e36·353c·2f73·7472·6f6e·673e·3c2f·703e··.65</strong></p>
00038540:·3c75·6c3e·3c6c·693e·3c73·7472·6f6e·673e··<ul><li><strong>00038540:·3c75·6c3e·3c6c·693e·3c73·7472·6f6e·673e··<ul><li><strong>
00038550:·6472·6166·743c·2f73·7472·6f6e·673e·0a20··draft</strong>.·00038550:·6472·6166·743c·2f73·7472·6f6e·673e·0a20··draft</strong>.·
00038560:·2020·2020·2020·2020·2020·2020·2020·2020··················00038560:·2020·2020·2020·2020·2020·2020·2020·2020··················
00038570:·2020·2028·6173·206f·6620·3230·3234·2d30·····(as·of·2024-000038570:·2020·2028·6173·206f·6620·3230·3235·2d30·····(as·of·2025-0
00038580:·312d·3134·290a·2020·2020·2020·2020·2020··1-14).··········00038580:·322d·3135·290a·2020·2020·2020·2020·2020··2-15).··········
00038590:·2020·2020·2020·3c2f·6c69·3e3c·2f75·6c3e········</li></ul>00038590:·2020·2020·2020·3c2f·6c69·3e3c·2f75·6c3e········</li></ul>
000385a0:·3c2f·6469·763e·3c68·323e·5461·626c·6520··</div><h2>Table·000385a0:·3c2f·6469·763e·3c68·323e·5461·626c·6520··</div><h2>Table·
000385b0:·6f66·2043·6f6e·7465·6e74·733c·2f68·323e··of·Contents</h2>000385b0:·6f66·2043·6f6e·7465·6e74·733c·2f68·323e··of·Contents</h2>
000385c0:·3c6f·6c3e·3c6c·693e·3c61·2068·7265·663d··<ol><li><a·href=000385c0:·3c6f·6c3e·3c6c·693e·3c61·2068·7265·663d··<ol><li><a·href=
000385d0:·2223·7863·6364·665f·6f72·672e·7373·6770··"#xccdf_org.ssgp000385d0:·2223·7863·6364·665f·6f72·672e·7373·6770··"#xccdf_org.ssgp
000385e0:·726f·6a65·6374·2e63·6f6e·7465·6e74·5f67··roject.content_g000385e0:·726f·6a65·6374·2e63·6f6e·7465·6e74·5f67··roject.content_g
000385f0:·726f·7570·5f73·7973·7465·6d22·3e53·7973··roup_system">Sys000385f0:·726f·7570·5f73·7973·7465·6d22·3e53·7973··roup_system">Sys
619 B
html2text {}
    
Offset 61, 15 lines modifiedOffset 61, 15 lines modified
61 Profile·Title·ANSSI-BP-028·(high)61 Profile·Title·ANSSI-BP-028·(high)
62 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_high62 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_high
63 ***·CPE·Platforms·***63 ***·CPE·Platforms·***
64 ····*·cpe:/o:redhat:enterprise_linux:964 ····*·cpe:/o:redhat:enterprise_linux:9
65 ····*·cpe:/o:centos:centos:965 ····*·cpe:/o:centos:centos:9
66 *****·Revision·History·*****66 *****·Revision·History·*****
67 Current·version:·0.1.6567 Current·version:·0.1.65
68 ····*·draft·(as·of·2024-01-14)68 ····*·draft·(as·of·2025-02-15)
69 *****·Table·of·Contents·*****69 *****·Table·of·Contents·*****
70 ···1.·System_Settings70 ···1.·System_Settings
71 ·········1.·Installing_and_Maintaining_Software71 ·········1.·Installing_and_Maintaining_Software
72 ·········2.·Account_and_Access_Control72 ·········2.·Account_and_Access_Control
73 ·········3.·System_Accounting_with_auditd73 ·········3.·System_Accounting_with_auditd
74 ·········4.·GRUB2_bootloader_configuration74 ·········4.·GRUB2_bootloader_configuration
75 ·········5.·Configure_Syslog75 ·········5.·Configure_Syslog
2.0 KB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-anssi_bp28_intermediary.html
    
Offset 14419, 16 lines modifiedOffset 14419, 16 lines modified
00038520:·7369·6f6e·2048·6973·746f·7279·3c2f·6832··sion·History</h200038520:·7369·6f6e·2048·6973·746f·7279·3c2f·6832··sion·History</h2
00038530:·3e3c·703e·4375·7272·656e·7420·7665·7273··><p>Current·vers00038530:·3e3c·703e·4375·7272·656e·7420·7665·7273··><p>Current·vers
00038540:·696f·6e3a·203c·7374·726f·6e67·3e30·2e31··ion:·<strong>0.100038540:·696f·6e3a·203c·7374·726f·6e67·3e30·2e31··ion:·<strong>0.1
00038550:·2e36·353c·2f73·7472·6f6e·673e·3c2f·703e··.65</strong></p>00038550:·2e36·353c·2f73·7472·6f6e·673e·3c2f·703e··.65</strong></p>
00038560:·3c75·6c3e·3c6c·693e·3c73·7472·6f6e·673e··<ul><li><strong>00038560:·3c75·6c3e·3c6c·693e·3c73·7472·6f6e·673e··<ul><li><strong>
00038570:·6472·6166·743c·2f73·7472·6f6e·673e·0a20··draft</strong>.·00038570:·6472·6166·743c·2f73·7472·6f6e·673e·0a20··draft</strong>.·
00038580:·2020·2020·2020·2020·2020·2020·2020·2020··················00038580:·2020·2020·2020·2020·2020·2020·2020·2020··················
00038590:·2020·2028·6173·206f·6620·3230·3234·2d30·····(as·of·2024-000038590:·2020·2028·6173·206f·6620·3230·3235·2d30·····(as·of·2025-0
000385a0:·312d·3134·290a·2020·2020·2020·2020·2020··1-14).··········000385a0:·322d·3135·290a·2020·2020·2020·2020·2020··2-15).··········
000385b0:·2020·2020·2020·3c2f·6c69·3e3c·2f75·6c3e········</li></ul>000385b0:·2020·2020·2020·3c2f·6c69·3e3c·2f75·6c3e········</li></ul>
000385c0:·3c2f·6469·763e·3c68·323e·5461·626c·6520··</div><h2>Table·000385c0:·3c2f·6469·763e·3c68·323e·5461·626c·6520··</div><h2>Table·
000385d0:·6f66·2043·6f6e·7465·6e74·733c·2f68·323e··of·Contents</h2>000385d0:·6f66·2043·6f6e·7465·6e74·733c·2f68·323e··of·Contents</h2>
000385e0:·3c6f·6c3e·3c6c·693e·3c61·2068·7265·663d··<ol><li><a·href=000385e0:·3c6f·6c3e·3c6c·693e·3c61·2068·7265·663d··<ol><li><a·href=
000385f0:·2223·7863·6364·665f·6f72·672e·7373·6770··"#xccdf_org.ssgp000385f0:·2223·7863·6364·665f·6f72·672e·7373·6770··"#xccdf_org.ssgp
00038600:·726f·6a65·6374·2e63·6f6e·7465·6e74·5f67··roject.content_g00038600:·726f·6a65·6374·2e63·6f6e·7465·6e74·5f67··roject.content_g
00038610:·726f·7570·5f73·7973·7465·6d22·3e53·7973··roup_system">Sys00038610:·726f·7570·5f73·7973·7465·6d22·3e53·7973··roup_system">Sys
640 B
html2text {}
    
Offset 61, 15 lines modifiedOffset 61, 15 lines modified
61 Profile·Title·ANSSI-BP-028·(intermediary)61 Profile·Title·ANSSI-BP-028·(intermediary)
62 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary62 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary
63 ***·CPE·Platforms·***63 ***·CPE·Platforms·***
64 ····*·cpe:/o:redhat:enterprise_linux:964 ····*·cpe:/o:redhat:enterprise_linux:9
65 ····*·cpe:/o:centos:centos:965 ····*·cpe:/o:centos:centos:9
66 *****·Revision·History·*****66 *****·Revision·History·*****
67 Current·version:·0.1.6567 Current·version:·0.1.65
68 ····*·draft·(as·of·2024-01-14)68 ····*·draft·(as·of·2025-02-15)
69 *****·Table·of·Contents·*****69 *****·Table·of·Contents·*****
70 ···1.·System_Settings70 ···1.·System_Settings
71 ·········1.·Installing_and_Maintaining_Software71 ·········1.·Installing_and_Maintaining_Software
72 ·········2.·Account_and_Access_Control72 ·········2.·Account_and_Access_Control
73 ·········3.·System_Accounting_with_auditd73 ·········3.·System_Accounting_with_auditd
74 ·········4.·Configure_Syslog74 ·········4.·Configure_Syslog
75 ·········5.·Network_Configuration_and_Firewalls75 ·········5.·Network_Configuration_and_Firewalls
1.81 KB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-anssi_bp28_minimal.html
    
Offset 14418, 15 lines modifiedOffset 14418, 15 lines modified
00038510:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>00038510:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>
00038520:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:00038520:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:
00038530:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<00038530:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<
00038540:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>00038540:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>
00038550:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf00038550:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf
00038560:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····00038560:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····
00038570:·2020·2020·2020·2020·2020·2020·2020·2028·················(00038570:·2020·2020·2020·2020·2020·2020·2020·2028·················(
00038580:·6173·206f·6620·3230·3234·2d30·312d·3134··as·of·2024-01-1400038580:·6173·206f·6620·3230·3235·2d30·322d·3135··as·of·2025-02-15
00038590:·290a·2020·2020·2020·2020·2020·2020·2020··).··············00038590:·290a·2020·2020·2020·2020·2020·2020·2020··).··············
000385a0:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di000385a0:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di
000385b0:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C000385b0:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C
000385c0:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>000385c0:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>
000385d0:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc000385d0:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc
000385e0:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje000385e0:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje
000385f0:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group000385f0:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group
594 B
html2text {}
    
Offset 61, 15 lines modifiedOffset 61, 15 lines modified
61 Profile·Title·ANSSI-BP-028·(minimal)61 Profile·Title·ANSSI-BP-028·(minimal)
62 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_minimal62 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_minimal
63 ***·CPE·Platforms·***63 ***·CPE·Platforms·***
64 ····*·cpe:/o:redhat:enterprise_linux:964 ····*·cpe:/o:redhat:enterprise_linux:9
65 ····*·cpe:/o:centos:centos:965 ····*·cpe:/o:centos:centos:9
66 *****·Revision·History·*****66 *****·Revision·History·*****
67 Current·version:·0.1.6567 Current·version:·0.1.65
68 ····*·draft·(as·of·2024-01-14)68 ····*·draft·(as·of·2025-02-15)
69 *****·Table·of·Contents·*****69 *****·Table·of·Contents·*****
70 ···1.·System_Settings70 ···1.·System_Settings
71 ·········1.·Installing_and_Maintaining_Software71 ·········1.·Installing_and_Maintaining_Software
72 ·········2.·Account_and_Access_Control72 ·········2.·Account_and_Access_Control
73 ·········3.·Configure_Syslog73 ·········3.·Configure_Syslog
74 ·········4.·File_Permissions_and_Masks74 ·········4.·File_Permissions_and_Masks
75 ···2.·Services75 ···2.·Services
76.6 KB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-cis.html
    
Offset 14405, 15 lines modifiedOffset 14405, 15 lines modified
00038440:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>00038440:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>
00038450:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:00038450:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:
00038460:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<00038460:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<
00038470:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>00038470:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>
00038480:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf00038480:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf
00038490:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····00038490:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····
000384a0:·2020·2020·2020·2020·2020·2020·2020·2028·················(000384a0:·2020·2020·2020·2020·2020·2020·2020·2028·················(
000384b0:·6173·206f·6620·3230·3234·2d30·312d·3134··as·of·2024-01-14000384b0:·6173·206f·6620·3230·3235·2d30·322d·3135··as·of·2025-02-15
000384c0:·290a·2020·2020·2020·2020·2020·2020·2020··).··············000384c0:·290a·2020·2020·2020·2020·2020·2020·2020··).··············
000384d0:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di000384d0:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di
000384e0:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C000384e0:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C
000384f0:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>000384f0:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>
00038500:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc00038500:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc
00038510:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje00038510:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje
00038520:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group00038520:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group
Offset 182550, 22 lines modifiedOffset 182550, 22 lines modified
002c9150:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·002c9150:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·
002c9160:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub002c9160:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
002c9170:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···002c9170:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···
002c9180:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru002c9180:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru
002c9190:·6232·2f67·7275·622e·6366·670a·2020·7265··b2/grub.cfg.··re002c9190:·6232·2f67·7275·622e·6366·670a·2020·7265··b2/grub.cfg.··re
002c91a0:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi002c91a0:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi
002c91b0:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·002c91b0:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·
002c91c0:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not 
002c91d0:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun 
002c91e0:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu 
002c91f0:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li 
002c9200:·7374·270a·2020·2d20·2722·6772·7562·322d··st'.··-·'"grub2- 
002c9210:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib 
002c9220:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package002c91c0:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"·
 002c91d0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 002c91e0:·2e70·6163·6b61·6765·7327·0a20·202d·2027··.packages'.··-·'
 002c91f0:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not·
 002c9200:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount
 002c9210:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut
 002c9220:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis
002c9230:·7327·0a20·202d·2061·6e73·6962·6c65·5f76··s'.··-·ansible_v002c9230:·7427·0a20·202d·2061·6e73·6962·6c65·5f76··t'.··-·ansible_v
002c9240:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty002c9240:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
002c9250:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock002c9250:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
002c9260:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope002c9260:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
002c9270:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·002c9270:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
002c9280:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t002c9280:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t
002c9290:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.002c9290:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.
002c92a0:·352e·322e·320a·2020·2d20·4e49·5354·2d38··5.2.2.··-·NIST-8002c92a0:·352e·322e·320a·2020·2d20·4e49·5354·2d38··5.2.2.··-·NIST-8
Offset 182585, 22 lines modifiedOffset 182585, 22 lines modified
002c9380:·6564·6564·0a0a·2d20·6e61·6d65·3a20·456e··eded..-·name:·En002c9380:·6564·6564·0a0a·2d20·6e61·6d65·3a20·456e··eded..-·name:·En
002c9390:·7375·7265·2067·726f·7570·206f·776e·6572··sure·group·owner002c9390:·7375·7265·2067·726f·7570·206f·776e·6572··sure·group·owner
002c93a0:·2030·206f·6e20·2f62·6f6f·742f·6772·7562···0·on·/boot/grub002c93a0:·2030·206f·6e20·2f62·6f6f·742f·6772·7562···0·on·/boot/grub
002c93b0:·322f·6772·7562·2e63·6667·0a20·2066·696c··2/grub.cfg.··fil002c93b0:·322f·6772·7562·2e63·6667·0a20·2066·696c··2/grub.cfg.··fil
002c93c0:·653a·0a20·2020·2070·6174·683a·202f·626f··e:.····path:·/bo002c93c0:·653a·0a20·2020·2070·6174·683a·202f·626f··e:.····path:·/bo
002c93d0:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf002c93d0:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
002c93e0:·670a·2020·2020·6772·6f75·703a·2027·3027··g.····group:·'0'002c93e0:·670a·2020·2020·6772·6f75·703a·2027·3027··g.····group:·'0'
002c93f0:·0a20·2077·6865·6e3a·0a20·202d·2027·222f··.··when:.··-·'"/002c93f0:·0a20·2077·6865·6e3a·0a20·202d·2027·2267··.··when:.··-·'"g
002c9400:·626f·6f74·2f65·6669·2220·6e6f·7420·696e··boot/efi"·not·in 
002c9410:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts· 
002c9420:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute= 
002c9430:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list' 
002c9440:·0a20·202d·2027·2267·7275·6232·2d63·6f6d··.··-·'"grub2-com 
002c9450:·6d6f·6e22·2069·6e20·616e·7369·626c·655f··mon"·in·ansible_ 
002c9460:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.002c9400:·7275·6232·2d63·6f6d·6d6f·6e22·2069·6e20··rub2-common"·in·
 002c9410:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
 002c9420:·636b·6167·6573·270a·2020·2d20·2722·2f62··ckages'.··-·'"/b
 002c9430:·6f6f·742f·6566·6922·206e·6f74·2069·6e20··oot/efi"·not·in·
 002c9440:·616e·7369·626c·655f·6d6f·756e·7473·207c··ansible_mounts·|
 002c9450:·206d·6170·2861·7474·7269·6275·7465·3d22···map(attribute="
 002c9460:·6d6f·756e·7422·2920·7c20·6c69·7374·270a··mount")·|·list'.
002c9470:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt002c9470:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt
002c9480:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type·002c9480:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type·
002c9490:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker"002c9490:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker"
002c94a0:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz002c94a0:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz
002c94b0:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co002c94b0:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co
002c94c0:·6e74·6169·6e65·7222·5d0a·2020·2d20·6669··ntainer"].··-·fi002c94c0:·6e74·6169·6e65·7222·5d0a·2020·2d20·6669··ntainer"].··-·fi
002c94d0:·6c65·5f65·7869·7374·732e·7374·6174·2069··le_exists.stat·i002c94d0:·6c65·5f65·7869·7374·732e·7374·6174·2069··le_exists.stat·i
Offset 182651, 19 lines modifiedOffset 182651, 19 lines modified
002c97a0:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t002c97a0:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t
002c97b0:·683e·3c74·643e·636f·6e66·6967·7572·653c··h><td>configure<002c97b0:·683e·3c74·643e·636f·6e66·6967·7572·653c··h><td>configure<
002c97c0:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table002c97c0:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table
002c97d0:·3e3c·7072·653e·3c63·6f64·653e·2320·5265··><pre><code>#·Re002c97d0:·3e3c·7072·653e·3c63·6f64·653e·2320·5265··><pre><code>#·Re
002c97e0:·6d65·6469·6174·696f·6e20·6973·2061·7070··mediation·is·app002c97e0:·6d65·6469·6174·696f·6e20·6973·2061·7070··mediation·is·app
002c97f0:·6c69·6361·626c·6520·6f6e·6c79·2069·6e20··licable·only·in·002c97f0:·6c69·6361·626c·6520·6f6e·6c79·2069·6e20··licable·only·in·
002c9800:·6365·7274·6169·6e20·706c·6174·666f·726d··certain·platform002c9800:·6365·7274·6169·6e20·706c·6174·666f·726d··certain·platform
002c9810:·730a·6966·205b·2021·202d·6620·2f73·7973··s.if·[·!·-f·/sys 
002c9820:·2f66·6972·6d77·6172·652f·6566·6920·5d20··/firmware/efi·]· 
002c9830:·2661·6d70·3b26·616d·703b·2072·706d·202d··&amp;&amp;·rpm·- 
002c9840:·2d71·7569·6574·202d·7120·6772·7562·322d··-quiet·-q·grub2-002c9810:·730a·6966·2072·706d·202d·2d71·7569·6574··s.if·rpm·--quiet
 002c9820:·202d·7120·6772·7562·322d·636f·6d6d·6f6e···-q·grub2-common
 002c9830:·2026·616d·703b·2661·6d70·3b20·5b20·2120···&amp;&amp;·[·!·
 002c9840:·2d66·202f·7379·732f·6669·726d·7761·7265··-f·/sys/firmware
002c9850:·636f·6d6d·6f6e·2026·616d·703b·2661·6d70··common·&amp;&amp002c9850:·2f65·6669·205d·2026·616d·703b·2661·6d70··/efi·]·&amp;&amp
002c9860:·3b20·7b20·5b20·2120·2d66·202f·2e64·6f63··;·{·[·!·-f·/.doc002c9860:·3b20·7b20·5b20·2120·2d66·202f·2e64·6f63··;·{·[·!·-f·/.doc
002c9870:·6b65·7265·6e76·205d·2026·616d·703b·2661··kerenv·]·&amp;&a002c9870:·6b65·7265·6e76·205d·2026·616d·703b·2661··kerenv·]·&amp;&a
002c9880:·6d70·3b20·5b20·2120·2d66·202f·7275·6e2f··mp;·[·!·-f·/run/002c9880:·6d70·3b20·5b20·2120·2d66·202f·7275·6e2f··mp;·[·!·-f·/run/
002c9890:·2e63·6f6e·7461·696e·6572·656e·7620·5d3b··.containerenv·];002c9890:·2e63·6f6e·7461·696e·6572·656e·7620·5d3b··.containerenv·];
002c98a0:·207d·3b20·7468·656e·0a0a·6368·6772·7020···};·then..chgrp·002c98a0:·207d·3b20·7468·656e·0a0a·6368·6772·7020···};·then..chgrp·
002c98b0:·3020·2f62·6f6f·742f·6772·7562·322f·6772··0·/boot/grub2/gr002c98b0:·3020·2f62·6f6f·742f·6772·7562·322f·6772··0·/boot/grub2/gr
002c98c0:·7562·2e63·6667·0a0a·656c·7365·0a20·2020··ub.cfg..else.···002c98c0:·7562·2e63·6667·0a0a·656c·7365·0a20·2020··ub.cfg..else.···
Offset 183148, 22 lines modifiedOffset 183148, 22 lines modified
002cb6b0:·0a0a·2d20·6e61·6d65·3a20·5465·7374·2066··..-·name:·Test·f002cb6b0:·0a0a·2d20·6e61·6d65·3a20·5465·7374·2066··..-·name:·Test·f
002cb6c0:·6f72·2065·7869·7374·656e·6365·202f·626f··or·existence·/bo002cb6c0:·6f72·2065·7869·7374·656e·6365·202f·626f··or·existence·/bo
002cb6d0:·6f74·2f67·7275·6232·2f75·7365·722e·6366··ot/grub2/user.cf002cb6d0:·6f74·2f67·7275·6232·2f75·7365·722e·6366··ot/grub2/user.cf
002cb6e0:·670a·2020·7374·6174·3a0a·2020·2020·7061··g.··stat:.····pa002cb6e0:·670a·2020·7374·6174·3a0a·2020·2020·7061··g.··stat:.····pa
002cb6f0:·7468·3a20·2f62·6f6f·742f·6772·7562·322f··th:·/boot/grub2/002cb6f0:·7468·3a20·2f62·6f6f·742f·6772·7562·322f··th:·/boot/grub2/
002cb700:·7573·6572·2e63·6667·0a20·2072·6567·6973··user.cfg.··regis002cb700:·7573·6572·2e63·6667·0a20·2072·6567·6973··user.cfg.··regis
002cb710:·7465·723a·2066·696c·655f·6578·6973·7473··ter:·file_exists002cb710:·7465·723a·2066·696c·655f·6578·6973·7473··ter:·file_exists
002cb720:·0a20·2077·6865·6e3a·0a20·202d·2027·222f··.··when:.··-·'"/002cb720:·0a20·2077·6865·6e3a·0a20·202d·2027·2267··.··when:.··-·'"g
002cb730:·626f·6f74·2f65·6669·2220·6e6f·7420·696e··boot/efi"·not·in 
002cb740:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts· 
002cb750:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute= 
002cb760:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list' 
002cb770:·0a20·202d·2027·2267·7275·6232·2d63·6f6d··.··-·'"grub2-com 
002cb780:·6d6f·6e22·2069·6e20·616e·7369·626c·655f··mon"·in·ansible_ 
002cb790:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.002cb730:·7275·6232·2d63·6f6d·6d6f·6e22·2069·6e20··rub2-common"·in·
 002cb740:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
 002cb750:·636b·6167·6573·270a·2020·2d20·2722·2f62··ckages'.··-·'"/b
 002cb760:·6f6f·742f·6566·6922·206e·6f74·2069·6e20··oot/efi"·not·in·
 002cb770:·616e·7369·626c·655f·6d6f·756e·7473·207c··ansible_mounts·|
 002cb780:·206d·6170·2861·7474·7269·6275·7465·3d22···map(attribute="
 002cb790:·6d6f·756e·7422·2920·7c20·6c69·7374·270a··mount")·|·list'.
002cb7a0:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt002cb7a0:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt
002cb7b0:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type·002cb7b0:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type·
002cb7c0:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker"002cb7c0:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker"
002cb7d0:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz002cb7d0:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz
002cb7e0:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co002cb7e0:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co
002cb7f0:·6e74·6169·6e65·7222·5d0a·2020·7461·6773··ntainer"].··tags002cb7f0:·6e74·6169·6e65·7222·5d0a·2020·7461·6773··ntainer"].··tags
002cb800:·3a0a·2020·2d20·434a·4953·2d35·2e35·2e32··:.··-·CJIS-5.5.2002cb800:·3a0a·2020·2d20·434a·4953·2d35·2e35·2e32··:.··-·CJIS-5.5.2
Offset 183184, 22 lines modifiedOffset 183184, 22 lines modified
002cb8f0:·0a0a·2d20·6e61·6d65·3a20·456e·7375·7265··..-·name:·Ensure002cb8f0:·0a0a·2d20·6e61·6d65·3a20·456e·7375·7265··..-·name:·Ensure
Max diff block lines reached; 49966/59240 bytes (84.35%) of diff not shown.
18.7 KB
html2text {}
    
Offset 58, 15 lines modifiedOffset 58, 15 lines modified
58 ··············Server58 ··············Server
59 Profile·ID····xccdf_org.ssgproject.content_profile_cis59 Profile·ID····xccdf_org.ssgproject.content_profile_cis
60 ***·CPE·Platforms·***60 ***·CPE·Platforms·***
61 ····*·cpe:/o:redhat:enterprise_linux:961 ····*·cpe:/o:redhat:enterprise_linux:9
62 ····*·cpe:/o:centos:centos:962 ····*·cpe:/o:centos:centos:9
63 *****·Revision·History·*****63 *****·Revision·History·*****
64 Current·version:·0.1.6564 Current·version:·0.1.65
65 ····*·draft·(as·of·2024-01-14)65 ····*·draft·(as·of·2025-02-15)
66 *****·Table·of·Contents·*****66 *****·Table·of·Contents·*****
67 ···1.·System_Settings67 ···1.·System_Settings
68 ·········1.·Installing_and_Maintaining_Software68 ·········1.·Installing_and_Maintaining_Software
69 ·········2.·Account_and_Access_Control69 ·········2.·Account_and_Access_Control
70 ·········3.·System_Accounting_with_auditd70 ·········3.·System_Accounting_with_auditd
71 ·········4.·GRUB2_bootloader_configuration71 ·········4.·GRUB2_bootloader_configuration
72 ·········5.·Configure_Syslog72 ·········5.·Configure_Syslog
Offset 41250, 16 lines modifiedOffset 41250, 16 lines modified
41250 ··-·no_reboot_needed41250 ··-·no_reboot_needed
  
41251 -·name:·Test·for·existence·/boot/grub2/grub.cfg41251 -·name:·Test·for·existence·/boot/grub2/grub.cfg
41252 ··stat:41252 ··stat:
41253 ····path:·/boot/grub2/grub.cfg41253 ····path:·/boot/grub2/grub.cfg
41254 ··register:·file_exists41254 ··register:·file_exists
41255 ··when:41255 ··when:
41256 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41257 ··-·'"grub2-common"·in·ansible_facts.packages'41256 ··-·'"grub2-common"·in·ansible_facts.packages'
 41257 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
41258 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41258 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41259 ··tags:41259 ··tags:
41260 ··-·CJIS-5.5.2.241260 ··-·CJIS-5.5.2.2
41261 ··-·NIST-800-171-3.4.541261 ··-·NIST-800-171-3.4.5
41262 ··-·NIST-800-53-AC-6(1)41262 ··-·NIST-800-53-AC-6(1)
41263 ··-·NIST-800-53-CM-6(a)41263 ··-·NIST-800-53-CM-6(a)
41264 ··-·PCI-DSS-Req-7.141264 ··-·PCI-DSS-Req-7.1
Offset 41271, 16 lines modifiedOffset 41271, 16 lines modified
41271 ··-·no_reboot_needed41271 ··-·no_reboot_needed
  
41272 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg41272 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
41273 ··file:41273 ··file:
41274 ····path:·/boot/grub2/grub.cfg41274 ····path:·/boot/grub2/grub.cfg
41275 ····group:·'0'41275 ····group:·'0'
41276 ··when:41276 ··when:
41277 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41278 ··-·'"grub2-common"·in·ansible_facts.packages'41277 ··-·'"grub2-common"·in·ansible_facts.packages'
 41278 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
41279 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41279 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41280 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists41280 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
41281 ··tags:41281 ··tags:
41282 ··-·CJIS-5.5.2.241282 ··-·CJIS-5.5.2.2
41283 ··-·NIST-800-171-3.4.541283 ··-·NIST-800-171-3.4.5
41284 ··-·NIST-800-53-AC-6(1)41284 ··-·NIST-800-53-AC-6(1)
41285 ··-·NIST-800-53-CM-6(a)41285 ··-·NIST-800-53-CM-6(a)
Offset 41292, 15 lines modifiedOffset 41292, 15 lines modified
41292 ··-·medium_severity41292 ··-·medium_severity
41293 ··-·no_reboot_needed41293 ··-·no_reboot_needed
41294 Remediation_Shell_script_⇲41294 Remediation_Shell_script_⇲
41295 Complexity:·low41295 Complexity:·low
41296 Disruption:·low41296 Disruption:·low
41297 Strategy:···configure41297 Strategy:···configure
41298 #·Remediation·is·applicable·only·in·certain·platforms41298 #·Remediation·is·applicable·only·in·certain·platforms
41299 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then41299 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
41300 chgrp·0·/boot/grub2/grub.cfg41300 chgrp·0·/boot/grub2/grub.cfg
  
41301 else41301 else
41302 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'41302 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
41303 fi41303 fi
41304 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***41304 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***
Offset 41331, 16 lines modifiedOffset 41331, 16 lines modified
41331 ··-·no_reboot_needed41331 ··-·no_reboot_needed
  
41332 -·name:·Test·for·existence·/boot/grub2/user.cfg41332 -·name:·Test·for·existence·/boot/grub2/user.cfg
41333 ··stat:41333 ··stat:
41334 ····path:·/boot/grub2/user.cfg41334 ····path:·/boot/grub2/user.cfg
41335 ··register:·file_exists41335 ··register:·file_exists
41336 ··when:41336 ··when:
41337 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41338 ··-·'"grub2-common"·in·ansible_facts.packages'41337 ··-·'"grub2-common"·in·ansible_facts.packages'
 41338 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
41339 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41339 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41340 ··tags:41340 ··tags:
41341 ··-·CJIS-5.5.2.241341 ··-·CJIS-5.5.2.2
41342 ··-·NIST-800-171-3.4.541342 ··-·NIST-800-171-3.4.5
41343 ··-·NIST-800-53-AC-6(1)41343 ··-·NIST-800-53-AC-6(1)
41344 ··-·NIST-800-53-CM-6(a)41344 ··-·NIST-800-53-CM-6(a)
41345 ··-·PCI-DSS-Req-7.141345 ··-·PCI-DSS-Req-7.1
Offset 41352, 16 lines modifiedOffset 41352, 16 lines modified
41352 ··-·no_reboot_needed41352 ··-·no_reboot_needed
  
41353 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg41353 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
41354 ··file:41354 ··file:
41355 ····path:·/boot/grub2/user.cfg41355 ····path:·/boot/grub2/user.cfg
41356 ····group:·'0'41356 ····group:·'0'
41357 ··when:41357 ··when:
41358 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41359 ··-·'"grub2-common"·in·ansible_facts.packages'41358 ··-·'"grub2-common"·in·ansible_facts.packages'
 41359 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
41360 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41360 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41361 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists41361 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
41362 ··tags:41362 ··tags:
41363 ··-·CJIS-5.5.2.241363 ··-·CJIS-5.5.2.2
41364 ··-·NIST-800-171-3.4.541364 ··-·NIST-800-171-3.4.5
41365 ··-·NIST-800-53-AC-6(1)41365 ··-·NIST-800-53-AC-6(1)
41366 ··-·NIST-800-53-CM-6(a)41366 ··-·NIST-800-53-CM-6(a)
Offset 41373, 15 lines modifiedOffset 41373, 15 lines modified
41373 ··-·medium_severity41373 ··-·medium_severity
41374 ··-·no_reboot_needed41374 ··-·no_reboot_needed
41375 Remediation_Shell_script_⇲41375 Remediation_Shell_script_⇲
41376 Complexity:·low41376 Complexity:·low
41377 Disruption:·low41377 Disruption:·low
41378 Strategy:···configure41378 Strategy:···configure
41379 #·Remediation·is·applicable·only·in·certain·platforms41379 #·Remediation·is·applicable·only·in·certain·platforms
41380 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then41380 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
41381 chgrp·0·/boot/grub2/user.cfg41381 chgrp·0·/boot/grub2/user.cfg
  
41382 else41382 else
41383 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'41383 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
41384 fi41384 fi
41385 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***41385 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 41412, 16 lines modifiedOffset 41412, 16 lines modified
41412 ··-·no_reboot_needed41412 ··-·no_reboot_needed
  
41413 -·name:·Test·for·existence·/boot/grub2/grub.cfg41413 -·name:·Test·for·existence·/boot/grub2/grub.cfg
41414 ··stat:41414 ··stat:
41415 ····path:·/boot/grub2/grub.cfg41415 ····path:·/boot/grub2/grub.cfg
41416 ··register:·file_exists41416 ··register:·file_exists
41417 ··when:41417 ··when:
Max diff block lines reached; 14573/19115 bytes (76.24%) of diff not shown.
76.3 KB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-cis_server_l1.html
    
Offset 14406, 15 lines modifiedOffset 14406, 15 lines modified
00038450:·7279·3c2f·6832·3e3c·703e·4375·7272·656e··ry</h2><p>Curren00038450:·7279·3c2f·6832·3e3c·703e·4375·7272·656e··ry</h2><p>Curren
00038460:·7420·7665·7273·696f·6e3a·203c·7374·726f··t·version:·<stro00038460:·7420·7665·7273·696f·6e3a·203c·7374·726f··t·version:·<stro
00038470:·6e67·3e30·2e31·2e36·353c·2f73·7472·6f6e··ng>0.1.65</stron00038470:·6e67·3e30·2e31·2e36·353c·2f73·7472·6f6e··ng>0.1.65</stron
00038480:·673e·3c2f·703e·3c75·6c3e·3c6c·693e·3c73··g></p><ul><li><s00038480:·673e·3c2f·703e·3c75·6c3e·3c6c·693e·3c73··g></p><ul><li><s
00038490:·7472·6f6e·673e·6472·6166·743c·2f73·7472··trong>draft</str00038490:·7472·6f6e·673e·6472·6166·743c·2f73·7472··trong>draft</str
000384a0:·6f6e·673e·0a20·2020·2020·2020·2020·2020··ong>.···········000384a0:·6f6e·673e·0a20·2020·2020·2020·2020·2020··ong>.···········
000384b0:·2020·2020·2020·2020·2028·6173·206f·6620···········(as·of·000384b0:·2020·2020·2020·2020·2028·6173·206f·6620···········(as·of·
000384c0:·3230·3234·2d30·312d·3134·290a·2020·2020··2024-01-14).····000384c0:·3230·3235·2d30·322d·3135·290a·2020·2020··2025-02-15).····
000384d0:·2020·2020·2020·2020·2020·2020·3c2f·6c69··············</li000384d0:·2020·2020·2020·2020·2020·2020·3c2f·6c69··············</li
000384e0:·3e3c·2f75·6c3e·3c2f·6469·763e·3c68·323e··></ul></div><h2>000384e0:·3e3c·2f75·6c3e·3c2f·6469·763e·3c68·323e··></ul></div><h2>
000384f0:·5461·626c·6520·6f66·2043·6f6e·7465·6e74··Table·of·Content000384f0:·5461·626c·6520·6f66·2043·6f6e·7465·6e74··Table·of·Content
00038500:·733c·2f68·323e·3c6f·6c3e·3c6c·693e·3c61··s</h2><ol><li><a00038500:·733c·2f68·323e·3c6f·6c3e·3c6c·693e·3c61··s</h2><ol><li><a
00038510:·2068·7265·663d·2223·7863·6364·665f·6f72···href="#xccdf_or00038510:·2068·7265·663d·2223·7863·6364·665f·6f72···href="#xccdf_or
00038520:·672e·7373·6770·726f·6a65·6374·2e63·6f6e··g.ssgproject.con00038520:·672e·7373·6770·726f·6a65·6374·2e63·6f6e··g.ssgproject.con
00038530:·7465·6e74·5f67·726f·7570·5f73·7973·7465··tent_group_syste00038530:·7465·6e74·5f67·726f·7570·5f73·7973·7465··tent_group_syste
Offset 57303, 22 lines modifiedOffset 57303, 22 lines modified
000dfd60:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis000dfd60:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis
000dfd70:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub000dfd70:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub
000dfd80:·322f·6772·7562·2e63·6667·0a20·2073·7461··2/grub.cfg.··sta000dfd80:·322f·6772·7562·2e63·6667·0a20·2073·7461··2/grub.cfg.··sta
000dfd90:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo000dfd90:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo
000dfda0:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf000dfda0:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
000dfdb0:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi000dfdb0:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi
000dfdc0:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when000dfdc0:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when
000dfdd0:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef 
000dfde0:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl 
000dfdf0:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a 
000dfe00:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount" 
000dfe10:·2920·7c20·6c69·7374·270a·2020·2d20·2722··)·|·list'.··-·'" 
000dfe20:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in 
000dfe30:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
000dfe40:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans000dfdd0:·3a0a·2020·2d20·2722·6772·7562·322d·636f··:.··-·'"grub2-co
 000dfde0:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible
 000dfdf0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 000dfe00:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi
 000dfe10:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible
 000dfe20:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at
 000dfe30:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount")
 000dfe40:·207c·206c·6973·7427·0a20·202d·2061·6e73···|·list'.··-·ans
000dfe50:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat000dfe50:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
000dfe60:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·000dfe60:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
000dfe70:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"000dfe70:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
000dfe80:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod000dfe80:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
000dfe90:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container000dfe90:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
000dfea0:·225d·0a20·2074·6167·733a·0a20·202d·2043··"].··tags:.··-·C000dfea0:·225d·0a20·2074·6167·733a·0a20·202d·2043··"].··tags:.··-·C
000dfeb0:·4a49·532d·352e·352e·322e·320a·2020·2d20··JIS-5.5.2.2.··-·000dfeb0:·4a49·532d·352e·352e·322e·320a·2020·2d20··JIS-5.5.2.2.··-·
Offset 57339, 22 lines modifiedOffset 57339, 22 lines modified
000dffa0:·6d65·3a20·456e·7375·7265·2067·726f·7570··me:·Ensure·group000dffa0:·6d65·3a20·456e·7375·7265·2067·726f·7570··me:·Ensure·group
000dffb0:·206f·776e·6572·2030·206f·6e20·2f62·6f6f···owner·0·on·/boo000dffb0:·206f·776e·6572·2030·206f·6e20·2f62·6f6f···owner·0·on·/boo
000dffc0:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg000dffc0:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg
000dffd0:·0a20·2066·696c·653a·0a20·2020·2070·6174··.··file:.····pat000dffd0:·0a20·2066·696c·653a·0a20·2020·2070·6174··.··file:.····pat
000dffe0:·683a·202f·626f·6f74·2f67·7275·6232·2f67··h:·/boot/grub2/g000dffe0:·683a·202f·626f·6f74·2f67·7275·6232·2f67··h:·/boot/grub2/g
000dfff0:·7275·622e·6366·670a·2020·2020·6772·6f75··rub.cfg.····grou000dfff0:·7275·622e·6366·670a·2020·2020·6772·6f75··rub.cfg.····grou
000e0000:·703a·2027·3027·0a20·2077·6865·6e3a·0a20··p:·'0'.··when:.·000e0000:·703a·2027·3027·0a20·2077·6865·6e3a·0a20··p:·'0'.··when:.·
000e0010:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"· 
000e0020:·6e6f·7420·696e·2061·6e73·6962·6c65·5f6d··not·in·ansible_m 
000e0030:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr 
000e0040:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·| 
000e0050:·206c·6973·7427·0a20·202d·2027·2267·7275···list'.··-·'"gru 
000e0060:·6232·2d63·6f6d·6d6f·6e22·2069·6e20·616e··b2-common"·in·an 
000e0070:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack000e0010:·202d·2027·2267·7275·6232·2d63·6f6d·6d6f···-·'"grub2-commo
 000e0020:·6e22·2069·6e20·616e·7369·626c·655f·6661··n"·in·ansible_fa
 000e0030:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
 000e0040:·2d20·2722·2f62·6f6f·742f·6566·6922·206e··-·'"/boot/efi"·n
 000e0050:·6f74·2069·6e20·616e·7369·626c·655f·6d6f··ot·in·ansible_mo
 000e0060:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri
 000e0070:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|·
000e0080:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl000e0080:·6c69·7374·270a·2020·2d20·616e·7369·626c··list'.··-·ansibl
000e0090:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization000e0090:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
000e00a0:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d000e00a0:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
000e00b0:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"000e00b0:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
000e00c0:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman000e00c0:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
000e00d0:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].000e00d0:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].
000e00e0:·2020·2d20·6669·6c65·5f65·7869·7374·732e····-·file_exists.000e00e0:·2020·2d20·6669·6c65·5f65·7869·7374·732e····-·file_exists.
000e00f0:·7374·6174·2069·7320·6465·6669·6e65·6420··stat·is·defined·000e00f0:·7374·6174·2069·7320·6465·6669·6e65·6420··stat·is·defined·
Offset 57404, 19 lines modifiedOffset 57404, 19 lines modified
000e03b0:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate000e03b0:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate
000e03c0:·6779·3a3c·2f74·683e·3c74·643e·636f·6e66··gy:</th><td>conf000e03c0:·6779·3a3c·2f74·683e·3c74·643e·636f·6e66··gy:</th><td>conf
000e03d0:·6967·7572·653c·2f74·643e·3c2f·7472·3e3c··igure</td></tr><000e03d0:·6967·7572·653c·2f74·643e·3c2f·7472·3e3c··igure</td></tr><
000e03e0:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod000e03e0:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod
000e03f0:·653e·2320·5265·6d65·6469·6174·696f·6e20··e>#·Remediation·000e03f0:·653e·2320·5265·6d65·6469·6174·696f·6e20··e>#·Remediation·
000e0400:·6973·2061·7070·6c69·6361·626c·6520·6f6e··is·applicable·on000e0400:·6973·2061·7070·6c69·6361·626c·6520·6f6e··is·applicable·on
000e0410:·6c79·2069·6e20·6365·7274·6169·6e20·706c··ly·in·certain·pl000e0410:·6c79·2069·6e20·6365·7274·6169·6e20·706c··ly·in·certain·pl
000e0420:·6174·666f·726d·730a·6966·205b·2021·202d··atforms.if·[·!·-000e0420:·6174·666f·726d·730a·6966·2072·706d·202d··atforms.if·rpm·-
000e0430:·6620·2f73·7973·2f66·6972·6d77·6172·652f··f·/sys/firmware/ 
000e0440:·6566·6920·5d20·2661·6d70·3b26·616d·703b··efi·]·&amp;&amp; 
000e0450:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q· 
000e0460:·6772·7562·322d·636f·6d6d·6f6e·2026·616d··grub2-common·&am000e0430:·2d71·7569·6574·202d·7120·6772·7562·322d··-quiet·-q·grub2-
 000e0440:·636f·6d6d·6f6e·2026·616d·703b·2661·6d70··common·&amp;&amp
 000e0450:·3b20·5b20·2120·2d66·202f·7379·732f·6669··;·[·!·-f·/sys/fi
 000e0460:·726d·7761·7265·2f65·6669·205d·2026·616d··rmware/efi·]·&am
000e0470:·703b·2661·6d70·3b20·7b20·5b20·2120·2d66··p;&amp;·{·[·!·-f000e0470:·703b·2661·6d70·3b20·7b20·5b20·2120·2d66··p;&amp;·{·[·!·-f
000e0480:·202f·2e64·6f63·6b65·7265·6e76·205d·2026···/.dockerenv·]·&000e0480:·202f·2e64·6f63·6b65·7265·6e76·205d·2026···/.dockerenv·]·&
000e0490:·616d·703b·2661·6d70·3b20·5b20·2120·2d66··amp;&amp;·[·!·-f000e0490:·616d·703b·2661·6d70·3b20·5b20·2120·2d66··amp;&amp;·[·!·-f
000e04a0:·202f·7275·6e2f·2e63·6f6e·7461·696e·6572···/run/.container000e04a0:·202f·7275·6e2f·2e63·6f6e·7461·696e·6572···/run/.container
000e04b0:·656e·7620·5d3b·207d·3b20·7468·656e·0a0a··env·];·};·then..000e04b0:·656e·7620·5d3b·207d·3b20·7468·656e·0a0a··env·];·};·then..
000e04c0:·6368·6772·7020·3020·2f62·6f6f·742f·6772··chgrp·0·/boot/gr000e04c0:·6368·6772·7020·3020·2f62·6f6f·742f·6772··chgrp·0·/boot/gr
000e04d0:·7562·322f·6772·7562·2e63·6667·0a0a·656c··ub2/grub.cfg..el000e04d0:·7562·322f·6772·7562·2e63·6667·0a0a·656c··ub2/grub.cfg..el
Offset 57902, 22 lines modifiedOffset 57902, 22 lines modified
000e22d0:·5465·7374·2066·6f72·2065·7869·7374·656e··Test·for·existen000e22d0:·5465·7374·2066·6f72·2065·7869·7374·656e··Test·for·existen
000e22e0:·6365·202f·626f·6f74·2f67·7275·6232·2f75··ce·/boot/grub2/u000e22e0:·6365·202f·626f·6f74·2f67·7275·6232·2f75··ce·/boot/grub2/u
000e22f0:·7365·722e·6366·670a·2020·7374·6174·3a0a··ser.cfg.··stat:.000e22f0:·7365·722e·6366·670a·2020·7374·6174·3a0a··ser.cfg.··stat:.
000e2300:·2020·2020·7061·7468·3a20·2f62·6f6f·742f······path:·/boot/000e2300:·2020·2020·7061·7468·3a20·2f62·6f6f·742f······path:·/boot/
000e2310:·6772·7562·322f·7573·6572·2e63·6667·0a20··grub2/user.cfg.·000e2310:·6772·7562·322f·7573·6572·2e63·6667·0a20··grub2/user.cfg.·
000e2320:·2072·6567·6973·7465·723a·2066·696c·655f···register:·file_000e2320:·2072·6567·6973·7465·723a·2066·696c·655f···register:·file_
000e2330:·6578·6973·7473·0a20·2077·6865·6e3a·0a20··exists.··when:.·000e2330:·6578·6973·7473·0a20·2077·6865·6e3a·0a20··exists.··when:.·
000e2340:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"· 
000e2350:·6e6f·7420·696e·2061·6e73·6962·6c65·5f6d··not·in·ansible_m 
000e2360:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr 
000e2370:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·| 
000e2380:·206c·6973·7427·0a20·202d·2027·2267·7275···list'.··-·'"gru 
000e2390:·6232·2d63·6f6d·6d6f·6e22·2069·6e20·616e··b2-common"·in·an 
000e23a0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack000e2340:·202d·2027·2267·7275·6232·2d63·6f6d·6d6f···-·'"grub2-commo
 000e2350:·6e22·2069·6e20·616e·7369·626c·655f·6661··n"·in·ansible_fa
 000e2360:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
 000e2370:·2d20·2722·2f62·6f6f·742f·6566·6922·206e··-·'"/boot/efi"·n
 000e2380:·6f74·2069·6e20·616e·7369·626c·655f·6d6f··ot·in·ansible_mo
 000e2390:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri
 000e23a0:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|·
000e23b0:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl000e23b0:·6c69·7374·270a·2020·2d20·616e·7369·626c··list'.··-·ansibl
000e23c0:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization000e23c0:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
000e23d0:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d000e23d0:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
000e23e0:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"000e23e0:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
000e23f0:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman000e23f0:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
000e2400:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].000e2400:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].
000e2410:·2020·7461·6773·3a0a·2020·2d20·434a·4953····tags:.··-·CJIS000e2410:·2020·7461·6773·3a0a·2020·2d20·434a·4953····tags:.··-·CJIS
000e2420:·2d35·2e35·2e32·2e32·0a20·202d·204e·4953··-5.5.2.2.··-·NIS000e2420:·2d35·2e35·2e32·2e32·0a20·202d·204e·4953··-5.5.2.2.··-·NIS
Offset 57938, 21 lines modifiedOffset 57938, 21 lines modified
Max diff block lines reached; 49778/58904 bytes (84.51%) of diff not shown.
18.6 KB
html2text {}
    
Offset 58, 15 lines modifiedOffset 58, 15 lines modified
58 ··············Server58 ··············Server
59 Profile·ID····xccdf_org.ssgproject.content_profile_cis_server_l159 Profile·ID····xccdf_org.ssgproject.content_profile_cis_server_l1
60 ***·CPE·Platforms·***60 ***·CPE·Platforms·***
61 ····*·cpe:/o:redhat:enterprise_linux:961 ····*·cpe:/o:redhat:enterprise_linux:9
62 ····*·cpe:/o:centos:centos:962 ····*·cpe:/o:centos:centos:9
63 *****·Revision·History·*****63 *****·Revision·History·*****
64 Current·version:·0.1.6564 Current·version:·0.1.65
65 ····*·draft·(as·of·2024-01-14)65 ····*·draft·(as·of·2025-02-15)
66 *****·Table·of·Contents·*****66 *****·Table·of·Contents·*****
67 ···1.·System_Settings67 ···1.·System_Settings
68 ·········1.·Installing_and_Maintaining_Software68 ·········1.·Installing_and_Maintaining_Software
69 ·········2.·Account_and_Access_Control69 ·········2.·Account_and_Access_Control
70 ·········3.·GRUB2_bootloader_configuration70 ·········3.·GRUB2_bootloader_configuration
71 ·········4.·Configure_Syslog71 ·········4.·Configure_Syslog
72 ·········5.·Network_Configuration_and_Firewalls72 ·········5.·Network_Configuration_and_Firewalls
Offset 7757, 16 lines modifiedOffset 7757, 16 lines modified
7757 ··-·no_reboot_needed7757 ··-·no_reboot_needed
  
7758 -·name:·Test·for·existence·/boot/grub2/grub.cfg7758 -·name:·Test·for·existence·/boot/grub2/grub.cfg
7759 ··stat:7759 ··stat:
7760 ····path:·/boot/grub2/grub.cfg7760 ····path:·/boot/grub2/grub.cfg
7761 ··register:·file_exists7761 ··register:·file_exists
7762 ··when:7762 ··when:
7763 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
7764 ··-·'"grub2-common"·in·ansible_facts.packages'7763 ··-·'"grub2-common"·in·ansible_facts.packages'
 7764 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
7765 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]7765 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7766 ··tags:7766 ··tags:
7767 ··-·CJIS-5.5.2.27767 ··-·CJIS-5.5.2.2
7768 ··-·NIST-800-171-3.4.57768 ··-·NIST-800-171-3.4.5
7769 ··-·NIST-800-53-AC-6(1)7769 ··-·NIST-800-53-AC-6(1)
7770 ··-·NIST-800-53-CM-6(a)7770 ··-·NIST-800-53-CM-6(a)
7771 ··-·PCI-DSS-Req-7.17771 ··-·PCI-DSS-Req-7.1
Offset 7778, 16 lines modifiedOffset 7778, 16 lines modified
7778 ··-·no_reboot_needed7778 ··-·no_reboot_needed
  
7779 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg7779 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
7780 ··file:7780 ··file:
7781 ····path:·/boot/grub2/grub.cfg7781 ····path:·/boot/grub2/grub.cfg
7782 ····group:·'0'7782 ····group:·'0'
7783 ··when:7783 ··when:
7784 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
7785 ··-·'"grub2-common"·in·ansible_facts.packages'7784 ··-·'"grub2-common"·in·ansible_facts.packages'
 7785 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
7786 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]7786 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7787 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists7787 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
7788 ··tags:7788 ··tags:
7789 ··-·CJIS-5.5.2.27789 ··-·CJIS-5.5.2.2
7790 ··-·NIST-800-171-3.4.57790 ··-·NIST-800-171-3.4.5
7791 ··-·NIST-800-53-AC-6(1)7791 ··-·NIST-800-53-AC-6(1)
7792 ··-·NIST-800-53-CM-6(a)7792 ··-·NIST-800-53-CM-6(a)
Offset 7799, 15 lines modifiedOffset 7799, 15 lines modified
7799 ··-·medium_severity7799 ··-·medium_severity
7800 ··-·no_reboot_needed7800 ··-·no_reboot_needed
7801 Remediation_Shell_script_⇲7801 Remediation_Shell_script_⇲
7802 Complexity:·low7802 Complexity:·low
7803 Disruption:·low7803 Disruption:·low
7804 Strategy:···configure7804 Strategy:···configure
7805 #·Remediation·is·applicable·only·in·certain·platforms7805 #·Remediation·is·applicable·only·in·certain·platforms
7806 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then7806 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
7807 chgrp·0·/boot/grub2/grub.cfg7807 chgrp·0·/boot/grub2/grub.cfg
  
7808 else7808 else
7809 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'7809 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
7810 fi7810 fi
7811 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***7811 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***
Offset 7838, 16 lines modifiedOffset 7838, 16 lines modified
7838 ··-·no_reboot_needed7838 ··-·no_reboot_needed
  
7839 -·name:·Test·for·existence·/boot/grub2/user.cfg7839 -·name:·Test·for·existence·/boot/grub2/user.cfg
7840 ··stat:7840 ··stat:
7841 ····path:·/boot/grub2/user.cfg7841 ····path:·/boot/grub2/user.cfg
7842 ··register:·file_exists7842 ··register:·file_exists
7843 ··when:7843 ··when:
7844 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
7845 ··-·'"grub2-common"·in·ansible_facts.packages'7844 ··-·'"grub2-common"·in·ansible_facts.packages'
 7845 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
7846 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]7846 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7847 ··tags:7847 ··tags:
7848 ··-·CJIS-5.5.2.27848 ··-·CJIS-5.5.2.2
7849 ··-·NIST-800-171-3.4.57849 ··-·NIST-800-171-3.4.5
7850 ··-·NIST-800-53-AC-6(1)7850 ··-·NIST-800-53-AC-6(1)
7851 ··-·NIST-800-53-CM-6(a)7851 ··-·NIST-800-53-CM-6(a)
7852 ··-·PCI-DSS-Req-7.17852 ··-·PCI-DSS-Req-7.1
Offset 7859, 16 lines modifiedOffset 7859, 16 lines modified
7859 ··-·no_reboot_needed7859 ··-·no_reboot_needed
  
7860 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg7860 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
7861 ··file:7861 ··file:
7862 ····path:·/boot/grub2/user.cfg7862 ····path:·/boot/grub2/user.cfg
7863 ····group:·'0'7863 ····group:·'0'
7864 ··when:7864 ··when:
7865 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
7866 ··-·'"grub2-common"·in·ansible_facts.packages'7865 ··-·'"grub2-common"·in·ansible_facts.packages'
 7866 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
7867 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]7867 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7868 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists7868 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
7869 ··tags:7869 ··tags:
7870 ··-·CJIS-5.5.2.27870 ··-·CJIS-5.5.2.2
7871 ··-·NIST-800-171-3.4.57871 ··-·NIST-800-171-3.4.5
7872 ··-·NIST-800-53-AC-6(1)7872 ··-·NIST-800-53-AC-6(1)
7873 ··-·NIST-800-53-CM-6(a)7873 ··-·NIST-800-53-CM-6(a)
Offset 7880, 15 lines modifiedOffset 7880, 15 lines modified
7880 ··-·medium_severity7880 ··-·medium_severity
7881 ··-·no_reboot_needed7881 ··-·no_reboot_needed
7882 Remediation_Shell_script_⇲7882 Remediation_Shell_script_⇲
7883 Complexity:·low7883 Complexity:·low
7884 Disruption:·low7884 Disruption:·low
7885 Strategy:···configure7885 Strategy:···configure
7886 #·Remediation·is·applicable·only·in·certain·platforms7886 #·Remediation·is·applicable·only·in·certain·platforms
7887 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then7887 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
7888 chgrp·0·/boot/grub2/user.cfg7888 chgrp·0·/boot/grub2/user.cfg
  
7889 else7889 else
7890 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'7890 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
7891 fi7891 fi
7892 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***7892 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 7919, 16 lines modifiedOffset 7919, 16 lines modified
7919 ··-·no_reboot_needed7919 ··-·no_reboot_needed
  
7920 -·name:·Test·for·existence·/boot/grub2/grub.cfg7920 -·name:·Test·for·existence·/boot/grub2/grub.cfg
7921 ··stat:7921 ··stat:
7922 ····path:·/boot/grub2/grub.cfg7922 ····path:·/boot/grub2/grub.cfg
7923 ··register:·file_exists7923 ··register:·file_exists
7924 ··when:7924 ··when:
Max diff block lines reached; 14527/19071 bytes (76.17%) of diff not shown.
76.6 KB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-cis_workstation_l1.html
    
Offset 14407, 15 lines modifiedOffset 14407, 15 lines modified
00038460:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current00038460:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current
00038470:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron00038470:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron
00038480:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong00038480:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong
00038490:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st00038490:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st
000384a0:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro000384a0:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro
000384b0:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············000384b0:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············
000384c0:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·2000384c0:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·2
000384d0:·3032·342d·3031·2d31·3429·0a20·2020·2020··024-01-14).·····000384d0:·3032·352d·3032·2d31·3529·0a20·2020·2020··025-02-15).·····
000384e0:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>000384e0:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>
000384f0:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T000384f0:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T
00038500:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents00038500:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents
00038510:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·00038510:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·
00038520:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org00038520:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org
00038530:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont00038530:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont
00038540:·656e·745f·6772·6f75·705f·7379·7374·656d··ent_group_system00038540:·656e·745f·6772·6f75·705f·7379·7374·656d··ent_group_system
Offset 57299, 22 lines modifiedOffset 57299, 22 lines modified
000dfd20:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc000dfd20:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc
000dfd30:·6520·2f62·6f6f·742f·6772·7562·322f·6772··e·/boot/grub2/gr000dfd30:·6520·2f62·6f6f·742f·6772·7562·322f·6772··e·/boot/grub2/gr
000dfd40:·7562·2e63·6667·0a20·2073·7461·743a·0a20··ub.cfg.··stat:.·000dfd40:·7562·2e63·6667·0a20·2073·7461·743a·0a20··ub.cfg.··stat:.·
000dfd50:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g000dfd50:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g
000dfd60:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··000dfd60:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··
000dfd70:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e000dfd70:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e
000dfd80:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··000dfd80:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··
000dfd90:·2d20·2722·2f62·6f6f·742f·6566·6922·206e··-·'"/boot/efi"·n 
000dfda0:·6f74·2069·6e20·616e·7369·626c·655f·6d6f··ot·in·ansible_mo 
000dfdb0:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri 
000dfdc0:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|· 
000dfdd0:·6c69·7374·270a·2020·2d20·2722·6772·7562··list'.··-·'"grub 
000dfde0:·322d·636f·6d6d·6f6e·2220·696e·2061·6e73··2-common"·in·ans 
000dfdf0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa000dfd90:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common
 000dfda0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
 000dfdb0:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-
 000dfdc0:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no
 000dfdd0:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou
 000dfde0:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib
 000dfdf0:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l
000dfe00:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible000dfe00:·6973·7427·0a20·202d·2061·6e73·6962·6c65··ist'.··-·ansible
000dfe10:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_000dfe10:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
000dfe20:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do000dfe20:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
000dfe30:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o000dfe30:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
000dfe40:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"000dfe40:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
000dfe50:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·000dfe50:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
000dfe60:·2074·6167·733a·0a20·202d·2043·4a49·532d···tags:.··-·CJIS-000dfe60:·2074·6167·733a·0a20·202d·2043·4a49·532d···tags:.··-·CJIS-
000dfe70:·352e·352e·322e·320a·2020·2d20·4e49·5354··5.5.2.2.··-·NIST000dfe70:·352e·352e·322e·320a·2020·2d20·4e49·5354··5.5.2.2.··-·NIST
Offset 57335, 21 lines modifiedOffset 57335, 21 lines modified
000dff60:·456e·7375·7265·2067·726f·7570·206f·776e··Ensure·group·own000dff60:·456e·7375·7265·2067·726f·7570·206f·776e··Ensure·group·own
000dff70:·6572·2030·206f·6e20·2f62·6f6f·742f·6772··er·0·on·/boot/gr000dff70:·6572·2030·206f·6e20·2f62·6f6f·742f·6772··er·0·on·/boot/gr
000dff80:·7562·322f·6772·7562·2e63·6667·0a20·2066··ub2/grub.cfg.··f000dff80:·7562·322f·6772·7562·2e63·6667·0a20·2066··ub2/grub.cfg.··f
000dff90:·696c·653a·0a20·2020·2070·6174·683a·202f··ile:.····path:·/000dff90:·696c·653a·0a20·2020·2070·6174·683a·202f··ile:.····path:·/
000dffa0:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.000dffa0:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
000dffb0:·6366·670a·2020·2020·6772·6f75·703a·2027··cfg.····group:·'000dffb0:·6366·670a·2020·2020·6772·6f75·703a·2027··cfg.····group:·'
000dffc0:·3027·0a20·2077·6865·6e3a·0a20·202d·2027··0'.··when:.··-·'000dffc0:·3027·0a20·2077·6865·6e3a·0a20·202d·2027··0'.··when:.··-·'
000dffd0:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not· 
000dffe0:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount 
000dfff0:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut 
000e0000:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis 
000e0010:·7427·0a20·202d·2027·2267·7275·6232·2d63··t'.··-·'"grub2-c 
000e0020:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl 
000e0030:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages000dffd0:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i
 000dffe0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
 000dfff0:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'"
 000e0000:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i
 000e0010:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts
 000e0020:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute
 000e0030:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list
000e0040:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi000e0040:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
000e0050:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ000e0050:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
000e0060:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke000e0060:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
000e0070:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open000e0070:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
000e0080:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"000e0080:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
000e0090:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·000e0090:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·
000e00a0:·6669·6c65·5f65·7869·7374·732e·7374·6174··file_exists.stat000e00a0:·6669·6c65·5f65·7869·7374·732e·7374·6174··file_exists.stat
Offset 57400, 19 lines modifiedOffset 57400, 19 lines modified
000e0370:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<000e0370:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<
000e0380:·2f74·683e·3c74·643e·636f·6e66·6967·7572··/th><td>configur000e0380:·2f74·683e·3c74·643e·636f·6e66·6967·7572··/th><td>configur
000e0390:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab000e0390:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab
000e03a0:·6c65·3e3c·7072·653e·3c63·6f64·653e·2320··le><pre><code>#·000e03a0:·6c65·3e3c·7072·653e·3c63·6f64·653e·2320··le><pre><code>#·
000e03b0:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a000e03b0:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a
000e03c0:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i000e03c0:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i
000e03d0:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo000e03d0:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo
000e03e0:·726d·730a·6966·205b·2021·202d·6620·2f73··rms.if·[·!·-f·/s 
000e03f0:·7973·2f66·6972·6d77·6172·652f·6566·6920··ys/firmware/efi· 
000e0400:·5d20·2661·6d70·3b26·616d·703b·2072·706d··]·&amp;&amp;·rpm 
000e0410:·202d·2d71·7569·6574·202d·7120·6772·7562···--quiet·-q·grub 
000e0420:·322d·636f·6d6d·6f6e·2026·616d·703b·2661··2-common·&amp;&a000e03e0:·726d·730a·6966·2072·706d·202d·2d71·7569··rms.if·rpm·--qui
 000e03f0:·6574·202d·7120·6772·7562·322d·636f·6d6d··et·-q·grub2-comm
 000e0400:·6f6e·2026·616d·703b·2661·6d70·3b20·5b20··on·&amp;&amp;·[·
 000e0410:·2120·2d66·202f·7379·732f·6669·726d·7761··!·-f·/sys/firmwa
 000e0420:·7265·2f65·6669·205d·2026·616d·703b·2661··re/efi·]·&amp;&a
000e0430:·6d70·3b20·7b20·5b20·2120·2d66·202f·2e64··mp;·{·[·!·-f·/.d000e0430:·6d70·3b20·7b20·5b20·2120·2d66·202f·2e64··mp;·{·[·!·-f·/.d
000e0440:·6f63·6b65·7265·6e76·205d·2026·616d·703b··ockerenv·]·&amp;000e0440:·6f63·6b65·7265·6e76·205d·2026·616d·703b··ockerenv·]·&amp;
000e0450:·2661·6d70·3b20·5b20·2120·2d66·202f·7275··&amp;·[·!·-f·/ru000e0450:·2661·6d70·3b20·5b20·2120·2d66·202f·7275··&amp;·[·!·-f·/ru
000e0460:·6e2f·2e63·6f6e·7461·696e·6572·656e·7620··n/.containerenv·000e0460:·6e2f·2e63·6f6e·7461·696e·6572·656e·7620··n/.containerenv·
000e0470:·5d3b·207d·3b20·7468·656e·0a0a·6368·6772··];·};·then..chgr000e0470:·5d3b·207d·3b20·7468·656e·0a0a·6368·6772··];·};·then..chgr
000e0480:·7020·3020·2f62·6f6f·742f·6772·7562·322f··p·0·/boot/grub2/000e0480:·7020·3020·2f62·6f6f·742f·6772·7562·322f··p·0·/boot/grub2/
000e0490:·6772·7562·2e63·6667·0a0a·656c·7365·0a20··grub.cfg..else.·000e0490:·6772·7562·2e63·6667·0a0a·656c·7365·0a20··grub.cfg..else.·
Offset 57898, 21 lines modifiedOffset 57898, 21 lines modified
000e2290:·2066·6f72·2065·7869·7374·656e·6365·202f···for·existence·/000e2290:·2066·6f72·2065·7869·7374·656e·6365·202f···for·existence·/
000e22a0:·626f·6f74·2f67·7275·6232·2f75·7365·722e··boot/grub2/user.000e22a0:·626f·6f74·2f67·7275·6232·2f75·7365·722e··boot/grub2/user.
000e22b0:·6366·670a·2020·7374·6174·3a0a·2020·2020··cfg.··stat:.····000e22b0:·6366·670a·2020·7374·6174·3a0a·2020·2020··cfg.··stat:.····
000e22c0:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub000e22c0:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub
000e22d0:·322f·7573·6572·2e63·6667·0a20·2072·6567··2/user.cfg.··reg000e22d0:·322f·7573·6572·2e63·6667·0a20·2072·6567··2/user.cfg.··reg
000e22e0:·6973·7465·723a·2066·696c·655f·6578·6973··ister:·file_exis000e22e0:·6973·7465·723a·2066·696c·655f·6578·6973··ister:·file_exis
000e22f0:·7473·0a20·2077·6865·6e3a·0a20·202d·2027··ts.··when:.··-·'000e22f0:·7473·0a20·2077·6865·6e3a·0a20·202d·2027··ts.··when:.··-·'
000e2300:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not· 
000e2310:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount 
000e2320:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut 
000e2330:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis 
000e2340:·7427·0a20·202d·2027·2267·7275·6232·2d63··t'.··-·'"grub2-c 
000e2350:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl 
000e2360:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages000e2300:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i
 000e2310:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
 000e2320:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'"
 000e2330:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i
 000e2340:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts
 000e2350:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute
 000e2360:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list
000e2370:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi000e2370:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
000e2380:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ000e2380:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
000e2390:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke000e2390:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
000e23a0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open000e23a0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
000e23b0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"000e23b0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
000e23c0:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta000e23c0:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta
000e23d0:·6773·3a0a·2020·2d20·434a·4953·2d35·2e35··gs:.··-·CJIS-5.5000e23d0:·6773·3a0a·2020·2d20·434a·4953·2d35·2e35··gs:.··-·CJIS-5.5
Offset 57933, 22 lines modifiedOffset 57933, 22 lines modified
000e24c0:·6564·0a0a·2d20·6e61·6d65·3a20·456e·7375··ed..-·name:·Ensu000e24c0:·6564·0a0a·2d20·6e61·6d65·3a20·456e·7375··ed..-·name:·Ensu
000e24d0:·7265·2067·726f·7570·206f·776e·6572·2030··re·group·owner·0000e24d0:·7265·2067·726f·7570·206f·776e·6572·2030··re·group·owner·0
Max diff block lines reached; 50123/59180 bytes (84.70%) of diff not shown.
18.7 KB
html2text {}
    
Offset 58, 15 lines modifiedOffset 58, 15 lines modified
58 ··············Workstation58 ··············Workstation
59 Profile·ID····xccdf_org.ssgproject.content_profile_cis_workstation_l159 Profile·ID····xccdf_org.ssgproject.content_profile_cis_workstation_l1
60 ***·CPE·Platforms·***60 ***·CPE·Platforms·***
61 ····*·cpe:/o:redhat:enterprise_linux:961 ····*·cpe:/o:redhat:enterprise_linux:9
62 ····*·cpe:/o:centos:centos:962 ····*·cpe:/o:centos:centos:9
63 *****·Revision·History·*****63 *****·Revision·History·*****
64 Current·version:·0.1.6564 Current·version:·0.1.65
65 ····*·draft·(as·of·2024-01-14)65 ····*·draft·(as·of·2025-02-15)
66 *****·Table·of·Contents·*****66 *****·Table·of·Contents·*****
67 ···1.·System_Settings67 ···1.·System_Settings
68 ·········1.·Installing_and_Maintaining_Software68 ·········1.·Installing_and_Maintaining_Software
69 ·········2.·Account_and_Access_Control69 ·········2.·Account_and_Access_Control
70 ·········3.·GRUB2_bootloader_configuration70 ·········3.·GRUB2_bootloader_configuration
71 ·········4.·Configure_Syslog71 ·········4.·Configure_Syslog
72 ·········5.·Network_Configuration_and_Firewalls72 ·········5.·Network_Configuration_and_Firewalls
Offset 7756, 16 lines modifiedOffset 7756, 16 lines modified
7756 ··-·no_reboot_needed7756 ··-·no_reboot_needed
  
7757 -·name:·Test·for·existence·/boot/grub2/grub.cfg7757 -·name:·Test·for·existence·/boot/grub2/grub.cfg
7758 ··stat:7758 ··stat:
7759 ····path:·/boot/grub2/grub.cfg7759 ····path:·/boot/grub2/grub.cfg
7760 ··register:·file_exists7760 ··register:·file_exists
7761 ··when:7761 ··when:
7762 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
7763 ··-·'"grub2-common"·in·ansible_facts.packages'7762 ··-·'"grub2-common"·in·ansible_facts.packages'
 7763 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
7764 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]7764 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7765 ··tags:7765 ··tags:
7766 ··-·CJIS-5.5.2.27766 ··-·CJIS-5.5.2.2
7767 ··-·NIST-800-171-3.4.57767 ··-·NIST-800-171-3.4.5
7768 ··-·NIST-800-53-AC-6(1)7768 ··-·NIST-800-53-AC-6(1)
7769 ··-·NIST-800-53-CM-6(a)7769 ··-·NIST-800-53-CM-6(a)
7770 ··-·PCI-DSS-Req-7.17770 ··-·PCI-DSS-Req-7.1
Offset 7777, 16 lines modifiedOffset 7777, 16 lines modified
7777 ··-·no_reboot_needed7777 ··-·no_reboot_needed
  
7778 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg7778 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
7779 ··file:7779 ··file:
7780 ····path:·/boot/grub2/grub.cfg7780 ····path:·/boot/grub2/grub.cfg
7781 ····group:·'0'7781 ····group:·'0'
7782 ··when:7782 ··when:
7783 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
7784 ··-·'"grub2-common"·in·ansible_facts.packages'7783 ··-·'"grub2-common"·in·ansible_facts.packages'
 7784 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
7785 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]7785 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7786 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists7786 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
7787 ··tags:7787 ··tags:
7788 ··-·CJIS-5.5.2.27788 ··-·CJIS-5.5.2.2
7789 ··-·NIST-800-171-3.4.57789 ··-·NIST-800-171-3.4.5
7790 ··-·NIST-800-53-AC-6(1)7790 ··-·NIST-800-53-AC-6(1)
7791 ··-·NIST-800-53-CM-6(a)7791 ··-·NIST-800-53-CM-6(a)
Offset 7798, 15 lines modifiedOffset 7798, 15 lines modified
7798 ··-·medium_severity7798 ··-·medium_severity
7799 ··-·no_reboot_needed7799 ··-·no_reboot_needed
7800 Remediation_Shell_script_⇲7800 Remediation_Shell_script_⇲
7801 Complexity:·low7801 Complexity:·low
7802 Disruption:·low7802 Disruption:·low
7803 Strategy:···configure7803 Strategy:···configure
7804 #·Remediation·is·applicable·only·in·certain·platforms7804 #·Remediation·is·applicable·only·in·certain·platforms
7805 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then7805 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
7806 chgrp·0·/boot/grub2/grub.cfg7806 chgrp·0·/boot/grub2/grub.cfg
  
7807 else7807 else
7808 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'7808 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
7809 fi7809 fi
7810 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***7810 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***
Offset 7837, 16 lines modifiedOffset 7837, 16 lines modified
7837 ··-·no_reboot_needed7837 ··-·no_reboot_needed
  
7838 -·name:·Test·for·existence·/boot/grub2/user.cfg7838 -·name:·Test·for·existence·/boot/grub2/user.cfg
7839 ··stat:7839 ··stat:
7840 ····path:·/boot/grub2/user.cfg7840 ····path:·/boot/grub2/user.cfg
7841 ··register:·file_exists7841 ··register:·file_exists
7842 ··when:7842 ··when:
7843 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
7844 ··-·'"grub2-common"·in·ansible_facts.packages'7843 ··-·'"grub2-common"·in·ansible_facts.packages'
 7844 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
7845 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]7845 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7846 ··tags:7846 ··tags:
7847 ··-·CJIS-5.5.2.27847 ··-·CJIS-5.5.2.2
7848 ··-·NIST-800-171-3.4.57848 ··-·NIST-800-171-3.4.5
7849 ··-·NIST-800-53-AC-6(1)7849 ··-·NIST-800-53-AC-6(1)
7850 ··-·NIST-800-53-CM-6(a)7850 ··-·NIST-800-53-CM-6(a)
7851 ··-·PCI-DSS-Req-7.17851 ··-·PCI-DSS-Req-7.1
Offset 7858, 16 lines modifiedOffset 7858, 16 lines modified
7858 ··-·no_reboot_needed7858 ··-·no_reboot_needed
  
7859 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg7859 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
7860 ··file:7860 ··file:
7861 ····path:·/boot/grub2/user.cfg7861 ····path:·/boot/grub2/user.cfg
7862 ····group:·'0'7862 ····group:·'0'
7863 ··when:7863 ··when:
7864 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
7865 ··-·'"grub2-common"·in·ansible_facts.packages'7864 ··-·'"grub2-common"·in·ansible_facts.packages'
 7865 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
7866 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]7866 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7867 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists7867 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
7868 ··tags:7868 ··tags:
7869 ··-·CJIS-5.5.2.27869 ··-·CJIS-5.5.2.2
7870 ··-·NIST-800-171-3.4.57870 ··-·NIST-800-171-3.4.5
7871 ··-·NIST-800-53-AC-6(1)7871 ··-·NIST-800-53-AC-6(1)
7872 ··-·NIST-800-53-CM-6(a)7872 ··-·NIST-800-53-CM-6(a)
Offset 7879, 15 lines modifiedOffset 7879, 15 lines modified
7879 ··-·medium_severity7879 ··-·medium_severity
7880 ··-·no_reboot_needed7880 ··-·no_reboot_needed
7881 Remediation_Shell_script_⇲7881 Remediation_Shell_script_⇲
7882 Complexity:·low7882 Complexity:·low
7883 Disruption:·low7883 Disruption:·low
7884 Strategy:···configure7884 Strategy:···configure
7885 #·Remediation·is·applicable·only·in·certain·platforms7885 #·Remediation·is·applicable·only·in·certain·platforms
7886 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then7886 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
7887 chgrp·0·/boot/grub2/user.cfg7887 chgrp·0·/boot/grub2/user.cfg
  
7888 else7888 else
7889 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'7889 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
7890 fi7890 fi
7891 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***7891 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 7918, 16 lines modifiedOffset 7918, 16 lines modified
7918 ··-·no_reboot_needed7918 ··-·no_reboot_needed
  
7919 -·name:·Test·for·existence·/boot/grub2/grub.cfg7919 -·name:·Test·for·existence·/boot/grub2/grub.cfg
7920 ··stat:7920 ··stat:
7921 ····path:·/boot/grub2/grub.cfg7921 ····path:·/boot/grub2/grub.cfg
7922 ··register:·file_exists7922 ··register:·file_exists
7923 ··when:7923 ··when:
Max diff block lines reached; 14527/19081 bytes (76.13%) of diff not shown.
76.3 KB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-cis_workstation_l2.html
    
Offset 14407, 15 lines modifiedOffset 14407, 15 lines modified
00038460:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current00038460:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current
00038470:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron00038470:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron
00038480:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong00038480:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong
00038490:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st00038490:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st
000384a0:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro000384a0:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro
000384b0:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············000384b0:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············
000384c0:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·2000384c0:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·2
000384d0:·3032·342d·3031·2d31·3429·0a20·2020·2020··024-01-14).·····000384d0:·3032·352d·3032·2d31·3529·0a20·2020·2020··025-02-15).·····
000384e0:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>000384e0:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>
000384f0:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T000384f0:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T
00038500:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents00038500:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents
00038510:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·00038510:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·
00038520:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org00038520:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org
00038530:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont00038530:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont
00038540:·656e·745f·6772·6f75·705f·7379·7374·656d··ent_group_system00038540:·656e·745f·6772·6f75·705f·7379·7374·656d··ent_group_system
Offset 182546, 22 lines modifiedOffset 182546, 22 lines modified
002c9110:·3a20·5465·7374·2066·6f72·2065·7869·7374··:·Test·for·exist002c9110:·3a20·5465·7374·2066·6f72·2065·7869·7374··:·Test·for·exist
002c9120:·656e·6365·202f·626f·6f74·2f67·7275·6232··ence·/boot/grub2002c9120:·656e·6365·202f·626f·6f74·2f67·7275·6232··ence·/boot/grub2
002c9130:·2f67·7275·622e·6366·670a·2020·7374·6174··/grub.cfg.··stat002c9130:·2f67·7275·622e·6366·670a·2020·7374·6174··/grub.cfg.··stat
002c9140:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo002c9140:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo
002c9150:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg002c9150:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg
002c9160:·0a20·2072·6567·6973·7465·723a·2066·696c··.··register:·fil002c9160:·0a20·2072·6567·6973·7465·723a·2066·696c··.··register:·fil
002c9170:·655f·6578·6973·7473·0a20·2077·6865·6e3a··e_exists.··when:002c9170:·655f·6578·6973·7473·0a20·2077·6865·6e3a··e_exists.··when:
002c9180:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi 
002c9190:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible 
002c91a0:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at 
002c91b0:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount") 
002c91c0:·207c·206c·6973·7427·0a20·202d·2027·2267···|·list'.··-·'"g 
002c91d0:·7275·6232·2d63·6f6d·6d6f·6e22·2069·6e20··rub2-common"·in· 
002c91e0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa002c9180:·0a20·202d·2027·2267·7275·6232·2d63·6f6d··.··-·'"grub2-com
 002c9190:·6d6f·6e22·2069·6e20·616e·7369·626c·655f··mon"·in·ansible_
 002c91a0:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.
 002c91b0:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi"
 002c91c0:·206e·6f74·2069·6e20·616e·7369·626c·655f···not·in·ansible_
 002c91d0:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att
 002c91e0:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")·
002c91f0:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi002c91f0:·7c20·6c69·7374·270a·2020·2d20·616e·7369··|·list'.··-·ansi
002c9200:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati002c9200:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
002c9210:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[002c9210:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
002c9220:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",002c9220:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
002c9230:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm002c9230:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
002c9240:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"002c9240:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
002c9250:·5d0a·2020·7461·6773·3a0a·2020·2d20·434a··].··tags:.··-·CJ002c9250:·5d0a·2020·7461·6773·3a0a·2020·2d20·434a··].··tags:.··-·CJ
002c9260:·4953·2d35·2e35·2e32·2e32·0a20·202d·204e··IS-5.5.2.2.··-·N002c9260:·4953·2d35·2e35·2e32·2e32·0a20·202d·204e··IS-5.5.2.2.··-·N
Offset 182582, 22 lines modifiedOffset 182582, 22 lines modified
002c9350:·653a·2045·6e73·7572·6520·6772·6f75·7020··e:·Ensure·group·002c9350:·653a·2045·6e73·7572·6520·6772·6f75·7020··e:·Ensure·group·
002c9360:·6f77·6e65·7220·3020·6f6e·202f·626f·6f74··owner·0·on·/boot002c9360:·6f77·6e65·7220·3020·6f6e·202f·626f·6f74··owner·0·on·/boot
002c9370:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.002c9370:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.
002c9380:·2020·6669·6c65·3a0a·2020·2020·7061·7468····file:.····path002c9380:·2020·6669·6c65·3a0a·2020·2020·7061·7468····file:.····path
002c9390:·3a20·2f62·6f6f·742f·6772·7562·322f·6772··:·/boot/grub2/gr002c9390:·3a20·2f62·6f6f·742f·6772·7562·322f·6772··:·/boot/grub2/gr
002c93a0:·7562·2e63·6667·0a20·2020·2067·726f·7570··ub.cfg.····group002c93a0:·7562·2e63·6667·0a20·2020·2067·726f·7570··ub.cfg.····group
002c93b0:·3a20·2730·270a·2020·7768·656e·3a0a·2020··:·'0'.··when:.··002c93b0:·3a20·2730·270a·2020·7768·656e·3a0a·2020··:·'0'.··when:.··
002c93c0:·2d20·2722·2f62·6f6f·742f·6566·6922·206e··-·'"/boot/efi"·n 
002c93d0:·6f74·2069·6e20·616e·7369·626c·655f·6d6f··ot·in·ansible_mo 
002c93e0:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri 
002c93f0:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|· 
002c9400:·6c69·7374·270a·2020·2d20·2722·6772·7562··list'.··-·'"grub 
002c9410:·322d·636f·6d6d·6f6e·2220·696e·2061·6e73··2-common"·in·ans 
002c9420:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa002c93c0:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common
 002c93d0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
 002c93e0:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-
 002c93f0:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no
 002c9400:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou
 002c9410:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib
 002c9420:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l
002c9430:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible002c9430:·6973·7427·0a20·202d·2061·6e73·6962·6c65··ist'.··-·ansible
002c9440:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_002c9440:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
002c9450:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do002c9450:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
002c9460:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o002c9460:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
002c9470:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"002c9470:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
002c9480:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·002c9480:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
002c9490:·202d·2066·696c·655f·6578·6973·7473·2e73···-·file_exists.s002c9490:·202d·2066·696c·655f·6578·6973·7473·2e73···-·file_exists.s
002c94a0:·7461·7420·6973·2064·6566·696e·6564·2061··tat·is·defined·a002c94a0:·7461·7420·6973·2064·6566·696e·6564·2061··tat·is·defined·a
Offset 182647, 19 lines modifiedOffset 182647, 19 lines modified
002c9760:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg002c9760:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg
002c9770:·793a·3c2f·7468·3e3c·7464·3e63·6f6e·6669··y:</th><td>confi002c9770:·793a·3c2f·7468·3e3c·7464·3e63·6f6e·6669··y:</th><td>confi
002c9780:·6775·7265·3c2f·7464·3e3c·2f74·723e·3c2f··gure</td></tr></002c9780:·6775·7265·3c2f·7464·3e3c·2f74·723e·3c2f··gure</td></tr></
002c9790:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code002c9790:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code
002c97a0:·3e23·2052·656d·6564·6961·7469·6f6e·2069··>#·Remediation·i002c97a0:·3e23·2052·656d·6564·6961·7469·6f6e·2069··>#·Remediation·i
002c97b0:·7320·6170·706c·6963·6162·6c65·206f·6e6c··s·applicable·onl002c97b0:·7320·6170·706c·6963·6162·6c65·206f·6e6c··s·applicable·onl
002c97c0:·7920·696e·2063·6572·7461·696e·2070·6c61··y·in·certain·pla002c97c0:·7920·696e·2063·6572·7461·696e·2070·6c61··y·in·certain·pla
002c97d0:·7466·6f72·6d73·0a69·6620·5b20·2120·2d66··tforms.if·[·!·-f002c97d0:·7466·6f72·6d73·0a69·6620·7270·6d20·2d2d··tforms.if·rpm·--
002c97e0:·202f·7379·732f·6669·726d·7761·7265·2f65···/sys/firmware/e 
002c97f0:·6669·205d·2026·616d·703b·2661·6d70·3b20··fi·]·&amp;&amp;· 
002c9800:·7270·6d20·2d2d·7175·6965·7420·2d71·2067··rpm·--quiet·-q·g 
002c9810:·7275·6232·2d63·6f6d·6d6f·6e20·2661·6d70··rub2-common·&amp002c97e0:·7175·6965·7420·2d71·2067·7275·6232·2d63··quiet·-q·grub2-c
 002c97f0:·6f6d·6d6f·6e20·2661·6d70·3b26·616d·703b··ommon·&amp;&amp;
 002c9800:·205b·2021·202d·6620·2f73·7973·2f66·6972···[·!·-f·/sys/fir
 002c9810:·6d77·6172·652f·6566·6920·5d20·2661·6d70··mware/efi·]·&amp
002c9820:·3b26·616d·703b·207b·205b·2021·202d·6620··;&amp;·{·[·!·-f·002c9820:·3b26·616d·703b·207b·205b·2021·202d·6620··;&amp;·{·[·!·-f·
002c9830:·2f2e·646f·636b·6572·656e·7620·5d20·2661··/.dockerenv·]·&a002c9830:·2f2e·646f·636b·6572·656e·7620·5d20·2661··/.dockerenv·]·&a
002c9840:·6d70·3b26·616d·703b·205b·2021·202d·6620··mp;&amp;·[·!·-f·002c9840:·6d70·3b26·616d·703b·205b·2021·202d·6620··mp;&amp;·[·!·-f·
002c9850:·2f72·756e·2f2e·636f·6e74·6169·6e65·7265··/run/.containere002c9850:·2f72·756e·2f2e·636f·6e74·6169·6e65·7265··/run/.containere
002c9860:·6e76·205d·3b20·7d3b·2074·6865·6e0a·0a63··nv·];·};·then..c002c9860:·6e76·205d·3b20·7d3b·2074·6865·6e0a·0a63··nv·];·};·then..c
002c9870:·6867·7270·2030·202f·626f·6f74·2f67·7275··hgrp·0·/boot/gru002c9870:·6867·7270·2030·202f·626f·6f74·2f67·7275··hgrp·0·/boot/gru
002c9880:·6232·2f67·7275·622e·6366·670a·0a65·6c73··b2/grub.cfg..els002c9880:·6232·2f67·7275·622e·6366·670a·0a65·6c73··b2/grub.cfg..els
Offset 183145, 22 lines modifiedOffset 183145, 22 lines modified
002cb680:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc002cb680:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc
002cb690:·6520·2f62·6f6f·742f·6772·7562·322f·7573··e·/boot/grub2/us002cb690:·6520·2f62·6f6f·742f·6772·7562·322f·7573··e·/boot/grub2/us
002cb6a0:·6572·2e63·6667·0a20·2073·7461·743a·0a20··er.cfg.··stat:.·002cb6a0:·6572·2e63·6667·0a20·2073·7461·743a·0a20··er.cfg.··stat:.·
002cb6b0:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g002cb6b0:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g
002cb6c0:·7275·6232·2f75·7365·722e·6366·670a·2020··rub2/user.cfg.··002cb6c0:·7275·6232·2f75·7365·722e·6366·670a·2020··rub2/user.cfg.··
002cb6d0:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e002cb6d0:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e
002cb6e0:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··002cb6e0:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··
002cb6f0:·2d20·2722·2f62·6f6f·742f·6566·6922·206e··-·'"/boot/efi"·n 
002cb700:·6f74·2069·6e20·616e·7369·626c·655f·6d6f··ot·in·ansible_mo 
002cb710:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri 
002cb720:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|· 
002cb730:·6c69·7374·270a·2020·2d20·2722·6772·7562··list'.··-·'"grub 
002cb740:·322d·636f·6d6d·6f6e·2220·696e·2061·6e73··2-common"·in·ans 
002cb750:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa002cb6f0:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common
 002cb700:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
 002cb710:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-
 002cb720:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no
 002cb730:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou
 002cb740:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib
 002cb750:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l
002cb760:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible002cb760:·6973·7427·0a20·202d·2061·6e73·6962·6c65··ist'.··-·ansible
002cb770:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_002cb770:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
002cb780:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do002cb780:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
002cb790:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o002cb790:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
002cb7a0:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"002cb7a0:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
002cb7b0:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·002cb7b0:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
002cb7c0:·2074·6167·733a·0a20·202d·2043·4a49·532d···tags:.··-·CJIS-002cb7c0:·2074·6167·733a·0a20·202d·2043·4a49·532d···tags:.··-·CJIS-
002cb7d0:·352e·352e·322e·320a·2020·2d20·4e49·5354··5.5.2.2.··-·NIST002cb7d0:·352e·352e·322e·320a·2020·2d20·4e49·5354··5.5.2.2.··-·NIST
Offset 183181, 21 lines modifiedOffset 183181, 21 lines modified
002cb8c0:·6e73·7572·6520·6772·6f75·7020·6f77·6e65··nsure·group·owne002cb8c0:·6e73·7572·6520·6772·6f75·7020·6f77·6e65··nsure·group·owne
Max diff block lines reached; 49552/58826 bytes (84.23%) of diff not shown.
18.7 KB
html2text {}
    
Offset 58, 15 lines modifiedOffset 58, 15 lines modified
58 ··············Workstation58 ··············Workstation
59 Profile·ID····xccdf_org.ssgproject.content_profile_cis_workstation_l259 Profile·ID····xccdf_org.ssgproject.content_profile_cis_workstation_l2
60 ***·CPE·Platforms·***60 ***·CPE·Platforms·***
61 ····*·cpe:/o:redhat:enterprise_linux:961 ····*·cpe:/o:redhat:enterprise_linux:9
62 ····*·cpe:/o:centos:centos:962 ····*·cpe:/o:centos:centos:9
63 *****·Revision·History·*****63 *****·Revision·History·*****
64 Current·version:·0.1.6564 Current·version:·0.1.65
65 ····*·draft·(as·of·2024-01-14)65 ····*·draft·(as·of·2025-02-15)
66 *****·Table·of·Contents·*****66 *****·Table·of·Contents·*****
67 ···1.·System_Settings67 ···1.·System_Settings
68 ·········1.·Installing_and_Maintaining_Software68 ·········1.·Installing_and_Maintaining_Software
69 ·········2.·Account_and_Access_Control69 ·········2.·Account_and_Access_Control
70 ·········3.·System_Accounting_with_auditd70 ·········3.·System_Accounting_with_auditd
71 ·········4.·GRUB2_bootloader_configuration71 ·········4.·GRUB2_bootloader_configuration
72 ·········5.·Configure_Syslog72 ·········5.·Configure_Syslog
Offset 41249, 16 lines modifiedOffset 41249, 16 lines modified
41249 ··-·no_reboot_needed41249 ··-·no_reboot_needed
  
41250 -·name:·Test·for·existence·/boot/grub2/grub.cfg41250 -·name:·Test·for·existence·/boot/grub2/grub.cfg
41251 ··stat:41251 ··stat:
41252 ····path:·/boot/grub2/grub.cfg41252 ····path:·/boot/grub2/grub.cfg
41253 ··register:·file_exists41253 ··register:·file_exists
41254 ··when:41254 ··when:
41255 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41256 ··-·'"grub2-common"·in·ansible_facts.packages'41255 ··-·'"grub2-common"·in·ansible_facts.packages'
 41256 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
41257 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41257 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41258 ··tags:41258 ··tags:
41259 ··-·CJIS-5.5.2.241259 ··-·CJIS-5.5.2.2
41260 ··-·NIST-800-171-3.4.541260 ··-·NIST-800-171-3.4.5
41261 ··-·NIST-800-53-AC-6(1)41261 ··-·NIST-800-53-AC-6(1)
41262 ··-·NIST-800-53-CM-6(a)41262 ··-·NIST-800-53-CM-6(a)
41263 ··-·PCI-DSS-Req-7.141263 ··-·PCI-DSS-Req-7.1
Offset 41270, 16 lines modifiedOffset 41270, 16 lines modified
41270 ··-·no_reboot_needed41270 ··-·no_reboot_needed
  
41271 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg41271 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
41272 ··file:41272 ··file:
41273 ····path:·/boot/grub2/grub.cfg41273 ····path:·/boot/grub2/grub.cfg
41274 ····group:·'0'41274 ····group:·'0'
41275 ··when:41275 ··when:
41276 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41277 ··-·'"grub2-common"·in·ansible_facts.packages'41276 ··-·'"grub2-common"·in·ansible_facts.packages'
 41277 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
41278 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41278 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41279 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists41279 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
41280 ··tags:41280 ··tags:
41281 ··-·CJIS-5.5.2.241281 ··-·CJIS-5.5.2.2
41282 ··-·NIST-800-171-3.4.541282 ··-·NIST-800-171-3.4.5
41283 ··-·NIST-800-53-AC-6(1)41283 ··-·NIST-800-53-AC-6(1)
41284 ··-·NIST-800-53-CM-6(a)41284 ··-·NIST-800-53-CM-6(a)
Offset 41291, 15 lines modifiedOffset 41291, 15 lines modified
41291 ··-·medium_severity41291 ··-·medium_severity
41292 ··-·no_reboot_needed41292 ··-·no_reboot_needed
41293 Remediation_Shell_script_⇲41293 Remediation_Shell_script_⇲
41294 Complexity:·low41294 Complexity:·low
41295 Disruption:·low41295 Disruption:·low
41296 Strategy:···configure41296 Strategy:···configure
41297 #·Remediation·is·applicable·only·in·certain·platforms41297 #·Remediation·is·applicable·only·in·certain·platforms
41298 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then41298 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
41299 chgrp·0·/boot/grub2/grub.cfg41299 chgrp·0·/boot/grub2/grub.cfg
  
41300 else41300 else
41301 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'41301 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
41302 fi41302 fi
41303 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***41303 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***
Offset 41330, 16 lines modifiedOffset 41330, 16 lines modified
41330 ··-·no_reboot_needed41330 ··-·no_reboot_needed
  
41331 -·name:·Test·for·existence·/boot/grub2/user.cfg41331 -·name:·Test·for·existence·/boot/grub2/user.cfg
41332 ··stat:41332 ··stat:
41333 ····path:·/boot/grub2/user.cfg41333 ····path:·/boot/grub2/user.cfg
41334 ··register:·file_exists41334 ··register:·file_exists
41335 ··when:41335 ··when:
41336 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41337 ··-·'"grub2-common"·in·ansible_facts.packages'41336 ··-·'"grub2-common"·in·ansible_facts.packages'
 41337 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
41338 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41338 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41339 ··tags:41339 ··tags:
41340 ··-·CJIS-5.5.2.241340 ··-·CJIS-5.5.2.2
41341 ··-·NIST-800-171-3.4.541341 ··-·NIST-800-171-3.4.5
41342 ··-·NIST-800-53-AC-6(1)41342 ··-·NIST-800-53-AC-6(1)
41343 ··-·NIST-800-53-CM-6(a)41343 ··-·NIST-800-53-CM-6(a)
41344 ··-·PCI-DSS-Req-7.141344 ··-·PCI-DSS-Req-7.1
Offset 41351, 16 lines modifiedOffset 41351, 16 lines modified
41351 ··-·no_reboot_needed41351 ··-·no_reboot_needed
  
41352 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg41352 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
41353 ··file:41353 ··file:
41354 ····path:·/boot/grub2/user.cfg41354 ····path:·/boot/grub2/user.cfg
41355 ····group:·'0'41355 ····group:·'0'
41356 ··when:41356 ··when:
41357 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41358 ··-·'"grub2-common"·in·ansible_facts.packages'41357 ··-·'"grub2-common"·in·ansible_facts.packages'
 41358 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
41359 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41359 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41360 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists41360 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
41361 ··tags:41361 ··tags:
41362 ··-·CJIS-5.5.2.241362 ··-·CJIS-5.5.2.2
41363 ··-·NIST-800-171-3.4.541363 ··-·NIST-800-171-3.4.5
41364 ··-·NIST-800-53-AC-6(1)41364 ··-·NIST-800-53-AC-6(1)
41365 ··-·NIST-800-53-CM-6(a)41365 ··-·NIST-800-53-CM-6(a)
Offset 41372, 15 lines modifiedOffset 41372, 15 lines modified
41372 ··-·medium_severity41372 ··-·medium_severity
41373 ··-·no_reboot_needed41373 ··-·no_reboot_needed
41374 Remediation_Shell_script_⇲41374 Remediation_Shell_script_⇲
41375 Complexity:·low41375 Complexity:·low
41376 Disruption:·low41376 Disruption:·low
41377 Strategy:···configure41377 Strategy:···configure
41378 #·Remediation·is·applicable·only·in·certain·platforms41378 #·Remediation·is·applicable·only·in·certain·platforms
41379 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then41379 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
41380 chgrp·0·/boot/grub2/user.cfg41380 chgrp·0·/boot/grub2/user.cfg
  
41381 else41381 else
41382 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'41382 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
41383 fi41383 fi
41384 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***41384 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 41411, 16 lines modifiedOffset 41411, 16 lines modified
41411 ··-·no_reboot_needed41411 ··-·no_reboot_needed
  
41412 -·name:·Test·for·existence·/boot/grub2/grub.cfg41412 -·name:·Test·for·existence·/boot/grub2/grub.cfg
41413 ··stat:41413 ··stat:
41414 ····path:·/boot/grub2/grub.cfg41414 ····path:·/boot/grub2/grub.cfg
41415 ··register:·file_exists41415 ··register:·file_exists
41416 ··when:41416 ··when:
Max diff block lines reached; 14573/19135 bytes (76.16%) of diff not shown.
1.83 KB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-cui.html
    
Offset 14448, 15 lines modifiedOffset 14448, 15 lines modified
000386f0:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v000386f0:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v
00038700:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>00038700:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>
00038710:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><00038710:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><
00038720:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro00038720:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro
00038730:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong00038730:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong
00038740:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············00038740:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············
00038750:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·20200038750:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·202
00038760:·342d·3031·2d31·3429·0a20·2020·2020·2020··4-01-14).·······00038760:·352d·3032·2d31·3529·0a20·2020·2020·2020··5-02-15).·······
00038770:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></00038770:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></
00038780:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab00038780:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab
00038790:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</00038790:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</
000387a0:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr000387a0:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr
000387b0:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s000387b0:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s
000387c0:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten000387c0:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten
000387d0:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">000387d0:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">
641 B
html2text {}
    
Offset 68, 15 lines modifiedOffset 68, 15 lines modified
68 ··············Systems·and·Organizations·(NIST·800-171)68 ··············Systems·and·Organizations·(NIST·800-171)
69 Profile·ID····xccdf_org.ssgproject.content_profile_cui69 Profile·ID····xccdf_org.ssgproject.content_profile_cui
70 ***·CPE·Platforms·***70 ***·CPE·Platforms·***
71 ····*·cpe:/o:redhat:enterprise_linux:971 ····*·cpe:/o:redhat:enterprise_linux:9
72 ····*·cpe:/o:centos:centos:972 ····*·cpe:/o:centos:centos:9
73 *****·Revision·History·*****73 *****·Revision·History·*****
74 Current·version:·0.1.6574 Current·version:·0.1.65
75 ····*·draft·(as·of·2024-01-14)75 ····*·draft·(as·of·2025-02-15)
76 *****·Table·of·Contents·*****76 *****·Table·of·Contents·*****
77 ···1.·System_Settings77 ···1.·System_Settings
78 ·········1.·Installing_and_Maintaining_Software78 ·········1.·Installing_and_Maintaining_Software
79 ·········2.·Account_and_Access_Control79 ·········2.·Account_and_Access_Control
80 ·········3.·System_Accounting_with_auditd80 ·········3.·System_Accounting_with_auditd
81 ·········4.·GRUB2_bootloader_configuration81 ·········4.·GRUB2_bootloader_configuration
82 ·········5.·zIPL_bootloader_configuration82 ·········5.·zIPL_bootloader_configuration
1.97 KB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-e8.html
    
Offset 14413, 16 lines modifiedOffset 14413, 16 lines modified
000384c0:·6f6e·2048·6973·746f·7279·3c2f·6832·3e3c··on·History</h2><000384c0:·6f6e·2048·6973·746f·7279·3c2f·6832·3e3c··on·History</h2><
000384d0:·703e·4375·7272·656e·7420·7665·7273·696f··p>Current·versio000384d0:·703e·4375·7272·656e·7420·7665·7273·696f··p>Current·versio
000384e0:·6e3a·203c·7374·726f·6e67·3e30·2e31·2e36··n:·<strong>0.1.6000384e0:·6e3a·203c·7374·726f·6e67·3e30·2e31·2e36··n:·<strong>0.1.6
000384f0:·353c·2f73·7472·6f6e·673e·3c2f·703e·3c75··5</strong></p><u000384f0:·353c·2f73·7472·6f6e·673e·3c2f·703e·3c75··5</strong></p><u
00038500:·6c3e·3c6c·693e·3c73·7472·6f6e·673e·6472··l><li><strong>dr00038500:·6c3e·3c6c·693e·3c73·7472·6f6e·673e·6472··l><li><strong>dr
00038510:·6166·743c·2f73·7472·6f6e·673e·0a20·2020··aft</strong>.···00038510:·6166·743c·2f73·7472·6f6e·673e·0a20·2020··aft</strong>.···
00038520:·2020·2020·2020·2020·2020·2020·2020·2020··················00038520:·2020·2020·2020·2020·2020·2020·2020·2020··················
00038530:·2028·6173·206f·6620·3230·3234·2d30·312d···(as·of·2024-01-00038530:·2028·6173·206f·6620·3230·3235·2d30·322d···(as·of·2025-02-
00038540:·3134·290a·2020·2020·2020·2020·2020·2020··14).············00038540:·3135·290a·2020·2020·2020·2020·2020·2020··15).············
00038550:·2020·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f······</li></ul></00038550:·2020·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f······</li></ul></
00038560:·6469·763e·3c68·323e·5461·626c·6520·6f66··div><h2>Table·of00038560:·6469·763e·3c68·323e·5461·626c·6520·6f66··div><h2>Table·of
00038570:·2043·6f6e·7465·6e74·733c·2f68·323e·3c6f···Contents</h2><o00038570:·2043·6f6e·7465·6e74·733c·2f68·323e·3c6f···Contents</h2><o
00038580:·6c3e·3c6c·693e·3c61·2068·7265·663d·2223··l><li><a·href="#00038580:·6c3e·3c6c·693e·3c61·2068·7265·663d·2223··l><li><a·href="#
00038590:·7863·6364·665f·6f72·672e·7373·6770·726f··xccdf_org.ssgpro00038590:·7863·6364·665f·6f72·672e·7373·6770·726f··xccdf_org.ssgpro
000385a0:·6a65·6374·2e63·6f6e·7465·6e74·5f67·726f··ject.content_gro000385a0:·6a65·6374·2e63·6f6e·7465·6e74·5f67·726f··ject.content_gro
000385b0:·7570·5f73·7973·7465·6d22·3e53·7973·7465··up_system">Syste000385b0:·7570·5f73·7973·7465·6d22·3e53·7973·7465··up_system">Syste
647 B
html2text {}
    
Offset 59, 15 lines modifiedOffset 59, 15 lines modified
59 Profile·Title·Australian·Cyber·Security·Centre·(ACSC)·Essential·Eight59 Profile·Title·Australian·Cyber·Security·Centre·(ACSC)·Essential·Eight
60 Profile·ID····xccdf_org.ssgproject.content_profile_e860 Profile·ID····xccdf_org.ssgproject.content_profile_e8
61 ***·CPE·Platforms·***61 ***·CPE·Platforms·***
62 ····*·cpe:/o:redhat:enterprise_linux:962 ····*·cpe:/o:redhat:enterprise_linux:9
63 ····*·cpe:/o:centos:centos:963 ····*·cpe:/o:centos:centos:9
64 *****·Revision·History·*****64 *****·Revision·History·*****
65 Current·version:·0.1.6565 Current·version:·0.1.65
66 ····*·draft·(as·of·2024-01-14)66 ····*·draft·(as·of·2025-02-15)
67 *****·Table·of·Contents·*****67 *****·Table·of·Contents·*****
68 ···1.·System_Settings68 ···1.·System_Settings
69 ·········1.·Installing_and_Maintaining_Software69 ·········1.·Installing_and_Maintaining_Software
70 ·········2.·Account_and_Access_Control70 ·········2.·Account_and_Access_Control
71 ·········3.·System_Accounting_with_auditd71 ·········3.·System_Accounting_with_auditd
72 ·········4.·Configure_Syslog72 ·········4.·Configure_Syslog
73 ·········5.·Network_Configuration_and_Firewalls73 ·········5.·Network_Configuration_and_Firewalls
16.9 KB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-hipaa.html
    
Offset 14433, 15 lines modifiedOffset 14433, 15 lines modified
00038600:·6973·746f·7279·3c2f·6832·3e3c·703e·4375··istory</h2><p>Cu00038600:·6973·746f·7279·3c2f·6832·3e3c·703e·4375··istory</h2><p>Cu
00038610:·7272·656e·7420·7665·7273·696f·6e3a·203c··rrent·version:·<00038610:·7272·656e·7420·7665·7273·696f·6e3a·203c··rrent·version:·<
00038620:·7374·726f·6e67·3e30·2e31·2e36·353c·2f73··strong>0.1.65</s00038620:·7374·726f·6e67·3e30·2e31·2e36·353c·2f73··strong>0.1.65</s
00038630:·7472·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c··trong></p><ul><l00038630:·7472·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c··trong></p><ul><l
00038640:·693e·3c73·7472·6f6e·673e·6472·6166·743c··i><strong>draft<00038640:·693e·3c73·7472·6f6e·673e·6472·6166·743c··i><strong>draft<
00038650:·2f73·7472·6f6e·673e·0a20·2020·2020·2020··/strong>.·······00038650:·2f73·7472·6f6e·673e·0a20·2020·2020·2020··/strong>.·······
00038660:·2020·2020·2020·2020·2020·2020·2028·6173···············(as00038660:·2020·2020·2020·2020·2020·2020·2028·6173···············(as
00038670:·206f·6620·3230·3234·2d30·312d·3134·290a···of·2024-01-14).00038670:·206f·6620·3230·3235·2d30·322d·3135·290a···of·2025-02-15).
00038680:·2020·2020·2020·2020·2020·2020·2020·2020··················00038680:·2020·2020·2020·2020·2020·2020·2020·2020··················
00038690:·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469·763e··</li></ul></div>00038690:·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469·763e··</li></ul></div>
000386a0:·3c68·323e·5461·626c·6520·6f66·2043·6f6e··<h2>Table·of·Con000386a0:·3c68·323e·5461·626c·6520·6f66·2043·6f6e··<h2>Table·of·Con
000386b0:·7465·6e74·733c·2f68·323e·3c6f·6c3e·3c6c··tents</h2><ol><l000386b0:·7465·6e74·733c·2f68·323e·3c6f·6c3e·3c6c··tents</h2><ol><l
000386c0:·693e·3c61·2068·7265·663d·2223·7863·6364··i><a·href="#xccd000386c0:·693e·3c61·2068·7265·663d·2223·7863·6364··i><a·href="#xccd
000386d0:·665f·6f72·672e·7373·6770·726f·6a65·6374··f_org.ssgproject000386d0:·665f·6f72·672e·7373·6770·726f·6a65·6374··f_org.ssgproject
000386e0:·2e63·6f6e·7465·6e74·5f67·726f·7570·5f73··.content_group_s000386e0:·2e63·6f6e·7465·6e74·5f67·726f·7570·5f73··.content_group_s
Offset 199250, 22 lines modifiedOffset 199250, 22 lines modified
0030a510:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis0030a510:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis
0030a520:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub0030a520:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub
0030a530:·322f·6772·7562·2e63·6667·0a20·2073·7461··2/grub.cfg.··sta0030a530:·322f·6772·7562·2e63·6667·0a20·2073·7461··2/grub.cfg.··sta
0030a540:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo0030a540:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo
0030a550:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf0030a550:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
0030a560:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi0030a560:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi
0030a570:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when0030a570:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when
0030a580:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef 
0030a590:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl 
0030a5a0:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a 
0030a5b0:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount" 
0030a5c0:·2920·7c20·6c69·7374·270a·2020·2d20·2722··)·|·list'.··-·'" 
0030a5d0:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in 
0030a5e0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
0030a5f0:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans0030a580:·3a0a·2020·2d20·2722·6772·7562·322d·636f··:.··-·'"grub2-co
 0030a590:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible
 0030a5a0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 0030a5b0:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi
 0030a5c0:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible
 0030a5d0:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at
 0030a5e0:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount")
 0030a5f0:·207c·206c·6973·7427·0a20·202d·2061·6e73···|·list'.··-·ans
0030a600:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat0030a600:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
0030a610:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·0030a610:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
0030a620:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"0030a620:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
0030a630:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod0030a630:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
0030a640:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container0030a640:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
0030a650:·225d·0a20·2074·6167·733a·0a20·202d·2043··"].··tags:.··-·C0030a650:·225d·0a20·2074·6167·733a·0a20·202d·2043··"].··tags:.··-·C
0030a660:·4a49·532d·352e·352e·322e·320a·2020·2d20··JIS-5.5.2.2.··-·0030a660:·4a49·532d·352e·352e·322e·320a·2020·2d20··JIS-5.5.2.2.··-·
Offset 199286, 22 lines modifiedOffset 199286, 22 lines modified
0030a750:·6d65·3a20·456e·7375·7265·2067·726f·7570··me:·Ensure·group0030a750:·6d65·3a20·456e·7375·7265·2067·726f·7570··me:·Ensure·group
0030a760:·206f·776e·6572·2030·206f·6e20·2f62·6f6f···owner·0·on·/boo0030a760:·206f·776e·6572·2030·206f·6e20·2f62·6f6f···owner·0·on·/boo
0030a770:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg0030a770:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg
0030a780:·0a20·2066·696c·653a·0a20·2020·2070·6174··.··file:.····pat0030a780:·0a20·2066·696c·653a·0a20·2020·2070·6174··.··file:.····pat
0030a790:·683a·202f·626f·6f74·2f67·7275·6232·2f67··h:·/boot/grub2/g0030a790:·683a·202f·626f·6f74·2f67·7275·6232·2f67··h:·/boot/grub2/g
0030a7a0:·7275·622e·6366·670a·2020·2020·6772·6f75··rub.cfg.····grou0030a7a0:·7275·622e·6366·670a·2020·2020·6772·6f75··rub.cfg.····grou
0030a7b0:·703a·2027·3027·0a20·2077·6865·6e3a·0a20··p:·'0'.··when:.·0030a7b0:·703a·2027·3027·0a20·2077·6865·6e3a·0a20··p:·'0'.··when:.·
0030a7c0:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"· 
0030a7d0:·6e6f·7420·696e·2061·6e73·6962·6c65·5f6d··not·in·ansible_m 
0030a7e0:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr 
0030a7f0:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·| 
0030a800:·206c·6973·7427·0a20·202d·2027·2267·7275···list'.··-·'"gru 
0030a810:·6232·2d63·6f6d·6d6f·6e22·2069·6e20·616e··b2-common"·in·an 
0030a820:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack0030a7c0:·202d·2027·2267·7275·6232·2d63·6f6d·6d6f···-·'"grub2-commo
 0030a7d0:·6e22·2069·6e20·616e·7369·626c·655f·6661··n"·in·ansible_fa
 0030a7e0:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
 0030a7f0:·2d20·2722·2f62·6f6f·742f·6566·6922·206e··-·'"/boot/efi"·n
 0030a800:·6f74·2069·6e20·616e·7369·626c·655f·6d6f··ot·in·ansible_mo
 0030a810:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri
 0030a820:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|·
0030a830:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl0030a830:·6c69·7374·270a·2020·2d20·616e·7369·626c··list'.··-·ansibl
0030a840:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization0030a840:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
0030a850:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d0030a850:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
0030a860:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"0030a860:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
0030a870:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman0030a870:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
0030a880:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].0030a880:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].
0030a890:·2020·2d20·6669·6c65·5f65·7869·7374·732e····-·file_exists.0030a890:·2020·2d20·6669·6c65·5f65·7869·7374·732e····-·file_exists.
0030a8a0:·7374·6174·2069·7320·6465·6669·6e65·6420··stat·is·defined·0030a8a0:·7374·6174·2069·7320·6465·6669·6e65·6420··stat·is·defined·
Offset 199351, 19 lines modifiedOffset 199351, 19 lines modified
0030ab60:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate0030ab60:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate
0030ab70:·6779·3a3c·2f74·683e·3c74·643e·636f·6e66··gy:</th><td>conf0030ab70:·6779·3a3c·2f74·683e·3c74·643e·636f·6e66··gy:</th><td>conf
0030ab80:·6967·7572·653c·2f74·643e·3c2f·7472·3e3c··igure</td></tr><0030ab80:·6967·7572·653c·2f74·643e·3c2f·7472·3e3c··igure</td></tr><
0030ab90:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod0030ab90:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod
0030aba0:·653e·2320·5265·6d65·6469·6174·696f·6e20··e>#·Remediation·0030aba0:·653e·2320·5265·6d65·6469·6174·696f·6e20··e>#·Remediation·
0030abb0:·6973·2061·7070·6c69·6361·626c·6520·6f6e··is·applicable·on0030abb0:·6973·2061·7070·6c69·6361·626c·6520·6f6e··is·applicable·on
0030abc0:·6c79·2069·6e20·6365·7274·6169·6e20·706c··ly·in·certain·pl0030abc0:·6c79·2069·6e20·6365·7274·6169·6e20·706c··ly·in·certain·pl
0030abd0:·6174·666f·726d·730a·6966·205b·2021·202d··atforms.if·[·!·-0030abd0:·6174·666f·726d·730a·6966·2072·706d·202d··atforms.if·rpm·-
0030abe0:·6620·2f73·7973·2f66·6972·6d77·6172·652f··f·/sys/firmware/ 
0030abf0:·6566·6920·5d20·2661·6d70·3b26·616d·703b··efi·]·&amp;&amp; 
0030ac00:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q· 
0030ac10:·6772·7562·322d·636f·6d6d·6f6e·2026·616d··grub2-common·&am0030abe0:·2d71·7569·6574·202d·7120·6772·7562·322d··-quiet·-q·grub2-
 0030abf0:·636f·6d6d·6f6e·2026·616d·703b·2661·6d70··common·&amp;&amp
 0030ac00:·3b20·5b20·2120·2d66·202f·7379·732f·6669··;·[·!·-f·/sys/fi
 0030ac10:·726d·7761·7265·2f65·6669·205d·2026·616d··rmware/efi·]·&am
0030ac20:·703b·2661·6d70·3b20·7b20·5b20·2120·2d66··p;&amp;·{·[·!·-f0030ac20:·703b·2661·6d70·3b20·7b20·5b20·2120·2d66··p;&amp;·{·[·!·-f
0030ac30:·202f·2e64·6f63·6b65·7265·6e76·205d·2026···/.dockerenv·]·&0030ac30:·202f·2e64·6f63·6b65·7265·6e76·205d·2026···/.dockerenv·]·&
0030ac40:·616d·703b·2661·6d70·3b20·5b20·2120·2d66··amp;&amp;·[·!·-f0030ac40:·616d·703b·2661·6d70·3b20·5b20·2120·2d66··amp;&amp;·[·!·-f
0030ac50:·202f·7275·6e2f·2e63·6f6e·7461·696e·6572···/run/.container0030ac50:·202f·7275·6e2f·2e63·6f6e·7461·696e·6572···/run/.container
0030ac60:·656e·7620·5d3b·207d·3b20·7468·656e·0a0a··env·];·};·then..0030ac60:·656e·7620·5d3b·207d·3b20·7468·656e·0a0a··env·];·};·then..
0030ac70:·6368·6772·7020·3020·2f62·6f6f·742f·6772··chgrp·0·/boot/gr0030ac70:·6368·6772·7020·3020·2f62·6f6f·742f·6772··chgrp·0·/boot/gr
0030ac80:·7562·322f·6772·7562·2e63·6667·0a0a·656c··ub2/grub.cfg..el0030ac80:·7562·322f·6772·7562·2e63·6667·0a0a·656c··ub2/grub.cfg..el
Offset 199825, 22 lines modifiedOffset 199825, 22 lines modified
0030c900:·5465·7374·2066·6f72·2065·7869·7374·656e··Test·for·existen0030c900:·5465·7374·2066·6f72·2065·7869·7374·656e··Test·for·existen
0030c910:·6365·202f·626f·6f74·2f67·7275·6232·2f67··ce·/boot/grub2/g0030c910:·6365·202f·626f·6f74·2f67·7275·6232·2f67··ce·/boot/grub2/g
0030c920:·7275·622e·6366·670a·2020·7374·6174·3a0a··rub.cfg.··stat:.0030c920:·7275·622e·6366·670a·2020·7374·6174·3a0a··rub.cfg.··stat:.
0030c930:·2020·2020·7061·7468·3a20·2f62·6f6f·742f······path:·/boot/0030c930:·2020·2020·7061·7468·3a20·2f62·6f6f·742f······path:·/boot/
0030c940:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·0030c940:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·
0030c950:·2072·6567·6973·7465·723a·2066·696c·655f···register:·file_0030c950:·2072·6567·6973·7465·723a·2066·696c·655f···register:·file_
0030c960:·6578·6973·7473·0a20·2077·6865·6e3a·0a20··exists.··when:.·0030c960:·6578·6973·7473·0a20·2077·6865·6e3a·0a20··exists.··when:.·
0030c970:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"· 
0030c980:·6e6f·7420·696e·2061·6e73·6962·6c65·5f6d··not·in·ansible_m 
0030c990:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr 
0030c9a0:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·| 
0030c9b0:·206c·6973·7427·0a20·202d·2027·2267·7275···list'.··-·'"gru 
0030c9c0:·6232·2d63·6f6d·6d6f·6e22·2069·6e20·616e··b2-common"·in·an 
0030c9d0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack0030c970:·202d·2027·2267·7275·6232·2d63·6f6d·6d6f···-·'"grub2-commo
 0030c980:·6e22·2069·6e20·616e·7369·626c·655f·6661··n"·in·ansible_fa
 0030c990:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
 0030c9a0:·2d20·2722·2f62·6f6f·742f·6566·6922·206e··-·'"/boot/efi"·n
 0030c9b0:·6f74·2069·6e20·616e·7369·626c·655f·6d6f··ot·in·ansible_mo
 0030c9c0:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri
 0030c9d0:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|·
0030c9e0:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl0030c9e0:·6c69·7374·270a·2020·2d20·616e·7369·626c··list'.··-·ansibl
0030c9f0:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization0030c9f0:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
0030ca00:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d0030ca00:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
0030ca10:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"0030ca10:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
0030ca20:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman0030ca20:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
0030ca30:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].0030ca30:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].
0030ca40:·2020·7461·6773·3a0a·2020·2d20·434a·4953····tags:.··-·CJIS0030ca40:·2020·7461·6773·3a0a·2020·2d20·434a·4953····tags:.··-·CJIS
0030ca50:·2d35·2e35·2e32·2e32·0a20·202d·204e·4953··-5.5.2.2.··-·NIS0030ca50:·2d35·2e35·2e32·2e32·0a20·202d·204e·4953··-5.5.2.2.··-·NIS
Offset 199860, 22 lines modifiedOffset 199860, 22 lines modified
Max diff block lines reached; 3754/12890 bytes (29.12%) of diff not shown.
4.21 KB
html2text {}
    
Offset 64, 15 lines modifiedOffset 64, 15 lines modified
64 Profile·Title·Health·Insurance·Portability·and·Accountability·Act·(HIPAA)64 Profile·Title·Health·Insurance·Portability·and·Accountability·Act·(HIPAA)
65 Profile·ID····xccdf_org.ssgproject.content_profile_hipaa65 Profile·ID····xccdf_org.ssgproject.content_profile_hipaa
66 ***·CPE·Platforms·***66 ***·CPE·Platforms·***
67 ····*·cpe:/o:redhat:enterprise_linux:967 ····*·cpe:/o:redhat:enterprise_linux:9
68 ····*·cpe:/o:centos:centos:968 ····*·cpe:/o:centos:centos:9
69 *****·Revision·History·*****69 *****·Revision·History·*****
70 Current·version:·0.1.6570 Current·version:·0.1.65
71 ····*·draft·(as·of·2024-01-14)71 ····*·draft·(as·of·2025-02-15)
72 *****·Table·of·Contents·*****72 *****·Table·of·Contents·*****
73 ···1.·System_Settings73 ···1.·System_Settings
74 ·········1.·Installing_and_Maintaining_Software74 ·········1.·Installing_and_Maintaining_Software
75 ·········2.·Account_and_Access_Control75 ·········2.·Account_and_Access_Control
76 ·········3.·System_Accounting_with_auditd76 ·········3.·System_Accounting_with_auditd
77 ·········4.·GRUB2_bootloader_configuration77 ·········4.·GRUB2_bootloader_configuration
78 ·········5.·Configure_Syslog78 ·········5.·Configure_Syslog
Offset 47929, 16 lines modifiedOffset 47929, 16 lines modified
47929 ··-·no_reboot_needed47929 ··-·no_reboot_needed
  
47930 -·name:·Test·for·existence·/boot/grub2/grub.cfg47930 -·name:·Test·for·existence·/boot/grub2/grub.cfg
47931 ··stat:47931 ··stat:
47932 ····path:·/boot/grub2/grub.cfg47932 ····path:·/boot/grub2/grub.cfg
47933 ··register:·file_exists47933 ··register:·file_exists
47934 ··when:47934 ··when:
47935 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
47936 ··-·'"grub2-common"·in·ansible_facts.packages'47935 ··-·'"grub2-common"·in·ansible_facts.packages'
 47936 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
47937 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]47937 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
47938 ··tags:47938 ··tags:
47939 ··-·CJIS-5.5.2.247939 ··-·CJIS-5.5.2.2
47940 ··-·NIST-800-171-3.4.547940 ··-·NIST-800-171-3.4.5
47941 ··-·NIST-800-53-AC-6(1)47941 ··-·NIST-800-53-AC-6(1)
47942 ··-·NIST-800-53-CM-6(a)47942 ··-·NIST-800-53-CM-6(a)
47943 ··-·PCI-DSS-Req-7.147943 ··-·PCI-DSS-Req-7.1
Offset 47950, 16 lines modifiedOffset 47950, 16 lines modified
47950 ··-·no_reboot_needed47950 ··-·no_reboot_needed
  
47951 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg47951 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
47952 ··file:47952 ··file:
47953 ····path:·/boot/grub2/grub.cfg47953 ····path:·/boot/grub2/grub.cfg
47954 ····group:·'0'47954 ····group:·'0'
47955 ··when:47955 ··when:
47956 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
47957 ··-·'"grub2-common"·in·ansible_facts.packages'47956 ··-·'"grub2-common"·in·ansible_facts.packages'
 47957 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
47958 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]47958 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
47959 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists47959 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
47960 ··tags:47960 ··tags:
47961 ··-·CJIS-5.5.2.247961 ··-·CJIS-5.5.2.2
47962 ··-·NIST-800-171-3.4.547962 ··-·NIST-800-171-3.4.5
47963 ··-·NIST-800-53-AC-6(1)47963 ··-·NIST-800-53-AC-6(1)
47964 ··-·NIST-800-53-CM-6(a)47964 ··-·NIST-800-53-CM-6(a)
Offset 47971, 15 lines modifiedOffset 47971, 15 lines modified
47971 ··-·medium_severity47971 ··-·medium_severity
47972 ··-·no_reboot_needed47972 ··-·no_reboot_needed
47973 Remediation_Shell_script_⇲47973 Remediation_Shell_script_⇲
47974 Complexity:·low47974 Complexity:·low
47975 Disruption:·low47975 Disruption:·low
47976 Strategy:···configure47976 Strategy:···configure
47977 #·Remediation·is·applicable·only·in·certain·platforms47977 #·Remediation·is·applicable·only·in·certain·platforms
47978 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then47978 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
47979 chgrp·0·/boot/grub2/grub.cfg47979 chgrp·0·/boot/grub2/grub.cfg
  
47980 else47980 else
47981 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'47981 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
47982 fi47982 fi
47983 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***47983 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 48010, 16 lines modifiedOffset 48010, 16 lines modified
48010 ··-·no_reboot_needed48010 ··-·no_reboot_needed
  
48011 -·name:·Test·for·existence·/boot/grub2/grub.cfg48011 -·name:·Test·for·existence·/boot/grub2/grub.cfg
48012 ··stat:48012 ··stat:
48013 ····path:·/boot/grub2/grub.cfg48013 ····path:·/boot/grub2/grub.cfg
48014 ··register:·file_exists48014 ··register:·file_exists
48015 ··when:48015 ··when:
48016 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
48017 ··-·'"grub2-common"·in·ansible_facts.packages'48016 ··-·'"grub2-common"·in·ansible_facts.packages'
 48017 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
48018 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]48018 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
48019 ··tags:48019 ··tags:
48020 ··-·CJIS-5.5.2.248020 ··-·CJIS-5.5.2.2
48021 ··-·NIST-800-171-3.4.548021 ··-·NIST-800-171-3.4.5
48022 ··-·NIST-800-53-AC-6(1)48022 ··-·NIST-800-53-AC-6(1)
48023 ··-·NIST-800-53-CM-6(a)48023 ··-·NIST-800-53-CM-6(a)
48024 ··-·PCI-DSS-Req-7.148024 ··-·PCI-DSS-Req-7.1
Offset 48031, 16 lines modifiedOffset 48031, 16 lines modified
48031 ··-·no_reboot_needed48031 ··-·no_reboot_needed
  
48032 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg48032 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
48033 ··file:48033 ··file:
48034 ····path:·/boot/grub2/grub.cfg48034 ····path:·/boot/grub2/grub.cfg
48035 ····owner:·'0'48035 ····owner:·'0'
48036 ··when:48036 ··when:
48037 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
48038 ··-·'"grub2-common"·in·ansible_facts.packages'48037 ··-·'"grub2-common"·in·ansible_facts.packages'
 48038 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
48039 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]48039 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
48040 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists48040 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
48041 ··tags:48041 ··tags:
48042 ··-·CJIS-5.5.2.248042 ··-·CJIS-5.5.2.2
48043 ··-·NIST-800-171-3.4.548043 ··-·NIST-800-171-3.4.5
48044 ··-·NIST-800-53-AC-6(1)48044 ··-·NIST-800-53-AC-6(1)
48045 ··-·NIST-800-53-CM-6(a)48045 ··-·NIST-800-53-CM-6(a)
Offset 48052, 15 lines modifiedOffset 48052, 15 lines modified
48052 ··-·medium_severity48052 ··-·medium_severity
48053 ··-·no_reboot_needed48053 ··-·no_reboot_needed
48054 Remediation_Shell_script_⇲48054 Remediation_Shell_script_⇲
48055 Complexity:·low48055 Complexity:·low
48056 Disruption:·low48056 Disruption:·low
48057 Strategy:···configure48057 Strategy:···configure
48058 #·Remediation·is·applicable·only·in·certain·platforms48058 #·Remediation·is·applicable·only·in·certain·platforms
48059 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then48059 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
48060 chown·0·/boot/grub2/grub.cfg48060 chown·0·/boot/grub2/grub.cfg
  
48061 else48061 else
48062 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'48062 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
48063 fi48063 fi
48064 ***·Rule  ·Set·Boot·Loader·Password·in·grub2·  [ref]·***48064 ***·Rule  ·Set·Boot·Loader·Password·in·grub2·  [ref]·***
1.84 KB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-ism_o.html
    
Offset 14426, 15 lines modifiedOffset 14426, 15 lines modified
00038590:·6973·746f·7279·3c2f·6832·3e3c·703e·4375··istory</h2><p>Cu00038590:·6973·746f·7279·3c2f·6832·3e3c·703e·4375··istory</h2><p>Cu
000385a0:·7272·656e·7420·7665·7273·696f·6e3a·203c··rrent·version:·<000385a0:·7272·656e·7420·7665·7273·696f·6e3a·203c··rrent·version:·<
000385b0:·7374·726f·6e67·3e30·2e31·2e36·353c·2f73··strong>0.1.65</s000385b0:·7374·726f·6e67·3e30·2e31·2e36·353c·2f73··strong>0.1.65</s
000385c0:·7472·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c··trong></p><ul><l000385c0:·7472·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c··trong></p><ul><l
000385d0:·693e·3c73·7472·6f6e·673e·6472·6166·743c··i><strong>draft<000385d0:·693e·3c73·7472·6f6e·673e·6472·6166·743c··i><strong>draft<
000385e0:·2f73·7472·6f6e·673e·0a20·2020·2020·2020··/strong>.·······000385e0:·2f73·7472·6f6e·673e·0a20·2020·2020·2020··/strong>.·······
000385f0:·2020·2020·2020·2020·2020·2020·2028·6173···············(as000385f0:·2020·2020·2020·2020·2020·2020·2028·6173···············(as
00038600:·206f·6620·3230·3234·2d30·312d·3134·290a···of·2024-01-14).00038600:·206f·6620·3230·3235·2d30·322d·3135·290a···of·2025-02-15).
00038610:·2020·2020·2020·2020·2020·2020·2020·2020··················00038610:·2020·2020·2020·2020·2020·2020·2020·2020··················
00038620:·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469·763e··</li></ul></div>00038620:·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469·763e··</li></ul></div>
00038630:·3c68·323e·5461·626c·6520·6f66·2043·6f6e··<h2>Table·of·Con00038630:·3c68·323e·5461·626c·6520·6f66·2043·6f6e··<h2>Table·of·Con
00038640:·7465·6e74·733c·2f68·323e·3c6f·6c3e·3c6c··tents</h2><ol><l00038640:·7465·6e74·733c·2f68·323e·3c6f·6c3e·3c6c··tents</h2><ol><l
00038650:·693e·3c61·2068·7265·663d·2223·7863·6364··i><a·href="#xccd00038650:·693e·3c61·2068·7265·663d·2223·7863·6364··i><a·href="#xccd
00038660:·665f·6f72·672e·7373·6770·726f·6a65·6374··f_org.ssgproject00038660:·665f·6f72·672e·7373·6770·726f·6a65·6374··f_org.ssgproject
00038670:·2e63·6f6e·7465·6e74·5f67·726f·7570·5f73··.content_group_s00038670:·2e63·6f6e·7465·6e74·5f67·726f·7570·5f73··.content_group_s
647 B
html2text {}
    
Offset 62, 15 lines modifiedOffset 62, 15 lines modified
62 Profile·Title·Australian·Cyber·Security·Centre·(ACSC)·ISM·Official62 Profile·Title·Australian·Cyber·Security·Centre·(ACSC)·ISM·Official
63 Profile·ID····xccdf_org.ssgproject.content_profile_ism_o63 Profile·ID····xccdf_org.ssgproject.content_profile_ism_o
64 ***·CPE·Platforms·***64 ***·CPE·Platforms·***
65 ····*·cpe:/o:redhat:enterprise_linux:965 ····*·cpe:/o:redhat:enterprise_linux:9
66 ····*·cpe:/o:centos:centos:966 ····*·cpe:/o:centos:centos:9
67 *****·Revision·History·*****67 *****·Revision·History·*****
68 Current·version:·0.1.6568 Current·version:·0.1.65
69 ····*·draft·(as·of·2024-01-14)69 ····*·draft·(as·of·2025-02-15)
70 *****·Table·of·Contents·*****70 *****·Table·of·Contents·*****
71 ···1.·System_Settings71 ···1.·System_Settings
72 ·········1.·Installing_and_Maintaining_Software72 ·········1.·Installing_and_Maintaining_Software
73 ·········2.·Account_and_Access_Control73 ·········2.·Account_and_Access_Control
74 ·········3.·System_Accounting_with_auditd74 ·········3.·System_Accounting_with_auditd
75 ·········4.·Configure_Syslog75 ·········4.·Configure_Syslog
76 ·········5.·Network_Configuration_and_Firewalls76 ·········5.·Network_Configuration_and_Firewalls
1.85 KB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-ospp.html
    
Offset 14415, 15 lines modifiedOffset 14415, 15 lines modified
000384e0:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>000384e0:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>
000384f0:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:000384f0:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:
00038500:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<00038500:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<
00038510:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>00038510:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>
00038520:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf00038520:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf
00038530:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····00038530:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····
00038540:·2020·2020·2020·2020·2020·2020·2020·2028·················(00038540:·2020·2020·2020·2020·2020·2020·2020·2028·················(
00038550:·6173·206f·6620·3230·3234·2d30·312d·3134··as·of·2024-01-1400038550:·6173·206f·6620·3230·3235·2d30·322d·3135··as·of·2025-02-15
00038560:·290a·2020·2020·2020·2020·2020·2020·2020··).··············00038560:·290a·2020·2020·2020·2020·2020·2020·2020··).··············
00038570:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di00038570:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di
00038580:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C00038580:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C
00038590:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>00038590:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>
000385a0:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc000385a0:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc
000385b0:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje000385b0:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje
000385c0:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group000385c0:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group
658 B
html2text {}
    
Offset 59, 15 lines modifiedOffset 59, 15 lines modified
59 Profile·Title·Protection·Profile·for·General·Purpose·Operating·Systems59 Profile·Title·Protection·Profile·for·General·Purpose·Operating·Systems
60 Profile·ID····xccdf_org.ssgproject.content_profile_ospp60 Profile·ID····xccdf_org.ssgproject.content_profile_ospp
61 ***·CPE·Platforms·***61 ***·CPE·Platforms·***
62 ····*·cpe:/o:redhat:enterprise_linux:962 ····*·cpe:/o:redhat:enterprise_linux:9
63 ····*·cpe:/o:centos:centos:963 ····*·cpe:/o:centos:centos:9
64 *****·Revision·History·*****64 *****·Revision·History·*****
65 Current·version:·0.1.6565 Current·version:·0.1.65
66 ····*·draft·(as·of·2024-01-14)66 ····*·draft·(as·of·2025-02-15)
67 *****·Table·of·Contents·*****67 *****·Table·of·Contents·*****
68 ···1.·System_Settings68 ···1.·System_Settings
69 ·········1.·Installing_and_Maintaining_Software69 ·········1.·Installing_and_Maintaining_Software
70 ·········2.·Account_and_Access_Control70 ·········2.·Account_and_Access_Control
71 ·········3.·System_Accounting_with_auditd71 ·········3.·System_Accounting_with_auditd
72 ·········4.·GRUB2_bootloader_configuration72 ·········4.·GRUB2_bootloader_configuration
73 ·········5.·zIPL_bootloader_configuration73 ·········5.·zIPL_bootloader_configuration
17.1 KB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-pci-dss.html
    
Offset 14397, 16 lines modifiedOffset 14397, 16 lines modified
000383c0:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p000383c0:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p
000383d0:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version000383d0:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version
000383e0:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.65000383e0:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.65
000383f0:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul000383f0:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul
00038400:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra00038400:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra
00038410:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····00038410:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····
00038420:·2020·2020·2020·2020·2020·2020·2020·2020··················00038420:·2020·2020·2020·2020·2020·2020·2020·2020··················
00038430:·2861·7320·6f66·2032·3032·342d·3031·2d31··(as·of·2024-01-100038430:·2861·7320·6f66·2032·3032·352d·3032·2d31··(as·of·2025-02-1
00038440:·3429·0a20·2020·2020·2020·2020·2020·2020··4).·············00038440:·3529·0a20·2020·2020·2020·2020·2020·2020··5).·············
00038450:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d00038450:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d
00038460:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·00038460:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·
00038470:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol00038470:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol
00038480:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x00038480:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x
00038490:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj00038490:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj
000384a0:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou000384a0:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou
000384b0:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System000384b0:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System
Offset 190789, 22 lines modifiedOffset 190789, 22 lines modified
002e9440:·2054·6573·7420·666f·7220·6578·6973·7465···Test·for·existe002e9440:·2054·6573·7420·666f·7220·6578·6973·7465···Test·for·existe
002e9450:·6e63·6520·2f62·6f6f·742f·6772·7562·322f··nce·/boot/grub2/002e9450:·6e63·6520·2f62·6f6f·742f·6772·7562·322f··nce·/boot/grub2/
002e9460:·6772·7562·2e63·6667·0a20·2073·7461·743a··grub.cfg.··stat:002e9460:·6772·7562·2e63·6667·0a20·2073·7461·743a··grub.cfg.··stat:
002e9470:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot002e9470:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot
002e9480:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.002e9480:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.
002e9490:·2020·7265·6769·7374·6572·3a20·6669·6c65····register:·file002e9490:·2020·7265·6769·7374·6572·3a20·6669·6c65····register:·file
002e94a0:·5f65·7869·7374·730a·2020·7768·656e·3a0a··_exists.··when:.002e94a0:·5f65·7869·7374·730a·2020·7768·656e·3a0a··_exists.··when:.
002e94b0:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi" 
002e94c0:·206e·6f74·2069·6e20·616e·7369·626c·655f···not·in·ansible_ 
002e94d0:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att 
002e94e0:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")· 
002e94f0:·7c20·6c69·7374·270a·2020·2d20·2722·6772··|·list'.··-·'"gr 
002e9500:·7562·322d·636f·6d6d·6f6e·2220·696e·2061··ub2-common"·in·a 
002e9510:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac002e94b0:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm
 002e94c0:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f
 002e94d0:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
 002e94e0:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"·
 002e94f0:·6e6f·7420·696e·2061·6e73·6962·6c65·5f6d··not·in·ansible_m
 002e9500:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr
 002e9510:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·|
002e9520:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib002e9520:·206c·6973·7427·0a20·202d·2061·6e73·6962···list'.··-·ansib
002e9530:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio002e9530:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio
002e9540:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["002e9540:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["
002e9550:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·002e9550:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·
002e9560:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma002e9560:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma
002e9570:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]002e9570:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]
002e9580:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI002e9580:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI
002e9590:·532d·352e·352e·322e·320a·2020·2d20·4e49··S-5.5.2.2.··-·NI002e9590:·532d·352e·352e·322e·320a·2020·2d20·4e49··S-5.5.2.2.··-·NI
Offset 190825, 22 lines modifiedOffset 190825, 22 lines modified
002e9680:·3a20·456e·7375·7265·2067·726f·7570·206f··:·Ensure·group·o002e9680:·3a20·456e·7375·7265·2067·726f·7570·206f··:·Ensure·group·o
002e9690:·776e·6572·2030·206f·6e20·2f62·6f6f·742f··wner·0·on·/boot/002e9690:·776e·6572·2030·206f·6e20·2f62·6f6f·742f··wner·0·on·/boot/
002e96a0:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·002e96a0:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·
002e96b0:·2066·696c·653a·0a20·2020·2070·6174·683a···file:.····path:002e96b0:·2066·696c·653a·0a20·2020·2070·6174·683a···file:.····path:
002e96c0:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru002e96c0:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
002e96d0:·622e·6366·670a·2020·2020·6772·6f75·703a··b.cfg.····group:002e96d0:·622e·6366·670a·2020·2020·6772·6f75·703a··b.cfg.····group:
002e96e0:·2027·3027·0a20·2077·6865·6e3a·0a20·202d···'0'.··when:.··-002e96e0:·2027·3027·0a20·2077·6865·6e3a·0a20·202d···'0'.··when:.··-
002e96f0:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no 
002e9700:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou 
002e9710:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib 
002e9720:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l 
002e9730:·6973·7427·0a20·202d·2027·2267·7275·6232··ist'.··-·'"grub2 
002e9740:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi 
002e9750:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag002e96f0:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common"
 002e9700:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 002e9710:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·
 002e9720:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not
 002e9730:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun
 002e9740:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu
 002e9750:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li
002e9760:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_002e9760:·7374·270a·2020·2d20·616e·7369·626c·655f··st'.··-·ansible_
002e9770:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t002e9770:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
002e9780:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc002e9780:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
002e9790:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op002e9790:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
002e97a0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",002e97a0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
002e97b0:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··002e97b0:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
002e97c0:·2d20·6669·6c65·5f65·7869·7374·732e·7374··-·file_exists.st002e97c0:·2d20·6669·6c65·5f65·7869·7374·732e·7374··-·file_exists.st
002e97d0:·6174·2069·7320·6465·6669·6e65·6420·616e··at·is·defined·an002e97d0:·6174·2069·7320·6465·6669·6e65·6420·616e··at·is·defined·an
Offset 190890, 19 lines modifiedOffset 190890, 19 lines modified
002e9a90:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy002e9a90:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy
002e9aa0:·3a3c·2f74·683e·3c74·643e·636f·6e66·6967··:</th><td>config002e9aa0:·3a3c·2f74·683e·3c74·643e·636f·6e66·6967··:</th><td>config
002e9ab0:·7572·653c·2f74·643e·3c2f·7472·3e3c·2f74··ure</td></tr></t002e9ab0:·7572·653c·2f74·643e·3c2f·7472·3e3c·2f74··ure</td></tr></t
002e9ac0:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>002e9ac0:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>
002e9ad0:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is002e9ad0:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is
002e9ae0:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only002e9ae0:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only
002e9af0:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat002e9af0:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat
002e9b00:·666f·726d·730a·6966·205b·2021·202d·6620··forms.if·[·!·-f·002e9b00:·666f·726d·730a·6966·2072·706d·202d·2d71··forms.if·rpm·--q
002e9b10:·2f73·7973·2f66·6972·6d77·6172·652f·6566··/sys/firmware/ef 
002e9b20:·6920·5d20·2661·6d70·3b26·616d·703b·2072··i·]·&amp;&amp;·r 
002e9b30:·706d·202d·2d71·7569·6574·202d·7120·6772··pm·--quiet·-q·gr 
002e9b40:·7562·322d·636f·6d6d·6f6e·2026·616d·703b··ub2-common·&amp;002e9b10:·7569·6574·202d·7120·6772·7562·322d·636f··uiet·-q·grub2-co
 002e9b20:·6d6d·6f6e·2026·616d·703b·2661·6d70·3b20··mmon·&amp;&amp;·
 002e9b30:·5b20·2120·2d66·202f·7379·732f·6669·726d··[·!·-f·/sys/firm
 002e9b40:·7761·7265·2f65·6669·205d·2026·616d·703b··ware/efi·]·&amp;
002e9b50:·2661·6d70·3b20·7b20·5b20·2120·2d66·202f··&amp;·{·[·!·-f·/002e9b50:·2661·6d70·3b20·7b20·5b20·2120·2d66·202f··&amp;·{·[·!·-f·/
002e9b60:·2e64·6f63·6b65·7265·6e76·205d·2026·616d··.dockerenv·]·&am002e9b60:·2e64·6f63·6b65·7265·6e76·205d·2026·616d··.dockerenv·]·&am
002e9b70:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/002e9b70:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/
002e9b80:·7275·6e2f·2e63·6f6e·7461·696e·6572·656e··run/.containeren002e9b80:·7275·6e2f·2e63·6f6e·7461·696e·6572·656e··run/.containeren
002e9b90:·7620·5d3b·207d·3b20·7468·656e·0a0a·6368··v·];·};·then..ch002e9b90:·7620·5d3b·207d·3b20·7468·656e·0a0a·6368··v·];·};·then..ch
002e9ba0:·6772·7020·3020·2f62·6f6f·742f·6772·7562··grp·0·/boot/grub002e9ba0:·6772·7020·3020·2f62·6f6f·742f·6772·7562··grp·0·/boot/grub
002e9bb0:·322f·6772·7562·2e63·6667·0a0a·656c·7365··2/grub.cfg..else002e9bb0:·322f·6772·7562·2e63·6667·0a0a·656c·7365··2/grub.cfg..else
Offset 191364, 22 lines modifiedOffset 191364, 22 lines modified
002eb830:·7374·2066·6f72·2065·7869·7374·656e·6365··st·for·existence002eb830:·7374·2066·6f72·2065·7869·7374·656e·6365··st·for·existence
002eb840:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru002eb840:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
002eb850:·622e·6366·670a·2020·7374·6174·3a0a·2020··b.cfg.··stat:.··002eb850:·622e·6366·670a·2020·7374·6174·3a0a·2020··b.cfg.··stat:.··
002eb860:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr002eb860:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr
002eb870:·7562·322f·6772·7562·2e63·6667·0a20·2072··ub2/grub.cfg.··r002eb870:·7562·322f·6772·7562·2e63·6667·0a20·2072··ub2/grub.cfg.··r
002eb880:·6567·6973·7465·723a·2066·696c·655f·6578··egister:·file_ex002eb880:·6567·6973·7465·723a·2066·696c·655f·6578··egister:·file_ex
002eb890:·6973·7473·0a20·2077·6865·6e3a·0a20·202d··ists.··when:.··-002eb890:·6973·7473·0a20·2077·6865·6e3a·0a20·202d··ists.··when:.··-
002eb8a0:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no 
002eb8b0:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou 
002eb8c0:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib 
002eb8d0:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l 
002eb8e0:·6973·7427·0a20·202d·2027·2267·7275·6232··ist'.··-·'"grub2 
002eb8f0:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi 
002eb900:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag002eb8a0:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common"
 002eb8b0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 002eb8c0:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·
 002eb8d0:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not
 002eb8e0:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun
 002eb8f0:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu
 002eb900:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li
002eb910:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_002eb910:·7374·270a·2020·2d20·616e·7369·626c·655f··st'.··-·ansible_
002eb920:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t002eb920:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
002eb930:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc002eb930:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
002eb940:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op002eb940:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
002eb950:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",002eb950:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
002eb960:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··002eb960:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
002eb970:·7461·6773·3a0a·2020·2d20·434a·4953·2d35··tags:.··-·CJIS-5002eb970:·7461·6773·3a0a·2020·2d20·434a·4953·2d35··tags:.··-·CJIS-5
002eb980:·2e35·2e32·2e32·0a20·202d·204e·4953·542d··.5.2.2.··-·NIST-002eb980:·2e35·2e32·2e32·0a20·202d·204e·4953·542d··.5.2.2.··-·NIST-
Offset 191399, 22 lines modifiedOffset 191399, 22 lines modified
Max diff block lines reached; 3754/13028 bytes (28.81%) of diff not shown.
4.22 KB
html2text {}
    
Offset 55, 15 lines modifiedOffset 55, 15 lines modified
55 Profile·Title·PCI-DSS·v3.2.1·Control·Baseline·for·Red·Hat·Enterprise·Linux·955 Profile·Title·PCI-DSS·v3.2.1·Control·Baseline·for·Red·Hat·Enterprise·Linux·9
56 Profile·ID····xccdf_org.ssgproject.content_profile_pci-dss56 Profile·ID····xccdf_org.ssgproject.content_profile_pci-dss
57 ***·CPE·Platforms·***57 ***·CPE·Platforms·***
58 ····*·cpe:/o:redhat:enterprise_linux:958 ····*·cpe:/o:redhat:enterprise_linux:9
59 ····*·cpe:/o:centos:centos:959 ····*·cpe:/o:centos:centos:9
60 *****·Revision·History·*****60 *****·Revision·History·*****
61 Current·version:·0.1.6561 Current·version:·0.1.65
62 ····*·draft·(as·of·2024-01-14)62 ····*·draft·(as·of·2025-02-15)
63 *****·Table·of·Contents·*****63 *****·Table·of·Contents·*****
64 ···1.·System_Settings64 ···1.·System_Settings
65 ·········1.·Installing_and_Maintaining_Software65 ·········1.·Installing_and_Maintaining_Software
66 ·········2.·Account_and_Access_Control66 ·········2.·Account_and_Access_Control
67 ·········3.·System_Accounting_with_auditd67 ·········3.·System_Accounting_with_auditd
68 ·········4.·GRUB2_bootloader_configuration68 ·········4.·GRUB2_bootloader_configuration
69 ·········5.·Configure_Syslog69 ·········5.·Configure_Syslog
Offset 44232, 16 lines modifiedOffset 44232, 16 lines modified
44232 ··-·no_reboot_needed44232 ··-·no_reboot_needed
  
44233 -·name:·Test·for·existence·/boot/grub2/grub.cfg44233 -·name:·Test·for·existence·/boot/grub2/grub.cfg
44234 ··stat:44234 ··stat:
44235 ····path:·/boot/grub2/grub.cfg44235 ····path:·/boot/grub2/grub.cfg
44236 ··register:·file_exists44236 ··register:·file_exists
44237 ··when:44237 ··when:
44238 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
44239 ··-·'"grub2-common"·in·ansible_facts.packages'44238 ··-·'"grub2-common"·in·ansible_facts.packages'
 44239 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
44240 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]44240 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
44241 ··tags:44241 ··tags:
44242 ··-·CJIS-5.5.2.244242 ··-·CJIS-5.5.2.2
44243 ··-·NIST-800-171-3.4.544243 ··-·NIST-800-171-3.4.5
44244 ··-·NIST-800-53-AC-6(1)44244 ··-·NIST-800-53-AC-6(1)
44245 ··-·NIST-800-53-CM-6(a)44245 ··-·NIST-800-53-CM-6(a)
44246 ··-·PCI-DSS-Req-7.144246 ··-·PCI-DSS-Req-7.1
Offset 44253, 16 lines modifiedOffset 44253, 16 lines modified
44253 ··-·no_reboot_needed44253 ··-·no_reboot_needed
  
44254 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg44254 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
44255 ··file:44255 ··file:
44256 ····path:·/boot/grub2/grub.cfg44256 ····path:·/boot/grub2/grub.cfg
44257 ····group:·'0'44257 ····group:·'0'
44258 ··when:44258 ··when:
44259 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
44260 ··-·'"grub2-common"·in·ansible_facts.packages'44259 ··-·'"grub2-common"·in·ansible_facts.packages'
 44260 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
44261 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]44261 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
44262 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists44262 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
44263 ··tags:44263 ··tags:
44264 ··-·CJIS-5.5.2.244264 ··-·CJIS-5.5.2.2
44265 ··-·NIST-800-171-3.4.544265 ··-·NIST-800-171-3.4.5
44266 ··-·NIST-800-53-AC-6(1)44266 ··-·NIST-800-53-AC-6(1)
44267 ··-·NIST-800-53-CM-6(a)44267 ··-·NIST-800-53-CM-6(a)
Offset 44274, 15 lines modifiedOffset 44274, 15 lines modified
44274 ··-·medium_severity44274 ··-·medium_severity
44275 ··-·no_reboot_needed44275 ··-·no_reboot_needed
44276 Remediation_Shell_script_⇲44276 Remediation_Shell_script_⇲
44277 Complexity:·low44277 Complexity:·low
44278 Disruption:·low44278 Disruption:·low
44279 Strategy:···configure44279 Strategy:···configure
44280 #·Remediation·is·applicable·only·in·certain·platforms44280 #·Remediation·is·applicable·only·in·certain·platforms
44281 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then44281 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
44282 chgrp·0·/boot/grub2/grub.cfg44282 chgrp·0·/boot/grub2/grub.cfg
  
44283 else44283 else
44284 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'44284 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
44285 fi44285 fi
44286 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***44286 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 44313, 16 lines modifiedOffset 44313, 16 lines modified
44313 ··-·no_reboot_needed44313 ··-·no_reboot_needed
  
44314 -·name:·Test·for·existence·/boot/grub2/grub.cfg44314 -·name:·Test·for·existence·/boot/grub2/grub.cfg
44315 ··stat:44315 ··stat:
44316 ····path:·/boot/grub2/grub.cfg44316 ····path:·/boot/grub2/grub.cfg
44317 ··register:·file_exists44317 ··register:·file_exists
44318 ··when:44318 ··when:
44319 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
44320 ··-·'"grub2-common"·in·ansible_facts.packages'44319 ··-·'"grub2-common"·in·ansible_facts.packages'
 44320 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
44321 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]44321 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
44322 ··tags:44322 ··tags:
44323 ··-·CJIS-5.5.2.244323 ··-·CJIS-5.5.2.2
44324 ··-·NIST-800-171-3.4.544324 ··-·NIST-800-171-3.4.5
44325 ··-·NIST-800-53-AC-6(1)44325 ··-·NIST-800-53-AC-6(1)
44326 ··-·NIST-800-53-CM-6(a)44326 ··-·NIST-800-53-CM-6(a)
44327 ··-·PCI-DSS-Req-7.144327 ··-·PCI-DSS-Req-7.1
Offset 44334, 16 lines modifiedOffset 44334, 16 lines modified
44334 ··-·no_reboot_needed44334 ··-·no_reboot_needed
  
44335 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg44335 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
44336 ··file:44336 ··file:
44337 ····path:·/boot/grub2/grub.cfg44337 ····path:·/boot/grub2/grub.cfg
44338 ····owner:·'0'44338 ····owner:·'0'
44339 ··when:44339 ··when:
44340 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
44341 ··-·'"grub2-common"·in·ansible_facts.packages'44340 ··-·'"grub2-common"·in·ansible_facts.packages'
 44341 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
44342 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]44342 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
44343 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists44343 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
44344 ··tags:44344 ··tags:
44345 ··-·CJIS-5.5.2.244345 ··-·CJIS-5.5.2.2
44346 ··-·NIST-800-171-3.4.544346 ··-·NIST-800-171-3.4.5
44347 ··-·NIST-800-53-AC-6(1)44347 ··-·NIST-800-53-AC-6(1)
44348 ··-·NIST-800-53-CM-6(a)44348 ··-·NIST-800-53-CM-6(a)
Offset 44355, 15 lines modifiedOffset 44355, 15 lines modified
44355 ··-·medium_severity44355 ··-·medium_severity
44356 ··-·no_reboot_needed44356 ··-·no_reboot_needed
44357 Remediation_Shell_script_⇲44357 Remediation_Shell_script_⇲
44358 Complexity:·low44358 Complexity:·low
44359 Disruption:·low44359 Disruption:·low
44360 Strategy:···configure44360 Strategy:···configure
44361 #·Remediation·is·applicable·only·in·certain·platforms44361 #·Remediation·is·applicable·only·in·certain·platforms
44362 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then44362 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
44363 chown·0·/boot/grub2/grub.cfg44363 chown·0·/boot/grub2/grub.cfg
  
44364 else44364 else
44365 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'44365 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
44366 fi44366 fi
44367 Group  ·Configure·Syslog·  Group·contains·2·groups·and·4·rules44367 Group  ·Configure·Syslog·  Group·contains·2·groups·and·4·rules
14.4 KB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-stig.html
    
Offset 14429, 16 lines modifiedOffset 14429, 16 lines modified
000385c0:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p000385c0:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p
000385d0:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version000385d0:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version
000385e0:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.65000385e0:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.65
000385f0:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul000385f0:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul
00038600:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra00038600:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra
00038610:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····00038610:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····
00038620:·2020·2020·2020·2020·2020·2020·2020·2020··················00038620:·2020·2020·2020·2020·2020·2020·2020·2020··················
00038630:·2861·7320·6f66·2032·3032·342d·3031·2d31··(as·of·2024-01-100038630:·2861·7320·6f66·2032·3032·352d·3032·2d31··(as·of·2025-02-1
00038640:·3429·0a20·2020·2020·2020·2020·2020·2020··4).·············00038640:·3529·0a20·2020·2020·2020·2020·2020·2020··5).·············
00038650:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d00038650:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d
00038660:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·00038660:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·
00038670:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol00038670:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol
00038680:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x00038680:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x
00038690:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj00038690:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj
000386a0:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou000386a0:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou
000386b0:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System000386b0:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System
Offset 309856, 22 lines modifiedOffset 309856, 22 lines modified
004ba5f0:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·004ba5f0:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·
004ba600:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub004ba600:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
004ba610:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···004ba610:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···
004ba620:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru004ba620:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru
004ba630:·6232·2f67·7275·622e·6366·670a·2020·7265··b2/grub.cfg.··re004ba630:·6232·2f67·7275·622e·6366·670a·2020·7265··b2/grub.cfg.··re
004ba640:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi004ba640:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi
004ba650:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·004ba650:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·
004ba660:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not 
004ba670:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun 
004ba680:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu 
004ba690:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li 
004ba6a0:·7374·270a·2020·2d20·2722·6772·7562·322d··st'.··-·'"grub2- 
004ba6b0:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib 
004ba6c0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package004ba660:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"·
 004ba670:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 004ba680:·2e70·6163·6b61·6765·7327·0a20·202d·2027··.packages'.··-·'
 004ba690:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not·
 004ba6a0:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount
 004ba6b0:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut
 004ba6c0:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis
004ba6d0:·7327·0a20·202d·2061·6e73·6962·6c65·5f76··s'.··-·ansible_v004ba6d0:·7427·0a20·202d·2061·6e73·6962·6c65·5f76··t'.··-·ansible_v
004ba6e0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty004ba6e0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
004ba6f0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock004ba6f0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
004ba700:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope004ba700:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
004ba710:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·004ba710:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
004ba720:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t004ba720:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t
004ba730:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.004ba730:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.
004ba740:·352e·322e·320a·2020·2d20·4e49·5354·2d38··5.2.2.··-·NIST-8004ba740:·352e·322e·320a·2020·2d20·4e49·5354·2d38··5.2.2.··-·NIST-8
Offset 309891, 22 lines modifiedOffset 309891, 22 lines modified
004ba820:·6564·6564·0a0a·2d20·6e61·6d65·3a20·456e··eded..-·name:·En004ba820:·6564·6564·0a0a·2d20·6e61·6d65·3a20·456e··eded..-·name:·En
004ba830:·7375·7265·2067·726f·7570·206f·776e·6572··sure·group·owner004ba830:·7375·7265·2067·726f·7570·206f·776e·6572··sure·group·owner
004ba840:·2030·206f·6e20·2f62·6f6f·742f·6772·7562···0·on·/boot/grub004ba840:·2030·206f·6e20·2f62·6f6f·742f·6772·7562···0·on·/boot/grub
004ba850:·322f·6772·7562·2e63·6667·0a20·2066·696c··2/grub.cfg.··fil004ba850:·322f·6772·7562·2e63·6667·0a20·2066·696c··2/grub.cfg.··fil
004ba860:·653a·0a20·2020·2070·6174·683a·202f·626f··e:.····path:·/bo004ba860:·653a·0a20·2020·2070·6174·683a·202f·626f··e:.····path:·/bo
004ba870:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf004ba870:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
004ba880:·670a·2020·2020·6772·6f75·703a·2027·3027··g.····group:·'0'004ba880:·670a·2020·2020·6772·6f75·703a·2027·3027··g.····group:·'0'
004ba890:·0a20·2077·6865·6e3a·0a20·202d·2027·222f··.··when:.··-·'"/004ba890:·0a20·2077·6865·6e3a·0a20·202d·2027·2267··.··when:.··-·'"g
004ba8a0:·626f·6f74·2f65·6669·2220·6e6f·7420·696e··boot/efi"·not·in 
004ba8b0:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts· 
004ba8c0:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute= 
004ba8d0:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list' 
004ba8e0:·0a20·202d·2027·2267·7275·6232·2d63·6f6d··.··-·'"grub2-com 
004ba8f0:·6d6f·6e22·2069·6e20·616e·7369·626c·655f··mon"·in·ansible_ 
004ba900:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.004ba8a0:·7275·6232·2d63·6f6d·6d6f·6e22·2069·6e20··rub2-common"·in·
 004ba8b0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
 004ba8c0:·636b·6167·6573·270a·2020·2d20·2722·2f62··ckages'.··-·'"/b
 004ba8d0:·6f6f·742f·6566·6922·206e·6f74·2069·6e20··oot/efi"·not·in·
 004ba8e0:·616e·7369·626c·655f·6d6f·756e·7473·207c··ansible_mounts·|
 004ba8f0:·206d·6170·2861·7474·7269·6275·7465·3d22···map(attribute="
 004ba900:·6d6f·756e·7422·2920·7c20·6c69·7374·270a··mount")·|·list'.
004ba910:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt004ba910:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt
004ba920:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type·004ba920:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type·
004ba930:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker"004ba930:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker"
004ba940:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz004ba940:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz
004ba950:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co004ba950:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co
004ba960:·6e74·6169·6e65·7222·5d0a·2020·2d20·6669··ntainer"].··-·fi004ba960:·6e74·6169·6e65·7222·5d0a·2020·2d20·6669··ntainer"].··-·fi
004ba970:·6c65·5f65·7869·7374·732e·7374·6174·2069··le_exists.stat·i004ba970:·6c65·5f65·7869·7374·732e·7374·6174·2069··le_exists.stat·i
Offset 309957, 19 lines modifiedOffset 309957, 19 lines modified
004bac40:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t004bac40:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t
004bac50:·683e·3c74·643e·636f·6e66·6967·7572·653c··h><td>configure<004bac50:·683e·3c74·643e·636f·6e66·6967·7572·653c··h><td>configure<
004bac60:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table004bac60:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table
004bac70:·3e3c·7072·653e·3c63·6f64·653e·2320·5265··><pre><code>#·Re004bac70:·3e3c·7072·653e·3c63·6f64·653e·2320·5265··><pre><code>#·Re
004bac80:·6d65·6469·6174·696f·6e20·6973·2061·7070··mediation·is·app004bac80:·6d65·6469·6174·696f·6e20·6973·2061·7070··mediation·is·app
004bac90:·6c69·6361·626c·6520·6f6e·6c79·2069·6e20··licable·only·in·004bac90:·6c69·6361·626c·6520·6f6e·6c79·2069·6e20··licable·only·in·
004baca0:·6365·7274·6169·6e20·706c·6174·666f·726d··certain·platform004baca0:·6365·7274·6169·6e20·706c·6174·666f·726d··certain·platform
004bacb0:·730a·6966·205b·2021·202d·6620·2f73·7973··s.if·[·!·-f·/sys 
004bacc0:·2f66·6972·6d77·6172·652f·6566·6920·5d20··/firmware/efi·]· 
004bacd0:·2661·6d70·3b26·616d·703b·2072·706d·202d··&amp;&amp;·rpm·- 
004bace0:·2d71·7569·6574·202d·7120·6772·7562·322d··-quiet·-q·grub2-004bacb0:·730a·6966·2072·706d·202d·2d71·7569·6574··s.if·rpm·--quiet
 004bacc0:·202d·7120·6772·7562·322d·636f·6d6d·6f6e···-q·grub2-common
 004bacd0:·2026·616d·703b·2661·6d70·3b20·5b20·2120···&amp;&amp;·[·!·
 004bace0:·2d66·202f·7379·732f·6669·726d·7761·7265··-f·/sys/firmware
004bacf0:·636f·6d6d·6f6e·2026·616d·703b·2661·6d70··common·&amp;&amp004bacf0:·2f65·6669·205d·2026·616d·703b·2661·6d70··/efi·]·&amp;&amp
004bad00:·3b20·7b20·5b20·2120·2d66·202f·2e64·6f63··;·{·[·!·-f·/.doc004bad00:·3b20·7b20·5b20·2120·2d66·202f·2e64·6f63··;·{·[·!·-f·/.doc
004bad10:·6b65·7265·6e76·205d·2026·616d·703b·2661··kerenv·]·&amp;&a004bad10:·6b65·7265·6e76·205d·2026·616d·703b·2661··kerenv·]·&amp;&a
004bad20:·6d70·3b20·5b20·2120·2d66·202f·7275·6e2f··mp;·[·!·-f·/run/004bad20:·6d70·3b20·5b20·2120·2d66·202f·7275·6e2f··mp;·[·!·-f·/run/
004bad30:·2e63·6f6e·7461·696e·6572·656e·7620·5d3b··.containerenv·];004bad30:·2e63·6f6e·7461·696e·6572·656e·7620·5d3b··.containerenv·];
004bad40:·207d·3b20·7468·656e·0a0a·6368·6772·7020···};·then..chgrp·004bad40:·207d·3b20·7468·656e·0a0a·6368·6772·7020···};·then..chgrp·
004bad50:·3020·2f62·6f6f·742f·6772·7562·322f·6772··0·/boot/grub2/gr004bad50:·3020·2f62·6f6f·742f·6772·7562·322f·6772··0·/boot/grub2/gr
004bad60:·7562·2e63·6667·0a0a·656c·7365·0a20·2020··ub.cfg..else.···004bad60:·7562·2e63·6667·0a0a·656c·7365·0a20·2020··ub.cfg..else.···
Offset 416870, 22 lines modifiedOffset 416870, 22 lines modified
0065c650:·6374·696f·6e73·5c73·2a3d·5c73·2a0a·2020··ctions\s*=\s*.··0065c650:·6374·696f·6e73·5c73·2a3d·5c73·2a0a·2020··ctions\s*=\s*.··
0065c660:·2020·2020·6c69·6e65·3a20·736d·7470·645f······line:·smtpd_0065c660:·2020·2020·6c69·6e65·3a20·736d·7470·645f······line:·smtpd_
0065c670:·636c·6965·6e74·5f72·6573·7472·6963·7469··client_restricti0065c670:·636c·6965·6e74·5f72·6573·7472·6963·7469··client_restricti
0065c680:·6f6e·7320·3d20·7065·726d·6974·5f6d·796e··ons·=·permit_myn0065c680:·6f6e·7320·3d20·7065·726d·6974·5f6d·796e··ons·=·permit_myn
0065c690:·6574·776f·726b·732c·7265·6a65·6374·0a20··etworks,reject.·0065c690:·6574·776f·726b·732c·7265·6a65·6374·0a20··etworks,reject.·
0065c6a0:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres0065c6a0:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres
0065c6b0:·656e·740a·2020·7768·656e·3a0a·2020·2d20··ent.··when:.··-·0065c6b0:·656e·740a·2020·7768·656e·3a0a·2020·2d20··ent.··when:.··-·
0065c6c0:·2722·706f·7374·6669·7822·2069·6e20·616e··'"postfix"·in·an 
0065c6d0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack 
0065c6e0:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl 
0065c6f0:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization 
0065c700:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d 
0065c710:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·" 
0065c720:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman 
0065c730:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].0065c6c0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
 0065c6d0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
 0065c6e0:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
 0065c6f0:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
 0065c700:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
 0065c710:·6e65·7222·5d0a·2020·2d20·2722·706f·7374··ner"].··-·'"post
 0065c720:·6669·7822·2069·6e20·616e·7369·626c·655f··fix"·in·ansible_
 0065c730:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.
0065c740:·2020·7461·6773·3a0a·2020·2d20·6c6f·775f····tags:.··-·low_0065c740:·2020·7461·6773·3a0a·2020·2d20·6c6f·775f····tags:.··-·low_
0065c750:·636f·6d70·6c65·7869·7479·0a20·202d·206c··complexity.··-·l0065c750:·636f·6d70·6c65·7869·7479·0a20·202d·206c··complexity.··-·l
0065c760:·6f77·5f64·6973·7275·7074·696f·6e0a·2020··ow_disruption.··0065c760:·6f77·5f64·6973·7275·7074·696f·6e0a·2020··ow_disruption.··
0065c770:·2d20·6d65·6469·756d·5f73·6576·6572·6974··-·medium_severit0065c770:·2d20·6d65·6469·756d·5f73·6576·6572·6974··-·medium_severit
0065c780:·790a·2020·2d20·6e6f·5f72·6562·6f6f·745f··y.··-·no_reboot_0065c780:·790a·2020·2d20·6e6f·5f72·6562·6f6f·745f··y.··-·no_reboot_
0065c790:·6e65·6564·6564·0a20·202d·2070·6f73·7466··needed.··-·postf0065c790:·6e65·6564·6564·0a20·202d·2070·6f73·7466··needed.··-·postf
0065c7a0:·6978·5f70·7265·7665·6e74·5f75·6e72·6573··ix_prevent_unres0065c7a0:·6978·5f70·7265·7665·6e74·5f75·6e72·6573··ix_prevent_unres
Max diff block lines reached; 1794/11068 bytes (16.21%) of diff not shown.
3.53 KB
html2text {}
    
Offset 62, 15 lines modifiedOffset 62, 15 lines modified
62 Profile·Title·[DRAFT]·DISA·STIG·for·Red·Hat·Enterprise·Linux·962 Profile·Title·[DRAFT]·DISA·STIG·for·Red·Hat·Enterprise·Linux·9
63 Profile·ID····xccdf_org.ssgproject.content_profile_stig63 Profile·ID····xccdf_org.ssgproject.content_profile_stig
64 ***·CPE·Platforms·***64 ***·CPE·Platforms·***
65 ····*·cpe:/o:redhat:enterprise_linux:965 ····*·cpe:/o:redhat:enterprise_linux:9
66 ····*·cpe:/o:centos:centos:966 ····*·cpe:/o:centos:centos:9
67 *****·Revision·History·*****67 *****·Revision·History·*****
68 Current·version:·0.1.6568 Current·version:·0.1.65
69 ····*·draft·(as·of·2024-01-14)69 ····*·draft·(as·of·2025-02-15)
70 *****·Table·of·Contents·*****70 *****·Table·of·Contents·*****
71 ···1.·System_Settings71 ···1.·System_Settings
72 ·········1.·Installing_and_Maintaining_Software72 ·········1.·Installing_and_Maintaining_Software
73 ·········2.·Account_and_Access_Control73 ·········2.·Account_and_Access_Control
74 ·········3.·System_Accounting_with_auditd74 ·········3.·System_Accounting_with_auditd
75 ·········4.·GRUB2_bootloader_configuration75 ·········4.·GRUB2_bootloader_configuration
76 ·········5.·Configure_Syslog76 ·········5.·Configure_Syslog
Offset 72727, 16 lines modifiedOffset 72727, 16 lines modified
72727 ··-·no_reboot_needed72727 ··-·no_reboot_needed
  
72728 -·name:·Test·for·existence·/boot/grub2/grub.cfg72728 -·name:·Test·for·existence·/boot/grub2/grub.cfg
72729 ··stat:72729 ··stat:
72730 ····path:·/boot/grub2/grub.cfg72730 ····path:·/boot/grub2/grub.cfg
72731 ··register:·file_exists72731 ··register:·file_exists
72732 ··when:72732 ··when:
72733 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
72734 ··-·'"grub2-common"·in·ansible_facts.packages'72733 ··-·'"grub2-common"·in·ansible_facts.packages'
 72734 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
72735 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]72735 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
72736 ··tags:72736 ··tags:
72737 ··-·CJIS-5.5.2.272737 ··-·CJIS-5.5.2.2
72738 ··-·NIST-800-171-3.4.572738 ··-·NIST-800-171-3.4.5
72739 ··-·NIST-800-53-AC-6(1)72739 ··-·NIST-800-53-AC-6(1)
72740 ··-·NIST-800-53-CM-6(a)72740 ··-·NIST-800-53-CM-6(a)
72741 ··-·PCI-DSS-Req-7.172741 ··-·PCI-DSS-Req-7.1
Offset 72748, 16 lines modifiedOffset 72748, 16 lines modified
72748 ··-·no_reboot_needed72748 ··-·no_reboot_needed
  
72749 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg72749 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
72750 ··file:72750 ··file:
72751 ····path:·/boot/grub2/grub.cfg72751 ····path:·/boot/grub2/grub.cfg
72752 ····group:·'0'72752 ····group:·'0'
72753 ··when:72753 ··when:
72754 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
72755 ··-·'"grub2-common"·in·ansible_facts.packages'72754 ··-·'"grub2-common"·in·ansible_facts.packages'
 72755 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
72756 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]72756 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
72757 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists72757 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
72758 ··tags:72758 ··tags:
72759 ··-·CJIS-5.5.2.272759 ··-·CJIS-5.5.2.2
72760 ··-·NIST-800-171-3.4.572760 ··-·NIST-800-171-3.4.5
72761 ··-·NIST-800-53-AC-6(1)72761 ··-·NIST-800-53-AC-6(1)
72762 ··-·NIST-800-53-CM-6(a)72762 ··-·NIST-800-53-CM-6(a)
Offset 72769, 15 lines modifiedOffset 72769, 15 lines modified
72769 ··-·medium_severity72769 ··-·medium_severity
72770 ··-·no_reboot_needed72770 ··-·no_reboot_needed
72771 Remediation_Shell_script_⇲72771 Remediation_Shell_script_⇲
72772 Complexity:·low72772 Complexity:·low
72773 Disruption:·low72773 Disruption:·low
72774 Strategy:···configure72774 Strategy:···configure
72775 #·Remediation·is·applicable·only·in·certain·platforms72775 #·Remediation·is·applicable·only·in·certain·platforms
72776 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then72776 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
72777 chgrp·0·/boot/grub2/grub.cfg72777 chgrp·0·/boot/grub2/grub.cfg
  
72778 else72778 else
72779 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'72779 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
72780 fi72780 fi
72781 ***·Rule  ·Set·the·Boot·Loader·Admin·Username·to·a·Non-Default·Value·  [ref]·***72781 ***·Rule  ·Set·the·Boot·Loader·Admin·Username·to·a·Non-Default·Value·  [ref]·***
Offset 88767, 26 lines modifiedOffset 88767, 26 lines modified
88767 ····lineinfile:88767 ····lineinfile:
88768 ······path:·/etc/postfix/main.cf88768 ······path:·/etc/postfix/main.cf
88769 ······create:·true88769 ······create:·true
88770 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*88770 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
88771 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject88771 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject
88772 ······state:·present88772 ······state:·present
88773 ··when:88773 ··when:
88774 ··-·'"postfix"·in·ansible_facts.packages' 
88775 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]88774 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 88775 ··-·'"postfix"·in·ansible_facts.packages'
88776 ··tags:88776 ··tags:
88777 ··-·low_complexity88777 ··-·low_complexity
88778 ··-·low_disruption88778 ··-·low_disruption
88779 ··-·medium_severity88779 ··-·medium_severity
88780 ··-·no_reboot_needed88780 ··-·no_reboot_needed
88781 ··-·postfix_prevent_unrestricted_relay88781 ··-·postfix_prevent_unrestricted_relay
88782 ··-·restrict_strategy88782 ··-·restrict_strategy
88783 Remediation_Shell_script_⇲88783 Remediation_Shell_script_⇲
88784 #·Remediation·is·applicable·only·in·certain·platforms88784 #·Remediation·is·applicable·only·in·certain·platforms
88785 if·rpm·--quiet·-q·postfix·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then88785 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·postfix;·then
  
88786 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then88786 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then
88787 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf88787 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf
88788 else88788 else
88789 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf88789 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf
88790 fi88790 fi
  
14.3 KB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-stig_gui.html
    
Offset 14453, 15 lines modifiedOffset 14453, 15 lines modified
00038740:·746f·7279·3c2f·6832·3e3c·703e·4375·7272··tory</h2><p>Curr00038740:·746f·7279·3c2f·6832·3e3c·703e·4375·7272··tory</h2><p>Curr
00038750:·656e·7420·7665·7273·696f·6e3a·203c·7374··ent·version:·<st00038750:·656e·7420·7665·7273·696f·6e3a·203c·7374··ent·version:·<st
00038760:·726f·6e67·3e30·2e31·2e36·353c·2f73·7472··rong>0.1.65</str00038760:·726f·6e67·3e30·2e31·2e36·353c·2f73·7472··rong>0.1.65</str
00038770:·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c·693e··ong></p><ul><li>00038770:·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c·693e··ong></p><ul><li>
00038780:·3c73·7472·6f6e·673e·6472·6166·743c·2f73··<strong>draft</s00038780:·3c73·7472·6f6e·673e·6472·6166·743c·2f73··<strong>draft</s
00038790:·7472·6f6e·673e·0a20·2020·2020·2020·2020··trong>.·········00038790:·7472·6f6e·673e·0a20·2020·2020·2020·2020··trong>.·········
000387a0:·2020·2020·2020·2020·2020·2028·6173·206f·············(as·o000387a0:·2020·2020·2020·2020·2020·2028·6173·206f·············(as·o
000387b0:·6620·3230·3234·2d30·312d·3134·290a·2020··f·2024-01-14).··000387b0:·6620·3230·3235·2d30·322d·3135·290a·2020··f·2025-02-15).··
000387c0:·2020·2020·2020·2020·2020·2020·2020·3c2f················</000387c0:·2020·2020·2020·2020·2020·2020·2020·3c2f················</
000387d0:·6c69·3e3c·2f75·6c3e·3c2f·6469·763e·3c68··li></ul></div><h000387d0:·6c69·3e3c·2f75·6c3e·3c2f·6469·763e·3c68··li></ul></div><h
000387e0:·323e·5461·626c·6520·6f66·2043·6f6e·7465··2>Table·of·Conte000387e0:·323e·5461·626c·6520·6f66·2043·6f6e·7465··2>Table·of·Conte
000387f0:·6e74·733c·2f68·323e·3c6f·6c3e·3c6c·693e··nts</h2><ol><li>000387f0:·6e74·733c·2f68·323e·3c6f·6c3e·3c6c·693e··nts</h2><ol><li>
00038800:·3c61·2068·7265·663d·2223·7863·6364·665f··<a·href="#xccdf_00038800:·3c61·2068·7265·663d·2223·7863·6364·665f··<a·href="#xccdf_
00038810:·6f72·672e·7373·6770·726f·6a65·6374·2e63··org.ssgproject.c00038810:·6f72·672e·7373·6770·726f·6a65·6374·2e63··org.ssgproject.c
00038820:·6f6e·7465·6e74·5f67·726f·7570·5f73·7973··ontent_group_sys00038820:·6f6e·7465·6e74·5f67·726f·7570·5f73·7973··ontent_group_sys
Offset 309531, 21 lines modifiedOffset 309531, 21 lines modified
004b91a0:·2066·6f72·2065·7869·7374·656e·6365·202f···for·existence·/004b91a0:·2066·6f72·2065·7869·7374·656e·6365·202f···for·existence·/
004b91b0:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.004b91b0:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
004b91c0:·6366·670a·2020·7374·6174·3a0a·2020·2020··cfg.··stat:.····004b91c0:·6366·670a·2020·7374·6174·3a0a·2020·2020··cfg.··stat:.····
004b91d0:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub004b91d0:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub
004b91e0:·322f·6772·7562·2e63·6667·0a20·2072·6567··2/grub.cfg.··reg004b91e0:·322f·6772·7562·2e63·6667·0a20·2072·6567··2/grub.cfg.··reg
004b91f0:·6973·7465·723a·2066·696c·655f·6578·6973··ister:·file_exis004b91f0:·6973·7465·723a·2066·696c·655f·6578·6973··ister:·file_exis
004b9200:·7473·0a20·2077·6865·6e3a·0a20·202d·2027··ts.··when:.··-·'004b9200:·7473·0a20·2077·6865·6e3a·0a20·202d·2027··ts.··when:.··-·'
004b9210:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not· 
004b9220:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount 
004b9230:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut 
004b9240:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis 
004b9250:·7427·0a20·202d·2027·2267·7275·6232·2d63··t'.··-·'"grub2-c 
004b9260:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl 
004b9270:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages004b9210:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i
 004b9220:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
 004b9230:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'"
 004b9240:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i
 004b9250:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts
 004b9260:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute
 004b9270:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list
004b9280:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi004b9280:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
004b9290:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ004b9290:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
004b92a0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke004b92a0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
004b92b0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open004b92b0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
004b92c0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"004b92c0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
004b92d0:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta004b92d0:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta
004b92e0:·6773·3a0a·2020·2d20·434a·4953·2d35·2e35··gs:.··-·CJIS-5.5004b92e0:·6773·3a0a·2020·2d20·434a·4953·2d35·2e35··gs:.··-·CJIS-5.5
Offset 309566, 22 lines modifiedOffset 309566, 22 lines modified
004b93d0:·6465·640a·0a2d·206e·616d·653a·2045·6e73··ded..-·name:·Ens004b93d0:·6465·640a·0a2d·206e·616d·653a·2045·6e73··ded..-·name:·Ens
004b93e0:·7572·6520·6772·6f75·7020·6f77·6e65·7220··ure·group·owner·004b93e0:·7572·6520·6772·6f75·7020·6f77·6e65·7220··ure·group·owner·
004b93f0:·3020·6f6e·202f·626f·6f74·2f67·7275·6232··0·on·/boot/grub2004b93f0:·3020·6f6e·202f·626f·6f74·2f67·7275·6232··0·on·/boot/grub2
004b9400:·2f67·7275·622e·6366·670a·2020·6669·6c65··/grub.cfg.··file004b9400:·2f67·7275·622e·6366·670a·2020·6669·6c65··/grub.cfg.··file
004b9410:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo004b9410:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo
004b9420:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg004b9420:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg
004b9430:·0a20·2020·2067·726f·7570·3a20·2730·270a··.····group:·'0'.004b9430:·0a20·2020·2067·726f·7570·3a20·2730·270a··.····group:·'0'.
004b9440:·2020·7768·656e·3a0a·2020·2d20·2722·2f62····when:.··-·'"/b004b9440:·2020·7768·656e·3a0a·2020·2d20·2722·6772····when:.··-·'"gr
004b9450:·6f6f·742f·6566·6922·206e·6f74·2069·6e20··oot/efi"·not·in· 
004b9460:·616e·7369·626c·655f·6d6f·756e·7473·207c··ansible_mounts·| 
004b9470:·206d·6170·2861·7474·7269·6275·7465·3d22···map(attribute=" 
004b9480:·6d6f·756e·7422·2920·7c20·6c69·7374·270a··mount")·|·list'. 
004b9490:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm 
004b94a0:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f 
004b94b0:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·004b9450:·7562·322d·636f·6d6d·6f6e·2220·696e·2061··ub2-common"·in·a
 004b9460:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
 004b9470:·6b61·6765·7327·0a20·202d·2027·222f·626f··kages'.··-·'"/bo
 004b9480:·6f74·2f65·6669·2220·6e6f·7420·696e·2061··ot/efi"·not·in·a
 004b9490:·6e73·6962·6c65·5f6d·6f75·6e74·7320·7c20··nsible_mounts·|·
 004b94a0:·6d61·7028·6174·7472·6962·7574·653d·226d··map(attribute="m
 004b94b0:·6f75·6e74·2229·207c·206c·6973·7427·0a20··ount")·|·list'.·
004b94c0:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu004b94c0:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu
004b94d0:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n004b94d0:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n
004b94e0:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",004b94e0:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",
004b94f0:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"004b94f0:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"
004b9500:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con004b9500:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con
004b9510:·7461·696e·6572·225d·0a20·202d·2066·696c··tainer"].··-·fil004b9510:·7461·696e·6572·225d·0a20·202d·2066·696c··tainer"].··-·fil
004b9520:·655f·6578·6973·7473·2e73·7461·7420·6973··e_exists.stat·is004b9520:·655f·6578·6973·7473·2e73·7461·7420·6973··e_exists.stat·is
Offset 309632, 19 lines modifiedOffset 309632, 19 lines modified
004b97f0:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th004b97f0:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th
004b9800:·3e3c·7464·3e63·6f6e·6669·6775·7265·3c2f··><td>configure</004b9800:·3e3c·7464·3e63·6f6e·6669·6775·7265·3c2f··><td>configure</
004b9810:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>004b9810:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>
004b9820:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem004b9820:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem
004b9830:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl004b9830:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl
004b9840:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c004b9840:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c
004b9850:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms004b9850:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms
004b9860:·0a69·6620·5b20·2120·2d66·202f·7379·732f··.if·[·!·-f·/sys/ 
004b9870:·6669·726d·7761·7265·2f65·6669·205d·2026··firmware/efi·]·& 
004b9880:·616d·703b·2661·6d70·3b20·7270·6d20·2d2d··amp;&amp;·rpm·-- 
004b9890:·7175·6965·7420·2d71·2067·7275·6232·2d63··quiet·-q·grub2-c004b9860:·0a69·6620·7270·6d20·2d2d·7175·6965·7420··.if·rpm·--quiet·
 004b9870:·2d71·2067·7275·6232·2d63·6f6d·6d6f·6e20··-q·grub2-common·
 004b9880:·2661·6d70·3b26·616d·703b·205b·2021·202d··&amp;&amp;·[·!·-
 004b9890:·6620·2f73·7973·2f66·6972·6d77·6172·652f··f·/sys/firmware/
004b98a0:·6f6d·6d6f·6e20·2661·6d70·3b26·616d·703b··ommon·&amp;&amp;004b98a0:·6566·6920·5d20·2661·6d70·3b26·616d·703b··efi·]·&amp;&amp;
004b98b0:·207b·205b·2021·202d·6620·2f2e·646f·636b···{·[·!·-f·/.dock004b98b0:·207b·205b·2021·202d·6620·2f2e·646f·636b···{·[·!·-f·/.dock
004b98c0:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am004b98c0:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am
004b98d0:·703b·205b·2021·202d·6620·2f72·756e·2f2e··p;·[·!·-f·/run/.004b98d0:·703b·205b·2021·202d·6620·2f72·756e·2f2e··p;·[·!·-f·/run/.
004b98e0:·636f·6e74·6169·6e65·7265·6e76·205d·3b20··containerenv·];·004b98e0:·636f·6e74·6169·6e65·7265·6e76·205d·3b20··containerenv·];·
004b98f0:·7d3b·2074·6865·6e0a·0a63·6867·7270·2030··};·then..chgrp·0004b98f0:·7d3b·2074·6865·6e0a·0a63·6867·7270·2030··};·then..chgrp·0
004b9900:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru004b9900:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
004b9910:·622e·6366·670a·0a65·6c73·650a·2020·2020··b.cfg..else.····004b9910:·622e·6366·670a·0a65·6c73·650a·2020·2020··b.cfg..else.····
Offset 416544, 23 lines modifiedOffset 416544, 23 lines modified
0065b1f0:·645f·636c·6965·6e74·5f72·6573·7472·6963··d_client_restric0065b1f0:·645f·636c·6965·6e74·5f72·6573·7472·6963··d_client_restric
0065b200:·7469·6f6e·735c·732a·3d5c·732a·0a20·2020··tions\s*=\s*.···0065b200:·7469·6f6e·735c·732a·3d5c·732a·0a20·2020··tions\s*=\s*.···
0065b210:·2020·206c·696e·653a·2073·6d74·7064·5f63·····line:·smtpd_c0065b210:·2020·206c·696e·653a·2073·6d74·7064·5f63·····line:·smtpd_c
0065b220:·6c69·656e·745f·7265·7374·7269·6374·696f··lient_restrictio0065b220:·6c69·656e·745f·7265·7374·7269·6374·696f··lient_restrictio
0065b230:·6e73·203d·2070·6572·6d69·745f·6d79·6e65··ns·=·permit_myne0065b230:·6e73·203d·2070·6572·6d69·745f·6d79·6e65··ns·=·permit_myne
0065b240:·7477·6f72·6b73·2c72·656a·6563·740a·2020··tworks,reject.··0065b240:·7477·6f72·6b73·2c72·656a·6563·740a·2020··tworks,reject.··
0065b250:·2020·2020·7374·6174·653a·2070·7265·7365······state:·prese0065b250:·2020·2020·7374·6174·653a·2070·7265·7365······state:·prese
0065b260:·6e74·0a20·2077·6865·6e3a·0a20·202d·2027··nt.··when:.··-·'0065b260:·6e74·0a20·2077·6865·6e3a·0a20·202d·2061··nt.··when:.··-·a
0065b270:·2270·6f73·7466·6978·2220·696e·2061·6e73··"postfix"·in·ans 
0065b280:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa 
0065b290:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible 
0065b2a0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_ 
0065b2b0:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do 
0065b2c0:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o 
0065b2d0:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman" 
0065b2e0:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·0065b270:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
 0065b280:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
 0065b290:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
 0065b2a0:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
 0065b2b0:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
 0065b2c0:·6572·225d·0a20·202d·2027·2270·6f73·7466··er"].··-·'"postf
 0065b2d0:·6978·2220·696e·2061·6e73·6962·6c65·5f66··ix"·in·ansible_f
 0065b2e0:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
0065b2f0:·2074·6167·733a·0a20·202d·206c·6f77·5f63···tags:.··-·low_c0065b2f0:·2074·6167·733a·0a20·202d·206c·6f77·5f63···tags:.··-·low_c
0065b300:·6f6d·706c·6578·6974·790a·2020·2d20·6c6f··omplexity.··-·lo0065b300:·6f6d·706c·6578·6974·790a·2020·2d20·6c6f··omplexity.··-·lo
0065b310:·775f·6469·7372·7570·7469·6f6e·0a20·202d··w_disruption.··-0065b310:·775f·6469·7372·7570·7469·6f6e·0a20·202d··w_disruption.··-
0065b320:·206d·6564·6975·6d5f·7365·7665·7269·7479···medium_severity0065b320:·206d·6564·6975·6d5f·7365·7665·7269·7479···medium_severity
0065b330:·0a20·202d·206e·6f5f·7265·626f·6f74·5f6e··.··-·no_reboot_n0065b330:·0a20·202d·206e·6f5f·7265·626f·6f74·5f6e··.··-·no_reboot_n
0065b340:·6565·6465·640a·2020·2d20·706f·7374·6669··eeded.··-·postfi0065b340:·6565·6465·640a·2020·2d20·706f·7374·6669··eeded.··-·postfi
0065b350:·785f·7072·6576·656e·745f·756e·7265·7374··x_prevent_unrest0065b350:·785f·7072·6576·656e·745f·756e·7265·7374··x_prevent_unrest
Offset 416583, 20 lines modifiedOffset 416583, 20 lines modified
Max diff block lines reached; 1794/10930 bytes (16.41%) of diff not shown.
3.54 KB
html2text {}
    
Offset 69, 15 lines modifiedOffset 69, 15 lines modified
69 Profile·Title·[DRAFT]·DISA·STIG·with·GUI·for·Red·Hat·Enterprise·Linux·969 Profile·Title·[DRAFT]·DISA·STIG·with·GUI·for·Red·Hat·Enterprise·Linux·9
70 Profile·ID····xccdf_org.ssgproject.content_profile_stig_gui70 Profile·ID····xccdf_org.ssgproject.content_profile_stig_gui
71 ***·CPE·Platforms·***71 ***·CPE·Platforms·***
72 ····*·cpe:/o:redhat:enterprise_linux:972 ····*·cpe:/o:redhat:enterprise_linux:9
73 ····*·cpe:/o:centos:centos:973 ····*·cpe:/o:centos:centos:9
74 *****·Revision·History·*****74 *****·Revision·History·*****
75 Current·version:·0.1.6575 Current·version:·0.1.65
76 ····*·draft·(as·of·2024-01-14)76 ····*·draft·(as·of·2025-02-15)
77 *****·Table·of·Contents·*****77 *****·Table·of·Contents·*****
78 ···1.·System_Settings78 ···1.·System_Settings
79 ·········1.·Installing_and_Maintaining_Software79 ·········1.·Installing_and_Maintaining_Software
80 ·········2.·Account_and_Access_Control80 ·········2.·Account_and_Access_Control
81 ·········3.·System_Accounting_with_auditd81 ·········3.·System_Accounting_with_auditd
82 ·········4.·GRUB2_bootloader_configuration82 ·········4.·GRUB2_bootloader_configuration
83 ·········5.·Configure_Syslog83 ·········5.·Configure_Syslog
Offset 72654, 16 lines modifiedOffset 72654, 16 lines modified
72654 ··-·no_reboot_needed72654 ··-·no_reboot_needed
  
72655 -·name:·Test·for·existence·/boot/grub2/grub.cfg72655 -·name:·Test·for·existence·/boot/grub2/grub.cfg
72656 ··stat:72656 ··stat:
72657 ····path:·/boot/grub2/grub.cfg72657 ····path:·/boot/grub2/grub.cfg
72658 ··register:·file_exists72658 ··register:·file_exists
72659 ··when:72659 ··when:
72660 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
72661 ··-·'"grub2-common"·in·ansible_facts.packages'72660 ··-·'"grub2-common"·in·ansible_facts.packages'
 72661 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
72662 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]72662 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
72663 ··tags:72663 ··tags:
72664 ··-·CJIS-5.5.2.272664 ··-·CJIS-5.5.2.2
72665 ··-·NIST-800-171-3.4.572665 ··-·NIST-800-171-3.4.5
72666 ··-·NIST-800-53-AC-6(1)72666 ··-·NIST-800-53-AC-6(1)
72667 ··-·NIST-800-53-CM-6(a)72667 ··-·NIST-800-53-CM-6(a)
72668 ··-·PCI-DSS-Req-7.172668 ··-·PCI-DSS-Req-7.1
Offset 72675, 16 lines modifiedOffset 72675, 16 lines modified
72675 ··-·no_reboot_needed72675 ··-·no_reboot_needed
  
72676 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg72676 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
72677 ··file:72677 ··file:
72678 ····path:·/boot/grub2/grub.cfg72678 ····path:·/boot/grub2/grub.cfg
72679 ····group:·'0'72679 ····group:·'0'
72680 ··when:72680 ··when:
72681 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
72682 ··-·'"grub2-common"·in·ansible_facts.packages'72681 ··-·'"grub2-common"·in·ansible_facts.packages'
 72682 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
72683 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]72683 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
72684 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists72684 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
72685 ··tags:72685 ··tags:
72686 ··-·CJIS-5.5.2.272686 ··-·CJIS-5.5.2.2
72687 ··-·NIST-800-171-3.4.572687 ··-·NIST-800-171-3.4.5
72688 ··-·NIST-800-53-AC-6(1)72688 ··-·NIST-800-53-AC-6(1)
72689 ··-·NIST-800-53-CM-6(a)72689 ··-·NIST-800-53-CM-6(a)
Offset 72696, 15 lines modifiedOffset 72696, 15 lines modified
72696 ··-·medium_severity72696 ··-·medium_severity
72697 ··-·no_reboot_needed72697 ··-·no_reboot_needed
72698 Remediation_Shell_script_⇲72698 Remediation_Shell_script_⇲
72699 Complexity:·low72699 Complexity:·low
72700 Disruption:·low72700 Disruption:·low
72701 Strategy:···configure72701 Strategy:···configure
72702 #·Remediation·is·applicable·only·in·certain·platforms72702 #·Remediation·is·applicable·only·in·certain·platforms
72703 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then72703 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
72704 chgrp·0·/boot/grub2/grub.cfg72704 chgrp·0·/boot/grub2/grub.cfg
  
72705 else72705 else
72706 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'72706 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
72707 fi72707 fi
72708 ***·Rule  ·Set·the·Boot·Loader·Admin·Username·to·a·Non-Default·Value·  [ref]·***72708 ***·Rule  ·Set·the·Boot·Loader·Admin·Username·to·a·Non-Default·Value·  [ref]·***
Offset 88694, 26 lines modifiedOffset 88694, 26 lines modified
88694 ····lineinfile:88694 ····lineinfile:
88695 ······path:·/etc/postfix/main.cf88695 ······path:·/etc/postfix/main.cf
88696 ······create:·true88696 ······create:·true
88697 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*88697 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
88698 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject88698 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject
88699 ······state:·present88699 ······state:·present
88700 ··when:88700 ··when:
88701 ··-·'"postfix"·in·ansible_facts.packages' 
88702 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]88701 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 88702 ··-·'"postfix"·in·ansible_facts.packages'
88703 ··tags:88703 ··tags:
88704 ··-·low_complexity88704 ··-·low_complexity
88705 ··-·low_disruption88705 ··-·low_disruption
88706 ··-·medium_severity88706 ··-·medium_severity
88707 ··-·no_reboot_needed88707 ··-·no_reboot_needed
88708 ··-·postfix_prevent_unrestricted_relay88708 ··-·postfix_prevent_unrestricted_relay
88709 ··-·restrict_strategy88709 ··-·restrict_strategy
88710 Remediation_Shell_script_⇲88710 Remediation_Shell_script_⇲
88711 #·Remediation·is·applicable·only·in·certain·platforms88711 #·Remediation·is·applicable·only·in·certain·platforms
88712 if·rpm·--quiet·-q·postfix·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then88712 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·postfix;·then
  
88713 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then88713 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then
88714 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf88714 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf
88715 else88715 else
88716 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf88716 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf
88717 fi88717 fi
  
1.18 MB
./usr/share/doc/ssg-nondebian/ssg-fedora-guide-ospp.html
    
Offset 14341, 15 lines modifiedOffset 14341, 15 lines modified
00038040:·6f72·793c·2f68·323e·3c70·3e43·7572·7265··ory</h2><p>Curre00038040:·6f72·793c·2f68·323e·3c70·3e43·7572·7265··ory</h2><p>Curre
00038050:·6e74·2076·6572·7369·6f6e·3a20·3c73·7472··nt·version:·<str00038050:·6e74·2076·6572·7369·6f6e·3a20·3c73·7472··nt·version:·<str
00038060:·6f6e·673e·302e·312e·3635·3c2f·7374·726f··ong>0.1.65</stro00038060:·6f6e·673e·302e·312e·3635·3c2f·7374·726f··ong>0.1.65</stro
00038070:·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c··ng></p><ul><li><00038070:·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c··ng></p><ul><li><
00038080:·7374·726f·6e67·3e64·7261·6674·3c2f·7374··strong>draft</st00038080:·7374·726f·6e67·3e64·7261·6674·3c2f·7374··strong>draft</st
00038090:·726f·6e67·3e0a·2020·2020·2020·2020·2020··rong>.··········00038090:·726f·6e67·3e0a·2020·2020·2020·2020·2020··rong>.··········
000380a0:·2020·2020·2020·2020·2020·2861·7320·6f66············(as·of000380a0:·2020·2020·2020·2020·2020·2861·7320·6f66············(as·of
000380b0:·2032·3032·342d·3031·2d31·3429·0a20·2020···2024-01-14).···000380b0:·2032·3032·352d·3032·2d31·3529·0a20·2020···2025-02-15).···
000380c0:·2020·2020·2020·2020·2020·2020·203c·2f6c···············</l000380c0:·2020·2020·2020·2020·2020·2020·203c·2f6c···············</l
000380d0:·693e·3c2f·756c·3e3c·2f64·6976·3e3c·6832··i></ul></div><h2000380d0:·693e·3c2f·756c·3e3c·2f64·6976·3e3c·6832··i></ul></div><h2
000380e0:·3e54·6162·6c65·206f·6620·436f·6e74·656e··>Table·of·Conten000380e0:·3e54·6162·6c65·206f·6620·436f·6e74·656e··>Table·of·Conten
000380f0:·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c··ts</h2><ol><li><000380f0:·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c··ts</h2><ol><li><
00038100:·6120·6872·6566·3d22·2378·6363·6466·5f6f··a·href="#xccdf_o00038100:·6120·6872·6566·3d22·2378·6363·6466·5f6f··a·href="#xccdf_o
00038110:·7267·2e73·7367·7072·6f6a·6563·742e·636f··rg.ssgproject.co00038110:·7267·2e73·7367·7072·6f6a·6563·742e·636f··rg.ssgproject.co
00038120:·6e74·656e·745f·6772·6f75·705f·7379·7374··ntent_group_syst00038120:·6e74·656e·745f·6772·6f75·705f·7379·7374··ntent_group_syst
Offset 54073, 23 lines modifiedOffset 54073, 23 lines modified
000d3380:·6f74·5f72·6571·7569·7265·640a·2020·2d20··ot_required.··-·000d3380:·6f74·5f72·6571·7569·7265·640a·2020·2d20··ot_required.··-·
000d3390:·7265·7374·7269·6374·5f73·7472·6174·6567··restrict_strateg000d3390:·7265·7374·7269·6374·5f73·7472·6174·6567··restrict_strateg
000d33a0:·790a·0a2d·206e·616d·653a·2053·6574·2061··y..-·name:·Set·a000d33a0:·790a·0a2d·206e·616d·653a·2053·6574·2061··y..-·name:·Set·a
000d33b0:·7263·6869·7465·6374·7572·6520·666f·7220··rchitecture·for·000d33b0:·7263·6869·7465·6374·7572·6520·666f·7220··rchitecture·for·
000d33c0:·6175·6469·7420·6368·6d6f·6420·7461·736b··audit·chmod·task000d33c0:·6175·6469·7420·6368·6d6f·6420·7461·736b··audit·chmod·task
000d33d0:·730a·2020·7365·745f·6661·6374·3a0a·2020··s.··set_fact:.··000d33d0:·730a·2020·7365·745f·6661·6374·3a0a·2020··s.··set_fact:.··
000d33e0:·2020·6175·6469·745f·6172·6368·3a20·6236····audit_arch:·b6000d33e0:·2020·6175·6469·745f·6172·6368·3a20·6236····audit_arch:·b6
000d33f0:·340a·2020·7768·656e·3a0a·2020·2d20·616e··4.··when:.··-·an000d33f0:·340a·2020·7768·656e·3a0a·2020·2d20·2722··4.··when:.··-·'"
000d3400:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza 
000d3410:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in 
000d3420:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc 
000d3430:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po 
000d3440:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe 
000d3450:·7222·5d0a·2020·2d20·2722·6175·6469·7422··r"].··-·'"audit" 
000d3460:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
000d3470:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·000d3400:·6175·6469·7422·2069·6e20·616e·7369·626c··audit"·in·ansibl
 000d3410:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
 000d3420:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
 000d3430:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
 000d3440:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
 000d3450:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
 000d3460:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
 000d3470:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·
000d3480:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec000d3480:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec
000d3490:·7475·7265·203d·3d20·2261·6172·6368·3634··ture·==·"aarch64000d3490:·7475·7265·203d·3d20·2261·6172·6368·3634··ture·==·"aarch64
000d34a0:·2220·6f72·2061·6e73·6962·6c65·5f61·7263··"·or·ansible_arc000d34a0:·2220·6f72·2061·6e73·6962·6c65·5f61·7263··"·or·ansible_arc
000d34b0:·6869·7465·6374·7572·6520·3d3d·2022·7070··hitecture·==·"pp000d34b0:·6869·7465·6374·7572·6520·3d3d·2022·7070··hitecture·==·"pp
000d34c0:·6336·3422·206f·7220·616e·7369·626c·655f··c64"·or·ansible_000d34c0:·6336·3422·206f·7220·616e·7369·626c·655f··c64"·or·ansible_
000d34d0:·6172·6368·6974·6563·7475·7265·0a20·2020··architecture.···000d34d0:·6172·6368·6974·6563·7475·7265·0a20·2020··architecture.···
000d34e0:·203d·3d20·2270·7063·3634·6c65·2220·6f72···==·"ppc64le"·or000d34e0:·203d·3d20·2270·7063·3634·6c65·2220·6f72···==·"ppc64le"·or
Offset 54395, 23 lines modifiedOffset 54395, 23 lines modified
000d47a0:·726d·5f6d·6f64·0a20·2020·2020·2063·7265··rm_mod.······cre000d47a0:·726d·5f6d·6f64·0a20·2020·2020·2063·7265··rm_mod.······cre
000d47b0:·6174·653a·2074·7275·650a·2020·2020·2020··ate:·true.······000d47b0:·6174·653a·2074·7275·650a·2020·2020·2020··ate:·true.······
000d47c0:·6d6f·6465·3a20·6f2d·7277·780a·2020·2020··mode:·o-rwx.····000d47c0:·6d6f·6465·3a20·6f2d·7277·780a·2020·2020··mode:·o-rwx.····
000d47d0:·2020·7374·6174·653a·2070·7265·7365·6e74····state:·present000d47d0:·2020·7374·6174·653a·2070·7265·7365·6e74····state:·present
000d47e0:·0a20·2020·2077·6865·6e3a·2073·7973·6361··.····when:·sysca000d47e0:·0a20·2020·2077·6865·6e3a·2073·7973·6361··.····when:·sysca
000d47f0:·6c6c·735f·666f·756e·6420·7c20·6c65·6e67··lls_found·|·leng000d47f0:·6c6c·735f·666f·756e·6420·7c20·6c65·6e67··lls_found·|·leng
000d4800:·7468·203d·3d20·300a·2020·7768·656e·3a0a··th·==·0.··when:.000d4800:·7468·203d·3d20·300a·2020·7768·656e·3a0a··th·==·0.··when:.
000d4810:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt 
000d4820:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type· 
000d4830:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker" 
000d4840:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz 
000d4850:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co 
000d4860:·6e74·6169·6e65·7222·5d0a·2020·2d20·2722··ntainer"].··-·'" 
000d4870:·6175·6469·7422·2069·6e20·616e·7369·626c··audit"·in·ansibl 
000d4880:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages000d4810:·2020·2d20·2722·6175·6469·7422·2069·6e20····-·'"audit"·in·
 000d4820:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
 000d4830:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi
 000d4840:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
 000d4850:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
 000d4860:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
 000d4870:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
 000d4880:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
000d4890:·270a·2020·7461·6773·3a0a·2020·2d20·434a··'.··tags:.··-·CJ000d4890:·5d0a·2020·7461·6773·3a0a·2020·2d20·434a··].··tags:.··-·CJ
000d48a0:·4953·2d35·2e34·2e31·2e31·0a20·202d·204e··IS-5.4.1.1.··-·N000d48a0:·4953·2d35·2e34·2e31·2e31·0a20·202d·204e··IS-5.4.1.1.··-·N
000d48b0:·4953·542d·3830·302d·3137·312d·332e·312e··IST-800-171-3.1.000d48b0:·4953·542d·3830·302d·3137·312d·332e·312e··IST-800-171-3.1.
000d48c0:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5000d48c0:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5
000d48d0:·332d·4155·2d31·3228·6329·0a20·202d·204e··3-AU-12(c).··-·N000d48d0:·332d·4155·2d31·3228·6329·0a20·202d·204e··3-AU-12(c).··-·N
000d48e0:·4953·542d·3830·302d·3533·2d41·552d·3228··IST-800-53-AU-2(000d48e0:·4953·542d·3830·302d·3533·2d41·552d·3228··IST-800-53-AU-2(
000d48f0:·6429·0a20·202d·204e·4953·542d·3830·302d··d).··-·NIST-800-000d48f0:·6429·0a20·202d·204e·4953·542d·3830·302d··d).··-·NIST-800-
000d4900:·3533·2d43·4d2d·3628·6129·0a20·202d·2050··53-CM-6(a).··-·P000d4900:·3533·2d43·4d2d·3628·6129·0a20·202d·2050··53-CM-6(a).··-·P
Offset 54705, 22 lines modifiedOffset 54705, 22 lines modified
000d5b00:·6d6f·640a·2020·2020·2020·6372·6561·7465··mod.······create000d5b00:·6d6f·640a·2020·2020·2020·6372·6561·7465··mod.······create
000d5b10:·3a20·7472·7565·0a20·2020·2020·206d·6f64··:·true.······mod000d5b10:·3a20·7472·7565·0a20·2020·2020·206d·6f64··:·true.······mod
000d5b20:·653a·206f·2d72·7778·0a20·2020·2020·2073··e:·o-rwx.······s000d5b20:·653a·206f·2d72·7778·0a20·2020·2020·2073··e:·o-rwx.······s
000d5b30:·7461·7465·3a20·7072·6573·656e·740a·2020··tate:·present.··000d5b30:·7461·7465·3a20·7072·6573·656e·740a·2020··tate:·present.··
000d5b40:·2020·7768·656e·3a20·7379·7363·616c·6c73····when:·syscalls000d5b40:·2020·7768·656e·3a20·7379·7363·616c·6c73····when:·syscalls
000d5b50:·5f66·6f75·6e64·207c·206c·656e·6774·6820··_found·|·length·000d5b50:·5f66·6f75·6e64·207c·206c·656e·6774·6820··_found·|·length·
000d5b60:·3d3d·2030·0a20·2077·6865·6e3a·0a20·202d··==·0.··when:.··-000d5b60:·3d3d·2030·0a20·2077·6865·6e3a·0a20·202d··==·0.··when:.··-
000d5b70:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual 
000d5b80:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not 
000d5b90:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·" 
000d5ba0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",· 
000d5bb0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta 
000d5bc0:·696e·6572·225d·0a20·202d·2027·2261·7564··iner"].··-·'"aud 
000d5bd0:·6974·2220·696e·2061·6e73·6962·6c65·5f66··it"·in·ansible_f 
000d5be0:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·000d5b70:·2027·2261·7564·6974·2220·696e·2061·6e73···'"audit"·in·ans
 000d5b80:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
 000d5b90:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible
 000d5ba0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
 000d5bb0:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
 000d5bc0:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
 000d5bd0:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
 000d5be0:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
000d5bf0:·202d·2061·7564·6974·5f61·7263·6820·3d3d···-·audit_arch·==000d5bf0:·202d·2061·7564·6974·5f61·7263·6820·3d3d···-·audit_arch·==
000d5c00:·2022·6236·3422·0a20·2074·6167·733a·0a20···"b64".··tags:.·000d5c00:·2022·6236·3422·0a20·2074·6167·733a·0a20···"b64".··tags:.·
000d5c10:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.000d5c10:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.
000d5c20:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-171000d5c20:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-171
000d5c30:·2d33·2e31·2e37·0a20·202d·204e·4953·542d··-3.1.7.··-·NIST-000d5c30:·2d33·2e31·2e37·0a20·202d·204e·4953·542d··-3.1.7.··-·NIST-
000d5c40:·3830·302d·3533·2d41·552d·3132·2863·290a··800-53-AU-12(c).000d5c40:·3830·302d·3533·2d41·552d·3132·2863·290a··800-53-AU-12(c).
000d5c50:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-000d5c50:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-
Offset 54753, 20 lines modifiedOffset 54753, 20 lines modified
000d5e00:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla000d5e00:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
000d5e10:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id000d5e10:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
000d5e20:·3d22·6964·6d31·3632·3838·223e·3c70·7265··="idm16288"><pre000d5e20:·3d22·6964·6d31·3632·3838·223e·3c70·7265··="idm16288"><pre
000d5e30:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia000d5e30:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia
000d5e40:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab000d5e40:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab
000d5e50:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa000d5e50:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa
000d5e60:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·000d5e60:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·
 000d5e70:·7270·6d20·2d2d·7175·6965·7420·2d71·2061··rpm·--quiet·-q·a
 000d5e80:·7564·6974·2026·616d·703b·2661·6d70·3b20··udit·&amp;&amp;·
000d5e70:·5b20·2120·2d66·202f·2e64·6f63·6b65·7265··[·!·-f·/.dockere000d5e90:·5b20·2120·2d66·202f·2e64·6f63·6b65·7265··[·!·-f·/.dockere
000d5e80:·6e76·205d·2026·616d·703b·2661·6d70·3b20··nv·]·&amp;&amp;·000d5ea0:·6e76·205d·2026·616d·703b·2661·6d70·3b20··nv·]·&amp;&amp;·
000d5e90:·5b20·2120·2d66·202f·7275·6e2f·2e63·6f6e··[·!·-f·/run/.con000d5eb0:·5b20·2120·2d66·202f·7275·6e2f·2e63·6f6e··[·!·-f·/run/.con
000d5ea0:·7461·696e·6572·656e·7620·5d20·2661·6d70··tainerenv·]·&amp000d5ec0:·7461·696e·6572·656e·7620·5d3b·2074·6865··tainerenv·];·the
000d5eb0:·3b26·616d·703b·2072·706d·202d·2d71·7569··;&amp;·rpm·--qui 
000d5ec0:·6574·202d·7120·6175·6469·743b·2074·6865··et·-q·audit;·the 
000d5ed0:·6e0a·0a23·2046·6972·7374·2070·6572·666f··n..#·First·perfo000d5ed0:·6e0a·0a23·2046·6972·7374·2070·6572·666f··n..#·First·perfo
000d5ee0:·726d·2074·6865·2072·656d·6564·6961·7469··rm·the·remediati000d5ee0:·726d·2074·6865·2072·656d·6564·6961·7469··rm·the·remediati
000d5ef0:·6f6e·206f·6620·7468·6520·7379·7363·616c··on·of·the·syscal000d5ef0:·6f6e·206f·6620·7468·6520·7379·7363·616c··on·of·the·syscal
000d5f00:·6c20·7275·6c65·0a23·2052·6574·7269·6576··l·rule.#·Retriev000d5f00:·6c20·7275·6c65·0a23·2052·6574·7269·6576··l·rule.#·Retriev
Max diff block lines reached; 932868/942244 bytes (99.00%) of diff not shown.
288 KB
html2text {}
    
Offset 46, 15 lines modifiedOffset 46, 15 lines modified
46 ***·CPE·Platforms·***46 ***·CPE·Platforms·***
47 ····*·cpe:/o:fedoraproject:fedora:3547 ····*·cpe:/o:fedoraproject:fedora:35
48 ····*·cpe:/o:fedoraproject:fedora:3648 ····*·cpe:/o:fedoraproject:fedora:36
49 ····*·cpe:/o:fedoraproject:fedora:3749 ····*·cpe:/o:fedoraproject:fedora:37
50 ····*·cpe:/o:fedoraproject:fedora:3850 ····*·cpe:/o:fedoraproject:fedora:38
51 *****·Revision·History·*****51 *****·Revision·History·*****
52 Current·version:·0.1.6552 Current·version:·0.1.65
53 ····*·draft·(as·of·2024-01-14)53 ····*·draft·(as·of·2025-02-15)
54 *****·Table·of·Contents·*****54 *****·Table·of·Contents·*****
55 ···1.·System_Settings55 ···1.·System_Settings
56 ·········1.·Installing_and_Maintaining_Software56 ·········1.·Installing_and_Maintaining_Software
57 ·········2.·Account_and_Access_Control57 ·········2.·Account_and_Access_Control
58 ·········3.·System_Accounting_with_auditd58 ·········3.·System_Accounting_with_auditd
59 ·········4.·GRUB2_bootloader_configuration59 ·········4.·GRUB2_bootloader_configuration
60 ·········5.·Configure_Syslog60 ·········5.·Configure_Syslog
Offset 7722, 16 lines modifiedOffset 7722, 16 lines modified
7722 ··-·reboot_required7722 ··-·reboot_required
7723 ··-·restrict_strategy7723 ··-·restrict_strategy
  
7724 -·name:·Set·architecture·for·audit·chmod·tasks7724 -·name:·Set·architecture·for·audit·chmod·tasks
7725 ··set_fact:7725 ··set_fact:
7726 ····audit_arch:·b647726 ····audit_arch:·b64
7727 ··when:7727 ··when:
7728 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
7729 ··-·'"audit"·in·ansible_facts.packages'7728 ··-·'"audit"·in·ansible_facts.packages'
 7729 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7730 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture7730 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
7731 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"7731 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
7732 ··tags:7732 ··tags:
7733 ··-·CJIS-5.4.1.17733 ··-·CJIS-5.4.1.1
7734 ··-·NIST-800-171-3.1.77734 ··-·NIST-800-171-3.1.7
7735 ··-·NIST-800-53-AU-12(c)7735 ··-·NIST-800-53-AU-12(c)
7736 ··-·NIST-800-53-AU-2(d)7736 ··-·NIST-800-53-AU-2(d)
Offset 7867, 16 lines modifiedOffset 7867, 16 lines modified
7867 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10007867 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
7868 ········-F·auid!=unset·-F·key=perm_mod7868 ········-F·auid!=unset·-F·key=perm_mod
7869 ······create:·true7869 ······create:·true
7870 ······mode:·o-rwx7870 ······mode:·o-rwx
7871 ······state:·present7871 ······state:·present
7872 ····when:·syscalls_found·|·length·==·07872 ····when:·syscalls_found·|·length·==·0
7873 ··when:7873 ··when:
7874 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
7875 ··-·'"audit"·in·ansible_facts.packages'7874 ··-·'"audit"·in·ansible_facts.packages'
 7875 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7876 ··tags:7876 ··tags:
7877 ··-·CJIS-5.4.1.17877 ··-·CJIS-5.4.1.1
7878 ··-·NIST-800-171-3.1.77878 ··-·NIST-800-171-3.1.7
7879 ··-·NIST-800-53-AU-12(c)7879 ··-·NIST-800-53-AU-12(c)
7880 ··-·NIST-800-53-AU-2(d)7880 ··-·NIST-800-53-AU-2(d)
7881 ··-·NIST-800-53-CM-6(a)7881 ··-·NIST-800-53-CM-6(a)
7882 ··-·PCI-DSS-Req-10.5.57882 ··-·PCI-DSS-Req-10.5.5
Offset 8010, 16 lines modifiedOffset 8010, 16 lines modified
8010 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10008010 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
8011 ········-F·auid!=unset·-F·key=perm_mod8011 ········-F·auid!=unset·-F·key=perm_mod
8012 ······create:·true8012 ······create:·true
8013 ······mode:·o-rwx8013 ······mode:·o-rwx
8014 ······state:·present8014 ······state:·present
8015 ····when:·syscalls_found·|·length·==·08015 ····when:·syscalls_found·|·length·==·0
8016 ··when:8016 ··when:
8017 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
8018 ··-·'"audit"·in·ansible_facts.packages'8017 ··-·'"audit"·in·ansible_facts.packages'
 8018 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8019 ··-·audit_arch·==·"b64"8019 ··-·audit_arch·==·"b64"
8020 ··tags:8020 ··tags:
8021 ··-·CJIS-5.4.1.18021 ··-·CJIS-5.4.1.1
8022 ··-·NIST-800-171-3.1.78022 ··-·NIST-800-171-3.1.7
8023 ··-·NIST-800-53-AU-12(c)8023 ··-·NIST-800-53-AU-12(c)
8024 ··-·NIST-800-53-AU-2(d)8024 ··-·NIST-800-53-AU-2(d)
8025 ··-·NIST-800-53-CM-6(a)8025 ··-·NIST-800-53-CM-6(a)
Offset 8028, 15 lines modifiedOffset 8028, 15 lines modified
8028 ··-·low_complexity8028 ··-·low_complexity
8029 ··-·low_disruption8029 ··-·low_disruption
8030 ··-·medium_severity8030 ··-·medium_severity
8031 ··-·reboot_required8031 ··-·reboot_required
8032 ··-·restrict_strategy8032 ··-·restrict_strategy
8033 Remediation_Shell_script_⇲8033 Remediation_Shell_script_⇲
8034 #·Remediation·is·applicable·only·in·certain·platforms8034 #·Remediation·is·applicable·only·in·certain·platforms
8035 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then8035 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
8036 #·First·perform·the·remediation·of·the·syscall·rule8036 #·First·perform·the·remediation·of·the·syscall·rule
8037 #·Retrieve·hardware·architecture·of·the·underlying·system8037 #·Retrieve·hardware·architecture·of·the·underlying·system
8038 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")8038 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
8039 for·ARCH·in·"${RULE_ARCHS[@]}"8039 for·ARCH·in·"${RULE_ARCHS[@]}"
8040 do8040 do
Offset 8396, 16 lines modifiedOffset 8396, 16 lines modified
8396 ··-·reboot_required8396 ··-·reboot_required
8397 ··-·restrict_strategy8397 ··-·restrict_strategy
  
8398 -·name:·Set·architecture·for·audit·chown·tasks8398 -·name:·Set·architecture·for·audit·chown·tasks
8399 ··set_fact:8399 ··set_fact:
8400 ····audit_arch:·b648400 ····audit_arch:·b64
8401 ··when:8401 ··when:
8402 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
8403 ··-·'"audit"·in·ansible_facts.packages'8402 ··-·'"audit"·in·ansible_facts.packages'
 8403 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8404 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture8404 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
8405 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"8405 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
8406 ··tags:8406 ··tags:
8407 ··-·CJIS-5.4.1.18407 ··-·CJIS-5.4.1.1
8408 ··-·NIST-800-171-3.1.78408 ··-·NIST-800-171-3.1.7
8409 ··-·NIST-800-53-AU-12(c)8409 ··-·NIST-800-53-AU-12(c)
8410 ··-·NIST-800-53-AU-2(d)8410 ··-·NIST-800-53-AU-2(d)
Offset 8543, 16 lines modifiedOffset 8543, 16 lines modified
8543 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10008543 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
8544 ········-F·auid!=unset·-F·key=perm_mod8544 ········-F·auid!=unset·-F·key=perm_mod
8545 ······create:·true8545 ······create:·true
8546 ······mode:·o-rwx8546 ······mode:·o-rwx
8547 ······state:·present8547 ······state:·present
8548 ····when:·syscalls_found·|·length·==·08548 ····when:·syscalls_found·|·length·==·0
8549 ··when:8549 ··when:
8550 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
8551 ··-·'"audit"·in·ansible_facts.packages'8550 ··-·'"audit"·in·ansible_facts.packages'
 8551 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8552 ··tags:8552 ··tags:
8553 ··-·CJIS-5.4.1.18553 ··-·CJIS-5.4.1.1
8554 ··-·NIST-800-171-3.1.78554 ··-·NIST-800-171-3.1.7
8555 ··-·NIST-800-53-AU-12(c)8555 ··-·NIST-800-53-AU-12(c)
8556 ··-·NIST-800-53-AU-2(d)8556 ··-·NIST-800-53-AU-2(d)
8557 ··-·NIST-800-53-CM-6(a)8557 ··-·NIST-800-53-CM-6(a)
8558 ··-·PCI-DSS-Req-10.5.58558 ··-·PCI-DSS-Req-10.5.5
Offset 8688, 16 lines modifiedOffset 8688, 16 lines modified
8688 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10008688 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
8689 ········-F·auid!=unset·-F·key=perm_mod8689 ········-F·auid!=unset·-F·key=perm_mod
8690 ······create:·true8690 ······create:·true
8691 ······mode:·o-rwx8691 ······mode:·o-rwx
8692 ······state:·present8692 ······state:·present
Max diff block lines reached; 290039/294725 bytes (98.41%) of diff not shown.
790 KB
./usr/share/doc/ssg-nondebian/ssg-fedora-guide-pci-dss.html
    
Offset 14313, 16 lines modifiedOffset 14313, 16 lines modified
00037e80:·6973·696f·6e20·4869·7374·6f72·793c·2f68··ision·History</h00037e80:·6973·696f·6e20·4869·7374·6f72·793c·2f68··ision·History</h
00037e90:·323e·3c70·3e43·7572·7265·6e74·2076·6572··2><p>Current·ver00037e90:·323e·3c70·3e43·7572·7265·6e74·2076·6572··2><p>Current·ver
00037ea0:·7369·6f6e·3a20·3c73·7472·6f6e·673e·302e··sion:·<strong>0.00037ea0:·7369·6f6e·3a20·3c73·7472·6f6e·673e·302e··sion:·<strong>0.
00037eb0:·312e·3635·3c2f·7374·726f·6e67·3e3c·2f70··1.65</strong></p00037eb0:·312e·3635·3c2f·7374·726f·6e67·3e3c·2f70··1.65</strong></p
00037ec0:·3e3c·756c·3e3c·6c69·3e3c·7374·726f·6e67··><ul><li><strong00037ec0:·3e3c·756c·3e3c·6c69·3e3c·7374·726f·6e67··><ul><li><strong
00037ed0:·3e64·7261·6674·3c2f·7374·726f·6e67·3e0a··>draft</strong>.00037ed0:·3e64·7261·6674·3c2f·7374·726f·6e67·3e0a··>draft</strong>.
00037ee0:·2020·2020·2020·2020·2020·2020·2020·2020··················00037ee0:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037ef0:·2020·2020·2861·7320·6f66·2032·3032·342d······(as·of·2024-00037ef0:·2020·2020·2861·7320·6f66·2032·3032·352d······(as·of·2025-
00037f00:·3031·2d31·3429·0a20·2020·2020·2020·2020··01-14).·········00037f00:·3032·2d31·3529·0a20·2020·2020·2020·2020··02-15).·········
00037f10:·2020·2020·2020·203c·2f6c·693e·3c2f·756c·········</li></ul00037f10:·2020·2020·2020·203c·2f6c·693e·3c2f·756c·········</li></ul
00037f20:·3e3c·2f64·6976·3e3c·6832·3e54·6162·6c65··></div><h2>Table00037f20:·3e3c·2f64·6976·3e3c·6832·3e54·6162·6c65··></div><h2>Table
00037f30:·206f·6620·436f·6e74·656e·7473·3c2f·6832···of·Contents</h200037f30:·206f·6620·436f·6e74·656e·7473·3c2f·6832···of·Contents</h2
00037f40:·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872·6566··><ol><li><a·href00037f40:·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872·6566··><ol><li><a·href
00037f50:·3d22·2378·6363·6466·5f6f·7267·2e73·7367··="#xccdf_org.ssg00037f50:·3d22·2378·6363·6466·5f6f·7267·2e73·7367··="#xccdf_org.ssg
00037f60:·7072·6f6a·6563·742e·636f·6e74·656e·745f··project.content_00037f60:·7072·6f6a·6563·742e·636f·6e74·656e·745f··project.content_
00037f70:·6772·6f75·705f·7379·7374·656d·223e·5379··group_system">Sy00037f70:·6772·6f75·705f·7379·7374·656d·223e·5379··group_system">Sy
Offset 51695, 23 lines modifiedOffset 51695, 23 lines modified
000c9ee0:·7265·640a·2020·2d20·7265·7374·7269·6374··red.··-·restrict000c9ee0:·7265·640a·2020·2d20·7265·7374·7269·6374··red.··-·restrict
000c9ef0:·5f73·7472·6174·6567·790a·0a2d·206e·616d··_strategy..-·nam000c9ef0:·5f73·7472·6174·6567·790a·0a2d·206e·616d··_strategy..-·nam
000c9f00:·653a·2053·6574·2061·7263·6869·7465·6374··e:·Set·architect000c9f00:·653a·2053·6574·2061·7263·6869·7465·6374··e:·Set·architect
000c9f10:·7572·6520·666f·7220·6175·6469·7420·6368··ure·for·audit·ch000c9f10:·7572·6520·666f·7220·6175·6469·7420·6368··ure·for·audit·ch
000c9f20:·6d6f·6420·7461·736b·730a·2020·7365·745f··mod·tasks.··set_000c9f20:·6d6f·6420·7461·736b·730a·2020·7365·745f··mod·tasks.··set_
000c9f30:·6661·6374·3a0a·2020·2020·6175·6469·745f··fact:.····audit_000c9f30:·6661·6374·3a0a·2020·2020·6175·6469·745f··fact:.····audit_
000c9f40:·6172·6368·3a20·6236·340a·2020·7768·656e··arch:·b64.··when000c9f40:·6172·6368·3a20·6236·340a·2020·7768·656e··arch:·b64.··when
000c9f50:·3a0a·2020·2d20·616e·7369·626c·655f·7669··:.··-·ansible_vi 
000c9f60:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ 
000c9f70:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke 
000c9f80:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open 
000c9f90:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·" 
000c9fa0:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-· 
000c9fb0:·2722·6175·6469·7422·2069·6e20·616e·7369··'"audit"·in·ansi 
000c9fc0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag000c9f50:·3a0a·2020·2d20·2722·6175·6469·7422·2069··:.··-·'"audit"·i
 000c9f60:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
 000c9f70:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an
 000c9f80:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
 000c9f90:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
 000c9fa0:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
 000c9fb0:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
 000c9fc0:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
000c9fd0:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_000c9fd0:·7222·5d0a·2020·2d20·616e·7369·626c·655f··r"].··-·ansible_
000c9fe0:·6172·6368·6974·6563·7475·7265·203d·3d20··architecture·==·000c9fe0:·6172·6368·6974·6563·7475·7265·203d·3d20··architecture·==·
000c9ff0:·2261·6172·6368·3634·2220·6f72·2061·6e73··"aarch64"·or·ans000c9ff0:·2261·6172·6368·3634·2220·6f72·2061·6e73··"aarch64"·or·ans
000ca000:·6962·6c65·5f61·7263·6869·7465·6374·7572··ible_architectur000ca000:·6962·6c65·5f61·7263·6869·7465·6374·7572··ible_architectur
000ca010:·6520·3d3d·2022·7070·6336·3422·206f·7220··e·==·"ppc64"·or·000ca010:·6520·3d3d·2022·7070·6336·3422·206f·7220··e·==·"ppc64"·or·
000ca020:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec000ca020:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec
000ca030:·7475·7265·0a20·2020·203d·3d20·2270·7063··ture.····==·"ppc000ca030:·7475·7265·0a20·2020·203d·3d20·2270·7063··ture.····==·"ppc
000ca040:·3634·6c65·2220·6f72·2061·6e73·6962·6c65··64le"·or·ansible000ca040:·3634·6c65·2220·6f72·2061·6e73·6962·6c65··64le"·or·ansible
Offset 52016, 23 lines modifiedOffset 52016, 23 lines modified
000cb2f0:·4620·6b65·793d·7065·726d·5f6d·6f64·0a20··F·key=perm_mod.·000cb2f0:·4620·6b65·793d·7065·726d·5f6d·6f64·0a20··F·key=perm_mod.·
000cb300:·2020·2020·2063·7265·6174·653a·2074·7275·······create:·tru000cb300:·2020·2020·2063·7265·6174·653a·2074·7275·······create:·tru
000cb310:·650a·2020·2020·2020·6d6f·6465·3a20·6f2d··e.······mode:·o-000cb310:·650a·2020·2020·2020·6d6f·6465·3a20·6f2d··e.······mode:·o-
000cb320:·7277·780a·2020·2020·2020·7374·6174·653a··rwx.······state:000cb320:·7277·780a·2020·2020·2020·7374·6174·653a··rwx.······state:
000cb330:·2070·7265·7365·6e74·0a20·2020·2077·6865···present.····whe000cb330:·2070·7265·7365·6e74·0a20·2020·2077·6865···present.····whe
000cb340:·6e3a·2073·7973·6361·6c6c·735f·666f·756e··n:·syscalls_foun000cb340:·6e3a·2073·7973·6361·6c6c·735f·666f·756e··n:·syscalls_foun
000cb350:·6420·7c20·6c65·6e67·7468·203d·3d20·300a··d·|·length·==·0.000cb350:·6420·7c20·6c65·6e67·7468·203d·3d20·300a··d·|·length·==·0.
000cb360:·2020·7768·656e·3a0a·2020·2d20·616e·7369····when:.··-·ansi000cb360:·2020·7768·656e·3a0a·2020·2d20·2722·6175····when:.··-·'"au
000cb370:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati 
000cb380:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[ 
000cb390:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc", 
000cb3a0:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm 
000cb3b0:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container" 
000cb3c0:·5d0a·2020·2d20·2722·6175·6469·7422·2069··].··-·'"audit"·i 
000cb3d0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
000cb3e0:·7061·636b·6167·6573·270a·2020·7461·6773··packages'.··tags000cb370:·6469·7422·2069·6e20·616e·7369·626c·655f··dit"·in·ansible_
 000cb380:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.
 000cb390:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt
 000cb3a0:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type·
 000cb3b0:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker"
 000cb3c0:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz
 000cb3d0:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co
 000cb3e0:·6e74·6169·6e65·7222·5d0a·2020·7461·6773··ntainer"].··tags
000cb3f0:·3a0a·2020·2d20·434a·4953·2d35·2e34·2e31··:.··-·CJIS-5.4.1000cb3f0:·3a0a·2020·2d20·434a·4953·2d35·2e34·2e31··:.··-·CJIS-5.4.1
000cb400:·2e31·0a20·202d·204e·4953·542d·3830·302d··.1.··-·NIST-800-000cb400:·2e31·0a20·202d·204e·4953·542d·3830·302d··.1.··-·NIST-800-
000cb410:·3137·312d·332e·312e·370a·2020·2d20·4e49··171-3.1.7.··-·NI000cb410:·3137·312d·332e·312e·370a·2020·2d20·4e49··171-3.1.7.··-·NI
000cb420:·5354·2d38·3030·2d35·332d·4155·2d31·3228··ST-800-53-AU-12(000cb420:·5354·2d38·3030·2d35·332d·4155·2d31·3228··ST-800-53-AU-12(
000cb430:·6329·0a20·202d·204e·4953·542d·3830·302d··c).··-·NIST-800-000cb430:·6329·0a20·202d·204e·4953·542d·3830·302d··c).··-·NIST-800-
000cb440:·3533·2d41·552d·3228·6429·0a20·202d·204e··53-AU-2(d).··-·N000cb440:·3533·2d41·552d·3228·6429·0a20·202d·204e··53-AU-2(d).··-·N
000cb450:·4953·542d·3830·302d·3533·2d43·4d2d·3628··IST-800-53-CM-6(000cb450:·4953·542d·3830·302d·3533·2d43·4d2d·3628··IST-800-53-CM-6(
Offset 52326, 23 lines modifiedOffset 52326, 23 lines modified
000cc650:·6579·3d70·6572·6d5f·6d6f·640a·2020·2020··ey=perm_mod.····000cc650:·6579·3d70·6572·6d5f·6d6f·640a·2020·2020··ey=perm_mod.····
000cc660:·2020·6372·6561·7465·3a20·7472·7565·0a20····create:·true.·000cc660:·2020·6372·6561·7465·3a20·7472·7565·0a20····create:·true.·
000cc670:·2020·2020·206d·6f64·653a·206f·2d72·7778·······mode:·o-rwx000cc670:·2020·2020·206d·6f64·653a·206f·2d72·7778·······mode:·o-rwx
000cc680:·0a20·2020·2020·2073·7461·7465·3a20·7072··.······state:·pr000cc680:·0a20·2020·2020·2073·7461·7465·3a20·7072··.······state:·pr
000cc690:·6573·656e·740a·2020·2020·7768·656e·3a20··esent.····when:·000cc690:·6573·656e·740a·2020·2020·7768·656e·3a20··esent.····when:·
000cc6a0:·7379·7363·616c·6c73·5f66·6f75·6e64·207c··syscalls_found·|000cc6a0:·7379·7363·616c·6c73·5f66·6f75·6e64·207c··syscalls_found·|
000cc6b0:·206c·656e·6774·6820·3d3d·2030·0a20·2077···length·==·0.··w000cc6b0:·206c·656e·6774·6820·3d3d·2030·0a20·2077···length·==·0.··w
000cc6c0:·6865·6e3a·0a20·202d·2061·6e73·6962·6c65··hen:.··-·ansible000cc6c0:·6865·6e3a·0a20·202d·2027·2261·7564·6974··hen:.··-·'"audit
000cc6d0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_ 
000cc6e0:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do 
000cc6f0:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o 
000cc700:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman" 
000cc710:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].· 
000cc720:·202d·2027·2261·7564·6974·2220·696e·2061···-·'"audit"·in·a 
000cc730:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac000cc6d0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
 000cc6e0:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-
 000cc6f0:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
 000cc700:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
 000cc710:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
 000cc720:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
 000cc730:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
000cc740:·6b61·6765·7327·0a20·202d·2061·7564·6974··kages'.··-·audit000cc740:·696e·6572·225d·0a20·202d·2061·7564·6974··iner"].··-·audit
000cc750:·5f61·7263·6820·3d3d·2022·6236·3422·0a20··_arch·==·"b64".·000cc750:·5f61·7263·6820·3d3d·2022·6236·3422·0a20··_arch·==·"b64".·
000cc760:·2074·6167·733a·0a20·202d·2043·4a49·532d···tags:.··-·CJIS-000cc760:·2074·6167·733a·0a20·202d·2043·4a49·532d···tags:.··-·CJIS-
000cc770:·352e·342e·312e·310a·2020·2d20·4e49·5354··5.4.1.1.··-·NIST000cc770:·352e·342e·312e·310a·2020·2d20·4e49·5354··5.4.1.1.··-·NIST
000cc780:·2d38·3030·2d31·3731·2d33·2e31·2e37·0a20··-800-171-3.1.7.·000cc780:·2d38·3030·2d31·3731·2d33·2e31·2e37·0a20··-800-171-3.1.7.·
000cc790:·202d·204e·4953·542d·3830·302d·3533·2d41···-·NIST-800-53-A000cc790:·202d·204e·4953·542d·3830·302d·3533·2d41···-·NIST-800-53-A
000cc7a0:·552d·3132·2863·290a·2020·2d20·4e49·5354··U-12(c).··-·NIST000cc7a0:·552d·3132·2863·290a·2020·2d20·4e49·5354··U-12(c).··-·NIST
000cc7b0:·2d38·3030·2d35·332d·4155·2d32·2864·290a··-800-53-AU-2(d).000cc7b0:·2d38·3030·2d35·332d·4155·2d32·2864·290a··-800-53-AU-2(d).
Offset 52374, 21 lines modifiedOffset 52374, 21 lines modified
000cc950:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan000cc950:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan
000cc960:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll000cc960:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll
000cc970:·6170·7365·2220·6964·3d22·6964·6d31·3632··apse"·id="idm162000cc970:·6170·7365·2220·6964·3d22·6964·6d31·3632··apse"·id="idm162
000cc980:·3838·223e·3c70·7265·3e3c·636f·6465·3e23··88"><pre><code>#000cc980:·3838·223e·3c70·7265·3e3c·636f·6465·3e23··88"><pre><code>#
000cc990:·2052·656d·6564·6961·7469·6f6e·2069·7320···Remediation·is·000cc990:·2052·656d·6564·6961·7469·6f6e·2069·7320···Remediation·is·
000cc9a0:·6170·706c·6963·6162·6c65·206f·6e6c·7920··applicable·only·000cc9a0:·6170·706c·6963·6162·6c65·206f·6e6c·7920··applicable·only·
000cc9b0:·696e·2063·6572·7461·696e·2070·6c61·7466··in·certain·platf000cc9b0:·696e·2063·6572·7461·696e·2070·6c61·7466··in·certain·platf
000cc9c0:·6f72·6d73·0a69·6620·5b20·2120·2d66·202f··orms.if·[·!·-f·/000cc9c0:·6f72·6d73·0a69·6620·7270·6d20·2d2d·7175··orms.if·rpm·--qu
000cc9d0:·2e64·6f63·6b65·7265·6e76·205d·2026·616d··.dockerenv·]·&am000cc9d0:·6965·7420·2d71·2061·7564·6974·2026·616d··iet·-q·audit·&am
000cc9e0:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/000cc9e0:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/
 000cc9f0:·2e64·6f63·6b65·7265·6e76·205d·2026·616d··.dockerenv·]·&am
 000cca00:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/
000cc9f0:·7275·6e2f·2e63·6f6e·7461·696e·6572·656e··run/.containeren000cca10:·7275·6e2f·2e63·6f6e·7461·696e·6572·656e··run/.containeren
000cca00:·7620·5d20·2661·6d70·3b26·616d·703b·2072··v·]·&amp;&amp;·r 
000cca10:·706d·202d·2d71·7569·6574·202d·7120·6175··pm·--quiet·-q·au 
000cca20:·6469·743b·2074·6865·6e0a·0a23·2046·6972··dit;·then..#·Fir000cca20:·7620·5d3b·2074·6865·6e0a·0a23·2046·6972··v·];·then..#·Fir
000cca30:·7374·2070·6572·666f·726d·2074·6865·2072··st·perform·the·r000cca30:·7374·2070·6572·666f·726d·2074·6865·2072··st·perform·the·r
000cca40:·656d·6564·6961·7469·6f6e·206f·6620·7468··emediation·of·th000cca40:·656d·6564·6961·7469·6f6e·206f·6620·7468··emediation·of·th
Max diff block lines reached; 605454/615037 bytes (98.44%) of diff not shown.
190 KB
html2text {}
    
Offset 39, 15 lines modifiedOffset 39, 15 lines modified
39 ***·CPE·Platforms·***39 ***·CPE·Platforms·***
40 ····*·cpe:/o:fedoraproject:fedora:3540 ····*·cpe:/o:fedoraproject:fedora:35
41 ····*·cpe:/o:fedoraproject:fedora:3641 ····*·cpe:/o:fedoraproject:fedora:36
42 ····*·cpe:/o:fedoraproject:fedora:3742 ····*·cpe:/o:fedoraproject:fedora:37
43 ····*·cpe:/o:fedoraproject:fedora:3843 ····*·cpe:/o:fedoraproject:fedora:38
44 *****·Revision·History·*****44 *****·Revision·History·*****
45 Current·version:·0.1.6545 Current·version:·0.1.65
46 ····*·draft·(as·of·2024-01-14)46 ····*·draft·(as·of·2025-02-15)
47 *****·Table·of·Contents·*****47 *****·Table·of·Contents·*****
48 ···1.·System_Settings48 ···1.·System_Settings
49 ·········1.·Installing_and_Maintaining_Software49 ·········1.·Installing_and_Maintaining_Software
50 ·········2.·Account_and_Access_Control50 ·········2.·Account_and_Access_Control
51 ·········3.·System_Accounting_with_auditd51 ·········3.·System_Accounting_with_auditd
52 ·········4.·GRUB2_bootloader_configuration52 ·········4.·GRUB2_bootloader_configuration
53 ·········5.·Configure_Syslog53 ·········5.·Configure_Syslog
Offset 6714, 16 lines modifiedOffset 6714, 16 lines modified
6714 ··-·reboot_required6714 ··-·reboot_required
6715 ··-·restrict_strategy6715 ··-·restrict_strategy
  
6716 -·name:·Set·architecture·for·audit·chmod·tasks6716 -·name:·Set·architecture·for·audit·chmod·tasks
6717 ··set_fact:6717 ··set_fact:
6718 ····audit_arch:·b646718 ····audit_arch:·b64
6719 ··when:6719 ··when:
6720 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
6721 ··-·'"audit"·in·ansible_facts.packages'6720 ··-·'"audit"·in·ansible_facts.packages'
 6721 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6722 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture6722 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
6723 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"6723 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
6724 ··tags:6724 ··tags:
6725 ··-·CJIS-5.4.1.16725 ··-·CJIS-5.4.1.1
6726 ··-·NIST-800-171-3.1.76726 ··-·NIST-800-171-3.1.7
6727 ··-·NIST-800-53-AU-12(c)6727 ··-·NIST-800-53-AU-12(c)
6728 ··-·NIST-800-53-AU-2(d)6728 ··-·NIST-800-53-AU-2(d)
Offset 6859, 16 lines modifiedOffset 6859, 16 lines modified
6859 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10006859 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
6860 ········-F·auid!=unset·-F·key=perm_mod6860 ········-F·auid!=unset·-F·key=perm_mod
6861 ······create:·true6861 ······create:·true
6862 ······mode:·o-rwx6862 ······mode:·o-rwx
6863 ······state:·present6863 ······state:·present
6864 ····when:·syscalls_found·|·length·==·06864 ····when:·syscalls_found·|·length·==·0
6865 ··when:6865 ··when:
6866 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
6867 ··-·'"audit"·in·ansible_facts.packages'6866 ··-·'"audit"·in·ansible_facts.packages'
 6867 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6868 ··tags:6868 ··tags:
6869 ··-·CJIS-5.4.1.16869 ··-·CJIS-5.4.1.1
6870 ··-·NIST-800-171-3.1.76870 ··-·NIST-800-171-3.1.7
6871 ··-·NIST-800-53-AU-12(c)6871 ··-·NIST-800-53-AU-12(c)
6872 ··-·NIST-800-53-AU-2(d)6872 ··-·NIST-800-53-AU-2(d)
6873 ··-·NIST-800-53-CM-6(a)6873 ··-·NIST-800-53-CM-6(a)
6874 ··-·PCI-DSS-Req-10.5.56874 ··-·PCI-DSS-Req-10.5.5
Offset 7002, 16 lines modifiedOffset 7002, 16 lines modified
7002 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10007002 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
7003 ········-F·auid!=unset·-F·key=perm_mod7003 ········-F·auid!=unset·-F·key=perm_mod
7004 ······create:·true7004 ······create:·true
7005 ······mode:·o-rwx7005 ······mode:·o-rwx
7006 ······state:·present7006 ······state:·present
7007 ····when:·syscalls_found·|·length·==·07007 ····when:·syscalls_found·|·length·==·0
7008 ··when:7008 ··when:
7009 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
7010 ··-·'"audit"·in·ansible_facts.packages'7009 ··-·'"audit"·in·ansible_facts.packages'
 7010 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7011 ··-·audit_arch·==·"b64"7011 ··-·audit_arch·==·"b64"
7012 ··tags:7012 ··tags:
7013 ··-·CJIS-5.4.1.17013 ··-·CJIS-5.4.1.1
7014 ··-·NIST-800-171-3.1.77014 ··-·NIST-800-171-3.1.7
7015 ··-·NIST-800-53-AU-12(c)7015 ··-·NIST-800-53-AU-12(c)
7016 ··-·NIST-800-53-AU-2(d)7016 ··-·NIST-800-53-AU-2(d)
7017 ··-·NIST-800-53-CM-6(a)7017 ··-·NIST-800-53-CM-6(a)
Offset 7020, 15 lines modifiedOffset 7020, 15 lines modified
7020 ··-·low_complexity7020 ··-·low_complexity
7021 ··-·low_disruption7021 ··-·low_disruption
7022 ··-·medium_severity7022 ··-·medium_severity
7023 ··-·reboot_required7023 ··-·reboot_required
7024 ··-·restrict_strategy7024 ··-·restrict_strategy
7025 Remediation_Shell_script_⇲7025 Remediation_Shell_script_⇲
7026 #·Remediation·is·applicable·only·in·certain·platforms7026 #·Remediation·is·applicable·only·in·certain·platforms
7027 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then7027 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
7028 #·First·perform·the·remediation·of·the·syscall·rule7028 #·First·perform·the·remediation·of·the·syscall·rule
7029 #·Retrieve·hardware·architecture·of·the·underlying·system7029 #·Retrieve·hardware·architecture·of·the·underlying·system
7030 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")7030 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
7031 for·ARCH·in·"${RULE_ARCHS[@]}"7031 for·ARCH·in·"${RULE_ARCHS[@]}"
7032 do7032 do
Offset 7388, 16 lines modifiedOffset 7388, 16 lines modified
7388 ··-·reboot_required7388 ··-·reboot_required
7389 ··-·restrict_strategy7389 ··-·restrict_strategy
  
7390 -·name:·Set·architecture·for·audit·chown·tasks7390 -·name:·Set·architecture·for·audit·chown·tasks
7391 ··set_fact:7391 ··set_fact:
7392 ····audit_arch:·b647392 ····audit_arch:·b64
7393 ··when:7393 ··when:
7394 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
7395 ··-·'"audit"·in·ansible_facts.packages'7394 ··-·'"audit"·in·ansible_facts.packages'
 7395 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7396 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture7396 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
7397 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"7397 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
7398 ··tags:7398 ··tags:
7399 ··-·CJIS-5.4.1.17399 ··-·CJIS-5.4.1.1
7400 ··-·NIST-800-171-3.1.77400 ··-·NIST-800-171-3.1.7
7401 ··-·NIST-800-53-AU-12(c)7401 ··-·NIST-800-53-AU-12(c)
7402 ··-·NIST-800-53-AU-2(d)7402 ··-·NIST-800-53-AU-2(d)
Offset 7535, 16 lines modifiedOffset 7535, 16 lines modified
7535 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10007535 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
7536 ········-F·auid!=unset·-F·key=perm_mod7536 ········-F·auid!=unset·-F·key=perm_mod
7537 ······create:·true7537 ······create:·true
7538 ······mode:·o-rwx7538 ······mode:·o-rwx
7539 ······state:·present7539 ······state:·present
7540 ····when:·syscalls_found·|·length·==·07540 ····when:·syscalls_found·|·length·==·0
7541 ··when:7541 ··when:
7542 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
7543 ··-·'"audit"·in·ansible_facts.packages'7542 ··-·'"audit"·in·ansible_facts.packages'
 7543 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7544 ··tags:7544 ··tags:
7545 ··-·CJIS-5.4.1.17545 ··-·CJIS-5.4.1.1
7546 ··-·NIST-800-171-3.1.77546 ··-·NIST-800-171-3.1.7
7547 ··-·NIST-800-53-AU-12(c)7547 ··-·NIST-800-53-AU-12(c)
7548 ··-·NIST-800-53-AU-2(d)7548 ··-·NIST-800-53-AU-2(d)
7549 ··-·NIST-800-53-CM-6(a)7549 ··-·NIST-800-53-CM-6(a)
7550 ··-·PCI-DSS-Req-10.5.57550 ··-·PCI-DSS-Req-10.5.5
Offset 7680, 16 lines modifiedOffset 7680, 16 lines modified
7680 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10007680 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
7681 ········-F·auid!=unset·-F·key=perm_mod7681 ········-F·auid!=unset·-F·key=perm_mod
7682 ······create:·true7682 ······create:·true
7683 ······mode:·o-rwx7683 ······mode:·o-rwx
7684 ······state:·present7684 ······state:·present
Max diff block lines reached; 189534/194220 bytes (97.59%) of diff not shown.
510 KB
./usr/share/doc/ssg-nondebian/ssg-fedora-guide-standard.html
    
Offset 14319, 15 lines modifiedOffset 14319, 15 lines modified
00037ee0:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v00037ee0:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v
00037ef0:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>00037ef0:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>
00037f00:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><00037f00:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><
00037f10:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro00037f10:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro
00037f20:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong00037f20:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong
00037f30:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············00037f30:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············
00037f40:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·20200037f40:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·202
00037f50:·342d·3031·2d31·3429·0a20·2020·2020·2020··4-01-14).·······00037f50:·352d·3032·2d31·3529·0a20·2020·2020·2020··5-02-15).·······
00037f60:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></00037f60:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></
00037f70:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab00037f70:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab
00037f80:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</00037f80:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</
00037f90:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr00037f90:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr
00037fa0:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s00037fa0:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s
00037fb0:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten00037fb0:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten
00037fc0:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">00037fc0:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">
Offset 33607, 22 lines modifiedOffset 33607, 22 lines modified
00083460:·2020·2d20·7265·7374·7269·6374·5f73·7472····-·restrict_str00083460:·2020·2d20·7265·7374·7269·6374·5f73·7472····-·restrict_str
00083470:·6174·6567·790a·0a2d·206e·616d·653a·2053··ategy..-·name:·S00083470:·6174·6567·790a·0a2d·206e·616d·653a·2053··ategy..-·name:·S
00083480:·6574·2061·7263·6869·7465·6374·7572·6520··et·architecture·00083480:·6574·2061·7263·6869·7465·6374·7572·6520··et·architecture·
00083490:·666f·7220·6175·6469·7420·6368·6d6f·6420··for·audit·chmod·00083490:·666f·7220·6175·6469·7420·6368·6d6f·6420··for·audit·chmod·
000834a0:·7461·736b·730a·2020·7365·745f·6661·6374··tasks.··set_fact000834a0:·7461·736b·730a·2020·7365·745f·6661·6374··tasks.··set_fact
000834b0:·3a0a·2020·2020·6175·6469·745f·6172·6368··:.····audit_arch000834b0:·3a0a·2020·2020·6175·6469·745f·6172·6368··:.····audit_arch
000834c0:·3a20·6236·340a·2020·7768·656e·3a0a·2020··:·b64.··when:.··000834c0:·3a20·6236·340a·2020·7768·656e·3a0a·2020··:·b64.··when:.··
000834d0:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua 
000834e0:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no 
000834f0:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",· 
00083500:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz", 
00083510:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont 
00083520:·6169·6e65·7222·5d0a·2020·2d20·2722·6175··ainer"].··-·'"au 
00083530:·6469·7422·2069·6e20·616e·7369·626c·655f··dit"·in·ansible_ 
00083540:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.000834d0:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an
 000834e0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
 000834f0:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl
 00083500:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
 00083510:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
 00083520:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
 00083530:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
 00083540:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].
00083550:·2020·2d20·616e·7369·626c·655f·6172·6368····-·ansible_arch00083550:·2020·2d20·616e·7369·626c·655f·6172·6368····-·ansible_arch
00083560:·6974·6563·7475·7265·203d·3d20·2261·6172··itecture·==·"aar00083560:·6974·6563·7475·7265·203d·3d20·2261·6172··itecture·==·"aar
00083570:·6368·3634·2220·6f72·2061·6e73·6962·6c65··ch64"·or·ansible00083570:·6368·3634·2220·6f72·2061·6e73·6962·6c65··ch64"·or·ansible
00083580:·5f61·7263·6869·7465·6374·7572·6520·3d3d··_architecture·==00083580:·5f61·7263·6869·7465·6374·7572·6520·3d3d··_architecture·==
00083590:·2022·7070·6336·3422·206f·7220·616e·7369···"ppc64"·or·ansi00083590:·2022·7070·6336·3422·206f·7220·616e·7369···"ppc64"·or·ansi
000835a0:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture000835a0:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture
000835b0:·0a20·2020·203d·3d20·2270·7063·3634·6c65··.····==·"ppc64le000835b0:·0a20·2020·203d·3d20·2270·7063·3634·6c65··.····==·"ppc64le
Offset 33928, 23 lines modifiedOffset 33928, 23 lines modified
00084870:·793d·7065·726d·5f6d·6f64·0a20·2020·2020··y=perm_mod.·····00084870:·793d·7065·726d·5f6d·6f64·0a20·2020·2020··y=perm_mod.·····
00084880:·2063·7265·6174·653a·2074·7275·650a·2020···create:·true.··00084880:·2063·7265·6174·653a·2074·7275·650a·2020···create:·true.··
00084890:·2020·2020·6d6f·6465·3a20·6f2d·7277·780a······mode:·o-rwx.00084890:·2020·2020·6d6f·6465·3a20·6f2d·7277·780a······mode:·o-rwx.
000848a0:·2020·2020·2020·7374·6174·653a·2070·7265········state:·pre000848a0:·2020·2020·2020·7374·6174·653a·2070·7265········state:·pre
000848b0:·7365·6e74·0a20·2020·2077·6865·6e3a·2073··sent.····when:·s000848b0:·7365·6e74·0a20·2020·2077·6865·6e3a·2073··sent.····when:·s
000848c0:·7973·6361·6c6c·735f·666f·756e·6420·7c20··yscalls_found·|·000848c0:·7973·6361·6c6c·735f·666f·756e·6420·7c20··yscalls_found·|·
000848d0:·6c65·6e67·7468·203d·3d20·300a·2020·7768··length·==·0.··wh000848d0:·6c65·6e67·7468·203d·3d20·300a·2020·7768··length·==·0.··wh
000848e0:·656e·3a0a·2020·2d20·616e·7369·626c·655f··en:.··-·ansible_ 
000848f0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t 
00084900:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc 
00084910:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op 
00084920:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman", 
00084930:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].·· 
00084940:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an 
00084950:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack000848e0:·656e·3a0a·2020·2d20·2722·6175·6469·7422··en:.··-·'"audit"
 000848f0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 00084900:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·
 00084910:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
 00084920:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
 00084930:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
 00084940:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
 00084950:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
00084960:·6167·6573·270a·2020·7461·6773·3a0a·2020··ages'.··tags:.··00084960:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··
00084970:·2d20·434a·4953·2d35·2e34·2e31·2e31·0a20··-·CJIS-5.4.1.1.·00084970:·2d20·434a·4953·2d35·2e34·2e31·2e31·0a20··-·CJIS-5.4.1.1.·
00084980:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-00084980:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-
00084990:·332e·312e·370a·2020·2d20·4e49·5354·2d38··3.1.7.··-·NIST-800084990:·332e·312e·370a·2020·2d20·4e49·5354·2d38··3.1.7.··-·NIST-8
000849a0:·3030·2d35·332d·4155·2d31·3228·6329·0a20··00-53-AU-12(c).·000849a0:·3030·2d35·332d·4155·2d31·3228·6329·0a20··00-53-AU-12(c).·
000849b0:·202d·204e·4953·542d·3830·302d·3533·2d41···-·NIST-800-53-A000849b0:·202d·204e·4953·542d·3830·302d·3533·2d41···-·NIST-800-53-A
000849c0:·552d·3228·6429·0a20·202d·204e·4953·542d··U-2(d).··-·NIST-000849c0:·552d·3228·6429·0a20·202d·204e·4953·542d··U-2(d).··-·NIST-
000849d0:·3830·302d·3533·2d43·4d2d·3628·6129·0a20··800-53-CM-6(a).·000849d0:·3830·302d·3533·2d43·4d2d·3628·6129·0a20··800-53-CM-6(a).·
Offset 34238, 23 lines modifiedOffset 34238, 23 lines modified
00085bd0:·6572·6d5f·6d6f·640a·2020·2020·2020·6372··erm_mod.······cr00085bd0:·6572·6d5f·6d6f·640a·2020·2020·2020·6372··erm_mod.······cr
00085be0:·6561·7465·3a20·7472·7565·0a20·2020·2020··eate:·true.·····00085be0:·6561·7465·3a20·7472·7565·0a20·2020·2020··eate:·true.·····
00085bf0:·206d·6f64·653a·206f·2d72·7778·0a20·2020···mode:·o-rwx.···00085bf0:·206d·6f64·653a·206f·2d72·7778·0a20·2020···mode:·o-rwx.···
00085c00:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen00085c00:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen
00085c10:·740a·2020·2020·7768·656e·3a20·7379·7363··t.····when:·sysc00085c10:·740a·2020·2020·7768·656e·3a20·7379·7363··t.····when:·sysc
00085c20:·616c·6c73·5f66·6f75·6e64·207c·206c·656e··alls_found·|·len00085c20:·616c·6c73·5f66·6f75·6e64·207c·206c·656e··alls_found·|·len
00085c30:·6774·6820·3d3d·2030·0a20·2077·6865·6e3a··gth·==·0.··when:00085c30:·6774·6820·3d3d·2030·0a20·2077·6865·6e3a··gth·==·0.··when:
00085c40:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir 
00085c50:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type 
00085c60:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker 
00085c70:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv 
00085c80:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c 
00085c90:·6f6e·7461·696e·6572·225d·0a20·202d·2027··ontainer"].··-·' 
00085ca0:·2261·7564·6974·2220·696e·2061·6e73·6962··"audit"·in·ansib 
00085cb0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package00085c40:·0a20·202d·2027·2261·7564·6974·2220·696e··.··-·'"audit"·in
 00085c50:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p
 00085c60:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans
 00085c70:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
 00085c80:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
 00085c90:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
 00085ca0:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
 00085cb0:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
00085cc0:·7327·0a20·202d·2061·7564·6974·5f61·7263··s'.··-·audit_arc00085cc0:·225d·0a20·202d·2061·7564·6974·5f61·7263··"].··-·audit_arc
00085cd0:·6820·3d3d·2022·6236·3422·0a20·2074·6167··h·==·"b64".··tag00085cd0:·6820·3d3d·2022·6236·3422·0a20·2074·6167··h·==·"b64".··tag
00085ce0:·733a·0a20·202d·2043·4a49·532d·352e·342e··s:.··-·CJIS-5.4.00085ce0:·733a·0a20·202d·2043·4a49·532d·352e·342e··s:.··-·CJIS-5.4.
00085cf0:·312e·310a·2020·2d20·4e49·5354·2d38·3030··1.1.··-·NIST-80000085cf0:·312e·310a·2020·2d20·4e49·5354·2d38·3030··1.1.··-·NIST-800
00085d00:·2d31·3731·2d33·2e31·2e37·0a20·202d·204e··-171-3.1.7.··-·N00085d00:·2d31·3731·2d33·2e31·2e37·0a20·202d·204e··-171-3.1.7.··-·N
00085d10:·4953·542d·3830·302d·3533·2d41·552d·3132··IST-800-53-AU-1200085d10:·4953·542d·3830·302d·3533·2d41·552d·3132··IST-800-53-AU-12
00085d20:·2863·290a·2020·2d20·4e49·5354·2d38·3030··(c).··-·NIST-80000085d20:·2863·290a·2020·2d20·4e49·5354·2d38·3030··(c).··-·NIST-800
00085d30:·2d35·332d·4155·2d32·2864·290a·2020·2d20··-53-AU-2(d).··-·00085d30:·2d35·332d·4155·2d32·2864·290a·2020·2d20··-53-AU-2(d).··-·
Offset 34286, 20 lines modifiedOffset 34286, 20 lines modified
00085ed0:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c00085ed0:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
00085ee0:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse00085ee0:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
00085ef0:·2220·6964·3d22·6964·6d31·3632·3838·223e··"·id="idm16288">00085ef0:·2220·6964·3d22·6964·6d31·3632·3838·223e··"·id="idm16288">
00085f00:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem00085f00:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem
00085f10:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl00085f10:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl
00085f20:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c00085f20:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c
00085f30:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms00085f30:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms
 00085f40:·0a69·6620·7270·6d20·2d2d·7175·6965·7420··.if·rpm·--quiet·
 00085f50:·2d71·2061·7564·6974·2026·616d·703b·2661··-q·audit·&amp;&a
00085f40:·0a69·6620·5b20·2120·2d66·202f·2e64·6f63··.if·[·!·-f·/.doc00085f60:·6d70·3b20·5b20·2120·2d66·202f·2e64·6f63··mp;·[·!·-f·/.doc
00085f50:·6b65·7265·6e76·205d·2026·616d·703b·2661··kerenv·]·&amp;&a00085f70:·6b65·7265·6e76·205d·2026·616d·703b·2661··kerenv·]·&amp;&a
00085f60:·6d70·3b20·5b20·2120·2d66·202f·7275·6e2f··mp;·[·!·-f·/run/00085f80:·6d70·3b20·5b20·2120·2d66·202f·7275·6e2f··mp;·[·!·-f·/run/
00085f70:·2e63·6f6e·7461·696e·6572·656e·7620·5d20··.containerenv·]·00085f90:·2e63·6f6e·7461·696e·6572·656e·7620·5d3b··.containerenv·];
00085f80:·2661·6d70·3b26·616d·703b·2072·706d·202d··&amp;&amp;·rpm·- 
00085f90:·2d71·7569·6574·202d·7120·6175·6469·743b··-quiet·-q·audit; 
00085fa0:·2074·6865·6e0a·0a23·2046·6972·7374·2070···then..#·First·p00085fa0:·2074·6865·6e0a·0a23·2046·6972·7374·2070···then..#·First·p
00085fb0:·6572·666f·726d·2074·6865·2072·656d·6564··erform·the·remed00085fb0:·6572·666f·726d·2074·6865·2072·656d·6564··erform·the·remed
00085fc0:·6961·7469·6f6e·206f·6620·7468·6520·7379··iation·of·the·sy00085fc0:·6961·7469·6f6e·206f·6620·7468·6520·7379··iation·of·the·sy
00085fd0:·7363·616c·6c20·7275·6c65·0a23·2052·6574··scall·rule.#·Ret00085fd0:·7363·616c·6c20·7275·6c65·0a23·2052·6574··scall·rule.#·Ret
Max diff block lines reached; 389013/398389 bytes (97.65%) of diff not shown.
121 KB
html2text {}
    
Offset 40, 15 lines modifiedOffset 40, 15 lines modified
40 ***·CPE·Platforms·***40 ***·CPE·Platforms·***
41 ····*·cpe:/o:fedoraproject:fedora:3541 ····*·cpe:/o:fedoraproject:fedora:35
42 ····*·cpe:/o:fedoraproject:fedora:3642 ····*·cpe:/o:fedoraproject:fedora:36
43 ····*·cpe:/o:fedoraproject:fedora:3743 ····*·cpe:/o:fedoraproject:fedora:37
44 ····*·cpe:/o:fedoraproject:fedora:3844 ····*·cpe:/o:fedoraproject:fedora:38
45 *****·Revision·History·*****45 *****·Revision·History·*****
46 Current·version:·0.1.6546 Current·version:·0.1.65
47 ····*·draft·(as·of·2024-01-14)47 ····*·draft·(as·of·2025-02-15)
48 *****·Table·of·Contents·*****48 *****·Table·of·Contents·*****
49 ···1.·System_Settings49 ···1.·System_Settings
50 ·········1.·Installing_and_Maintaining_Software50 ·········1.·Installing_and_Maintaining_Software
51 ·········2.·Account_and_Access_Control51 ·········2.·Account_and_Access_Control
52 ·········3.·System_Accounting_with_auditd52 ·········3.·System_Accounting_with_auditd
53 ·········4.·Network_Configuration_and_Firewalls53 ·········4.·Network_Configuration_and_Firewalls
54 ·········5.·File_Permissions_and_Masks54 ·········5.·File_Permissions_and_Masks
Offset 2327, 16 lines modifiedOffset 2327, 16 lines modified
2327 ··-·reboot_required2327 ··-·reboot_required
2328 ··-·restrict_strategy2328 ··-·restrict_strategy
  
2329 -·name:·Set·architecture·for·audit·chmod·tasks2329 -·name:·Set·architecture·for·audit·chmod·tasks
2330 ··set_fact:2330 ··set_fact:
2331 ····audit_arch:·b642331 ····audit_arch:·b64
2332 ··when:2332 ··when:
2333 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2334 ··-·'"audit"·in·ansible_facts.packages'2333 ··-·'"audit"·in·ansible_facts.packages'
 2334 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2335 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture2335 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
2336 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"2336 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
2337 ··tags:2337 ··tags:
2338 ··-·CJIS-5.4.1.12338 ··-·CJIS-5.4.1.1
2339 ··-·NIST-800-171-3.1.72339 ··-·NIST-800-171-3.1.7
2340 ··-·NIST-800-53-AU-12(c)2340 ··-·NIST-800-53-AU-12(c)
2341 ··-·NIST-800-53-AU-2(d)2341 ··-·NIST-800-53-AU-2(d)
Offset 2472, 16 lines modifiedOffset 2472, 16 lines modified
2472 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002472 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2473 ········-F·auid!=unset·-F·key=perm_mod2473 ········-F·auid!=unset·-F·key=perm_mod
2474 ······create:·true2474 ······create:·true
2475 ······mode:·o-rwx2475 ······mode:·o-rwx
2476 ······state:·present2476 ······state:·present
2477 ····when:·syscalls_found·|·length·==·02477 ····when:·syscalls_found·|·length·==·0
2478 ··when:2478 ··when:
2479 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2480 ··-·'"audit"·in·ansible_facts.packages'2479 ··-·'"audit"·in·ansible_facts.packages'
 2480 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2481 ··tags:2481 ··tags:
2482 ··-·CJIS-5.4.1.12482 ··-·CJIS-5.4.1.1
2483 ··-·NIST-800-171-3.1.72483 ··-·NIST-800-171-3.1.7
2484 ··-·NIST-800-53-AU-12(c)2484 ··-·NIST-800-53-AU-12(c)
2485 ··-·NIST-800-53-AU-2(d)2485 ··-·NIST-800-53-AU-2(d)
2486 ··-·NIST-800-53-CM-6(a)2486 ··-·NIST-800-53-CM-6(a)
2487 ··-·PCI-DSS-Req-10.5.52487 ··-·PCI-DSS-Req-10.5.5
Offset 2615, 16 lines modifiedOffset 2615, 16 lines modified
2615 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002615 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2616 ········-F·auid!=unset·-F·key=perm_mod2616 ········-F·auid!=unset·-F·key=perm_mod
2617 ······create:·true2617 ······create:·true
2618 ······mode:·o-rwx2618 ······mode:·o-rwx
2619 ······state:·present2619 ······state:·present
2620 ····when:·syscalls_found·|·length·==·02620 ····when:·syscalls_found·|·length·==·0
2621 ··when:2621 ··when:
2622 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2623 ··-·'"audit"·in·ansible_facts.packages'2622 ··-·'"audit"·in·ansible_facts.packages'
 2623 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2624 ··-·audit_arch·==·"b64"2624 ··-·audit_arch·==·"b64"
2625 ··tags:2625 ··tags:
2626 ··-·CJIS-5.4.1.12626 ··-·CJIS-5.4.1.1
2627 ··-·NIST-800-171-3.1.72627 ··-·NIST-800-171-3.1.7
2628 ··-·NIST-800-53-AU-12(c)2628 ··-·NIST-800-53-AU-12(c)
2629 ··-·NIST-800-53-AU-2(d)2629 ··-·NIST-800-53-AU-2(d)
2630 ··-·NIST-800-53-CM-6(a)2630 ··-·NIST-800-53-CM-6(a)
Offset 2633, 15 lines modifiedOffset 2633, 15 lines modified
2633 ··-·low_complexity2633 ··-·low_complexity
2634 ··-·low_disruption2634 ··-·low_disruption
2635 ··-·medium_severity2635 ··-·medium_severity
2636 ··-·reboot_required2636 ··-·reboot_required
2637 ··-·restrict_strategy2637 ··-·restrict_strategy
2638 Remediation_Shell_script_⇲2638 Remediation_Shell_script_⇲
2639 #·Remediation·is·applicable·only·in·certain·platforms2639 #·Remediation·is·applicable·only·in·certain·platforms
2640 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then2640 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
2641 #·First·perform·the·remediation·of·the·syscall·rule2641 #·First·perform·the·remediation·of·the·syscall·rule
2642 #·Retrieve·hardware·architecture·of·the·underlying·system2642 #·Retrieve·hardware·architecture·of·the·underlying·system
2643 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")2643 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
2644 for·ARCH·in·"${RULE_ARCHS[@]}"2644 for·ARCH·in·"${RULE_ARCHS[@]}"
2645 do2645 do
Offset 3001, 16 lines modifiedOffset 3001, 16 lines modified
3001 ··-·reboot_required3001 ··-·reboot_required
3002 ··-·restrict_strategy3002 ··-·restrict_strategy
  
3003 -·name:·Set·architecture·for·audit·chown·tasks3003 -·name:·Set·architecture·for·audit·chown·tasks
3004 ··set_fact:3004 ··set_fact:
3005 ····audit_arch:·b643005 ····audit_arch:·b64
3006 ··when:3006 ··when:
3007 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3008 ··-·'"audit"·in·ansible_facts.packages'3007 ··-·'"audit"·in·ansible_facts.packages'
 3008 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3009 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture3009 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
3010 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"3010 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
3011 ··tags:3011 ··tags:
3012 ··-·CJIS-5.4.1.13012 ··-·CJIS-5.4.1.1
3013 ··-·NIST-800-171-3.1.73013 ··-·NIST-800-171-3.1.7
3014 ··-·NIST-800-53-AU-12(c)3014 ··-·NIST-800-53-AU-12(c)
3015 ··-·NIST-800-53-AU-2(d)3015 ··-·NIST-800-53-AU-2(d)
Offset 3148, 16 lines modifiedOffset 3148, 16 lines modified
3148 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10003148 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
3149 ········-F·auid!=unset·-F·key=perm_mod3149 ········-F·auid!=unset·-F·key=perm_mod
3150 ······create:·true3150 ······create:·true
3151 ······mode:·o-rwx3151 ······mode:·o-rwx
3152 ······state:·present3152 ······state:·present
3153 ····when:·syscalls_found·|·length·==·03153 ····when:·syscalls_found·|·length·==·0
3154 ··when:3154 ··when:
3155 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3156 ··-·'"audit"·in·ansible_facts.packages'3155 ··-·'"audit"·in·ansible_facts.packages'
 3156 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3157 ··tags:3157 ··tags:
3158 ··-·CJIS-5.4.1.13158 ··-·CJIS-5.4.1.1
3159 ··-·NIST-800-171-3.1.73159 ··-·NIST-800-171-3.1.7
3160 ··-·NIST-800-53-AU-12(c)3160 ··-·NIST-800-53-AU-12(c)
3161 ··-·NIST-800-53-AU-2(d)3161 ··-·NIST-800-53-AU-2(d)
3162 ··-·NIST-800-53-CM-6(a)3162 ··-·NIST-800-53-CM-6(a)
3163 ··-·PCI-DSS-Req-10.5.53163 ··-·PCI-DSS-Req-10.5.5
Offset 3293, 16 lines modifiedOffset 3293, 16 lines modified
3293 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10003293 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
3294 ········-F·auid!=unset·-F·key=perm_mod3294 ········-F·auid!=unset·-F·key=perm_mod
3295 ······create:·true3295 ······create:·true
3296 ······mode:·o-rwx3296 ······mode:·o-rwx
3297 ······state:·present3297 ······state:·present
Max diff block lines reached; 119384/124085 bytes (96.21%) of diff not shown.
1.89 KB
./usr/share/doc/ssg-nondebian/ssg-macos1015-guide-moderate.html
    
Offset 14332, 15 lines modifiedOffset 14332, 15 lines modified
00037fb0:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C00037fb0:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C
00037fc0:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·00037fc0:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·
00037fd0:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</00037fd0:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</
00037fe0:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><00037fe0:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><
00037ff0:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft00037ff0:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft
00038000:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······00038000:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······
00038010:·2020·2020·2020·2020·2020·2020·2020·2861················(a00038010:·2020·2020·2020·2020·2020·2020·2020·2861················(a
00038020:·7320·6f66·2032·3032·342d·3031·2d31·3429··s·of·2024-01-14)00038020:·7320·6f66·2032·3032·352d·3032·2d31·3529··s·of·2025-02-15)
00038030:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············00038030:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············
00038040:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div00038040:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div
00038050:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co00038050:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co
00038060:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><00038060:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><
00038070:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc00038070:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc
00038080:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec00038080:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec
00038090:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_00038090:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_
675 B
html2text {}
    
Offset 53, 15 lines modifiedOffset 53, 15 lines modified
53 Profile·Title·NIST·800-53·Moderate-Impact·Baseline·for·Apple·macOS·10.1553 Profile·Title·NIST·800-53·Moderate-Impact·Baseline·for·Apple·macOS·10.15
54 ··············Catalina54 ··············Catalina
55 Profile·ID····xccdf_org.ssgproject.content_profile_moderate55 Profile·ID····xccdf_org.ssgproject.content_profile_moderate
56 ***·CPE·Platforms·***56 ***·CPE·Platforms·***
57 ····*·cpe:/o:apple:macos:10.1557 ····*·cpe:/o:apple:macos:10.15
58 *****·Revision·History·*****58 *****·Revision·History·*****
59 Current·version:·0.1.6559 Current·version:·0.1.65
60 ····*·draft·(as·of·2024-01-14)60 ····*·draft·(as·of·2025-02-15)
61 *****·Table·of·Contents·*****61 *****·Table·of·Contents·*****
62 ···1.·System_Accounting_with_audit62 ···1.·System_Accounting_with_audit
63 ·········1.·Configure_auditd63 ·········1.·Configure_auditd
64 *****·Checklist·*****64 *****·Checklist·*****
65 Group  ·Guide·to·the·Secure·Configuration·of·Apple·macOS·10.15·  Group·contains·2·groups65 Group  ·Guide·to·the·Secure·Configuration·of·Apple·macOS·10.15·  Group·contains·2·groups
66 and·2·rules66 and·2·rules
67 Group  ·System·Accounting·with·audit·  Group·contains·1·group·and·2·rules67 Group  ·System·Accounting·with·audit·  Group·contains·1·group·and·2·rules
2.02 KB
./usr/share/doc/ssg-nondebian/ssg-ocp4-guide-cis-node.html
    
Offset 14624, 16 lines modifiedOffset 14624, 16 lines modified
000391f0:·6973·696f·6e20·4869·7374·6f72·793c·2f68··ision·History</h000391f0:·6973·696f·6e20·4869·7374·6f72·793c·2f68··ision·History</h
00039200:·323e·3c70·3e43·7572·7265·6e74·2076·6572··2><p>Current·ver00039200:·323e·3c70·3e43·7572·7265·6e74·2076·6572··2><p>Current·ver
00039210:·7369·6f6e·3a20·3c73·7472·6f6e·673e·302e··sion:·<strong>0.00039210:·7369·6f6e·3a20·3c73·7472·6f6e·673e·302e··sion:·<strong>0.
00039220:·312e·3635·3c2f·7374·726f·6e67·3e3c·2f70··1.65</strong></p00039220:·312e·3635·3c2f·7374·726f·6e67·3e3c·2f70··1.65</strong></p
00039230:·3e3c·756c·3e3c·6c69·3e3c·7374·726f·6e67··><ul><li><strong00039230:·3e3c·756c·3e3c·6c69·3e3c·7374·726f·6e67··><ul><li><strong
00039240:·3e64·7261·6674·3c2f·7374·726f·6e67·3e0a··>draft</strong>.00039240:·3e64·7261·6674·3c2f·7374·726f·6e67·3e0a··>draft</strong>.
00039250:·2020·2020·2020·2020·2020·2020·2020·2020··················00039250:·2020·2020·2020·2020·2020·2020·2020·2020··················
00039260:·2020·2020·2861·7320·6f66·2032·3032·342d······(as·of·2024-00039260:·2020·2020·2861·7320·6f66·2032·3032·352d······(as·of·2025-
00039270:·3031·2d31·3429·0a20·2020·2020·2020·2020··01-14).·········00039270:·3032·2d31·3529·0a20·2020·2020·2020·2020··02-15).·········
00039280:·2020·2020·2020·203c·2f6c·693e·3c2f·756c·········</li></ul00039280:·2020·2020·2020·203c·2f6c·693e·3c2f·756c·········</li></ul
00039290:·3e3c·2f64·6976·3e3c·6832·3e54·6162·6c65··></div><h2>Table00039290:·3e3c·2f64·6976·3e3c·6832·3e54·6162·6c65··></div><h2>Table
000392a0:·206f·6620·436f·6e74·656e·7473·3c2f·6832···of·Contents</h2000392a0:·206f·6620·436f·6e74·656e·7473·3c2f·6832···of·Contents</h2
000392b0:·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872·6566··><ol><li><a·href000392b0:·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872·6566··><ol><li><a·href
000392c0:·3d22·2378·6363·6466·5f6f·7267·2e73·7367··="#xccdf_org.ssg000392c0:·3d22·2378·6363·6466·5f6f·7267·2e73·7367··="#xccdf_org.ssg
000392d0:·7072·6f6a·6563·742e·636f·6e74·656e·745f··project.content_000392d0:·7072·6f6a·6563·742e·636f·6e74·656e·745f··project.content_
000392e0:·6772·6f75·705f·6f70·656e·7368·6966·7422··group_openshift"000392e0:·6772·6f75·705f·6f70·656e·7368·6966·7422··group_openshift"
685 B
html2text {}
    
Offset 65, 15 lines modifiedOffset 65, 15 lines modified
65 ····*·cpe:/a:redhat:openshift_container_platform:4.665 ····*·cpe:/a:redhat:openshift_container_platform:4.6
66 ····*·cpe:/a:redhat:openshift_container_platform:4.766 ····*·cpe:/a:redhat:openshift_container_platform:4.7
67 ····*·cpe:/a:redhat:openshift_container_platform:4.867 ····*·cpe:/a:redhat:openshift_container_platform:4.8
68 ····*·cpe:/a:redhat:openshift_container_platform:4.968 ····*·cpe:/a:redhat:openshift_container_platform:4.9
69 ····*·cpe:/a:redhat:openshift_container_platform:4.169 ····*·cpe:/a:redhat:openshift_container_platform:4.1
70 *****·Revision·History·*****70 *****·Revision·History·*****
71 Current·version:·0.1.6571 Current·version:·0.1.65
72 ····*·draft·(as·of·2024-01-14)72 ····*·draft·(as·of·2025-02-15)
73 *****·Table·of·Contents·*****73 *****·Table·of·Contents·*****
74 ···1.·Kubernetes_Settings74 ···1.·Kubernetes_Settings
75 ·········1.·OpenShift_etcd_Settings75 ·········1.·OpenShift_etcd_Settings
76 ·········2.·Kubernetes_Kubelet_Settings76 ·········2.·Kubernetes_Kubelet_Settings
77 ·········3.·OpenShift_-_Master_Node_Settings77 ·········3.·OpenShift_-_Master_Node_Settings
78 ·········4.·Kubernetes_-_Worker_Node_Settings78 ·········4.·Kubernetes_-_Worker_Node_Settings
79 *****·Checklist·*****79 *****·Checklist·*****
1.88 KB
./usr/share/doc/ssg-nondebian/ssg-ocp4-guide-cis.html
    
Offset 14624, 15 lines modifiedOffset 14624, 15 lines modified
000391f0:·3c2f·6832·3e3c·703e·4375·7272·656e·7420··</h2><p>Current·000391f0:·3c2f·6832·3e3c·703e·4375·7272·656e·7420··</h2><p>Current·
00039200:·7665·7273·696f·6e3a·203c·7374·726f·6e67··version:·<strong00039200:·7665·7273·696f·6e3a·203c·7374·726f·6e67··version:·<strong
00039210:·3e30·2e31·2e36·353c·2f73·7472·6f6e·673e··>0.1.65</strong>00039210:·3e30·2e31·2e36·353c·2f73·7472·6f6e·673e··>0.1.65</strong>
00039220:·3c2f·703e·3c75·6c3e·3c6c·693e·3c73·7472··</p><ul><li><str00039220:·3c2f·703e·3c75·6c3e·3c6c·693e·3c73·7472··</p><ul><li><str
00039230:·6f6e·673e·6472·6166·743c·2f73·7472·6f6e··ong>draft</stron00039230:·6f6e·673e·6472·6166·743c·2f73·7472·6f6e··ong>draft</stron
00039240:·673e·0a20·2020·2020·2020·2020·2020·2020··g>.·············00039240:·673e·0a20·2020·2020·2020·2020·2020·2020··g>.·············
00039250:·2020·2020·2020·2028·6173·206f·6620·3230·········(as·of·2000039250:·2020·2020·2020·2028·6173·206f·6620·3230·········(as·of·20
00039260:·3234·2d30·312d·3134·290a·2020·2020·2020··24-01-14).······00039260:·3235·2d30·322d·3135·290a·2020·2020·2020··25-02-15).······
00039270:·2020·2020·2020·2020·2020·3c2f·6c69·3e3c············</li><00039270:·2020·2020·2020·2020·2020·3c2f·6c69·3e3c············</li><
00039280:·2f75·6c3e·3c2f·6469·763e·3c68·323e·5461··/ul></div><h2>Ta00039280:·2f75·6c3e·3c2f·6469·763e·3c68·323e·5461··/ul></div><h2>Ta
00039290:·626c·6520·6f66·2043·6f6e·7465·6e74·733c··ble·of·Contents<00039290:·626c·6520·6f66·2043·6f6e·7465·6e74·733c··ble·of·Contents<
000392a0:·2f68·323e·3c6f·6c3e·3c6c·693e·3c61·2068··/h2><ol><li><a·h000392a0:·2f68·323e·3c6f·6c3e·3c6c·693e·3c61·2068··/h2><ol><li><a·h
000392b0:·7265·663d·2223·7863·6364·665f·6f72·672e··ref="#xccdf_org.000392b0:·7265·663d·2223·7863·6364·665f·6f72·672e··ref="#xccdf_org.
000392c0:·7373·6770·726f·6a65·6374·2e63·6f6e·7465··ssgproject.conte000392c0:·7373·6770·726f·6a65·6374·2e63·6f6e·7465··ssgproject.conte
000392d0:·6e74·5f67·726f·7570·5f6f·7065·6e73·6869··nt_group_openshi000392d0:·6e74·5f67·726f·7570·5f6f·7065·6e73·6869··nt_group_openshi
691 B
html2text {}
    
Offset 65, 15 lines modifiedOffset 65, 15 lines modified
65 ····*·cpe:/a:redhat:openshift_container_platform:4.665 ····*·cpe:/a:redhat:openshift_container_platform:4.6
66 ····*·cpe:/a:redhat:openshift_container_platform:4.766 ····*·cpe:/a:redhat:openshift_container_platform:4.7
67 ····*·cpe:/a:redhat:openshift_container_platform:4.867 ····*·cpe:/a:redhat:openshift_container_platform:4.8
68 ····*·cpe:/a:redhat:openshift_container_platform:4.968 ····*·cpe:/a:redhat:openshift_container_platform:4.9
69 ····*·cpe:/a:redhat:openshift_container_platform:4.169 ····*·cpe:/a:redhat:openshift_container_platform:4.1
70 *****·Revision·History·*****70 *****·Revision·History·*****
71 Current·version:·0.1.6571 Current·version:·0.1.65
72 ····*·draft·(as·of·2024-01-14)72 ····*·draft·(as·of·2025-02-15)
73 *****·Table·of·Contents·*****73 *****·Table·of·Contents·*****
74 ···1.·Kubernetes_Settings74 ···1.·Kubernetes_Settings
75 ·········1.·Kubernetes_-_Account_and_Access_Control75 ·········1.·Kubernetes_-_Account_and_Access_Control
76 ·········2.·OpenShift_Kube_API_Server76 ·········2.·OpenShift_Kube_API_Server
77 ·········3.·Authentication77 ·········3.·Authentication
78 ·········4.·OpenShift_Controller_Settings78 ·········4.·OpenShift_Controller_Settings
79 ·········5.·OpenShift_etcd_Settings79 ·········5.·OpenShift_etcd_Settings
1.89 KB
./usr/share/doc/ssg-nondebian/ssg-ocp4-guide-e8.html
    
Offset 14618, 15 lines modifiedOffset 14618, 15 lines modified
00039190:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v00039190:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v
000391a0:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>000391a0:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>
000391b0:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><000391b0:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><
000391c0:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro000391c0:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro
000391d0:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong000391d0:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong
000391e0:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············000391e0:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············
000391f0:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·202000391f0:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·202
00039200:·342d·3031·2d31·3429·0a20·2020·2020·2020··4-01-14).·······00039200:·352d·3032·2d31·3529·0a20·2020·2020·2020··5-02-15).·······
00039210:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></00039210:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></
00039220:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab00039220:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab
00039230:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</00039230:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</
00039240:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr00039240:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr
00039250:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s00039250:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s
00039260:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten00039260:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten
00039270:·745f·6772·6f75·705f·6f70·656e·7368·6966··t_group_openshif00039270:·745f·6772·6f75·705f·6f70·656e·7368·6966··t_group_openshif
703 B
html2text {}
    
Offset 64, 15 lines modifiedOffset 64, 15 lines modified
64 ····*·cpe:/a:redhat:openshift_container_platform:4.664 ····*·cpe:/a:redhat:openshift_container_platform:4.6
65 ····*·cpe:/a:redhat:openshift_container_platform:4.765 ····*·cpe:/a:redhat:openshift_container_platform:4.7
66 ····*·cpe:/a:redhat:openshift_container_platform:4.866 ····*·cpe:/a:redhat:openshift_container_platform:4.8
67 ····*·cpe:/a:redhat:openshift_container_platform:4.967 ····*·cpe:/a:redhat:openshift_container_platform:4.9
68 ····*·cpe:/a:redhat:openshift_container_platform:4.168 ····*·cpe:/a:redhat:openshift_container_platform:4.1
69 *****·Revision·History·*****69 *****·Revision·History·*****
70 Current·version:·0.1.6570 Current·version:·0.1.65
71 ····*·draft·(as·of·2024-01-14)71 ····*·draft·(as·of·2025-02-15)
72 *****·Table·of·Contents·*****72 *****·Table·of·Contents·*****
73 ···1.·Kubernetes_Settings73 ···1.·Kubernetes_Settings
74 ·········1.·OpenShift_Kube_API_Server74 ·········1.·OpenShift_Kube_API_Server
75 ·········2.·Authentication75 ·········2.·Authentication
76 ·········3.·Kubernetes_-_General_Security_Practices76 ·········3.·Kubernetes_-_General_Security_Practices
77 ·········4.·Role-based_Acess_Control77 ·········4.·Role-based_Acess_Control
78 ·········5.·Kubernetes_-_Registry_Security_Practices78 ·········5.·Kubernetes_-_Registry_Security_Practices
2.04 KB
./usr/share/doc/ssg-nondebian/ssg-ocp4-guide-high-node.html
    
Offset 14670, 16 lines modifiedOffset 14670, 16 lines modified
000394d0:·6f6e·2048·6973·746f·7279·3c2f·6832·3e3c··on·History</h2><000394d0:·6f6e·2048·6973·746f·7279·3c2f·6832·3e3c··on·History</h2><
000394e0:·703e·4375·7272·656e·7420·7665·7273·696f··p>Current·versio000394e0:·703e·4375·7272·656e·7420·7665·7273·696f··p>Current·versio
000394f0:·6e3a·203c·7374·726f·6e67·3e30·2e31·2e36··n:·<strong>0.1.6000394f0:·6e3a·203c·7374·726f·6e67·3e30·2e31·2e36··n:·<strong>0.1.6
00039500:·353c·2f73·7472·6f6e·673e·3c2f·703e·3c75··5</strong></p><u00039500:·353c·2f73·7472·6f6e·673e·3c2f·703e·3c75··5</strong></p><u
00039510:·6c3e·3c6c·693e·3c73·7472·6f6e·673e·6472··l><li><strong>dr00039510:·6c3e·3c6c·693e·3c73·7472·6f6e·673e·6472··l><li><strong>dr
00039520:·6166·743c·2f73·7472·6f6e·673e·0a20·2020··aft</strong>.···00039520:·6166·743c·2f73·7472·6f6e·673e·0a20·2020··aft</strong>.···
00039530:·2020·2020·2020·2020·2020·2020·2020·2020··················00039530:·2020·2020·2020·2020·2020·2020·2020·2020··················
00039540:·2028·6173·206f·6620·3230·3234·2d30·312d···(as·of·2024-01-00039540:·2028·6173·206f·6620·3230·3235·2d30·322d···(as·of·2025-02-
00039550:·3134·290a·2020·2020·2020·2020·2020·2020··14).············00039550:·3135·290a·2020·2020·2020·2020·2020·2020··15).············
00039560:·2020·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f······</li></ul></00039560:·2020·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f······</li></ul></
00039570:·6469·763e·3c68·323e·5461·626c·6520·6f66··div><h2>Table·of00039570:·6469·763e·3c68·323e·5461·626c·6520·6f66··div><h2>Table·of
00039580:·2043·6f6e·7465·6e74·733c·2f68·323e·3c6f···Contents</h2><o00039580:·2043·6f6e·7465·6e74·733c·2f68·323e·3c6f···Contents</h2><o
00039590:·6c3e·3c6c·693e·3c61·2068·7265·663d·2223··l><li><a·href="#00039590:·6c3e·3c6c·693e·3c61·2068·7265·663d·2223··l><li><a·href="#
000395a0:·7863·6364·665f·6f72·672e·7373·6770·726f··xccdf_org.ssgpro000395a0:·7863·6364·665f·6f72·672e·7373·6770·726f··xccdf_org.ssgpro
000395b0:·6a65·6374·2e63·6f6e·7465·6e74·5f67·726f··ject.content_gro000395b0:·6a65·6374·2e63·6f6e·7465·6e74·5f67·726f··ject.content_gro
000395c0:·7570·5f6f·7065·6e73·6869·6674·223e·4b75··up_openshift">Ku000395c0:·7570·5f6f·7065·6e73·6869·6674·223e·4b75··up_openshift">Ku
700 B
html2text {}
    
Offset 78, 15 lines modifiedOffset 78, 15 lines modified
78 ····*·cpe:/a:redhat:openshift_container_platform:4.678 ····*·cpe:/a:redhat:openshift_container_platform:4.6
79 ····*·cpe:/a:redhat:openshift_container_platform:4.779 ····*·cpe:/a:redhat:openshift_container_platform:4.7
80 ····*·cpe:/a:redhat:openshift_container_platform:4.880 ····*·cpe:/a:redhat:openshift_container_platform:4.8
81 ····*·cpe:/a:redhat:openshift_container_platform:4.981 ····*·cpe:/a:redhat:openshift_container_platform:4.9
82 ····*·cpe:/a:redhat:openshift_container_platform:4.182 ····*·cpe:/a:redhat:openshift_container_platform:4.1
83 *****·Revision·History·*****83 *****·Revision·History·*****
84 Current·version:·0.1.6584 Current·version:·0.1.65
85 ····*·draft·(as·of·2024-01-14)85 ····*·draft·(as·of·2025-02-15)
86 *****·Table·of·Contents·*****86 *****·Table·of·Contents·*****
87 ···1.·Kubernetes_Settings87 ···1.·Kubernetes_Settings
88 ·········1.·System_and_Software_Integrity88 ·········1.·System_and_Software_Integrity
89 ·········2.·OpenShift_etcd_Settings89 ·········2.·OpenShift_etcd_Settings
90 ·········3.·Kubernetes_Kubelet_Settings90 ·········3.·Kubernetes_Kubelet_Settings
91 ·········4.·OpenShift_-_Logging_Settings91 ·········4.·OpenShift_-_Logging_Settings
92 ·········5.·OpenShift_-_Master_Node_Settings92 ·········5.·OpenShift_-_Master_Node_Settings
2.02 KB
./usr/share/doc/ssg-nondebian/ssg-ocp4-guide-high.html
    
Offset 14670, 16 lines modifiedOffset 14670, 16 lines modified
000394d0:·6973·696f·6e20·4869·7374·6f72·793c·2f68··ision·History</h000394d0:·6973·696f·6e20·4869·7374·6f72·793c·2f68··ision·History</h
000394e0:·323e·3c70·3e43·7572·7265·6e74·2076·6572··2><p>Current·ver000394e0:·323e·3c70·3e43·7572·7265·6e74·2076·6572··2><p>Current·ver
000394f0:·7369·6f6e·3a20·3c73·7472·6f6e·673e·302e··sion:·<strong>0.000394f0:·7369·6f6e·3a20·3c73·7472·6f6e·673e·302e··sion:·<strong>0.
00039500:·312e·3635·3c2f·7374·726f·6e67·3e3c·2f70··1.65</strong></p00039500:·312e·3635·3c2f·7374·726f·6e67·3e3c·2f70··1.65</strong></p
00039510:·3e3c·756c·3e3c·6c69·3e3c·7374·726f·6e67··><ul><li><strong00039510:·3e3c·756c·3e3c·6c69·3e3c·7374·726f·6e67··><ul><li><strong
00039520:·3e64·7261·6674·3c2f·7374·726f·6e67·3e0a··>draft</strong>.00039520:·3e64·7261·6674·3c2f·7374·726f·6e67·3e0a··>draft</strong>.
00039530:·2020·2020·2020·2020·2020·2020·2020·2020··················00039530:·2020·2020·2020·2020·2020·2020·2020·2020··················
00039540:·2020·2020·2861·7320·6f66·2032·3032·342d······(as·of·2024-00039540:·2020·2020·2861·7320·6f66·2032·3032·352d······(as·of·2025-
00039550:·3031·2d31·3429·0a20·2020·2020·2020·2020··01-14).·········00039550:·3032·2d31·3529·0a20·2020·2020·2020·2020··02-15).·········
00039560:·2020·2020·2020·203c·2f6c·693e·3c2f·756c·········</li></ul00039560:·2020·2020·2020·203c·2f6c·693e·3c2f·756c·········</li></ul
00039570:·3e3c·2f64·6976·3e3c·6832·3e54·6162·6c65··></div><h2>Table00039570:·3e3c·2f64·6976·3e3c·6832·3e54·6162·6c65··></div><h2>Table
00039580:·206f·6620·436f·6e74·656e·7473·3c2f·6832···of·Contents</h200039580:·206f·6620·436f·6e74·656e·7473·3c2f·6832···of·Contents</h2
00039590:·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872·6566··><ol><li><a·href00039590:·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872·6566··><ol><li><a·href
000395a0:·3d22·2378·6363·6466·5f6f·7267·2e73·7367··="#xccdf_org.ssg000395a0:·3d22·2378·6363·6466·5f6f·7267·2e73·7367··="#xccdf_org.ssg
000395b0:·7072·6f6a·6563·742e·636f·6e74·656e·745f··project.content_000395b0:·7072·6f6a·6563·742e·636f·6e74·656e·745f··project.content_
000395c0:·6772·6f75·705f·6f70·656e·7368·6966·7422··group_openshift"000395c0:·6772·6f75·705f·6f70·656e·7368·6966·7422··group_openshift"
697 B
html2text {}
    
Offset 78, 15 lines modifiedOffset 78, 15 lines modified
78 ····*·cpe:/a:redhat:openshift_container_platform:4.678 ····*·cpe:/a:redhat:openshift_container_platform:4.6
79 ····*·cpe:/a:redhat:openshift_container_platform:4.779 ····*·cpe:/a:redhat:openshift_container_platform:4.7
80 ····*·cpe:/a:redhat:openshift_container_platform:4.880 ····*·cpe:/a:redhat:openshift_container_platform:4.8
81 ····*·cpe:/a:redhat:openshift_container_platform:4.981 ····*·cpe:/a:redhat:openshift_container_platform:4.9
82 ····*·cpe:/a:redhat:openshift_container_platform:4.182 ····*·cpe:/a:redhat:openshift_container_platform:4.1
83 *****·Revision·History·*****83 *****·Revision·History·*****
84 Current·version:·0.1.6584 Current·version:·0.1.65
85 ····*·draft·(as·of·2024-01-14)85 ····*·draft·(as·of·2025-02-15)
86 *****·Table·of·Contents·*****86 *****·Table·of·Contents·*****
87 ···1.·Kubernetes_Settings87 ···1.·Kubernetes_Settings
88 ·········1.·System_and_Software_Integrity88 ·········1.·System_and_Software_Integrity
89 ·········2.·Kubernetes_-_Account_and_Access_Control89 ·········2.·Kubernetes_-_Account_and_Access_Control
90 ·········3.·OpenShift_Kube_API_Server90 ·········3.·OpenShift_Kube_API_Server
91 ·········4.·Authentication91 ·········4.·Authentication
92 ·········5.·OpenShift_Controller_Settings92 ·········5.·OpenShift_Controller_Settings
2.04 KB
./usr/share/doc/ssg-nondebian/ssg-ocp4-guide-moderate-node.html
    
Offset 14671, 16 lines modifiedOffset 14671, 16 lines modified
000394e0:·7669·7369·6f6e·2048·6973·746f·7279·3c2f··vision·History</000394e0:·7669·7369·6f6e·2048·6973·746f·7279·3c2f··vision·History</
000394f0:·6832·3e3c·703e·4375·7272·656e·7420·7665··h2><p>Current·ve000394f0:·6832·3e3c·703e·4375·7272·656e·7420·7665··h2><p>Current·ve
00039500:·7273·696f·6e3a·203c·7374·726f·6e67·3e30··rsion:·<strong>000039500:·7273·696f·6e3a·203c·7374·726f·6e67·3e30··rsion:·<strong>0
00039510:·2e31·2e36·353c·2f73·7472·6f6e·673e·3c2f··.1.65</strong></00039510:·2e31·2e36·353c·2f73·7472·6f6e·673e·3c2f··.1.65</strong></
00039520:·703e·3c75·6c3e·3c6c·693e·3c73·7472·6f6e··p><ul><li><stron00039520:·703e·3c75·6c3e·3c6c·693e·3c73·7472·6f6e··p><ul><li><stron
00039530:·673e·6472·6166·743c·2f73·7472·6f6e·673e··g>draft</strong>00039530:·673e·6472·6166·743c·2f73·7472·6f6e·673e··g>draft</strong>
00039540:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············00039540:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············
00039550:·2020·2020·2028·6173·206f·6620·3230·3234·······(as·of·202400039550:·2020·2020·2028·6173·206f·6620·3230·3235·······(as·of·2025
00039560:·2d30·312d·3134·290a·2020·2020·2020·2020··-01-14).········00039560:·2d30·322d·3135·290a·2020·2020·2020·2020··-02-15).········
00039570:·2020·2020·2020·2020·3c2f·6c69·3e3c·2f75··········</li></u00039570:·2020·2020·2020·2020·3c2f·6c69·3e3c·2f75··········</li></u
00039580:·6c3e·3c2f·6469·763e·3c68·323e·5461·626c··l></div><h2>Tabl00039580:·6c3e·3c2f·6469·763e·3c68·323e·5461·626c··l></div><h2>Tabl
00039590:·6520·6f66·2043·6f6e·7465·6e74·733c·2f68··e·of·Contents</h00039590:·6520·6f66·2043·6f6e·7465·6e74·733c·2f68··e·of·Contents</h
000395a0:·323e·3c6f·6c3e·3c6c·693e·3c61·2068·7265··2><ol><li><a·hre000395a0:·323e·3c6f·6c3e·3c6c·693e·3c61·2068·7265··2><ol><li><a·hre
000395b0:·663d·2223·7863·6364·665f·6f72·672e·7373··f="#xccdf_org.ss000395b0:·663d·2223·7863·6364·665f·6f72·672e·7373··f="#xccdf_org.ss
000395c0:·6770·726f·6a65·6374·2e63·6f6e·7465·6e74··gproject.content000395c0:·6770·726f·6a65·6374·2e63·6f6e·7465·6e74··gproject.content
000395d0:·5f67·726f·7570·5f6f·7065·6e73·6869·6674··_group_openshift000395d0:·5f67·726f·7570·5f6f·7065·6e73·6869·6674··_group_openshift
700 B
html2text {}
    
Offset 78, 15 lines modifiedOffset 78, 15 lines modified
78 ····*·cpe:/a:redhat:openshift_container_platform:4.678 ····*·cpe:/a:redhat:openshift_container_platform:4.6
79 ····*·cpe:/a:redhat:openshift_container_platform:4.779 ····*·cpe:/a:redhat:openshift_container_platform:4.7
80 ····*·cpe:/a:redhat:openshift_container_platform:4.880 ····*·cpe:/a:redhat:openshift_container_platform:4.8
81 ····*·cpe:/a:redhat:openshift_container_platform:4.981 ····*·cpe:/a:redhat:openshift_container_platform:4.9
82 ····*·cpe:/a:redhat:openshift_container_platform:4.182 ····*·cpe:/a:redhat:openshift_container_platform:4.1
83 *****·Revision·History·*****83 *****·Revision·History·*****
84 Current·version:·0.1.6584 Current·version:·0.1.65
85 ····*·draft·(as·of·2024-01-14)85 ····*·draft·(as·of·2025-02-15)
86 *****·Table·of·Contents·*****86 *****·Table·of·Contents·*****
87 ···1.·Kubernetes_Settings87 ···1.·Kubernetes_Settings
88 ·········1.·System_and_Software_Integrity88 ·········1.·System_and_Software_Integrity
89 ·········2.·OpenShift_etcd_Settings89 ·········2.·OpenShift_etcd_Settings
90 ·········3.·Kubernetes_Kubelet_Settings90 ·········3.·Kubernetes_Kubelet_Settings
91 ·········4.·OpenShift_-_Logging_Settings91 ·········4.·OpenShift_-_Logging_Settings
92 ·········5.·OpenShift_-_Master_Node_Settings92 ·········5.·OpenShift_-_Master_Node_Settings
1.9 KB
./usr/share/doc/ssg-nondebian/ssg-ocp4-guide-moderate.html
    
Offset 14672, 15 lines modifiedOffset 14672, 15 lines modified
000394f0:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current000394f0:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current
00039500:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron00039500:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron
00039510:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong00039510:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong
00039520:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st00039520:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st
00039530:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro00039530:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro
00039540:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············00039540:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············
00039550:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·200039550:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·2
00039560:·3032·342d·3031·2d31·3429·0a20·2020·2020··024-01-14).·····00039560:·3032·352d·3032·2d31·3529·0a20·2020·2020··025-02-15).·····
00039570:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>00039570:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>
00039580:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T00039580:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T
00039590:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents00039590:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents
000395a0:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·000395a0:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·
000395b0:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org000395b0:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org
000395c0:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont000395c0:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont
000395d0:·656e·745f·6772·6f75·705f·6f70·656e·7368··ent_group_opensh000395d0:·656e·745f·6772·6f75·705f·6f70·656e·7368··ent_group_opensh
697 B
html2text {}
    
Offset 78, 15 lines modifiedOffset 78, 15 lines modified
78 ····*·cpe:/a:redhat:openshift_container_platform:4.678 ····*·cpe:/a:redhat:openshift_container_platform:4.6
79 ····*·cpe:/a:redhat:openshift_container_platform:4.779 ····*·cpe:/a:redhat:openshift_container_platform:4.7
80 ····*·cpe:/a:redhat:openshift_container_platform:4.880 ····*·cpe:/a:redhat:openshift_container_platform:4.8
81 ····*·cpe:/a:redhat:openshift_container_platform:4.981 ····*·cpe:/a:redhat:openshift_container_platform:4.9
82 ····*·cpe:/a:redhat:openshift_container_platform:4.182 ····*·cpe:/a:redhat:openshift_container_platform:4.1
83 *****·Revision·History·*****83 *****·Revision·History·*****
84 Current·version:·0.1.6584 Current·version:·0.1.65
85 ····*·draft·(as·of·2024-01-14)85 ····*·draft·(as·of·2025-02-15)
86 *****·Table·of·Contents·*****86 *****·Table·of·Contents·*****
87 ···1.·Kubernetes_Settings87 ···1.·Kubernetes_Settings
88 ·········1.·System_and_Software_Integrity88 ·········1.·System_and_Software_Integrity
89 ·········2.·Kubernetes_-_Account_and_Access_Control89 ·········2.·Kubernetes_-_Account_and_Access_Control
90 ·········3.·OpenShift_Kube_API_Server90 ·········3.·OpenShift_Kube_API_Server
91 ·········4.·Authentication91 ·········4.·Authentication
92 ·········5.·OpenShift_Controller_Settings92 ·········5.·OpenShift_Controller_Settings
1.91 KB
./usr/share/doc/ssg-nondebian/ssg-ocp4-guide-nerc-cip-node.html
    
Offset 14633, 15 lines modifiedOffset 14633, 15 lines modified
00039280:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C00039280:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C
00039290:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·00039290:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·
000392a0:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</000392a0:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</
000392b0:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><000392b0:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><
000392c0:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft000392c0:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft
000392d0:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······000392d0:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······
000392e0:·2020·2020·2020·2020·2020·2020·2020·2861················(a000392e0:·2020·2020·2020·2020·2020·2020·2020·2861················(a
000392f0:·7320·6f66·2032·3032·342d·3031·2d31·3429··s·of·2024-01-14)000392f0:·7320·6f66·2032·3032·352d·3032·2d31·3529··s·of·2025-02-15)
00039300:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············00039300:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············
00039310:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div00039310:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div
00039320:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co00039320:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co
00039330:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><00039330:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><
00039340:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc00039340:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc
00039350:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec00039350:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec
00039360:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_00039360:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_
700 B
html2text {}
    
Offset 67, 15 lines modifiedOffset 67, 15 lines modified
67 ····*·cpe:/a:redhat:openshift_container_platform:4.667 ····*·cpe:/a:redhat:openshift_container_platform:4.6
68 ····*·cpe:/a:redhat:openshift_container_platform:4.768 ····*·cpe:/a:redhat:openshift_container_platform:4.7
69 ····*·cpe:/a:redhat:openshift_container_platform:4.869 ····*·cpe:/a:redhat:openshift_container_platform:4.8
70 ····*·cpe:/a:redhat:openshift_container_platform:4.970 ····*·cpe:/a:redhat:openshift_container_platform:4.9
71 ····*·cpe:/a:redhat:openshift_container_platform:4.171 ····*·cpe:/a:redhat:openshift_container_platform:4.1
72 *****·Revision·History·*****72 *****·Revision·History·*****
73 Current·version:·0.1.6573 Current·version:·0.1.65
74 ····*·draft·(as·of·2024-01-14)74 ····*·draft·(as·of·2025-02-15)
75 *****·Table·of·Contents·*****75 *****·Table·of·Contents·*****
76 ···1.·Kubernetes_Settings76 ···1.·Kubernetes_Settings
77 ·········1.·System_and_Software_Integrity77 ·········1.·System_and_Software_Integrity
78 ·········2.·OpenShift_etcd_Settings78 ·········2.·OpenShift_etcd_Settings
79 ·········3.·Kubernetes_Kubelet_Settings79 ·········3.·Kubernetes_Kubelet_Settings
80 ·········4.·OpenShift_-_Logging_Settings80 ·········4.·OpenShift_-_Logging_Settings
81 ·········5.·OpenShift_-_Master_Node_Settings81 ·········5.·OpenShift_-_Master_Node_Settings
2.03 KB
./usr/share/doc/ssg-nondebian/ssg-ocp4-guide-nerc-cip.html
    
Offset 14633, 16 lines modifiedOffset 14633, 16 lines modified
00039280:·6f6e·2048·6973·746f·7279·3c2f·6832·3e3c··on·History</h2><00039280:·6f6e·2048·6973·746f·7279·3c2f·6832·3e3c··on·History</h2><
00039290:·703e·4375·7272·656e·7420·7665·7273·696f··p>Current·versio00039290:·703e·4375·7272·656e·7420·7665·7273·696f··p>Current·versio
000392a0:·6e3a·203c·7374·726f·6e67·3e30·2e31·2e36··n:·<strong>0.1.6000392a0:·6e3a·203c·7374·726f·6e67·3e30·2e31·2e36··n:·<strong>0.1.6
000392b0:·353c·2f73·7472·6f6e·673e·3c2f·703e·3c75··5</strong></p><u000392b0:·353c·2f73·7472·6f6e·673e·3c2f·703e·3c75··5</strong></p><u
000392c0:·6c3e·3c6c·693e·3c73·7472·6f6e·673e·6472··l><li><strong>dr000392c0:·6c3e·3c6c·693e·3c73·7472·6f6e·673e·6472··l><li><strong>dr
000392d0:·6166·743c·2f73·7472·6f6e·673e·0a20·2020··aft</strong>.···000392d0:·6166·743c·2f73·7472·6f6e·673e·0a20·2020··aft</strong>.···
000392e0:·2020·2020·2020·2020·2020·2020·2020·2020··················000392e0:·2020·2020·2020·2020·2020·2020·2020·2020··················
000392f0:·2028·6173·206f·6620·3230·3234·2d30·312d···(as·of·2024-01-000392f0:·2028·6173·206f·6620·3230·3235·2d30·322d···(as·of·2025-02-
00039300:·3134·290a·2020·2020·2020·2020·2020·2020··14).············00039300:·3135·290a·2020·2020·2020·2020·2020·2020··15).············
00039310:·2020·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f······</li></ul></00039310:·2020·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f······</li></ul></
00039320:·6469·763e·3c68·323e·5461·626c·6520·6f66··div><h2>Table·of00039320:·6469·763e·3c68·323e·5461·626c·6520·6f66··div><h2>Table·of
00039330:·2043·6f6e·7465·6e74·733c·2f68·323e·3c6f···Contents</h2><o00039330:·2043·6f6e·7465·6e74·733c·2f68·323e·3c6f···Contents</h2><o
00039340:·6c3e·3c6c·693e·3c61·2068·7265·663d·2223··l><li><a·href="#00039340:·6c3e·3c6c·693e·3c61·2068·7265·663d·2223··l><li><a·href="#
00039350:·7863·6364·665f·6f72·672e·7373·6770·726f··xccdf_org.ssgpro00039350:·7863·6364·665f·6f72·672e·7373·6770·726f··xccdf_org.ssgpro
00039360:·6a65·6374·2e63·6f6e·7465·6e74·5f67·726f··ject.content_gro00039360:·6a65·6374·2e63·6f6e·7465·6e74·5f67·726f··ject.content_gro
00039370:·7570·5f6f·7065·6e73·6869·6674·223e·4b75··up_openshift">Ku00039370:·7570·5f6f·7065·6e73·6869·6674·223e·4b75··up_openshift">Ku
697 B
html2text {}
    
Offset 67, 15 lines modifiedOffset 67, 15 lines modified
67 ····*·cpe:/a:redhat:openshift_container_platform:4.667 ····*·cpe:/a:redhat:openshift_container_platform:4.6
68 ····*·cpe:/a:redhat:openshift_container_platform:4.768 ····*·cpe:/a:redhat:openshift_container_platform:4.7
69 ····*·cpe:/a:redhat:openshift_container_platform:4.869 ····*·cpe:/a:redhat:openshift_container_platform:4.8
70 ····*·cpe:/a:redhat:openshift_container_platform:4.970 ····*·cpe:/a:redhat:openshift_container_platform:4.9
71 ····*·cpe:/a:redhat:openshift_container_platform:4.171 ····*·cpe:/a:redhat:openshift_container_platform:4.1
72 *****·Revision·History·*****72 *****·Revision·History·*****
73 Current·version:·0.1.6573 Current·version:·0.1.65
74 ····*·draft·(as·of·2024-01-14)74 ····*·draft·(as·of·2025-02-15)
75 *****·Table·of·Contents·*****75 *****·Table·of·Contents·*****
76 ···1.·Kubernetes_Settings76 ···1.·Kubernetes_Settings
77 ·········1.·System_and_Software_Integrity77 ·········1.·System_and_Software_Integrity
78 ·········2.·Kubernetes_-_Account_and_Access_Control78 ·········2.·Kubernetes_-_Account_and_Access_Control
79 ·········3.·OpenShift_Kube_API_Server79 ·········3.·OpenShift_Kube_API_Server
80 ·········4.·Authentication80 ·········4.·Authentication
81 ·········5.·OpenShift_Controller_Settings81 ·········5.·OpenShift_Controller_Settings
1.91 KB
./usr/share/doc/ssg-nondebian/ssg-ocp4-guide-pci-dss-node.html
    
Offset 14603, 15 lines modifiedOffset 14603, 15 lines modified
000390a0:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current000390a0:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current
000390b0:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron000390b0:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron
000390c0:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong000390c0:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong
000390d0:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st000390d0:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st
000390e0:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro000390e0:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro
000390f0:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············000390f0:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············
00039100:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·200039100:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·2
00039110:·3032·342d·3031·2d31·3429·0a20·2020·2020··024-01-14).·····00039110:·3032·352d·3032·2d31·3529·0a20·2020·2020··025-02-15).·····
00039120:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>00039120:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>
00039130:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T00039130:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T
00039140:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents00039140:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents
00039150:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·00039150:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·
00039160:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org00039160:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org
00039170:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont00039170:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont
00039180:·656e·745f·6772·6f75·705f·6f70·656e·7368··ent_group_opensh00039180:·656e·745f·6772·6f75·705f·6f70·656e·7368··ent_group_opensh
704 B
html2text {}
    
Offset 61, 15 lines modifiedOffset 61, 15 lines modified
61 ····*·cpe:/a:redhat:openshift_container_platform:4.661 ····*·cpe:/a:redhat:openshift_container_platform:4.6
62 ····*·cpe:/a:redhat:openshift_container_platform:4.762 ····*·cpe:/a:redhat:openshift_container_platform:4.7
63 ····*·cpe:/a:redhat:openshift_container_platform:4.863 ····*·cpe:/a:redhat:openshift_container_platform:4.8
64 ····*·cpe:/a:redhat:openshift_container_platform:4.964 ····*·cpe:/a:redhat:openshift_container_platform:4.9
65 ····*·cpe:/a:redhat:openshift_container_platform:4.165 ····*·cpe:/a:redhat:openshift_container_platform:4.1
66 *****·Revision·History·*****66 *****·Revision·History·*****
67 Current·version:·0.1.6567 Current·version:·0.1.65
68 ····*·draft·(as·of·2024-01-14)68 ····*·draft·(as·of·2025-02-15)
69 *****·Table·of·Contents·*****69 *****·Table·of·Contents·*****
70 ···1.·Kubernetes_Settings70 ···1.·Kubernetes_Settings
71 ·········1.·OpenShift_etcd_Settings71 ·········1.·OpenShift_etcd_Settings
72 ·········2.·Kubernetes_Kubelet_Settings72 ·········2.·Kubernetes_Kubelet_Settings
73 ·········3.·OpenShift_-_Logging_Settings73 ·········3.·OpenShift_-_Logging_Settings
74 ·········4.·OpenShift_-_Master_Node_Settings74 ·········4.·OpenShift_-_Master_Node_Settings
75 ·········5.·Kubernetes_-_Worker_Node_Settings75 ·········5.·Kubernetes_-_Worker_Node_Settings
2.03 KB
./usr/share/doc/ssg-nondebian/ssg-ocp4-guide-pci-dss.html
    
Offset 14602, 16 lines modifiedOffset 14602, 16 lines modified
00039090:·7369·6f6e·2048·6973·746f·7279·3c2f·6832··sion·History</h200039090:·7369·6f6e·2048·6973·746f·7279·3c2f·6832··sion·History</h2
000390a0:·3e3c·703e·4375·7272·656e·7420·7665·7273··><p>Current·vers000390a0:·3e3c·703e·4375·7272·656e·7420·7665·7273··><p>Current·vers
000390b0:·696f·6e3a·203c·7374·726f·6e67·3e30·2e31··ion:·<strong>0.1000390b0:·696f·6e3a·203c·7374·726f·6e67·3e30·2e31··ion:·<strong>0.1
000390c0:·2e36·353c·2f73·7472·6f6e·673e·3c2f·703e··.65</strong></p>000390c0:·2e36·353c·2f73·7472·6f6e·673e·3c2f·703e··.65</strong></p>
000390d0:·3c75·6c3e·3c6c·693e·3c73·7472·6f6e·673e··<ul><li><strong>000390d0:·3c75·6c3e·3c6c·693e·3c73·7472·6f6e·673e··<ul><li><strong>
000390e0:·6472·6166·743c·2f73·7472·6f6e·673e·0a20··draft</strong>.·000390e0:·6472·6166·743c·2f73·7472·6f6e·673e·0a20··draft</strong>.·
000390f0:·2020·2020·2020·2020·2020·2020·2020·2020··················000390f0:·2020·2020·2020·2020·2020·2020·2020·2020··················
00039100:·2020·2028·6173·206f·6620·3230·3234·2d30·····(as·of·2024-000039100:·2020·2028·6173·206f·6620·3230·3235·2d30·····(as·of·2025-0
00039110:·312d·3134·290a·2020·2020·2020·2020·2020··1-14).··········00039110:·322d·3135·290a·2020·2020·2020·2020·2020··2-15).··········
00039120:·2020·2020·2020·3c2f·6c69·3e3c·2f75·6c3e········</li></ul>00039120:·2020·2020·2020·3c2f·6c69·3e3c·2f75·6c3e········</li></ul>
00039130:·3c2f·6469·763e·3c68·323e·5461·626c·6520··</div><h2>Table·00039130:·3c2f·6469·763e·3c68·323e·5461·626c·6520··</div><h2>Table·
00039140:·6f66·2043·6f6e·7465·6e74·733c·2f68·323e··of·Contents</h2>00039140:·6f66·2043·6f6e·7465·6e74·733c·2f68·323e··of·Contents</h2>
00039150:·3c6f·6c3e·3c6c·693e·3c61·2068·7265·663d··<ol><li><a·href=00039150:·3c6f·6c3e·3c6c·693e·3c61·2068·7265·663d··<ol><li><a·href=
00039160:·2223·7863·6364·665f·6f72·672e·7373·6770··"#xccdf_org.ssgp00039160:·2223·7863·6364·665f·6f72·672e·7373·6770··"#xccdf_org.ssgp
00039170:·726f·6a65·6374·2e63·6f6e·7465·6e74·5f67··roject.content_g00039170:·726f·6a65·6374·2e63·6f6e·7465·6e74·5f67··roject.content_g
00039180:·726f·7570·5f6f·7065·6e73·6869·6674·223e··roup_openshift">00039180:·726f·7570·5f6f·7065·6e73·6869·6674·223e··roup_openshift">
697 B
html2text {}
    
Offset 61, 15 lines modifiedOffset 61, 15 lines modified
61 ····*·cpe:/a:redhat:openshift_container_platform:4.661 ····*·cpe:/a:redhat:openshift_container_platform:4.6
62 ····*·cpe:/a:redhat:openshift_container_platform:4.762 ····*·cpe:/a:redhat:openshift_container_platform:4.7
63 ····*·cpe:/a:redhat:openshift_container_platform:4.863 ····*·cpe:/a:redhat:openshift_container_platform:4.8
64 ····*·cpe:/a:redhat:openshift_container_platform:4.964 ····*·cpe:/a:redhat:openshift_container_platform:4.9
65 ····*·cpe:/a:redhat:openshift_container_platform:4.165 ····*·cpe:/a:redhat:openshift_container_platform:4.1
66 *****·Revision·History·*****66 *****·Revision·History·*****
67 Current·version:·0.1.6567 Current·version:·0.1.65
68 ····*·draft·(as·of·2024-01-14)68 ····*·draft·(as·of·2025-02-15)
69 *****·Table·of·Contents·*****69 *****·Table·of·Contents·*****
70 ···1.·Kubernetes_Settings70 ···1.·Kubernetes_Settings
71 ·········1.·System_and_Software_Integrity71 ·········1.·System_and_Software_Integrity
72 ·········2.·Kubernetes_-_Account_and_Access_Control72 ·········2.·Kubernetes_-_Account_and_Access_Control
73 ·········3.·OpenShift_Kube_API_Server73 ·········3.·OpenShift_Kube_API_Server
74 ·········4.·Authentication74 ·········4.·Authentication
75 ·········5.·OpenShift_Controller_Settings75 ·········5.·OpenShift_Controller_Settings
1.84 KB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-anssi_nt28_enhanced.html
    
Offset 14302, 15 lines modifiedOffset 14302, 15 lines modified
00037dd0:·7279·3c2f·6832·3e3c·703e·4375·7272·656e··ry</h2><p>Curren00037dd0:·7279·3c2f·6832·3e3c·703e·4375·7272·656e··ry</h2><p>Curren
00037de0:·7420·7665·7273·696f·6e3a·203c·7374·726f··t·version:·<stro00037de0:·7420·7665·7273·696f·6e3a·203c·7374·726f··t·version:·<stro
00037df0:·6e67·3e30·2e31·2e36·353c·2f73·7472·6f6e··ng>0.1.65</stron00037df0:·6e67·3e30·2e31·2e36·353c·2f73·7472·6f6e··ng>0.1.65</stron
00037e00:·673e·3c2f·703e·3c75·6c3e·3c6c·693e·3c73··g></p><ul><li><s00037e00:·673e·3c2f·703e·3c75·6c3e·3c6c·693e·3c73··g></p><ul><li><s
00037e10:·7472·6f6e·673e·6472·6166·743c·2f73·7472··trong>draft</str00037e10:·7472·6f6e·673e·6472·6166·743c·2f73·7472··trong>draft</str
00037e20:·6f6e·673e·0a20·2020·2020·2020·2020·2020··ong>.···········00037e20:·6f6e·673e·0a20·2020·2020·2020·2020·2020··ong>.···········
00037e30:·2020·2020·2020·2020·2028·6173·206f·6620···········(as·of·00037e30:·2020·2020·2020·2020·2028·6173·206f·6620···········(as·of·
00037e40:·3230·3234·2d30·312d·3134·290a·2020·2020··2024-01-14).····00037e40:·3230·3235·2d30·322d·3135·290a·2020·2020··2025-02-15).····
00037e50:·2020·2020·2020·2020·2020·2020·3c2f·6c69··············</li00037e50:·2020·2020·2020·2020·2020·2020·3c2f·6c69··············</li
00037e60:·3e3c·2f75·6c3e·3c2f·6469·763e·3c68·323e··></ul></div><h2>00037e60:·3e3c·2f75·6c3e·3c2f·6469·763e·3c68·323e··></ul></div><h2>
00037e70:·5461·626c·6520·6f66·2043·6f6e·7465·6e74··Table·of·Content00037e70:·5461·626c·6520·6f66·2043·6f6e·7465·6e74··Table·of·Content
00037e80:·733c·2f68·323e·3c6f·6c3e·3c6c·693e·3c61··s</h2><ol><li><a00037e80:·733c·2f68·323e·3c6f·6c3e·3c6c·693e·3c61··s</h2><ol><li><a
00037e90:·2068·7265·663d·2223·7863·6364·665f·6f72···href="#xccdf_or00037e90:·2068·7265·663d·2223·7863·6364·665f·6f72···href="#xccdf_or
00037ea0:·672e·7373·6770·726f·6a65·6374·2e63·6f6e··g.ssgproject.con00037ea0:·672e·7373·6770·726f·6a65·6374·2e63·6f6e··g.ssgproject.con
00037eb0:·7465·6e74·5f67·726f·7570·5f73·7973·7465··tent_group_syste00037eb0:·7465·6e74·5f67·726f·7570·5f73·7973·7465··tent_group_syste
619 B
html2text {}
    
Offset 43, 15 lines modifiedOffset 43, 15 lines modified
43 *****·Profile·Information·*****43 *****·Profile·Information·*****
44 Profile·Title·ANSSI-BP-028·(enhanced)44 Profile·Title·ANSSI-BP-028·(enhanced)
45 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_nt28_enhanced45 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_nt28_enhanced
46 ***·CPE·Platforms·***46 ***·CPE·Platforms·***
47 ····*·cpe:/o:oracle:linux:747 ····*·cpe:/o:oracle:linux:7
48 *****·Revision·History·*****48 *****·Revision·History·*****
49 Current·version:·0.1.6549 Current·version:·0.1.65
50 ····*·draft·(as·of·2024-01-14)50 ····*·draft·(as·of·2025-02-15)
51 *****·Table·of·Contents·*****51 *****·Table·of·Contents·*****
52 ···1.·System_Settings52 ···1.·System_Settings
53 ·········1.·Installing_and_Maintaining_Software53 ·········1.·Installing_and_Maintaining_Software
54 ·········2.·Account_and_Access_Control54 ·········2.·Account_and_Access_Control
55 ·········3.·System_Accounting_with_auditd55 ·········3.·System_Accounting_with_auditd
56 ·········4.·GRUB2_bootloader_configuration56 ·········4.·GRUB2_bootloader_configuration
57 ·········5.·Configure_Syslog57 ·········5.·Configure_Syslog
1.83 KB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-anssi_nt28_high.html
    
Offset 14302, 15 lines modifiedOffset 14302, 15 lines modified
00037dd0:·7279·3c2f·6832·3e3c·703e·4375·7272·656e··ry</h2><p>Curren00037dd0:·7279·3c2f·6832·3e3c·703e·4375·7272·656e··ry</h2><p>Curren
00037de0:·7420·7665·7273·696f·6e3a·203c·7374·726f··t·version:·<stro00037de0:·7420·7665·7273·696f·6e3a·203c·7374·726f··t·version:·<stro
00037df0:·6e67·3e30·2e31·2e36·353c·2f73·7472·6f6e··ng>0.1.65</stron00037df0:·6e67·3e30·2e31·2e36·353c·2f73·7472·6f6e··ng>0.1.65</stron
00037e00:·673e·3c2f·703e·3c75·6c3e·3c6c·693e·3c73··g></p><ul><li><s00037e00:·673e·3c2f·703e·3c75·6c3e·3c6c·693e·3c73··g></p><ul><li><s
00037e10:·7472·6f6e·673e·6472·6166·743c·2f73·7472··trong>draft</str00037e10:·7472·6f6e·673e·6472·6166·743c·2f73·7472··trong>draft</str
00037e20:·6f6e·673e·0a20·2020·2020·2020·2020·2020··ong>.···········00037e20:·6f6e·673e·0a20·2020·2020·2020·2020·2020··ong>.···········
00037e30:·2020·2020·2020·2020·2028·6173·206f·6620···········(as·of·00037e30:·2020·2020·2020·2020·2028·6173·206f·6620···········(as·of·
00037e40:·3230·3234·2d30·312d·3134·290a·2020·2020··2024-01-14).····00037e40:·3230·3235·2d30·322d·3135·290a·2020·2020··2025-02-15).····
00037e50:·2020·2020·2020·2020·2020·2020·3c2f·6c69··············</li00037e50:·2020·2020·2020·2020·2020·2020·3c2f·6c69··············</li
00037e60:·3e3c·2f75·6c3e·3c2f·6469·763e·3c68·323e··></ul></div><h2>00037e60:·3e3c·2f75·6c3e·3c2f·6469·763e·3c68·323e··></ul></div><h2>
00037e70:·5461·626c·6520·6f66·2043·6f6e·7465·6e74··Table·of·Content00037e70:·5461·626c·6520·6f66·2043·6f6e·7465·6e74··Table·of·Content
00037e80:·733c·2f68·323e·3c6f·6c3e·3c6c·693e·3c61··s</h2><ol><li><a00037e80:·733c·2f68·323e·3c6f·6c3e·3c6c·693e·3c61··s</h2><ol><li><a
00037e90:·2068·7265·663d·2223·7863·6364·665f·6f72···href="#xccdf_or00037e90:·2068·7265·663d·2223·7863·6364·665f·6f72···href="#xccdf_or
00037ea0:·672e·7373·6770·726f·6a65·6374·2e63·6f6e··g.ssgproject.con00037ea0:·672e·7373·6770·726f·6a65·6374·2e63·6f6e··g.ssgproject.con
00037eb0:·7465·6e74·5f67·726f·7570·5f73·7973·7465··tent_group_syste00037eb0:·7465·6e74·5f67·726f·7570·5f73·7973·7465··tent_group_syste
619 B
html2text {}
    
Offset 43, 15 lines modifiedOffset 43, 15 lines modified
43 *****·Profile·Information·*****43 *****·Profile·Information·*****
44 Profile·Title·DRAFT·-·ANSSI-BP-028·(high)44 Profile·Title·DRAFT·-·ANSSI-BP-028·(high)
45 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_nt28_high45 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_nt28_high
46 ***·CPE·Platforms·***46 ***·CPE·Platforms·***
47 ····*·cpe:/o:oracle:linux:747 ····*·cpe:/o:oracle:linux:7
48 *****·Revision·History·*****48 *****·Revision·History·*****
49 Current·version:·0.1.6549 Current·version:·0.1.65
50 ····*·draft·(as·of·2024-01-14)50 ····*·draft·(as·of·2025-02-15)
51 *****·Table·of·Contents·*****51 *****·Table·of·Contents·*****
52 ···1.·System_Settings52 ···1.·System_Settings
53 ·········1.·Installing_and_Maintaining_Software53 ·········1.·Installing_and_Maintaining_Software
54 ·········2.·Account_and_Access_Control54 ·········2.·Account_and_Access_Control
55 ·········3.·System_Accounting_with_auditd55 ·········3.·System_Accounting_with_auditd
56 ·········4.·GRUB2_bootloader_configuration56 ·········4.·GRUB2_bootloader_configuration
57 ·········5.·Configure_Syslog57 ·········5.·Configure_Syslog
1.86 KB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-anssi_nt28_intermediary.html
    
Offset 14303, 15 lines modifiedOffset 14303, 15 lines modified
00037de0:·7279·3c2f·6832·3e3c·703e·4375·7272·656e··ry</h2><p>Curren00037de0:·7279·3c2f·6832·3e3c·703e·4375·7272·656e··ry</h2><p>Curren
00037df0:·7420·7665·7273·696f·6e3a·203c·7374·726f··t·version:·<stro00037df0:·7420·7665·7273·696f·6e3a·203c·7374·726f··t·version:·<stro
00037e00:·6e67·3e30·2e31·2e36·353c·2f73·7472·6f6e··ng>0.1.65</stron00037e00:·6e67·3e30·2e31·2e36·353c·2f73·7472·6f6e··ng>0.1.65</stron
00037e10:·673e·3c2f·703e·3c75·6c3e·3c6c·693e·3c73··g></p><ul><li><s00037e10:·673e·3c2f·703e·3c75·6c3e·3c6c·693e·3c73··g></p><ul><li><s
00037e20:·7472·6f6e·673e·6472·6166·743c·2f73·7472··trong>draft</str00037e20:·7472·6f6e·673e·6472·6166·743c·2f73·7472··trong>draft</str
00037e30:·6f6e·673e·0a20·2020·2020·2020·2020·2020··ong>.···········00037e30:·6f6e·673e·0a20·2020·2020·2020·2020·2020··ong>.···········
00037e40:·2020·2020·2020·2020·2028·6173·206f·6620···········(as·of·00037e40:·2020·2020·2020·2020·2028·6173·206f·6620···········(as·of·
00037e50:·3230·3234·2d30·312d·3134·290a·2020·2020··2024-01-14).····00037e50:·3230·3235·2d30·322d·3135·290a·2020·2020··2025-02-15).····
00037e60:·2020·2020·2020·2020·2020·2020·3c2f·6c69··············</li00037e60:·2020·2020·2020·2020·2020·2020·3c2f·6c69··············</li
00037e70:·3e3c·2f75·6c3e·3c2f·6469·763e·3c68·323e··></ul></div><h2>00037e70:·3e3c·2f75·6c3e·3c2f·6469·763e·3c68·323e··></ul></div><h2>
00037e80:·5461·626c·6520·6f66·2043·6f6e·7465·6e74··Table·of·Content00037e80:·5461·626c·6520·6f66·2043·6f6e·7465·6e74··Table·of·Content
00037e90:·733c·2f68·323e·3c6f·6c3e·3c6c·693e·3c61··s</h2><ol><li><a00037e90:·733c·2f68·323e·3c6f·6c3e·3c6c·693e·3c61··s</h2><ol><li><a
00037ea0:·2068·7265·663d·2223·7863·6364·665f·6f72···href="#xccdf_or00037ea0:·2068·7265·663d·2223·7863·6364·665f·6f72···href="#xccdf_or
00037eb0:·672e·7373·6770·726f·6a65·6374·2e63·6f6e··g.ssgproject.con00037eb0:·672e·7373·6770·726f·6a65·6374·2e63·6f6e··g.ssgproject.con
00037ec0:·7465·6e74·5f67·726f·7570·5f73·7973·7465··tent_group_syste00037ec0:·7465·6e74·5f67·726f·7570·5f73·7973·7465··tent_group_syste
632 B
html2text {}
    
Offset 43, 15 lines modifiedOffset 43, 15 lines modified
43 *****·Profile·Information·*****43 *****·Profile·Information·*****
44 Profile·Title·ANSSI-BP-028·(intermediary)44 Profile·Title·ANSSI-BP-028·(intermediary)
45 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_nt28_intermediary45 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_nt28_intermediary
46 ***·CPE·Platforms·***46 ***·CPE·Platforms·***
47 ····*·cpe:/o:oracle:linux:747 ····*·cpe:/o:oracle:linux:7
48 *****·Revision·History·*****48 *****·Revision·History·*****
49 Current·version:·0.1.6549 Current·version:·0.1.65
50 ····*·draft·(as·of·2024-01-14)50 ····*·draft·(as·of·2025-02-15)
51 *****·Table·of·Contents·*****51 *****·Table·of·Contents·*****
52 ···1.·System_Settings52 ···1.·System_Settings
53 ·········1.·Installing_and_Maintaining_Software53 ·········1.·Installing_and_Maintaining_Software
54 ·········2.·Account_and_Access_Control54 ·········2.·Account_and_Access_Control
55 ·········3.·System_Accounting_with_auditd55 ·········3.·System_Accounting_with_auditd
56 ·········4.·Configure_Syslog56 ·········4.·Configure_Syslog
57 ·········5.·Network_Configuration_and_Firewalls57 ·········5.·Network_Configuration_and_Firewalls
1.94 KB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-anssi_nt28_minimal.html
    
Offset 14301, 16 lines modifiedOffset 14301, 16 lines modified
00037dc0:·7669·7369·6f6e·2048·6973·746f·7279·3c2f··vision·History</00037dc0:·7669·7369·6f6e·2048·6973·746f·7279·3c2f··vision·History</
00037dd0:·6832·3e3c·703e·4375·7272·656e·7420·7665··h2><p>Current·ve00037dd0:·6832·3e3c·703e·4375·7272·656e·7420·7665··h2><p>Current·ve
00037de0:·7273·696f·6e3a·203c·7374·726f·6e67·3e30··rsion:·<strong>000037de0:·7273·696f·6e3a·203c·7374·726f·6e67·3e30··rsion:·<strong>0
00037df0:·2e31·2e36·353c·2f73·7472·6f6e·673e·3c2f··.1.65</strong></00037df0:·2e31·2e36·353c·2f73·7472·6f6e·673e·3c2f··.1.65</strong></
00037e00:·703e·3c75·6c3e·3c6c·693e·3c73·7472·6f6e··p><ul><li><stron00037e00:·703e·3c75·6c3e·3c6c·693e·3c73·7472·6f6e··p><ul><li><stron
00037e10:·673e·6472·6166·743c·2f73·7472·6f6e·673e··g>draft</strong>00037e10:·673e·6472·6166·743c·2f73·7472·6f6e·673e··g>draft</strong>
00037e20:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············00037e20:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············
00037e30:·2020·2020·2028·6173·206f·6620·3230·3234·······(as·of·202400037e30:·2020·2020·2028·6173·206f·6620·3230·3235·······(as·of·2025
00037e40:·2d30·312d·3134·290a·2020·2020·2020·2020··-01-14).········00037e40:·2d30·322d·3135·290a·2020·2020·2020·2020··-02-15).········
00037e50:·2020·2020·2020·2020·3c2f·6c69·3e3c·2f75··········</li></u00037e50:·2020·2020·2020·2020·3c2f·6c69·3e3c·2f75··········</li></u
00037e60:·6c3e·3c2f·6469·763e·3c68·323e·5461·626c··l></div><h2>Tabl00037e60:·6c3e·3c2f·6469·763e·3c68·323e·5461·626c··l></div><h2>Tabl
00037e70:·6520·6f66·2043·6f6e·7465·6e74·733c·2f68··e·of·Contents</h00037e70:·6520·6f66·2043·6f6e·7465·6e74·733c·2f68··e·of·Contents</h
00037e80:·323e·3c6f·6c3e·3c6c·693e·3c61·2068·7265··2><ol><li><a·hre00037e80:·323e·3c6f·6c3e·3c6c·693e·3c61·2068·7265··2><ol><li><a·hre
00037e90:·663d·2223·7863·6364·665f·6f72·672e·7373··f="#xccdf_org.ss00037e90:·663d·2223·7863·6364·665f·6f72·672e·7373··f="#xccdf_org.ss
00037ea0:·6770·726f·6a65·6374·2e63·6f6e·7465·6e74··gproject.content00037ea0:·6770·726f·6a65·6374·2e63·6f6e·7465·6e74··gproject.content
00037eb0:·5f67·726f·7570·5f73·7973·7465·6d22·3e53··_group_system">S00037eb0:·5f67·726f·7570·5f73·7973·7465·6d22·3e53··_group_system">S
586 B
html2text {}
    
Offset 43, 15 lines modifiedOffset 43, 15 lines modified
43 *****·Profile·Information·*****43 *****·Profile·Information·*****
44 Profile·Title·ANSSI-BP-028·(minimal)44 Profile·Title·ANSSI-BP-028·(minimal)
45 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_nt28_minimal45 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_nt28_minimal
46 ***·CPE·Platforms·***46 ***·CPE·Platforms·***
47 ····*·cpe:/o:oracle:linux:747 ····*·cpe:/o:oracle:linux:7
48 *****·Revision·History·*****48 *****·Revision·History·*****
49 Current·version:·0.1.6549 Current·version:·0.1.65
50 ····*·draft·(as·of·2024-01-14)50 ····*·draft·(as·of·2025-02-15)
51 *****·Table·of·Contents·*****51 *****·Table·of·Contents·*****
52 ···1.·System_Settings52 ···1.·System_Settings
53 ·········1.·Installing_and_Maintaining_Software53 ·········1.·Installing_and_Maintaining_Software
54 ·········2.·Account_and_Access_Control54 ·········2.·Account_and_Access_Control
55 ·········3.·Configure_Syslog55 ·········3.·Configure_Syslog
56 ·········4.·File_Permissions_and_Masks56 ·········4.·File_Permissions_and_Masks
57 ···2.·Services57 ···2.·Services
1.99 KB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-cjis.html
    
Offset 14289, 16 lines modifiedOffset 14289, 16 lines modified
00037d00:·6f6e·2048·6973·746f·7279·3c2f·6832·3e3c··on·History</h2><00037d00:·6f6e·2048·6973·746f·7279·3c2f·6832·3e3c··on·History</h2><
00037d10:·703e·4375·7272·656e·7420·7665·7273·696f··p>Current·versio00037d10:·703e·4375·7272·656e·7420·7665·7273·696f··p>Current·versio
00037d20:·6e3a·203c·7374·726f·6e67·3e30·2e31·2e36··n:·<strong>0.1.600037d20:·6e3a·203c·7374·726f·6e67·3e30·2e31·2e36··n:·<strong>0.1.6
00037d30:·353c·2f73·7472·6f6e·673e·3c2f·703e·3c75··5</strong></p><u00037d30:·353c·2f73·7472·6f6e·673e·3c2f·703e·3c75··5</strong></p><u
00037d40:·6c3e·3c6c·693e·3c73·7472·6f6e·673e·6472··l><li><strong>dr00037d40:·6c3e·3c6c·693e·3c73·7472·6f6e·673e·6472··l><li><strong>dr
00037d50:·6166·743c·2f73·7472·6f6e·673e·0a20·2020··aft</strong>.···00037d50:·6166·743c·2f73·7472·6f6e·673e·0a20·2020··aft</strong>.···
00037d60:·2020·2020·2020·2020·2020·2020·2020·2020··················00037d60:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037d70:·2028·6173·206f·6620·3230·3234·2d30·312d···(as·of·2024-01-00037d70:·2028·6173·206f·6620·3230·3235·2d30·322d···(as·of·2025-02-
00037d80:·3134·290a·2020·2020·2020·2020·2020·2020··14).············00037d80:·3135·290a·2020·2020·2020·2020·2020·2020··15).············
00037d90:·2020·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f······</li></ul></00037d90:·2020·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f······</li></ul></
00037da0:·6469·763e·3c68·323e·5461·626c·6520·6f66··div><h2>Table·of00037da0:·6469·763e·3c68·323e·5461·626c·6520·6f66··div><h2>Table·of
00037db0:·2043·6f6e·7465·6e74·733c·2f68·323e·3c6f···Contents</h2><o00037db0:·2043·6f6e·7465·6e74·733c·2f68·323e·3c6f···Contents</h2><o
00037dc0:·6c3e·3c6c·693e·3c61·2068·7265·663d·2223··l><li><a·href="#00037dc0:·6c3e·3c6c·693e·3c61·2068·7265·663d·2223··l><li><a·href="#
00037dd0:·7863·6364·665f·6f72·672e·7373·6770·726f··xccdf_org.ssgpro00037dd0:·7863·6364·665f·6f72·672e·7373·6770·726f··xccdf_org.ssgpro
00037de0:·6a65·6374·2e63·6f6e·7465·6e74·5f67·726f··ject.content_gro00037de0:·6a65·6374·2e63·6f6e·7465·6e74·5f67·726f··ject.content_gro
00037df0:·7570·5f73·7973·7465·6d22·3e53·7973·7465··up_system">Syste00037df0:·7570·5f73·7973·7465·6d22·3e53·7973·7465··up_system">Syste
660 B
html2text {}
    
Offset 40, 15 lines modifiedOffset 40, 15 lines modified
40 *****·Profile·Information·*****40 *****·Profile·Information·*****
41 Profile·Title·Criminal·Justice·Information·Services·(CJIS)·Security·Policy41 Profile·Title·Criminal·Justice·Information·Services·(CJIS)·Security·Policy
42 Profile·ID····xccdf_org.ssgproject.content_profile_cjis42 Profile·ID····xccdf_org.ssgproject.content_profile_cjis
43 ***·CPE·Platforms·***43 ***·CPE·Platforms·***
44 ····*·cpe:/o:oracle:linux:744 ····*·cpe:/o:oracle:linux:7
45 *****·Revision·History·*****45 *****·Revision·History·*****
46 Current·version:·0.1.6546 Current·version:·0.1.65
47 ····*·draft·(as·of·2024-01-14)47 ····*·draft·(as·of·2025-02-15)
48 *****·Table·of·Contents·*****48 *****·Table·of·Contents·*****
49 ···1.·System_Settings49 ···1.·System_Settings
50 ·········1.·Installing_and_Maintaining_Software50 ·········1.·Installing_and_Maintaining_Software
51 ·········2.·Account_and_Access_Control51 ·········2.·Account_and_Access_Control
52 ·········3.·System_Accounting_with_auditd52 ·········3.·System_Accounting_with_auditd
53 ·········4.·GRUB2_bootloader_configuration53 ·········4.·GRUB2_bootloader_configuration
54 ·········5.·Network_Configuration_and_Firewalls54 ·········5.·Network_Configuration_and_Firewalls
2.0 KB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-cui.html
    
Offset 14329, 16 lines modifiedOffset 14329, 16 lines modified
00037f80:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p00037f80:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p
00037f90:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version00037f90:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version
00037fa0:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.6500037fa0:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.65
00037fb0:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul00037fb0:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul
00037fc0:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra00037fc0:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra
00037fd0:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····00037fd0:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····
00037fe0:·2020·2020·2020·2020·2020·2020·2020·2020··················00037fe0:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037ff0:·2861·7320·6f66·2032·3032·342d·3031·2d31··(as·of·2024-01-100037ff0:·2861·7320·6f66·2032·3032·352d·3032·2d31··(as·of·2025-02-1
00038000:·3429·0a20·2020·2020·2020·2020·2020·2020··4).·············00038000:·3529·0a20·2020·2020·2020·2020·2020·2020··5).·············
00038010:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d00038010:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d
00038020:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·00038020:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·
00038030:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol00038030:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol
00038040:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x00038040:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x
00038050:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj00038050:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj
00038060:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou00038060:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou
00038070:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System00038070:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System
673 B
html2text {}
    
Offset 50, 15 lines modifiedOffset 50, 15 lines modified
50 Profile·Title·Unclassified·Information·in·Non-federal·Information·Systems·and50 Profile·Title·Unclassified·Information·in·Non-federal·Information·Systems·and
51 ··············Organizations·(NIST·800-171)51 ··············Organizations·(NIST·800-171)
52 Profile·ID····xccdf_org.ssgproject.content_profile_cui52 Profile·ID····xccdf_org.ssgproject.content_profile_cui
53 ***·CPE·Platforms·***53 ***·CPE·Platforms·***
54 ····*·cpe:/o:oracle:linux:754 ····*·cpe:/o:oracle:linux:7
55 *****·Revision·History·*****55 *****·Revision·History·*****
56 Current·version:·0.1.6556 Current·version:·0.1.65
57 ····*·draft·(as·of·2024-01-14)57 ····*·draft·(as·of·2025-02-15)
58 *****·Table·of·Contents·*****58 *****·Table·of·Contents·*****
59 ···1.·System_Settings59 ···1.·System_Settings
60 ·········1.·Installing_and_Maintaining_Software60 ·········1.·Installing_and_Maintaining_Software
61 ·········2.·Account_and_Access_Control61 ·········2.·Account_and_Access_Control
62 ·········3.·System_Accounting_with_auditd62 ·········3.·System_Accounting_with_auditd
63 ·········4.·GRUB2_bootloader_configuration63 ·········4.·GRUB2_bootloader_configuration
64 ·········5.·Network_Configuration_and_Firewalls64 ·········5.·Network_Configuration_and_Firewalls
1.83 KB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-e8.html
    
Offset 14297, 15 lines modifiedOffset 14297, 15 lines modified
00037d80:·746f·7279·3c2f·6832·3e3c·703e·4375·7272··tory</h2><p>Curr00037d80:·746f·7279·3c2f·6832·3e3c·703e·4375·7272··tory</h2><p>Curr
00037d90:·656e·7420·7665·7273·696f·6e3a·203c·7374··ent·version:·<st00037d90:·656e·7420·7665·7273·696f·6e3a·203c·7374··ent·version:·<st
00037da0:·726f·6e67·3e30·2e31·2e36·353c·2f73·7472··rong>0.1.65</str00037da0:·726f·6e67·3e30·2e31·2e36·353c·2f73·7472··rong>0.1.65</str
00037db0:·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c·693e··ong></p><ul><li>00037db0:·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c·693e··ong></p><ul><li>
00037dc0:·3c73·7472·6f6e·673e·6472·6166·743c·2f73··<strong>draft</s00037dc0:·3c73·7472·6f6e·673e·6472·6166·743c·2f73··<strong>draft</s
00037dd0:·7472·6f6e·673e·0a20·2020·2020·2020·2020··trong>.·········00037dd0:·7472·6f6e·673e·0a20·2020·2020·2020·2020··trong>.·········
00037de0:·2020·2020·2020·2020·2020·2028·6173·206f·············(as·o00037de0:·2020·2020·2020·2020·2020·2028·6173·206f·············(as·o
00037df0:·6620·3230·3234·2d30·312d·3134·290a·2020··f·2024-01-14).··00037df0:·6620·3230·3235·2d30·322d·3135·290a·2020··f·2025-02-15).··
00037e00:·2020·2020·2020·2020·2020·2020·2020·3c2f················</00037e00:·2020·2020·2020·2020·2020·2020·2020·3c2f················</
00037e10:·6c69·3e3c·2f75·6c3e·3c2f·6469·763e·3c68··li></ul></div><h00037e10:·6c69·3e3c·2f75·6c3e·3c2f·6469·763e·3c68··li></ul></div><h
00037e20:·323e·5461·626c·6520·6f66·2043·6f6e·7465··2>Table·of·Conte00037e20:·323e·5461·626c·6520·6f66·2043·6f6e·7465··2>Table·of·Conte
00037e30:·6e74·733c·2f68·323e·3c6f·6c3e·3c6c·693e··nts</h2><ol><li>00037e30:·6e74·733c·2f68·323e·3c6f·6c3e·3c6c·693e··nts</h2><ol><li>
00037e40:·3c61·2068·7265·663d·2223·7863·6364·665f··<a·href="#xccdf_00037e40:·3c61·2068·7265·663d·2223·7863·6364·665f··<a·href="#xccdf_
00037e50:·6f72·672e·7373·6770·726f·6a65·6374·2e63··org.ssgproject.c00037e50:·6f72·672e·7373·6770·726f·6a65·6374·2e63··org.ssgproject.c
00037e60:·6f6e·7465·6e74·5f67·726f·7570·5f73·7973··ontent_group_sys00037e60:·6f6e·7465·6e74·5f67·726f·7570·5f73·7973··ontent_group_sys
647 B
html2text {}
    
Offset 41, 15 lines modifiedOffset 41, 15 lines modified
41 *****·Profile·Information·*****41 *****·Profile·Information·*****
42 Profile·Title·[DRAFT]·Australian·Cyber·Security·Centre·(ACSC)·Essential·Eight42 Profile·Title·[DRAFT]·Australian·Cyber·Security·Centre·(ACSC)·Essential·Eight
43 Profile·ID····xccdf_org.ssgproject.content_profile_e843 Profile·ID····xccdf_org.ssgproject.content_profile_e8
44 ***·CPE·Platforms·***44 ***·CPE·Platforms·***
45 ····*·cpe:/o:oracle:linux:745 ····*·cpe:/o:oracle:linux:7
46 *****·Revision·History·*****46 *****·Revision·History·*****
47 Current·version:·0.1.6547 Current·version:·0.1.65
48 ····*·draft·(as·of·2024-01-14)48 ····*·draft·(as·of·2025-02-15)
49 *****·Table·of·Contents·*****49 *****·Table·of·Contents·*****
50 ···1.·System_Settings50 ···1.·System_Settings
51 ·········1.·Installing_and_Maintaining_Software51 ·········1.·Installing_and_Maintaining_Software
52 ·········2.·Account_and_Access_Control52 ·········2.·Account_and_Access_Control
53 ·········3.·System_Accounting_with_auditd53 ·········3.·System_Accounting_with_auditd
54 ·········4.·Configure_Syslog54 ·········4.·Configure_Syslog
55 ·········5.·Network_Configuration_and_Firewalls55 ·········5.·Network_Configuration_and_Firewalls
1.97 KB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-hipaa.html
    
Offset 14315, 16 lines modifiedOffset 14315, 16 lines modified
00037ea0:·6973·696f·6e20·4869·7374·6f72·793c·2f68··ision·History</h00037ea0:·6973·696f·6e20·4869·7374·6f72·793c·2f68··ision·History</h
00037eb0:·323e·3c70·3e43·7572·7265·6e74·2076·6572··2><p>Current·ver00037eb0:·323e·3c70·3e43·7572·7265·6e74·2076·6572··2><p>Current·ver
00037ec0:·7369·6f6e·3a20·3c73·7472·6f6e·673e·302e··sion:·<strong>0.00037ec0:·7369·6f6e·3a20·3c73·7472·6f6e·673e·302e··sion:·<strong>0.
00037ed0:·312e·3635·3c2f·7374·726f·6e67·3e3c·2f70··1.65</strong></p00037ed0:·312e·3635·3c2f·7374·726f·6e67·3e3c·2f70··1.65</strong></p
00037ee0:·3e3c·756c·3e3c·6c69·3e3c·7374·726f·6e67··><ul><li><strong00037ee0:·3e3c·756c·3e3c·6c69·3e3c·7374·726f·6e67··><ul><li><strong
00037ef0:·3e64·7261·6674·3c2f·7374·726f·6e67·3e0a··>draft</strong>.00037ef0:·3e64·7261·6674·3c2f·7374·726f·6e67·3e0a··>draft</strong>.
00037f00:·2020·2020·2020·2020·2020·2020·2020·2020··················00037f00:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037f10:·2020·2020·2861·7320·6f66·2032·3032·342d······(as·of·2024-00037f10:·2020·2020·2861·7320·6f66·2032·3032·352d······(as·of·2025-
00037f20:·3031·2d31·3429·0a20·2020·2020·2020·2020··01-14).·········00037f20:·3032·2d31·3529·0a20·2020·2020·2020·2020··02-15).·········
00037f30:·2020·2020·2020·203c·2f6c·693e·3c2f·756c·········</li></ul00037f30:·2020·2020·2020·203c·2f6c·693e·3c2f·756c·········</li></ul
00037f40:·3e3c·2f64·6976·3e3c·6832·3e54·6162·6c65··></div><h2>Table00037f40:·3e3c·2f64·6976·3e3c·6832·3e54·6162·6c65··></div><h2>Table
00037f50:·206f·6620·436f·6e74·656e·7473·3c2f·6832···of·Contents</h200037f50:·206f·6620·436f·6e74·656e·7473·3c2f·6832···of·Contents</h2
00037f60:·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872·6566··><ol><li><a·href00037f60:·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872·6566··><ol><li><a·href
00037f70:·3d22·2378·6363·6466·5f6f·7267·2e73·7367··="#xccdf_org.ssg00037f70:·3d22·2378·6363·6466·5f6f·7267·2e73·7367··="#xccdf_org.ssg
00037f80:·7072·6f6a·6563·742e·636f·6e74·656e·745f··project.content_00037f80:·7072·6f6a·6563·742e·636f·6e74·656e·745f··project.content_
00037f90:·6772·6f75·705f·7379·7374·656d·223e·5379··group_system">Sy00037f90:·6772·6f75·705f·7379·7374·656d·223e·5379··group_system">Sy
641 B
html2text {}
    
Offset 46, 15 lines modifiedOffset 46, 15 lines modified
46 *****·Profile·Information·*****46 *****·Profile·Information·*****
47 Profile·Title·Health·Insurance·Portability·and·Accountability·Act·(HIPAA)47 Profile·Title·Health·Insurance·Portability·and·Accountability·Act·(HIPAA)
48 Profile·ID····xccdf_org.ssgproject.content_profile_hipaa48 Profile·ID····xccdf_org.ssgproject.content_profile_hipaa
49 ***·CPE·Platforms·***49 ***·CPE·Platforms·***
50 ····*·cpe:/o:oracle:linux:750 ····*·cpe:/o:oracle:linux:7
51 *****·Revision·History·*****51 *****·Revision·History·*****
52 Current·version:·0.1.6552 Current·version:·0.1.65
53 ····*·draft·(as·of·2024-01-14)53 ····*·draft·(as·of·2025-02-15)
54 *****·Table·of·Contents·*****54 *****·Table·of·Contents·*****
55 ···1.·System_Settings55 ···1.·System_Settings
56 ·········1.·Installing_and_Maintaining_Software56 ·········1.·Installing_and_Maintaining_Software
57 ·········2.·Account_and_Access_Control57 ·········2.·Account_and_Access_Control
58 ·········3.·System_Accounting_with_auditd58 ·········3.·System_Accounting_with_auditd
59 ·········4.·GRUB2_bootloader_configuration59 ·········4.·GRUB2_bootloader_configuration
60 ·········5.·Configure_Syslog60 ·········5.·Configure_Syslog
1.82 KB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-ncp.html
    
Offset 14368, 15 lines modifiedOffset 14368, 15 lines modified
000381f0:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v000381f0:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v
00038200:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>00038200:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>
00038210:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><00038210:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><
00038220:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro00038220:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro
00038230:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong00038230:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong
00038240:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············00038240:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············
00038250:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·20200038250:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·202
00038260:·342d·3031·2d31·3429·0a20·2020·2020·2020··4-01-14).·······00038260:·352d·3032·2d31·3529·0a20·2020·2020·2020··5-02-15).·······
00038270:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></00038270:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></
00038280:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab00038280:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab
00038290:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</00038290:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</
000382a0:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr000382a0:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr
000382b0:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s000382b0:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s
000382c0:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten000382c0:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten
000382d0:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">000382d0:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">
626 B
html2text {}
    
Offset 58, 15 lines modifiedOffset 58, 15 lines modified
58 *****·Profile·Information·*****58 *****·Profile·Information·*****
59 Profile·Title·NIST·National·Checklist·Program·Security·Guide59 Profile·Title·NIST·National·Checklist·Program·Security·Guide
60 Profile·ID····xccdf_org.ssgproject.content_profile_ncp60 Profile·ID····xccdf_org.ssgproject.content_profile_ncp
61 ***·CPE·Platforms·***61 ***·CPE·Platforms·***
62 ····*·cpe:/o:oracle:linux:762 ····*·cpe:/o:oracle:linux:7
63 *****·Revision·History·*****63 *****·Revision·History·*****
64 Current·version:·0.1.6564 Current·version:·0.1.65
65 ····*·draft·(as·of·2024-01-14)65 ····*·draft·(as·of·2025-02-15)
66 *****·Table·of·Contents·*****66 *****·Table·of·Contents·*****
67 ···1.·System_Settings67 ···1.·System_Settings
68 ·········1.·Installing_and_Maintaining_Software68 ·········1.·Installing_and_Maintaining_Software
69 ·········2.·Account_and_Access_Control69 ·········2.·Account_and_Access_Control
70 ·········3.·System_Accounting_with_auditd70 ·········3.·System_Accounting_with_auditd
71 ·········4.·GRUB2_bootloader_configuration71 ·········4.·GRUB2_bootloader_configuration
72 ·········5.·Configure_Syslog72 ·········5.·Configure_Syslog
1.99 KB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-ospp.html
    
Offset 14304, 16 lines modifiedOffset 14304, 16 lines modified
00037df0:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p00037df0:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p
00037e00:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version00037e00:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version
00037e10:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.6500037e10:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.65
00037e20:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul00037e20:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul
00037e30:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra00037e30:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra
00037e40:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····00037e40:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····
00037e50:·2020·2020·2020·2020·2020·2020·2020·2020··················00037e50:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037e60:·2861·7320·6f66·2032·3032·342d·3031·2d31··(as·of·2024-01-100037e60:·2861·7320·6f66·2032·3032·352d·3032·2d31··(as·of·2025-02-1
00037e70:·3429·0a20·2020·2020·2020·2020·2020·2020··4).·············00037e70:·3529·0a20·2020·2020·2020·2020·2020·2020··5).·············
00037e80:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d00037e80:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d
00037e90:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·00037e90:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·
00037ea0:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol00037ea0:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol
00037eb0:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x00037eb0:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x
00037ec0:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj00037ec0:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj
00037ed0:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou00037ed0:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou
00037ee0:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System00037ee0:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System
664 B
html2text {}
    
Offset 43, 15 lines modifiedOffset 43, 15 lines modified
43 *****·Profile·Information·*****43 *****·Profile·Information·*****
44 Profile·Title·[DRAFT]·Protection·Profile·for·General·Purpose·Operating·Systems44 Profile·Title·[DRAFT]·Protection·Profile·for·General·Purpose·Operating·Systems
45 Profile·ID····xccdf_org.ssgproject.content_profile_ospp45 Profile·ID····xccdf_org.ssgproject.content_profile_ospp
46 ***·CPE·Platforms·***46 ***·CPE·Platforms·***
47 ····*·cpe:/o:oracle:linux:747 ····*·cpe:/o:oracle:linux:7
48 *****·Revision·History·*****48 *****·Revision·History·*****
49 Current·version:·0.1.6549 Current·version:·0.1.65
50 ····*·draft·(as·of·2024-01-14)50 ····*·draft·(as·of·2025-02-15)
51 *****·Table·of·Contents·*****51 *****·Table·of·Contents·*****
52 ···1.·System_Settings52 ···1.·System_Settings
53 ·········1.·Installing_and_Maintaining_Software53 ·········1.·Installing_and_Maintaining_Software
54 ·········2.·Account_and_Access_Control54 ·········2.·Account_and_Access_Control
55 ·········3.·System_Accounting_with_auditd55 ·········3.·System_Accounting_with_auditd
56 ·········4.·GRUB2_bootloader_configuration56 ·········4.·GRUB2_bootloader_configuration
57 ·········5.·Network_Configuration_and_Firewalls57 ·········5.·Network_Configuration_and_Firewalls
1.97 KB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-pci-dss.html
    
Offset 14280, 16 lines modifiedOffset 14280, 16 lines modified
00037c70:·696f·6e20·4869·7374·6f72·793c·2f68·323e··ion·History</h2>00037c70:·696f·6e20·4869·7374·6f72·793c·2f68·323e··ion·History</h2>
00037c80:·3c70·3e43·7572·7265·6e74·2076·6572·7369··<p>Current·versi00037c80:·3c70·3e43·7572·7265·6e74·2076·6572·7369··<p>Current·versi
00037c90:·6f6e·3a20·3c73·7472·6f6e·673e·302e·312e··on:·<strong>0.1.00037c90:·6f6e·3a20·3c73·7472·6f6e·673e·302e·312e··on:·<strong>0.1.
00037ca0:·3635·3c2f·7374·726f·6e67·3e3c·2f70·3e3c··65</strong></p><00037ca0:·3635·3c2f·7374·726f·6e67·3e3c·2f70·3e3c··65</strong></p><
00037cb0:·756c·3e3c·6c69·3e3c·7374·726f·6e67·3e64··ul><li><strong>d00037cb0:·756c·3e3c·6c69·3e3c·7374·726f·6e67·3e64··ul><li><strong>d
00037cc0:·7261·6674·3c2f·7374·726f·6e67·3e0a·2020··raft</strong>.··00037cc0:·7261·6674·3c2f·7374·726f·6e67·3e0a·2020··raft</strong>.··
00037cd0:·2020·2020·2020·2020·2020·2020·2020·2020··················00037cd0:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037ce0:·2020·2861·7320·6f66·2032·3032·342d·3031····(as·of·2024-0100037ce0:·2020·2861·7320·6f66·2032·3032·352d·3032····(as·of·2025-02
00037cf0:·2d31·3429·0a20·2020·2020·2020·2020·2020··-14).···········00037cf0:·2d31·3529·0a20·2020·2020·2020·2020·2020··-15).···········
00037d00:·2020·2020·203c·2f6c·693e·3c2f·756c·3e3c·······</li></ul><00037d00:·2020·2020·203c·2f6c·693e·3c2f·756c·3e3c·······</li></ul><
00037d10:·2f64·6976·3e3c·6832·3e54·6162·6c65·206f··/div><h2>Table·o00037d10:·2f64·6976·3e3c·6832·3e54·6162·6c65·206f··/div><h2>Table·o
00037d20:·6620·436f·6e74·656e·7473·3c2f·6832·3e3c··f·Contents</h2><00037d20:·6620·436f·6e74·656e·7473·3c2f·6832·3e3c··f·Contents</h2><
00037d30:·6f6c·3e3c·6c69·3e3c·6120·6872·6566·3d22··ol><li><a·href="00037d30:·6f6c·3e3c·6c69·3e3c·6120·6872·6566·3d22··ol><li><a·href="
00037d40:·2378·6363·6466·5f6f·7267·2e73·7367·7072··#xccdf_org.ssgpr00037d40:·2378·6363·6466·5f6f·7267·2e73·7367·7072··#xccdf_org.ssgpr
00037d50:·6f6a·6563·742e·636f·6e74·656e·745f·6772··oject.content_gr00037d50:·6f6a·6563·742e·636f·6e74·656e·745f·6772··oject.content_gr
00037d60:·6f75·705f·7379·7374·656d·223e·5379·7374··oup_system">Syst00037d60:·6f75·705f·7379·7374·656d·223e·5379·7374··oup_system">Syst
640 B
html2text {}
    
Offset 37, 15 lines modifiedOffset 37, 15 lines modified
37 *****·Profile·Information·*****37 *****·Profile·Information·*****
38 Profile·Title·PCI-DSS·v3.2.1·Control·Baseline·Draft·for·Oracle·Linux·738 Profile·Title·PCI-DSS·v3.2.1·Control·Baseline·Draft·for·Oracle·Linux·7
39 Profile·ID····xccdf_org.ssgproject.content_profile_pci-dss39 Profile·ID····xccdf_org.ssgproject.content_profile_pci-dss
40 ***·CPE·Platforms·***40 ***·CPE·Platforms·***
41 ····*·cpe:/o:oracle:linux:741 ····*·cpe:/o:oracle:linux:7
42 *****·Revision·History·*****42 *****·Revision·History·*****
43 Current·version:·0.1.6543 Current·version:·0.1.65
44 ····*·draft·(as·of·2024-01-14)44 ····*·draft·(as·of·2025-02-15)
45 *****·Table·of·Contents·*****45 *****·Table·of·Contents·*****
46 ···1.·System_Settings46 ···1.·System_Settings
47 ·········1.·Installing_and_Maintaining_Software47 ·········1.·Installing_and_Maintaining_Software
48 ·········2.·Account_and_Access_Control48 ·········2.·Account_and_Access_Control
49 ·········3.·System_Accounting_with_auditd49 ·········3.·System_Accounting_with_auditd
50 ·········4.·GRUB2_bootloader_configuration50 ·········4.·GRUB2_bootloader_configuration
51 ·········5.·Configure_Syslog51 ·········5.·Configure_Syslog
1.77 KB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-sap.html
    
Offset 14289, 15 lines modifiedOffset 14289, 15 lines modified
00037d00:·6973·746f·7279·3c2f·6832·3e3c·703e·4375··istory</h2><p>Cu00037d00:·6973·746f·7279·3c2f·6832·3e3c·703e·4375··istory</h2><p>Cu
00037d10:·7272·656e·7420·7665·7273·696f·6e3a·203c··rrent·version:·<00037d10:·7272·656e·7420·7665·7273·696f·6e3a·203c··rrent·version:·<
00037d20:·7374·726f·6e67·3e30·2e31·2e36·353c·2f73··strong>0.1.65</s00037d20:·7374·726f·6e67·3e30·2e31·2e36·353c·2f73··strong>0.1.65</s
00037d30:·7472·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c··trong></p><ul><l00037d30:·7472·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c··trong></p><ul><l
00037d40:·693e·3c73·7472·6f6e·673e·6472·6166·743c··i><strong>draft<00037d40:·693e·3c73·7472·6f6e·673e·6472·6166·743c··i><strong>draft<
00037d50:·2f73·7472·6f6e·673e·0a20·2020·2020·2020··/strong>.·······00037d50:·2f73·7472·6f6e·673e·0a20·2020·2020·2020··/strong>.·······
00037d60:·2020·2020·2020·2020·2020·2020·2028·6173···············(as00037d60:·2020·2020·2020·2020·2020·2020·2028·6173···············(as
00037d70:·206f·6620·3230·3234·2d30·312d·3134·290a···of·2024-01-14).00037d70:·206f·6620·3230·3235·2d30·322d·3135·290a···of·2025-02-15).
00037d80:·2020·2020·2020·2020·2020·2020·2020·2020··················00037d80:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037d90:·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469·763e··</li></ul></div>00037d90:·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469·763e··</li></ul></div>
00037da0:·3c68·323e·5461·626c·6520·6f66·2043·6f6e··<h2>Table·of·Con00037da0:·3c68·323e·5461·626c·6520·6f66·2043·6f6e··<h2>Table·of·Con
00037db0:·7465·6e74·733c·2f68·323e·3c6f·6c3e·3c6c··tents</h2><ol><l00037db0:·7465·6e74·733c·2f68·323e·3c6f·6c3e·3c6c··tents</h2><ol><l
00037dc0:·693e·3c61·2068·7265·663d·2223·7863·6364··i><a·href="#xccd00037dc0:·693e·3c61·2068·7265·663d·2223·7863·6364··i><a·href="#xccd
00037dd0:·665f·6f72·672e·7373·6770·726f·6a65·6374··f_org.ssgproject00037dd0:·665f·6f72·672e·7373·6770·726f·6a65·6374··f_org.ssgproject
00037de0:·2e63·6f6e·7465·6e74·5f67·726f·7570·5f73··.content_group_s00037de0:·2e63·6f6e·7465·6e74·5f67·726f·7570·5f73··.content_group_s
575 B
html2text {}
    
Offset 39, 15 lines modifiedOffset 39, 15 lines modified
39 *****·Profile·Information·*****39 *****·Profile·Information·*****
40 Profile·Title·Security·Profile·of·Oracle·Linux·7·for·SAP40 Profile·Title·Security·Profile·of·Oracle·Linux·7·for·SAP
41 Profile·ID····xccdf_org.ssgproject.content_profile_sap41 Profile·ID····xccdf_org.ssgproject.content_profile_sap
42 ***·CPE·Platforms·***42 ***·CPE·Platforms·***
43 ····*·cpe:/o:oracle:linux:743 ····*·cpe:/o:oracle:linux:7
44 *****·Revision·History·*****44 *****·Revision·History·*****
45 Current·version:·0.1.6545 Current·version:·0.1.65
46 ····*·draft·(as·of·2024-01-14)46 ····*·draft·(as·of·2025-02-15)
47 *****·Table·of·Contents·*****47 *****·Table·of·Contents·*****
48 ···1.·System_Settings48 ···1.·System_Settings
49 ·········1.·Installing_and_Maintaining_Software49 ·········1.·Installing_and_Maintaining_Software
50 ·········2.·File_Permissions_and_Masks50 ·········2.·File_Permissions_and_Masks
51 ···2.·Services51 ···2.·Services
52 ·········1.·Obsolete_Services52 ·········1.·Obsolete_Services
53 *****·Checklist·*****53 *****·Checklist·*****
1.83 KB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-standard.html
    
Offset 14285, 15 lines modifiedOffset 14285, 15 lines modified
00037cc0:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C00037cc0:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C
00037cd0:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·00037cd0:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·
00037ce0:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</00037ce0:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</
00037cf0:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><00037cf0:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><
00037d00:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft00037d00:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft
00037d10:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······00037d10:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······
00037d20:·2020·2020·2020·2020·2020·2020·2020·2861················(a00037d20:·2020·2020·2020·2020·2020·2020·2020·2861················(a
00037d30:·7320·6f66·2032·3032·342d·3031·2d31·3429··s·of·2024-01-14)00037d30:·7320·6f66·2032·3032·352d·3032·2d31·3529··s·of·2025-02-15)
00037d40:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············00037d40:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············
00037d50:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div00037d50:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div
00037d60:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co00037d60:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co
00037d70:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><00037d70:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><
00037d80:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc00037d80:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc
00037d90:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec00037d90:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec
00037da0:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_00037da0:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_
632 B
html2text {}
    
Offset 38, 15 lines modifiedOffset 38, 15 lines modified
38 *****·Profile·Information·*****38 *****·Profile·Information·*****
39 Profile·Title·Standard·System·Security·Profile·for·Oracle·Linux·739 Profile·Title·Standard·System·Security·Profile·for·Oracle·Linux·7
40 Profile·ID····xccdf_org.ssgproject.content_profile_standard40 Profile·ID····xccdf_org.ssgproject.content_profile_standard
41 ***·CPE·Platforms·***41 ***·CPE·Platforms·***
42 ····*·cpe:/o:oracle:linux:742 ····*·cpe:/o:oracle:linux:7
43 *****·Revision·History·*****43 *****·Revision·History·*****
44 Current·version:·0.1.6544 Current·version:·0.1.65
45 ····*·draft·(as·of·2024-01-14)45 ····*·draft·(as·of·2025-02-15)
46 *****·Table·of·Contents·*****46 *****·Table·of·Contents·*****
47 ···1.·System_Settings47 ···1.·System_Settings
48 ·········1.·Installing_and_Maintaining_Software48 ·········1.·Installing_and_Maintaining_Software
49 ·········2.·Account_and_Access_Control49 ·········2.·Account_and_Access_Control
50 ·········3.·System_Accounting_with_auditd50 ·········3.·System_Accounting_with_auditd
51 ·········4.·Configure_Syslog51 ·········4.·Configure_Syslog
52 ·········5.·File_Permissions_and_Masks52 ·········5.·File_Permissions_and_Masks
1.8 KB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-stig.html
    
Offset 14278, 15 lines modifiedOffset 14278, 15 lines modified
00037c50:·7279·3c2f·6832·3e3c·703e·4375·7272·656e··ry</h2><p>Curren00037c50:·7279·3c2f·6832·3e3c·703e·4375·7272·656e··ry</h2><p>Curren
00037c60:·7420·7665·7273·696f·6e3a·203c·7374·726f··t·version:·<stro00037c60:·7420·7665·7273·696f·6e3a·203c·7374·726f··t·version:·<stro
00037c70:·6e67·3e30·2e31·2e36·353c·2f73·7472·6f6e··ng>0.1.65</stron00037c70:·6e67·3e30·2e31·2e36·353c·2f73·7472·6f6e··ng>0.1.65</stron
00037c80:·673e·3c2f·703e·3c75·6c3e·3c6c·693e·3c73··g></p><ul><li><s00037c80:·673e·3c2f·703e·3c75·6c3e·3c6c·693e·3c73··g></p><ul><li><s
00037c90:·7472·6f6e·673e·6472·6166·743c·2f73·7472··trong>draft</str00037c90:·7472·6f6e·673e·6472·6166·743c·2f73·7472··trong>draft</str
00037ca0:·6f6e·673e·0a20·2020·2020·2020·2020·2020··ong>.···········00037ca0:·6f6e·673e·0a20·2020·2020·2020·2020·2020··ong>.···········
00037cb0:·2020·2020·2020·2020·2028·6173·206f·6620···········(as·of·00037cb0:·2020·2020·2020·2020·2028·6173·206f·6620···········(as·of·
00037cc0:·3230·3234·2d30·312d·3134·290a·2020·2020··2024-01-14).····00037cc0:·3230·3235·2d30·322d·3135·290a·2020·2020··2025-02-15).····
00037cd0:·2020·2020·2020·2020·2020·2020·3c2f·6c69··············</li00037cd0:·2020·2020·2020·2020·2020·2020·3c2f·6c69··············</li
00037ce0:·3e3c·2f75·6c3e·3c2f·6469·763e·3c68·323e··></ul></div><h2>00037ce0:·3e3c·2f75·6c3e·3c2f·6469·763e·3c68·323e··></ul></div><h2>
00037cf0:·5461·626c·6520·6f66·2043·6f6e·7465·6e74··Table·of·Content00037cf0:·5461·626c·6520·6f66·2043·6f6e·7465·6e74··Table·of·Content
00037d00:·733c·2f68·323e·3c6f·6c3e·3c6c·693e·3c61··s</h2><ol><li><a00037d00:·733c·2f68·323e·3c6f·6c3e·3c6c·693e·3c61··s</h2><ol><li><a
00037d10:·2068·7265·663d·2223·7863·6364·665f·6f72···href="#xccdf_or00037d10:·2068·7265·663d·2223·7863·6364·665f·6f72···href="#xccdf_or
00037d20:·672e·7373·6770·726f·6a65·6374·2e63·6f6e··g.ssgproject.con00037d20:·672e·7373·6770·726f·6a65·6374·2e63·6f6e··g.ssgproject.con
00037d30:·7465·6e74·5f67·726f·7570·5f73·7973·7465··tent_group_syste00037d30:·7465·6e74·5f67·726f·7570·5f73·7973·7465··tent_group_syste
609 B
html2text {}
    
Offset 37, 15 lines modifiedOffset 37, 15 lines modified
37 *****·Profile·Information·*****37 *****·Profile·Information·*****
38 Profile·Title·DISA·STIG·for·Oracle·Linux·738 Profile·Title·DISA·STIG·for·Oracle·Linux·7
39 Profile·ID····xccdf_org.ssgproject.content_profile_stig39 Profile·ID····xccdf_org.ssgproject.content_profile_stig
40 ***·CPE·Platforms·***40 ***·CPE·Platforms·***
41 ····*·cpe:/o:oracle:linux:741 ····*·cpe:/o:oracle:linux:7
42 *****·Revision·History·*****42 *****·Revision·History·*****
43 Current·version:·0.1.6543 Current·version:·0.1.65
44 ····*·draft·(as·of·2024-01-14)44 ····*·draft·(as·of·2025-02-15)
45 *****·Table·of·Contents·*****45 *****·Table·of·Contents·*****
46 ···1.·System_Settings46 ···1.·System_Settings
47 ·········1.·Installing_and_Maintaining_Software47 ·········1.·Installing_and_Maintaining_Software
48 ·········2.·Account_and_Access_Control48 ·········2.·Account_and_Access_Control
49 ·········3.·System_Accounting_with_auditd49 ·········3.·System_Accounting_with_auditd
50 ·········4.·GRUB2_bootloader_configuration50 ·········4.·GRUB2_bootloader_configuration
51 ·········5.·Configure_Syslog51 ·········5.·Configure_Syslog
1.96 KB
./usr/share/doc/ssg-nondebian/ssg-ol7-guide-stig_gui.html
    
Offset 14301, 16 lines modifiedOffset 14301, 16 lines modified
00037dc0:·6f6e·2048·6973·746f·7279·3c2f·6832·3e3c··on·History</h2><00037dc0:·6f6e·2048·6973·746f·7279·3c2f·6832·3e3c··on·History</h2><
00037dd0:·703e·4375·7272·656e·7420·7665·7273·696f··p>Current·versio00037dd0:·703e·4375·7272·656e·7420·7665·7273·696f··p>Current·versio
00037de0:·6e3a·203c·7374·726f·6e67·3e30·2e31·2e36··n:·<strong>0.1.600037de0:·6e3a·203c·7374·726f·6e67·3e30·2e31·2e36··n:·<strong>0.1.6
00037df0:·353c·2f73·7472·6f6e·673e·3c2f·703e·3c75··5</strong></p><u00037df0:·353c·2f73·7472·6f6e·673e·3c2f·703e·3c75··5</strong></p><u
00037e00:·6c3e·3c6c·693e·3c73·7472·6f6e·673e·6472··l><li><strong>dr00037e00:·6c3e·3c6c·693e·3c73·7472·6f6e·673e·6472··l><li><strong>dr
00037e10:·6166·743c·2f73·7472·6f6e·673e·0a20·2020··aft</strong>.···00037e10:·6166·743c·2f73·7472·6f6e·673e·0a20·2020··aft</strong>.···
00037e20:·2020·2020·2020·2020·2020·2020·2020·2020··················00037e20:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037e30:·2028·6173·206f·6620·3230·3234·2d30·312d···(as·of·2024-01-00037e30:·2028·6173·206f·6620·3230·3235·2d30·322d···(as·of·2025-02-
00037e40:·3134·290a·2020·2020·2020·2020·2020·2020··14).············00037e40:·3135·290a·2020·2020·2020·2020·2020·2020··15).············
00037e50:·2020·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f······</li></ul></00037e50:·2020·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f······</li></ul></
00037e60:·6469·763e·3c68·323e·5461·626c·6520·6f66··div><h2>Table·of00037e60:·6469·763e·3c68·323e·5461·626c·6520·6f66··div><h2>Table·of
00037e70:·2043·6f6e·7465·6e74·733c·2f68·323e·3c6f···Contents</h2><o00037e70:·2043·6f6e·7465·6e74·733c·2f68·323e·3c6f···Contents</h2><o
00037e80:·6c3e·3c6c·693e·3c61·2068·7265·663d·2223··l><li><a·href="#00037e80:·6c3e·3c6c·693e·3c61·2068·7265·663d·2223··l><li><a·href="#
00037e90:·7863·6364·665f·6f72·672e·7373·6770·726f··xccdf_org.ssgpro00037e90:·7863·6364·665f·6f72·672e·7373·6770·726f··xccdf_org.ssgpro
00037ea0:·6a65·6374·2e63·6f6e·7465·6e74·5f67·726f··ject.content_gro00037ea0:·6a65·6374·2e63·6f6e·7465·6e74·5f67·726f··ject.content_gro
00037eb0:·7570·5f73·7973·7465·6d22·3e53·7973·7465··up_system">Syste00037eb0:·7570·5f73·7973·7465·6d22·3e53·7973·7465··up_system">Syste
622 B
html2text {}
    
Offset 42, 15 lines modifiedOffset 42, 15 lines modified
42 *****·Profile·Information·*****42 *****·Profile·Information·*****
43 Profile·Title·DISA·STIG·with·GUI·for·Oracle·Linux·743 Profile·Title·DISA·STIG·with·GUI·for·Oracle·Linux·7
44 Profile·ID····xccdf_org.ssgproject.content_profile_stig_gui44 Profile·ID····xccdf_org.ssgproject.content_profile_stig_gui
45 ***·CPE·Platforms·***45 ***·CPE·Platforms·***
46 ····*·cpe:/o:oracle:linux:746 ····*·cpe:/o:oracle:linux:7
47 *****·Revision·History·*****47 *****·Revision·History·*****
48 Current·version:·0.1.6548 Current·version:·0.1.65
49 ····*·draft·(as·of·2024-01-14)49 ····*·draft·(as·of·2025-02-15)
50 *****·Table·of·Contents·*****50 *****·Table·of·Contents·*****
51 ···1.·System_Settings51 ···1.·System_Settings
52 ·········1.·Installing_and_Maintaining_Software52 ·········1.·Installing_and_Maintaining_Software
53 ·········2.·Account_and_Access_Control53 ·········2.·Account_and_Access_Control
54 ·········3.·System_Accounting_with_auditd54 ·········3.·System_Accounting_with_auditd
55 ·········4.·GRUB2_bootloader_configuration55 ·········4.·GRUB2_bootloader_configuration
56 ·········5.·Configure_Syslog56 ·········5.·Configure_Syslog
1.84 KB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-anssi_bp28_enhanced.html
    
Offset 14302, 15 lines modifiedOffset 14302, 15 lines modified
00037dd0:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C00037dd0:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C
00037de0:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·00037de0:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·
00037df0:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</00037df0:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</
00037e00:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><00037e00:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><
00037e10:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft00037e10:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft
00037e20:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······00037e20:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······
00037e30:·2020·2020·2020·2020·2020·2020·2020·2861················(a00037e30:·2020·2020·2020·2020·2020·2020·2020·2861················(a
00037e40:·7320·6f66·2032·3032·342d·3031·2d31·3429··s·of·2024-01-14)00037e40:·7320·6f66·2032·3032·352d·3032·2d31·3529··s·of·2025-02-15)
00037e50:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············00037e50:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············
00037e60:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div00037e60:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div
00037e70:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co00037e70:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co
00037e80:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><00037e80:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><
00037e90:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc00037e90:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc
00037ea0:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec00037ea0:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec
00037eb0:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_00037eb0:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_
619 B
html2text {}
    
Offset 43, 15 lines modifiedOffset 43, 15 lines modified
43 *****·Profile·Information·*****43 *****·Profile·Information·*****
44 Profile·Title·ANSSI-BP-028·(enhanced)44 Profile·Title·ANSSI-BP-028·(enhanced)
45 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced45 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced
46 ***·CPE·Platforms·***46 ***·CPE·Platforms·***
47 ····*·cpe:/o:oracle:linux:847 ····*·cpe:/o:oracle:linux:8
48 *****·Revision·History·*****48 *****·Revision·History·*****
49 Current·version:·0.1.6549 Current·version:·0.1.65
50 ····*·draft·(as·of·2024-01-14)50 ····*·draft·(as·of·2025-02-15)
51 *****·Table·of·Contents·*****51 *****·Table·of·Contents·*****
52 ···1.·System_Settings52 ···1.·System_Settings
53 ·········1.·Installing_and_Maintaining_Software53 ·········1.·Installing_and_Maintaining_Software
54 ·········2.·Account_and_Access_Control54 ·········2.·Account_and_Access_Control
55 ·········3.·System_Accounting_with_auditd55 ·········3.·System_Accounting_with_auditd
56 ·········4.·GRUB2_bootloader_configuration56 ·········4.·GRUB2_bootloader_configuration
57 ·········5.·Configure_Syslog57 ·········5.·Configure_Syslog
1.83 KB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-anssi_bp28_high.html
    
Offset 14301, 15 lines modifiedOffset 14301, 15 lines modified
00037dc0:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C00037dc0:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C
00037dd0:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·00037dd0:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·
00037de0:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</00037de0:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</
00037df0:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><00037df0:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><
00037e00:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft00037e00:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft
00037e10:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······00037e10:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······
00037e20:·2020·2020·2020·2020·2020·2020·2020·2861················(a00037e20:·2020·2020·2020·2020·2020·2020·2020·2861················(a
00037e30:·7320·6f66·2032·3032·342d·3031·2d31·3429··s·of·2024-01-14)00037e30:·7320·6f66·2032·3032·352d·3032·2d31·3529··s·of·2025-02-15)
00037e40:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············00037e40:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············
00037e50:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div00037e50:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div
00037e60:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co00037e60:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co
00037e70:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><00037e70:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><
00037e80:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc00037e80:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc
00037e90:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec00037e90:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec
00037ea0:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_00037ea0:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_
611 B
html2text {}
    
Offset 43, 15 lines modifiedOffset 43, 15 lines modified
43 *****·Profile·Information·*****43 *****·Profile·Information·*****
44 Profile·Title·ANSSI-BP-028·(high)44 Profile·Title·ANSSI-BP-028·(high)
45 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_high45 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_high
46 ***·CPE·Platforms·***46 ***·CPE·Platforms·***
47 ····*·cpe:/o:oracle:linux:847 ····*·cpe:/o:oracle:linux:8
48 *****·Revision·History·*****48 *****·Revision·History·*****
49 Current·version:·0.1.6549 Current·version:·0.1.65
50 ····*·draft·(as·of·2024-01-14)50 ····*·draft·(as·of·2025-02-15)
51 *****·Table·of·Contents·*****51 *****·Table·of·Contents·*****
52 ···1.·System_Settings52 ···1.·System_Settings
53 ·········1.·Installing_and_Maintaining_Software53 ·········1.·Installing_and_Maintaining_Software
54 ·········2.·Account_and_Access_Control54 ·········2.·Account_and_Access_Control
55 ·········3.·System_Accounting_with_auditd55 ·········3.·System_Accounting_with_auditd
56 ·········4.·GRUB2_bootloader_configuration56 ·········4.·GRUB2_bootloader_configuration
57 ·········5.·Configure_Syslog57 ·········5.·Configure_Syslog
1.86 KB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-anssi_bp28_intermediary.html
    
Offset 14303, 15 lines modifiedOffset 14303, 15 lines modified
00037de0:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C00037de0:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C
00037df0:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·00037df0:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·
00037e00:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</00037e00:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</
00037e10:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><00037e10:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><
00037e20:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft00037e20:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft
00037e30:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······00037e30:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······
00037e40:·2020·2020·2020·2020·2020·2020·2020·2861················(a00037e40:·2020·2020·2020·2020·2020·2020·2020·2861················(a
00037e50:·7320·6f66·2032·3032·342d·3031·2d31·3429··s·of·2024-01-14)00037e50:·7320·6f66·2032·3032·352d·3032·2d31·3529··s·of·2025-02-15)
00037e60:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············00037e60:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············
00037e70:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div00037e70:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div
00037e80:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co00037e80:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co
00037e90:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><00037e90:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><
00037ea0:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc00037ea0:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc
00037eb0:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec00037eb0:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec
00037ec0:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_00037ec0:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_
632 B
html2text {}
    
Offset 43, 15 lines modifiedOffset 43, 15 lines modified
43 *****·Profile·Information·*****43 *****·Profile·Information·*****
44 Profile·Title·ANSSI-BP-028·(intermediary)44 Profile·Title·ANSSI-BP-028·(intermediary)
45 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary45 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary
46 ***·CPE·Platforms·***46 ***·CPE·Platforms·***
47 ····*·cpe:/o:oracle:linux:847 ····*·cpe:/o:oracle:linux:8
48 *****·Revision·History·*****48 *****·Revision·History·*****
49 Current·version:·0.1.6549 Current·version:·0.1.65
50 ····*·draft·(as·of·2024-01-14)50 ····*·draft·(as·of·2025-02-15)
51 *****·Table·of·Contents·*****51 *****·Table·of·Contents·*****
52 ···1.·System_Settings52 ···1.·System_Settings
53 ·········1.·Installing_and_Maintaining_Software53 ·········1.·Installing_and_Maintaining_Software
54 ·········2.·Account_and_Access_Control54 ·········2.·Account_and_Access_Control
55 ·········3.·System_Accounting_with_auditd55 ·········3.·System_Accounting_with_auditd
56 ·········4.·Configure_Syslog56 ·········4.·Configure_Syslog
57 ·········5.·Network_Configuration_and_Firewalls57 ·········5.·Network_Configuration_and_Firewalls
1.81 KB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-anssi_bp28_minimal.html
    
Offset 14302, 15 lines modifiedOffset 14302, 15 lines modified
00037dd0:·6f72·793c·2f68·323e·3c70·3e43·7572·7265··ory</h2><p>Curre00037dd0:·6f72·793c·2f68·323e·3c70·3e43·7572·7265··ory</h2><p>Curre
00037de0:·6e74·2076·6572·7369·6f6e·3a20·3c73·7472··nt·version:·<str00037de0:·6e74·2076·6572·7369·6f6e·3a20·3c73·7472··nt·version:·<str
00037df0:·6f6e·673e·302e·312e·3635·3c2f·7374·726f··ong>0.1.65</stro00037df0:·6f6e·673e·302e·312e·3635·3c2f·7374·726f··ong>0.1.65</stro
00037e00:·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c··ng></p><ul><li><00037e00:·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c··ng></p><ul><li><
00037e10:·7374·726f·6e67·3e64·7261·6674·3c2f·7374··strong>draft</st00037e10:·7374·726f·6e67·3e64·7261·6674·3c2f·7374··strong>draft</st
00037e20:·726f·6e67·3e0a·2020·2020·2020·2020·2020··rong>.··········00037e20:·726f·6e67·3e0a·2020·2020·2020·2020·2020··rong>.··········
00037e30:·2020·2020·2020·2020·2020·2861·7320·6f66············(as·of00037e30:·2020·2020·2020·2020·2020·2861·7320·6f66············(as·of
00037e40:·2032·3032·342d·3031·2d31·3429·0a20·2020···2024-01-14).···00037e40:·2032·3032·352d·3032·2d31·3529·0a20·2020···2025-02-15).···
00037e50:·2020·2020·2020·2020·2020·2020·203c·2f6c···············</l00037e50:·2020·2020·2020·2020·2020·2020·203c·2f6c···············</l
00037e60:·693e·3c2f·756c·3e3c·2f64·6976·3e3c·6832··i></ul></div><h200037e60:·693e·3c2f·756c·3e3c·2f64·6976·3e3c·6832··i></ul></div><h2
00037e70:·3e54·6162·6c65·206f·6620·436f·6e74·656e··>Table·of·Conten00037e70:·3e54·6162·6c65·206f·6620·436f·6e74·656e··>Table·of·Conten
00037e80:·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c··ts</h2><ol><li><00037e80:·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c··ts</h2><ol><li><
00037e90:·6120·6872·6566·3d22·2378·6363·6466·5f6f··a·href="#xccdf_o00037e90:·6120·6872·6566·3d22·2378·6363·6466·5f6f··a·href="#xccdf_o
00037ea0:·7267·2e73·7367·7072·6f6a·6563·742e·636f··rg.ssgproject.co00037ea0:·7267·2e73·7367·7072·6f6a·6563·742e·636f··rg.ssgproject.co
00037eb0:·6e74·656e·745f·6772·6f75·705f·7379·7374··ntent_group_syst00037eb0:·6e74·656e·745f·6772·6f75·705f·7379·7374··ntent_group_syst
586 B
html2text {}
    
Offset 43, 15 lines modifiedOffset 43, 15 lines modified
43 *****·Profile·Information·*****43 *****·Profile·Information·*****
44 Profile·Title·ANSSI-BP-028·(minimal)44 Profile·Title·ANSSI-BP-028·(minimal)
45 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_minimal45 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_minimal
46 ***·CPE·Platforms·***46 ***·CPE·Platforms·***
47 ····*·cpe:/o:oracle:linux:847 ····*·cpe:/o:oracle:linux:8
48 *****·Revision·History·*****48 *****·Revision·History·*****
49 Current·version:·0.1.6549 Current·version:·0.1.65
50 ····*·draft·(as·of·2024-01-14)50 ····*·draft·(as·of·2025-02-15)
51 *****·Table·of·Contents·*****51 *****·Table·of·Contents·*****
52 ···1.·System_Settings52 ···1.·System_Settings
53 ·········1.·Installing_and_Maintaining_Software53 ·········1.·Installing_and_Maintaining_Software
54 ·········2.·Account_and_Access_Control54 ·········2.·Account_and_Access_Control
55 ·········3.·Configure_Syslog55 ·········3.·Configure_Syslog
56 ·········4.·File_Permissions_and_Masks56 ·········4.·File_Permissions_and_Masks
57 ···2.·Services57 ···2.·Services
17.1 KB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-cjis.html
    
Offset 14289, 16 lines modifiedOffset 14289, 16 lines modified
00037d00:·6f6e·2048·6973·746f·7279·3c2f·6832·3e3c··on·History</h2><00037d00:·6f6e·2048·6973·746f·7279·3c2f·6832·3e3c··on·History</h2><
00037d10:·703e·4375·7272·656e·7420·7665·7273·696f··p>Current·versio00037d10:·703e·4375·7272·656e·7420·7665·7273·696f··p>Current·versio
00037d20:·6e3a·203c·7374·726f·6e67·3e30·2e31·2e36··n:·<strong>0.1.600037d20:·6e3a·203c·7374·726f·6e67·3e30·2e31·2e36··n:·<strong>0.1.6
00037d30:·353c·2f73·7472·6f6e·673e·3c2f·703e·3c75··5</strong></p><u00037d30:·353c·2f73·7472·6f6e·673e·3c2f·703e·3c75··5</strong></p><u
00037d40:·6c3e·3c6c·693e·3c73·7472·6f6e·673e·6472··l><li><strong>dr00037d40:·6c3e·3c6c·693e·3c73·7472·6f6e·673e·6472··l><li><strong>dr
00037d50:·6166·743c·2f73·7472·6f6e·673e·0a20·2020··aft</strong>.···00037d50:·6166·743c·2f73·7472·6f6e·673e·0a20·2020··aft</strong>.···
00037d60:·2020·2020·2020·2020·2020·2020·2020·2020··················00037d60:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037d70:·2028·6173·206f·6620·3230·3234·2d30·312d···(as·of·2024-01-00037d70:·2028·6173·206f·6620·3230·3235·2d30·322d···(as·of·2025-02-
00037d80:·3134·290a·2020·2020·2020·2020·2020·2020··14).············00037d80:·3135·290a·2020·2020·2020·2020·2020·2020··15).············
00037d90:·2020·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f······</li></ul></00037d90:·2020·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f······</li></ul></
00037da0:·6469·763e·3c68·323e·5461·626c·6520·6f66··div><h2>Table·of00037da0:·6469·763e·3c68·323e·5461·626c·6520·6f66··div><h2>Table·of
00037db0:·2043·6f6e·7465·6e74·733c·2f68·323e·3c6f···Contents</h2><o00037db0:·2043·6f6e·7465·6e74·733c·2f68·323e·3c6f···Contents</h2><o
00037dc0:·6c3e·3c6c·693e·3c61·2068·7265·663d·2223··l><li><a·href="#00037dc0:·6c3e·3c6c·693e·3c61·2068·7265·663d·2223··l><li><a·href="#
00037dd0:·7863·6364·665f·6f72·672e·7373·6770·726f··xccdf_org.ssgpro00037dd0:·7863·6364·665f·6f72·672e·7373·6770·726f··xccdf_org.ssgpro
00037de0:·6a65·6374·2e63·6f6e·7465·6e74·5f67·726f··ject.content_gro00037de0:·6a65·6374·2e63·6f6e·7465·6e74·5f67·726f··ject.content_gro
00037df0:·7570·5f73·7973·7465·6d22·3e53·7973·7465··up_system">Syste00037df0:·7570·5f73·7973·7465·6d22·3e53·7973·7465··up_system">Syste
Offset 130703, 22 lines modifiedOffset 130703, 22 lines modified
001fe8e0:·6e61·6d65·3a20·5465·7374·2066·6f72·2065··name:·Test·for·e001fe8e0:·6e61·6d65·3a20·5465·7374·2066·6f72·2065··name:·Test·for·e
001fe8f0:·7869·7374·656e·6365·202f·626f·6f74·2f67··xistence·/boot/g001fe8f0:·7869·7374·656e·6365·202f·626f·6f74·2f67··xistence·/boot/g
001fe900:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··001fe900:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··
001fe910:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:·001fe910:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:·
001fe920:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub001fe920:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
001fe930:·2e63·6667·0a20·2072·6567·6973·7465·723a··.cfg.··register:001fe930:·2e63·6667·0a20·2072·6567·6973·7465·723a··.cfg.··register:
001fe940:·2066·696c·655f·6578·6973·7473·0a20·2077···file_exists.··w001fe940:·2066·696c·655f·6578·6973·7473·0a20·2077···file_exists.··w
001fe950:·6865·6e3a·0a20·202d·2027·222f·626f·6f74··hen:.··-·'"/boot001fe950:·6865·6e3a·0a20·202d·2027·2267·7275·6232··hen:.··-·'"grub2
001fe960:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans 
001fe970:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma 
001fe980:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou 
001fe990:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··- 
001fe9a0:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common" 
001fe9b0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
001fe9c0:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·001fe960:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi
 001fe970:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
 001fe980:·6573·270a·2020·2d20·2722·2f62·6f6f·742f··es'.··-·'"/boot/
 001fe990:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi
 001fe9a0:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map
 001fe9b0:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun
 001fe9c0:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-·
001fe9d0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali001fe9d0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
001fe9e0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·001fe9e0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
001fe9f0:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l001fe9f0:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
001fea00:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"001fea00:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
001fea10:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai001fea10:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
001fea20:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··001fea20:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··
001fea30:·2d20·434a·4953·2d35·2e35·2e32·2e32·0a20··-·CJIS-5.5.2.2.·001fea30:·2d20·434a·4953·2d35·2e35·2e32·2e32·0a20··-·CJIS-5.5.2.2.·
Offset 130739, 22 lines modifiedOffset 130739, 22 lines modified
001feb20:·206e·616d·653a·2045·6e73·7572·6520·6772···name:·Ensure·gr001feb20:·206e·616d·653a·2045·6e73·7572·6520·6772···name:·Ensure·gr
001feb30:·6f75·7020·6f77·6e65·7220·3020·6f6e·202f··oup·owner·0·on·/001feb30:·6f75·7020·6f77·6e65·7220·3020·6f6e·202f··oup·owner·0·on·/
001feb40:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.001feb40:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
001feb50:·6366·670a·2020·6669·6c65·3a0a·2020·2020··cfg.··file:.····001feb50:·6366·670a·2020·6669·6c65·3a0a·2020·2020··cfg.··file:.····
001feb60:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub001feb60:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub
001feb70:·322f·6772·7562·2e63·6667·0a20·2020·2067··2/grub.cfg.····g001feb70:·322f·6772·7562·2e63·6667·0a20·2020·2067··2/grub.cfg.····g
001feb80:·726f·7570·3a20·2730·270a·2020·7768·656e··roup:·'0'.··when001feb80:·726f·7570·3a20·2730·270a·2020·7768·656e··roup:·'0'.··when
001feb90:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef 
001feba0:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl 
001febb0:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a 
001febc0:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount" 
001febd0:·2920·7c20·6c69·7374·270a·2020·2d20·2722··)·|·list'.··-·'" 
001febe0:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in 
001febf0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
001fec00:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans001feb90:·3a0a·2020·2d20·2722·6772·7562·322d·636f··:.··-·'"grub2-co
 001feba0:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible
 001febb0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 001febc0:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi
 001febd0:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible
 001febe0:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at
 001febf0:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount")
 001fec00:·207c·206c·6973·7427·0a20·202d·2061·6e73···|·list'.··-·ans
001fec10:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat001fec10:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
001fec20:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·001fec20:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
001fec30:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"001fec30:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
001fec40:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod001fec40:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
001fec50:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container001fec50:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
001fec60:·225d·0a20·202d·2066·696c·655f·6578·6973··"].··-·file_exis001fec60:·225d·0a20·202d·2066·696c·655f·6578·6973··"].··-·file_exis
001fec70:·7473·2e73·7461·7420·6973·2064·6566·696e··ts.stat·is·defin001fec70:·7473·2e73·7461·7420·6973·2064·6566·696e··ts.stat·is·defin
Offset 130804, 19 lines modifiedOffset 130804, 19 lines modified
001fef30:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str001fef30:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str
001fef40:·6174·6567·793a·3c2f·7468·3e3c·7464·3e63··ategy:</th><td>c001fef40:·6174·6567·793a·3c2f·7468·3e3c·7464·3e63··ategy:</th><td>c
001fef50:·6f6e·6669·6775·7265·3c2f·7464·3e3c·2f74··onfigure</td></t001fef50:·6f6e·6669·6775·7265·3c2f·7464·3e3c·2f74··onfigure</td></t
001fef60:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><001fef60:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><
001fef70:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati001fef70:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati
001fef80:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable001fef80:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable
001fef90:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain001fef90:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain
001fefa0:·2070·6c61·7466·6f72·6d73·0a69·6620·5b20···platforms.if·[·001fefa0:·2070·6c61·7466·6f72·6d73·0a69·6620·7270···platforms.if·rp
001fefb0:·2120·2d66·202f·7379·732f·6669·726d·7761··!·-f·/sys/firmwa 
001fefc0:·7265·2f65·6669·205d·2026·616d·703b·2661··re/efi·]·&amp;&a 
001fefd0:·6d70·3b20·7270·6d20·2d2d·7175·6965·7420··mp;·rpm·--quiet· 
001fefe0:·2d71·2067·7275·6232·2d63·6f6d·6d6f·6e20··-q·grub2-common·001fefb0:·6d20·2d2d·7175·6965·7420·2d71·2067·7275··m·--quiet·-q·gru
 001fefc0:·6232·2d63·6f6d·6d6f·6e20·2661·6d70·3b26··b2-common·&amp;&
 001fefd0:·616d·703b·205b·2021·202d·6620·2f73·7973··amp;·[·!·-f·/sys
 001fefe0:·2f66·6972·6d77·6172·652f·6566·6920·5d20··/firmware/efi·]·
001feff0:·2661·6d70·3b26·616d·703b·207b·205b·2021··&amp;&amp;·{·[·!001feff0:·2661·6d70·3b26·616d·703b·207b·205b·2021··&amp;&amp;·{·[·!
001ff000:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·001ff000:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·
001ff010:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!001ff010:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!
001ff020:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai001ff020:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai
001ff030:·6e65·7265·6e76·205d·3b20·7d3b·2074·6865··nerenv·];·};·the001ff030:·6e65·7265·6e76·205d·3b20·7d3b·2074·6865··nerenv·];·};·the
001ff040:·6e0a·0a63·6867·7270·2030·202f·626f·6f74··n..chgrp·0·/boot001ff040:·6e0a·0a63·6867·7270·2030·202f·626f·6f74··n..chgrp·0·/boot
001ff050:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.001ff050:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.
Offset 131278, 22 lines modifiedOffset 131278, 22 lines modified
00200cd0:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis00200cd0:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis
00200ce0:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub00200ce0:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub
00200cf0:·322f·6772·7562·2e63·6667·0a20·2073·7461··2/grub.cfg.··sta00200cf0:·322f·6772·7562·2e63·6667·0a20·2073·7461··2/grub.cfg.··sta
00200d00:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo00200d00:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo
00200d10:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf00200d10:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
00200d20:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi00200d20:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi
00200d30:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when00200d30:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when
00200d40:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef 
00200d50:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl 
00200d60:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a 
00200d70:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount" 
00200d80:·2920·7c20·6c69·7374·270a·2020·2d20·2722··)·|·list'.··-·'" 
00200d90:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in 
00200da0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
00200db0:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans00200d40:·3a0a·2020·2d20·2722·6772·7562·322d·636f··:.··-·'"grub2-co
 00200d50:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible
 00200d60:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 00200d70:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi
 00200d80:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible
 00200d90:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at
 00200da0:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount")
 00200db0:·207c·206c·6973·7427·0a20·202d·2061·6e73···|·list'.··-·ans
00200dc0:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat00200dc0:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
00200dd0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·00200dd0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
00200de0:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"00200de0:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
00200df0:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod00200df0:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
00200e00:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container00200e00:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
00200e10:·225d·0a20·2074·6167·733a·0a20·202d·2043··"].··tags:.··-·C00200e10:·225d·0a20·2074·6167·733a·0a20·202d·2043··"].··tags:.··-·C
Max diff block lines reached; 3782/13028 bytes (29.03%) of diff not shown.
4.23 KB
html2text {}
    
Offset 40, 15 lines modifiedOffset 40, 15 lines modified
40 *****·Profile·Information·*****40 *****·Profile·Information·*****
41 Profile·Title·Criminal·Justice·Information·Services·(CJIS)·Security·Policy41 Profile·Title·Criminal·Justice·Information·Services·(CJIS)·Security·Policy
42 Profile·ID····xccdf_org.ssgproject.content_profile_cjis42 Profile·ID····xccdf_org.ssgproject.content_profile_cjis
43 ***·CPE·Platforms·***43 ***·CPE·Platforms·***
44 ····*·cpe:/o:oracle:linux:844 ····*·cpe:/o:oracle:linux:8
45 *****·Revision·History·*****45 *****·Revision·History·*****
46 Current·version:·0.1.6546 Current·version:·0.1.65
47 ····*·draft·(as·of·2024-01-14)47 ····*·draft·(as·of·2025-02-15)
48 *****·Table·of·Contents·*****48 *****·Table·of·Contents·*****
49 ···1.·System_Settings49 ···1.·System_Settings
50 ·········1.·Installing_and_Maintaining_Software50 ·········1.·Installing_and_Maintaining_Software
51 ·········2.·Account_and_Access_Control51 ·········2.·Account_and_Access_Control
52 ·········3.·System_Accounting_with_auditd52 ·········3.·System_Accounting_with_auditd
53 ·········4.·GRUB2_bootloader_configuration53 ·········4.·GRUB2_bootloader_configuration
54 ·········5.·Network_Configuration_and_Firewalls54 ·········5.·Network_Configuration_and_Firewalls
Offset 27991, 16 lines modifiedOffset 27991, 16 lines modified
27991 ··-·no_reboot_needed27991 ··-·no_reboot_needed
  
27992 -·name:·Test·for·existence·/boot/grub2/grub.cfg27992 -·name:·Test·for·existence·/boot/grub2/grub.cfg
27993 ··stat:27993 ··stat:
27994 ····path:·/boot/grub2/grub.cfg27994 ····path:·/boot/grub2/grub.cfg
27995 ··register:·file_exists27995 ··register:·file_exists
27996 ··when:27996 ··when:
27997 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
27998 ··-·'"grub2-common"·in·ansible_facts.packages'27997 ··-·'"grub2-common"·in·ansible_facts.packages'
 27998 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
27999 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]27999 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
28000 ··tags:28000 ··tags:
28001 ··-·CJIS-5.5.2.228001 ··-·CJIS-5.5.2.2
28002 ··-·NIST-800-171-3.4.528002 ··-·NIST-800-171-3.4.5
28003 ··-·NIST-800-53-AC-6(1)28003 ··-·NIST-800-53-AC-6(1)
28004 ··-·NIST-800-53-CM-6(a)28004 ··-·NIST-800-53-CM-6(a)
28005 ··-·PCI-DSS-Req-7.128005 ··-·PCI-DSS-Req-7.1
Offset 28012, 16 lines modifiedOffset 28012, 16 lines modified
28012 ··-·no_reboot_needed28012 ··-·no_reboot_needed
  
28013 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg28013 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
28014 ··file:28014 ··file:
28015 ····path:·/boot/grub2/grub.cfg28015 ····path:·/boot/grub2/grub.cfg
28016 ····group:·'0'28016 ····group:·'0'
28017 ··when:28017 ··when:
28018 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
28019 ··-·'"grub2-common"·in·ansible_facts.packages'28018 ··-·'"grub2-common"·in·ansible_facts.packages'
 28019 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
28020 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]28020 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
28021 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists28021 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
28022 ··tags:28022 ··tags:
28023 ··-·CJIS-5.5.2.228023 ··-·CJIS-5.5.2.2
28024 ··-·NIST-800-171-3.4.528024 ··-·NIST-800-171-3.4.5
28025 ··-·NIST-800-53-AC-6(1)28025 ··-·NIST-800-53-AC-6(1)
28026 ··-·NIST-800-53-CM-6(a)28026 ··-·NIST-800-53-CM-6(a)
Offset 28033, 15 lines modifiedOffset 28033, 15 lines modified
28033 ··-·medium_severity28033 ··-·medium_severity
28034 ··-·no_reboot_needed28034 ··-·no_reboot_needed
28035 Remediation_Shell_script_⇲28035 Remediation_Shell_script_⇲
28036 Complexity:·low28036 Complexity:·low
28037 Disruption:·low28037 Disruption:·low
28038 Strategy:···configure28038 Strategy:···configure
28039 #·Remediation·is·applicable·only·in·certain·platforms28039 #·Remediation·is·applicable·only·in·certain·platforms
28040 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then28040 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
28041 chgrp·0·/boot/grub2/grub.cfg28041 chgrp·0·/boot/grub2/grub.cfg
  
28042 else28042 else
28043 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'28043 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
28044 fi28044 fi
28045 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***28045 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 28072, 16 lines modifiedOffset 28072, 16 lines modified
28072 ··-·no_reboot_needed28072 ··-·no_reboot_needed
  
28073 -·name:·Test·for·existence·/boot/grub2/grub.cfg28073 -·name:·Test·for·existence·/boot/grub2/grub.cfg
28074 ··stat:28074 ··stat:
28075 ····path:·/boot/grub2/grub.cfg28075 ····path:·/boot/grub2/grub.cfg
28076 ··register:·file_exists28076 ··register:·file_exists
28077 ··when:28077 ··when:
28078 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
28079 ··-·'"grub2-common"·in·ansible_facts.packages'28078 ··-·'"grub2-common"·in·ansible_facts.packages'
 28079 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
28080 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]28080 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
28081 ··tags:28081 ··tags:
28082 ··-·CJIS-5.5.2.228082 ··-·CJIS-5.5.2.2
28083 ··-·NIST-800-171-3.4.528083 ··-·NIST-800-171-3.4.5
28084 ··-·NIST-800-53-AC-6(1)28084 ··-·NIST-800-53-AC-6(1)
28085 ··-·NIST-800-53-CM-6(a)28085 ··-·NIST-800-53-CM-6(a)
28086 ··-·PCI-DSS-Req-7.128086 ··-·PCI-DSS-Req-7.1
Offset 28093, 16 lines modifiedOffset 28093, 16 lines modified
28093 ··-·no_reboot_needed28093 ··-·no_reboot_needed
  
28094 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg28094 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
28095 ··file:28095 ··file:
28096 ····path:·/boot/grub2/grub.cfg28096 ····path:·/boot/grub2/grub.cfg
28097 ····owner:·'0'28097 ····owner:·'0'
28098 ··when:28098 ··when:
28099 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
28100 ··-·'"grub2-common"·in·ansible_facts.packages'28099 ··-·'"grub2-common"·in·ansible_facts.packages'
 28100 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
28101 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]28101 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
28102 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists28102 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
28103 ··tags:28103 ··tags:
28104 ··-·CJIS-5.5.2.228104 ··-·CJIS-5.5.2.2
28105 ··-·NIST-800-171-3.4.528105 ··-·NIST-800-171-3.4.5
28106 ··-·NIST-800-53-AC-6(1)28106 ··-·NIST-800-53-AC-6(1)
28107 ··-·NIST-800-53-CM-6(a)28107 ··-·NIST-800-53-CM-6(a)
Offset 28114, 15 lines modifiedOffset 28114, 15 lines modified
28114 ··-·medium_severity28114 ··-·medium_severity
28115 ··-·no_reboot_needed28115 ··-·no_reboot_needed
28116 Remediation_Shell_script_⇲28116 Remediation_Shell_script_⇲
28117 Complexity:·low28117 Complexity:·low
28118 Disruption:·low28118 Disruption:·low
28119 Strategy:···configure28119 Strategy:···configure
28120 #·Remediation·is·applicable·only·in·certain·platforms28120 #·Remediation·is·applicable·only·in·certain·platforms
28121 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then28121 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
28122 chown·0·/boot/grub2/grub.cfg28122 chown·0·/boot/grub2/grub.cfg
  
28123 else28123 else
28124 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'28124 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
28125 fi28125 fi
28126 Group  ·UEFI·GRUB2·bootloader·configuration·  Group·contains·2·rules28126 Group  ·UEFI·GRUB2·bootloader·configuration·  Group·contains·2·rules
1.98 KB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-cui.html
    
Offset 14329, 16 lines modifiedOffset 14329, 16 lines modified
00037f80:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p00037f80:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p
00037f90:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version00037f90:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version
00037fa0:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.6500037fa0:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.65
00037fb0:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul00037fb0:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul
00037fc0:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra00037fc0:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra
00037fd0:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····00037fd0:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····
00037fe0:·2020·2020·2020·2020·2020·2020·2020·2020··················00037fe0:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037ff0:·2861·7320·6f66·2032·3032·342d·3031·2d31··(as·of·2024-01-100037ff0:·2861·7320·6f66·2032·3032·352d·3032·2d31··(as·of·2025-02-1
00038000:·3429·0a20·2020·2020·2020·2020·2020·2020··4).·············00038000:·3529·0a20·2020·2020·2020·2020·2020·2020··5).·············
00038010:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d00038010:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d
00038020:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·00038020:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·
00038030:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol00038030:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol
00038040:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x00038040:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x
00038050:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj00038050:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj
00038060:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou00038060:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou
00038070:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System00038070:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System
654 B
html2text {}
    
Offset 50, 15 lines modifiedOffset 50, 15 lines modified
50 Profile·Title·Unclassified·Information·in·Non-federal·Information·Systems·and50 Profile·Title·Unclassified·Information·in·Non-federal·Information·Systems·and
51 ··············Organizations·(NIST·800-171)51 ··············Organizations·(NIST·800-171)
52 Profile·ID····xccdf_org.ssgproject.content_profile_cui52 Profile·ID····xccdf_org.ssgproject.content_profile_cui
53 ***·CPE·Platforms·***53 ***·CPE·Platforms·***
54 ····*·cpe:/o:oracle:linux:854 ····*·cpe:/o:oracle:linux:8
55 *****·Revision·History·*****55 *****·Revision·History·*****
56 Current·version:·0.1.6556 Current·version:·0.1.65
57 ····*·draft·(as·of·2024-01-14)57 ····*·draft·(as·of·2025-02-15)
58 *****·Table·of·Contents·*****58 *****·Table·of·Contents·*****
59 ···1.·System_Settings59 ···1.·System_Settings
60 ·········1.·Installing_and_Maintaining_Software60 ·········1.·Installing_and_Maintaining_Software
61 ·········2.·Account_and_Access_Control61 ·········2.·Account_and_Access_Control
62 ·········3.·System_Accounting_with_auditd62 ·········3.·System_Accounting_with_auditd
63 ·········4.·GRUB2_bootloader_configuration63 ·········4.·GRUB2_bootloader_configuration
64 ·········5.·Configure_Syslog64 ·········5.·Configure_Syslog
1.83 KB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-e8.html
    
Offset 14297, 15 lines modifiedOffset 14297, 15 lines modified
00037d80:·746f·7279·3c2f·6832·3e3c·703e·4375·7272··tory</h2><p>Curr00037d80:·746f·7279·3c2f·6832·3e3c·703e·4375·7272··tory</h2><p>Curr
00037d90:·656e·7420·7665·7273·696f·6e3a·203c·7374··ent·version:·<st00037d90:·656e·7420·7665·7273·696f·6e3a·203c·7374··ent·version:·<st
00037da0:·726f·6e67·3e30·2e31·2e36·353c·2f73·7472··rong>0.1.65</str00037da0:·726f·6e67·3e30·2e31·2e36·353c·2f73·7472··rong>0.1.65</str
00037db0:·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c·693e··ong></p><ul><li>00037db0:·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c·693e··ong></p><ul><li>
00037dc0:·3c73·7472·6f6e·673e·6472·6166·743c·2f73··<strong>draft</s00037dc0:·3c73·7472·6f6e·673e·6472·6166·743c·2f73··<strong>draft</s
00037dd0:·7472·6f6e·673e·0a20·2020·2020·2020·2020··trong>.·········00037dd0:·7472·6f6e·673e·0a20·2020·2020·2020·2020··trong>.·········
00037de0:·2020·2020·2020·2020·2020·2028·6173·206f·············(as·o00037de0:·2020·2020·2020·2020·2020·2028·6173·206f·············(as·o
00037df0:·6620·3230·3234·2d30·312d·3134·290a·2020··f·2024-01-14).··00037df0:·6620·3230·3235·2d30·322d·3135·290a·2020··f·2025-02-15).··
00037e00:·2020·2020·2020·2020·2020·2020·2020·3c2f················</00037e00:·2020·2020·2020·2020·2020·2020·2020·3c2f················</
00037e10:·6c69·3e3c·2f75·6c3e·3c2f·6469·763e·3c68··li></ul></div><h00037e10:·6c69·3e3c·2f75·6c3e·3c2f·6469·763e·3c68··li></ul></div><h
00037e20:·323e·5461·626c·6520·6f66·2043·6f6e·7465··2>Table·of·Conte00037e20:·323e·5461·626c·6520·6f66·2043·6f6e·7465··2>Table·of·Conte
00037e30:·6e74·733c·2f68·323e·3c6f·6c3e·3c6c·693e··nts</h2><ol><li>00037e30:·6e74·733c·2f68·323e·3c6f·6c3e·3c6c·693e··nts</h2><ol><li>
00037e40:·3c61·2068·7265·663d·2223·7863·6364·665f··<a·href="#xccdf_00037e40:·3c61·2068·7265·663d·2223·7863·6364·665f··<a·href="#xccdf_
00037e50:·6f72·672e·7373·6770·726f·6a65·6374·2e63··org.ssgproject.c00037e50:·6f72·672e·7373·6770·726f·6a65·6374·2e63··org.ssgproject.c
00037e60:·6f6e·7465·6e74·5f67·726f·7570·5f73·7973··ontent_group_sys00037e60:·6f6e·7465·6e74·5f67·726f·7570·5f73·7973··ontent_group_sys
647 B
html2text {}
    
Offset 41, 15 lines modifiedOffset 41, 15 lines modified
41 *****·Profile·Information·*****41 *****·Profile·Information·*****
42 Profile·Title·[DRAFT]·Australian·Cyber·Security·Centre·(ACSC)·Essential·Eight42 Profile·Title·[DRAFT]·Australian·Cyber·Security·Centre·(ACSC)·Essential·Eight
43 Profile·ID····xccdf_org.ssgproject.content_profile_e843 Profile·ID····xccdf_org.ssgproject.content_profile_e8
44 ***·CPE·Platforms·***44 ***·CPE·Platforms·***
45 ····*·cpe:/o:oracle:linux:845 ····*·cpe:/o:oracle:linux:8
46 *****·Revision·History·*****46 *****·Revision·History·*****
47 Current·version:·0.1.6547 Current·version:·0.1.65
48 ····*·draft·(as·of·2024-01-14)48 ····*·draft·(as·of·2025-02-15)
49 *****·Table·of·Contents·*****49 *****·Table·of·Contents·*****
50 ···1.·System_Settings50 ···1.·System_Settings
51 ·········1.·Installing_and_Maintaining_Software51 ·········1.·Installing_and_Maintaining_Software
52 ·········2.·Account_and_Access_Control52 ·········2.·Account_and_Access_Control
53 ·········3.·System_Accounting_with_auditd53 ·········3.·System_Accounting_with_auditd
54 ·········4.·Configure_Syslog54 ·········4.·Configure_Syslog
55 ·········5.·Network_Configuration_and_Firewalls55 ·········5.·Network_Configuration_and_Firewalls
24.5 KB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-hipaa.html
    
Offset 14315, 16 lines modifiedOffset 14315, 16 lines modified
00037ea0:·6973·696f·6e20·4869·7374·6f72·793c·2f68··ision·History</h00037ea0:·6973·696f·6e20·4869·7374·6f72·793c·2f68··ision·History</h
00037eb0:·323e·3c70·3e43·7572·7265·6e74·2076·6572··2><p>Current·ver00037eb0:·323e·3c70·3e43·7572·7265·6e74·2076·6572··2><p>Current·ver
00037ec0:·7369·6f6e·3a20·3c73·7472·6f6e·673e·302e··sion:·<strong>0.00037ec0:·7369·6f6e·3a20·3c73·7472·6f6e·673e·302e··sion:·<strong>0.
00037ed0:·312e·3635·3c2f·7374·726f·6e67·3e3c·2f70··1.65</strong></p00037ed0:·312e·3635·3c2f·7374·726f·6e67·3e3c·2f70··1.65</strong></p
00037ee0:·3e3c·756c·3e3c·6c69·3e3c·7374·726f·6e67··><ul><li><strong00037ee0:·3e3c·756c·3e3c·6c69·3e3c·7374·726f·6e67··><ul><li><strong
00037ef0:·3e64·7261·6674·3c2f·7374·726f·6e67·3e0a··>draft</strong>.00037ef0:·3e64·7261·6674·3c2f·7374·726f·6e67·3e0a··>draft</strong>.
00037f00:·2020·2020·2020·2020·2020·2020·2020·2020··················00037f00:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037f10:·2020·2020·2861·7320·6f66·2032·3032·342d······(as·of·2024-00037f10:·2020·2020·2861·7320·6f66·2032·3032·352d······(as·of·2025-
00037f20:·3031·2d31·3429·0a20·2020·2020·2020·2020··01-14).·········00037f20:·3032·2d31·3529·0a20·2020·2020·2020·2020··02-15).·········
00037f30:·2020·2020·2020·203c·2f6c·693e·3c2f·756c·········</li></ul00037f30:·2020·2020·2020·203c·2f6c·693e·3c2f·756c·········</li></ul
00037f40:·3e3c·2f64·6976·3e3c·6832·3e54·6162·6c65··></div><h2>Table00037f40:·3e3c·2f64·6976·3e3c·6832·3e54·6162·6c65··></div><h2>Table
00037f50:·206f·6620·436f·6e74·656e·7473·3c2f·6832···of·Contents</h200037f50:·206f·6620·436f·6e74·656e·7473·3c2f·6832···of·Contents</h2
00037f60:·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872·6566··><ol><li><a·href00037f60:·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872·6566··><ol><li><a·href
00037f70:·3d22·2378·6363·6466·5f6f·7267·2e73·7367··="#xccdf_org.ssg00037f70:·3d22·2378·6363·6466·5f6f·7267·2e73·7367··="#xccdf_org.ssg
00037f80:·7072·6f6a·6563·742e·636f·6e74·656e·745f··project.content_00037f80:·7072·6f6a·6563·742e·636f·6e74·656e·745f··project.content_
00037f90:·6772·6f75·705f·7379·7374·656d·223e·5379··group_system">Sy00037f90:·6772·6f75·705f·7379·7374·656d·223e·5379··group_system">Sy
Offset 198764, 22 lines modifiedOffset 198764, 22 lines modified
003086b0:·6e61·6d65·3a20·5465·7374·2066·6f72·2065··name:·Test·for·e003086b0:·6e61·6d65·3a20·5465·7374·2066·6f72·2065··name:·Test·for·e
003086c0:·7869·7374·656e·6365·202f·626f·6f74·2f67··xistence·/boot/g003086c0:·7869·7374·656e·6365·202f·626f·6f74·2f67··xistence·/boot/g
003086d0:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··003086d0:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··
003086e0:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:·003086e0:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:·
003086f0:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub003086f0:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
00308700:·2e63·6667·0a20·2072·6567·6973·7465·723a··.cfg.··register:00308700:·2e63·6667·0a20·2072·6567·6973·7465·723a··.cfg.··register:
00308710:·2066·696c·655f·6578·6973·7473·0a20·2077···file_exists.··w00308710:·2066·696c·655f·6578·6973·7473·0a20·2077···file_exists.··w
00308720:·6865·6e3a·0a20·202d·2027·222f·626f·6f74··hen:.··-·'"/boot00308720:·6865·6e3a·0a20·202d·2027·2267·7275·6232··hen:.··-·'"grub2
00308730:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans 
00308740:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma 
00308750:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou 
00308760:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··- 
00308770:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common" 
00308780:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
00308790:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·00308730:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi
 00308740:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
 00308750:·6573·270a·2020·2d20·2722·2f62·6f6f·742f··es'.··-·'"/boot/
 00308760:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi
 00308770:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map
 00308780:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun
 00308790:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-·
003087a0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali003087a0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
003087b0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·003087b0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
003087c0:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l003087c0:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
003087d0:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"003087d0:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
003087e0:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai003087e0:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
003087f0:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··003087f0:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··
00308800:·2d20·434a·4953·2d35·2e35·2e32·2e32·0a20··-·CJIS-5.5.2.2.·00308800:·2d20·434a·4953·2d35·2e35·2e32·2e32·0a20··-·CJIS-5.5.2.2.·
Offset 198800, 22 lines modifiedOffset 198800, 22 lines modified
003088f0:·206e·616d·653a·2045·6e73·7572·6520·6772···name:·Ensure·gr003088f0:·206e·616d·653a·2045·6e73·7572·6520·6772···name:·Ensure·gr
00308900:·6f75·7020·6f77·6e65·7220·3020·6f6e·202f··oup·owner·0·on·/00308900:·6f75·7020·6f77·6e65·7220·3020·6f6e·202f··oup·owner·0·on·/
00308910:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.00308910:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
00308920:·6366·670a·2020·6669·6c65·3a0a·2020·2020··cfg.··file:.····00308920:·6366·670a·2020·6669·6c65·3a0a·2020·2020··cfg.··file:.····
00308930:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub00308930:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub
00308940:·322f·6772·7562·2e63·6667·0a20·2020·2067··2/grub.cfg.····g00308940:·322f·6772·7562·2e63·6667·0a20·2020·2067··2/grub.cfg.····g
00308950:·726f·7570·3a20·2730·270a·2020·7768·656e··roup:·'0'.··when00308950:·726f·7570·3a20·2730·270a·2020·7768·656e··roup:·'0'.··when
00308960:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef 
00308970:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl 
00308980:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a 
00308990:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount" 
003089a0:·2920·7c20·6c69·7374·270a·2020·2d20·2722··)·|·list'.··-·'" 
003089b0:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in 
003089c0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
003089d0:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans00308960:·3a0a·2020·2d20·2722·6772·7562·322d·636f··:.··-·'"grub2-co
 00308970:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible
 00308980:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 00308990:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi
 003089a0:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible
 003089b0:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at
 003089c0:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount")
 003089d0:·207c·206c·6973·7427·0a20·202d·2061·6e73···|·list'.··-·ans
003089e0:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat003089e0:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
003089f0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·003089f0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
00308a00:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"00308a00:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
00308a10:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod00308a10:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
00308a20:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container00308a20:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
00308a30:·225d·0a20·202d·2066·696c·655f·6578·6973··"].··-·file_exis00308a30:·225d·0a20·202d·2066·696c·655f·6578·6973··"].··-·file_exis
00308a40:·7473·2e73·7461·7420·6973·2064·6566·696e··ts.stat·is·defin00308a40:·7473·2e73·7461·7420·6973·2064·6566·696e··ts.stat·is·defin
Offset 198865, 19 lines modifiedOffset 198865, 19 lines modified
00308d00:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str00308d00:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str
00308d10:·6174·6567·793a·3c2f·7468·3e3c·7464·3e63··ategy:</th><td>c00308d10:·6174·6567·793a·3c2f·7468·3e3c·7464·3e63··ategy:</th><td>c
00308d20:·6f6e·6669·6775·7265·3c2f·7464·3e3c·2f74··onfigure</td></t00308d20:·6f6e·6669·6775·7265·3c2f·7464·3e3c·2f74··onfigure</td></t
00308d30:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><00308d30:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><
00308d40:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati00308d40:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati
00308d50:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable00308d50:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable
00308d60:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain00308d60:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain
00308d70:·2070·6c61·7466·6f72·6d73·0a69·6620·5b20···platforms.if·[·00308d70:·2070·6c61·7466·6f72·6d73·0a69·6620·7270···platforms.if·rp
00308d80:·2120·2d66·202f·7379·732f·6669·726d·7761··!·-f·/sys/firmwa 
00308d90:·7265·2f65·6669·205d·2026·616d·703b·2661··re/efi·]·&amp;&a 
00308da0:·6d70·3b20·7270·6d20·2d2d·7175·6965·7420··mp;·rpm·--quiet· 
00308db0:·2d71·2067·7275·6232·2d63·6f6d·6d6f·6e20··-q·grub2-common·00308d80:·6d20·2d2d·7175·6965·7420·2d71·2067·7275··m·--quiet·-q·gru
 00308d90:·6232·2d63·6f6d·6d6f·6e20·2661·6d70·3b26··b2-common·&amp;&
 00308da0:·616d·703b·205b·2021·202d·6620·2f73·7973··amp;·[·!·-f·/sys
 00308db0:·2f66·6972·6d77·6172·652f·6566·6920·5d20··/firmware/efi·]·
00308dc0:·2661·6d70·3b26·616d·703b·207b·205b·2021··&amp;&amp;·{·[·!00308dc0:·2661·6d70·3b26·616d·703b·207b·205b·2021··&amp;&amp;·{·[·!
00308dd0:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·00308dd0:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·
00308de0:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!00308de0:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!
00308df0:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai00308df0:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai
00308e00:·6e65·7265·6e76·205d·3b20·7d3b·2074·6865··nerenv·];·};·the00308e00:·6e65·7265·6e76·205d·3b20·7d3b·2074·6865··nerenv·];·};·the
00308e10:·6e0a·0a63·6867·7270·2030·202f·626f·6f74··n..chgrp·0·/boot00308e10:·6e0a·0a63·6867·7270·2030·202f·626f·6f74··n..chgrp·0·/boot
00308e20:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.00308e20:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.
Offset 199339, 22 lines modifiedOffset 199339, 22 lines modified
0030aaa0:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis0030aaa0:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis
0030aab0:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub0030aab0:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub
0030aac0:·322f·6772·7562·2e63·6667·0a20·2073·7461··2/grub.cfg.··sta0030aac0:·322f·6772·7562·2e63·6667·0a20·2073·7461··2/grub.cfg.··sta
0030aad0:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo0030aad0:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo
0030aae0:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf0030aae0:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
0030aaf0:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi0030aaf0:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi
0030ab00:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when0030ab00:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when
0030ab10:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef 
0030ab20:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl 
0030ab30:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a 
0030ab40:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount" 
0030ab50:·2920·7c20·6c69·7374·270a·2020·2d20·2722··)·|·list'.··-·'" 
0030ab60:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in 
0030ab70:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
0030ab80:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans0030ab10:·3a0a·2020·2d20·2722·6772·7562·322d·636f··:.··-·'"grub2-co
 0030ab20:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible
 0030ab30:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 0030ab40:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi
 0030ab50:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible
 0030ab60:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at
 0030ab70:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount")
 0030ab80:·207c·206c·6973·7427·0a20·202d·2061·6e73···|·list'.··-·ans
0030ab90:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat0030ab90:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
0030aba0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·0030aba0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
0030abb0:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"0030abb0:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
0030abc0:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod0030abc0:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
0030abd0:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container0030abd0:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
0030abe0:·225d·0a20·2074·6167·733a·0a20·202d·2043··"].··tags:.··-·C0030abe0:·225d·0a20·2074·6167·733a·0a20·202d·2043··"].··tags:.··-·C
Max diff block lines reached; 9524/18770 bytes (50.74%) of diff not shown.
6.06 KB
html2text {}
    
Offset 46, 15 lines modifiedOffset 46, 15 lines modified
46 *****·Profile·Information·*****46 *****·Profile·Information·*****
47 Profile·Title·Health·Insurance·Portability·and·Accountability·Act·(HIPAA)47 Profile·Title·Health·Insurance·Portability·and·Accountability·Act·(HIPAA)
48 Profile·ID····xccdf_org.ssgproject.content_profile_hipaa48 Profile·ID····xccdf_org.ssgproject.content_profile_hipaa
49 ***·CPE·Platforms·***49 ***·CPE·Platforms·***
50 ····*·cpe:/o:oracle:linux:850 ····*·cpe:/o:oracle:linux:8
51 *****·Revision·History·*****51 *****·Revision·History·*****
52 Current·version:·0.1.6552 Current·version:·0.1.65
53 ····*·draft·(as·of·2024-01-14)53 ····*·draft·(as·of·2025-02-15)
54 *****·Table·of·Contents·*****54 *****·Table·of·Contents·*****
55 ···1.·System_Settings55 ···1.·System_Settings
56 ·········1.·Installing_and_Maintaining_Software56 ·········1.·Installing_and_Maintaining_Software
57 ·········2.·Account_and_Access_Control57 ·········2.·Account_and_Access_Control
58 ·········3.·System_Accounting_with_auditd58 ·········3.·System_Accounting_with_auditd
59 ·········4.·GRUB2_bootloader_configuration59 ·········4.·GRUB2_bootloader_configuration
60 ·········5.·Configure_Syslog60 ·········5.·Configure_Syslog
Offset 47712, 16 lines modifiedOffset 47712, 16 lines modified
47712 ··-·no_reboot_needed47712 ··-·no_reboot_needed
  
47713 -·name:·Test·for·existence·/boot/grub2/grub.cfg47713 -·name:·Test·for·existence·/boot/grub2/grub.cfg
47714 ··stat:47714 ··stat:
47715 ····path:·/boot/grub2/grub.cfg47715 ····path:·/boot/grub2/grub.cfg
47716 ··register:·file_exists47716 ··register:·file_exists
47717 ··when:47717 ··when:
47718 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
47719 ··-·'"grub2-common"·in·ansible_facts.packages'47718 ··-·'"grub2-common"·in·ansible_facts.packages'
 47719 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
47720 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]47720 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
47721 ··tags:47721 ··tags:
47722 ··-·CJIS-5.5.2.247722 ··-·CJIS-5.5.2.2
47723 ··-·NIST-800-171-3.4.547723 ··-·NIST-800-171-3.4.5
47724 ··-·NIST-800-53-AC-6(1)47724 ··-·NIST-800-53-AC-6(1)
47725 ··-·NIST-800-53-CM-6(a)47725 ··-·NIST-800-53-CM-6(a)
47726 ··-·PCI-DSS-Req-7.147726 ··-·PCI-DSS-Req-7.1
Offset 47733, 16 lines modifiedOffset 47733, 16 lines modified
47733 ··-·no_reboot_needed47733 ··-·no_reboot_needed
  
47734 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg47734 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
47735 ··file:47735 ··file:
47736 ····path:·/boot/grub2/grub.cfg47736 ····path:·/boot/grub2/grub.cfg
47737 ····group:·'0'47737 ····group:·'0'
47738 ··when:47738 ··when:
47739 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
47740 ··-·'"grub2-common"·in·ansible_facts.packages'47739 ··-·'"grub2-common"·in·ansible_facts.packages'
 47740 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
47741 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]47741 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
47742 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists47742 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
47743 ··tags:47743 ··tags:
47744 ··-·CJIS-5.5.2.247744 ··-·CJIS-5.5.2.2
47745 ··-·NIST-800-171-3.4.547745 ··-·NIST-800-171-3.4.5
47746 ··-·NIST-800-53-AC-6(1)47746 ··-·NIST-800-53-AC-6(1)
47747 ··-·NIST-800-53-CM-6(a)47747 ··-·NIST-800-53-CM-6(a)
Offset 47754, 15 lines modifiedOffset 47754, 15 lines modified
47754 ··-·medium_severity47754 ··-·medium_severity
47755 ··-·no_reboot_needed47755 ··-·no_reboot_needed
47756 Remediation_Shell_script_⇲47756 Remediation_Shell_script_⇲
47757 Complexity:·low47757 Complexity:·low
47758 Disruption:·low47758 Disruption:·low
47759 Strategy:···configure47759 Strategy:···configure
47760 #·Remediation·is·applicable·only·in·certain·platforms47760 #·Remediation·is·applicable·only·in·certain·platforms
47761 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then47761 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
47762 chgrp·0·/boot/grub2/grub.cfg47762 chgrp·0·/boot/grub2/grub.cfg
  
47763 else47763 else
47764 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'47764 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
47765 fi47765 fi
47766 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***47766 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 47793, 16 lines modifiedOffset 47793, 16 lines modified
47793 ··-·no_reboot_needed47793 ··-·no_reboot_needed
  
47794 -·name:·Test·for·existence·/boot/grub2/grub.cfg47794 -·name:·Test·for·existence·/boot/grub2/grub.cfg
47795 ··stat:47795 ··stat:
47796 ····path:·/boot/grub2/grub.cfg47796 ····path:·/boot/grub2/grub.cfg
47797 ··register:·file_exists47797 ··register:·file_exists
47798 ··when:47798 ··when:
47799 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
47800 ··-·'"grub2-common"·in·ansible_facts.packages'47799 ··-·'"grub2-common"·in·ansible_facts.packages'
 47800 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
47801 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]47801 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
47802 ··tags:47802 ··tags:
47803 ··-·CJIS-5.5.2.247803 ··-·CJIS-5.5.2.2
47804 ··-·NIST-800-171-3.4.547804 ··-·NIST-800-171-3.4.5
47805 ··-·NIST-800-53-AC-6(1)47805 ··-·NIST-800-53-AC-6(1)
47806 ··-·NIST-800-53-CM-6(a)47806 ··-·NIST-800-53-CM-6(a)
47807 ··-·PCI-DSS-Req-7.147807 ··-·PCI-DSS-Req-7.1
Offset 47814, 16 lines modifiedOffset 47814, 16 lines modified
47814 ··-·no_reboot_needed47814 ··-·no_reboot_needed
  
47815 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg47815 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
47816 ··file:47816 ··file:
47817 ····path:·/boot/grub2/grub.cfg47817 ····path:·/boot/grub2/grub.cfg
47818 ····owner:·'0'47818 ····owner:·'0'
47819 ··when:47819 ··when:
47820 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
47821 ··-·'"grub2-common"·in·ansible_facts.packages'47820 ··-·'"grub2-common"·in·ansible_facts.packages'
 47821 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
47822 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]47822 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
47823 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists47823 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
47824 ··tags:47824 ··tags:
47825 ··-·CJIS-5.5.2.247825 ··-·CJIS-5.5.2.2
47826 ··-·NIST-800-171-3.4.547826 ··-·NIST-800-171-3.4.5
47827 ··-·NIST-800-53-AC-6(1)47827 ··-·NIST-800-53-AC-6(1)
47828 ··-·NIST-800-53-CM-6(a)47828 ··-·NIST-800-53-CM-6(a)
Offset 47835, 15 lines modifiedOffset 47835, 15 lines modified
47835 ··-·medium_severity47835 ··-·medium_severity
47836 ··-·no_reboot_needed47836 ··-·no_reboot_needed
47837 Remediation_Shell_script_⇲47837 Remediation_Shell_script_⇲
47838 Complexity:·low47838 Complexity:·low
47839 Disruption:·low47839 Disruption:·low
47840 Strategy:···configure47840 Strategy:···configure
47841 #·Remediation·is·applicable·only·in·certain·platforms47841 #·Remediation·is·applicable·only·in·certain·platforms
47842 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then47842 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
47843 chown·0·/boot/grub2/grub.cfg47843 chown·0·/boot/grub2/grub.cfg
  
47844 else47844 else
47845 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'47845 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
47846 fi47846 fi
47847 ***·Rule  ·Verify·/boot/grub2/grub.cfg·Permissions·  [ref]·***47847 ***·Rule  ·Verify·/boot/grub2/grub.cfg·Permissions·  [ref]·***
Offset 47872, 16 lines modifiedOffset 47872, 16 lines modified
47872 ··-·no_reboot_needed47872 ··-·no_reboot_needed
  
47873 -·name:·Test·for·existence·/boot/grub2/grub.cfg47873 -·name:·Test·for·existence·/boot/grub2/grub.cfg
47874 ··stat:47874 ··stat:
47875 ····path:·/boot/grub2/grub.cfg47875 ····path:·/boot/grub2/grub.cfg
47876 ··register:·file_exists47876 ··register:·file_exists
47877 ··when:47877 ··when:
Max diff block lines reached; 1604/6183 bytes (25.94%) of diff not shown.
1.97 KB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-ospp.html
    
Offset 14304, 16 lines modifiedOffset 14304, 16 lines modified
00037df0:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p00037df0:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p
00037e00:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version00037e00:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version
00037e10:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.6500037e10:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.65
00037e20:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul00037e20:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul
00037e30:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra00037e30:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra
00037e40:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····00037e40:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····
00037e50:·2020·2020·2020·2020·2020·2020·2020·2020··················00037e50:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037e60:·2861·7320·6f66·2032·3032·342d·3031·2d31··(as·of·2024-01-100037e60:·2861·7320·6f66·2032·3032·352d·3032·2d31··(as·of·2025-02-1
00037e70:·3429·0a20·2020·2020·2020·2020·2020·2020··4).·············00037e70:·3529·0a20·2020·2020·2020·2020·2020·2020··5).·············
00037e80:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d00037e80:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d
00037e90:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·00037e90:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·
00037ea0:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol00037ea0:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol
00037eb0:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x00037eb0:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x
00037ec0:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj00037ec0:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj
00037ed0:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou00037ed0:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou
00037ee0:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System00037ee0:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System
645 B
html2text {}
    
Offset 43, 15 lines modifiedOffset 43, 15 lines modified
43 *****·Profile·Information·*****43 *****·Profile·Information·*****
44 Profile·Title·[DRAFT]·Protection·Profile·for·General·Purpose·Operating·Systems44 Profile·Title·[DRAFT]·Protection·Profile·for·General·Purpose·Operating·Systems
45 Profile·ID····xccdf_org.ssgproject.content_profile_ospp45 Profile·ID····xccdf_org.ssgproject.content_profile_ospp
46 ***·CPE·Platforms·***46 ***·CPE·Platforms·***
47 ····*·cpe:/o:oracle:linux:847 ····*·cpe:/o:oracle:linux:8
48 *****·Revision·History·*****48 *****·Revision·History·*****
49 Current·version:·0.1.6549 Current·version:·0.1.65
50 ····*·draft·(as·of·2024-01-14)50 ····*·draft·(as·of·2025-02-15)
51 *****·Table·of·Contents·*****51 *****·Table·of·Contents·*****
52 ···1.·System_Settings52 ···1.·System_Settings
53 ·········1.·Installing_and_Maintaining_Software53 ·········1.·Installing_and_Maintaining_Software
54 ·········2.·Account_and_Access_Control54 ·········2.·Account_and_Access_Control
55 ·········3.·System_Accounting_with_auditd55 ·········3.·System_Accounting_with_auditd
56 ·········4.·GRUB2_bootloader_configuration56 ·········4.·GRUB2_bootloader_configuration
57 ·········5.·Configure_Syslog57 ·········5.·Configure_Syslog
17.0 KB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-pci-dss.html
    
Offset 14280, 16 lines modifiedOffset 14280, 16 lines modified
00037c70:·696f·6e20·4869·7374·6f72·793c·2f68·323e··ion·History</h2>00037c70:·696f·6e20·4869·7374·6f72·793c·2f68·323e··ion·History</h2>
00037c80:·3c70·3e43·7572·7265·6e74·2076·6572·7369··<p>Current·versi00037c80:·3c70·3e43·7572·7265·6e74·2076·6572·7369··<p>Current·versi
00037c90:·6f6e·3a20·3c73·7472·6f6e·673e·302e·312e··on:·<strong>0.1.00037c90:·6f6e·3a20·3c73·7472·6f6e·673e·302e·312e··on:·<strong>0.1.
00037ca0:·3635·3c2f·7374·726f·6e67·3e3c·2f70·3e3c··65</strong></p><00037ca0:·3635·3c2f·7374·726f·6e67·3e3c·2f70·3e3c··65</strong></p><
00037cb0:·756c·3e3c·6c69·3e3c·7374·726f·6e67·3e64··ul><li><strong>d00037cb0:·756c·3e3c·6c69·3e3c·7374·726f·6e67·3e64··ul><li><strong>d
00037cc0:·7261·6674·3c2f·7374·726f·6e67·3e0a·2020··raft</strong>.··00037cc0:·7261·6674·3c2f·7374·726f·6e67·3e0a·2020··raft</strong>.··
00037cd0:·2020·2020·2020·2020·2020·2020·2020·2020··················00037cd0:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037ce0:·2020·2861·7320·6f66·2032·3032·342d·3031····(as·of·2024-0100037ce0:·2020·2861·7320·6f66·2032·3032·352d·3032····(as·of·2025-02
00037cf0:·2d31·3429·0a20·2020·2020·2020·2020·2020··-14).···········00037cf0:·2d31·3529·0a20·2020·2020·2020·2020·2020··-15).···········
00037d00:·2020·2020·203c·2f6c·693e·3c2f·756c·3e3c·······</li></ul><00037d00:·2020·2020·203c·2f6c·693e·3c2f·756c·3e3c·······</li></ul><
00037d10:·2f64·6976·3e3c·6832·3e54·6162·6c65·206f··/div><h2>Table·o00037d10:·2f64·6976·3e3c·6832·3e54·6162·6c65·206f··/div><h2>Table·o
00037d20:·6620·436f·6e74·656e·7473·3c2f·6832·3e3c··f·Contents</h2><00037d20:·6620·436f·6e74·656e·7473·3c2f·6832·3e3c··f·Contents</h2><
00037d30:·6f6c·3e3c·6c69·3e3c·6120·6872·6566·3d22··ol><li><a·href="00037d30:·6f6c·3e3c·6c69·3e3c·6120·6872·6566·3d22··ol><li><a·href="
00037d40:·2378·6363·6466·5f6f·7267·2e73·7367·7072··#xccdf_org.ssgpr00037d40:·2378·6363·6466·5f6f·7267·2e73·7367·7072··#xccdf_org.ssgpr
00037d50:·6f6a·6563·742e·636f·6e74·656e·745f·6772··oject.content_gr00037d50:·6f6a·6563·742e·636f·6e74·656e·745f·6772··oject.content_gr
00037d60:·6f75·705f·7379·7374·656d·223e·5379·7374··oup_system">Syst00037d60:·6f75·705f·7379·7374·656d·223e·5379·7374··oup_system">Syst
Offset 188545, 22 lines modifiedOffset 188545, 22 lines modified
002e0800:·6e61·6d65·3a20·5465·7374·2066·6f72·2065··name:·Test·for·e002e0800:·6e61·6d65·3a20·5465·7374·2066·6f72·2065··name:·Test·for·e
002e0810:·7869·7374·656e·6365·202f·626f·6f74·2f67··xistence·/boot/g002e0810:·7869·7374·656e·6365·202f·626f·6f74·2f67··xistence·/boot/g
002e0820:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··002e0820:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··
002e0830:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:·002e0830:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:·
002e0840:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub002e0840:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
002e0850:·2e63·6667·0a20·2072·6567·6973·7465·723a··.cfg.··register:002e0850:·2e63·6667·0a20·2072·6567·6973·7465·723a··.cfg.··register:
002e0860:·2066·696c·655f·6578·6973·7473·0a20·2077···file_exists.··w002e0860:·2066·696c·655f·6578·6973·7473·0a20·2077···file_exists.··w
002e0870:·6865·6e3a·0a20·202d·2027·222f·626f·6f74··hen:.··-·'"/boot002e0870:·6865·6e3a·0a20·202d·2027·2267·7275·6232··hen:.··-·'"grub2
002e0880:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans 
002e0890:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma 
002e08a0:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou 
002e08b0:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··- 
002e08c0:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common" 
002e08d0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
002e08e0:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·002e0880:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi
 002e0890:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
 002e08a0:·6573·270a·2020·2d20·2722·2f62·6f6f·742f··es'.··-·'"/boot/
 002e08b0:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi
 002e08c0:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map
 002e08d0:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun
 002e08e0:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-·
002e08f0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali002e08f0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
002e0900:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·002e0900:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
002e0910:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l002e0910:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
002e0920:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"002e0920:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
002e0930:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai002e0930:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
002e0940:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··002e0940:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··
002e0950:·2d20·434a·4953·2d35·2e35·2e32·2e32·0a20··-·CJIS-5.5.2.2.·002e0950:·2d20·434a·4953·2d35·2e35·2e32·2e32·0a20··-·CJIS-5.5.2.2.·
Offset 188581, 22 lines modifiedOffset 188581, 22 lines modified
002e0a40:·206e·616d·653a·2045·6e73·7572·6520·6772···name:·Ensure·gr002e0a40:·206e·616d·653a·2045·6e73·7572·6520·6772···name:·Ensure·gr
002e0a50:·6f75·7020·6f77·6e65·7220·3020·6f6e·202f··oup·owner·0·on·/002e0a50:·6f75·7020·6f77·6e65·7220·3020·6f6e·202f··oup·owner·0·on·/
002e0a60:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.002e0a60:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
002e0a70:·6366·670a·2020·6669·6c65·3a0a·2020·2020··cfg.··file:.····002e0a70:·6366·670a·2020·6669·6c65·3a0a·2020·2020··cfg.··file:.····
002e0a80:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub002e0a80:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub
002e0a90:·322f·6772·7562·2e63·6667·0a20·2020·2067··2/grub.cfg.····g002e0a90:·322f·6772·7562·2e63·6667·0a20·2020·2067··2/grub.cfg.····g
002e0aa0:·726f·7570·3a20·2730·270a·2020·7768·656e··roup:·'0'.··when002e0aa0:·726f·7570·3a20·2730·270a·2020·7768·656e··roup:·'0'.··when
002e0ab0:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef 
002e0ac0:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl 
002e0ad0:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a 
002e0ae0:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount" 
002e0af0:·2920·7c20·6c69·7374·270a·2020·2d20·2722··)·|·list'.··-·'" 
002e0b00:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in 
002e0b10:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
002e0b20:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans002e0ab0:·3a0a·2020·2d20·2722·6772·7562·322d·636f··:.··-·'"grub2-co
 002e0ac0:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible
 002e0ad0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 002e0ae0:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi
 002e0af0:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible
 002e0b00:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at
 002e0b10:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount")
 002e0b20:·207c·206c·6973·7427·0a20·202d·2061·6e73···|·list'.··-·ans
002e0b30:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat002e0b30:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
002e0b40:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·002e0b40:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
002e0b50:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"002e0b50:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
002e0b60:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod002e0b60:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
002e0b70:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container002e0b70:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
002e0b80:·225d·0a20·202d·2066·696c·655f·6578·6973··"].··-·file_exis002e0b80:·225d·0a20·202d·2066·696c·655f·6578·6973··"].··-·file_exis
002e0b90:·7473·2e73·7461·7420·6973·2064·6566·696e··ts.stat·is·defin002e0b90:·7473·2e73·7461·7420·6973·2064·6566·696e··ts.stat·is·defin
Offset 188646, 19 lines modifiedOffset 188646, 19 lines modified
002e0e50:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str002e0e50:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str
002e0e60:·6174·6567·793a·3c2f·7468·3e3c·7464·3e63··ategy:</th><td>c002e0e60:·6174·6567·793a·3c2f·7468·3e3c·7464·3e63··ategy:</th><td>c
002e0e70:·6f6e·6669·6775·7265·3c2f·7464·3e3c·2f74··onfigure</td></t002e0e70:·6f6e·6669·6775·7265·3c2f·7464·3e3c·2f74··onfigure</td></t
002e0e80:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><002e0e80:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><
002e0e90:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati002e0e90:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati
002e0ea0:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable002e0ea0:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable
002e0eb0:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain002e0eb0:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain
002e0ec0:·2070·6c61·7466·6f72·6d73·0a69·6620·5b20···platforms.if·[·002e0ec0:·2070·6c61·7466·6f72·6d73·0a69·6620·7270···platforms.if·rp
002e0ed0:·2120·2d66·202f·7379·732f·6669·726d·7761··!·-f·/sys/firmwa 
002e0ee0:·7265·2f65·6669·205d·2026·616d·703b·2661··re/efi·]·&amp;&a 
002e0ef0:·6d70·3b20·7270·6d20·2d2d·7175·6965·7420··mp;·rpm·--quiet· 
002e0f00:·2d71·2067·7275·6232·2d63·6f6d·6d6f·6e20··-q·grub2-common·002e0ed0:·6d20·2d2d·7175·6965·7420·2d71·2067·7275··m·--quiet·-q·gru
 002e0ee0:·6232·2d63·6f6d·6d6f·6e20·2661·6d70·3b26··b2-common·&amp;&
 002e0ef0:·616d·703b·205b·2021·202d·6620·2f73·7973··amp;·[·!·-f·/sys
 002e0f00:·2f66·6972·6d77·6172·652f·6566·6920·5d20··/firmware/efi·]·
002e0f10:·2661·6d70·3b26·616d·703b·207b·205b·2021··&amp;&amp;·{·[·!002e0f10:·2661·6d70·3b26·616d·703b·207b·205b·2021··&amp;&amp;·{·[·!
002e0f20:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·002e0f20:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·
002e0f30:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!002e0f30:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!
002e0f40:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai002e0f40:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai
002e0f50:·6e65·7265·6e76·205d·3b20·7d3b·2074·6865··nerenv·];·};·the002e0f50:·6e65·7265·6e76·205d·3b20·7d3b·2074·6865··nerenv·];·};·the
002e0f60:·6e0a·0a63·6867·7270·2030·202f·626f·6f74··n..chgrp·0·/boot002e0f60:·6e0a·0a63·6867·7270·2030·202f·626f·6f74··n..chgrp·0·/boot
002e0f70:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.002e0f70:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.
Offset 189120, 22 lines modifiedOffset 189120, 22 lines modified
002e2bf0:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis002e2bf0:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis
002e2c00:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub002e2c00:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub
002e2c10:·322f·6772·7562·2e63·6667·0a20·2073·7461··2/grub.cfg.··sta002e2c10:·322f·6772·7562·2e63·6667·0a20·2073·7461··2/grub.cfg.··sta
002e2c20:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo002e2c20:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo
002e2c30:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf002e2c30:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
002e2c40:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi002e2c40:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi
002e2c50:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when002e2c50:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when
002e2c60:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef 
002e2c70:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl 
002e2c80:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a 
002e2c90:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount" 
002e2ca0:·2920·7c20·6c69·7374·270a·2020·2d20·2722··)·|·list'.··-·'" 
002e2cb0:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in 
002e2cc0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
002e2cd0:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans002e2c60:·3a0a·2020·2d20·2722·6772·7562·322d·636f··:.··-·'"grub2-co
 002e2c70:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible
 002e2c80:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 002e2c90:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi
 002e2ca0:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible
 002e2cb0:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at
 002e2cc0:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount")
 002e2cd0:·207c·206c·6973·7427·0a20·202d·2061·6e73···|·list'.··-·ans
002e2ce0:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat002e2ce0:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
002e2cf0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·002e2cf0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
002e2d00:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"002e2d00:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
002e2d10:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod002e2d10:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
002e2d20:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container002e2d20:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
002e2d30:·225d·0a20·2074·6167·733a·0a20·202d·2043··"].··tags:.··-·C002e2d30:·225d·0a20·2074·6167·733a·0a20·202d·2043··"].··tags:.··-·C
Max diff block lines reached; 3782/13028 bytes (29.03%) of diff not shown.
4.21 KB
html2text {}
    
Offset 37, 15 lines modifiedOffset 37, 15 lines modified
37 *****·Profile·Information·*****37 *****·Profile·Information·*****
38 Profile·Title·PCI-DSS·v3.2.1·Control·Baseline·Draft·for·Oracle·Linux·838 Profile·Title·PCI-DSS·v3.2.1·Control·Baseline·Draft·for·Oracle·Linux·8
39 Profile·ID····xccdf_org.ssgproject.content_profile_pci-dss39 Profile·ID····xccdf_org.ssgproject.content_profile_pci-dss
40 ***·CPE·Platforms·***40 ***·CPE·Platforms·***
41 ····*·cpe:/o:oracle:linux:841 ····*·cpe:/o:oracle:linux:8
42 *****·Revision·History·*****42 *****·Revision·History·*****
43 Current·version:·0.1.6543 Current·version:·0.1.65
44 ····*·draft·(as·of·2024-01-14)44 ····*·draft·(as·of·2025-02-15)
45 *****·Table·of·Contents·*****45 *****·Table·of·Contents·*****
46 ···1.·System_Settings46 ···1.·System_Settings
47 ·········1.·Installing_and_Maintaining_Software47 ·········1.·Installing_and_Maintaining_Software
48 ·········2.·Account_and_Access_Control48 ·········2.·Account_and_Access_Control
49 ·········3.·System_Accounting_with_auditd49 ·········3.·System_Accounting_with_auditd
50 ·········4.·GRUB2_bootloader_configuration50 ·········4.·GRUB2_bootloader_configuration
51 ·········5.·Configure_Syslog51 ·········5.·Configure_Syslog
Offset 43711, 16 lines modifiedOffset 43711, 16 lines modified
43711 ··-·no_reboot_needed43711 ··-·no_reboot_needed
  
43712 -·name:·Test·for·existence·/boot/grub2/grub.cfg43712 -·name:·Test·for·existence·/boot/grub2/grub.cfg
43713 ··stat:43713 ··stat:
43714 ····path:·/boot/grub2/grub.cfg43714 ····path:·/boot/grub2/grub.cfg
43715 ··register:·file_exists43715 ··register:·file_exists
43716 ··when:43716 ··when:
43717 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
43718 ··-·'"grub2-common"·in·ansible_facts.packages'43717 ··-·'"grub2-common"·in·ansible_facts.packages'
 43718 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
43719 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]43719 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
43720 ··tags:43720 ··tags:
43721 ··-·CJIS-5.5.2.243721 ··-·CJIS-5.5.2.2
43722 ··-·NIST-800-171-3.4.543722 ··-·NIST-800-171-3.4.5
43723 ··-·NIST-800-53-AC-6(1)43723 ··-·NIST-800-53-AC-6(1)
43724 ··-·NIST-800-53-CM-6(a)43724 ··-·NIST-800-53-CM-6(a)
43725 ··-·PCI-DSS-Req-7.143725 ··-·PCI-DSS-Req-7.1
Offset 43732, 16 lines modifiedOffset 43732, 16 lines modified
43732 ··-·no_reboot_needed43732 ··-·no_reboot_needed
  
43733 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg43733 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
43734 ··file:43734 ··file:
43735 ····path:·/boot/grub2/grub.cfg43735 ····path:·/boot/grub2/grub.cfg
43736 ····group:·'0'43736 ····group:·'0'
43737 ··when:43737 ··when:
43738 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
43739 ··-·'"grub2-common"·in·ansible_facts.packages'43738 ··-·'"grub2-common"·in·ansible_facts.packages'
 43739 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
43740 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]43740 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
43741 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists43741 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
43742 ··tags:43742 ··tags:
43743 ··-·CJIS-5.5.2.243743 ··-·CJIS-5.5.2.2
43744 ··-·NIST-800-171-3.4.543744 ··-·NIST-800-171-3.4.5
43745 ··-·NIST-800-53-AC-6(1)43745 ··-·NIST-800-53-AC-6(1)
43746 ··-·NIST-800-53-CM-6(a)43746 ··-·NIST-800-53-CM-6(a)
Offset 43753, 15 lines modifiedOffset 43753, 15 lines modified
43753 ··-·medium_severity43753 ··-·medium_severity
43754 ··-·no_reboot_needed43754 ··-·no_reboot_needed
43755 Remediation_Shell_script_⇲43755 Remediation_Shell_script_⇲
43756 Complexity:·low43756 Complexity:·low
43757 Disruption:·low43757 Disruption:·low
43758 Strategy:···configure43758 Strategy:···configure
43759 #·Remediation·is·applicable·only·in·certain·platforms43759 #·Remediation·is·applicable·only·in·certain·platforms
43760 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then43760 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
43761 chgrp·0·/boot/grub2/grub.cfg43761 chgrp·0·/boot/grub2/grub.cfg
  
43762 else43762 else
43763 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'43763 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
43764 fi43764 fi
43765 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***43765 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 43792, 16 lines modifiedOffset 43792, 16 lines modified
43792 ··-·no_reboot_needed43792 ··-·no_reboot_needed
  
43793 -·name:·Test·for·existence·/boot/grub2/grub.cfg43793 -·name:·Test·for·existence·/boot/grub2/grub.cfg
43794 ··stat:43794 ··stat:
43795 ····path:·/boot/grub2/grub.cfg43795 ····path:·/boot/grub2/grub.cfg
43796 ··register:·file_exists43796 ··register:·file_exists
43797 ··when:43797 ··when:
43798 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
43799 ··-·'"grub2-common"·in·ansible_facts.packages'43798 ··-·'"grub2-common"·in·ansible_facts.packages'
 43799 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
43800 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]43800 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
43801 ··tags:43801 ··tags:
43802 ··-·CJIS-5.5.2.243802 ··-·CJIS-5.5.2.2
43803 ··-·NIST-800-171-3.4.543803 ··-·NIST-800-171-3.4.5
43804 ··-·NIST-800-53-AC-6(1)43804 ··-·NIST-800-53-AC-6(1)
43805 ··-·NIST-800-53-CM-6(a)43805 ··-·NIST-800-53-CM-6(a)
43806 ··-·PCI-DSS-Req-7.143806 ··-·PCI-DSS-Req-7.1
Offset 43813, 16 lines modifiedOffset 43813, 16 lines modified
43813 ··-·no_reboot_needed43813 ··-·no_reboot_needed
  
43814 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg43814 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
43815 ··file:43815 ··file:
43816 ····path:·/boot/grub2/grub.cfg43816 ····path:·/boot/grub2/grub.cfg
43817 ····owner:·'0'43817 ····owner:·'0'
43818 ··when:43818 ··when:
43819 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
43820 ··-·'"grub2-common"·in·ansible_facts.packages'43819 ··-·'"grub2-common"·in·ansible_facts.packages'
 43820 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
43821 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]43821 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
43822 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists43822 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
43823 ··tags:43823 ··tags:
43824 ··-·CJIS-5.5.2.243824 ··-·CJIS-5.5.2.2
43825 ··-·NIST-800-171-3.4.543825 ··-·NIST-800-171-3.4.5
43826 ··-·NIST-800-53-AC-6(1)43826 ··-·NIST-800-53-AC-6(1)
43827 ··-·NIST-800-53-CM-6(a)43827 ··-·NIST-800-53-CM-6(a)
Offset 43834, 15 lines modifiedOffset 43834, 15 lines modified
43834 ··-·medium_severity43834 ··-·medium_severity
43835 ··-·no_reboot_needed43835 ··-·no_reboot_needed
43836 Remediation_Shell_script_⇲43836 Remediation_Shell_script_⇲
43837 Complexity:·low43837 Complexity:·low
43838 Disruption:·low43838 Disruption:·low
43839 Strategy:···configure43839 Strategy:···configure
43840 #·Remediation·is·applicable·only·in·certain·platforms43840 #·Remediation·is·applicable·only·in·certain·platforms
43841 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then43841 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
43842 chown·0·/boot/grub2/grub.cfg43842 chown·0·/boot/grub2/grub.cfg
  
43843 else43843 else
43844 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'43844 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
43845 fi43845 fi
43846 Group  ·UEFI·GRUB2·bootloader·configuration·  Group·contains·2·rules43846 Group  ·UEFI·GRUB2·bootloader·configuration·  Group·contains·2·rules
1.83 KB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-standard.html
    
Offset 14285, 15 lines modifiedOffset 14285, 15 lines modified
00037cc0:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C00037cc0:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C
00037cd0:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·00037cd0:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·
00037ce0:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</00037ce0:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</
00037cf0:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><00037cf0:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><
00037d00:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft00037d00:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft
00037d10:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······00037d10:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······
00037d20:·2020·2020·2020·2020·2020·2020·2020·2861················(a00037d20:·2020·2020·2020·2020·2020·2020·2020·2861················(a
00037d30:·7320·6f66·2032·3032·342d·3031·2d31·3429··s·of·2024-01-14)00037d30:·7320·6f66·2032·3032·352d·3032·2d31·3529··s·of·2025-02-15)
00037d40:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············00037d40:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············
00037d50:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div00037d50:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div
00037d60:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co00037d60:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co
00037d70:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><00037d70:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><
00037d80:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc00037d80:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc
00037d90:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec00037d90:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec
00037da0:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_00037da0:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_
632 B
html2text {}
    
Offset 38, 15 lines modifiedOffset 38, 15 lines modified
38 *****·Profile·Information·*****38 *****·Profile·Information·*****
39 Profile·Title·Standard·System·Security·Profile·for·Oracle·Linux·839 Profile·Title·Standard·System·Security·Profile·for·Oracle·Linux·8
40 Profile·ID····xccdf_org.ssgproject.content_profile_standard40 Profile·ID····xccdf_org.ssgproject.content_profile_standard
41 ***·CPE·Platforms·***41 ***·CPE·Platforms·***
42 ····*·cpe:/o:oracle:linux:842 ····*·cpe:/o:oracle:linux:8
43 *****·Revision·History·*****43 *****·Revision·History·*****
44 Current·version:·0.1.6544 Current·version:·0.1.65
45 ····*·draft·(as·of·2024-01-14)45 ····*·draft·(as·of·2025-02-15)
46 *****·Table·of·Contents·*****46 *****·Table·of·Contents·*****
47 ···1.·System_Settings47 ···1.·System_Settings
48 ·········1.·Installing_and_Maintaining_Software48 ·········1.·Installing_and_Maintaining_Software
49 ·········2.·Account_and_Access_Control49 ·········2.·Account_and_Access_Control
50 ·········3.·System_Accounting_with_auditd50 ·········3.·System_Accounting_with_auditd
51 ·········4.·Configure_Syslog51 ·········4.·Configure_Syslog
52 ·········5.·File_Permissions_and_Masks52 ·········5.·File_Permissions_and_Masks
7.08 KB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-stig.html
    
Offset 14278, 15 lines modifiedOffset 14278, 15 lines modified
00037c50:·746f·7279·3c2f·6832·3e3c·703e·4375·7272··tory</h2><p>Curr00037c50:·746f·7279·3c2f·6832·3e3c·703e·4375·7272··tory</h2><p>Curr
00037c60:·656e·7420·7665·7273·696f·6e3a·203c·7374··ent·version:·<st00037c60:·656e·7420·7665·7273·696f·6e3a·203c·7374··ent·version:·<st
00037c70:·726f·6e67·3e30·2e31·2e36·353c·2f73·7472··rong>0.1.65</str00037c70:·726f·6e67·3e30·2e31·2e36·353c·2f73·7472··rong>0.1.65</str
00037c80:·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c·693e··ong></p><ul><li>00037c80:·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c·693e··ong></p><ul><li>
00037c90:·3c73·7472·6f6e·673e·6472·6166·743c·2f73··<strong>draft</s00037c90:·3c73·7472·6f6e·673e·6472·6166·743c·2f73··<strong>draft</s
00037ca0:·7472·6f6e·673e·0a20·2020·2020·2020·2020··trong>.·········00037ca0:·7472·6f6e·673e·0a20·2020·2020·2020·2020··trong>.·········
00037cb0:·2020·2020·2020·2020·2020·2028·6173·206f·············(as·o00037cb0:·2020·2020·2020·2020·2020·2028·6173·206f·············(as·o
00037cc0:·6620·3230·3234·2d30·312d·3134·290a·2020··f·2024-01-14).··00037cc0:·6620·3230·3235·2d30·322d·3135·290a·2020··f·2025-02-15).··
00037cd0:·2020·2020·2020·2020·2020·2020·2020·3c2f················</00037cd0:·2020·2020·2020·2020·2020·2020·2020·3c2f················</
00037ce0:·6c69·3e3c·2f75·6c3e·3c2f·6469·763e·3c68··li></ul></div><h00037ce0:·6c69·3e3c·2f75·6c3e·3c2f·6469·763e·3c68··li></ul></div><h
00037cf0:·323e·5461·626c·6520·6f66·2043·6f6e·7465··2>Table·of·Conte00037cf0:·323e·5461·626c·6520·6f66·2043·6f6e·7465··2>Table·of·Conte
00037d00:·6e74·733c·2f68·323e·3c6f·6c3e·3c6c·693e··nts</h2><ol><li>00037d00:·6e74·733c·2f68·323e·3c6f·6c3e·3c6c·693e··nts</h2><ol><li>
00037d10:·3c61·2068·7265·663d·2223·7863·6364·665f··<a·href="#xccdf_00037d10:·3c61·2068·7265·663d·2223·7863·6364·665f··<a·href="#xccdf_
00037d20:·6f72·672e·7373·6770·726f·6a65·6374·2e63··org.ssgproject.c00037d20:·6f72·672e·7373·6770·726f·6a65·6374·2e63··org.ssgproject.c
00037d30:·6f6e·7465·6e74·5f67·726f·7570·5f73·7973··ontent_group_sys00037d30:·6f6e·7465·6e74·5f67·726f·7570·5f73·7973··ontent_group_sys
Offset 356757, 23 lines modifiedOffset 356757, 23 lines modified
00571940:·6e74·5f72·6573·7472·6963·7469·6f6e·735c··nt_restrictions\00571940:·6e74·5f72·6573·7472·6963·7469·6f6e·735c··nt_restrictions\
00571950:·732a·3d5c·732a·0a20·2020·2020·206c·696e··s*=\s*.······lin00571950:·732a·3d5c·732a·0a20·2020·2020·206c·696e··s*=\s*.······lin
00571960:·653a·2073·6d74·7064·5f63·6c69·656e·745f··e:·smtpd_client_00571960:·653a·2073·6d74·7064·5f63·6c69·656e·745f··e:·smtpd_client_
00571970:·7265·7374·7269·6374·696f·6e73·203d·2070··restrictions·=·p00571970:·7265·7374·7269·6374·696f·6e73·203d·2070··restrictions·=·p
00571980:·6572·6d69·745f·6d79·6e65·7477·6f72·6b73··ermit_mynetworks00571980:·6572·6d69·745f·6d79·6e65·7477·6f72·6b73··ermit_mynetworks
00571990:·2c72·656a·6563·740a·2020·2020·2020·7374··,reject.······st00571990:·2c72·656a·6563·740a·2020·2020·2020·7374··,reject.······st
005719a0:·6174·653a·2070·7265·7365·6e74·0a20·2077··ate:·present.··w005719a0:·6174·653a·2070·7265·7365·6e74·0a20·2077··ate:·present.··w
005719b0:·6865·6e3a·0a20·202d·2061·6e73·6962·6c65··hen:.··-·ansible005719b0:·6865·6e3a·0a20·202d·2027·2270·6f73·7466··hen:.··-·'"postf
005719c0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_ 
005719d0:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do 
005719e0:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o 
005719f0:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman" 
00571a00:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].· 
00571a10:·202d·2027·2270·6f73·7466·6978·2220·696e···-·'"postfix"·in 
00571a20:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
00571a30:·6163·6b61·6765·7327·0a20·2074·6167·733a··ackages'.··tags:005719c0:·6978·2220·696e·2061·6e73·6962·6c65·5f66··ix"·in·ansible_f
 005719d0:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
 005719e0:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu
 005719f0:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n
 00571a00:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",
 00571a10:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"
 00571a20:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con
 00571a30:·7461·696e·6572·225d·0a20·2074·6167·733a··tainer"].··tags:
00571a40:·0a20·202d·2044·4953·412d·5354·4947·2d4f··.··-·DISA-STIG-O00571a40:·0a20·202d·2044·4953·412d·5354·4947·2d4f··.··-·DISA-STIG-O
00571a50:·4c30·382d·3030·2d30·3430·3239·300a·2020··L08-00-040290.··00571a50:·4c30·382d·3030·2d30·3430·3239·300a·2020··L08-00-040290.··
00571a60:·2d20·6c6f·775f·636f·6d70·6c65·7869·7479··-·low_complexity00571a60:·2d20·6c6f·775f·636f·6d70·6c65·7869·7479··-·low_complexity
00571a70:·0a20·202d·206c·6f77·5f64·6973·7275·7074··.··-·low_disrupt00571a70:·0a20·202d·206c·6f77·5f64·6973·7275·7074··.··-·low_disrupt
00571a80:·696f·6e0a·2020·2d20·6d65·6469·756d·5f73··ion.··-·medium_s00571a80:·696f·6e0a·2020·2d20·6d65·6469·756d·5f73··ion.··-·medium_s
00571a90:·6576·6572·6974·790a·2020·2d20·6e6f·5f72··everity.··-·no_r00571a90:·6576·6572·6974·790a·2020·2d20·6e6f·5f72··everity.··-·no_r
00571aa0:·6562·6f6f·745f·6e65·6564·6564·0a20·202d··eboot_needed.··-00571aa0:·6562·6f6f·745f·6e65·6564·6564·0a20·202d··eboot_needed.··-
Offset 356797, 21 lines modifiedOffset 356797, 21 lines modified
00571bc0:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan00571bc0:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan
00571bd0:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll00571bd0:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll
00571be0:·6170·7365·2220·6964·3d22·6964·6d35·3937··apse"·id="idm59700571be0:·6170·7365·2220·6964·3d22·6964·6d35·3937··apse"·id="idm597
00571bf0:·3432·223e·3c70·7265·3e3c·636f·6465·3e23··42"><pre><code>#00571bf0:·3432·223e·3c70·7265·3e3c·636f·6465·3e23··42"><pre><code>#
00571c00:·2052·656d·6564·6961·7469·6f6e·2069·7320···Remediation·is·00571c00:·2052·656d·6564·6961·7469·6f6e·2069·7320···Remediation·is·
00571c10:·6170·706c·6963·6162·6c65·206f·6e6c·7920··applicable·only·00571c10:·6170·706c·6963·6162·6c65·206f·6e6c·7920··applicable·only·
00571c20:·696e·2063·6572·7461·696e·2070·6c61·7466··in·certain·platf00571c20:·696e·2063·6572·7461·696e·2070·6c61·7466··in·certain·platf
00571c30:·6f72·6d73·0a69·6620·5b20·2120·2d66·202f··orms.if·[·!·-f·/00571c30:·6f72·6d73·0a69·6620·7270·6d20·2d2d·7175··orms.if·rpm·--qu
00571c40:·2e64·6f63·6b65·7265·6e76·205d·2026·616d··.dockerenv·]·&am00571c40:·6965·7420·2d71·2070·6f73·7466·6978·2026··iet·-q·postfix·&
00571c50:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/00571c50:·616d·703b·2661·6d70·3b20·5b20·2120·2d66··amp;&amp;·[·!·-f
 00571c60:·202f·2e64·6f63·6b65·7265·6e76·205d·2026···/.dockerenv·]·&
 00571c70:·616d·703b·2661·6d70·3b20·5b20·2120·2d66··amp;&amp;·[·!·-f
00571c60:·7275·6e2f·2e63·6f6e·7461·696e·6572·656e··run/.containeren00571c80:·202f·7275·6e2f·2e63·6f6e·7461·696e·6572···/run/.container
00571c70:·7620·5d20·2661·6d70·3b26·616d·703b·2072··v·]·&amp;&amp;·r 
00571c80:·706d·202d·2d71·7569·6574·202d·7120·706f··pm·--quiet·-q·po 
00571c90:·7374·6669·783b·2074·6865·6e0a·0a69·6620··stfix;·then..if·00571c90:·656e·7620·5d3b·2074·6865·6e0a·0a69·6620··env·];·then..if·
00571ca0:·2120·6772·6570·202d·7120·5e73·6d74·7064··!·grep·-q·^smtpd00571ca0:·2120·6772·6570·202d·7120·5e73·6d74·7064··!·grep·-q·^smtpd
00571cb0:·5f63·6c69·656e·745f·7265·7374·7269·6374··_client_restrict00571cb0:·5f63·6c69·656e·745f·7265·7374·7269·6374··_client_restrict
00571cc0:·696f·6e73·202f·6574·632f·706f·7374·6669··ions·/etc/postfi00571cc0:·696f·6e73·202f·6574·632f·706f·7374·6669··ions·/etc/postfi
00571cd0:·782f·6d61·696e·2e63·663b·2074·6865·6e0a··x/main.cf;·then.00571cd0:·782f·6d61·696e·2e63·663b·2074·6865·6e0a··x/main.cf;·then.
00571ce0:·0965·6368·6f20·2273·6d74·7064·5f63·6c69··.echo·"smtpd_cli00571ce0:·0965·6368·6f20·2273·6d74·7064·5f63·6c69··.echo·"smtpd_cli
00571cf0:·656e·745f·7265·7374·7269·6374·696f·6e73··ent_restrictions00571cf0:·656e·745f·7265·7374·7269·6374·696f·6e73··ent_restrictions
00571d00:·203d·2070·6572·6d69·745f·6d79·6e65·7477···=·permit_mynetw00571d00:·203d·2070·6572·6d69·745f·6d79·6e65·7477···=·permit_mynetw
1.77 KB
html2text {}
    
Offset 37, 15 lines modifiedOffset 37, 15 lines modified
37 *****·Profile·Information·*****37 *****·Profile·Information·*****
38 Profile·Title·DISA·STIG·for·Oracle·Linux·838 Profile·Title·DISA·STIG·for·Oracle·Linux·8
39 Profile·ID····xccdf_org.ssgproject.content_profile_stig39 Profile·ID····xccdf_org.ssgproject.content_profile_stig
40 ***·CPE·Platforms·***40 ***·CPE·Platforms·***
41 ····*·cpe:/o:oracle:linux:841 ····*·cpe:/o:oracle:linux:8
42 *****·Revision·History·*****42 *****·Revision·History·*****
43 Current·version:·0.1.6543 Current·version:·0.1.65
44 ····*·draft·(as·of·2024-01-14)44 ····*·draft·(as·of·2025-02-15)
45 *****·Table·of·Contents·*****45 *****·Table·of·Contents·*****
46 ···1.·System_Settings46 ···1.·System_Settings
47 ·········1.·Installing_and_Maintaining_Software47 ·········1.·Installing_and_Maintaining_Software
48 ·········2.·Account_and_Access_Control48 ·········2.·Account_and_Access_Control
49 ·········3.·System_Accounting_with_auditd49 ·········3.·System_Accounting_with_auditd
50 ·········4.·GRUB2_bootloader_configuration50 ·········4.·GRUB2_bootloader_configuration
51 ·········5.·Configure_Syslog51 ·········5.·Configure_Syslog
Offset 75528, 27 lines modifiedOffset 75528, 27 lines modified
75528 ····lineinfile:75528 ····lineinfile:
75529 ······path:·/etc/postfix/main.cf75529 ······path:·/etc/postfix/main.cf
75530 ······create:·true75530 ······create:·true
75531 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*75531 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
75532 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject75532 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject
75533 ······state:·present75533 ······state:·present
75534 ··when:75534 ··when:
75535 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
75536 ··-·'"postfix"·in·ansible_facts.packages'75535 ··-·'"postfix"·in·ansible_facts.packages'
 75536 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
75537 ··tags:75537 ··tags:
75538 ··-·DISA-STIG-OL08-00-04029075538 ··-·DISA-STIG-OL08-00-040290
75539 ··-·low_complexity75539 ··-·low_complexity
75540 ··-·low_disruption75540 ··-·low_disruption
75541 ··-·medium_severity75541 ··-·medium_severity
75542 ··-·no_reboot_needed75542 ··-·no_reboot_needed
75543 ··-·postfix_prevent_unrestricted_relay75543 ··-·postfix_prevent_unrestricted_relay
75544 ··-·restrict_strategy75544 ··-·restrict_strategy
75545 Remediation_Shell_script_⇲75545 Remediation_Shell_script_⇲
75546 #·Remediation·is·applicable·only·in·certain·platforms75546 #·Remediation·is·applicable·only·in·certain·platforms
75547 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·postfix;·then75547 if·rpm·--quiet·-q·postfix·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
75548 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then75548 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then
75549 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf75549 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf
75550 else75550 else
75551 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf75551 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf
75552 fi75552 fi
  
7.23 KB
./usr/share/doc/ssg-nondebian/ssg-ol8-guide-stig_gui.html
    
Offset 14301, 16 lines modifiedOffset 14301, 16 lines modified
00037dc0:·6f6e·2048·6973·746f·7279·3c2f·6832·3e3c··on·History</h2><00037dc0:·6f6e·2048·6973·746f·7279·3c2f·6832·3e3c··on·History</h2><
00037dd0:·703e·4375·7272·656e·7420·7665·7273·696f··p>Current·versio00037dd0:·703e·4375·7272·656e·7420·7665·7273·696f··p>Current·versio
00037de0:·6e3a·203c·7374·726f·6e67·3e30·2e31·2e36··n:·<strong>0.1.600037de0:·6e3a·203c·7374·726f·6e67·3e30·2e31·2e36··n:·<strong>0.1.6
00037df0:·353c·2f73·7472·6f6e·673e·3c2f·703e·3c75··5</strong></p><u00037df0:·353c·2f73·7472·6f6e·673e·3c2f·703e·3c75··5</strong></p><u
00037e00:·6c3e·3c6c·693e·3c73·7472·6f6e·673e·6472··l><li><strong>dr00037e00:·6c3e·3c6c·693e·3c73·7472·6f6e·673e·6472··l><li><strong>dr
00037e10:·6166·743c·2f73·7472·6f6e·673e·0a20·2020··aft</strong>.···00037e10:·6166·743c·2f73·7472·6f6e·673e·0a20·2020··aft</strong>.···
00037e20:·2020·2020·2020·2020·2020·2020·2020·2020··················00037e20:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037e30:·2028·6173·206f·6620·3230·3234·2d30·312d···(as·of·2024-01-00037e30:·2028·6173·206f·6620·3230·3235·2d30·322d···(as·of·2025-02-
00037e40:·3134·290a·2020·2020·2020·2020·2020·2020··14).············00037e40:·3135·290a·2020·2020·2020·2020·2020·2020··15).············
00037e50:·2020·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f······</li></ul></00037e50:·2020·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f······</li></ul></
00037e60:·6469·763e·3c68·323e·5461·626c·6520·6f66··div><h2>Table·of00037e60:·6469·763e·3c68·323e·5461·626c·6520·6f66··div><h2>Table·of
00037e70:·2043·6f6e·7465·6e74·733c·2f68·323e·3c6f···Contents</h2><o00037e70:·2043·6f6e·7465·6e74·733c·2f68·323e·3c6f···Contents</h2><o
00037e80:·6c3e·3c6c·693e·3c61·2068·7265·663d·2223··l><li><a·href="#00037e80:·6c3e·3c6c·693e·3c61·2068·7265·663d·2223··l><li><a·href="#
00037e90:·7863·6364·665f·6f72·672e·7373·6770·726f··xccdf_org.ssgpro00037e90:·7863·6364·665f·6f72·672e·7373·6770·726f··xccdf_org.ssgpro
00037ea0:·6a65·6374·2e63·6f6e·7465·6e74·5f67·726f··ject.content_gro00037ea0:·6a65·6374·2e63·6f6e·7465·6e74·5f67·726f··ject.content_gro
00037eb0:·7570·5f73·7973·7465·6d22·3e53·7973·7465··up_system">Syste00037eb0:·7570·5f73·7973·7465·6d22·3e53·7973·7465··up_system">Syste
Offset 356775, 23 lines modifiedOffset 356775, 23 lines modified
00571a60:·6c69·656e·745f·7265·7374·7269·6374·696f··lient_restrictio00571a60:·6c69·656e·745f·7265·7374·7269·6374·696f··lient_restrictio
00571a70:·6e73·5c73·2a3d·5c73·2a0a·2020·2020·2020··ns\s*=\s*.······00571a70:·6e73·5c73·2a3d·5c73·2a0a·2020·2020·2020··ns\s*=\s*.······
00571a80:·6c69·6e65·3a20·736d·7470·645f·636c·6965··line:·smtpd_clie00571a80:·6c69·6e65·3a20·736d·7470·645f·636c·6965··line:·smtpd_clie
00571a90:·6e74·5f72·6573·7472·6963·7469·6f6e·7320··nt_restrictions·00571a90:·6e74·5f72·6573·7472·6963·7469·6f6e·7320··nt_restrictions·
00571aa0:·3d20·7065·726d·6974·5f6d·796e·6574·776f··=·permit_mynetwo00571aa0:·3d20·7065·726d·6974·5f6d·796e·6574·776f··=·permit_mynetwo
00571ab0:·726b·732c·7265·6a65·6374·0a20·2020·2020··rks,reject.·····00571ab0:·726b·732c·7265·6a65·6374·0a20·2020·2020··rks,reject.·····
00571ac0:·2073·7461·7465·3a20·7072·6573·656e·740a···state:·present.00571ac0:·2073·7461·7465·3a20·7072·6573·656e·740a···state:·present.
00571ad0:·2020·7768·656e·3a0a·2020·2d20·616e·7369····when:.··-·ansi00571ad0:·2020·7768·656e·3a0a·2020·2d20·2722·706f····when:.··-·'"po
00571ae0:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati 
00571af0:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[ 
00571b00:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc", 
00571b10:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm 
00571b20:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container" 
00571b30:·5d0a·2020·2d20·2722·706f·7374·6669·7822··].··-·'"postfix" 
00571b40:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
00571b50:·732e·7061·636b·6167·6573·270a·2020·7461··s.packages'.··ta00571ae0:·7374·6669·7822·2069·6e20·616e·7369·626c··stfix"·in·ansibl
 00571af0:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
 00571b00:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
 00571b10:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
 00571b20:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
 00571b30:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
 00571b40:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
 00571b50:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta
00571b60:·6773·3a0a·2020·2d20·4449·5341·2d53·5449··gs:.··-·DISA-STI00571b60:·6773·3a0a·2020·2d20·4449·5341·2d53·5449··gs:.··-·DISA-STI
00571b70:·472d·4f4c·3038·2d30·302d·3034·3032·3930··G-OL08-00-04029000571b70:·472d·4f4c·3038·2d30·302d·3034·3032·3930··G-OL08-00-040290
00571b80:·0a20·202d·206c·6f77·5f63·6f6d·706c·6578··.··-·low_complex00571b80:·0a20·202d·206c·6f77·5f63·6f6d·706c·6578··.··-·low_complex
00571b90:·6974·790a·2020·2d20·6c6f·775f·6469·7372··ity.··-·low_disr00571b90:·6974·790a·2020·2d20·6c6f·775f·6469·7372··ity.··-·low_disr
00571ba0:·7570·7469·6f6e·0a20·202d·206d·6564·6975··uption.··-·mediu00571ba0:·7570·7469·6f6e·0a20·202d·206d·6564·6975··uption.··-·mediu
00571bb0:·6d5f·7365·7665·7269·7479·0a20·202d·206e··m_severity.··-·n00571bb0:·6d5f·7365·7665·7269·7479·0a20·202d·206e··m_severity.··-·n
00571bc0:·6f5f·7265·626f·6f74·5f6e·6565·6465·640a··o_reboot_needed.00571bc0:·6f5f·7265·626f·6f74·5f6e·6565·6465·640a··o_reboot_needed.
Offset 356815, 21 lines modifiedOffset 356815, 21 lines modified
00571ce0:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="00571ce0:·3c62·723e·3c64·6976·2063·6c61·7373·3d22··<br><div·class="
00571cf0:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c00571cf0:·7061·6e65·6c2d·636f·6c6c·6170·7365·2063··panel-collapse·c
00571d00:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm00571d00:·6f6c·6c61·7073·6522·2069·643d·2269·646d··ollapse"·id="idm
00571d10:·3539·3734·3222·3e3c·7072·653e·3c63·6f64··59742"><pre><cod00571d10:·3539·3734·3222·3e3c·7072·653e·3c63·6f64··59742"><pre><cod
00571d20:·653e·2320·5265·6d65·6469·6174·696f·6e20··e>#·Remediation·00571d20:·653e·2320·5265·6d65·6469·6174·696f·6e20··e>#·Remediation·
00571d30:·6973·2061·7070·6c69·6361·626c·6520·6f6e··is·applicable·on00571d30:·6973·2061·7070·6c69·6361·626c·6520·6f6e··is·applicable·on
00571d40:·6c79·2069·6e20·6365·7274·6169·6e20·706c··ly·in·certain·pl00571d40:·6c79·2069·6e20·6365·7274·6169·6e20·706c··ly·in·certain·pl
00571d50:·6174·666f·726d·730a·6966·205b·2021·202d··atforms.if·[·!·-00571d50:·6174·666f·726d·730a·6966·2072·706d·202d··atforms.if·rpm·-
00571d60:·6620·2f2e·646f·636b·6572·656e·7620·5d20··f·/.dockerenv·]·00571d60:·2d71·7569·6574·202d·7120·706f·7374·6669··-quiet·-q·postfi
00571d70:·2661·6d70·3b26·616d·703b·205b·2021·202d··&amp;&amp;·[·!·-00571d70:·7820·2661·6d70·3b26·616d·703b·205b·2021··x·&amp;&amp;·[·!
 00571d80:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·
 00571d90:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!
00571d80:·6620·2f72·756e·2f2e·636f·6e74·6169·6e65··f·/run/.containe00571da0:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai
 00571db0:·6e65·7265·6e76·205d·3b20·7468·656e·0a0a··nerenv·];·then..
00571d90:·7265·6e76·205d·2026·616d·703b·2661·6d70··renv·]·&amp;&amp 
00571da0:·3b20·7270·6d20·2d2d·7175·6965·7420·2d71··;·rpm·--quiet·-q 
00571db0:·2070·6f73·7466·6978·3b20·7468·656e·0a0a···postfix;·then.. 
00571dc0:·6966·2021·2067·7265·7020·2d71·205e·736d··if·!·grep·-q·^sm00571dc0:·6966·2021·2067·7265·7020·2d71·205e·736d··if·!·grep·-q·^sm
00571dd0:·7470·645f·636c·6965·6e74·5f72·6573·7472··tpd_client_restr00571dd0:·7470·645f·636c·6965·6e74·5f72·6573·7472··tpd_client_restr
00571de0:·6963·7469·6f6e·7320·2f65·7463·2f70·6f73··ictions·/etc/pos00571de0:·6963·7469·6f6e·7320·2f65·7463·2f70·6f73··ictions·/etc/pos
00571df0:·7466·6978·2f6d·6169·6e2e·6366·3b20·7468··tfix/main.cf;·th00571df0:·7466·6978·2f6d·6169·6e2e·6366·3b20·7468··tfix/main.cf;·th
00571e00:·656e·0a09·6563·686f·2022·736d·7470·645f··en..echo·"smtpd_00571e00:·656e·0a09·6563·686f·2022·736d·7470·645f··en..echo·"smtpd_
00571e10:·636c·6965·6e74·5f72·6573·7472·6963·7469··client_restricti00571e10:·636c·6965·6e74·5f72·6573·7472·6963·7469··client_restricti
00571e20:·6f6e·7320·3d20·7065·726d·6974·5f6d·796e··ons·=·permit_myn00571e20:·6f6e·7320·3d20·7065·726d·6974·5f6d·796e··ons·=·permit_myn
1.78 KB
html2text {}
    
Offset 42, 15 lines modifiedOffset 42, 15 lines modified
42 *****·Profile·Information·*****42 *****·Profile·Information·*****
43 Profile·Title·DISA·STIG·with·GUI·for·Oracle·Linux·843 Profile·Title·DISA·STIG·with·GUI·for·Oracle·Linux·8
44 Profile·ID····xccdf_org.ssgproject.content_profile_stig_gui44 Profile·ID····xccdf_org.ssgproject.content_profile_stig_gui
45 ***·CPE·Platforms·***45 ***·CPE·Platforms·***
46 ····*·cpe:/o:oracle:linux:846 ····*·cpe:/o:oracle:linux:8
47 *****·Revision·History·*****47 *****·Revision·History·*****
48 Current·version:·0.1.6548 Current·version:·0.1.65
49 ····*·draft·(as·of·2024-01-14)49 ····*·draft·(as·of·2025-02-15)
50 *****·Table·of·Contents·*****50 *****·Table·of·Contents·*****
51 ···1.·System_Settings51 ···1.·System_Settings
52 ·········1.·Installing_and_Maintaining_Software52 ·········1.·Installing_and_Maintaining_Software
53 ·········2.·Account_and_Access_Control53 ·········2.·Account_and_Access_Control
54 ·········3.·System_Accounting_with_auditd54 ·········3.·System_Accounting_with_auditd
55 ·········4.·GRUB2_bootloader_configuration55 ·········4.·GRUB2_bootloader_configuration
56 ·········5.·Configure_Syslog56 ·········5.·Configure_Syslog
Offset 75532, 27 lines modifiedOffset 75532, 27 lines modified
75532 ····lineinfile:75532 ····lineinfile:
75533 ······path:·/etc/postfix/main.cf75533 ······path:·/etc/postfix/main.cf
75534 ······create:·true75534 ······create:·true
75535 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*75535 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
75536 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject75536 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject
75537 ······state:·present75537 ······state:·present
75538 ··when:75538 ··when:
75539 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
75540 ··-·'"postfix"·in·ansible_facts.packages'75539 ··-·'"postfix"·in·ansible_facts.packages'
 75540 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
75541 ··tags:75541 ··tags:
75542 ··-·DISA-STIG-OL08-00-04029075542 ··-·DISA-STIG-OL08-00-040290
75543 ··-·low_complexity75543 ··-·low_complexity
75544 ··-·low_disruption75544 ··-·low_disruption
75545 ··-·medium_severity75545 ··-·medium_severity
75546 ··-·no_reboot_needed75546 ··-·no_reboot_needed
75547 ··-·postfix_prevent_unrestricted_relay75547 ··-·postfix_prevent_unrestricted_relay
75548 ··-·restrict_strategy75548 ··-·restrict_strategy
75549 Remediation_Shell_script_⇲75549 Remediation_Shell_script_⇲
75550 #·Remediation·is·applicable·only·in·certain·platforms75550 #·Remediation·is·applicable·only·in·certain·platforms
75551 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·postfix;·then75551 if·rpm·--quiet·-q·postfix·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
75552 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then75552 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then
75553 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf75553 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf
75554 else75554 else
75555 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf75555 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf
75556 fi75556 fi
  
1.84 KB
./usr/share/doc/ssg-nondebian/ssg-ol9-guide-anssi_bp28_enhanced.html
    
Offset 14302, 15 lines modifiedOffset 14302, 15 lines modified
00037dd0:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current00037dd0:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current
00037de0:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron00037de0:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron
00037df0:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong00037df0:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong
00037e00:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st00037e00:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st
00037e10:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro00037e10:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro
00037e20:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············00037e20:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············
00037e30:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·200037e30:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·2
00037e40:·3032·342d·3031·2d31·3429·0a20·2020·2020··024-01-14).·····00037e40:·3032·352d·3032·2d31·3529·0a20·2020·2020··025-02-15).·····
00037e50:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>00037e50:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>
00037e60:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T00037e60:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T
00037e70:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents00037e70:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents
00037e80:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·00037e80:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·
00037e90:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org00037e90:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org
00037ea0:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont00037ea0:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont
00037eb0:·656e·745f·6772·6f75·705f·7379·7374·656d··ent_group_system00037eb0:·656e·745f·6772·6f75·705f·7379·7374·656d··ent_group_system
619 B
html2text {}
    
Offset 43, 15 lines modifiedOffset 43, 15 lines modified
43 *****·Profile·Information·*****43 *****·Profile·Information·*****
44 Profile·Title·ANSSI-BP-028·(enhanced)44 Profile·Title·ANSSI-BP-028·(enhanced)
45 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced45 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced
46 ***·CPE·Platforms·***46 ***·CPE·Platforms·***
47 ····*·cpe:/o:oracle:linux:947 ····*·cpe:/o:oracle:linux:9
48 *****·Revision·History·*****48 *****·Revision·History·*****
49 Current·version:·0.1.6549 Current·version:·0.1.65
50 ····*·draft·(as·of·2024-01-14)50 ····*·draft·(as·of·2025-02-15)
51 *****·Table·of·Contents·*****51 *****·Table·of·Contents·*****
52 ···1.·System_Settings52 ···1.·System_Settings
53 ·········1.·Installing_and_Maintaining_Software53 ·········1.·Installing_and_Maintaining_Software
54 ·········2.·Account_and_Access_Control54 ·········2.·Account_and_Access_Control
55 ·········3.·System_Accounting_with_auditd55 ·········3.·System_Accounting_with_auditd
56 ·········4.·GRUB2_bootloader_configuration56 ·········4.·GRUB2_bootloader_configuration
57 ·········5.·Configure_Syslog57 ·········5.·Configure_Syslog
1.83 KB
./usr/share/doc/ssg-nondebian/ssg-ol9-guide-anssi_bp28_high.html
    
Offset 14301, 15 lines modifiedOffset 14301, 15 lines modified
00037dc0:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current00037dc0:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current
00037dd0:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron00037dd0:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron
00037de0:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong00037de0:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong
00037df0:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st00037df0:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st
00037e00:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro00037e00:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro
00037e10:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············00037e10:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············
00037e20:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·200037e20:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·2
00037e30:·3032·342d·3031·2d31·3429·0a20·2020·2020··024-01-14).·····00037e30:·3032·352d·3032·2d31·3529·0a20·2020·2020··025-02-15).·····
00037e40:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>00037e40:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>
00037e50:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T00037e50:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T
00037e60:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents00037e60:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents
00037e70:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·00037e70:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·
00037e80:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org00037e80:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org
00037e90:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont00037e90:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont
00037ea0:·656e·745f·6772·6f75·705f·7379·7374·656d··ent_group_system00037ea0:·656e·745f·6772·6f75·705f·7379·7374·656d··ent_group_system
611 B
html2text {}
    
Offset 43, 15 lines modifiedOffset 43, 15 lines modified
43 *****·Profile·Information·*****43 *****·Profile·Information·*****
44 Profile·Title·ANSSI-BP-028·(high)44 Profile·Title·ANSSI-BP-028·(high)
45 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_high45 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_high
46 ***·CPE·Platforms·***46 ***·CPE·Platforms·***
47 ····*·cpe:/o:oracle:linux:947 ····*·cpe:/o:oracle:linux:9
48 *****·Revision·History·*****48 *****·Revision·History·*****
49 Current·version:·0.1.6549 Current·version:·0.1.65
50 ····*·draft·(as·of·2024-01-14)50 ····*·draft·(as·of·2025-02-15)
51 *****·Table·of·Contents·*****51 *****·Table·of·Contents·*****
52 ···1.·System_Settings52 ···1.·System_Settings
53 ·········1.·Installing_and_Maintaining_Software53 ·········1.·Installing_and_Maintaining_Software
54 ·········2.·Account_and_Access_Control54 ·········2.·Account_and_Access_Control
55 ·········3.·System_Accounting_with_auditd55 ·········3.·System_Accounting_with_auditd
56 ·········4.·GRUB2_bootloader_configuration56 ·········4.·GRUB2_bootloader_configuration
57 ·········5.·Configure_Syslog57 ·········5.·Configure_Syslog
1.86 KB
./usr/share/doc/ssg-nondebian/ssg-ol9-guide-anssi_bp28_intermediary.html
    
Offset 14303, 15 lines modifiedOffset 14303, 15 lines modified
00037de0:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current00037de0:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current
00037df0:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron00037df0:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron
00037e00:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong00037e00:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong
00037e10:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st00037e10:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st
00037e20:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro00037e20:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro
00037e30:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············00037e30:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············
00037e40:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·200037e40:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·2
00037e50:·3032·342d·3031·2d31·3429·0a20·2020·2020··024-01-14).·····00037e50:·3032·352d·3032·2d31·3529·0a20·2020·2020··025-02-15).·····
00037e60:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>00037e60:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>
00037e70:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T00037e70:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T
00037e80:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents00037e80:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents
00037e90:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·00037e90:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·
00037ea0:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org00037ea0:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org
00037eb0:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont00037eb0:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont
00037ec0:·656e·745f·6772·6f75·705f·7379·7374·656d··ent_group_system00037ec0:·656e·745f·6772·6f75·705f·7379·7374·656d··ent_group_system
632 B
html2text {}
    
Offset 43, 15 lines modifiedOffset 43, 15 lines modified
43 *****·Profile·Information·*****43 *****·Profile·Information·*****
44 Profile·Title·ANSSI-BP-028·(intermediary)44 Profile·Title·ANSSI-BP-028·(intermediary)
45 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary45 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary
46 ***·CPE·Platforms·***46 ***·CPE·Platforms·***
47 ····*·cpe:/o:oracle:linux:947 ····*·cpe:/o:oracle:linux:9
48 *****·Revision·History·*****48 *****·Revision·History·*****
49 Current·version:·0.1.6549 Current·version:·0.1.65
50 ····*·draft·(as·of·2024-01-14)50 ····*·draft·(as·of·2025-02-15)
51 *****·Table·of·Contents·*****51 *****·Table·of·Contents·*****
52 ···1.·System_Settings52 ···1.·System_Settings
53 ·········1.·Installing_and_Maintaining_Software53 ·········1.·Installing_and_Maintaining_Software
54 ·········2.·Account_and_Access_Control54 ·········2.·Account_and_Access_Control
55 ·········3.·System_Accounting_with_auditd55 ·········3.·System_Accounting_with_auditd
56 ·········4.·Configure_Syslog56 ·········4.·Configure_Syslog
57 ·········5.·Network_Configuration_and_Firewalls57 ·········5.·Network_Configuration_and_Firewalls
1.94 KB
./usr/share/doc/ssg-nondebian/ssg-ol9-guide-anssi_bp28_minimal.html
    
Offset 14301, 16 lines modifiedOffset 14301, 16 lines modified
00037dc0:·6973·696f·6e20·4869·7374·6f72·793c·2f68··ision·History</h00037dc0:·6973·696f·6e20·4869·7374·6f72·793c·2f68··ision·History</h
00037dd0:·323e·3c70·3e43·7572·7265·6e74·2076·6572··2><p>Current·ver00037dd0:·323e·3c70·3e43·7572·7265·6e74·2076·6572··2><p>Current·ver
00037de0:·7369·6f6e·3a20·3c73·7472·6f6e·673e·302e··sion:·<strong>0.00037de0:·7369·6f6e·3a20·3c73·7472·6f6e·673e·302e··sion:·<strong>0.
00037df0:·312e·3635·3c2f·7374·726f·6e67·3e3c·2f70··1.65</strong></p00037df0:·312e·3635·3c2f·7374·726f·6e67·3e3c·2f70··1.65</strong></p
00037e00:·3e3c·756c·3e3c·6c69·3e3c·7374·726f·6e67··><ul><li><strong00037e00:·3e3c·756c·3e3c·6c69·3e3c·7374·726f·6e67··><ul><li><strong
00037e10:·3e64·7261·6674·3c2f·7374·726f·6e67·3e0a··>draft</strong>.00037e10:·3e64·7261·6674·3c2f·7374·726f·6e67·3e0a··>draft</strong>.
00037e20:·2020·2020·2020·2020·2020·2020·2020·2020··················00037e20:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037e30:·2020·2020·2861·7320·6f66·2032·3032·342d······(as·of·2024-00037e30:·2020·2020·2861·7320·6f66·2032·3032·352d······(as·of·2025-
00037e40:·3031·2d31·3429·0a20·2020·2020·2020·2020··01-14).·········00037e40:·3032·2d31·3529·0a20·2020·2020·2020·2020··02-15).·········
00037e50:·2020·2020·2020·203c·2f6c·693e·3c2f·756c·········</li></ul00037e50:·2020·2020·2020·203c·2f6c·693e·3c2f·756c·········</li></ul
00037e60:·3e3c·2f64·6976·3e3c·6832·3e54·6162·6c65··></div><h2>Table00037e60:·3e3c·2f64·6976·3e3c·6832·3e54·6162·6c65··></div><h2>Table
00037e70:·206f·6620·436f·6e74·656e·7473·3c2f·6832···of·Contents</h200037e70:·206f·6620·436f·6e74·656e·7473·3c2f·6832···of·Contents</h2
00037e80:·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872·6566··><ol><li><a·href00037e80:·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872·6566··><ol><li><a·href
00037e90:·3d22·2378·6363·6466·5f6f·7267·2e73·7367··="#xccdf_org.ssg00037e90:·3d22·2378·6363·6466·5f6f·7267·2e73·7367··="#xccdf_org.ssg
00037ea0:·7072·6f6a·6563·742e·636f·6e74·656e·745f··project.content_00037ea0:·7072·6f6a·6563·742e·636f·6e74·656e·745f··project.content_
00037eb0:·6772·6f75·705f·7379·7374·656d·223e·5379··group_system">Sy00037eb0:·6772·6f75·705f·7379·7374·656d·223e·5379··group_system">Sy
586 B
html2text {}
    
Offset 43, 15 lines modifiedOffset 43, 15 lines modified
43 *****·Profile·Information·*****43 *****·Profile·Information·*****
44 Profile·Title·ANSSI-BP-028·(minimal)44 Profile·Title·ANSSI-BP-028·(minimal)
45 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_minimal45 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_minimal
46 ***·CPE·Platforms·***46 ***·CPE·Platforms·***
47 ····*·cpe:/o:oracle:linux:947 ····*·cpe:/o:oracle:linux:9
48 *****·Revision·History·*****48 *****·Revision·History·*****
49 Current·version:·0.1.6549 Current·version:·0.1.65
50 ····*·draft·(as·of·2024-01-14)50 ····*·draft·(as·of·2025-02-15)
51 *****·Table·of·Contents·*****51 *****·Table·of·Contents·*****
52 ···1.·System_Settings52 ···1.·System_Settings
53 ·········1.·Installing_and_Maintaining_Software53 ·········1.·Installing_and_Maintaining_Software
54 ·········2.·Account_and_Access_Control54 ·········2.·Account_and_Access_Control
55 ·········3.·Configure_Syslog55 ·········3.·Configure_Syslog
56 ·········4.·File_Permissions_and_Masks56 ·········4.·File_Permissions_and_Masks
57 ···2.·Services57 ···2.·Services
1.99 KB
./usr/share/doc/ssg-nondebian/ssg-ol9-guide-cui.html
    
Offset 14330, 16 lines modifiedOffset 14330, 16 lines modified
00037f90:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p00037f90:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p
00037fa0:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version00037fa0:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version
00037fb0:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.6500037fb0:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.65
00037fc0:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul00037fc0:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul
00037fd0:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra00037fd0:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra
00037fe0:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····00037fe0:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····
00037ff0:·2020·2020·2020·2020·2020·2020·2020·2020··················00037ff0:·2020·2020·2020·2020·2020·2020·2020·2020··················
00038000:·2861·7320·6f66·2032·3032·342d·3031·2d31··(as·of·2024-01-100038000:·2861·7320·6f66·2032·3032·352d·3032·2d31··(as·of·2025-02-1
00038010:·3429·0a20·2020·2020·2020·2020·2020·2020··4).·············00038010:·3529·0a20·2020·2020·2020·2020·2020·2020··5).·············
00038020:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d00038020:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d
00038030:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·00038030:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·
00038040:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol00038040:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol
00038050:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x00038050:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x
00038060:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj00038060:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj
00038070:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou00038070:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou
00038080:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System00038080:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System
662 B
html2text {}
    
Offset 50, 15 lines modifiedOffset 50, 15 lines modified
50 Profile·Title·[DRAFT]·Unclassified·Information·in·Non-federal·Information50 Profile·Title·[DRAFT]·Unclassified·Information·in·Non-federal·Information
51 ··············Systems·and·Organizations·(NIST·800-171)51 ··············Systems·and·Organizations·(NIST·800-171)
52 Profile·ID····xccdf_org.ssgproject.content_profile_cui52 Profile·ID····xccdf_org.ssgproject.content_profile_cui
53 ***·CPE·Platforms·***53 ***·CPE·Platforms·***
54 ····*·cpe:/o:oracle:linux:954 ····*·cpe:/o:oracle:linux:9
55 *****·Revision·History·*****55 *****·Revision·History·*****
56 Current·version:·0.1.6556 Current·version:·0.1.65
57 ····*·draft·(as·of·2024-01-14)57 ····*·draft·(as·of·2025-02-15)
58 *****·Table·of·Contents·*****58 *****·Table·of·Contents·*****
59 ···1.·System_Settings59 ···1.·System_Settings
60 ·········1.·Installing_and_Maintaining_Software60 ·········1.·Installing_and_Maintaining_Software
61 ·········2.·Account_and_Access_Control61 ·········2.·Account_and_Access_Control
62 ·········3.·System_Accounting_with_auditd62 ·········3.·System_Accounting_with_auditd
63 ·········4.·GRUB2_bootloader_configuration63 ·········4.·GRUB2_bootloader_configuration
64 ·········5.·Configure_Syslog64 ·········5.·Configure_Syslog
1.83 KB
./usr/share/doc/ssg-nondebian/ssg-ol9-guide-e8.html
    
Offset 14296, 15 lines modifiedOffset 14296, 15 lines modified
00037d70:·746f·7279·3c2f·6832·3e3c·703e·4375·7272··tory</h2><p>Curr00037d70:·746f·7279·3c2f·6832·3e3c·703e·4375·7272··tory</h2><p>Curr
00037d80:·656e·7420·7665·7273·696f·6e3a·203c·7374··ent·version:·<st00037d80:·656e·7420·7665·7273·696f·6e3a·203c·7374··ent·version:·<st
00037d90:·726f·6e67·3e30·2e31·2e36·353c·2f73·7472··rong>0.1.65</str00037d90:·726f·6e67·3e30·2e31·2e36·353c·2f73·7472··rong>0.1.65</str
00037da0:·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c·693e··ong></p><ul><li>00037da0:·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c·693e··ong></p><ul><li>
00037db0:·3c73·7472·6f6e·673e·6472·6166·743c·2f73··<strong>draft</s00037db0:·3c73·7472·6f6e·673e·6472·6166·743c·2f73··<strong>draft</s
00037dc0:·7472·6f6e·673e·0a20·2020·2020·2020·2020··trong>.·········00037dc0:·7472·6f6e·673e·0a20·2020·2020·2020·2020··trong>.·········
00037dd0:·2020·2020·2020·2020·2020·2028·6173·206f·············(as·o00037dd0:·2020·2020·2020·2020·2020·2028·6173·206f·············(as·o
00037de0:·6620·3230·3234·2d30·312d·3134·290a·2020··f·2024-01-14).··00037de0:·6620·3230·3235·2d30·322d·3135·290a·2020··f·2025-02-15).··
00037df0:·2020·2020·2020·2020·2020·2020·2020·3c2f················</00037df0:·2020·2020·2020·2020·2020·2020·2020·3c2f················</
00037e00:·6c69·3e3c·2f75·6c3e·3c2f·6469·763e·3c68··li></ul></div><h00037e00:·6c69·3e3c·2f75·6c3e·3c2f·6469·763e·3c68··li></ul></div><h
00037e10:·323e·5461·626c·6520·6f66·2043·6f6e·7465··2>Table·of·Conte00037e10:·323e·5461·626c·6520·6f66·2043·6f6e·7465··2>Table·of·Conte
00037e20:·6e74·733c·2f68·323e·3c6f·6c3e·3c6c·693e··nts</h2><ol><li>00037e20:·6e74·733c·2f68·323e·3c6f·6c3e·3c6c·693e··nts</h2><ol><li>
00037e30:·3c61·2068·7265·663d·2223·7863·6364·665f··<a·href="#xccdf_00037e30:·3c61·2068·7265·663d·2223·7863·6364·665f··<a·href="#xccdf_
00037e40:·6f72·672e·7373·6770·726f·6a65·6374·2e63··org.ssgproject.c00037e40:·6f72·672e·7373·6770·726f·6a65·6374·2e63··org.ssgproject.c
00037e50:·6f6e·7465·6e74·5f67·726f·7570·5f73·7973··ontent_group_sys00037e50:·6f6e·7465·6e74·5f67·726f·7570·5f73·7973··ontent_group_sys
639 B
html2text {}
    
Offset 40, 15 lines modifiedOffset 40, 15 lines modified
40 *****·Profile·Information·*****40 *****·Profile·Information·*****
41 Profile·Title·Australian·Cyber·Security·Centre·(ACSC)·Essential·Eight41 Profile·Title·Australian·Cyber·Security·Centre·(ACSC)·Essential·Eight
42 Profile·ID····xccdf_org.ssgproject.content_profile_e842 Profile·ID····xccdf_org.ssgproject.content_profile_e8
43 ***·CPE·Platforms·***43 ***·CPE·Platforms·***
44 ····*·cpe:/o:oracle:linux:944 ····*·cpe:/o:oracle:linux:9
45 *****·Revision·History·*****45 *****·Revision·History·*****
46 Current·version:·0.1.6546 Current·version:·0.1.65
47 ····*·draft·(as·of·2024-01-14)47 ····*·draft·(as·of·2025-02-15)
48 *****·Table·of·Contents·*****48 *****·Table·of·Contents·*****
49 ···1.·System_Settings49 ···1.·System_Settings
50 ·········1.·Installing_and_Maintaining_Software50 ·········1.·Installing_and_Maintaining_Software
51 ·········2.·Account_and_Access_Control51 ·········2.·Account_and_Access_Control
52 ·········3.·System_Accounting_with_auditd52 ·········3.·System_Accounting_with_auditd
53 ·········4.·Configure_Syslog53 ·········4.·Configure_Syslog
54 ·········5.·Network_Configuration_and_Firewalls54 ·········5.·Network_Configuration_and_Firewalls
1.97 KB
./usr/share/doc/ssg-nondebian/ssg-ol9-guide-hipaa.html
    
Offset 14315, 16 lines modifiedOffset 14315, 16 lines modified
00037ea0:·6973·696f·6e20·4869·7374·6f72·793c·2f68··ision·History</h00037ea0:·6973·696f·6e20·4869·7374·6f72·793c·2f68··ision·History</h
00037eb0:·323e·3c70·3e43·7572·7265·6e74·2076·6572··2><p>Current·ver00037eb0:·323e·3c70·3e43·7572·7265·6e74·2076·6572··2><p>Current·ver
00037ec0:·7369·6f6e·3a20·3c73·7472·6f6e·673e·302e··sion:·<strong>0.00037ec0:·7369·6f6e·3a20·3c73·7472·6f6e·673e·302e··sion:·<strong>0.
00037ed0:·312e·3635·3c2f·7374·726f·6e67·3e3c·2f70··1.65</strong></p00037ed0:·312e·3635·3c2f·7374·726f·6e67·3e3c·2f70··1.65</strong></p
00037ee0:·3e3c·756c·3e3c·6c69·3e3c·7374·726f·6e67··><ul><li><strong00037ee0:·3e3c·756c·3e3c·6c69·3e3c·7374·726f·6e67··><ul><li><strong
00037ef0:·3e64·7261·6674·3c2f·7374·726f·6e67·3e0a··>draft</strong>.00037ef0:·3e64·7261·6674·3c2f·7374·726f·6e67·3e0a··>draft</strong>.
00037f00:·2020·2020·2020·2020·2020·2020·2020·2020··················00037f00:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037f10:·2020·2020·2861·7320·6f66·2032·3032·342d······(as·of·2024-00037f10:·2020·2020·2861·7320·6f66·2032·3032·352d······(as·of·2025-
00037f20:·3031·2d31·3429·0a20·2020·2020·2020·2020··01-14).·········00037f20:·3032·2d31·3529·0a20·2020·2020·2020·2020··02-15).·········
00037f30:·2020·2020·2020·203c·2f6c·693e·3c2f·756c·········</li></ul00037f30:·2020·2020·2020·203c·2f6c·693e·3c2f·756c·········</li></ul
00037f40:·3e3c·2f64·6976·3e3c·6832·3e54·6162·6c65··></div><h2>Table00037f40:·3e3c·2f64·6976·3e3c·6832·3e54·6162·6c65··></div><h2>Table
00037f50:·206f·6620·436f·6e74·656e·7473·3c2f·6832···of·Contents</h200037f50:·206f·6620·436f·6e74·656e·7473·3c2f·6832···of·Contents</h2
00037f60:·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872·6566··><ol><li><a·href00037f60:·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872·6566··><ol><li><a·href
00037f70:·3d22·2378·6363·6466·5f6f·7267·2e73·7367··="#xccdf_org.ssg00037f70:·3d22·2378·6363·6466·5f6f·7267·2e73·7367··="#xccdf_org.ssg
00037f80:·7072·6f6a·6563·742e·636f·6e74·656e·745f··project.content_00037f80:·7072·6f6a·6563·742e·636f·6e74·656e·745f··project.content_
00037f90:·6772·6f75·705f·7379·7374·656d·223e·5379··group_system">Sy00037f90:·6772·6f75·705f·7379·7374·656d·223e·5379··group_system">Sy
641 B
html2text {}
    
Offset 46, 15 lines modifiedOffset 46, 15 lines modified
46 *****·Profile·Information·*****46 *****·Profile·Information·*****
47 Profile·Title·Health·Insurance·Portability·and·Accountability·Act·(HIPAA)47 Profile·Title·Health·Insurance·Portability·and·Accountability·Act·(HIPAA)
48 Profile·ID····xccdf_org.ssgproject.content_profile_hipaa48 Profile·ID····xccdf_org.ssgproject.content_profile_hipaa
49 ***·CPE·Platforms·***49 ***·CPE·Platforms·***
50 ····*·cpe:/o:oracle:linux:950 ····*·cpe:/o:oracle:linux:9
51 *****·Revision·History·*****51 *****·Revision·History·*****
52 Current·version:·0.1.6552 Current·version:·0.1.65
53 ····*·draft·(as·of·2024-01-14)53 ····*·draft·(as·of·2025-02-15)
54 *****·Table·of·Contents·*****54 *****·Table·of·Contents·*****
55 ···1.·System_Settings55 ···1.·System_Settings
56 ·········1.·Installing_and_Maintaining_Software56 ·········1.·Installing_and_Maintaining_Software
57 ·········2.·Account_and_Access_Control57 ·········2.·Account_and_Access_Control
58 ·········3.·System_Accounting_with_auditd58 ·········3.·System_Accounting_with_auditd
59 ·········4.·GRUB2_bootloader_configuration59 ·········4.·GRUB2_bootloader_configuration
60 ·········5.·Configure_Syslog60 ·········5.·Configure_Syslog
1.84 KB
./usr/share/doc/ssg-nondebian/ssg-ol9-guide-ospp.html
    
Offset 14299, 15 lines modifiedOffset 14299, 15 lines modified
00037da0:·7279·3c2f·6832·3e3c·703e·4375·7272·656e··ry</h2><p>Curren00037da0:·7279·3c2f·6832·3e3c·703e·4375·7272·656e··ry</h2><p>Curren
00037db0:·7420·7665·7273·696f·6e3a·203c·7374·726f··t·version:·<stro00037db0:·7420·7665·7273·696f·6e3a·203c·7374·726f··t·version:·<stro
00037dc0:·6e67·3e30·2e31·2e36·353c·2f73·7472·6f6e··ng>0.1.65</stron00037dc0:·6e67·3e30·2e31·2e36·353c·2f73·7472·6f6e··ng>0.1.65</stron
00037dd0:·673e·3c2f·703e·3c75·6c3e·3c6c·693e·3c73··g></p><ul><li><s00037dd0:·673e·3c2f·703e·3c75·6c3e·3c6c·693e·3c73··g></p><ul><li><s
00037de0:·7472·6f6e·673e·6472·6166·743c·2f73·7472··trong>draft</str00037de0:·7472·6f6e·673e·6472·6166·743c·2f73·7472··trong>draft</str
00037df0:·6f6e·673e·0a20·2020·2020·2020·2020·2020··ong>.···········00037df0:·6f6e·673e·0a20·2020·2020·2020·2020·2020··ong>.···········
00037e00:·2020·2020·2020·2020·2028·6173·206f·6620···········(as·of·00037e00:·2020·2020·2020·2020·2028·6173·206f·6620···········(as·of·
00037e10:·3230·3234·2d30·312d·3134·290a·2020·2020··2024-01-14).····00037e10:·3230·3235·2d30·322d·3135·290a·2020·2020··2025-02-15).····
00037e20:·2020·2020·2020·2020·2020·2020·3c2f·6c69··············</li00037e20:·2020·2020·2020·2020·2020·2020·3c2f·6c69··············</li
00037e30:·3e3c·2f75·6c3e·3c2f·6469·763e·3c68·323e··></ul></div><h2>00037e30:·3e3c·2f75·6c3e·3c2f·6469·763e·3c68·323e··></ul></div><h2>
00037e40:·5461·626c·6520·6f66·2043·6f6e·7465·6e74··Table·of·Content00037e40:·5461·626c·6520·6f66·2043·6f6e·7465·6e74··Table·of·Content
00037e50:·733c·2f68·323e·3c6f·6c3e·3c6c·693e·3c61··s</h2><ol><li><a00037e50:·733c·2f68·323e·3c6f·6c3e·3c6c·693e·3c61··s</h2><ol><li><a
00037e60:·2068·7265·663d·2223·7863·6364·665f·6f72···href="#xccdf_or00037e60:·2068·7265·663d·2223·7863·6364·665f·6f72···href="#xccdf_or
00037e70:·672e·7373·6770·726f·6a65·6374·2e63·6f6e··g.ssgproject.con00037e70:·672e·7373·6770·726f·6a65·6374·2e63·6f6e··g.ssgproject.con
00037e80:·7465·6e74·5f67·726f·7570·5f73·7973·7465··tent_group_syste00037e80:·7465·6e74·5f67·726f·7570·5f73·7973·7465··tent_group_syste
645 B
html2text {}
    
Offset 42, 15 lines modifiedOffset 42, 15 lines modified
42 *****·Profile·Information·*****42 *****·Profile·Information·*****
43 Profile·Title·[DRAFT]·Protection·Profile·for·General·Purpose·Operating·Systems43 Profile·Title·[DRAFT]·Protection·Profile·for·General·Purpose·Operating·Systems
44 Profile·ID····xccdf_org.ssgproject.content_profile_ospp44 Profile·ID····xccdf_org.ssgproject.content_profile_ospp
45 ***·CPE·Platforms·***45 ***·CPE·Platforms·***
46 ····*·cpe:/o:oracle:linux:946 ····*·cpe:/o:oracle:linux:9
47 *****·Revision·History·*****47 *****·Revision·History·*****
48 Current·version:·0.1.6548 Current·version:·0.1.65
49 ····*·draft·(as·of·2024-01-14)49 ····*·draft·(as·of·2025-02-15)
50 *****·Table·of·Contents·*****50 *****·Table·of·Contents·*****
51 ···1.·System_Settings51 ···1.·System_Settings
52 ·········1.·Installing_and_Maintaining_Software52 ·········1.·Installing_and_Maintaining_Software
53 ·········2.·Account_and_Access_Control53 ·········2.·Account_and_Access_Control
54 ·········3.·System_Accounting_with_auditd54 ·········3.·System_Accounting_with_auditd
55 ·········4.·GRUB2_bootloader_configuration55 ·········4.·GRUB2_bootloader_configuration
56 ·········5.·Configure_Syslog56 ·········5.·Configure_Syslog
1.83 KB
./usr/share/doc/ssg-nondebian/ssg-ol9-guide-pci-dss.html
    
Offset 14279, 15 lines modifiedOffset 14279, 15 lines modified
00037c60:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C00037c60:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C
00037c70:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·00037c70:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·
00037c80:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</00037c80:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</
00037c90:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><00037c90:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><
00037ca0:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft00037ca0:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft
00037cb0:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······00037cb0:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······
00037cc0:·2020·2020·2020·2020·2020·2020·2020·2861················(a00037cc0:·2020·2020·2020·2020·2020·2020·2020·2861················(a
00037cd0:·7320·6f66·2032·3032·342d·3031·2d31·3429··s·of·2024-01-14)00037cd0:·7320·6f66·2032·3032·352d·3032·2d31·3529··s·of·2025-02-15)
00037ce0:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············00037ce0:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············
00037cf0:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div00037cf0:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div
00037d00:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co00037d00:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co
00037d10:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><00037d10:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><
00037d20:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc00037d20:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc
00037d30:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec00037d30:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec
00037d40:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_00037d40:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_
634 B
html2text {}
    
Offset 36, 15 lines modifiedOffset 36, 15 lines modified
36 *****·Profile·Information·*****36 *****·Profile·Information·*****
37 Profile·Title·PCI-DSS·v3.2.1·Control·Baseline·for·Oracle·Linux·937 Profile·Title·PCI-DSS·v3.2.1·Control·Baseline·for·Oracle·Linux·9
38 Profile·ID····xccdf_org.ssgproject.content_profile_pci-dss38 Profile·ID····xccdf_org.ssgproject.content_profile_pci-dss
39 ***·CPE·Platforms·***39 ***·CPE·Platforms·***
40 ····*·cpe:/o:oracle:linux:940 ····*·cpe:/o:oracle:linux:9
41 *****·Revision·History·*****41 *****·Revision·History·*****
42 Current·version:·0.1.6542 Current·version:·0.1.65
43 ····*·draft·(as·of·2024-01-14)43 ····*·draft·(as·of·2025-02-15)
44 *****·Table·of·Contents·*****44 *****·Table·of·Contents·*****
45 ···1.·System_Settings45 ···1.·System_Settings
46 ·········1.·Installing_and_Maintaining_Software46 ·········1.·Installing_and_Maintaining_Software
47 ·········2.·Account_and_Access_Control47 ·········2.·Account_and_Access_Control
48 ·········3.·System_Accounting_with_auditd48 ·········3.·System_Accounting_with_auditd
49 ·········4.·GRUB2_bootloader_configuration49 ·········4.·GRUB2_bootloader_configuration
50 ·········5.·Configure_Syslog50 ·········5.·Configure_Syslog
1.83 KB
./usr/share/doc/ssg-nondebian/ssg-ol9-guide-standard.html
    
Offset 14285, 15 lines modifiedOffset 14285, 15 lines modified
00037cc0:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C00037cc0:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C
00037cd0:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·00037cd0:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·
00037ce0:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</00037ce0:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</
00037cf0:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><00037cf0:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><
00037d00:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft00037d00:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft
00037d10:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······00037d10:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······
00037d20:·2020·2020·2020·2020·2020·2020·2020·2861················(a00037d20:·2020·2020·2020·2020·2020·2020·2020·2861················(a
00037d30:·7320·6f66·2032·3032·342d·3031·2d31·3429··s·of·2024-01-14)00037d30:·7320·6f66·2032·3032·352d·3032·2d31·3529··s·of·2025-02-15)
00037d40:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············00037d40:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············
00037d50:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div00037d50:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div
00037d60:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co00037d60:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co
00037d70:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><00037d70:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><
00037d80:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc00037d80:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc
00037d90:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec00037d90:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec
00037da0:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_00037da0:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_
632 B
html2text {}
    
Offset 38, 15 lines modifiedOffset 38, 15 lines modified
38 *****·Profile·Information·*****38 *****·Profile·Information·*****
39 Profile·Title·Standard·System·Security·Profile·for·Oracle·Linux·939 Profile·Title·Standard·System·Security·Profile·for·Oracle·Linux·9
40 Profile·ID····xccdf_org.ssgproject.content_profile_standard40 Profile·ID····xccdf_org.ssgproject.content_profile_standard
41 ***·CPE·Platforms·***41 ***·CPE·Platforms·***
42 ····*·cpe:/o:oracle:linux:942 ····*·cpe:/o:oracle:linux:9
43 *****·Revision·History·*****43 *****·Revision·History·*****
44 Current·version:·0.1.6544 Current·version:·0.1.65
45 ····*·draft·(as·of·2024-01-14)45 ····*·draft·(as·of·2025-02-15)
46 *****·Table·of·Contents·*****46 *****·Table·of·Contents·*****
47 ···1.·System_Settings47 ···1.·System_Settings
48 ·········1.·Installing_and_Maintaining_Software48 ·········1.·Installing_and_Maintaining_Software
49 ·········2.·Account_and_Access_Control49 ·········2.·Account_and_Access_Control
50 ·········3.·System_Accounting_with_auditd50 ·········3.·System_Accounting_with_auditd
51 ·········4.·Configure_Syslog51 ·········4.·Configure_Syslog
52 ·········5.·File_Permissions_and_Masks52 ·········5.·File_Permissions_and_Masks
7.01 KB
./usr/share/doc/ssg-nondebian/ssg-ol9-guide-stig.html
    
Offset 14284, 15 lines modifiedOffset 14284, 15 lines modified
00037cb0:·7374·6f72·793c·2f68·323e·3c70·3e43·7572··story</h2><p>Cur00037cb0:·7374·6f72·793c·2f68·323e·3c70·3e43·7572··story</h2><p>Cur
00037cc0:·7265·6e74·2076·6572·7369·6f6e·3a20·3c73··rent·version:·<s00037cc0:·7265·6e74·2076·6572·7369·6f6e·3a20·3c73··rent·version:·<s
00037cd0:·7472·6f6e·673e·302e·312e·3635·3c2f·7374··trong>0.1.65</st00037cd0:·7472·6f6e·673e·302e·312e·3635·3c2f·7374··trong>0.1.65</st
00037ce0:·726f·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69··rong></p><ul><li00037ce0:·726f·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69··rong></p><ul><li
00037cf0:·3e3c·7374·726f·6e67·3e64·7261·6674·3c2f··><strong>draft</00037cf0:·3e3c·7374·726f·6e67·3e64·7261·6674·3c2f··><strong>draft</
00037d00:·7374·726f·6e67·3e0a·2020·2020·2020·2020··strong>.········00037d00:·7374·726f·6e67·3e0a·2020·2020·2020·2020··strong>.········
00037d10:·2020·2020·2020·2020·2020·2020·2861·7320··············(as·00037d10:·2020·2020·2020·2020·2020·2020·2861·7320··············(as·
00037d20:·6f66·2032·3032·342d·3031·2d31·3429·0a20··of·2024-01-14).·00037d20:·6f66·2032·3032·352d·3032·2d31·3529·0a20··of·2025-02-15).·
00037d30:·2020·2020·2020·2020·2020·2020·2020·203c·················<00037d30:·2020·2020·2020·2020·2020·2020·2020·203c·················<
00037d40:·2f6c·693e·3c2f·756c·3e3c·2f64·6976·3e3c··/li></ul></div><00037d40:·2f6c·693e·3c2f·756c·3e3c·2f64·6976·3e3c··/li></ul></div><
00037d50:·6832·3e54·6162·6c65·206f·6620·436f·6e74··h2>Table·of·Cont00037d50:·6832·3e54·6162·6c65·206f·6620·436f·6e74··h2>Table·of·Cont
00037d60:·656e·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69··ents</h2><ol><li00037d60:·656e·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69··ents</h2><ol><li
00037d70:·3e3c·6120·6872·6566·3d22·2378·6363·6466··><a·href="#xccdf00037d70:·3e3c·6120·6872·6566·3d22·2378·6363·6466··><a·href="#xccdf
00037d80:·5f6f·7267·2e73·7367·7072·6f6a·6563·742e··_org.ssgproject.00037d80:·5f6f·7267·2e73·7367·7072·6f6a·6563·742e··_org.ssgproject.
00037d90:·636f·6e74·656e·745f·6772·6f75·705f·7379··content_group_sy00037d90:·636f·6e74·656e·745f·6772·6f75·705f·7379··content_group_sy
Offset 320556, 23 lines modifiedOffset 320556, 23 lines modified
004e42b0:·745f·7265·7374·7269·6374·696f·6e73·5c73··t_restrictions\s004e42b0:·745f·7265·7374·7269·6374·696f·6e73·5c73··t_restrictions\s
004e42c0:·2a3d·5c73·2a0a·2020·2020·2020·6c69·6e65··*=\s*.······line004e42c0:·2a3d·5c73·2a0a·2020·2020·2020·6c69·6e65··*=\s*.······line
004e42d0:·3a20·736d·7470·645f·636c·6965·6e74·5f72··:·smtpd_client_r004e42d0:·3a20·736d·7470·645f·636c·6965·6e74·5f72··:·smtpd_client_r
004e42e0:·6573·7472·6963·7469·6f6e·7320·3d20·7065··estrictions·=·pe004e42e0:·6573·7472·6963·7469·6f6e·7320·3d20·7065··estrictions·=·pe
004e42f0:·726d·6974·5f6d·796e·6574·776f·726b·732c··rmit_mynetworks,004e42f0:·726d·6974·5f6d·796e·6574·776f·726b·732c··rmit_mynetworks,
004e4300:·7265·6a65·6374·0a20·2020·2020·2073·7461··reject.······sta004e4300:·7265·6a65·6374·0a20·2020·2020·2073·7461··reject.······sta
004e4310:·7465·3a20·7072·6573·656e·740a·2020·7768··te:·present.··wh004e4310:·7465·3a20·7072·6573·656e·740a·2020·7768··te:·present.··wh
004e4320:·656e·3a0a·2020·2d20·2722·706f·7374·6669··en:.··-·'"postfi 
004e4330:·7822·2069·6e20·616e·7369·626c·655f·6661··x"·in·ansible_fa 
004e4340:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.·· 
004e4350:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua 
004e4360:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no 
004e4370:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",· 
004e4380:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz", 
004e4390:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont004e4320:·656e·3a0a·2020·2d20·616e·7369·626c·655f··en:.··-·ansible_
 004e4330:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
 004e4340:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
 004e4350:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
 004e4360:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
 004e4370:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
 004e4380:·2d20·2722·706f·7374·6669·7822·2069·6e20··-·'"postfix"·in·
 004e4390:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
004e43a0:·6169·6e65·7222·5d0a·2020·7461·6773·3a0a··ainer"].··tags:.004e43a0:·636b·6167·6573·270a·2020·7461·6773·3a0a··ckages'.··tags:.
004e43b0:·2020·2d20·6c6f·775f·636f·6d70·6c65·7869····-·low_complexi004e43b0:·2020·2d20·6c6f·775f·636f·6d70·6c65·7869····-·low_complexi
004e43c0:·7479·0a20·202d·206c·6f77·5f64·6973·7275··ty.··-·low_disru004e43c0:·7479·0a20·202d·206c·6f77·5f64·6973·7275··ty.··-·low_disru
004e43d0:·7074·696f·6e0a·2020·2d20·6d65·6469·756d··ption.··-·medium004e43d0:·7074·696f·6e0a·2020·2d20·6d65·6469·756d··ption.··-·medium
004e43e0:·5f73·6576·6572·6974·790a·2020·2d20·6e6f··_severity.··-·no004e43e0:·5f73·6576·6572·6974·790a·2020·2d20·6e6f··_severity.··-·no
004e43f0:·5f72·6562·6f6f·745f·6e65·6564·6564·0a20··_reboot_needed.·004e43f0:·5f72·6562·6f6f·745f·6e65·6564·6564·0a20··_reboot_needed.·
004e4400:·202d·2070·6f73·7466·6978·5f70·7265·7665···-·postfix_preve004e4400:·202d·2070·6f73·7466·6978·5f70·7265·7665···-·postfix_preve
004e4410:·6e74·5f75·6e72·6573·7472·6963·7465·645f··nt_unrestricted_004e4410:·6e74·5f75·6e72·6573·7472·6963·7465·645f··nt_unrestricted_
Offset 320594, 21 lines modifiedOffset 320594, 21 lines modified
004e4510:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p004e4510:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p
004e4520:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co004e4520:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co
004e4530:·6c6c·6170·7365·2220·6964·3d22·6964·6d34··llapse"·id="idm4004e4530:·6c6c·6170·7365·2220·6964·3d22·6964·6d34··llapse"·id="idm4
004e4540:·3930·3734·223e·3c70·7265·3e3c·636f·6465··9074"><pre><code004e4540:·3930·3734·223e·3c70·7265·3e3c·636f·6465··9074"><pre><code
004e4550:·3e23·2052·656d·6564·6961·7469·6f6e·2069··>#·Remediation·i004e4550:·3e23·2052·656d·6564·6961·7469·6f6e·2069··>#·Remediation·i
004e4560:·7320·6170·706c·6963·6162·6c65·206f·6e6c··s·applicable·onl004e4560:·7320·6170·706c·6963·6162·6c65·206f·6e6c··s·applicable·onl
004e4570:·7920·696e·2063·6572·7461·696e·2070·6c61··y·in·certain·pla004e4570:·7920·696e·2063·6572·7461·696e·2070·6c61··y·in·certain·pla
004e4580:·7466·6f72·6d73·0a69·6620·7270·6d20·2d2d··tforms.if·rpm·--004e4580:·7466·6f72·6d73·0a69·6620·5b20·2120·2d66··tforms.if·[·!·-f
004e4590:·7175·6965·7420·2d71·2070·6f73·7466·6978··quiet·-q·postfix004e4590:·202f·2e64·6f63·6b65·7265·6e76·205d·2026···/.dockerenv·]·&
004e45a0:·2026·616d·703b·2661·6d70·3b20·5b20·2120···&amp;&amp;·[·!·004e45a0:·616d·703b·2661·6d70·3b20·5b20·2120·2d66··amp;&amp;·[·!·-f
004e45b0:·2d66·202f·2e64·6f63·6b65·7265·6e76·205d··-f·/.dockerenv·] 
004e45c0:·2026·616d·703b·2661·6d70·3b20·5b20·2120···&amp;&amp;·[·!· 
004e45d0:·2d66·202f·7275·6e2f·2e63·6f6e·7461·696e··-f·/run/.contain004e45b0:·202f·7275·6e2f·2e63·6f6e·7461·696e·6572···/run/.container
004e45e0:·6572·656e·7620·5d3b·2074·6865·6e0a·0a69··erenv·];·then..i004e45c0:·656e·7620·5d20·2661·6d70·3b26·616d·703b··env·]·&amp;&amp;
 004e45d0:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q·
 004e45e0:·706f·7374·6669·783b·2074·6865·6e0a·0a69··postfix;·then..i
004e45f0:·6620·2120·6772·6570·202d·7120·5e73·6d74··f·!·grep·-q·^smt004e45f0:·6620·2120·6772·6570·202d·7120·5e73·6d74··f·!·grep·-q·^smt
004e4600:·7064·5f63·6c69·656e·745f·7265·7374·7269··pd_client_restri004e4600:·7064·5f63·6c69·656e·745f·7265·7374·7269··pd_client_restri
004e4610:·6374·696f·6e73·202f·6574·632f·706f·7374··ctions·/etc/post004e4610:·6374·696f·6e73·202f·6574·632f·706f·7374··ctions·/etc/post
004e4620:·6669·782f·6d61·696e·2e63·663b·2074·6865··fix/main.cf;·the004e4620:·6669·782f·6d61·696e·2e63·663b·2074·6865··fix/main.cf;·the
004e4630:·6e0a·0965·6368·6f20·2273·6d74·7064·5f63··n..echo·"smtpd_c004e4630:·6e0a·0965·6368·6f20·2273·6d74·7064·5f63··n..echo·"smtpd_c
004e4640:·6c69·656e·745f·7265·7374·7269·6374·696f··lient_restrictio004e4640:·6c69·656e·745f·7265·7374·7269·6374·696f··lient_restrictio
004e4650:·6e73·203d·2070·6572·6d69·745f·6d79·6e65··ns·=·permit_myne004e4650:·6e73·203d·2070·6572·6d69·745f·6d79·6e65··ns·=·permit_myne
1.7 KB
html2text {}
    
Offset 38, 15 lines modifiedOffset 38, 15 lines modified
38 *****·Profile·Information·*****38 *****·Profile·Information·*****
39 Profile·Title·[DRAFT]·DISA·STIG·for·Oracle·Linux·939 Profile·Title·[DRAFT]·DISA·STIG·for·Oracle·Linux·9
40 Profile·ID····xccdf_org.ssgproject.content_profile_stig40 Profile·ID····xccdf_org.ssgproject.content_profile_stig
41 ***·CPE·Platforms·***41 ***·CPE·Platforms·***
42 ····*·cpe:/o:oracle:linux:942 ····*·cpe:/o:oracle:linux:9
43 *****·Revision·History·*****43 *****·Revision·History·*****
44 Current·version:·0.1.6544 Current·version:·0.1.65
45 ····*·draft·(as·of·2024-01-14)45 ····*·draft·(as·of·2025-02-15)
46 *****·Table·of·Contents·*****46 *****·Table·of·Contents·*****
47 ···1.·System_Settings47 ···1.·System_Settings
48 ·········1.·Installing_and_Maintaining_Software48 ·········1.·Installing_and_Maintaining_Software
49 ·········2.·Account_and_Access_Control49 ·········2.·Account_and_Access_Control
50 ·········3.·System_Accounting_with_auditd50 ·········3.·System_Accounting_with_auditd
51 ·········4.·GRUB2_bootloader_configuration51 ·········4.·GRUB2_bootloader_configuration
52 ·········5.·Configure_Syslog52 ·········5.·Configure_Syslog
Offset 65440, 26 lines modifiedOffset 65440, 26 lines modified
65440 ····lineinfile:65440 ····lineinfile:
65441 ······path:·/etc/postfix/main.cf65441 ······path:·/etc/postfix/main.cf
65442 ······create:·true65442 ······create:·true
65443 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*65443 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
65444 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject65444 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject
65445 ······state:·present65445 ······state:·present
65446 ··when:65446 ··when:
65447 ··-·'"postfix"·in·ansible_facts.packages' 
65448 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]65447 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 65448 ··-·'"postfix"·in·ansible_facts.packages'
65449 ··tags:65449 ··tags:
65450 ··-·low_complexity65450 ··-·low_complexity
65451 ··-·low_disruption65451 ··-·low_disruption
65452 ··-·medium_severity65452 ··-·medium_severity
65453 ··-·no_reboot_needed65453 ··-·no_reboot_needed
65454 ··-·postfix_prevent_unrestricted_relay65454 ··-·postfix_prevent_unrestricted_relay
65455 ··-·restrict_strategy65455 ··-·restrict_strategy
65456 Remediation_Shell_script_⇲65456 Remediation_Shell_script_⇲
65457 #·Remediation·is·applicable·only·in·certain·platforms65457 #·Remediation·is·applicable·only·in·certain·platforms
65458 if·rpm·--quiet·-q·postfix·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then65458 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·postfix;·then
  
65459 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then65459 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then
65460 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf65460 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf
65461 else65461 else
65462 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf65462 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf
65463 fi65463 fi
  
7.03 KB
./usr/share/doc/ssg-nondebian/ssg-ol9-guide-stig_gui.html
    
Offset 14307, 15 lines modifiedOffset 14307, 15 lines modified
00037e20:·746f·7279·3c2f·6832·3e3c·703e·4375·7272··tory</h2><p>Curr00037e20:·746f·7279·3c2f·6832·3e3c·703e·4375·7272··tory</h2><p>Curr
00037e30:·656e·7420·7665·7273·696f·6e3a·203c·7374··ent·version:·<st00037e30:·656e·7420·7665·7273·696f·6e3a·203c·7374··ent·version:·<st
00037e40:·726f·6e67·3e30·2e31·2e36·353c·2f73·7472··rong>0.1.65</str00037e40:·726f·6e67·3e30·2e31·2e36·353c·2f73·7472··rong>0.1.65</str
00037e50:·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c·693e··ong></p><ul><li>00037e50:·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c·693e··ong></p><ul><li>
00037e60:·3c73·7472·6f6e·673e·6472·6166·743c·2f73··<strong>draft</s00037e60:·3c73·7472·6f6e·673e·6472·6166·743c·2f73··<strong>draft</s
00037e70:·7472·6f6e·673e·0a20·2020·2020·2020·2020··trong>.·········00037e70:·7472·6f6e·673e·0a20·2020·2020·2020·2020··trong>.·········
00037e80:·2020·2020·2020·2020·2020·2028·6173·206f·············(as·o00037e80:·2020·2020·2020·2020·2020·2028·6173·206f·············(as·o
00037e90:·6620·3230·3234·2d30·312d·3134·290a·2020··f·2024-01-14).··00037e90:·6620·3230·3235·2d30·322d·3135·290a·2020··f·2025-02-15).··
00037ea0:·2020·2020·2020·2020·2020·2020·2020·3c2f················</00037ea0:·2020·2020·2020·2020·2020·2020·2020·3c2f················</
00037eb0:·6c69·3e3c·2f75·6c3e·3c2f·6469·763e·3c68··li></ul></div><h00037eb0:·6c69·3e3c·2f75·6c3e·3c2f·6469·763e·3c68··li></ul></div><h
00037ec0:·323e·5461·626c·6520·6f66·2043·6f6e·7465··2>Table·of·Conte00037ec0:·323e·5461·626c·6520·6f66·2043·6f6e·7465··2>Table·of·Conte
00037ed0:·6e74·733c·2f68·323e·3c6f·6c3e·3c6c·693e··nts</h2><ol><li>00037ed0:·6e74·733c·2f68·323e·3c6f·6c3e·3c6c·693e··nts</h2><ol><li>
00037ee0:·3c61·2068·7265·663d·2223·7863·6364·665f··<a·href="#xccdf_00037ee0:·3c61·2068·7265·663d·2223·7863·6364·665f··<a·href="#xccdf_
00037ef0:·6f72·672e·7373·6770·726f·6a65·6374·2e63··org.ssgproject.c00037ef0:·6f72·672e·7373·6770·726f·6a65·6374·2e63··org.ssgproject.c
00037f00:·6f6e·7465·6e74·5f67·726f·7570·5f73·7973··ontent_group_sys00037f00:·6f6e·7465·6e74·5f67·726f·7570·5f73·7973··ontent_group_sys
Offset 320574, 23 lines modifiedOffset 320574, 23 lines modified
004e43d0:·7374·7269·6374·696f·6e73·5c73·2a3d·5c73··strictions\s*=\s004e43d0:·7374·7269·6374·696f·6e73·5c73·2a3d·5c73··strictions\s*=\s
004e43e0:·2a0a·2020·2020·2020·6c69·6e65·3a20·736d··*.······line:·sm004e43e0:·2a0a·2020·2020·2020·6c69·6e65·3a20·736d··*.······line:·sm
004e43f0:·7470·645f·636c·6965·6e74·5f72·6573·7472··tpd_client_restr004e43f0:·7470·645f·636c·6965·6e74·5f72·6573·7472··tpd_client_restr
004e4400:·6963·7469·6f6e·7320·3d20·7065·726d·6974··ictions·=·permit004e4400:·6963·7469·6f6e·7320·3d20·7065·726d·6974··ictions·=·permit
004e4410:·5f6d·796e·6574·776f·726b·732c·7265·6a65··_mynetworks,reje004e4410:·5f6d·796e·6574·776f·726b·732c·7265·6a65··_mynetworks,reje
004e4420:·6374·0a20·2020·2020·2073·7461·7465·3a20··ct.······state:·004e4420:·6374·0a20·2020·2020·2073·7461·7465·3a20··ct.······state:·
004e4430:·7072·6573·656e·740a·2020·7768·656e·3a0a··present.··when:.004e4430:·7072·6573·656e·740a·2020·7768·656e·3a0a··present.··when:.
004e4440:·2020·2d20·2722·706f·7374·6669·7822·2069····-·'"postfix"·i 
004e4450:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
004e4460:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an 
004e4470:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza 
004e4480:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in 
004e4490:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc 
004e44a0:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po 
004e44b0:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe004e4440:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt
 004e4450:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type·
 004e4460:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker"
 004e4470:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz
 004e4480:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co
 004e4490:·6e74·6169·6e65·7222·5d0a·2020·2d20·2722··ntainer"].··-·'"
 004e44a0:·706f·7374·6669·7822·2069·6e20·616e·7369··postfix"·in·ansi
 004e44b0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
004e44c0:·7222·5d0a·2020·7461·6773·3a0a·2020·2d20··r"].··tags:.··-·004e44c0:·6573·270a·2020·7461·6773·3a0a·2020·2d20··es'.··tags:.··-·
004e44d0:·6c6f·775f·636f·6d70·6c65·7869·7479·0a20··low_complexity.·004e44d0:·6c6f·775f·636f·6d70·6c65·7869·7479·0a20··low_complexity.·
004e44e0:·202d·206c·6f77·5f64·6973·7275·7074·696f···-·low_disruptio004e44e0:·202d·206c·6f77·5f64·6973·7275·7074·696f···-·low_disruptio
004e44f0:·6e0a·2020·2d20·6d65·6469·756d·5f73·6576··n.··-·medium_sev004e44f0:·6e0a·2020·2d20·6d65·6469·756d·5f73·6576··n.··-·medium_sev
004e4500:·6572·6974·790a·2020·2d20·6e6f·5f72·6562··erity.··-·no_reb004e4500:·6572·6974·790a·2020·2d20·6e6f·5f72·6562··erity.··-·no_reb
004e4510:·6f6f·745f·6e65·6564·6564·0a20·202d·2070··oot_needed.··-·p004e4510:·6f6f·745f·6e65·6564·6564·0a20·202d·2070··oot_needed.··-·p
004e4520:·6f73·7466·6978·5f70·7265·7665·6e74·5f75··ostfix_prevent_u004e4520:·6f73·7466·6978·5f70·7265·7665·6e74·5f75··ostfix_prevent_u
004e4530:·6e72·6573·7472·6963·7465·645f·7265·6c61··nrestricted_rela004e4530:·6e72·6573·7472·6963·7465·645f·7265·6c61··nrestricted_rela
Offset 320612, 21 lines modifiedOffset 320612, 21 lines modified
004e4630:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel004e4630:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel
004e4640:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap004e4640:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap
004e4650:·7365·2220·6964·3d22·6964·6d34·3930·3734··se"·id="idm49074004e4650:·7365·2220·6964·3d22·6964·6d34·3930·3734··se"·id="idm49074
004e4660:·223e·3c70·7265·3e3c·636f·6465·3e23·2052··"><pre><code>#·R004e4660:·223e·3c70·7265·3e3c·636f·6465·3e23·2052··"><pre><code>#·R
004e4670:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap004e4670:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap
004e4680:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in004e4680:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in
004e4690:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor004e4690:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor
004e46a0:·6d73·0a69·6620·7270·6d20·2d2d·7175·6965··ms.if·rpm·--quie 
004e46b0:·7420·2d71·2070·6f73·7466·6978·2026·616d··t·-q·postfix·&am004e46a0:·6d73·0a69·6620·5b20·2120·2d66·202f·2e64··ms.if·[·!·-f·/.d
 004e46b0:·6f63·6b65·7265·6e76·205d·2026·616d·703b··ockerenv·]·&amp;
004e46c0:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/004e46c0:·2661·6d70·3b20·5b20·2120·2d66·202f·7275··&amp;·[·!·-f·/ru
004e46d0:·2e64·6f63·6b65·7265·6e76·205d·2026·616d··.dockerenv·]·&am 
004e46e0:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/ 
004e46f0:·7275·6e2f·2e63·6f6e·7461·696e·6572·656e··run/.containeren004e46d0:·6e2f·2e63·6f6e·7461·696e·6572·656e·7620··n/.containerenv·
 004e46e0:·5d20·2661·6d70·3b26·616d·703b·2072·706d··]·&amp;&amp;·rpm
 004e46f0:·202d·2d71·7569·6574·202d·7120·706f·7374···--quiet·-q·post
004e4700:·7620·5d3b·2074·6865·6e0a·0a69·6620·2120··v·];·then..if·!·004e4700:·6669·783b·2074·6865·6e0a·0a69·6620·2120··fix;·then..if·!·
004e4710:·6772·6570·202d·7120·5e73·6d74·7064·5f63··grep·-q·^smtpd_c004e4710:·6772·6570·202d·7120·5e73·6d74·7064·5f63··grep·-q·^smtpd_c
004e4720:·6c69·656e·745f·7265·7374·7269·6374·696f··lient_restrictio004e4720:·6c69·656e·745f·7265·7374·7269·6374·696f··lient_restrictio
004e4730:·6e73·202f·6574·632f·706f·7374·6669·782f··ns·/etc/postfix/004e4730:·6e73·202f·6574·632f·706f·7374·6669·782f··ns·/etc/postfix/
004e4740:·6d61·696e·2e63·663b·2074·6865·6e0a·0965··main.cf;·then..e004e4740:·6d61·696e·2e63·663b·2074·6865·6e0a·0965··main.cf;·then..e
004e4750:·6368·6f20·2273·6d74·7064·5f63·6c69·656e··cho·"smtpd_clien004e4750:·6368·6f20·2273·6d74·7064·5f63·6c69·656e··cho·"smtpd_clien
004e4760:·745f·7265·7374·7269·6374·696f·6e73·203d··t_restrictions·=004e4760:·745f·7265·7374·7269·6374·696f·6e73·203d··t_restrictions·=
004e4770:·2070·6572·6d69·745f·6d79·6e65·7477·6f72···permit_mynetwor004e4770:·2070·6572·6d69·745f·6d79·6e65·7477·6f72···permit_mynetwor
1.71 KB
html2text {}
    
Offset 43, 15 lines modifiedOffset 43, 15 lines modified
43 *****·Profile·Information·*****43 *****·Profile·Information·*****
44 Profile·Title·[DRAFT]·DISA·STIG·with·GUI·for·Oracle·Linux·944 Profile·Title·[DRAFT]·DISA·STIG·with·GUI·for·Oracle·Linux·9
45 Profile·ID····xccdf_org.ssgproject.content_profile_stig_gui45 Profile·ID····xccdf_org.ssgproject.content_profile_stig_gui
46 ***·CPE·Platforms·***46 ***·CPE·Platforms·***
47 ····*·cpe:/o:oracle:linux:947 ····*·cpe:/o:oracle:linux:9
48 *****·Revision·History·*****48 *****·Revision·History·*****
49 Current·version:·0.1.6549 Current·version:·0.1.65
50 ····*·draft·(as·of·2024-01-14)50 ····*·draft·(as·of·2025-02-15)
51 *****·Table·of·Contents·*****51 *****·Table·of·Contents·*****
52 ···1.·System_Settings52 ···1.·System_Settings
53 ·········1.·Installing_and_Maintaining_Software53 ·········1.·Installing_and_Maintaining_Software
54 ·········2.·Account_and_Access_Control54 ·········2.·Account_and_Access_Control
55 ·········3.·System_Accounting_with_auditd55 ·········3.·System_Accounting_with_auditd
56 ·········4.·GRUB2_bootloader_configuration56 ·········4.·GRUB2_bootloader_configuration
57 ·········5.·Configure_Syslog57 ·········5.·Configure_Syslog
Offset 65444, 26 lines modifiedOffset 65444, 26 lines modified
65444 ····lineinfile:65444 ····lineinfile:
65445 ······path:·/etc/postfix/main.cf65445 ······path:·/etc/postfix/main.cf
65446 ······create:·true65446 ······create:·true
65447 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*65447 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
65448 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject65448 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject
65449 ······state:·present65449 ······state:·present
65450 ··when:65450 ··when:
65451 ··-·'"postfix"·in·ansible_facts.packages' 
65452 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]65451 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 65452 ··-·'"postfix"·in·ansible_facts.packages'
65453 ··tags:65453 ··tags:
65454 ··-·low_complexity65454 ··-·low_complexity
65455 ··-·low_disruption65455 ··-·low_disruption
65456 ··-·medium_severity65456 ··-·medium_severity
65457 ··-·no_reboot_needed65457 ··-·no_reboot_needed
65458 ··-·postfix_prevent_unrestricted_relay65458 ··-·postfix_prevent_unrestricted_relay
65459 ··-·restrict_strategy65459 ··-·restrict_strategy
65460 Remediation_Shell_script_⇲65460 Remediation_Shell_script_⇲
65461 #·Remediation·is·applicable·only·in·certain·platforms65461 #·Remediation·is·applicable·only·in·certain·platforms
65462 if·rpm·--quiet·-q·postfix·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then65462 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·postfix;·then
  
65463 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then65463 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then
65464 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf65464 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf
65465 else65465 else
65466 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf65466 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf
65467 fi65467 fi
  
1.8 KB
./usr/share/doc/ssg-nondebian/ssg-opensuse-guide-standard.html
    
Offset 14317, 15 lines modifiedOffset 14317, 15 lines modified
00037ec0:·746f·7279·3c2f·6832·3e3c·703e·4375·7272··tory</h2><p>Curr00037ec0:·746f·7279·3c2f·6832·3e3c·703e·4375·7272··tory</h2><p>Curr
00037ed0:·656e·7420·7665·7273·696f·6e3a·203c·7374··ent·version:·<st00037ed0:·656e·7420·7665·7273·696f·6e3a·203c·7374··ent·version:·<st
00037ee0:·726f·6e67·3e30·2e31·2e36·353c·2f73·7472··rong>0.1.65</str00037ee0:·726f·6e67·3e30·2e31·2e36·353c·2f73·7472··rong>0.1.65</str
00037ef0:·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c·693e··ong></p><ul><li>00037ef0:·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c·693e··ong></p><ul><li>
00037f00:·3c73·7472·6f6e·673e·6472·6166·743c·2f73··<strong>draft</s00037f00:·3c73·7472·6f6e·673e·6472·6166·743c·2f73··<strong>draft</s
00037f10:·7472·6f6e·673e·0a20·2020·2020·2020·2020··trong>.·········00037f10:·7472·6f6e·673e·0a20·2020·2020·2020·2020··trong>.·········
00037f20:·2020·2020·2020·2020·2020·2028·6173·206f·············(as·o00037f20:·2020·2020·2020·2020·2020·2028·6173·206f·············(as·o
00037f30:·6620·3230·3234·2d30·312d·3134·290a·2020··f·2024-01-14).··00037f30:·6620·3230·3235·2d30·322d·3135·290a·2020··f·2025-02-15).··
00037f40:·2020·2020·2020·2020·2020·2020·2020·3c2f················</00037f40:·2020·2020·2020·2020·2020·2020·2020·3c2f················</
00037f50:·6c69·3e3c·2f75·6c3e·3c2f·6469·763e·3c68··li></ul></div><h00037f50:·6c69·3e3c·2f75·6c3e·3c2f·6469·763e·3c68··li></ul></div><h
00037f60:·323e·5461·626c·6520·6f66·2043·6f6e·7465··2>Table·of·Conte00037f60:·323e·5461·626c·6520·6f66·2043·6f6e·7465··2>Table·of·Conte
00037f70:·6e74·733c·2f68·323e·3c6f·6c3e·3c6c·693e··nts</h2><ol><li>00037f70:·6e74·733c·2f68·323e·3c6f·6c3e·3c6c·693e··nts</h2><ol><li>
00037f80:·3c61·2068·7265·663d·2223·7863·6364·665f··<a·href="#xccdf_00037f80:·3c61·2068·7265·663d·2223·7863·6364·665f··<a·href="#xccdf_
00037f90:·6f72·672e·7373·6770·726f·6a65·6374·2e63··org.ssgproject.c00037f90:·6f72·672e·7373·6770·726f·6a65·6374·2e63··org.ssgproject.c
00037fa0:·6f6e·7465·6e74·5f67·726f·7570·5f73·7973··ontent_group_sys00037fa0:·6f6e·7465·6e74·5f67·726f·7570·5f73·7973··ontent_group_sys
592 B
html2text {}
    
Offset 41, 15 lines modifiedOffset 41, 15 lines modified
41 ***·CPE·Platforms·***41 ***·CPE·Platforms·***
42 ····*·cpe:/o:opensuse:leap:15.042 ····*·cpe:/o:opensuse:leap:15.0
43 ····*·cpe:/o:opensuse:leap:42.143 ····*·cpe:/o:opensuse:leap:42.1
44 ····*·cpe:/o:opensuse:leap:42.244 ····*·cpe:/o:opensuse:leap:42.2
45 ····*·cpe:/o:opensuse:leap:42.345 ····*·cpe:/o:opensuse:leap:42.3
46 *****·Revision·History·*****46 *****·Revision·History·*****
47 Current·version:·0.1.6547 Current·version:·0.1.65
48 ····*·draft·(as·of·2024-01-14)48 ····*·draft·(as·of·2025-02-15)
49 *****·Table·of·Contents·*****49 *****·Table·of·Contents·*****
50 ···1.·System_Settings50 ···1.·System_Settings
51 ·········1.·File_Permissions_and_Masks51 ·········1.·File_Permissions_and_Masks
52 *****·Checklist·*****52 *****·Checklist·*****
53 Group  ·Guide·to·the·Secure·Configuration·of·openSUSE·  Group·contains·4·groups·and·353 Group  ·Guide·to·the·Secure·Configuration·of·openSUSE·  Group·contains·4·groups·and·3
54 rules54 rules
55 Group  ·System·Settings·  Group·contains·3·groups·and·3·rules55 Group  ·System·Settings·  Group·contains·3·groups·and·3·rules
1.87 KB
./usr/share/doc/ssg-nondebian/ssg-rhcos4-guide-anssi_bp28_enhanced.html
    
Offset 14309, 15 lines modifiedOffset 14309, 15 lines modified
00037e40:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v00037e40:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v
00037e50:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>00037e50:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>
00037e60:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><00037e60:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><
00037e70:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro00037e70:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro
00037e80:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong00037e80:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong
00037e90:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············00037e90:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············
00037ea0:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·20200037ea0:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·202
00037eb0:·342d·3031·2d31·3429·0a20·2020·2020·2020··4-01-14).·······00037eb0:·352d·3032·2d31·3529·0a20·2020·2020·2020··5-02-15).·······
00037ec0:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></00037ec0:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></
00037ed0:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab00037ed0:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab
00037ee0:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</00037ee0:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</
00037ef0:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr00037ef0:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr
00037f00:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s00037f00:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s
00037f10:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten00037f10:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten
00037f20:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">00037f20:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">
645 B
html2text {}
    
Offset 44, 15 lines modifiedOffset 44, 15 lines modified
44 *****·Profile·Information·*****44 *****·Profile·Information·*****
45 Profile·Title·DRAFT·-·ANSSI-BP-028·(enhanced)45 Profile·Title·DRAFT·-·ANSSI-BP-028·(enhanced)
46 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced46 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced
47 ***·CPE·Platforms·***47 ***·CPE·Platforms·***
48 ····*·cpe:/o:redhat:enterprise_linux_coreos:448 ····*·cpe:/o:redhat:enterprise_linux_coreos:4
49 *****·Revision·History·*****49 *****·Revision·History·*****
50 Current·version:·0.1.6550 Current·version:·0.1.65
51 ····*·draft·(as·of·2024-01-14)51 ····*·draft·(as·of·2025-02-15)
52 *****·Table·of·Contents·*****52 *****·Table·of·Contents·*****
53 ···1.·System_Settings53 ···1.·System_Settings
54 ·········1.·Installing_and_Maintaining_Software54 ·········1.·Installing_and_Maintaining_Software
55 ·········2.·Account_and_Access_Control55 ·········2.·Account_and_Access_Control
56 ·········3.·System_Accounting_with_auditd56 ·········3.·System_Accounting_with_auditd
57 ·········4.·GRUB2_bootloader_configuration57 ·········4.·GRUB2_bootloader_configuration
58 ·········5.·Configure_Syslog58 ·········5.·Configure_Syslog
1.86 KB
./usr/share/doc/ssg-nondebian/ssg-rhcos4-guide-anssi_bp28_high.html
    
Offset 14308, 15 lines modifiedOffset 14308, 15 lines modified
00037e30:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v00037e30:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v
00037e40:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>00037e40:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>
00037e50:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><00037e50:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><
00037e60:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro00037e60:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro
00037e70:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong00037e70:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong
00037e80:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············00037e80:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············
00037e90:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·20200037e90:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·202
00037ea0:·342d·3031·2d31·3429·0a20·2020·2020·2020··4-01-14).·······00037ea0:·352d·3032·2d31·3529·0a20·2020·2020·2020··5-02-15).·······
00037eb0:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></00037eb0:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></
00037ec0:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab00037ec0:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab
00037ed0:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</00037ed0:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</
00037ee0:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr00037ee0:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr
00037ef0:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s00037ef0:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s
00037f00:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten00037f00:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten
00037f10:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">00037f10:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">
637 B
html2text {}
    
Offset 44, 15 lines modifiedOffset 44, 15 lines modified
44 *****·Profile·Information·*****44 *****·Profile·Information·*****
45 Profile·Title·DRAFT·-·ANSSI-BP-028·(high)45 Profile·Title·DRAFT·-·ANSSI-BP-028·(high)
46 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_high46 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_high
47 ***·CPE·Platforms·***47 ***·CPE·Platforms·***
48 ····*·cpe:/o:redhat:enterprise_linux_coreos:448 ····*·cpe:/o:redhat:enterprise_linux_coreos:4
49 *****·Revision·History·*****49 *****·Revision·History·*****
50 Current·version:·0.1.6550 Current·version:·0.1.65
51 ····*·draft·(as·of·2024-01-14)51 ····*·draft·(as·of·2025-02-15)
52 *****·Table·of·Contents·*****52 *****·Table·of·Contents·*****
53 ···1.·System_Settings53 ···1.·System_Settings
54 ·········1.·Installing_and_Maintaining_Software54 ·········1.·Installing_and_Maintaining_Software
55 ·········2.·Account_and_Access_Control55 ·········2.·Account_and_Access_Control
56 ·········3.·System_Accounting_with_auditd56 ·········3.·System_Accounting_with_auditd
57 ·········4.·GRUB2_bootloader_configuration57 ·········4.·GRUB2_bootloader_configuration
58 ·········5.·Configure_Syslog58 ·········5.·Configure_Syslog
1.89 KB
./usr/share/doc/ssg-nondebian/ssg-rhcos4-guide-anssi_bp28_intermediary.html
    
Offset 14310, 15 lines modifiedOffset 14310, 15 lines modified
00037e50:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v00037e50:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v
00037e60:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>00037e60:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>
00037e70:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><00037e70:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><
00037e80:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro00037e80:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro
00037e90:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong00037e90:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong
00037ea0:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············00037ea0:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············
00037eb0:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·20200037eb0:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·202
00037ec0:·342d·3031·2d31·3429·0a20·2020·2020·2020··4-01-14).·······00037ec0:·352d·3032·2d31·3529·0a20·2020·2020·2020··5-02-15).·······
00037ed0:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></00037ed0:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></
00037ee0:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab00037ee0:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab
00037ef0:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</00037ef0:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</
00037f00:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr00037f00:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr
00037f10:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s00037f10:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s
00037f20:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten00037f20:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten
00037f30:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">00037f30:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">
658 B
html2text {}
    
Offset 44, 15 lines modifiedOffset 44, 15 lines modified
44 *****·Profile·Information·*****44 *****·Profile·Information·*****
45 Profile·Title·DRAFT·-·ANSSI-BP-028·(intermediary)45 Profile·Title·DRAFT·-·ANSSI-BP-028·(intermediary)
46 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary46 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary
47 ***·CPE·Platforms·***47 ***·CPE·Platforms·***
48 ····*·cpe:/o:redhat:enterprise_linux_coreos:448 ····*·cpe:/o:redhat:enterprise_linux_coreos:4
49 *****·Revision·History·*****49 *****·Revision·History·*****
50 Current·version:·0.1.6550 Current·version:·0.1.65
51 ····*·draft·(as·of·2024-01-14)51 ····*·draft·(as·of·2025-02-15)
52 *****·Table·of·Contents·*****52 *****·Table·of·Contents·*****
53 ···1.·System_Settings53 ···1.·System_Settings
54 ·········1.·Installing_and_Maintaining_Software54 ·········1.·Installing_and_Maintaining_Software
55 ·········2.·Account_and_Access_Control55 ·········2.·Account_and_Access_Control
56 ·········3.·System_Accounting_with_auditd56 ·········3.·System_Accounting_with_auditd
57 ·········4.·Configure_Syslog57 ·········4.·Configure_Syslog
58 ·········5.·Network_Configuration_and_Firewalls58 ·········5.·Network_Configuration_and_Firewalls
1.97 KB
./usr/share/doc/ssg-nondebian/ssg-rhcos4-guide-anssi_bp28_minimal.html
    
Offset 14308, 16 lines modifiedOffset 14308, 16 lines modified
00037e30:·696f·6e20·4869·7374·6f72·793c·2f68·323e··ion·History</h2>00037e30:·696f·6e20·4869·7374·6f72·793c·2f68·323e··ion·History</h2>
00037e40:·3c70·3e43·7572·7265·6e74·2076·6572·7369··<p>Current·versi00037e40:·3c70·3e43·7572·7265·6e74·2076·6572·7369··<p>Current·versi
00037e50:·6f6e·3a20·3c73·7472·6f6e·673e·302e·312e··on:·<strong>0.1.00037e50:·6f6e·3a20·3c73·7472·6f6e·673e·302e·312e··on:·<strong>0.1.
00037e60:·3635·3c2f·7374·726f·6e67·3e3c·2f70·3e3c··65</strong></p><00037e60:·3635·3c2f·7374·726f·6e67·3e3c·2f70·3e3c··65</strong></p><
00037e70:·756c·3e3c·6c69·3e3c·7374·726f·6e67·3e64··ul><li><strong>d00037e70:·756c·3e3c·6c69·3e3c·7374·726f·6e67·3e64··ul><li><strong>d
00037e80:·7261·6674·3c2f·7374·726f·6e67·3e0a·2020··raft</strong>.··00037e80:·7261·6674·3c2f·7374·726f·6e67·3e0a·2020··raft</strong>.··
00037e90:·2020·2020·2020·2020·2020·2020·2020·2020··················00037e90:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037ea0:·2020·2861·7320·6f66·2032·3032·342d·3031····(as·of·2024-0100037ea0:·2020·2861·7320·6f66·2032·3032·352d·3032····(as·of·2025-02
00037eb0:·2d31·3429·0a20·2020·2020·2020·2020·2020··-14).···········00037eb0:·2d31·3529·0a20·2020·2020·2020·2020·2020··-15).···········
00037ec0:·2020·2020·203c·2f6c·693e·3c2f·756c·3e3c·······</li></ul><00037ec0:·2020·2020·203c·2f6c·693e·3c2f·756c·3e3c·······</li></ul><
00037ed0:·2f64·6976·3e3c·6832·3e54·6162·6c65·206f··/div><h2>Table·o00037ed0:·2f64·6976·3e3c·6832·3e54·6162·6c65·206f··/div><h2>Table·o
00037ee0:·6620·436f·6e74·656e·7473·3c2f·6832·3e3c··f·Contents</h2><00037ee0:·6620·436f·6e74·656e·7473·3c2f·6832·3e3c··f·Contents</h2><
00037ef0:·6f6c·3e3c·6c69·3e3c·6120·6872·6566·3d22··ol><li><a·href="00037ef0:·6f6c·3e3c·6c69·3e3c·6120·6872·6566·3d22··ol><li><a·href="
00037f00:·2378·6363·6466·5f6f·7267·2e73·7367·7072··#xccdf_org.ssgpr00037f00:·2378·6363·6466·5f6f·7267·2e73·7367·7072··#xccdf_org.ssgpr
00037f10:·6f6a·6563·742e·636f·6e74·656e·745f·6772··oject.content_gr00037f10:·6f6a·6563·742e·636f·6e74·656e·745f·6772··oject.content_gr
00037f20:·6f75·705f·7379·7374·656d·223e·5379·7374··oup_system">Syst00037f20:·6f75·705f·7379·7374·656d·223e·5379·7374··oup_system">Syst
606 B
html2text {}
    
Offset 44, 15 lines modifiedOffset 44, 15 lines modified
44 *****·Profile·Information·*****44 *****·Profile·Information·*****
45 Profile·Title·DRAFT·-·ANSSI-BP-028·(minimal)45 Profile·Title·DRAFT·-·ANSSI-BP-028·(minimal)
46 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_minimal46 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_minimal
47 ***·CPE·Platforms·***47 ***·CPE·Platforms·***
48 ····*·cpe:/o:redhat:enterprise_linux_coreos:448 ····*·cpe:/o:redhat:enterprise_linux_coreos:4
49 *****·Revision·History·*****49 *****·Revision·History·*****
50 Current·version:·0.1.6550 Current·version:·0.1.65
51 ····*·draft·(as·of·2024-01-14)51 ····*·draft·(as·of·2025-02-15)
52 *****·Table·of·Contents·*****52 *****·Table·of·Contents·*****
53 ···1.·System_Settings53 ···1.·System_Settings
54 ·········1.·Installing_and_Maintaining_Software54 ·········1.·Installing_and_Maintaining_Software
55 ·········2.·Account_and_Access_Control55 ·········2.·Account_and_Access_Control
56 ·········3.·Configure_Syslog56 ·········3.·Configure_Syslog
57 ···2.·Services57 ···2.·Services
58 ·········1.·Mail_Server_Software58 ·········1.·Mail_Server_Software
1.83 KB
./usr/share/doc/ssg-nondebian/ssg-rhcos4-guide-e8.html
    
Offset 14303, 15 lines modifiedOffset 14303, 15 lines modified
00037de0:·7279·3c2f·6832·3e3c·703e·4375·7272·656e··ry</h2><p>Curren00037de0:·7279·3c2f·6832·3e3c·703e·4375·7272·656e··ry</h2><p>Curren
00037df0:·7420·7665·7273·696f·6e3a·203c·7374·726f··t·version:·<stro00037df0:·7420·7665·7273·696f·6e3a·203c·7374·726f··t·version:·<stro
00037e00:·6e67·3e30·2e31·2e36·353c·2f73·7472·6f6e··ng>0.1.65</stron00037e00:·6e67·3e30·2e31·2e36·353c·2f73·7472·6f6e··ng>0.1.65</stron
00037e10:·673e·3c2f·703e·3c75·6c3e·3c6c·693e·3c73··g></p><ul><li><s00037e10:·673e·3c2f·703e·3c75·6c3e·3c6c·693e·3c73··g></p><ul><li><s
00037e20:·7472·6f6e·673e·6472·6166·743c·2f73·7472··trong>draft</str00037e20:·7472·6f6e·673e·6472·6166·743c·2f73·7472··trong>draft</str
00037e30:·6f6e·673e·0a20·2020·2020·2020·2020·2020··ong>.···········00037e30:·6f6e·673e·0a20·2020·2020·2020·2020·2020··ong>.···········
00037e40:·2020·2020·2020·2020·2028·6173·206f·6620···········(as·of·00037e40:·2020·2020·2020·2020·2028·6173·206f·6620···········(as·of·
00037e50:·3230·3234·2d30·312d·3134·290a·2020·2020··2024-01-14).····00037e50:·3230·3235·2d30·322d·3135·290a·2020·2020··2025-02-15).····
00037e60:·2020·2020·2020·2020·2020·2020·3c2f·6c69··············</li00037e60:·2020·2020·2020·2020·2020·2020·3c2f·6c69··············</li
00037e70:·3e3c·2f75·6c3e·3c2f·6469·763e·3c68·323e··></ul></div><h2>00037e70:·3e3c·2f75·6c3e·3c2f·6469·763e·3c68·323e··></ul></div><h2>
00037e80:·5461·626c·6520·6f66·2043·6f6e·7465·6e74··Table·of·Content00037e80:·5461·626c·6520·6f66·2043·6f6e·7465·6e74··Table·of·Content
00037e90:·733c·2f68·323e·3c6f·6c3e·3c6c·693e·3c61··s</h2><ol><li><a00037e90:·733c·2f68·323e·3c6f·6c3e·3c6c·693e·3c61··s</h2><ol><li><a
00037ea0:·2068·7265·663d·2223·7863·6364·665f·6f72···href="#xccdf_or00037ea0:·2068·7265·663d·2223·7863·6364·665f·6f72···href="#xccdf_or
00037eb0:·672e·7373·6770·726f·6a65·6374·2e63·6f6e··g.ssgproject.con00037eb0:·672e·7373·6770·726f·6a65·6374·2e63·6f6e··g.ssgproject.con
00037ec0:·7465·6e74·5f67·726f·7570·5f73·7973·7465··tent_group_syste00037ec0:·7465·6e74·5f67·726f·7570·5f73·7973·7465··tent_group_syste
639 B
html2text {}
    
Offset 42, 15 lines modifiedOffset 42, 15 lines modified
42 *****·Profile·Information·*****42 *****·Profile·Information·*****
43 Profile·Title·Australian·Cyber·Security·Centre·(ACSC)·Essential·Eight43 Profile·Title·Australian·Cyber·Security·Centre·(ACSC)·Essential·Eight
44 Profile·ID····xccdf_org.ssgproject.content_profile_e844 Profile·ID····xccdf_org.ssgproject.content_profile_e8
45 ***·CPE·Platforms·***45 ***·CPE·Platforms·***
46 ····*·cpe:/o:redhat:enterprise_linux_coreos:446 ····*·cpe:/o:redhat:enterprise_linux_coreos:4
47 *****·Revision·History·*****47 *****·Revision·History·*****
48 Current·version:·0.1.6548 Current·version:·0.1.65
49 ····*·draft·(as·of·2024-01-14)49 ····*·draft·(as·of·2025-02-15)
50 *****·Table·of·Contents·*****50 *****·Table·of·Contents·*****
51 ···1.·System_Settings51 ···1.·System_Settings
52 ·········1.·Installing_and_Maintaining_Software52 ·········1.·Installing_and_Maintaining_Software
53 ·········2.·Account_and_Access_Control53 ·········2.·Account_and_Access_Control
54 ·········3.·System_Accounting_with_auditd54 ·········3.·System_Accounting_with_auditd
55 ·········4.·File_Permissions_and_Masks55 ·········4.·File_Permissions_and_Masks
56 ·········5.·SELinux56 ·········5.·SELinux
1.98 KB
./usr/share/doc/ssg-nondebian/ssg-rhcos4-guide-high.html
    
Offset 14355, 16 lines modifiedOffset 14355, 16 lines modified
00038120:·6f6e·2048·6973·746f·7279·3c2f·6832·3e3c··on·History</h2><00038120:·6f6e·2048·6973·746f·7279·3c2f·6832·3e3c··on·History</h2><
00038130:·703e·4375·7272·656e·7420·7665·7273·696f··p>Current·versio00038130:·703e·4375·7272·656e·7420·7665·7273·696f··p>Current·versio
00038140:·6e3a·203c·7374·726f·6e67·3e30·2e31·2e36··n:·<strong>0.1.600038140:·6e3a·203c·7374·726f·6e67·3e30·2e31·2e36··n:·<strong>0.1.6
00038150:·353c·2f73·7472·6f6e·673e·3c2f·703e·3c75··5</strong></p><u00038150:·353c·2f73·7472·6f6e·673e·3c2f·703e·3c75··5</strong></p><u
00038160:·6c3e·3c6c·693e·3c73·7472·6f6e·673e·6472··l><li><strong>dr00038160:·6c3e·3c6c·693e·3c73·7472·6f6e·673e·6472··l><li><strong>dr
00038170:·6166·743c·2f73·7472·6f6e·673e·0a20·2020··aft</strong>.···00038170:·6166·743c·2f73·7472·6f6e·673e·0a20·2020··aft</strong>.···
00038180:·2020·2020·2020·2020·2020·2020·2020·2020··················00038180:·2020·2020·2020·2020·2020·2020·2020·2020··················
00038190:·2028·6173·206f·6620·3230·3234·2d30·312d···(as·of·2024-01-00038190:·2028·6173·206f·6620·3230·3235·2d30·322d···(as·of·2025-02-
000381a0:·3134·290a·2020·2020·2020·2020·2020·2020··14).············000381a0:·3135·290a·2020·2020·2020·2020·2020·2020··15).············
000381b0:·2020·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f······</li></ul></000381b0:·2020·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f······</li></ul></
000381c0:·6469·763e·3c68·323e·5461·626c·6520·6f66··div><h2>Table·of000381c0:·6469·763e·3c68·323e·5461·626c·6520·6f66··div><h2>Table·of
000381d0:·2043·6f6e·7465·6e74·733c·2f68·323e·3c6f···Contents</h2><o000381d0:·2043·6f6e·7465·6e74·733c·2f68·323e·3c6f···Contents</h2><o
000381e0:·6c3e·3c6c·693e·3c61·2068·7265·663d·2223··l><li><a·href="#000381e0:·6c3e·3c6c·693e·3c61·2068·7265·663d·2223··l><li><a·href="#
000381f0:·7863·6364·665f·6f72·672e·7373·6770·726f··xccdf_org.ssgpro000381f0:·7863·6364·665f·6f72·672e·7373·6770·726f··xccdf_org.ssgpro
00038200:·6a65·6374·2e63·6f6e·7465·6e74·5f67·726f··ject.content_gro00038200:·6a65·6374·2e63·6f6e·7465·6e74·5f67·726f··ject.content_gro
00038210:·7570·5f73·7973·7465·6d22·3e53·7973·7465··up_system">Syste00038210:·7570·5f73·7973·7465·6d22·3e53·7973·7465··up_system">Syste
649 B
html2text {}
    
Offset 56, 15 lines modifiedOffset 56, 15 lines modified
56 Profile·Title·NIST·800-53·High-Impact·Baseline·for·Red·Hat·Enterprise·Linux56 Profile·Title·NIST·800-53·High-Impact·Baseline·for·Red·Hat·Enterprise·Linux
57 ··············CoreOS57 ··············CoreOS
58 Profile·ID····xccdf_org.ssgproject.content_profile_high58 Profile·ID····xccdf_org.ssgproject.content_profile_high
59 ***·CPE·Platforms·***59 ***·CPE·Platforms·***
60 ····*·cpe:/o:redhat:enterprise_linux_coreos:460 ····*·cpe:/o:redhat:enterprise_linux_coreos:4
61 *****·Revision·History·*****61 *****·Revision·History·*****
62 Current·version:·0.1.6562 Current·version:·0.1.65
63 ····*·draft·(as·of·2024-01-14)63 ····*·draft·(as·of·2025-02-15)
64 *****·Table·of·Contents·*****64 *****·Table·of·Contents·*****
65 ···1.·System_Settings65 ···1.·System_Settings
66 ·········1.·Installing_and_Maintaining_Software66 ·········1.·Installing_and_Maintaining_Software
67 ·········2.·Account_and_Access_Control67 ·········2.·Account_and_Access_Control
68 ·········3.·System_Accounting_with_auditd68 ·········3.·System_Accounting_with_auditd
69 ·········4.·GRUB2_bootloader_configuration69 ·········4.·GRUB2_bootloader_configuration
70 ·········5.·Configure_Syslog70 ·········5.·Configure_Syslog
2.0 KB
./usr/share/doc/ssg-nondebian/ssg-rhcos4-guide-moderate.html
    
Offset 14356, 16 lines modifiedOffset 14356, 16 lines modified
00038130:·7669·7369·6f6e·2048·6973·746f·7279·3c2f··vision·History</00038130:·7669·7369·6f6e·2048·6973·746f·7279·3c2f··vision·History</
00038140:·6832·3e3c·703e·4375·7272·656e·7420·7665··h2><p>Current·ve00038140:·6832·3e3c·703e·4375·7272·656e·7420·7665··h2><p>Current·ve
00038150:·7273·696f·6e3a·203c·7374·726f·6e67·3e30··rsion:·<strong>000038150:·7273·696f·6e3a·203c·7374·726f·6e67·3e30··rsion:·<strong>0
00038160:·2e31·2e36·353c·2f73·7472·6f6e·673e·3c2f··.1.65</strong></00038160:·2e31·2e36·353c·2f73·7472·6f6e·673e·3c2f··.1.65</strong></
00038170:·703e·3c75·6c3e·3c6c·693e·3c73·7472·6f6e··p><ul><li><stron00038170:·703e·3c75·6c3e·3c6c·693e·3c73·7472·6f6e··p><ul><li><stron
00038180:·673e·6472·6166·743c·2f73·7472·6f6e·673e··g>draft</strong>00038180:·673e·6472·6166·743c·2f73·7472·6f6e·673e··g>draft</strong>
00038190:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············00038190:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············
000381a0:·2020·2020·2028·6173·206f·6620·3230·3234·······(as·of·2024000381a0:·2020·2020·2028·6173·206f·6620·3230·3235·······(as·of·2025
000381b0:·2d30·312d·3134·290a·2020·2020·2020·2020··-01-14).········000381b0:·2d30·322d·3135·290a·2020·2020·2020·2020··-02-15).········
000381c0:·2020·2020·2020·2020·3c2f·6c69·3e3c·2f75··········</li></u000381c0:·2020·2020·2020·2020·3c2f·6c69·3e3c·2f75··········</li></u
000381d0:·6c3e·3c2f·6469·763e·3c68·323e·5461·626c··l></div><h2>Tabl000381d0:·6c3e·3c2f·6469·763e·3c68·323e·5461·626c··l></div><h2>Tabl
000381e0:·6520·6f66·2043·6f6e·7465·6e74·733c·2f68··e·of·Contents</h000381e0:·6520·6f66·2043·6f6e·7465·6e74·733c·2f68··e·of·Contents</h
000381f0:·323e·3c6f·6c3e·3c6c·693e·3c61·2068·7265··2><ol><li><a·hre000381f0:·323e·3c6f·6c3e·3c6c·693e·3c61·2068·7265··2><ol><li><a·hre
00038200:·663d·2223·7863·6364·665f·6f72·672e·7373··f="#xccdf_org.ss00038200:·663d·2223·7863·6364·665f·6f72·672e·7373··f="#xccdf_org.ss
00038210:·6770·726f·6a65·6374·2e63·6f6e·7465·6e74··gproject.content00038210:·6770·726f·6a65·6374·2e63·6f6e·7465·6e74··gproject.content
00038220:·5f67·726f·7570·5f73·7973·7465·6d22·3e53··_group_system">S00038220:·5f67·726f·7570·5f73·7973·7465·6d22·3e53··_group_system">S
657 B
html2text {}
    
Offset 56, 15 lines modifiedOffset 56, 15 lines modified
56 Profile·Title·NIST·800-53·Moderate-Impact·Baseline·for·Red·Hat·Enterprise·Linux56 Profile·Title·NIST·800-53·Moderate-Impact·Baseline·for·Red·Hat·Enterprise·Linux
57 ··············CoreOS57 ··············CoreOS
58 Profile·ID····xccdf_org.ssgproject.content_profile_moderate58 Profile·ID····xccdf_org.ssgproject.content_profile_moderate
59 ***·CPE·Platforms·***59 ***·CPE·Platforms·***
60 ····*·cpe:/o:redhat:enterprise_linux_coreos:460 ····*·cpe:/o:redhat:enterprise_linux_coreos:4
61 *****·Revision·History·*****61 *****·Revision·History·*****
62 Current·version:·0.1.6562 Current·version:·0.1.65
63 ····*·draft·(as·of·2024-01-14)63 ····*·draft·(as·of·2025-02-15)
64 *****·Table·of·Contents·*****64 *****·Table·of·Contents·*****
65 ···1.·System_Settings65 ···1.·System_Settings
66 ·········1.·Installing_and_Maintaining_Software66 ·········1.·Installing_and_Maintaining_Software
67 ·········2.·Account_and_Access_Control67 ·········2.·Account_and_Access_Control
68 ·········3.·System_Accounting_with_auditd68 ·········3.·System_Accounting_with_auditd
69 ·········4.·GRUB2_bootloader_configuration69 ·········4.·GRUB2_bootloader_configuration
70 ·········5.·Configure_Syslog70 ·········5.·Configure_Syslog
1.89 KB
./usr/share/doc/ssg-nondebian/ssg-rhcos4-guide-nerc-cip.html
    
Offset 14315, 15 lines modifiedOffset 14315, 15 lines modified
00037ea0:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C00037ea0:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C
00037eb0:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·00037eb0:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·
00037ec0:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</00037ec0:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</
00037ed0:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><00037ed0:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><
00037ee0:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft00037ee0:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft
00037ef0:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······00037ef0:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······
00037f00:·2020·2020·2020·2020·2020·2020·2020·2861················(a00037f00:·2020·2020·2020·2020·2020·2020·2020·2861················(a
00037f10:·7320·6f66·2032·3032·342d·3031·2d31·3429··s·of·2024-01-14)00037f10:·7320·6f66·2032·3032·352d·3032·2d31·3529··s·of·2025-02-15)
00037f20:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············00037f20:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············
00037f30:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div00037f30:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div
00037f40:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co00037f40:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co
00037f50:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><00037f50:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><
00037f60:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc00037f60:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc
00037f70:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec00037f70:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec
00037f80:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_00037f80:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_
684 B
html2text {}
    
Offset 45, 15 lines modifiedOffset 45, 15 lines modified
45 Profile·Title·Infrastructure·Protection·(CIP)·cybersecurity·standards·profile45 Profile·Title·Infrastructure·Protection·(CIP)·cybersecurity·standards·profile
46 ··············for·Red·Hat·Enterprise·Linux·CoreOS46 ··············for·Red·Hat·Enterprise·Linux·CoreOS
47 Profile·ID····xccdf_org.ssgproject.content_profile_nerc-cip47 Profile·ID····xccdf_org.ssgproject.content_profile_nerc-cip
48 ***·CPE·Platforms·***48 ***·CPE·Platforms·***
49 ····*·cpe:/o:redhat:enterprise_linux_coreos:449 ····*·cpe:/o:redhat:enterprise_linux_coreos:4
50 *****·Revision·History·*****50 *****·Revision·History·*****
51 Current·version:·0.1.6551 Current·version:·0.1.65
52 ····*·draft·(as·of·2024-01-14)52 ····*·draft·(as·of·2025-02-15)
53 *****·Table·of·Contents·*****53 *****·Table·of·Contents·*****
54 ···1.·System_Settings54 ···1.·System_Settings
55 ·········1.·Installing_and_Maintaining_Software55 ·········1.·Installing_and_Maintaining_Software
56 ·········2.·Account_and_Access_Control56 ·········2.·Account_and_Access_Control
57 ·········3.·System_Accounting_with_auditd57 ·········3.·System_Accounting_with_auditd
58 ·········4.·GRUB2_bootloader_configuration58 ·········4.·GRUB2_bootloader_configuration
59 ·········5.·Configure_Syslog59 ·········5.·Configure_Syslog
777 KB
./usr/share/doc/ssg-nondebian/ssg-rhel7-guide-C2S.html
    
Offset 14360, 16 lines modifiedOffset 14360, 16 lines modified
00038170:·7669·7369·6f6e·2048·6973·746f·7279·3c2f··vision·History</00038170:·7669·7369·6f6e·2048·6973·746f·7279·3c2f··vision·History</
00038180:·6832·3e3c·703e·4375·7272·656e·7420·7665··h2><p>Current·ve00038180:·6832·3e3c·703e·4375·7272·656e·7420·7665··h2><p>Current·ve
00038190:·7273·696f·6e3a·203c·7374·726f·6e67·3e30··rsion:·<strong>000038190:·7273·696f·6e3a·203c·7374·726f·6e67·3e30··rsion:·<strong>0
000381a0:·2e31·2e36·353c·2f73·7472·6f6e·673e·3c2f··.1.65</strong></000381a0:·2e31·2e36·353c·2f73·7472·6f6e·673e·3c2f··.1.65</strong></
000381b0:·703e·3c75·6c3e·3c6c·693e·3c73·7472·6f6e··p><ul><li><stron000381b0:·703e·3c75·6c3e·3c6c·693e·3c73·7472·6f6e··p><ul><li><stron
000381c0:·673e·6472·6166·743c·2f73·7472·6f6e·673e··g>draft</strong>000381c0:·673e·6472·6166·743c·2f73·7472·6f6e·673e··g>draft</strong>
000381d0:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············000381d0:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············
000381e0:·2020·2020·2028·6173·206f·6620·3230·3234·······(as·of·2024000381e0:·2020·2020·2028·6173·206f·6620·3230·3235·······(as·of·2025
000381f0:·2d30·312d·3134·290a·2020·2020·2020·2020··-01-14).········000381f0:·2d30·322d·3135·290a·2020·2020·2020·2020··-02-15).········
00038200:·2020·2020·2020·2020·3c2f·6c69·3e3c·2f75··········</li></u00038200:·2020·2020·2020·2020·3c2f·6c69·3e3c·2f75··········</li></u
00038210:·6c3e·3c2f·6469·763e·3c68·323e·5461·626c··l></div><h2>Tabl00038210:·6c3e·3c2f·6469·763e·3c68·323e·5461·626c··l></div><h2>Tabl
00038220:·6520·6f66·2043·6f6e·7465·6e74·733c·2f68··e·of·Contents</h00038220:·6520·6f66·2043·6f6e·7465·6e74·733c·2f68··e·of·Contents</h
00038230:·323e·3c6f·6c3e·3c6c·693e·3c61·2068·7265··2><ol><li><a·hre00038230:·323e·3c6f·6c3e·3c6c·693e·3c61·2068·7265··2><ol><li><a·hre
00038240:·663d·2223·7863·6364·665f·6f72·672e·7373··f="#xccdf_org.ss00038240:·663d·2223·7863·6364·665f·6f72·672e·7373··f="#xccdf_org.ss
00038250:·6770·726f·6a65·6374·2e63·6f6e·7465·6e74··gproject.content00038250:·6770·726f·6a65·6374·2e63·6f6e·7465·6e74··gproject.content
00038260:·5f67·726f·7570·5f73·7973·7465·6d22·3e53··_group_system">S00038260:·5f67·726f·7570·5f73·7973·7465·6d22·3e53··_group_system">S
Offset 47826, 23 lines modifiedOffset 47826, 23 lines modified
000bad10:·6972·6564·0a20·202d·2072·6573·7472·6963··ired.··-·restric000bad10:·6972·6564·0a20·202d·2072·6573·7472·6963··ired.··-·restric
000bad20:·745f·7374·7261·7465·6779·0a0a·2d20·6e61··t_strategy..-·na000bad20:·745f·7374·7261·7465·6779·0a0a·2d20·6e61··t_strategy..-·na
000bad30:·6d65·3a20·5365·7420·6172·6368·6974·6563··me:·Set·architec000bad30:·6d65·3a20·5365·7420·6172·6368·6974·6563··me:·Set·architec
000bad40:·7475·7265·2066·6f72·2061·7564·6974·2063··ture·for·audit·c000bad40:·7475·7265·2066·6f72·2061·7564·6974·2063··ture·for·audit·c
000bad50:·686d·6f64·2074·6173·6b73·0a20·2073·6574··hmod·tasks.··set000bad50:·686d·6f64·2074·6173·6b73·0a20·2073·6574··hmod·tasks.··set
000bad60:·5f66·6163·743a·0a20·2020·2061·7564·6974··_fact:.····audit000bad60:·5f66·6163·743a·0a20·2020·2061·7564·6974··_fact:.····audit
000bad70:·5f61·7263·683a·2062·3634·0a20·2077·6865··_arch:·b64.··whe000bad70:·5f61·7263·683a·2062·3634·0a20·2077·6865··_arch:·b64.··whe
000bad80:·6e3a·0a20·202d·2061·6e73·6962·6c65·5f76··n:.··-·ansible_v 
000bad90:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty 
000bada0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock 
000badb0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope 
000badc0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",· 
000badd0:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··- 
000bade0:·2027·2261·7564·6974·2220·696e·2061·6e73···'"audit"·in·ans 
000badf0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa000bad80:·6e3a·0a20·202d·2027·2261·7564·6974·2220··n:.··-·'"audit"·
 000bad90:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 000bada0:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a
 000badb0:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
 000badc0:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
 000badd0:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
 000bade0:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
 000badf0:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
000bae00:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible000bae00:·6572·225d·0a20·202d·2061·6e73·6962·6c65··er"].··-·ansible
000bae10:·5f61·7263·6869·7465·6374·7572·6520·3d3d··_architecture·==000bae10:·5f61·7263·6869·7465·6374·7572·6520·3d3d··_architecture·==
000bae20:·2022·6161·7263·6836·3422·206f·7220·616e···"aarch64"·or·an000bae20:·2022·6161·7263·6836·3422·206f·7220·616e···"aarch64"·or·an
000bae30:·7369·626c·655f·6172·6368·6974·6563·7475··sible_architectu000bae30:·7369·626c·655f·6172·6368·6974·6563·7475··sible_architectu
000bae40:·7265·203d·3d20·2270·7063·3634·2220·6f72··re·==·"ppc64"·or000bae40:·7265·203d·3d20·2270·7063·3634·2220·6f72··re·==·"ppc64"·or
000bae50:·2061·6e73·6962·6c65·5f61·7263·6869·7465···ansible_archite000bae50:·2061·6e73·6962·6c65·5f61·7263·6869·7465···ansible_archite
000bae60:·6374·7572·650a·2020·2020·3d3d·2022·7070··cture.····==·"pp000bae60:·6374·7572·650a·2020·2020·3d3d·2022·7070··cture.····==·"pp
000bae70:·6336·346c·6522·206f·7220·616e·7369·626c··c64le"·or·ansibl000bae70:·6336·346c·6522·206f·7220·616e·7369·626c··c64le"·or·ansibl
Offset 48150, 23 lines modifiedOffset 48150, 23 lines modified
000bc150:·6b65·793d·7065·726d·5f6d·6f64·0a20·2020··key=perm_mod.···000bc150:·6b65·793d·7065·726d·5f6d·6f64·0a20·2020··key=perm_mod.···
000bc160:·2020·2063·7265·6174·653a·2074·7275·650a·····create:·true.000bc160:·2020·2063·7265·6174·653a·2074·7275·650a·····create:·true.
000bc170:·2020·2020·2020·6d6f·6465·3a20·6f2d·7277········mode:·o-rw000bc170:·2020·2020·2020·6d6f·6465·3a20·6f2d·7277········mode:·o-rw
000bc180:·780a·2020·2020·2020·7374·6174·653a·2070··x.······state:·p000bc180:·780a·2020·2020·2020·7374·6174·653a·2070··x.······state:·p
000bc190:·7265·7365·6e74·0a20·2020·2077·6865·6e3a··resent.····when:000bc190:·7265·7365·6e74·0a20·2020·2077·6865·6e3a··resent.····when:
000bc1a0:·2073·7973·6361·6c6c·735f·666f·756e·6420···syscalls_found·000bc1a0:·2073·7973·6361·6c6c·735f·666f·756e·6420···syscalls_found·
000bc1b0:·7c20·6c65·6e67·7468·203d·3d20·300a·2020··|·length·==·0.··000bc1b0:·7c20·6c65·6e67·7468·203d·3d20·300a·2020··|·length·==·0.··
000bc1c0:·7768·656e·3a0a·2020·2d20·616e·7369·626c··when:.··-·ansibl000bc1c0:·7768·656e·3a0a·2020·2d20·2722·6175·6469··when:.··-·'"audi
000bc1d0:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization 
000bc1e0:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d 
000bc1f0:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·" 
000bc200:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman 
000bc210:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"]. 
000bc220:·2020·2d20·2722·6175·6469·7422·2069·6e20····-·'"audit"·in· 
000bc230:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa000bc1d0:·7422·2069·6e20·616e·7369·626c·655f·6661··t"·in·ansible_fa
 000bc1e0:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
 000bc1f0:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
 000bc200:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
 000bc210:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
 000bc220:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
 000bc230:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
000bc240:·636b·6167·6573·270a·2020·7461·6773·3a0a··ckages'.··tags:.000bc240:·6169·6e65·7222·5d0a·2020·7461·6773·3a0a··ainer"].··tags:.
000bc250:·2020·2d20·4343·452d·3237·3333·392d·310a····-·CCE-27339-1.000bc250:·2020·2d20·4343·452d·3237·3333·392d·310a····-·CCE-27339-1.
000bc260:·2020·2d20·434a·4953·2d35·2e34·2e31·2e31····-·CJIS-5.4.1.1000bc260:·2020·2d20·434a·4953·2d35·2e34·2e31·2e31····-·CJIS-5.4.1.1
000bc270:·0a20·202d·2044·4953·412d·5354·4947·2d52··.··-·DISA-STIG-R000bc270:·0a20·202d·2044·4953·412d·5354·4947·2d52··.··-·DISA-STIG-R
000bc280:·4845·4c2d·3037·2d30·3330·3431·300a·2020··HEL-07-030410.··000bc280:·4845·4c2d·3037·2d30·3330·3431·300a·2020··HEL-07-030410.··
000bc290:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-3000bc290:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-3
000bc2a0:·2e31·2e37·0a20·202d·204e·4953·542d·3830··.1.7.··-·NIST-80000bc2a0:·2e31·2e37·0a20·202d·204e·4953·542d·3830··.1.7.··-·NIST-80
000bc2b0:·302d·3533·2d41·552d·3132·2863·290a·2020··0-53-AU-12(c).··000bc2b0:·302d·3533·2d41·552d·3132·2863·290a·2020··0-53-AU-12(c).··
Offset 48463, 23 lines modifiedOffset 48463, 23 lines modified
000bd4e0:·726d·5f6d·6f64·0a20·2020·2020·2063·7265··rm_mod.······cre000bd4e0:·726d·5f6d·6f64·0a20·2020·2020·2063·7265··rm_mod.······cre
000bd4f0:·6174·653a·2074·7275·650a·2020·2020·2020··ate:·true.······000bd4f0:·6174·653a·2074·7275·650a·2020·2020·2020··ate:·true.······
000bd500:·6d6f·6465·3a20·6f2d·7277·780a·2020·2020··mode:·o-rwx.····000bd500:·6d6f·6465·3a20·6f2d·7277·780a·2020·2020··mode:·o-rwx.····
000bd510:·2020·7374·6174·653a·2070·7265·7365·6e74····state:·present000bd510:·2020·7374·6174·653a·2070·7265·7365·6e74····state:·present
000bd520:·0a20·2020·2077·6865·6e3a·2073·7973·6361··.····when:·sysca000bd520:·0a20·2020·2077·6865·6e3a·2073·7973·6361··.····when:·sysca
000bd530:·6c6c·735f·666f·756e·6420·7c20·6c65·6e67··lls_found·|·leng000bd530:·6c6c·735f·666f·756e·6420·7c20·6c65·6e67··lls_found·|·leng
000bd540:·7468·203d·3d20·300a·2020·7768·656e·3a0a··th·==·0.··when:.000bd540:·7468·203d·3d20·300a·2020·7768·656e·3a0a··th·==·0.··when:.
000bd550:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt 
000bd560:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type· 
000bd570:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker" 
000bd580:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz 
000bd590:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co 
000bd5a0:·6e74·6169·6e65·7222·5d0a·2020·2d20·2722··ntainer"].··-·'" 
000bd5b0:·6175·6469·7422·2069·6e20·616e·7369·626c··audit"·in·ansibl 
000bd5c0:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages000bd550:·2020·2d20·2722·6175·6469·7422·2069·6e20····-·'"audit"·in·
 000bd560:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
 000bd570:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi
 000bd580:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
 000bd590:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
 000bd5a0:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
 000bd5b0:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
 000bd5c0:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
000bd5d0:·270a·2020·2d20·6175·6469·745f·6172·6368··'.··-·audit_arch000bd5d0:·5d0a·2020·2d20·6175·6469·745f·6172·6368··].··-·audit_arch
000bd5e0:·203d·3d20·2262·3634·220a·2020·7461·6773···==·"b64".··tags000bd5e0:·203d·3d20·2262·3634·220a·2020·7461·6773···==·"b64".··tags
000bd5f0:·3a0a·2020·2d20·4343·452d·3237·3333·392d··:.··-·CCE-27339-000bd5f0:·3a0a·2020·2d20·4343·452d·3237·3333·392d··:.··-·CCE-27339-
000bd600:·310a·2020·2d20·434a·4953·2d35·2e34·2e31··1.··-·CJIS-5.4.1000bd600:·310a·2020·2d20·434a·4953·2d35·2e34·2e31··1.··-·CJIS-5.4.1
000bd610:·2e31·0a20·202d·2044·4953·412d·5354·4947··.1.··-·DISA-STIG000bd610:·2e31·0a20·202d·2044·4953·412d·5354·4947··.1.··-·DISA-STIG
000bd620:·2d52·4845·4c2d·3037·2d30·3330·3431·300a··-RHEL-07-030410.000bd620:·2d52·4845·4c2d·3037·2d30·3330·3431·300a··-RHEL-07-030410.
000bd630:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-171000bd630:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-171
000bd640:·2d33·2e31·2e37·0a20·202d·204e·4953·542d··-3.1.7.··-·NIST-000bd640:·2d33·2e31·2e37·0a20·202d·204e·4953·542d··-3.1.7.··-·NIST-
Offset 48514, 20 lines modifiedOffset 48514, 20 lines modified
000bd810:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla000bd810:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
000bd820:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id000bd820:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
000bd830:·3d22·6964·6d32·3535·3438·223e·3c70·7265··="idm25548"><pre000bd830:·3d22·6964·6d32·3535·3438·223e·3c70·7265··="idm25548"><pre
000bd840:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia000bd840:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia
000bd850:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab000bd850:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab
000bd860:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa000bd860:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa
000bd870:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·000bd870:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·
 000bd880:·7270·6d20·2d2d·7175·6965·7420·2d71·2061··rpm·--quiet·-q·a
 000bd890:·7564·6974·2026·616d·703b·2661·6d70·3b20··udit·&amp;&amp;·
000bd880:·5b20·2120·2d66·202f·2e64·6f63·6b65·7265··[·!·-f·/.dockere000bd8a0:·5b20·2120·2d66·202f·2e64·6f63·6b65·7265··[·!·-f·/.dockere
000bd890:·6e76·205d·2026·616d·703b·2661·6d70·3b20··nv·]·&amp;&amp;·000bd8b0:·6e76·205d·2026·616d·703b·2661·6d70·3b20··nv·]·&amp;&amp;·
000bd8a0:·5b20·2120·2d66·202f·7275·6e2f·2e63·6f6e··[·!·-f·/run/.con000bd8c0:·5b20·2120·2d66·202f·7275·6e2f·2e63·6f6e··[·!·-f·/run/.con
000bd8b0:·7461·696e·6572·656e·7620·5d20·2661·6d70··tainerenv·]·&amp000bd8d0:·7461·696e·6572·656e·7620·5d3b·2074·6865··tainerenv·];·the
000bd8c0:·3b26·616d·703b·2072·706d·202d·2d71·7569··;&amp;·rpm·--qui 
000bd8d0:·6574·202d·7120·6175·6469·743b·2074·6865··et·-q·audit;·the 
000bd8e0:·6e0a·0a23·2046·6972·7374·2070·6572·666f··n..#·First·perfo000bd8e0:·6e0a·0a23·2046·6972·7374·2070·6572·666f··n..#·First·perfo
000bd8f0:·726d·2074·6865·2072·656d·6564·6961·7469··rm·the·remediati000bd8f0:·726d·2074·6865·2072·656d·6564·6961·7469··rm·the·remediati
000bd900:·6f6e·206f·6620·7468·6520·7379·7363·616c··on·of·the·syscal000bd900:·6f6e·206f·6620·7468·6520·7379·7363·616c··on·of·the·syscal
Max diff block lines reached; 598016/607599 bytes (98.42%) of diff not shown.
183 KB
html2text {}
    
Offset 47, 15 lines modifiedOffset 47, 15 lines modified
47 ····*·cpe:/o:redhat:enterprise_linux:7::client47 ····*·cpe:/o:redhat:enterprise_linux:7::client
48 ····*·cpe:/o:redhat:enterprise_linux:7::computenode48 ····*·cpe:/o:redhat:enterprise_linux:7::computenode
49 ····*·cpe:/o:redhat:enterprise_linux:7::server49 ····*·cpe:/o:redhat:enterprise_linux:7::server
50 ····*·cpe:/o:redhat:enterprise_linux:7::workstation50 ····*·cpe:/o:redhat:enterprise_linux:7::workstation
51 ····*·cpe:/o:redhat:enterprise_linux:751 ····*·cpe:/o:redhat:enterprise_linux:7
52 *****·Revision·History·*****52 *****·Revision·History·*****
53 Current·version:·0.1.6553 Current·version:·0.1.65
54 ····*·draft·(as·of·2024-01-14)54 ····*·draft·(as·of·2025-02-15)
55 *****·Table·of·Contents·*****55 *****·Table·of·Contents·*****
56 ···1.·System_Settings56 ···1.·System_Settings
57 ·········1.·Installing_and_Maintaining_Software57 ·········1.·Installing_and_Maintaining_Software
58 ·········2.·Account_and_Access_Control58 ·········2.·Account_and_Access_Control
59 ·········3.·System_Accounting_with_auditd59 ·········3.·System_Accounting_with_auditd
60 ·········4.·GRUB2_bootloader_configuration60 ·········4.·GRUB2_bootloader_configuration
61 ·········5.·Configure_Syslog61 ·········5.·Configure_Syslog
Offset 5417, 16 lines modifiedOffset 5417, 16 lines modified
5417 ··-·reboot_required5417 ··-·reboot_required
5418 ··-·restrict_strategy5418 ··-·restrict_strategy
  
5419 -·name:·Set·architecture·for·audit·chmod·tasks5419 -·name:·Set·architecture·for·audit·chmod·tasks
5420 ··set_fact:5420 ··set_fact:
5421 ····audit_arch:·b645421 ····audit_arch:·b64
5422 ··when:5422 ··when:
5423 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5424 ··-·'"audit"·in·ansible_facts.packages'5423 ··-·'"audit"·in·ansible_facts.packages'
 5424 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5425 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture5425 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
5426 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"5426 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
5427 ··tags:5427 ··tags:
5428 ··-·CCE-27339-15428 ··-·CCE-27339-1
5429 ··-·CJIS-5.4.1.15429 ··-·CJIS-5.4.1.1
5430 ··-·DISA-STIG-RHEL-07-0304105430 ··-·DISA-STIG-RHEL-07-030410
5431 ··-·NIST-800-171-3.1.75431 ··-·NIST-800-171-3.1.7
Offset 5564, 16 lines modifiedOffset 5564, 16 lines modified
5564 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10005564 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
5565 ········-F·auid!=unset·-F·key=perm_mod5565 ········-F·auid!=unset·-F·key=perm_mod
5566 ······create:·true5566 ······create:·true
5567 ······mode:·o-rwx5567 ······mode:·o-rwx
5568 ······state:·present5568 ······state:·present
5569 ····when:·syscalls_found·|·length·==·05569 ····when:·syscalls_found·|·length·==·0
5570 ··when:5570 ··when:
5571 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5572 ··-·'"audit"·in·ansible_facts.packages'5571 ··-·'"audit"·in·ansible_facts.packages'
 5572 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5573 ··tags:5573 ··tags:
5574 ··-·CCE-27339-15574 ··-·CCE-27339-1
5575 ··-·CJIS-5.4.1.15575 ··-·CJIS-5.4.1.1
5576 ··-·DISA-STIG-RHEL-07-0304105576 ··-·DISA-STIG-RHEL-07-030410
5577 ··-·NIST-800-171-3.1.75577 ··-·NIST-800-171-3.1.7
5578 ··-·NIST-800-53-AU-12(c)5578 ··-·NIST-800-53-AU-12(c)
5579 ··-·NIST-800-53-AU-2(d)5579 ··-·NIST-800-53-AU-2(d)
Offset 5709, 16 lines modifiedOffset 5709, 16 lines modified
5709 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10005709 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
5710 ········-F·auid!=unset·-F·key=perm_mod5710 ········-F·auid!=unset·-F·key=perm_mod
5711 ······create:·true5711 ······create:·true
5712 ······mode:·o-rwx5712 ······mode:·o-rwx
5713 ······state:·present5713 ······state:·present
5714 ····when:·syscalls_found·|·length·==·05714 ····when:·syscalls_found·|·length·==·0
5715 ··when:5715 ··when:
5716 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5717 ··-·'"audit"·in·ansible_facts.packages'5716 ··-·'"audit"·in·ansible_facts.packages'
 5717 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5718 ··-·audit_arch·==·"b64"5718 ··-·audit_arch·==·"b64"
5719 ··tags:5719 ··tags:
5720 ··-·CCE-27339-15720 ··-·CCE-27339-1
5721 ··-·CJIS-5.4.1.15721 ··-·CJIS-5.4.1.1
5722 ··-·DISA-STIG-RHEL-07-0304105722 ··-·DISA-STIG-RHEL-07-030410
5723 ··-·NIST-800-171-3.1.75723 ··-·NIST-800-171-3.1.7
5724 ··-·NIST-800-53-AU-12(c)5724 ··-·NIST-800-53-AU-12(c)
Offset 5729, 15 lines modifiedOffset 5729, 15 lines modified
5729 ··-·low_complexity5729 ··-·low_complexity
5730 ··-·low_disruption5730 ··-·low_disruption
5731 ··-·medium_severity5731 ··-·medium_severity
5732 ··-·reboot_required5732 ··-·reboot_required
5733 ··-·restrict_strategy5733 ··-·restrict_strategy
5734 Remediation_Shell_script_⇲5734 Remediation_Shell_script_⇲
5735 #·Remediation·is·applicable·only·in·certain·platforms5735 #·Remediation·is·applicable·only·in·certain·platforms
5736 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then5736 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
5737 #·First·perform·the·remediation·of·the·syscall·rule5737 #·First·perform·the·remediation·of·the·syscall·rule
5738 #·Retrieve·hardware·architecture·of·the·underlying·system5738 #·Retrieve·hardware·architecture·of·the·underlying·system
5739 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")5739 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
5740 for·ARCH·in·"${RULE_ARCHS[@]}"5740 for·ARCH·in·"${RULE_ARCHS[@]}"
5741 do5741 do
Offset 6100, 16 lines modifiedOffset 6100, 16 lines modified
6100 ··-·reboot_required6100 ··-·reboot_required
6101 ··-·restrict_strategy6101 ··-·restrict_strategy
  
6102 -·name:·Set·architecture·for·audit·chown·tasks6102 -·name:·Set·architecture·for·audit·chown·tasks
6103 ··set_fact:6103 ··set_fact:
6104 ····audit_arch:·b646104 ····audit_arch:·b64
6105 ··when:6105 ··when:
6106 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
6107 ··-·'"audit"·in·ansible_facts.packages'6106 ··-·'"audit"·in·ansible_facts.packages'
 6107 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6108 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture6108 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
6109 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"6109 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
6110 ··tags:6110 ··tags:
6111 ··-·CCE-27364-96111 ··-·CCE-27364-9
6112 ··-·CJIS-5.4.1.16112 ··-·CJIS-5.4.1.1
6113 ··-·DISA-STIG-RHEL-07-0303706113 ··-·DISA-STIG-RHEL-07-030370
6114 ··-·NIST-800-171-3.1.76114 ··-·NIST-800-171-3.1.7
Offset 6249, 16 lines modifiedOffset 6249, 16 lines modified
6249 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10006249 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
6250 ········-F·auid!=unset·-F·key=perm_mod6250 ········-F·auid!=unset·-F·key=perm_mod
6251 ······create:·true6251 ······create:·true
6252 ······mode:·o-rwx6252 ······mode:·o-rwx
6253 ······state:·present6253 ······state:·present
6254 ····when:·syscalls_found·|·length·==·06254 ····when:·syscalls_found·|·length·==·0
6255 ··when:6255 ··when:
6256 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
6257 ··-·'"audit"·in·ansible_facts.packages'6256 ··-·'"audit"·in·ansible_facts.packages'
 6257 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6258 ··tags:6258 ··tags:
6259 ··-·CCE-27364-96259 ··-·CCE-27364-9
6260 ··-·CJIS-5.4.1.16260 ··-·CJIS-5.4.1.1
6261 ··-·DISA-STIG-RHEL-07-0303706261 ··-·DISA-STIG-RHEL-07-030370
6262 ··-·NIST-800-171-3.1.76262 ··-·NIST-800-171-3.1.7
6263 ··-·NIST-800-53-AU-12(c)6263 ··-·NIST-800-53-AU-12(c)
6264 ··-·NIST-800-53-AU-2(d)6264 ··-·NIST-800-53-AU-2(d)
Offset 6396, 16 lines modifiedOffset 6396, 16 lines modified
6396 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10006396 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
6397 ········-F·auid!=unset·-F·key=perm_mod6397 ········-F·auid!=unset·-F·key=perm_mod
6398 ······create:·true6398 ······create:·true
6399 ······mode:·o-rwx6399 ······mode:·o-rwx
6400 ······state:·present6400 ······state:·present
Max diff block lines reached; 182795/187533 bytes (97.47%) of diff not shown.
6.98 KB
./usr/share/doc/ssg-nondebian/ssg-rhel7-guide-anssi_nt28_enhanced.html
    
Offset 14359, 15 lines modifiedOffset 14359, 15 lines modified
00038160:·7374·6f72·793c·2f68·323e·3c70·3e43·7572··story</h2><p>Cur00038160:·7374·6f72·793c·2f68·323e·3c70·3e43·7572··story</h2><p>Cur
00038170:·7265·6e74·2076·6572·7369·6f6e·3a20·3c73··rent·version:·<s00038170:·7265·6e74·2076·6572·7369·6f6e·3a20·3c73··rent·version:·<s
00038180:·7472·6f6e·673e·302e·312e·3635·3c2f·7374··trong>0.1.65</st00038180:·7472·6f6e·673e·302e·312e·3635·3c2f·7374··trong>0.1.65</st
00038190:·726f·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69··rong></p><ul><li00038190:·726f·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69··rong></p><ul><li
000381a0:·3e3c·7374·726f·6e67·3e64·7261·6674·3c2f··><strong>draft</000381a0:·3e3c·7374·726f·6e67·3e64·7261·6674·3c2f··><strong>draft</
000381b0:·7374·726f·6e67·3e0a·2020·2020·2020·2020··strong>.········000381b0:·7374·726f·6e67·3e0a·2020·2020·2020·2020··strong>.········
000381c0:·2020·2020·2020·2020·2020·2020·2861·7320··············(as·000381c0:·2020·2020·2020·2020·2020·2020·2861·7320··············(as·
000381d0:·6f66·2032·3032·342d·3031·2d31·3429·0a20··of·2024-01-14).·000381d0:·6f66·2032·3032·352d·3032·2d31·3529·0a20··of·2025-02-15).·
000381e0:·2020·2020·2020·2020·2020·2020·2020·203c·················<000381e0:·2020·2020·2020·2020·2020·2020·2020·203c·················<
000381f0:·2f6c·693e·3c2f·756c·3e3c·2f64·6976·3e3c··/li></ul></div><000381f0:·2f6c·693e·3c2f·756c·3e3c·2f64·6976·3e3c··/li></ul></div><
00038200:·6832·3e54·6162·6c65·206f·6620·436f·6e74··h2>Table·of·Cont00038200:·6832·3e54·6162·6c65·206f·6620·436f·6e74··h2>Table·of·Cont
00038210:·656e·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69··ents</h2><ol><li00038210:·656e·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69··ents</h2><ol><li
00038220:·3e3c·6120·6872·6566·3d22·2378·6363·6466··><a·href="#xccdf00038220:·3e3c·6120·6872·6566·3d22·2378·6363·6466··><a·href="#xccdf
00038230:·5f6f·7267·2e73·7367·7072·6f6a·6563·742e··_org.ssgproject.00038230:·5f6f·7267·2e73·7367·7072·6f6a·6563·742e··_org.ssgproject.
00038240:·636f·6e74·656e·745f·6772·6f75·705f·7379··content_group_sy00038240:·636f·6e74·656e·745f·6772·6f75·705f·7379··content_group_sy
Offset 54985, 22 lines modifiedOffset 54985, 22 lines modified
000d6c80:·6c65·6765·640a·2020·2020·2020·6372·6561··leged.······crea000d6c80:·6c65·6765·640a·2020·2020·2020·6372·6561··leged.······crea
000d6c90:·7465·3a20·7472·7565·0a20·2020·2020·206d··te:·true.······m000d6c90:·7465·3a20·7472·7565·0a20·2020·2020·206d··te:·true.······m
000d6ca0:·6f64·653a·206f·2d72·7778·0a20·2020·2020··ode:·o-rwx.·····000d6ca0:·6f64·653a·206f·2d72·7778·0a20·2020·2020··ode:·o-rwx.·····
000d6cb0:·2073·7461·7465·3a20·7072·6573·656e·740a···state:·present.000d6cb0:·2073·7461·7465·3a20·7072·6573·656e·740a···state:·present.
000d6cc0:·2020·2020·7768·656e·3a20·7379·7363·616c······when:·syscal000d6cc0:·2020·2020·7768·656e·3a20·7379·7363·616c······when:·syscal
000d6cd0:·6c73·5f66·6f75·6e64·207c·206c·656e·6774··ls_found·|·lengt000d6cd0:·6c73·5f66·6f75·6e64·207c·206c·656e·6774··ls_found·|·lengt
000d6ce0:·6820·3d3d·2030·0a20·2077·6865·6e3a·0a20··h·==·0.··when:.·000d6ce0:·6820·3d3d·2030·0a20·2077·6865·6e3a·0a20··h·==·0.··when:.·
000d6cf0:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu 
000d6d00:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n 
000d6d10:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker", 
000d6d20:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz" 
000d6d30:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con 
000d6d40:·7461·696e·6572·225d·0a20·202d·2027·2261··tainer"].··-·'"a 
000d6d50:·7564·6974·2220·696e·2061·6e73·6962·6c65··udit"·in·ansible 
000d6d60:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'000d6cf0:·202d·2027·2261·7564·6974·2220·696e·2061···-·'"audit"·in·a
 000d6d00:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
 000d6d10:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib
 000d6d20:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio
 000d6d30:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["
 000d6d40:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·
 000d6d50:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma
 000d6d60:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]
000d6d70:·0a20·2074·6167·733a·0a20·202d·2043·4345··.··tags:.··-·CCE000d6d70:·0a20·2074·6167·733a·0a20·202d·2043·4345··.··tags:.··-·CCE
000d6d80:·2d38·3034·3031·2d33·0a20·202d·2044·4953··-80401-3.··-·DIS000d6d80:·2d38·3034·3031·2d33·0a20·202d·2044·4953··-80401-3.··-·DIS
000d6d90:·412d·5354·4947·2d52·4845·4c2d·3037·2d30··A-STIG-RHEL-07-0000d6d90:·412d·5354·4947·2d52·4845·4c2d·3037·2d30··A-STIG-RHEL-07-0
000d6da0:·3330·3639·300a·2020·2d20·4e49·5354·2d38··30690.··-·NIST-8000d6da0:·3330·3639·300a·2020·2d20·4e49·5354·2d38··30690.··-·NIST-8
000d6db0:·3030·2d31·3731·2d33·2e31·2e37·0a20·202d··00-171-3.1.7.··-000d6db0:·3030·2d31·3731·2d33·2e31·2e37·0a20·202d··00-171-3.1.7.··-
000d6dc0:·204e·4953·542d·3830·302d·3533·2d41·432d···NIST-800-53-AC-000d6dc0:·204e·4953·542d·3830·302d·3533·2d41·432d···NIST-800-53-AC-
000d6dd0:·3628·3929·0a20·202d·204e·4953·542d·3830··6(9).··-·NIST-80000d6dd0:·3628·3929·0a20·202d·204e·4953·542d·3830··6(9).··-·NIST-80
Offset 55033, 21 lines modifiedOffset 55033, 21 lines modified
000d6f80:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p000d6f80:·6272·3e3c·6469·7620·636c·6173·733d·2270··br><div·class="p
000d6f90:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co000d6f90:·616e·656c·2d63·6f6c·6c61·7073·6520·636f··anel-collapse·co
000d6fa0:·6c6c·6170·7365·2220·6964·3d22·6964·6d33··llapse"·id="idm3000d6fa0:·6c6c·6170·7365·2220·6964·3d22·6964·6d33··llapse"·id="idm3
000d6fb0:·3631·3636·223e·3c70·7265·3e3c·636f·6465··6166"><pre><code000d6fb0:·3631·3636·223e·3c70·7265·3e3c·636f·6465··6166"><pre><code
000d6fc0:·3e23·2052·656d·6564·6961·7469·6f6e·2069··>#·Remediation·i000d6fc0:·3e23·2052·656d·6564·6961·7469·6f6e·2069··>#·Remediation·i
000d6fd0:·7320·6170·706c·6963·6162·6c65·206f·6e6c··s·applicable·onl000d6fd0:·7320·6170·706c·6963·6162·6c65·206f·6e6c··s·applicable·onl
000d6fe0:·7920·696e·2063·6572·7461·696e·2070·6c61··y·in·certain·pla000d6fe0:·7920·696e·2063·6572·7461·696e·2070·6c61··y·in·certain·pla
000d6ff0:·7466·6f72·6d73·0a69·6620·5b20·2120·2d66··tforms.if·[·!·-f000d6ff0:·7466·6f72·6d73·0a69·6620·7270·6d20·2d2d··tforms.if·rpm·--
000d7000:·202f·2e64·6f63·6b65·7265·6e76·205d·2026···/.dockerenv·]·&000d7000:·7175·6965·7420·2d71·2061·7564·6974·2026··quiet·-q·audit·&
000d7010:·616d·703b·2661·6d70·3b20·5b20·2120·2d66··amp;&amp;·[·!·-f000d7010:·616d·703b·2661·6d70·3b20·5b20·2120·2d66··amp;&amp;·[·!·-f
 000d7020:·202f·2e64·6f63·6b65·7265·6e76·205d·2026···/.dockerenv·]·&
 000d7030:·616d·703b·2661·6d70·3b20·5b20·2120·2d66··amp;&amp;·[·!·-f
000d7020:·202f·7275·6e2f·2e63·6f6e·7461·696e·6572···/run/.container000d7040:·202f·7275·6e2f·2e63·6f6e·7461·696e·6572···/run/.container
000d7030:·656e·7620·5d20·2661·6d70·3b26·616d·703b··env·]·&amp;&amp; 
000d7040:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q· 
000d7050:·6175·6469·743b·2074·6865·6e0a·0a41·4354··audit;·then..ACT000d7050:·656e·7620·5d3b·2074·6865·6e0a·0a41·4354··env·];·then..ACT
000d7060:·494f·4e5f·4152·4348·5f46·494c·5445·5253··ION_ARCH_FILTERS000d7060:·494f·4e5f·4152·4348·5f46·494c·5445·5253··ION_ARCH_FILTERS
000d7070:·3d22·2d61·2061·6c77·6179·732c·6578·6974··="-a·always,exit000d7070:·3d22·2d61·2061·6c77·6179·732c·6578·6974··="-a·always,exit
000d7080:·220a·4f54·4845·525f·4649·4c54·4552·533d··".OTHER_FILTERS=000d7080:·220a·4f54·4845·525f·4649·4c54·4552·533d··".OTHER_FILTERS=
000d7090:·222d·4620·7061·7468·3d2f·7573·722f·6269··"-F·path=/usr/bi000d7090:·222d·4620·7061·7468·3d2f·7573·722f·6269··"-F·path=/usr/bi
000d70a0:·6e2f·7375·646f·202d·4620·7065·726d·3d78··n/sudo·-F·perm=x000d70a0:·6e2f·7375·646f·202d·4620·7065·726d·3d78··n/sudo·-F·perm=x
000d70b0:·220a·4155·4944·5f46·494c·5445·5253·3d22··".AUID_FILTERS="000d70b0:·220a·4155·4944·5f46·494c·5445·5253·3d22··".AUID_FILTERS="
000d70c0:·2d46·2061·7569·6426·6774·3b3d·3130·3030··-F·auid&gt;=1000000d70c0:·2d46·2061·7569·6426·6774·3b3d·3130·3030··-F·auid&gt;=1000
1.85 KB
html2text {}
    
Offset 47, 15 lines modifiedOffset 47, 15 lines modified
47 ····*·cpe:/o:redhat:enterprise_linux:7::client47 ····*·cpe:/o:redhat:enterprise_linux:7::client
48 ····*·cpe:/o:redhat:enterprise_linux:7::computenode48 ····*·cpe:/o:redhat:enterprise_linux:7::computenode
49 ····*·cpe:/o:redhat:enterprise_linux:7::server49 ····*·cpe:/o:redhat:enterprise_linux:7::server
50 ····*·cpe:/o:redhat:enterprise_linux:7::workstation50 ····*·cpe:/o:redhat:enterprise_linux:7::workstation
51 ····*·cpe:/o:redhat:enterprise_linux:751 ····*·cpe:/o:redhat:enterprise_linux:7
52 *****·Revision·History·*****52 *****·Revision·History·*****
53 Current·version:·0.1.6553 Current·version:·0.1.65
54 ····*·draft·(as·of·2024-01-14)54 ····*·draft·(as·of·2025-02-15)
55 *****·Table·of·Contents·*****55 *****·Table·of·Contents·*****
56 ···1.·System_Settings56 ···1.·System_Settings
57 ·········1.·Installing_and_Maintaining_Software57 ·········1.·Installing_and_Maintaining_Software
58 ·········2.·Account_and_Access_Control58 ·········2.·Account_and_Access_Control
59 ·········3.·System_Accounting_with_auditd59 ·········3.·System_Accounting_with_auditd
60 ·········4.·GRUB2_bootloader_configuration60 ·········4.·GRUB2_bootloader_configuration
61 ·········5.·Configure_Syslog61 ·········5.·Configure_Syslog
Offset 7975, 16 lines modifiedOffset 7975, 16 lines modified
7975 ······line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x7975 ······line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x
7976 ········-F·auid>=1000·-F·auid!=unset·-F·key=privileged7976 ········-F·auid>=1000·-F·auid!=unset·-F·key=privileged
7977 ······create:·true7977 ······create:·true
7978 ······mode:·o-rwx7978 ······mode:·o-rwx
7979 ······state:·present7979 ······state:·present
7980 ····when:·syscalls_found·|·length·==·07980 ····when:·syscalls_found·|·length·==·0
7981 ··when:7981 ··when:
7982 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
7983 ··-·'"audit"·in·ansible_facts.packages'7982 ··-·'"audit"·in·ansible_facts.packages'
 7983 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7984 ··tags:7984 ··tags:
7985 ··-·CCE-80401-37985 ··-·CCE-80401-3
7986 ··-·DISA-STIG-RHEL-07-0306907986 ··-·DISA-STIG-RHEL-07-030690
7987 ··-·NIST-800-171-3.1.77987 ··-·NIST-800-171-3.1.7
7988 ··-·NIST-800-53-AC-6(9)7988 ··-·NIST-800-53-AC-6(9)
7989 ··-·NIST-800-53-AU-12(c)7989 ··-·NIST-800-53-AU-12(c)
7990 ··-·NIST-800-53-AU-2(d)7990 ··-·NIST-800-53-AU-2(d)
Offset 7993, 15 lines modifiedOffset 7993, 15 lines modified
7993 ··-·low_complexity7993 ··-·low_complexity
7994 ··-·low_disruption7994 ··-·low_disruption
7995 ··-·medium_severity7995 ··-·medium_severity
7996 ··-·no_reboot_needed7996 ··-·no_reboot_needed
7997 ··-·restrict_strategy7997 ··-·restrict_strategy
7998 Remediation_Shell_script_⇲7998 Remediation_Shell_script_⇲
7999 #·Remediation·is·applicable·only·in·certain·platforms7999 #·Remediation·is·applicable·only·in·certain·platforms
8000 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then8000 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
8001 ACTION_ARCH_FILTERS="-a·always,exit"8001 ACTION_ARCH_FILTERS="-a·always,exit"
8002 OTHER_FILTERS="-F·path=/usr/bin/sudo·-F·perm=x"8002 OTHER_FILTERS="-F·path=/usr/bin/sudo·-F·perm=x"
8003 AUID_FILTERS="-F·auid>=1000·-F·auid!=unset"8003 AUID_FILTERS="-F·auid>=1000·-F·auid!=unset"
8004 SYSCALL=""8004 SYSCALL=""
8005 KEY="privileged"8005 KEY="privileged"
8006 SYSCALL_GROUPING=""8006 SYSCALL_GROUPING=""
7.04 KB
./usr/share/doc/ssg-nondebian/ssg-rhel7-guide-anssi_nt28_high.html
    
Offset 14358, 15 lines modifiedOffset 14358, 15 lines modified
00038150:·7374·6f72·793c·2f68·323e·3c70·3e43·7572··story</h2><p>Cur00038150:·7374·6f72·793c·2f68·323e·3c70·3e43·7572··story</h2><p>Cur
00038160:·7265·6e74·2076·6572·7369·6f6e·3a20·3c73··rent·version:·<s00038160:·7265·6e74·2076·6572·7369·6f6e·3a20·3c73··rent·version:·<s
00038170:·7472·6f6e·673e·302e·312e·3635·3c2f·7374··trong>0.1.65</st00038170:·7472·6f6e·673e·302e·312e·3635·3c2f·7374··trong>0.1.65</st
00038180:·726f·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69··rong></p><ul><li00038180:·726f·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69··rong></p><ul><li
00038190:·3e3c·7374·726f·6e67·3e64·7261·6674·3c2f··><strong>draft</00038190:·3e3c·7374·726f·6e67·3e64·7261·6674·3c2f··><strong>draft</
000381a0:·7374·726f·6e67·3e0a·2020·2020·2020·2020··strong>.········000381a0:·7374·726f·6e67·3e0a·2020·2020·2020·2020··strong>.········
000381b0:·2020·2020·2020·2020·2020·2020·2861·7320··············(as·000381b0:·2020·2020·2020·2020·2020·2020·2861·7320··············(as·
000381c0:·6f66·2032·3032·342d·3031·2d31·3429·0a20··of·2024-01-14).·000381c0:·6f66·2032·3032·352d·3032·2d31·3529·0a20··of·2025-02-15).·
000381d0:·2020·2020·2020·2020·2020·2020·2020·203c·················<000381d0:·2020·2020·2020·2020·2020·2020·2020·203c·················<
000381e0:·2f6c·693e·3c2f·756c·3e3c·2f64·6976·3e3c··/li></ul></div><000381e0:·2f6c·693e·3c2f·756c·3e3c·2f64·6976·3e3c··/li></ul></div><
000381f0:·6832·3e54·6162·6c65·206f·6620·436f·6e74··h2>Table·of·Cont000381f0:·6832·3e54·6162·6c65·206f·6620·436f·6e74··h2>Table·of·Cont
00038200:·656e·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69··ents</h2><ol><li00038200:·656e·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69··ents</h2><ol><li
00038210:·3e3c·6120·6872·6566·3d22·2378·6363·6466··><a·href="#xccdf00038210:·3e3c·6120·6872·6566·3d22·2378·6363·6466··><a·href="#xccdf
00038220:·5f6f·7267·2e73·7367·7072·6f6a·6563·742e··_org.ssgproject.00038220:·5f6f·7267·2e73·7367·7072·6f6a·6563·742e··_org.ssgproject.
00038230:·636f·6e74·656e·745f·6772·6f75·705f·7379··content_group_sy00038230:·636f·6e74·656e·745f·6772·6f75·705f·7379··content_group_sy
Offset 57166, 23 lines modifiedOffset 57166, 23 lines modified
000df4d0:·3d70·7269·7669·6c65·6765·640a·2020·2020··=privileged.····000df4d0:·3d70·7269·7669·6c65·6765·640a·2020·2020··=privileged.····
000df4e0:·2020·6372·6561·7465·3a20·7472·7565·0a20····create:·true.·000df4e0:·2020·6372·6561·7465·3a20·7472·7565·0a20····create:·true.·
000df4f0:·2020·2020·206d·6f64·653a·206f·2d72·7778·······mode:·o-rwx000df4f0:·2020·2020·206d·6f64·653a·206f·2d72·7778·······mode:·o-rwx
000df500:·0a20·2020·2020·2073·7461·7465·3a20·7072··.······state:·pr000df500:·0a20·2020·2020·2073·7461·7465·3a20·7072··.······state:·pr
000df510:·6573·656e·740a·2020·2020·7768·656e·3a20··esent.····when:·000df510:·6573·656e·740a·2020·2020·7768·656e·3a20··esent.····when:·
000df520:·7379·7363·616c·6c73·5f66·6f75·6e64·207c··syscalls_found·|000df520:·7379·7363·616c·6c73·5f66·6f75·6e64·207c··syscalls_found·|
000df530:·206c·656e·6774·6820·3d3d·2030·0a20·2077···length·==·0.··w000df530:·206c·656e·6774·6820·3d3d·2030·0a20·2077···length·==·0.··w
000df540:·6865·6e3a·0a20·202d·2061·6e73·6962·6c65··hen:.··-·ansible000df540:·6865·6e3a·0a20·202d·2027·2261·7564·6974··hen:.··-·'"audit
000df550:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_ 
000df560:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do 
000df570:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o 
000df580:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman" 
000df590:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].· 
000df5a0:·202d·2027·2261·7564·6974·2220·696e·2061···-·'"audit"·in·a 
000df5b0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac000df550:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
 000df560:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-
 000df570:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
 000df580:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
 000df590:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
 000df5a0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
 000df5b0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
000df5c0:·6b61·6765·7327·0a20·2074·6167·733a·0a20··kages'.··tags:.·000df5c0:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·
000df5d0:·202d·2043·4345·2d38·3034·3031·2d33·0a20···-·CCE-80401-3.·000df5d0:·202d·2043·4345·2d38·3034·3031·2d33·0a20···-·CCE-80401-3.·
000df5e0:·202d·2044·4953·412d·5354·4947·2d52·4845···-·DISA-STIG-RHE000df5e0:·202d·2044·4953·412d·5354·4947·2d52·4845···-·DISA-STIG-RHE
000df5f0:·4c2d·3037·2d30·3330·3639·300a·2020·2d20··L-07-030690.··-·000df5f0:·4c2d·3037·2d30·3330·3639·300a·2020·2d20··L-07-030690.··-·
000df600:·4e49·5354·2d38·3030·2d31·3731·2d33·2e31··NIST-800-171-3.1000df600:·4e49·5354·2d38·3030·2d31·3731·2d33·2e31··NIST-800-171-3.1
000df610:·2e37·0a20·202d·204e·4953·542d·3830·302d··.7.··-·NIST-800-000df610:·2e37·0a20·202d·204e·4953·542d·3830·302d··.7.··-·NIST-800-
000df620:·3533·2d41·432d·3628·3929·0a20·202d·204e··53-AC-6(9).··-·N000df620:·3533·2d41·432d·3628·3929·0a20·202d·204e··53-AC-6(9).··-·N
000df630:·4953·542d·3830·302d·3533·2d41·552d·3132··IST-800-53-AU-12000df630:·4953·542d·3830·302d·3533·2d41·552d·3132··IST-800-53-AU-12
Offset 57215, 20 lines modifiedOffset 57215, 20 lines modified
000df7e0:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla000df7e0:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
000df7f0:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id000df7f0:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
000df800:·3d22·6964·6d33·3631·3636·223e·3c70·7265··="idm36166"><pre000df800:·3d22·6964·6d33·3631·3636·223e·3c70·7265··="idm36166"><pre
000df810:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia000df810:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia
000df820:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab000df820:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab
000df830:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa000df830:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa
000df840:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·000df840:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·
 000df850:·7270·6d20·2d2d·7175·6965·7420·2d71·2061··rpm·--quiet·-q·a
 000df860:·7564·6974·2026·616d·703b·2661·6d70·3b20··udit·&amp;&amp;·
000df850:·5b20·2120·2d66·202f·2e64·6f63·6b65·7265··[·!·-f·/.dockere000df870:·5b20·2120·2d66·202f·2e64·6f63·6b65·7265··[·!·-f·/.dockere
000df860:·6e76·205d·2026·616d·703b·2661·6d70·3b20··nv·]·&amp;&amp;·000df880:·6e76·205d·2026·616d·703b·2661·6d70·3b20··nv·]·&amp;&amp;·
000df870:·5b20·2120·2d66·202f·7275·6e2f·2e63·6f6e··[·!·-f·/run/.con000df890:·5b20·2120·2d66·202f·7275·6e2f·2e63·6f6e··[·!·-f·/run/.con
000df880:·7461·696e·6572·656e·7620·5d20·2661·6d70··tainerenv·]·&amp000df8a0:·7461·696e·6572·656e·7620·5d3b·2074·6865··tainerenv·];·the
000df890:·3b26·616d·703b·2072·706d·202d·2d71·7569··;&amp;·rpm·--qui 
000df8a0:·6574·202d·7120·6175·6469·743b·2074·6865··et·-q·audit;·the 
000df8b0:·6e0a·0a41·4354·494f·4e5f·4152·4348·5f46··n..ACTION_ARCH_F000df8b0:·6e0a·0a41·4354·494f·4e5f·4152·4348·5f46··n..ACTION_ARCH_F
000df8c0:·494c·5445·5253·3d22·2d61·2061·6c77·6179··ILTERS="-a·alway000df8c0:·494c·5445·5253·3d22·2d61·2061·6c77·6179··ILTERS="-a·alway
000df8d0:·732c·6578·6974·220a·4f54·4845·525f·4649··s,exit".OTHER_FI000df8d0:·732c·6578·6974·220a·4f54·4845·525f·4649··s,exit".OTHER_FI
000df8e0:·4c54·4552·533d·222d·4620·7061·7468·3d2f··LTERS="-F·path=/000df8e0:·4c54·4552·533d·222d·4620·7061·7468·3d2f··LTERS="-F·path=/
000df8f0:·7573·722f·6269·6e2f·7375·646f·202d·4620··usr/bin/sudo·-F·000df8f0:·7573·722f·6269·6e2f·7375·646f·202d·4620··usr/bin/sudo·-F·
000df900:·7065·726d·3d78·220a·4155·4944·5f46·494c··perm=x".AUID_FIL000df900:·7065·726d·3d78·220a·4155·4944·5f46·494c··perm=x".AUID_FIL
000df910:·5445·5253·3d22·2d46·2061·7569·6426·6774··TERS="-F·auid&gt000df910:·5445·5253·3d22·2d46·2061·7569·6426·6774··TERS="-F·auid&gt
1.85 KB
html2text {}
    
Offset 47, 15 lines modifiedOffset 47, 15 lines modified
47 ····*·cpe:/o:redhat:enterprise_linux:7::client47 ····*·cpe:/o:redhat:enterprise_linux:7::client
48 ····*·cpe:/o:redhat:enterprise_linux:7::computenode48 ····*·cpe:/o:redhat:enterprise_linux:7::computenode
49 ····*·cpe:/o:redhat:enterprise_linux:7::server49 ····*·cpe:/o:redhat:enterprise_linux:7::server
50 ····*·cpe:/o:redhat:enterprise_linux:7::workstation50 ····*·cpe:/o:redhat:enterprise_linux:7::workstation
51 ····*·cpe:/o:redhat:enterprise_linux:751 ····*·cpe:/o:redhat:enterprise_linux:7
52 *****·Revision·History·*****52 *****·Revision·History·*****
53 Current·version:·0.1.6553 Current·version:·0.1.65
54 ····*·draft·(as·of·2024-01-14)54 ····*·draft·(as·of·2025-02-15)
55 *****·Table·of·Contents·*****55 *****·Table·of·Contents·*****
56 ···1.·System_Settings56 ···1.·System_Settings
57 ·········1.·Installing_and_Maintaining_Software57 ·········1.·Installing_and_Maintaining_Software
58 ·········2.·Account_and_Access_Control58 ·········2.·Account_and_Access_Control
59 ·········3.·System_Accounting_with_auditd59 ·········3.·System_Accounting_with_auditd
60 ·········4.·GRUB2_bootloader_configuration60 ·········4.·GRUB2_bootloader_configuration
61 ·········5.·Configure_Syslog61 ·········5.·Configure_Syslog
Offset 8293, 16 lines modifiedOffset 8293, 16 lines modified
8293 ······line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x8293 ······line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x
8294 ········-F·auid>=1000·-F·auid!=unset·-F·key=privileged8294 ········-F·auid>=1000·-F·auid!=unset·-F·key=privileged
8295 ······create:·true8295 ······create:·true
8296 ······mode:·o-rwx8296 ······mode:·o-rwx
8297 ······state:·present8297 ······state:·present
8298 ····when:·syscalls_found·|·length·==·08298 ····when:·syscalls_found·|·length·==·0
8299 ··when:8299 ··when:
8300 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
8301 ··-·'"audit"·in·ansible_facts.packages'8300 ··-·'"audit"·in·ansible_facts.packages'
 8301 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8302 ··tags:8302 ··tags:
8303 ··-·CCE-80401-38303 ··-·CCE-80401-3
8304 ··-·DISA-STIG-RHEL-07-0306908304 ··-·DISA-STIG-RHEL-07-030690
8305 ··-·NIST-800-171-3.1.78305 ··-·NIST-800-171-3.1.7
8306 ··-·NIST-800-53-AC-6(9)8306 ··-·NIST-800-53-AC-6(9)
8307 ··-·NIST-800-53-AU-12(c)8307 ··-·NIST-800-53-AU-12(c)
8308 ··-·NIST-800-53-AU-2(d)8308 ··-·NIST-800-53-AU-2(d)
Offset 8311, 15 lines modifiedOffset 8311, 15 lines modified
8311 ··-·low_complexity8311 ··-·low_complexity
8312 ··-·low_disruption8312 ··-·low_disruption
8313 ··-·medium_severity8313 ··-·medium_severity
8314 ··-·no_reboot_needed8314 ··-·no_reboot_needed
8315 ··-·restrict_strategy8315 ··-·restrict_strategy
8316 Remediation_Shell_script_⇲8316 Remediation_Shell_script_⇲
8317 #·Remediation·is·applicable·only·in·certain·platforms8317 #·Remediation·is·applicable·only·in·certain·platforms
8318 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then8318 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
8319 ACTION_ARCH_FILTERS="-a·always,exit"8319 ACTION_ARCH_FILTERS="-a·always,exit"
8320 OTHER_FILTERS="-F·path=/usr/bin/sudo·-F·perm=x"8320 OTHER_FILTERS="-F·path=/usr/bin/sudo·-F·perm=x"
8321 AUID_FILTERS="-F·auid>=1000·-F·auid!=unset"8321 AUID_FILTERS="-F·auid>=1000·-F·auid!=unset"
8322 SYSCALL=""8322 SYSCALL=""
8323 KEY="privileged"8323 KEY="privileged"
8324 SYSCALL_GROUPING=""8324 SYSCALL_GROUPING=""
7.06 KB
./usr/share/doc/ssg-nondebian/ssg-rhel7-guide-anssi_nt28_intermediary.html
    
Offset 14360, 15 lines modifiedOffset 14360, 15 lines modified
00038170:·7374·6f72·793c·2f68·323e·3c70·3e43·7572··story</h2><p>Cur00038170:·7374·6f72·793c·2f68·323e·3c70·3e43·7572··story</h2><p>Cur
00038180:·7265·6e74·2076·6572·7369·6f6e·3a20·3c73··rent·version:·<s00038180:·7265·6e74·2076·6572·7369·6f6e·3a20·3c73··rent·version:·<s
00038190:·7472·6f6e·673e·302e·312e·3635·3c2f·7374··trong>0.1.65</st00038190:·7472·6f6e·673e·302e·312e·3635·3c2f·7374··trong>0.1.65</st
000381a0:·726f·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69··rong></p><ul><li000381a0:·726f·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69··rong></p><ul><li
000381b0:·3e3c·7374·726f·6e67·3e64·7261·6674·3c2f··><strong>draft</000381b0:·3e3c·7374·726f·6e67·3e64·7261·6674·3c2f··><strong>draft</
000381c0:·7374·726f·6e67·3e0a·2020·2020·2020·2020··strong>.········000381c0:·7374·726f·6e67·3e0a·2020·2020·2020·2020··strong>.········
000381d0:·2020·2020·2020·2020·2020·2020·2861·7320··············(as·000381d0:·2020·2020·2020·2020·2020·2020·2861·7320··············(as·
000381e0:·6f66·2032·3032·342d·3031·2d31·3429·0a20··of·2024-01-14).·000381e0:·6f66·2032·3032·352d·3032·2d31·3529·0a20··of·2025-02-15).·
000381f0:·2020·2020·2020·2020·2020·2020·2020·203c·················<000381f0:·2020·2020·2020·2020·2020·2020·2020·203c·················<
00038200:·2f6c·693e·3c2f·756c·3e3c·2f64·6976·3e3c··/li></ul></div><00038200:·2f6c·693e·3c2f·756c·3e3c·2f64·6976·3e3c··/li></ul></div><
00038210:·6832·3e54·6162·6c65·206f·6620·436f·6e74··h2>Table·of·Cont00038210:·6832·3e54·6162·6c65·206f·6620·436f·6e74··h2>Table·of·Cont
00038220:·656e·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69··ents</h2><ol><li00038220:·656e·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69··ents</h2><ol><li
00038230:·3e3c·6120·6872·6566·3d22·2378·6363·6466··><a·href="#xccdf00038230:·3e3c·6120·6872·6566·3d22·2378·6363·6466··><a·href="#xccdf
00038240:·5f6f·7267·2e73·7367·7072·6f6a·6563·742e··_org.ssgproject.00038240:·5f6f·7267·2e73·7367·7072·6f6a·6563·742e··_org.ssgproject.
00038250:·636f·6e74·656e·745f·6772·6f75·705f·7379··content_group_sy00038250:·636f·6e74·656e·745f·6772·6f75·705f·7379··content_group_sy
Offset 52514, 23 lines modifiedOffset 52514, 23 lines modified
000cd210:·6579·3d70·7269·7669·6c65·6765·640a·2020··ey=privileged.··000cd210:·6579·3d70·7269·7669·6c65·6765·640a·2020··ey=privileged.··
000cd220:·2020·2020·6372·6561·7465·3a20·7472·7565······create:·true000cd220:·2020·2020·6372·6561·7465·3a20·7472·7565······create:·true
000cd230:·0a20·2020·2020·206d·6f64·653a·206f·2d72··.······mode:·o-r000cd230:·0a20·2020·2020·206d·6f64·653a·206f·2d72··.······mode:·o-r
000cd240:·7778·0a20·2020·2020·2073·7461·7465·3a20··wx.······state:·000cd240:·7778·0a20·2020·2020·2073·7461·7465·3a20··wx.······state:·
000cd250:·7072·6573·656e·740a·2020·2020·7768·656e··present.····when000cd250:·7072·6573·656e·740a·2020·2020·7768·656e··present.····when
000cd260:·3a20·7379·7363·616c·6c73·5f66·6f75·6e64··:·syscalls_found000cd260:·3a20·7379·7363·616c·6c73·5f66·6f75·6e64··:·syscalls_found
000cd270:·207c·206c·656e·6774·6820·3d3d·2030·0a20···|·length·==·0.·000cd270:·207c·206c·656e·6774·6820·3d3d·2030·0a20···|·length·==·0.·
000cd280:·2077·6865·6e3a·0a20·202d·2061·6e73·6962···when:.··-·ansib000cd280:·2077·6865·6e3a·0a20·202d·2027·2261·7564···when:.··-·'"aud
000cd290:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio 
000cd2a0:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·[" 
000cd2b0:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",· 
000cd2c0:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma 
000cd2d0:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"] 
000cd2e0:·0a20·202d·2027·2261·7564·6974·2220·696e··.··-·'"audit"·in 
000cd2f0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
000cd300:·6163·6b61·6765·7327·0a20·2074·6167·733a··ackages'.··tags:000cd290:·6974·2220·696e·2061·6e73·6962·6c65·5f66··it"·in·ansible_f
 000cd2a0:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
 000cd2b0:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu
 000cd2c0:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n
 000cd2d0:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",
 000cd2e0:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"
 000cd2f0:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con
 000cd300:·7461·696e·6572·225d·0a20·2074·6167·733a··tainer"].··tags:
000cd310:·0a20·202d·2043·4345·2d38·3034·3031·2d33··.··-·CCE-80401-3000cd310:·0a20·202d·2043·4345·2d38·3034·3031·2d33··.··-·CCE-80401-3
000cd320:·0a20·202d·2044·4953·412d·5354·4947·2d52··.··-·DISA-STIG-R000cd320:·0a20·202d·2044·4953·412d·5354·4947·2d52··.··-·DISA-STIG-R
000cd330:·4845·4c2d·3037·2d30·3330·3639·300a·2020··HEL-07-030690.··000cd330:·4845·4c2d·3037·2d30·3330·3639·300a·2020··HEL-07-030690.··
000cd340:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-3000cd340:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-3
000cd350:·2e31·2e37·0a20·202d·204e·4953·542d·3830··.1.7.··-·NIST-80000cd350:·2e31·2e37·0a20·202d·204e·4953·542d·3830··.1.7.··-·NIST-80
000cd360:·302d·3533·2d41·432d·3628·3929·0a20·202d··0-53-AC-6(9).··-000cd360:·302d·3533·2d41·432d·3628·3929·0a20·202d··0-53-AC-6(9).··-
000cd370:·204e·4953·542d·3830·302d·3533·2d41·552d···NIST-800-53-AU-000cd370:·204e·4953·542d·3830·302d·3533·2d41·552d···NIST-800-53-AU-
Offset 52563, 20 lines modifiedOffset 52563, 20 lines modified
000cd520:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col000cd520:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col
000cd530:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·000cd530:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·
000cd540:·6964·3d22·6964·6d33·3631·3636·223e·3c70··id="idm36166"><p000cd540:·6964·3d22·6964·6d33·3631·3636·223e·3c70··id="idm36166"><p
000cd550:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed000cd550:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed
000cd560:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic000cd560:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic
000cd570:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer000cd570:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer
000cd580:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i000cd580:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i
 000cd590:·6620·7270·6d20·2d2d·7175·6965·7420·2d71··f·rpm·--quiet·-q
 000cd5a0:·2061·7564·6974·2026·616d·703b·2661·6d70···audit·&amp;&amp
000cd590:·6620·5b20·2120·2d66·202f·2e64·6f63·6b65··f·[·!·-f·/.docke000cd5b0:·3b20·5b20·2120·2d66·202f·2e64·6f63·6b65··;·[·!·-f·/.docke
000cd5a0:·7265·6e76·205d·2026·616d·703b·2661·6d70··renv·]·&amp;&amp000cd5c0:·7265·6e76·205d·2026·616d·703b·2661·6d70··renv·]·&amp;&amp
000cd5b0:·3b20·5b20·2120·2d66·202f·7275·6e2f·2e63··;·[·!·-f·/run/.c000cd5d0:·3b20·5b20·2120·2d66·202f·7275·6e2f·2e63··;·[·!·-f·/run/.c
000cd5c0:·6f6e·7461·696e·6572·656e·7620·5d20·2661··ontainerenv·]·&a000cd5e0:·6f6e·7461·696e·6572·656e·7620·5d3b·2074··ontainerenv·];·t
000cd5d0:·6d70·3b26·616d·703b·2072·706d·202d·2d71··mp;&amp;·rpm·--q 
000cd5e0:·7569·6574·202d·7120·6175·6469·743b·2074··uiet·-q·audit;·t 
000cd5f0:·6865·6e0a·0a41·4354·494f·4e5f·4152·4348··hen..ACTION_ARCH000cd5f0:·6865·6e0a·0a41·4354·494f·4e5f·4152·4348··hen..ACTION_ARCH
000cd600:·5f46·494c·5445·5253·3d22·2d61·2061·6c77··_FILTERS="-a·alw000cd600:·5f46·494c·5445·5253·3d22·2d61·2061·6c77··_FILTERS="-a·alw
000cd610:·6179·732c·6578·6974·220a·4f54·4845·525f··ays,exit".OTHER_000cd610:·6179·732c·6578·6974·220a·4f54·4845·525f··ays,exit".OTHER_
000cd620:·4649·4c54·4552·533d·222d·4620·7061·7468··FILTERS="-F·path000cd620:·4649·4c54·4552·533d·222d·4620·7061·7468··FILTERS="-F·path
000cd630:·3d2f·7573·722f·6269·6e2f·7375·646f·202d··=/usr/bin/sudo·-000cd630:·3d2f·7573·722f·6269·6e2f·7375·646f·202d··=/usr/bin/sudo·-
000cd640:·4620·7065·726d·3d78·220a·4155·4944·5f46··F·perm=x".AUID_F000cd640:·4620·7065·726d·3d78·220a·4155·4944·5f46··F·perm=x".AUID_F
000cd650:·494c·5445·5253·3d22·2d46·2061·7569·6426··ILTERS="-F·auid&000cd650:·494c·5445·5253·3d22·2d46·2061·7569·6426··ILTERS="-F·auid&
1.85 KB
html2text {}
    
Offset 47, 15 lines modifiedOffset 47, 15 lines modified
47 ····*·cpe:/o:redhat:enterprise_linux:7::client47 ····*·cpe:/o:redhat:enterprise_linux:7::client
48 ····*·cpe:/o:redhat:enterprise_linux:7::computenode48 ····*·cpe:/o:redhat:enterprise_linux:7::computenode
49 ····*·cpe:/o:redhat:enterprise_linux:7::server49 ····*·cpe:/o:redhat:enterprise_linux:7::server
50 ····*·cpe:/o:redhat:enterprise_linux:7::workstation50 ····*·cpe:/o:redhat:enterprise_linux:7::workstation
51 ····*·cpe:/o:redhat:enterprise_linux:751 ····*·cpe:/o:redhat:enterprise_linux:7
52 *****·Revision·History·*****52 *****·Revision·History·*****
53 Current·version:·0.1.6553 Current·version:·0.1.65
54 ····*·draft·(as·of·2024-01-14)54 ····*·draft·(as·of·2025-02-15)
55 *****·Table·of·Contents·*****55 *****·Table·of·Contents·*****
56 ···1.·System_Settings56 ···1.·System_Settings
57 ·········1.·Installing_and_Maintaining_Software57 ·········1.·Installing_and_Maintaining_Software
58 ·········2.·Account_and_Access_Control58 ·········2.·Account_and_Access_Control
59 ·········3.·System_Accounting_with_auditd59 ·········3.·System_Accounting_with_auditd
60 ·········4.·Configure_Syslog60 ·········4.·Configure_Syslog
61 ·········5.·Network_Configuration_and_Firewalls61 ·········5.·Network_Configuration_and_Firewalls
Offset 7549, 16 lines modifiedOffset 7549, 16 lines modified
7549 ······line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x7549 ······line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x
7550 ········-F·auid>=1000·-F·auid!=unset·-F·key=privileged7550 ········-F·auid>=1000·-F·auid!=unset·-F·key=privileged
7551 ······create:·true7551 ······create:·true
7552 ······mode:·o-rwx7552 ······mode:·o-rwx
7553 ······state:·present7553 ······state:·present
7554 ····when:·syscalls_found·|·length·==·07554 ····when:·syscalls_found·|·length·==·0
7555 ··when:7555 ··when:
7556 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
7557 ··-·'"audit"·in·ansible_facts.packages'7556 ··-·'"audit"·in·ansible_facts.packages'
 7557 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7558 ··tags:7558 ··tags:
7559 ··-·CCE-80401-37559 ··-·CCE-80401-3
7560 ··-·DISA-STIG-RHEL-07-0306907560 ··-·DISA-STIG-RHEL-07-030690
7561 ··-·NIST-800-171-3.1.77561 ··-·NIST-800-171-3.1.7
7562 ··-·NIST-800-53-AC-6(9)7562 ··-·NIST-800-53-AC-6(9)
7563 ··-·NIST-800-53-AU-12(c)7563 ··-·NIST-800-53-AU-12(c)
7564 ··-·NIST-800-53-AU-2(d)7564 ··-·NIST-800-53-AU-2(d)
Offset 7567, 15 lines modifiedOffset 7567, 15 lines modified
7567 ··-·low_complexity7567 ··-·low_complexity
7568 ··-·low_disruption7568 ··-·low_disruption
7569 ··-·medium_severity7569 ··-·medium_severity
7570 ··-·no_reboot_needed7570 ··-·no_reboot_needed
7571 ··-·restrict_strategy7571 ··-·restrict_strategy
7572 Remediation_Shell_script_⇲7572 Remediation_Shell_script_⇲
7573 #·Remediation·is·applicable·only·in·certain·platforms7573 #·Remediation·is·applicable·only·in·certain·platforms
7574 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then7574 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
7575 ACTION_ARCH_FILTERS="-a·always,exit"7575 ACTION_ARCH_FILTERS="-a·always,exit"
7576 OTHER_FILTERS="-F·path=/usr/bin/sudo·-F·perm=x"7576 OTHER_FILTERS="-F·path=/usr/bin/sudo·-F·perm=x"
7577 AUID_FILTERS="-F·auid>=1000·-F·auid!=unset"7577 AUID_FILTERS="-F·auid>=1000·-F·auid!=unset"
7578 SYSCALL=""7578 SYSCALL=""
7579 KEY="privileged"7579 KEY="privileged"
7580 SYSCALL_GROUPING=""7580 SYSCALL_GROUPING=""
1.86 KB
./usr/share/doc/ssg-nondebian/ssg-rhel7-guide-anssi_nt28_minimal.html
    
Offset 14359, 15 lines modifiedOffset 14359, 15 lines modified
00038160:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current00038160:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current
00038170:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron00038170:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron
00038180:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong00038180:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong
00038190:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st00038190:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st
000381a0:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro000381a0:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro
000381b0:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············000381b0:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············
000381c0:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·2000381c0:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·2
000381d0:·3032·342d·3031·2d31·3429·0a20·2020·2020··024-01-14).·····000381d0:·3032·352d·3032·2d31·3529·0a20·2020·2020··025-02-15).·····
000381e0:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>000381e0:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>
000381f0:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T000381f0:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T
00038200:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents00038200:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents
00038210:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·00038210:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·
00038220:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org00038220:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org
00038230:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont00038230:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont
00038240:·656e·745f·6772·6f75·705f·7379·7374·656d··ent_group_system00038240:·656e·745f·6772·6f75·705f·7379·7374·656d··ent_group_system
634 B
html2text {}
    
Offset 47, 15 lines modifiedOffset 47, 15 lines modified
47 ····*·cpe:/o:redhat:enterprise_linux:7::client47 ····*·cpe:/o:redhat:enterprise_linux:7::client
48 ····*·cpe:/o:redhat:enterprise_linux:7::computenode48 ····*·cpe:/o:redhat:enterprise_linux:7::computenode
49 ····*·cpe:/o:redhat:enterprise_linux:7::server49 ····*·cpe:/o:redhat:enterprise_linux:7::server
50 ····*·cpe:/o:redhat:enterprise_linux:7::workstation50 ····*·cpe:/o:redhat:enterprise_linux:7::workstation
51 ····*·cpe:/o:redhat:enterprise_linux:751 ····*·cpe:/o:redhat:enterprise_linux:7
52 *****·Revision·History·*****52 *****·Revision·History·*****
53 Current·version:·0.1.6553 Current·version:·0.1.65
54 ····*·draft·(as·of·2024-01-14)54 ····*·draft·(as·of·2025-02-15)
55 *****·Table·of·Contents·*****55 *****·Table·of·Contents·*****
56 ···1.·System_Settings56 ···1.·System_Settings
57 ·········1.·Installing_and_Maintaining_Software57 ·········1.·Installing_and_Maintaining_Software
58 ·········2.·Account_and_Access_Control58 ·········2.·Account_and_Access_Control
59 ·········3.·Configure_Syslog59 ·········3.·Configure_Syslog
60 ·········4.·File_Permissions_and_Masks60 ·········4.·File_Permissions_and_Masks
61 ···2.·Services61 ···2.·Services
912 KB
./usr/share/doc/ssg-nondebian/ssg-rhel7-guide-cis.html
    
Offset 14352, 15 lines modifiedOffset 14352, 15 lines modified
000380f0:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current000380f0:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current
00038100:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron00038100:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron
00038110:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong00038110:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong
00038120:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st00038120:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st
00038130:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro00038130:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro
00038140:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············00038140:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············
00038150:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·200038150:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·2
00038160:·3032·342d·3031·2d31·3429·0a20·2020·2020··024-01-14).·····00038160:·3032·352d·3032·2d31·3529·0a20·2020·2020··025-02-15).·····
00038170:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>00038170:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>
00038180:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T00038180:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T
00038190:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents00038190:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents
000381a0:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·000381a0:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·
000381b0:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org000381b0:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org
000381c0:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont000381c0:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont
000381d0:·656e·745f·6772·6f75·705f·7379·7374·656d··ent_group_system000381d0:·656e·745f·6772·6f75·705f·7379·7374·656d··ent_group_system
Offset 51619, 23 lines modifiedOffset 51619, 23 lines modified
000c9a20:·6571·7569·7265·640a·2020·2d20·7265·7374··equired.··-·rest000c9a20:·6571·7569·7265·640a·2020·2d20·7265·7374··equired.··-·rest
000c9a30:·7269·6374·5f73·7472·6174·6567·790a·0a2d··rict_strategy..-000c9a30:·7269·6374·5f73·7472·6174·6567·790a·0a2d··rict_strategy..-
000c9a40:·206e·616d·653a·2053·6574·2061·7263·6869···name:·Set·archi000c9a40:·206e·616d·653a·2053·6574·2061·7263·6869···name:·Set·archi
000c9a50:·7465·6374·7572·6520·666f·7220·6175·6469··tecture·for·audi000c9a50:·7465·6374·7572·6520·666f·7220·6175·6469··tecture·for·audi
000c9a60:·7420·6368·6d6f·6420·7461·736b·730a·2020··t·chmod·tasks.··000c9a60:·7420·6368·6d6f·6420·7461·736b·730a·2020··t·chmod·tasks.··
000c9a70:·7365·745f·6661·6374·3a0a·2020·2020·6175··set_fact:.····au000c9a70:·7365·745f·6661·6374·3a0a·2020·2020·6175··set_fact:.····au
000c9a80:·6469·745f·6172·6368·3a20·6236·340a·2020··dit_arch:·b64.··000c9a80:·6469·745f·6172·6368·3a20·6236·340a·2020··dit_arch:·b64.··
000c9a90:·7768·656e·3a0a·2020·2d20·616e·7369·626c··when:.··-·ansibl000c9a90:·7768·656e·3a0a·2020·2d20·2722·6175·6469··when:.··-·'"audi
000c9aa0:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization 
000c9ab0:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d 
000c9ac0:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·" 
000c9ad0:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman 
000c9ae0:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"]. 
000c9af0:·2020·2d20·2722·6175·6469·7422·2069·6e20····-·'"audit"·in· 
000c9b00:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa000c9aa0:·7422·2069·6e20·616e·7369·626c·655f·6661··t"·in·ansible_fa
 000c9ab0:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
 000c9ac0:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
 000c9ad0:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
 000c9ae0:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
 000c9af0:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
 000c9b00:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
000c9b10:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi000c9b10:·6169·6e65·7222·5d0a·2020·2d20·616e·7369··ainer"].··-·ansi
000c9b20:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture000c9b20:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture
000c9b30:·203d·3d20·2261·6172·6368·3634·2220·6f72···==·"aarch64"·or000c9b30:·203d·3d20·2261·6172·6368·3634·2220·6f72···==·"aarch64"·or
000c9b40:·2061·6e73·6962·6c65·5f61·7263·6869·7465···ansible_archite000c9b40:·2061·6e73·6962·6c65·5f61·7263·6869·7465···ansible_archite
000c9b50:·6374·7572·6520·3d3d·2022·7070·6336·3422··cture·==·"ppc64"000c9b50:·6374·7572·6520·3d3d·2022·7070·6336·3422··cture·==·"ppc64"
000c9b60:·206f·7220·616e·7369·626c·655f·6172·6368···or·ansible_arch000c9b60:·206f·7220·616e·7369·626c·655f·6172·6368···or·ansible_arch
000c9b70:·6974·6563·7475·7265·0a20·2020·203d·3d20··itecture.····==·000c9b70:·6974·6563·7475·7265·0a20·2020·203d·3d20··itecture.····==·
000c9b80:·2270·7063·3634·6c65·2220·6f72·2061·6e73··"ppc64le"·or·ans000c9b80:·2270·7063·3634·6c65·2220·6f72·2061·6e73··"ppc64le"·or·ans
Offset 51943, 23 lines modifiedOffset 51943, 23 lines modified
000cae60:·2d46·206b·6579·3d70·6572·6d5f·6d6f·640a··-F·key=perm_mod.000cae60:·2d46·206b·6579·3d70·6572·6d5f·6d6f·640a··-F·key=perm_mod.
000cae70:·2020·2020·2020·6372·6561·7465·3a20·7472········create:·tr000cae70:·2020·2020·2020·6372·6561·7465·3a20·7472········create:·tr
000cae80:·7565·0a20·2020·2020·206d·6f64·653a·206f··ue.······mode:·o000cae80:·7565·0a20·2020·2020·206d·6f64·653a·206f··ue.······mode:·o
000cae90:·2d72·7778·0a20·2020·2020·2073·7461·7465··-rwx.······state000cae90:·2d72·7778·0a20·2020·2020·2073·7461·7465··-rwx.······state
000caea0:·3a20·7072·6573·656e·740a·2020·2020·7768··:·present.····wh000caea0:·3a20·7072·6573·656e·740a·2020·2020·7768··:·present.····wh
000caeb0:·656e·3a20·7379·7363·616c·6c73·5f66·6f75··en:·syscalls_fou000caeb0:·656e·3a20·7379·7363·616c·6c73·5f66·6f75··en:·syscalls_fou
000caec0:·6e64·207c·206c·656e·6774·6820·3d3d·2030··nd·|·length·==·0000caec0:·6e64·207c·206c·656e·6774·6820·3d3d·2030··nd·|·length·==·0
000caed0:·0a20·2077·6865·6e3a·0a20·202d·2061·6e73··.··when:.··-·ans000caed0:·0a20·2077·6865·6e3a·0a20·202d·2027·2261··.··when:.··-·'"a
000caee0:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat 
000caef0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in· 
000caf00:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc" 
000caf10:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod 
000caf20:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container 
000caf30:·225d·0a20·202d·2027·2261·7564·6974·2220··"].··-·'"audit"· 
000caf40:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
000caf50:·2e70·6163·6b61·6765·7327·0a20·2074·6167··.packages'.··tag000caee0:·7564·6974·2220·696e·2061·6e73·6962·6c65··udit"·in·ansible
 000caef0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 000caf00:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
 000caf10:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
 000caf20:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
 000caf30:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
 000caf40:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
 000caf50:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag
000caf60:·733a·0a20·202d·2043·4345·2d32·3733·3339··s:.··-·CCE-27339000caf60:·733a·0a20·202d·2043·4345·2d32·3733·3339··s:.··-·CCE-27339
000caf70:·2d31·0a20·202d·2043·4a49·532d·352e·342e··-1.··-·CJIS-5.4.000caf70:·2d31·0a20·202d·2043·4a49·532d·352e·342e··-1.··-·CJIS-5.4.
000caf80:·312e·310a·2020·2d20·4449·5341·2d53·5449··1.1.··-·DISA-STI000caf80:·312e·310a·2020·2d20·4449·5341·2d53·5449··1.1.··-·DISA-STI
000caf90:·472d·5248·454c·2d30·372d·3033·3034·3130··G-RHEL-07-030410000caf90:·472d·5248·454c·2d30·372d·3033·3034·3130··G-RHEL-07-030410
000cafa0:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17000cafa0:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17
000cafb0:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST000cafb0:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST
000cafc0:·2d38·3030·2d35·332d·4155·2d31·3228·6329··-800-53-AU-12(c)000cafc0:·2d38·3030·2d35·332d·4155·2d31·3228·6329··-800-53-AU-12(c)
Offset 52256, 23 lines modifiedOffset 52256, 23 lines modified
000cc1f0:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······000cc1f0:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······
000cc200:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···000cc200:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···
000cc210:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·000cc210:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·
000cc220:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres000cc220:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres
000cc230:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy000cc230:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy
000cc240:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l000cc240:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l
000cc250:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe000cc250:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe
000cc260:·6e3a·0a20·202d·2061·6e73·6962·6c65·5f76··n:.··-·ansible_v 
000cc270:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty 
000cc280:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock 
000cc290:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope 
000cc2a0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",· 
000cc2b0:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··- 
000cc2c0:·2027·2261·7564·6974·2220·696e·2061·6e73···'"audit"·in·ans 
000cc2d0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa000cc260:·6e3a·0a20·202d·2027·2261·7564·6974·2220··n:.··-·'"audit"·
 000cc270:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 000cc280:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a
 000cc290:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
 000cc2a0:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
 000cc2b0:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
 000cc2c0:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
 000cc2d0:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
000cc2e0:·6765·7327·0a20·202d·2061·7564·6974·5f61··ges'.··-·audit_a000cc2e0:·6572·225d·0a20·202d·2061·7564·6974·5f61··er"].··-·audit_a
000cc2f0:·7263·6820·3d3d·2022·6236·3422·0a20·2074··rch·==·"b64".··t000cc2f0:·7263·6820·3d3d·2022·6236·3422·0a20·2074··rch·==·"b64".··t
000cc300:·6167·733a·0a20·202d·2043·4345·2d32·3733··ags:.··-·CCE-273000cc300:·6167·733a·0a20·202d·2043·4345·2d32·3733··ags:.··-·CCE-273
000cc310:·3339·2d31·0a20·202d·2043·4a49·532d·352e··39-1.··-·CJIS-5.000cc310:·3339·2d31·0a20·202d·2043·4a49·532d·352e··39-1.··-·CJIS-5.
000cc320:·342e·312e·310a·2020·2d20·4449·5341·2d53··4.1.1.··-·DISA-S000cc320:·342e·312e·310a·2020·2d20·4449·5341·2d53··4.1.1.··-·DISA-S
000cc330:·5449·472d·5248·454c·2d30·372d·3033·3034··TIG-RHEL-07-0304000cc330:·5449·472d·5248·454c·2d30·372d·3033·3034··TIG-RHEL-07-0304
000cc340:·3130·0a20·202d·204e·4953·542d·3830·302d··10.··-·NIST-800-000cc340:·3130·0a20·202d·204e·4953·542d·3830·302d··10.··-·NIST-800-
000cc350:·3137·312d·332e·312e·370a·2020·2d20·4e49··171-3.1.7.··-·NI000cc350:·3137·312d·332e·312e·370a·2020·2d20·4e49··171-3.1.7.··-·NI
Offset 52307, 20 lines modifiedOffset 52307, 20 lines modified
000cc520:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co000cc520:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
000cc530:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"000cc530:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
000cc540:·2069·643d·2269·646d·3235·3534·3822·3e3c···id="idm25548"><000cc540:·2069·643d·2269·646d·3235·3534·3822·3e3c···id="idm25548"><
000cc550:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme000cc550:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme
000cc560:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli000cc560:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli
000cc570:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce000cc570:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce
000cc580:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.000cc580:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.
 000cc590:·6966·2072·706d·202d·2d71·7569·6574·202d··if·rpm·--quiet·-
 000cc5a0:·7120·6175·6469·7420·2661·6d70·3b26·616d··q·audit·&amp;&am
000cc590:·6966·205b·2021·202d·6620·2f2e·646f·636b··if·[·!·-f·/.dock000cc5b0:·703b·205b·2021·202d·6620·2f2e·646f·636b··p;·[·!·-f·/.dock
000cc5a0:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am000cc5c0:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am
000cc5b0:·703b·205b·2021·202d·6620·2f72·756e·2f2e··p;·[·!·-f·/run/.000cc5d0:·703b·205b·2021·202d·6620·2f72·756e·2f2e··p;·[·!·-f·/run/.
000cc5c0:·636f·6e74·6169·6e65·7265·6e76·205d·2026··containerenv·]·&000cc5e0:·636f·6e74·6169·6e65·7265·6e76·205d·3b20··containerenv·];·
000cc5d0:·616d·703b·2661·6d70·3b20·7270·6d20·2d2d··amp;&amp;·rpm·-- 
000cc5e0:·7175·6965·7420·2d71·2061·7564·6974·3b20··quiet·-q·audit;· 
000cc5f0:·7468·656e·0a0a·2320·4669·7273·7420·7065··then..#·First·pe000cc5f0:·7468·656e·0a0a·2320·4669·7273·7420·7065··then..#·First·pe
000cc600:·7266·6f72·6d20·7468·6520·7265·6d65·6469··rform·the·remedi000cc600:·7266·6f72·6d20·7468·6520·7265·6d65·6469··rform·the·remedi
000cc610:·6174·696f·6e20·6f66·2074·6865·2073·7973··ation·of·the·sys000cc610:·6174·696f·6e20·6f66·2074·6865·2073·7973··ation·of·the·sys
000cc620:·6361·6c6c·2072·756c·650a·2320·5265·7472··call·rule.#·Retr000cc620:·6361·6c6c·2072·756c·650a·2320·5265·7472··call·rule.#·Retr
Max diff block lines reached; 703676/713190 bytes (98.67%) of diff not shown.
216 KB
html2text {}
    
Offset 45, 15 lines modifiedOffset 45, 15 lines modified
45 ····*·cpe:/o:redhat:enterprise_linux:7::client45 ····*·cpe:/o:redhat:enterprise_linux:7::client
46 ····*·cpe:/o:redhat:enterprise_linux:7::computenode46 ····*·cpe:/o:redhat:enterprise_linux:7::computenode
47 ····*·cpe:/o:redhat:enterprise_linux:7::server47 ····*·cpe:/o:redhat:enterprise_linux:7::server
48 ····*·cpe:/o:redhat:enterprise_linux:7::workstation48 ····*·cpe:/o:redhat:enterprise_linux:7::workstation
49 ····*·cpe:/o:redhat:enterprise_linux:749 ····*·cpe:/o:redhat:enterprise_linux:7
50 *****·Revision·History·*****50 *****·Revision·History·*****
51 Current·version:·0.1.6551 Current·version:·0.1.65
52 ····*·draft·(as·of·2024-01-14)52 ····*·draft·(as·of·2025-02-15)
53 *****·Table·of·Contents·*****53 *****·Table·of·Contents·*****
54 ···1.·System_Settings54 ···1.·System_Settings
55 ·········1.·Installing_and_Maintaining_Software55 ·········1.·Installing_and_Maintaining_Software
56 ·········2.·Account_and_Access_Control56 ·········2.·Account_and_Access_Control
57 ·········3.·System_Accounting_with_auditd57 ·········3.·System_Accounting_with_auditd
58 ·········4.·GRUB2_bootloader_configuration58 ·········4.·GRUB2_bootloader_configuration
59 ·········5.·Configure_Syslog59 ·········5.·Configure_Syslog
Offset 5015, 16 lines modifiedOffset 5015, 16 lines modified
5015 ··-·reboot_required5015 ··-·reboot_required
5016 ··-·restrict_strategy5016 ··-·restrict_strategy
  
5017 -·name:·Set·architecture·for·audit·chmod·tasks5017 -·name:·Set·architecture·for·audit·chmod·tasks
5018 ··set_fact:5018 ··set_fact:
5019 ····audit_arch:·b645019 ····audit_arch:·b64
5020 ··when:5020 ··when:
5021 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5022 ··-·'"audit"·in·ansible_facts.packages'5021 ··-·'"audit"·in·ansible_facts.packages'
 5022 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5023 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture5023 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
5024 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"5024 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
5025 ··tags:5025 ··tags:
5026 ··-·CCE-27339-15026 ··-·CCE-27339-1
5027 ··-·CJIS-5.4.1.15027 ··-·CJIS-5.4.1.1
5028 ··-·DISA-STIG-RHEL-07-0304105028 ··-·DISA-STIG-RHEL-07-030410
5029 ··-·NIST-800-171-3.1.75029 ··-·NIST-800-171-3.1.7
Offset 5162, 16 lines modifiedOffset 5162, 16 lines modified
5162 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10005162 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
5163 ········-F·auid!=unset·-F·key=perm_mod5163 ········-F·auid!=unset·-F·key=perm_mod
5164 ······create:·true5164 ······create:·true
5165 ······mode:·o-rwx5165 ······mode:·o-rwx
5166 ······state:·present5166 ······state:·present
5167 ····when:·syscalls_found·|·length·==·05167 ····when:·syscalls_found·|·length·==·0
5168 ··when:5168 ··when:
5169 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5170 ··-·'"audit"·in·ansible_facts.packages'5169 ··-·'"audit"·in·ansible_facts.packages'
 5170 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5171 ··tags:5171 ··tags:
5172 ··-·CCE-27339-15172 ··-·CCE-27339-1
5173 ··-·CJIS-5.4.1.15173 ··-·CJIS-5.4.1.1
5174 ··-·DISA-STIG-RHEL-07-0304105174 ··-·DISA-STIG-RHEL-07-030410
5175 ··-·NIST-800-171-3.1.75175 ··-·NIST-800-171-3.1.7
5176 ··-·NIST-800-53-AU-12(c)5176 ··-·NIST-800-53-AU-12(c)
5177 ··-·NIST-800-53-AU-2(d)5177 ··-·NIST-800-53-AU-2(d)
Offset 5307, 16 lines modifiedOffset 5307, 16 lines modified
5307 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10005307 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
5308 ········-F·auid!=unset·-F·key=perm_mod5308 ········-F·auid!=unset·-F·key=perm_mod
5309 ······create:·true5309 ······create:·true
5310 ······mode:·o-rwx5310 ······mode:·o-rwx
5311 ······state:·present5311 ······state:·present
5312 ····when:·syscalls_found·|·length·==·05312 ····when:·syscalls_found·|·length·==·0
5313 ··when:5313 ··when:
5314 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5315 ··-·'"audit"·in·ansible_facts.packages'5314 ··-·'"audit"·in·ansible_facts.packages'
 5315 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5316 ··-·audit_arch·==·"b64"5316 ··-·audit_arch·==·"b64"
5317 ··tags:5317 ··tags:
5318 ··-·CCE-27339-15318 ··-·CCE-27339-1
5319 ··-·CJIS-5.4.1.15319 ··-·CJIS-5.4.1.1
5320 ··-·DISA-STIG-RHEL-07-0304105320 ··-·DISA-STIG-RHEL-07-030410
5321 ··-·NIST-800-171-3.1.75321 ··-·NIST-800-171-3.1.7
5322 ··-·NIST-800-53-AU-12(c)5322 ··-·NIST-800-53-AU-12(c)
Offset 5327, 15 lines modifiedOffset 5327, 15 lines modified
5327 ··-·low_complexity5327 ··-·low_complexity
5328 ··-·low_disruption5328 ··-·low_disruption
5329 ··-·medium_severity5329 ··-·medium_severity
5330 ··-·reboot_required5330 ··-·reboot_required
5331 ··-·restrict_strategy5331 ··-·restrict_strategy
5332 Remediation_Shell_script_⇲5332 Remediation_Shell_script_⇲
5333 #·Remediation·is·applicable·only·in·certain·platforms5333 #·Remediation·is·applicable·only·in·certain·platforms
5334 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then5334 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
5335 #·First·perform·the·remediation·of·the·syscall·rule5335 #·First·perform·the·remediation·of·the·syscall·rule
5336 #·Retrieve·hardware·architecture·of·the·underlying·system5336 #·Retrieve·hardware·architecture·of·the·underlying·system
5337 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")5337 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
5338 for·ARCH·in·"${RULE_ARCHS[@]}"5338 for·ARCH·in·"${RULE_ARCHS[@]}"
5339 do5339 do
Offset 5698, 16 lines modifiedOffset 5698, 16 lines modified
5698 ··-·reboot_required5698 ··-·reboot_required
5699 ··-·restrict_strategy5699 ··-·restrict_strategy
  
5700 -·name:·Set·architecture·for·audit·chown·tasks5700 -·name:·Set·architecture·for·audit·chown·tasks
5701 ··set_fact:5701 ··set_fact:
5702 ····audit_arch:·b645702 ····audit_arch:·b64
5703 ··when:5703 ··when:
5704 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5705 ··-·'"audit"·in·ansible_facts.packages'5704 ··-·'"audit"·in·ansible_facts.packages'
 5705 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5706 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture5706 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
5707 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"5707 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
5708 ··tags:5708 ··tags:
5709 ··-·CCE-27364-95709 ··-·CCE-27364-9
5710 ··-·CJIS-5.4.1.15710 ··-·CJIS-5.4.1.1
5711 ··-·DISA-STIG-RHEL-07-0303705711 ··-·DISA-STIG-RHEL-07-030370
5712 ··-·NIST-800-171-3.1.75712 ··-·NIST-800-171-3.1.7
Offset 5847, 16 lines modifiedOffset 5847, 16 lines modified
5847 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10005847 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
5848 ········-F·auid!=unset·-F·key=perm_mod5848 ········-F·auid!=unset·-F·key=perm_mod
5849 ······create:·true5849 ······create:·true
5850 ······mode:·o-rwx5850 ······mode:·o-rwx
5851 ······state:·present5851 ······state:·present
5852 ····when:·syscalls_found·|·length·==·05852 ····when:·syscalls_found·|·length·==·0
5853 ··when:5853 ··when:
5854 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5855 ··-·'"audit"·in·ansible_facts.packages'5854 ··-·'"audit"·in·ansible_facts.packages'
 5855 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5856 ··tags:5856 ··tags:
5857 ··-·CCE-27364-95857 ··-·CCE-27364-9
5858 ··-·CJIS-5.4.1.15858 ··-·CJIS-5.4.1.1
5859 ··-·DISA-STIG-RHEL-07-0303705859 ··-·DISA-STIG-RHEL-07-030370
5860 ··-·NIST-800-171-3.1.75860 ··-·NIST-800-171-3.1.7
5861 ··-·NIST-800-53-AU-12(c)5861 ··-·NIST-800-53-AU-12(c)
5862 ··-·NIST-800-53-AU-2(d)5862 ··-·NIST-800-53-AU-2(d)
Offset 5994, 16 lines modifiedOffset 5994, 16 lines modified
5994 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10005994 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
5995 ········-F·auid!=unset·-F·key=perm_mod5995 ········-F·auid!=unset·-F·key=perm_mod
5996 ······create:·true5996 ······create:·true
5997 ······mode:·o-rwx5997 ······mode:·o-rwx
5998 ······state:·present5998 ······state:·present
Max diff block lines reached; 216264/221002 bytes (97.86%) of diff not shown.
90.8 KB
./usr/share/doc/ssg-nondebian/ssg-rhel7-guide-cis_server_l1.html
    
Offset 14352, 16 lines modifiedOffset 14352, 16 lines modified
000380f0:·696f·6e20·4869·7374·6f72·793c·2f68·323e··ion·History</h2>000380f0:·696f·6e20·4869·7374·6f72·793c·2f68·323e··ion·History</h2>
00038100:·3c70·3e43·7572·7265·6e74·2076·6572·7369··<p>Current·versi00038100:·3c70·3e43·7572·7265·6e74·2076·6572·7369··<p>Current·versi
00038110:·6f6e·3a20·3c73·7472·6f6e·673e·302e·312e··on:·<strong>0.1.00038110:·6f6e·3a20·3c73·7472·6f6e·673e·302e·312e··on:·<strong>0.1.
00038120:·3635·3c2f·7374·726f·6e67·3e3c·2f70·3e3c··65</strong></p><00038120:·3635·3c2f·7374·726f·6e67·3e3c·2f70·3e3c··65</strong></p><
00038130:·756c·3e3c·6c69·3e3c·7374·726f·6e67·3e64··ul><li><strong>d00038130:·756c·3e3c·6c69·3e3c·7374·726f·6e67·3e64··ul><li><strong>d
00038140:·7261·6674·3c2f·7374·726f·6e67·3e0a·2020··raft</strong>.··00038140:·7261·6674·3c2f·7374·726f·6e67·3e0a·2020··raft</strong>.··
00038150:·2020·2020·2020·2020·2020·2020·2020·2020··················00038150:·2020·2020·2020·2020·2020·2020·2020·2020··················
00038160:·2020·2861·7320·6f66·2032·3032·342d·3031····(as·of·2024-0100038160:·2020·2861·7320·6f66·2032·3032·352d·3032····(as·of·2025-02
00038170:·2d31·3429·0a20·2020·2020·2020·2020·2020··-14).···········00038170:·2d31·3529·0a20·2020·2020·2020·2020·2020··-15).···········
00038180:·2020·2020·203c·2f6c·693e·3c2f·756c·3e3c·······</li></ul><00038180:·2020·2020·203c·2f6c·693e·3c2f·756c·3e3c·······</li></ul><
00038190:·2f64·6976·3e3c·6832·3e54·6162·6c65·206f··/div><h2>Table·o00038190:·2f64·6976·3e3c·6832·3e54·6162·6c65·206f··/div><h2>Table·o
000381a0:·6620·436f·6e74·656e·7473·3c2f·6832·3e3c··f·Contents</h2><000381a0:·6620·436f·6e74·656e·7473·3c2f·6832·3e3c··f·Contents</h2><
000381b0:·6f6c·3e3c·6c69·3e3c·6120·6872·6566·3d22··ol><li><a·href="000381b0:·6f6c·3e3c·6c69·3e3c·6120·6872·6566·3d22··ol><li><a·href="
000381c0:·2378·6363·6466·5f6f·7267·2e73·7367·7072··#xccdf_org.ssgpr000381c0:·2378·6363·6466·5f6f·7267·2e73·7367·7072··#xccdf_org.ssgpr
000381d0:·6f6a·6563·742e·636f·6e74·656e·745f·6772··oject.content_gr000381d0:·6f6a·6563·742e·636f·6e74·656e·745f·6772··oject.content_gr
000381e0:·6f75·705f·7379·7374·656d·223e·5379·7374··oup_system">Syst000381e0:·6f75·705f·7379·7374·656d·223e·5379·7374··oup_system">Syst
Offset 48528, 21 lines modifiedOffset 48528, 21 lines modified
000bd8f0:·2066·6f72·2065·7869·7374·656e·6365·202f···for·existence·/000bd8f0:·2066·6f72·2065·7869·7374·656e·6365·202f···for·existence·/
000bd900:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.000bd900:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
000bd910:·6366·670a·2020·7374·6174·3a0a·2020·2020··cfg.··stat:.····000bd910:·6366·670a·2020·7374·6174·3a0a·2020·2020··cfg.··stat:.····
000bd920:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub000bd920:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub
000bd930:·322f·6772·7562·2e63·6667·0a20·2072·6567··2/grub.cfg.··reg000bd930:·322f·6772·7562·2e63·6667·0a20·2072·6567··2/grub.cfg.··reg
000bd940:·6973·7465·723a·2066·696c·655f·6578·6973··ister:·file_exis000bd940:·6973·7465·723a·2066·696c·655f·6578·6973··ister:·file_exis
000bd950:·7473·0a20·2077·6865·6e3a·0a20·202d·2027··ts.··when:.··-·'000bd950:·7473·0a20·2077·6865·6e3a·0a20·202d·2027··ts.··when:.··-·'
000bd960:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not· 
000bd970:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount 
000bd980:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut 
000bd990:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis 
000bd9a0:·7427·0a20·202d·2027·2267·7275·6232·2d63··t'.··-·'"grub2-c 
000bd9b0:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl 
000bd9c0:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages000bd960:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i
 000bd970:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
 000bd980:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'"
 000bd990:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i
 000bd9a0:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts
 000bd9b0:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute
 000bd9c0:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list
000bd9d0:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi000bd9d0:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
000bd9e0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ000bd9e0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
000bd9f0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke000bd9f0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
000bda00:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open000bda00:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
000bda10:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"000bda10:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
000bda20:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta000bda20:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta
000bda30:·6773·3a0a·2020·2d20·4343·452d·3832·3032··gs:.··-·CCE-8202000bda30:·6773·3a0a·2020·2d20·4343·452d·3832·3032··gs:.··-·CCE-8202
Offset 48564, 22 lines modifiedOffset 48564, 22 lines modified
000bdb30:·6465·640a·0a2d·206e·616d·653a·2045·6e73··ded..-·name:·Ens000bdb30:·6465·640a·0a2d·206e·616d·653a·2045·6e73··ded..-·name:·Ens
000bdb40:·7572·6520·6772·6f75·7020·6f77·6e65·7220··ure·group·owner·000bdb40:·7572·6520·6772·6f75·7020·6f77·6e65·7220··ure·group·owner·
000bdb50:·3020·6f6e·202f·626f·6f74·2f67·7275·6232··0·on·/boot/grub2000bdb50:·3020·6f6e·202f·626f·6f74·2f67·7275·6232··0·on·/boot/grub2
000bdb60:·2f67·7275·622e·6366·670a·2020·6669·6c65··/grub.cfg.··file000bdb60:·2f67·7275·622e·6366·670a·2020·6669·6c65··/grub.cfg.··file
000bdb70:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo000bdb70:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo
000bdb80:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg000bdb80:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg
000bdb90:·0a20·2020·2067·726f·7570·3a20·2730·270a··.····group:·'0'.000bdb90:·0a20·2020·2067·726f·7570·3a20·2730·270a··.····group:·'0'.
000bdba0:·2020·7768·656e·3a0a·2020·2d20·2722·2f62····when:.··-·'"/b000bdba0:·2020·7768·656e·3a0a·2020·2d20·2722·6772····when:.··-·'"gr
000bdbb0:·6f6f·742f·6566·6922·206e·6f74·2069·6e20··oot/efi"·not·in· 
000bdbc0:·616e·7369·626c·655f·6d6f·756e·7473·207c··ansible_mounts·| 
000bdbd0:·206d·6170·2861·7474·7269·6275·7465·3d22···map(attribute=" 
000bdbe0:·6d6f·756e·7422·2920·7c20·6c69·7374·270a··mount")·|·list'. 
000bdbf0:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm 
000bdc00:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f 
000bdc10:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·000bdbb0:·7562·322d·636f·6d6d·6f6e·2220·696e·2061··ub2-common"·in·a
 000bdbc0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
 000bdbd0:·6b61·6765·7327·0a20·202d·2027·222f·626f··kages'.··-·'"/bo
 000bdbe0:·6f74·2f65·6669·2220·6e6f·7420·696e·2061··ot/efi"·not·in·a
 000bdbf0:·6e73·6962·6c65·5f6d·6f75·6e74·7320·7c20··nsible_mounts·|·
 000bdc00:·6d61·7028·6174·7472·6962·7574·653d·226d··map(attribute="m
 000bdc10:·6f75·6e74·2229·207c·206c·6973·7427·0a20··ount")·|·list'.·
000bdc20:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu000bdc20:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu
000bdc30:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n000bdc30:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n
000bdc40:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",000bdc40:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",
000bdc50:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"000bdc50:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"
000bdc60:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con000bdc60:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con
000bdc70:·7461·696e·6572·225d·0a20·202d·2066·696c··tainer"].··-·fil000bdc70:·7461·696e·6572·225d·0a20·202d·2066·696c··tainer"].··-·fil
000bdc80:·655f·6578·6973·7473·2e73·7461·7420·6973··e_exists.stat·is000bdc80:·655f·6578·6973·7473·2e73·7461·7420·6973··e_exists.stat·is
Offset 48631, 19 lines modifiedOffset 48631, 19 lines modified
000bdf60:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th000bdf60:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th
000bdf70:·3e3c·7464·3e63·6f6e·6669·6775·7265·3c2f··><td>configure</000bdf70:·3e3c·7464·3e63·6f6e·6669·6775·7265·3c2f··><td>configure</
000bdf80:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>000bdf80:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>
000bdf90:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem000bdf90:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem
000bdfa0:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl000bdfa0:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl
000bdfb0:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c000bdfb0:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c
000bdfc0:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms000bdfc0:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms
000bdfd0:·0a69·6620·5b20·2120·2d66·202f·7379·732f··.if·[·!·-f·/sys/ 
000bdfe0:·6669·726d·7761·7265·2f65·6669·205d·2026··firmware/efi·]·& 
000bdff0:·616d·703b·2661·6d70·3b20·7270·6d20·2d2d··amp;&amp;·rpm·-- 
000be000:·7175·6965·7420·2d71·2067·7275·6232·2d63··quiet·-q·grub2-c000bdfd0:·0a69·6620·7270·6d20·2d2d·7175·6965·7420··.if·rpm·--quiet·
 000bdfe0:·2d71·2067·7275·6232·2d63·6f6d·6d6f·6e20··-q·grub2-common·
 000bdff0:·2661·6d70·3b26·616d·703b·205b·2021·202d··&amp;&amp;·[·!·-
 000be000:·6620·2f73·7973·2f66·6972·6d77·6172·652f··f·/sys/firmware/
000be010:·6f6d·6d6f·6e20·2661·6d70·3b26·616d·703b··ommon·&amp;&amp;000be010:·6566·6920·5d20·2661·6d70·3b26·616d·703b··efi·]·&amp;&amp;
000be020:·207b·205b·2021·202d·6620·2f2e·646f·636b···{·[·!·-f·/.dock000be020:·207b·205b·2021·202d·6620·2f2e·646f·636b···{·[·!·-f·/.dock
000be030:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am000be030:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am
000be040:·703b·205b·2021·202d·6620·2f72·756e·2f2e··p;·[·!·-f·/run/.000be040:·703b·205b·2021·202d·6620·2f72·756e·2f2e··p;·[·!·-f·/run/.
000be050:·636f·6e74·6169·6e65·7265·6e76·205d·3b20··containerenv·];·000be050:·636f·6e74·6169·6e65·7265·6e76·205d·3b20··containerenv·];·
000be060:·7d3b·2074·6865·6e0a·0a63·6867·7270·2030··};·then..chgrp·0000be060:·7d3b·2074·6865·6e0a·0a63·6867·7270·2030··};·then..chgrp·0
000be070:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru000be070:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
000be080:·622e·6366·670a·0a65·6c73·650a·2020·2020··b.cfg..else.····000be080:·622e·6366·670a·0a65·6c73·650a·2020·2020··b.cfg..else.····
Offset 49165, 22 lines modifiedOffset 49165, 22 lines modified
000c00c0:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·000c00c0:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·
000c00d0:·2f62·6f6f·742f·6772·7562·322f·7573·6572··/boot/grub2/user000c00d0:·2f62·6f6f·742f·6772·7562·322f·7573·6572··/boot/grub2/user
000c00e0:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···000c00e0:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···
000c00f0:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru000c00f0:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru
000c0100:·6232·2f75·7365·722e·6366·670a·2020·7265··b2/user.cfg.··re000c0100:·6232·2f75·7365·722e·6366·670a·2020·7265··b2/user.cfg.··re
000c0110:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi000c0110:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi
000c0120:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·000c0120:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·
000c0130:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not 
000c0140:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun 
000c0150:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu 
000c0160:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li 
000c0170:·7374·270a·2020·2d20·2722·6772·7562·322d··st'.··-·'"grub2- 
000c0180:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib 
000c0190:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package000c0130:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"·
 000c0140:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 000c0150:·2e70·6163·6b61·6765·7327·0a20·202d·2027··.packages'.··-·'
 000c0160:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not·
 000c0170:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount
 000c0180:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut
 000c0190:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis
000c01a0:·7327·0a20·202d·2061·6e73·6962·6c65·5f76··s'.··-·ansible_v000c01a0:·7427·0a20·202d·2061·6e73·6962·6c65·5f76··t'.··-·ansible_v
000c01b0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty000c01b0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
000c01c0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock000c01c0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
000c01d0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope000c01d0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
000c01e0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·000c01e0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
000c01f0:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t000c01f0:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t
000c0200:·6167·733a·0a20·202d·2043·4345·2d38·3630··ags:.··-·CCE-860000c0200:·6167·733a·0a20·202d·2043·4345·2d38·3630··ags:.··-·CCE-860
000c0210:·3038·2d30·0a20·202d·2043·4a49·532d·352e··08-0.··-·CJIS-5.000c0210:·3038·2d30·0a20·202d·2043·4a49·532d·352e··08-0.··-·CJIS-5.
Offset 49201, 22 lines modifiedOffset 49201, 22 lines modified
000c0300:·6465·640a·0a2d·206e·616d·653a·2045·6e73··ded..-·name:·Ens000c0300:·6465·640a·0a2d·206e·616d·653a·2045·6e73··ded..-·name:·Ens
Max diff block lines reached; 60974/70238 bytes (86.81%) of diff not shown.
22.1 KB
html2text {}
    
Offset 45, 15 lines modifiedOffset 45, 15 lines modified
45 ····*·cpe:/o:redhat:enterprise_linux:7::client45 ····*·cpe:/o:redhat:enterprise_linux:7::client
46 ····*·cpe:/o:redhat:enterprise_linux:7::computenode46 ····*·cpe:/o:redhat:enterprise_linux:7::computenode
47 ····*·cpe:/o:redhat:enterprise_linux:7::server47 ····*·cpe:/o:redhat:enterprise_linux:7::server
48 ····*·cpe:/o:redhat:enterprise_linux:7::workstation48 ····*·cpe:/o:redhat:enterprise_linux:7::workstation
49 ····*·cpe:/o:redhat:enterprise_linux:749 ····*·cpe:/o:redhat:enterprise_linux:7
50 *****·Revision·History·*****50 *****·Revision·History·*****
51 Current·version:·0.1.6551 Current·version:·0.1.65
52 ····*·draft·(as·of·2024-01-14)52 ····*·draft·(as·of·2025-02-15)
53 *****·Table·of·Contents·*****53 *****·Table·of·Contents·*****
54 ···1.·System_Settings54 ···1.·System_Settings
55 ·········1.·Installing_and_Maintaining_Software55 ·········1.·Installing_and_Maintaining_Software
56 ·········2.·Account_and_Access_Control56 ·········2.·Account_and_Access_Control
57 ·········3.·GRUB2_bootloader_configuration57 ·········3.·GRUB2_bootloader_configuration
58 ·········4.·Configure_Syslog58 ·········4.·Configure_Syslog
59 ·········5.·Network_Configuration_and_Firewalls59 ·········5.·Network_Configuration_and_Firewalls
Offset 4863, 16 lines modifiedOffset 4863, 16 lines modified
4863 ··-·no_reboot_needed4863 ··-·no_reboot_needed
  
4864 -·name:·Test·for·existence·/boot/grub2/grub.cfg4864 -·name:·Test·for·existence·/boot/grub2/grub.cfg
4865 ··stat:4865 ··stat:
4866 ····path:·/boot/grub2/grub.cfg4866 ····path:·/boot/grub2/grub.cfg
4867 ··register:·file_exists4867 ··register:·file_exists
4868 ··when:4868 ··when:
4869 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
4870 ··-·'"grub2-common"·in·ansible_facts.packages'4869 ··-·'"grub2-common"·in·ansible_facts.packages'
 4870 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
4871 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4871 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4872 ··tags:4872 ··tags:
4873 ··-·CCE-82023-34873 ··-·CCE-82023-3
4874 ··-·CJIS-5.5.2.24874 ··-·CJIS-5.5.2.2
4875 ··-·NIST-800-171-3.4.54875 ··-·NIST-800-171-3.4.5
4876 ··-·NIST-800-53-AC-6(1)4876 ··-·NIST-800-53-AC-6(1)
4877 ··-·NIST-800-53-CM-6(a)4877 ··-·NIST-800-53-CM-6(a)
Offset 4885, 16 lines modifiedOffset 4885, 16 lines modified
4885 ··-·no_reboot_needed4885 ··-·no_reboot_needed
  
4886 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg4886 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
4887 ··file:4887 ··file:
4888 ····path:·/boot/grub2/grub.cfg4888 ····path:·/boot/grub2/grub.cfg
4889 ····group:·'0'4889 ····group:·'0'
4890 ··when:4890 ··when:
4891 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
4892 ··-·'"grub2-common"·in·ansible_facts.packages'4891 ··-·'"grub2-common"·in·ansible_facts.packages'
 4892 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
4893 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4893 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4894 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists4894 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
4895 ··tags:4895 ··tags:
4896 ··-·CCE-82023-34896 ··-·CCE-82023-3
4897 ··-·CJIS-5.5.2.24897 ··-·CJIS-5.5.2.2
4898 ··-·NIST-800-171-3.4.54898 ··-·NIST-800-171-3.4.5
4899 ··-·NIST-800-53-AC-6(1)4899 ··-·NIST-800-53-AC-6(1)
Offset 4907, 15 lines modifiedOffset 4907, 15 lines modified
4907 ··-·medium_severity4907 ··-·medium_severity
4908 ··-·no_reboot_needed4908 ··-·no_reboot_needed
4909 Remediation_Shell_script_⇲4909 Remediation_Shell_script_⇲
4910 Complexity:·low4910 Complexity:·low
4911 Disruption:·low4911 Disruption:·low
4912 Strategy:···configure4912 Strategy:···configure
4913 #·Remediation·is·applicable·only·in·certain·platforms4913 #·Remediation·is·applicable·only·in·certain·platforms
4914 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then4914 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
4915 chgrp·0·/boot/grub2/grub.cfg4915 chgrp·0·/boot/grub2/grub.cfg
  
4916 else4916 else
4917 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'4917 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
4918 fi4918 fi
4919 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***4919 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***
Offset 4948, 16 lines modifiedOffset 4948, 16 lines modified
4948 ··-·no_reboot_needed4948 ··-·no_reboot_needed
  
4949 -·name:·Test·for·existence·/boot/grub2/user.cfg4949 -·name:·Test·for·existence·/boot/grub2/user.cfg
4950 ··stat:4950 ··stat:
4951 ····path:·/boot/grub2/user.cfg4951 ····path:·/boot/grub2/user.cfg
4952 ··register:·file_exists4952 ··register:·file_exists
4953 ··when:4953 ··when:
4954 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
4955 ··-·'"grub2-common"·in·ansible_facts.packages'4954 ··-·'"grub2-common"·in·ansible_facts.packages'
 4955 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
4956 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4956 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4957 ··tags:4957 ··tags:
4958 ··-·CCE-86008-04958 ··-·CCE-86008-0
4959 ··-·CJIS-5.5.2.24959 ··-·CJIS-5.5.2.2
4960 ··-·NIST-800-171-3.4.54960 ··-·NIST-800-171-3.4.5
4961 ··-·NIST-800-53-AC-6(1)4961 ··-·NIST-800-53-AC-6(1)
4962 ··-·NIST-800-53-CM-6(a)4962 ··-·NIST-800-53-CM-6(a)
Offset 4970, 16 lines modifiedOffset 4970, 16 lines modified
4970 ··-·no_reboot_needed4970 ··-·no_reboot_needed
  
4971 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg4971 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
4972 ··file:4972 ··file:
4973 ····path:·/boot/grub2/user.cfg4973 ····path:·/boot/grub2/user.cfg
4974 ····group:·'0'4974 ····group:·'0'
4975 ··when:4975 ··when:
4976 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
4977 ··-·'"grub2-common"·in·ansible_facts.packages'4976 ··-·'"grub2-common"·in·ansible_facts.packages'
 4977 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
4978 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4978 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4979 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists4979 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
4980 ··tags:4980 ··tags:
4981 ··-·CCE-86008-04981 ··-·CCE-86008-0
4982 ··-·CJIS-5.5.2.24982 ··-·CJIS-5.5.2.2
4983 ··-·NIST-800-171-3.4.54983 ··-·NIST-800-171-3.4.5
4984 ··-·NIST-800-53-AC-6(1)4984 ··-·NIST-800-53-AC-6(1)
Offset 4992, 15 lines modifiedOffset 4992, 15 lines modified
4992 ··-·medium_severity4992 ··-·medium_severity
4993 ··-·no_reboot_needed4993 ··-·no_reboot_needed
4994 Remediation_Shell_script_⇲4994 Remediation_Shell_script_⇲
4995 Complexity:·low4995 Complexity:·low
4996 Disruption:·low4996 Disruption:·low
4997 Strategy:···configure4997 Strategy:···configure
4998 #·Remediation·is·applicable·only·in·certain·platforms4998 #·Remediation·is·applicable·only·in·certain·platforms
4999 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then4999 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
5000 chgrp·0·/boot/grub2/user.cfg5000 chgrp·0·/boot/grub2/user.cfg
  
5001 else5001 else
5002 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'5002 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
5003 fi5003 fi
5004 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***5004 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 5033, 16 lines modifiedOffset 5033, 16 lines modified
5033 ··-·no_reboot_needed5033 ··-·no_reboot_needed
  
5034 -·name:·Test·for·existence·/boot/grub2/grub.cfg5034 -·name:·Test·for·existence·/boot/grub2/grub.cfg
5035 ··stat:5035 ··stat:
5036 ····path:·/boot/grub2/grub.cfg5036 ····path:·/boot/grub2/grub.cfg
5037 ··register:·file_exists5037 ··register:·file_exists
5038 ··when:5038 ··when:
Max diff block lines reached; 18034/22615 bytes (79.74%) of diff not shown.
91.8 KB
./usr/share/doc/ssg-nondebian/ssg-rhel7-guide-cis_workstation_l1.html
    
Offset 14354, 15 lines modifiedOffset 14354, 15 lines modified
00038110:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v00038110:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v
00038120:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>00038120:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>
00038130:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><00038130:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><
00038140:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro00038140:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro
00038150:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong00038150:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong
00038160:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············00038160:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············
00038170:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·20200038170:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·202
00038180:·342d·3031·2d31·3429·0a20·2020·2020·2020··4-01-14).·······00038180:·352d·3032·2d31·3529·0a20·2020·2020·2020··5-02-15).·······
00038190:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></00038190:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></
000381a0:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab000381a0:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab
000381b0:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</000381b0:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</
000381c0:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr000381c0:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr
000381d0:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s000381d0:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s
000381e0:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten000381e0:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten
000381f0:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">000381f0:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">
Offset 48519, 22 lines modifiedOffset 48519, 22 lines modified
000bd860:·5465·7374·2066·6f72·2065·7869·7374·656e··Test·for·existen000bd860:·5465·7374·2066·6f72·2065·7869·7374·656e··Test·for·existen
000bd870:·6365·202f·626f·6f74·2f67·7275·6232·2f67··ce·/boot/grub2/g000bd870:·6365·202f·626f·6f74·2f67·7275·6232·2f67··ce·/boot/grub2/g
000bd880:·7275·622e·6366·670a·2020·7374·6174·3a0a··rub.cfg.··stat:.000bd880:·7275·622e·6366·670a·2020·7374·6174·3a0a··rub.cfg.··stat:.
000bd890:·2020·2020·7061·7468·3a20·2f62·6f6f·742f······path:·/boot/000bd890:·2020·2020·7061·7468·3a20·2f62·6f6f·742f······path:·/boot/
000bd8a0:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·000bd8a0:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·
000bd8b0:·2072·6567·6973·7465·723a·2066·696c·655f···register:·file_000bd8b0:·2072·6567·6973·7465·723a·2066·696c·655f···register:·file_
000bd8c0:·6578·6973·7473·0a20·2077·6865·6e3a·0a20··exists.··when:.·000bd8c0:·6578·6973·7473·0a20·2077·6865·6e3a·0a20··exists.··when:.·
000bd8d0:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"· 
000bd8e0:·6e6f·7420·696e·2061·6e73·6962·6c65·5f6d··not·in·ansible_m 
000bd8f0:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr 
000bd900:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·| 
000bd910:·206c·6973·7427·0a20·202d·2027·2267·7275···list'.··-·'"gru 
000bd920:·6232·2d63·6f6d·6d6f·6e22·2069·6e20·616e··b2-common"·in·an 
000bd930:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack000bd8d0:·202d·2027·2267·7275·6232·2d63·6f6d·6d6f···-·'"grub2-commo
 000bd8e0:·6e22·2069·6e20·616e·7369·626c·655f·6661··n"·in·ansible_fa
 000bd8f0:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
 000bd900:·2d20·2722·2f62·6f6f·742f·6566·6922·206e··-·'"/boot/efi"·n
 000bd910:·6f74·2069·6e20·616e·7369·626c·655f·6d6f··ot·in·ansible_mo
 000bd920:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri
 000bd930:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|·
000bd940:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl000bd940:·6c69·7374·270a·2020·2d20·616e·7369·626c··list'.··-·ansibl
000bd950:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization000bd950:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
000bd960:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d000bd960:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
000bd970:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"000bd970:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
000bd980:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman000bd980:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
000bd990:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].000bd990:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].
000bd9a0:·2020·7461·6773·3a0a·2020·2d20·4343·452d····tags:.··-·CCE-000bd9a0:·2020·7461·6773·3a0a·2020·2d20·4343·452d····tags:.··-·CCE-
000bd9b0:·3832·3032·332d·330a·2020·2d20·434a·4953··82023-3.··-·CJIS000bd9b0:·3832·3032·332d·330a·2020·2d20·434a·4953··82023-3.··-·CJIS
Offset 48556, 22 lines modifiedOffset 48556, 22 lines modified
000bdab0:·2045·6e73·7572·6520·6772·6f75·7020·6f77···Ensure·group·ow000bdab0:·2045·6e73·7572·6520·6772·6f75·7020·6f77···Ensure·group·ow
000bdac0:·6e65·7220·3020·6f6e·202f·626f·6f74·2f67··ner·0·on·/boot/g000bdac0:·6e65·7220·3020·6f6e·202f·626f·6f74·2f67··ner·0·on·/boot/g
000bdad0:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··000bdad0:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··
000bdae0:·6669·6c65·3a0a·2020·2020·7061·7468·3a20··file:.····path:·000bdae0:·6669·6c65·3a0a·2020·2020·7061·7468·3a20··file:.····path:·
000bdaf0:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub000bdaf0:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
000bdb00:·2e63·6667·0a20·2020·2067·726f·7570·3a20··.cfg.····group:·000bdb00:·2e63·6667·0a20·2020·2067·726f·7570·3a20··.cfg.····group:·
000bdb10:·2730·270a·2020·7768·656e·3a0a·2020·2d20··'0'.··when:.··-·000bdb10:·2730·270a·2020·7768·656e·3a0a·2020·2d20··'0'.··when:.··-·
000bdb20:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not 
000bdb30:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun 
000bdb40:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu 
000bdb50:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li 
000bdb60:·7374·270a·2020·2d20·2722·6772·7562·322d··st'.··-·'"grub2- 
000bdb70:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib 
000bdb80:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package000bdb20:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"·
 000bdb30:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 000bdb40:·2e70·6163·6b61·6765·7327·0a20·202d·2027··.packages'.··-·'
 000bdb50:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not·
 000bdb60:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount
 000bdb70:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut
 000bdb80:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis
000bdb90:·7327·0a20·202d·2061·6e73·6962·6c65·5f76··s'.··-·ansible_v000bdb90:·7427·0a20·202d·2061·6e73·6962·6c65·5f76··t'.··-·ansible_v
000bdba0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty000bdba0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
000bdbb0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock000bdbb0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
000bdbc0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope000bdbc0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
000bdbd0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·000bdbd0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
000bdbe0:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··-000bdbe0:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··-
000bdbf0:·2066·696c·655f·6578·6973·7473·2e73·7461···file_exists.sta000bdbf0:·2066·696c·655f·6578·6973·7473·2e73·7461···file_exists.sta
000bdc00:·7420·6973·2064·6566·696e·6564·2061·6e64··t·is·defined·and000bdc00:·7420·6973·2064·6566·696e·6564·2061·6e64··t·is·defined·and
Offset 48622, 19 lines modifiedOffset 48622, 19 lines modified
000bded0:·7472·3e3c·7468·3e53·7472·6174·6567·793a··tr><th>Strategy:000bded0:·7472·3e3c·7468·3e53·7472·6174·6567·793a··tr><th>Strategy:
000bdee0:·3c2f·7468·3e3c·7464·3e63·6f6e·6669·6775··</th><td>configu000bdee0:·3c2f·7468·3e3c·7464·3e63·6f6e·6669·6775··</th><td>configu
000bdef0:·7265·3c2f·7464·3e3c·2f74·723e·3c2f·7461··re</td></tr></ta000bdef0:·7265·3c2f·7464·3e3c·2f74·723e·3c2f·7461··re</td></tr></ta
000bdf00:·626c·653e·3c70·7265·3e3c·636f·6465·3e23··ble><pre><code>#000bdf00:·626c·653e·3c70·7265·3e3c·636f·6465·3e23··ble><pre><code>#
000bdf10:·2052·656d·6564·6961·7469·6f6e·2069·7320···Remediation·is·000bdf10:·2052·656d·6564·6961·7469·6f6e·2069·7320···Remediation·is·
000bdf20:·6170·706c·6963·6162·6c65·206f·6e6c·7920··applicable·only·000bdf20:·6170·706c·6963·6162·6c65·206f·6e6c·7920··applicable·only·
000bdf30:·696e·2063·6572·7461·696e·2070·6c61·7466··in·certain·platf000bdf30:·696e·2063·6572·7461·696e·2070·6c61·7466··in·certain·platf
000bdf40:·6f72·6d73·0a69·6620·5b20·2120·2d66·202f··orms.if·[·!·-f·/000bdf40:·6f72·6d73·0a69·6620·7270·6d20·2d2d·7175··orms.if·rpm·--qu
000bdf50:·7379·732f·6669·726d·7761·7265·2f65·6669··sys/firmware/efi 
000bdf60:·205d·2026·616d·703b·2661·6d70·3b20·7270···]·&amp;&amp;·rp 
000bdf70:·6d20·2d2d·7175·6965·7420·2d71·2067·7275··m·--quiet·-q·gru 
000bdf80:·6232·2d63·6f6d·6d6f·6e20·2661·6d70·3b26··b2-common·&amp;&000bdf50:·6965·7420·2d71·2067·7275·6232·2d63·6f6d··iet·-q·grub2-com
 000bdf60:·6d6f·6e20·2661·6d70·3b26·616d·703b·205b··mon·&amp;&amp;·[
 000bdf70:·2021·202d·6620·2f73·7973·2f66·6972·6d77···!·-f·/sys/firmw
 000bdf80:·6172·652f·6566·6920·5d20·2661·6d70·3b26··are/efi·]·&amp;&
000bdf90:·616d·703b·207b·205b·2021·202d·6620·2f2e··amp;·{·[·!·-f·/.000bdf90:·616d·703b·207b·205b·2021·202d·6620·2f2e··amp;·{·[·!·-f·/.
000bdfa0:·646f·636b·6572·656e·7620·5d20·2661·6d70··dockerenv·]·&amp000bdfa0:·646f·636b·6572·656e·7620·5d20·2661·6d70··dockerenv·]·&amp
000bdfb0:·3b26·616d·703b·205b·2021·202d·6620·2f72··;&amp;·[·!·-f·/r000bdfb0:·3b26·616d·703b·205b·2021·202d·6620·2f72··;&amp;·[·!·-f·/r
000bdfc0:·756e·2f2e·636f·6e74·6169·6e65·7265·6e76··un/.containerenv000bdfc0:·756e·2f2e·636f·6e74·6169·6e65·7265·6e76··un/.containerenv
000bdfd0:·205d·3b20·7d3b·2074·6865·6e0a·0a63·6867···];·};·then..chg000bdfd0:·205d·3b20·7d3b·2074·6865·6e0a·0a63·6867···];·};·then..chg
000bdfe0:·7270·2030·202f·626f·6f74·2f67·7275·6232··rp·0·/boot/grub2000bdfe0:·7270·2030·202f·626f·6f74·2f67·7275·6232··rp·0·/boot/grub2
000bdff0:·2f67·7275·622e·6366·670a·0a65·6c73·650a··/grub.cfg..else.000bdff0:·2f67·7275·622e·6366·670a·0a65·6c73·650a··/grub.cfg..else.
Offset 49156, 22 lines modifiedOffset 49156, 22 lines modified
000c0030:·2054·6573·7420·666f·7220·6578·6973·7465···Test·for·existe000c0030:·2054·6573·7420·666f·7220·6578·6973·7465···Test·for·existe
000c0040:·6e63·6520·2f62·6f6f·742f·6772·7562·322f··nce·/boot/grub2/000c0040:·6e63·6520·2f62·6f6f·742f·6772·7562·322f··nce·/boot/grub2/
000c0050:·7573·6572·2e63·6667·0a20·2073·7461·743a··user.cfg.··stat:000c0050:·7573·6572·2e63·6667·0a20·2073·7461·743a··user.cfg.··stat:
000c0060:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot000c0060:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot
000c0070:·2f67·7275·6232·2f75·7365·722e·6366·670a··/grub2/user.cfg.000c0070:·2f67·7275·6232·2f75·7365·722e·6366·670a··/grub2/user.cfg.
000c0080:·2020·7265·6769·7374·6572·3a20·6669·6c65····register:·file000c0080:·2020·7265·6769·7374·6572·3a20·6669·6c65····register:·file
000c0090:·5f65·7869·7374·730a·2020·7768·656e·3a0a··_exists.··when:.000c0090:·5f65·7869·7374·730a·2020·7768·656e·3a0a··_exists.··when:.
000c00a0:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi" 
000c00b0:·206e·6f74·2069·6e20·616e·7369·626c·655f···not·in·ansible_ 
000c00c0:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att 
000c00d0:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")· 
000c00e0:·7c20·6c69·7374·270a·2020·2d20·2722·6772··|·list'.··-·'"gr 
000c00f0:·7562·322d·636f·6d6d·6f6e·2220·696e·2061··ub2-common"·in·a 
000c0100:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac000c00a0:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm
 000c00b0:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f
 000c00c0:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
 000c00d0:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"·
 000c00e0:·6e6f·7420·696e·2061·6e73·6962·6c65·5f6d··not·in·ansible_m
 000c00f0:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr
 000c0100:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·|
000c0110:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib000c0110:·206c·6973·7427·0a20·202d·2061·6e73·6962···list'.··-·ansib
000c0120:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio000c0120:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio
000c0130:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["000c0130:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["
000c0140:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·000c0140:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·
000c0150:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma000c0150:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma
000c0160:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]000c0160:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]
000c0170:·0a20·2074·6167·733a·0a20·202d·2043·4345··.··tags:.··-·CCE000c0170:·0a20·2074·6167·733a·0a20·202d·2043·4345··.··tags:.··-·CCE
000c0180:·2d38·3630·3038·2d30·0a20·202d·2043·4a49··-86008-0.··-·CJI000c0180:·2d38·3630·3038·2d30·0a20·202d·2043·4a49··-86008-0.··-·CJI
Offset 49193, 22 lines modifiedOffset 49193, 22 lines modified
000c0280:·2045·6e73·7572·6520·6772·6f75·7020·6f77···Ensure·group·ow000c0280:·2045·6e73·7572·6520·6772·6f75·7020·6f77···Ensure·group·ow
Max diff block lines reached; 61940/71204 bytes (86.99%) of diff not shown.
22.1 KB
html2text {}
    
Offset 46, 15 lines modifiedOffset 46, 15 lines modified
46 ····*·cpe:/o:redhat:enterprise_linux:7::client46 ····*·cpe:/o:redhat:enterprise_linux:7::client
47 ····*·cpe:/o:redhat:enterprise_linux:7::computenode47 ····*·cpe:/o:redhat:enterprise_linux:7::computenode
48 ····*·cpe:/o:redhat:enterprise_linux:7::server48 ····*·cpe:/o:redhat:enterprise_linux:7::server
49 ····*·cpe:/o:redhat:enterprise_linux:7::workstation49 ····*·cpe:/o:redhat:enterprise_linux:7::workstation
50 ····*·cpe:/o:redhat:enterprise_linux:750 ····*·cpe:/o:redhat:enterprise_linux:7
51 *****·Revision·History·*****51 *****·Revision·History·*****
52 Current·version:·0.1.6552 Current·version:·0.1.65
53 ····*·draft·(as·of·2024-01-14)53 ····*·draft·(as·of·2025-02-15)
54 *****·Table·of·Contents·*****54 *****·Table·of·Contents·*****
55 ···1.·System_Settings55 ···1.·System_Settings
56 ·········1.·Installing_and_Maintaining_Software56 ·········1.·Installing_and_Maintaining_Software
57 ·········2.·Account_and_Access_Control57 ·········2.·Account_and_Access_Control
58 ·········3.·GRUB2_bootloader_configuration58 ·········3.·GRUB2_bootloader_configuration
59 ·········4.·Configure_Syslog59 ·········4.·Configure_Syslog
60 ·········5.·Network_Configuration_and_Firewalls60 ·········5.·Network_Configuration_and_Firewalls
Offset 4862, 16 lines modifiedOffset 4862, 16 lines modified
4862 ··-·no_reboot_needed4862 ··-·no_reboot_needed
  
4863 -·name:·Test·for·existence·/boot/grub2/grub.cfg4863 -·name:·Test·for·existence·/boot/grub2/grub.cfg
4864 ··stat:4864 ··stat:
4865 ····path:·/boot/grub2/grub.cfg4865 ····path:·/boot/grub2/grub.cfg
4866 ··register:·file_exists4866 ··register:·file_exists
4867 ··when:4867 ··when:
4868 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
4869 ··-·'"grub2-common"·in·ansible_facts.packages'4868 ··-·'"grub2-common"·in·ansible_facts.packages'
 4869 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
4870 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4870 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4871 ··tags:4871 ··tags:
4872 ··-·CCE-82023-34872 ··-·CCE-82023-3
4873 ··-·CJIS-5.5.2.24873 ··-·CJIS-5.5.2.2
4874 ··-·NIST-800-171-3.4.54874 ··-·NIST-800-171-3.4.5
4875 ··-·NIST-800-53-AC-6(1)4875 ··-·NIST-800-53-AC-6(1)
4876 ··-·NIST-800-53-CM-6(a)4876 ··-·NIST-800-53-CM-6(a)
Offset 4884, 16 lines modifiedOffset 4884, 16 lines modified
4884 ··-·no_reboot_needed4884 ··-·no_reboot_needed
  
4885 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg4885 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
4886 ··file:4886 ··file:
4887 ····path:·/boot/grub2/grub.cfg4887 ····path:·/boot/grub2/grub.cfg
4888 ····group:·'0'4888 ····group:·'0'
4889 ··when:4889 ··when:
4890 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
4891 ··-·'"grub2-common"·in·ansible_facts.packages'4890 ··-·'"grub2-common"·in·ansible_facts.packages'
 4891 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
4892 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4892 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4893 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists4893 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
4894 ··tags:4894 ··tags:
4895 ··-·CCE-82023-34895 ··-·CCE-82023-3
4896 ··-·CJIS-5.5.2.24896 ··-·CJIS-5.5.2.2
4897 ··-·NIST-800-171-3.4.54897 ··-·NIST-800-171-3.4.5
4898 ··-·NIST-800-53-AC-6(1)4898 ··-·NIST-800-53-AC-6(1)
Offset 4906, 15 lines modifiedOffset 4906, 15 lines modified
4906 ··-·medium_severity4906 ··-·medium_severity
4907 ··-·no_reboot_needed4907 ··-·no_reboot_needed
4908 Remediation_Shell_script_⇲4908 Remediation_Shell_script_⇲
4909 Complexity:·low4909 Complexity:·low
4910 Disruption:·low4910 Disruption:·low
4911 Strategy:···configure4911 Strategy:···configure
4912 #·Remediation·is·applicable·only·in·certain·platforms4912 #·Remediation·is·applicable·only·in·certain·platforms
4913 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then4913 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
4914 chgrp·0·/boot/grub2/grub.cfg4914 chgrp·0·/boot/grub2/grub.cfg
  
4915 else4915 else
4916 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'4916 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
4917 fi4917 fi
4918 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***4918 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***
Offset 4947, 16 lines modifiedOffset 4947, 16 lines modified
4947 ··-·no_reboot_needed4947 ··-·no_reboot_needed
  
4948 -·name:·Test·for·existence·/boot/grub2/user.cfg4948 -·name:·Test·for·existence·/boot/grub2/user.cfg
4949 ··stat:4949 ··stat:
4950 ····path:·/boot/grub2/user.cfg4950 ····path:·/boot/grub2/user.cfg
4951 ··register:·file_exists4951 ··register:·file_exists
4952 ··when:4952 ··when:
4953 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
4954 ··-·'"grub2-common"·in·ansible_facts.packages'4953 ··-·'"grub2-common"·in·ansible_facts.packages'
 4954 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
4955 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4955 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4956 ··tags:4956 ··tags:
4957 ··-·CCE-86008-04957 ··-·CCE-86008-0
4958 ··-·CJIS-5.5.2.24958 ··-·CJIS-5.5.2.2
4959 ··-·NIST-800-171-3.4.54959 ··-·NIST-800-171-3.4.5
4960 ··-·NIST-800-53-AC-6(1)4960 ··-·NIST-800-53-AC-6(1)
4961 ··-·NIST-800-53-CM-6(a)4961 ··-·NIST-800-53-CM-6(a)
Offset 4969, 16 lines modifiedOffset 4969, 16 lines modified
4969 ··-·no_reboot_needed4969 ··-·no_reboot_needed
  
4970 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg4970 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
4971 ··file:4971 ··file:
4972 ····path:·/boot/grub2/user.cfg4972 ····path:·/boot/grub2/user.cfg
4973 ····group:·'0'4973 ····group:·'0'
4974 ··when:4974 ··when:
4975 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
4976 ··-·'"grub2-common"·in·ansible_facts.packages'4975 ··-·'"grub2-common"·in·ansible_facts.packages'
 4976 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
4977 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4977 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4978 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists4978 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
4979 ··tags:4979 ··tags:
4980 ··-·CCE-86008-04980 ··-·CCE-86008-0
4981 ··-·CJIS-5.5.2.24981 ··-·CJIS-5.5.2.2
4982 ··-·NIST-800-171-3.4.54982 ··-·NIST-800-171-3.4.5
4983 ··-·NIST-800-53-AC-6(1)4983 ··-·NIST-800-53-AC-6(1)
Offset 4991, 15 lines modifiedOffset 4991, 15 lines modified
4991 ··-·medium_severity4991 ··-·medium_severity
4992 ··-·no_reboot_needed4992 ··-·no_reboot_needed
4993 Remediation_Shell_script_⇲4993 Remediation_Shell_script_⇲
4994 Complexity:·low4994 Complexity:·low
4995 Disruption:·low4995 Disruption:·low
4996 Strategy:···configure4996 Strategy:···configure
4997 #·Remediation·is·applicable·only·in·certain·platforms4997 #·Remediation·is·applicable·only·in·certain·platforms
4998 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then4998 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
4999 chgrp·0·/boot/grub2/user.cfg4999 chgrp·0·/boot/grub2/user.cfg
  
5000 else5000 else
5001 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'5001 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
5002 fi5002 fi
5003 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***5003 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 5032, 16 lines modifiedOffset 5032, 16 lines modified
5032 ··-·no_reboot_needed5032 ··-·no_reboot_needed
  
5033 -·name:·Test·for·existence·/boot/grub2/grub.cfg5033 -·name:·Test·for·existence·/boot/grub2/grub.cfg
5034 ··stat:5034 ··stat:
5035 ····path:·/boot/grub2/grub.cfg5035 ····path:·/boot/grub2/grub.cfg
5036 ··register:·file_exists5036 ··register:·file_exists
5037 ··when:5037 ··when:
Max diff block lines reached; 18034/22615 bytes (79.74%) of diff not shown.
914 KB
./usr/share/doc/ssg-nondebian/ssg-rhel7-guide-cis_workstation_l2.html
    
Offset 14354, 15 lines modifiedOffset 14354, 15 lines modified
00038110:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v00038110:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v
00038120:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>00038120:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>
00038130:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><00038130:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><
00038140:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro00038140:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro
00038150:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong00038150:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong
00038160:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············00038160:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············
00038170:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·20200038170:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·202
00038180:·342d·3031·2d31·3429·0a20·2020·2020·2020··4-01-14).·······00038180:·352d·3032·2d31·3529·0a20·2020·2020·2020··5-02-15).·······
00038190:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></00038190:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></
000381a0:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab000381a0:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab
000381b0:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</000381b0:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</
000381c0:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr000381c0:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr
000381d0:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s000381d0:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s
000381e0:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten000381e0:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten
000381f0:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">000381f0:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">
Offset 51616, 23 lines modifiedOffset 51616, 23 lines modified
000c99f0:·6564·0a20·202d·2072·6573·7472·6963·745f··ed.··-·restrict_000c99f0:·6564·0a20·202d·2072·6573·7472·6963·745f··ed.··-·restrict_
000c9a00:·7374·7261·7465·6779·0a0a·2d20·6e61·6d65··strategy..-·name000c9a00:·7374·7261·7465·6779·0a0a·2d20·6e61·6d65··strategy..-·name
000c9a10:·3a20·5365·7420·6172·6368·6974·6563·7475··:·Set·architectu000c9a10:·3a20·5365·7420·6172·6368·6974·6563·7475··:·Set·architectu
000c9a20:·7265·2066·6f72·2061·7564·6974·2063·686d··re·for·audit·chm000c9a20:·7265·2066·6f72·2061·7564·6974·2063·686d··re·for·audit·chm
000c9a30:·6f64·2074·6173·6b73·0a20·2073·6574·5f66··od·tasks.··set_f000c9a30:·6f64·2074·6173·6b73·0a20·2073·6574·5f66··od·tasks.··set_f
000c9a40:·6163·743a·0a20·2020·2061·7564·6974·5f61··act:.····audit_a000c9a40:·6163·743a·0a20·2020·2061·7564·6974·5f61··act:.····audit_a
000c9a50:·7263·683a·2062·3634·0a20·2077·6865·6e3a··rch:·b64.··when:000c9a50:·7263·683a·2062·3634·0a20·2077·6865·6e3a··rch:·b64.··when:
000c9a60:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir 
000c9a70:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type 
000c9a80:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker 
000c9a90:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv 
000c9aa0:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c 
000c9ab0:·6f6e·7461·696e·6572·225d·0a20·202d·2027··ontainer"].··-·' 
000c9ac0:·2261·7564·6974·2220·696e·2061·6e73·6962··"audit"·in·ansib 
000c9ad0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package000c9a60:·0a20·202d·2027·2261·7564·6974·2220·696e··.··-·'"audit"·in
 000c9a70:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p
 000c9a80:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans
 000c9a90:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
 000c9aa0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
 000c9ab0:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
 000c9ac0:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
 000c9ad0:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
000c9ae0:·7327·0a20·202d·2061·6e73·6962·6c65·5f61··s'.··-·ansible_a000c9ae0:·225d·0a20·202d·2061·6e73·6962·6c65·5f61··"].··-·ansible_a
000c9af0:·7263·6869·7465·6374·7572·6520·3d3d·2022··rchitecture·==·"000c9af0:·7263·6869·7465·6374·7572·6520·3d3d·2022··rchitecture·==·"
000c9b00:·6161·7263·6836·3422·206f·7220·616e·7369··aarch64"·or·ansi000c9b00:·6161·7263·6836·3422·206f·7220·616e·7369··aarch64"·or·ansi
000c9b10:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture000c9b10:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture
000c9b20:·203d·3d20·2270·7063·3634·2220·6f72·2061···==·"ppc64"·or·a000c9b20:·203d·3d20·2270·7063·3634·2220·6f72·2061···==·"ppc64"·or·a
000c9b30:·6e73·6962·6c65·5f61·7263·6869·7465·6374··nsible_architect000c9b30:·6e73·6962·6c65·5f61·7263·6869·7465·6374··nsible_architect
000c9b40:·7572·650a·2020·2020·3d3d·2022·7070·6336··ure.····==·"ppc6000c9b40:·7572·650a·2020·2020·3d3d·2022·7070·6336··ure.····==·"ppc6
000c9b50:·346c·6522·206f·7220·616e·7369·626c·655f··4le"·or·ansible_000c9b50:·346c·6522·206f·7220·616e·7369·626c·655f··4le"·or·ansible_
Offset 51940, 23 lines modifiedOffset 51940, 23 lines modified
000cae30:·793d·7065·726d·5f6d·6f64·0a20·2020·2020··y=perm_mod.·····000cae30:·793d·7065·726d·5f6d·6f64·0a20·2020·2020··y=perm_mod.·····
000cae40:·2063·7265·6174·653a·2074·7275·650a·2020···create:·true.··000cae40:·2063·7265·6174·653a·2074·7275·650a·2020···create:·true.··
000cae50:·2020·2020·6d6f·6465·3a20·6f2d·7277·780a······mode:·o-rwx.000cae50:·2020·2020·6d6f·6465·3a20·6f2d·7277·780a······mode:·o-rwx.
000cae60:·2020·2020·2020·7374·6174·653a·2070·7265········state:·pre000cae60:·2020·2020·2020·7374·6174·653a·2070·7265········state:·pre
000cae70:·7365·6e74·0a20·2020·2077·6865·6e3a·2073··sent.····when:·s000cae70:·7365·6e74·0a20·2020·2077·6865·6e3a·2073··sent.····when:·s
000cae80:·7973·6361·6c6c·735f·666f·756e·6420·7c20··yscalls_found·|·000cae80:·7973·6361·6c6c·735f·666f·756e·6420·7c20··yscalls_found·|·
000cae90:·6c65·6e67·7468·203d·3d20·300a·2020·7768··length·==·0.··wh000cae90:·6c65·6e67·7468·203d·3d20·300a·2020·7768··length·==·0.··wh
000caea0:·656e·3a0a·2020·2d20·616e·7369·626c·655f··en:.··-·ansible_ 
000caeb0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t 
000caec0:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc 
000caed0:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op 
000caee0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman", 
000caef0:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].·· 
000caf00:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an 
000caf10:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack000caea0:·656e·3a0a·2020·2d20·2722·6175·6469·7422··en:.··-·'"audit"
 000caeb0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 000caec0:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·
 000caed0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
 000caee0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
 000caef0:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
 000caf00:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
 000caf10:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
000caf20:·6167·6573·270a·2020·7461·6773·3a0a·2020··ages'.··tags:.··000caf20:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··
000caf30:·2d20·4343·452d·3237·3333·392d·310a·2020··-·CCE-27339-1.··000caf30:·2d20·4343·452d·3237·3333·392d·310a·2020··-·CCE-27339-1.··
000caf40:·2d20·434a·4953·2d35·2e34·2e31·2e31·0a20··-·CJIS-5.4.1.1.·000caf40:·2d20·434a·4953·2d35·2e34·2e31·2e31·0a20··-·CJIS-5.4.1.1.·
000caf50:·202d·2044·4953·412d·5354·4947·2d52·4845···-·DISA-STIG-RHE000caf50:·202d·2044·4953·412d·5354·4947·2d52·4845···-·DISA-STIG-RHE
000caf60:·4c2d·3037·2d30·3330·3431·300a·2020·2d20··L-07-030410.··-·000caf60:·4c2d·3037·2d30·3330·3431·300a·2020·2d20··L-07-030410.··-·
000caf70:·4e49·5354·2d38·3030·2d31·3731·2d33·2e31··NIST-800-171-3.1000caf70:·4e49·5354·2d38·3030·2d31·3731·2d33·2e31··NIST-800-171-3.1
000caf80:·2e37·0a20·202d·204e·4953·542d·3830·302d··.7.··-·NIST-800-000caf80:·2e37·0a20·202d·204e·4953·542d·3830·302d··.7.··-·NIST-800-
000caf90:·3533·2d41·552d·3132·2863·290a·2020·2d20··53-AU-12(c).··-·000caf90:·3533·2d41·552d·3132·2863·290a·2020·2d20··53-AU-12(c).··-·
Offset 52253, 22 lines modifiedOffset 52253, 22 lines modified
000cc1c0:·5f6d·6f64·0a20·2020·2020·2063·7265·6174··_mod.······creat000cc1c0:·5f6d·6f64·0a20·2020·2020·2063·7265·6174··_mod.······creat
000cc1d0:·653a·2074·7275·650a·2020·2020·2020·6d6f··e:·true.······mo000cc1d0:·653a·2074·7275·650a·2020·2020·2020·6d6f··e:·true.······mo
000cc1e0:·6465·3a20·6f2d·7277·780a·2020·2020·2020··de:·o-rwx.······000cc1e0:·6465·3a20·6f2d·7277·780a·2020·2020·2020··de:·o-rwx.······
000cc1f0:·7374·6174·653a·2070·7265·7365·6e74·0a20··state:·present.·000cc1f0:·7374·6174·653a·2070·7265·7365·6e74·0a20··state:·present.·
000cc200:·2020·2077·6865·6e3a·2073·7973·6361·6c6c·····when:·syscall000cc200:·2020·2077·6865·6e3a·2073·7973·6361·6c6c·····when:·syscall
000cc210:·735f·666f·756e·6420·7c20·6c65·6e67·7468··s_found·|·length000cc210:·735f·666f·756e·6420·7c20·6c65·6e67·7468··s_found·|·length
000cc220:·203d·3d20·300a·2020·7768·656e·3a0a·2020···==·0.··when:.··000cc220:·203d·3d20·300a·2020·7768·656e·3a0a·2020···==·0.··when:.··
000cc230:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua 
000cc240:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no 
000cc250:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",· 
000cc260:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz", 
000cc270:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont 
000cc280:·6169·6e65·7222·5d0a·2020·2d20·2722·6175··ainer"].··-·'"au 
000cc290:·6469·7422·2069·6e20·616e·7369·626c·655f··dit"·in·ansible_ 
000cc2a0:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.000cc230:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an
 000cc240:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
 000cc250:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl
 000cc260:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
 000cc270:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
 000cc280:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
 000cc290:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
 000cc2a0:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].
000cc2b0:·2020·2d20·6175·6469·745f·6172·6368·203d····-·audit_arch·=000cc2b0:·2020·2d20·6175·6469·745f·6172·6368·203d····-·audit_arch·=
000cc2c0:·3d20·2262·3634·220a·2020·7461·6773·3a0a··=·"b64".··tags:.000cc2c0:·3d20·2262·3634·220a·2020·7461·6773·3a0a··=·"b64".··tags:.
000cc2d0:·2020·2d20·4343·452d·3237·3333·392d·310a····-·CCE-27339-1.000cc2d0:·2020·2d20·4343·452d·3237·3333·392d·310a····-·CCE-27339-1.
000cc2e0:·2020·2d20·434a·4953·2d35·2e34·2e31·2e31····-·CJIS-5.4.1.1000cc2e0:·2020·2d20·434a·4953·2d35·2e34·2e31·2e31····-·CJIS-5.4.1.1
000cc2f0:·0a20·202d·2044·4953·412d·5354·4947·2d52··.··-·DISA-STIG-R000cc2f0:·0a20·202d·2044·4953·412d·5354·4947·2d52··.··-·DISA-STIG-R
000cc300:·4845·4c2d·3037·2d30·3330·3431·300a·2020··HEL-07-030410.··000cc300:·4845·4c2d·3037·2d30·3330·3431·300a·2020··HEL-07-030410.··
000cc310:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-3000cc310:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-3
Offset 52303, 21 lines modifiedOffset 52303, 21 lines modified
000cc4e0:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas000cc4e0:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas
000cc4f0:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps000cc4f0:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps
000cc500:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="000cc500:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="
000cc510:·6964·6d32·3535·3438·223e·3c70·7265·3e3c··idm25548"><pre><000cc510:·6964·6d32·3535·3438·223e·3c70·7265·3e3c··idm25548"><pre><
000cc520:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati000cc520:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati
000cc530:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable000cc530:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable
000cc540:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain000cc540:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain
000cc550:·2070·6c61·7466·6f72·6d73·0a69·6620·5b20···platforms.if·[·000cc550:·2070·6c61·7466·6f72·6d73·0a69·6620·7270···platforms.if·rp
 000cc560:·6d20·2d2d·7175·6965·7420·2d71·2061·7564··m·--quiet·-q·aud
 000cc570:·6974·2026·616d·703b·2661·6d70·3b20·5b20··it·&amp;&amp;·[·
000cc560:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv000cc580:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv
000cc570:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·000cc590:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·
000cc580:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta000cc5a0:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta
 000cc5b0:·696e·6572·656e·7620·5d3b·2074·6865·6e0a··inerenv·];·then.
000cc590:·696e·6572·656e·7620·5d20·2661·6d70·3b26··inerenv·]·&amp;& 
000cc5a0:·616d·703b·2072·706d·202d·2d71·7569·6574··amp;·rpm·--quiet 
000cc5b0:·202d·7120·6175·6469·743b·2074·6865·6e0a···-q·audit;·then. 
000cc5c0:·0a23·2046·6972·7374·2070·6572·666f·726d··.#·First·perform000cc5c0:·0a23·2046·6972·7374·2070·6572·666f·726d··.#·First·perform
000cc5d0:·2074·6865·2072·656d·6564·6961·7469·6f6e···the·remediation000cc5d0:·2074·6865·2072·656d·6564·6961·7469·6f6e···the·remediation
Max diff block lines reached; 705815/715191 bytes (98.69%) of diff not shown.
216 KB
html2text {}
    
Offset 46, 15 lines modifiedOffset 46, 15 lines modified
46 ····*·cpe:/o:redhat:enterprise_linux:7::client46 ····*·cpe:/o:redhat:enterprise_linux:7::client
47 ····*·cpe:/o:redhat:enterprise_linux:7::computenode47 ····*·cpe:/o:redhat:enterprise_linux:7::computenode
48 ····*·cpe:/o:redhat:enterprise_linux:7::server48 ····*·cpe:/o:redhat:enterprise_linux:7::server
49 ····*·cpe:/o:redhat:enterprise_linux:7::workstation49 ····*·cpe:/o:redhat:enterprise_linux:7::workstation
50 ····*·cpe:/o:redhat:enterprise_linux:750 ····*·cpe:/o:redhat:enterprise_linux:7
51 *****·Revision·History·*****51 *****·Revision·History·*****
52 Current·version:·0.1.6552 Current·version:·0.1.65
53 ····*·draft·(as·of·2024-01-14)53 ····*·draft·(as·of·2025-02-15)
54 *****·Table·of·Contents·*****54 *****·Table·of·Contents·*****
55 ···1.·System_Settings55 ···1.·System_Settings
56 ·········1.·Installing_and_Maintaining_Software56 ·········1.·Installing_and_Maintaining_Software
57 ·········2.·Account_and_Access_Control57 ·········2.·Account_and_Access_Control
58 ·········3.·System_Accounting_with_auditd58 ·········3.·System_Accounting_with_auditd
59 ·········4.·GRUB2_bootloader_configuration59 ·········4.·GRUB2_bootloader_configuration
60 ·········5.·Configure_Syslog60 ·········5.·Configure_Syslog
Offset 5015, 16 lines modifiedOffset 5015, 16 lines modified
5015 ··-·reboot_required5015 ··-·reboot_required
5016 ··-·restrict_strategy5016 ··-·restrict_strategy
  
5017 -·name:·Set·architecture·for·audit·chmod·tasks5017 -·name:·Set·architecture·for·audit·chmod·tasks
5018 ··set_fact:5018 ··set_fact:
5019 ····audit_arch:·b645019 ····audit_arch:·b64
5020 ··when:5020 ··when:
5021 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5022 ··-·'"audit"·in·ansible_facts.packages'5021 ··-·'"audit"·in·ansible_facts.packages'
 5022 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5023 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture5023 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
5024 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"5024 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
5025 ··tags:5025 ··tags:
5026 ··-·CCE-27339-15026 ··-·CCE-27339-1
5027 ··-·CJIS-5.4.1.15027 ··-·CJIS-5.4.1.1
5028 ··-·DISA-STIG-RHEL-07-0304105028 ··-·DISA-STIG-RHEL-07-030410
5029 ··-·NIST-800-171-3.1.75029 ··-·NIST-800-171-3.1.7
Offset 5162, 16 lines modifiedOffset 5162, 16 lines modified
5162 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10005162 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
5163 ········-F·auid!=unset·-F·key=perm_mod5163 ········-F·auid!=unset·-F·key=perm_mod
5164 ······create:·true5164 ······create:·true
5165 ······mode:·o-rwx5165 ······mode:·o-rwx
5166 ······state:·present5166 ······state:·present
5167 ····when:·syscalls_found·|·length·==·05167 ····when:·syscalls_found·|·length·==·0
5168 ··when:5168 ··when:
5169 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5170 ··-·'"audit"·in·ansible_facts.packages'5169 ··-·'"audit"·in·ansible_facts.packages'
 5170 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5171 ··tags:5171 ··tags:
5172 ··-·CCE-27339-15172 ··-·CCE-27339-1
5173 ··-·CJIS-5.4.1.15173 ··-·CJIS-5.4.1.1
5174 ··-·DISA-STIG-RHEL-07-0304105174 ··-·DISA-STIG-RHEL-07-030410
5175 ··-·NIST-800-171-3.1.75175 ··-·NIST-800-171-3.1.7
5176 ··-·NIST-800-53-AU-12(c)5176 ··-·NIST-800-53-AU-12(c)
5177 ··-·NIST-800-53-AU-2(d)5177 ··-·NIST-800-53-AU-2(d)
Offset 5307, 16 lines modifiedOffset 5307, 16 lines modified
5307 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10005307 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
5308 ········-F·auid!=unset·-F·key=perm_mod5308 ········-F·auid!=unset·-F·key=perm_mod
5309 ······create:·true5309 ······create:·true
5310 ······mode:·o-rwx5310 ······mode:·o-rwx
5311 ······state:·present5311 ······state:·present
5312 ····when:·syscalls_found·|·length·==·05312 ····when:·syscalls_found·|·length·==·0
5313 ··when:5313 ··when:
5314 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5315 ··-·'"audit"·in·ansible_facts.packages'5314 ··-·'"audit"·in·ansible_facts.packages'
 5315 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5316 ··-·audit_arch·==·"b64"5316 ··-·audit_arch·==·"b64"
5317 ··tags:5317 ··tags:
5318 ··-·CCE-27339-15318 ··-·CCE-27339-1
5319 ··-·CJIS-5.4.1.15319 ··-·CJIS-5.4.1.1
5320 ··-·DISA-STIG-RHEL-07-0304105320 ··-·DISA-STIG-RHEL-07-030410
5321 ··-·NIST-800-171-3.1.75321 ··-·NIST-800-171-3.1.7
5322 ··-·NIST-800-53-AU-12(c)5322 ··-·NIST-800-53-AU-12(c)
Offset 5327, 15 lines modifiedOffset 5327, 15 lines modified
5327 ··-·low_complexity5327 ··-·low_complexity
5328 ··-·low_disruption5328 ··-·low_disruption
5329 ··-·medium_severity5329 ··-·medium_severity
5330 ··-·reboot_required5330 ··-·reboot_required
5331 ··-·restrict_strategy5331 ··-·restrict_strategy
5332 Remediation_Shell_script_⇲5332 Remediation_Shell_script_⇲
5333 #·Remediation·is·applicable·only·in·certain·platforms5333 #·Remediation·is·applicable·only·in·certain·platforms
5334 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then5334 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
5335 #·First·perform·the·remediation·of·the·syscall·rule5335 #·First·perform·the·remediation·of·the·syscall·rule
5336 #·Retrieve·hardware·architecture·of·the·underlying·system5336 #·Retrieve·hardware·architecture·of·the·underlying·system
5337 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")5337 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
5338 for·ARCH·in·"${RULE_ARCHS[@]}"5338 for·ARCH·in·"${RULE_ARCHS[@]}"
5339 do5339 do
Offset 5698, 16 lines modifiedOffset 5698, 16 lines modified
5698 ··-·reboot_required5698 ··-·reboot_required
5699 ··-·restrict_strategy5699 ··-·restrict_strategy
  
5700 -·name:·Set·architecture·for·audit·chown·tasks5700 -·name:·Set·architecture·for·audit·chown·tasks
5701 ··set_fact:5701 ··set_fact:
5702 ····audit_arch:·b645702 ····audit_arch:·b64
5703 ··when:5703 ··when:
5704 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5705 ··-·'"audit"·in·ansible_facts.packages'5704 ··-·'"audit"·in·ansible_facts.packages'
 5705 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5706 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture5706 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
5707 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"5707 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
5708 ··tags:5708 ··tags:
5709 ··-·CCE-27364-95709 ··-·CCE-27364-9
5710 ··-·CJIS-5.4.1.15710 ··-·CJIS-5.4.1.1
5711 ··-·DISA-STIG-RHEL-07-0303705711 ··-·DISA-STIG-RHEL-07-030370
5712 ··-·NIST-800-171-3.1.75712 ··-·NIST-800-171-3.1.7
Offset 5847, 16 lines modifiedOffset 5847, 16 lines modified
5847 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10005847 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
5848 ········-F·auid!=unset·-F·key=perm_mod5848 ········-F·auid!=unset·-F·key=perm_mod
5849 ······create:·true5849 ······create:·true
5850 ······mode:·o-rwx5850 ······mode:·o-rwx
5851 ······state:·present5851 ······state:·present
5852 ····when:·syscalls_found·|·length·==·05852 ····when:·syscalls_found·|·length·==·0
5853 ··when:5853 ··when:
5854 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5855 ··-·'"audit"·in·ansible_facts.packages'5854 ··-·'"audit"·in·ansible_facts.packages'
 5855 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5856 ··tags:5856 ··tags:
5857 ··-·CCE-27364-95857 ··-·CCE-27364-9
5858 ··-·CJIS-5.4.1.15858 ··-·CJIS-5.4.1.1
5859 ··-·DISA-STIG-RHEL-07-0303705859 ··-·DISA-STIG-RHEL-07-030370
5860 ··-·NIST-800-171-3.1.75860 ··-·NIST-800-171-3.1.7
5861 ··-·NIST-800-53-AU-12(c)5861 ··-·NIST-800-53-AU-12(c)
5862 ··-·NIST-800-53-AU-2(d)5862 ··-·NIST-800-53-AU-2(d)
Offset 5994, 16 lines modifiedOffset 5994, 16 lines modified
5994 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10005994 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
5995 ········-F·auid!=unset·-F·key=perm_mod5995 ········-F·auid!=unset·-F·key=perm_mod
5996 ······create:·true5996 ······create:·true
5997 ······mode:·o-rwx5997 ······mode:·o-rwx
5998 ······state:·present5998 ······state:·present
Max diff block lines reached; 216264/221002 bytes (97.86%) of diff not shown.
538 KB
./usr/share/doc/ssg-nondebian/ssg-rhel7-guide-cjis.html
    
Offset 14346, 15 lines modifiedOffset 14346, 15 lines modified
00038090:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>00038090:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>
000380a0:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:000380a0:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:
000380b0:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<000380b0:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<
000380c0:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>000380c0:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>
000380d0:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf000380d0:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf
000380e0:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····000380e0:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····
000380f0:·2020·2020·2020·2020·2020·2020·2020·2028·················(000380f0:·2020·2020·2020·2020·2020·2020·2020·2028·················(
00038100:·6173·206f·6620·3230·3234·2d30·312d·3134··as·of·2024-01-1400038100:·6173·206f·6620·3230·3235·2d30·322d·3135··as·of·2025-02-15
00038110:·290a·2020·2020·2020·2020·2020·2020·2020··).··············00038110:·290a·2020·2020·2020·2020·2020·2020·2020··).··············
00038120:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di00038120:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di
00038130:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C00038130:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C
00038140:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>00038140:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>
00038150:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc00038150:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc
00038160:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje00038160:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje
00038170:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group00038170:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group
Offset 40105, 23 lines modifiedOffset 40105, 23 lines modified
0009ca80:·5f72·6571·7569·7265·640a·2020·2d20·7265··_required.··-·re0009ca80:·5f72·6571·7569·7265·640a·2020·2d20·7265··_required.··-·re
0009ca90:·7374·7269·6374·5f73·7472·6174·6567·790a··strict_strategy.0009ca90:·7374·7269·6374·5f73·7472·6174·6567·790a··strict_strategy.
0009caa0:·0a2d·206e·616d·653a·2053·6574·2061·7263··.-·name:·Set·arc0009caa0:·0a2d·206e·616d·653a·2053·6574·2061·7263··.-·name:·Set·arc
0009cab0:·6869·7465·6374·7572·6520·666f·7220·6175··hitecture·for·au0009cab0:·6869·7465·6374·7572·6520·666f·7220·6175··hitecture·for·au
0009cac0:·6469·7420·6368·6d6f·6420·7461·736b·730a··dit·chmod·tasks.0009cac0:·6469·7420·6368·6d6f·6420·7461·736b·730a··dit·chmod·tasks.
0009cad0:·2020·7365·745f·6661·6374·3a0a·2020·2020····set_fact:.····0009cad0:·2020·7365·745f·6661·6374·3a0a·2020·2020····set_fact:.····
0009cae0:·6175·6469·745f·6172·6368·3a20·6236·340a··audit_arch:·b64.0009cae0:·6175·6469·745f·6172·6368·3a20·6236·340a··audit_arch:·b64.
0009caf0:·2020·7768·656e·3a0a·2020·2d20·616e·7369····when:.··-·ansi0009caf0:·2020·7768·656e·3a0a·2020·2d20·2722·6175····when:.··-·'"au
0009cb00:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati 
0009cb10:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[ 
0009cb20:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc", 
0009cb30:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm 
0009cb40:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container" 
0009cb50:·5d0a·2020·2d20·2722·6175·6469·7422·2069··].··-·'"audit"·i 
0009cb60:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
0009cb70:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an0009cb00:·6469·7422·2069·6e20·616e·7369·626c·655f··dit"·in·ansible_
 0009cb10:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.
 0009cb20:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt
 0009cb30:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type·
 0009cb40:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker"
 0009cb50:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz
 0009cb60:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co
 0009cb70:·6e74·6169·6e65·7222·5d0a·2020·2d20·616e··ntainer"].··-·an
0009cb80:·7369·626c·655f·6172·6368·6974·6563·7475··sible_architectu0009cb80:·7369·626c·655f·6172·6368·6974·6563·7475··sible_architectu
0009cb90:·7265·203d·3d20·2261·6172·6368·3634·2220··re·==·"aarch64"·0009cb90:·7265·203d·3d20·2261·6172·6368·3634·2220··re·==·"aarch64"·
0009cba0:·6f72·2061·6e73·6962·6c65·5f61·7263·6869··or·ansible_archi0009cba0:·6f72·2061·6e73·6962·6c65·5f61·7263·6869··or·ansible_archi
0009cbb0:·7465·6374·7572·6520·3d3d·2022·7070·6336··tecture·==·"ppc60009cbb0:·7465·6374·7572·6520·3d3d·2022·7070·6336··tecture·==·"ppc6
0009cbc0:·3422·206f·7220·616e·7369·626c·655f·6172··4"·or·ansible_ar0009cbc0:·3422·206f·7220·616e·7369·626c·655f·6172··4"·or·ansible_ar
0009cbd0:·6368·6974·6563·7475·7265·0a20·2020·203d··chitecture.····=0009cbd0:·6368·6974·6563·7475·7265·0a20·2020·203d··chitecture.····=
0009cbe0:·3d20·2270·7063·3634·6c65·2220·6f72·2061··=·"ppc64le"·or·a0009cbe0:·3d20·2270·7063·3634·6c65·2220·6f72·2061··=·"ppc64le"·or·a
Offset 40429, 23 lines modifiedOffset 40429, 23 lines modified
0009dec0:·7420·2d46·206b·6579·3d70·6572·6d5f·6d6f··t·-F·key=perm_mo0009dec0:·7420·2d46·206b·6579·3d70·6572·6d5f·6d6f··t·-F·key=perm_mo
0009ded0:·640a·2020·2020·2020·6372·6561·7465·3a20··d.······create:·0009ded0:·640a·2020·2020·2020·6372·6561·7465·3a20··d.······create:·
0009dee0:·7472·7565·0a20·2020·2020·206d·6f64·653a··true.······mode:0009dee0:·7472·7565·0a20·2020·2020·206d·6f64·653a··true.······mode:
0009def0:·206f·2d72·7778·0a20·2020·2020·2073·7461···o-rwx.······sta0009def0:·206f·2d72·7778·0a20·2020·2020·2073·7461···o-rwx.······sta
0009df00:·7465·3a20·7072·6573·656e·740a·2020·2020··te:·present.····0009df00:·7465·3a20·7072·6573·656e·740a·2020·2020··te:·present.····
0009df10:·7768·656e·3a20·7379·7363·616c·6c73·5f66··when:·syscalls_f0009df10:·7768·656e·3a20·7379·7363·616c·6c73·5f66··when:·syscalls_f
0009df20:·6f75·6e64·207c·206c·656e·6774·6820·3d3d··ound·|·length·==0009df20:·6f75·6e64·207c·206c·656e·6774·6820·3d3d··ound·|·length·==
0009df30:·2030·0a20·2077·6865·6e3a·0a20·202d·2061···0.··when:.··-·a0009df30:·2030·0a20·2077·6865·6e3a·0a20·202d·2027···0.··when:.··-·'
0009df40:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz 
0009df50:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i 
0009df60:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx 
0009df70:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p 
0009df80:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain 
0009df90:·6572·225d·0a20·202d·2027·2261·7564·6974··er"].··-·'"audit 
0009dfa0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
0009dfb0:·7473·2e70·6163·6b61·6765·7327·0a20·2074··ts.packages'.··t0009df40:·2261·7564·6974·2220·696e·2061·6e73·6962··"audit"·in·ansib
 0009df50:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
 0009df60:·7327·0a20·202d·2061·6e73·6962·6c65·5f76··s'.··-·ansible_v
 0009df70:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
 0009df80:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
 0009df90:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
 0009dfa0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
 0009dfb0:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t
0009dfc0:·6167·733a·0a20·202d·2043·4345·2d32·3733··ags:.··-·CCE-2730009dfc0:·6167·733a·0a20·202d·2043·4345·2d32·3733··ags:.··-·CCE-273
0009dfd0:·3339·2d31·0a20·202d·2043·4a49·532d·352e··39-1.··-·CJIS-5.0009dfd0:·3339·2d31·0a20·202d·2043·4a49·532d·352e··39-1.··-·CJIS-5.
0009dfe0:·342e·312e·310a·2020·2d20·4449·5341·2d53··4.1.1.··-·DISA-S0009dfe0:·342e·312e·310a·2020·2d20·4449·5341·2d53··4.1.1.··-·DISA-S
0009dff0:·5449·472d·5248·454c·2d30·372d·3033·3034··TIG-RHEL-07-03040009dff0:·5449·472d·5248·454c·2d30·372d·3033·3034··TIG-RHEL-07-0304
0009e000:·3130·0a20·202d·204e·4953·542d·3830·302d··10.··-·NIST-800-0009e000:·3130·0a20·202d·204e·4953·542d·3830·302d··10.··-·NIST-800-
0009e010:·3137·312d·332e·312e·370a·2020·2d20·4e49··171-3.1.7.··-·NI0009e010:·3137·312d·332e·312e·370a·2020·2d20·4e49··171-3.1.7.··-·NI
0009e020:·5354·2d38·3030·2d35·332d·4155·2d31·3228··ST-800-53-AU-12(0009e020:·5354·2d38·3030·2d35·332d·4155·2d31·3228··ST-800-53-AU-12(
Offset 40742, 23 lines modifiedOffset 40742, 23 lines modified
0009f250:·6579·3d70·6572·6d5f·6d6f·640a·2020·2020··ey=perm_mod.····0009f250:·6579·3d70·6572·6d5f·6d6f·640a·2020·2020··ey=perm_mod.····
0009f260:·2020·6372·6561·7465·3a20·7472·7565·0a20····create:·true.·0009f260:·2020·6372·6561·7465·3a20·7472·7565·0a20····create:·true.·
0009f270:·2020·2020·206d·6f64·653a·206f·2d72·7778·······mode:·o-rwx0009f270:·2020·2020·206d·6f64·653a·206f·2d72·7778·······mode:·o-rwx
0009f280:·0a20·2020·2020·2073·7461·7465·3a20·7072··.······state:·pr0009f280:·0a20·2020·2020·2073·7461·7465·3a20·7072··.······state:·pr
0009f290:·6573·656e·740a·2020·2020·7768·656e·3a20··esent.····when:·0009f290:·6573·656e·740a·2020·2020·7768·656e·3a20··esent.····when:·
0009f2a0:·7379·7363·616c·6c73·5f66·6f75·6e64·207c··syscalls_found·|0009f2a0:·7379·7363·616c·6c73·5f66·6f75·6e64·207c··syscalls_found·|
0009f2b0:·206c·656e·6774·6820·3d3d·2030·0a20·2077···length·==·0.··w0009f2b0:·206c·656e·6774·6820·3d3d·2030·0a20·2077···length·==·0.··w
0009f2c0:·6865·6e3a·0a20·202d·2061·6e73·6962·6c65··hen:.··-·ansible0009f2c0:·6865·6e3a·0a20·202d·2027·2261·7564·6974··hen:.··-·'"audit
0009f2d0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_ 
0009f2e0:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do 
0009f2f0:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o 
0009f300:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman" 
0009f310:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].· 
0009f320:·202d·2027·2261·7564·6974·2220·696e·2061···-·'"audit"·in·a 
0009f330:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac0009f2d0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
 0009f2e0:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-
 0009f2f0:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
 0009f300:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
 0009f310:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
 0009f320:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
 0009f330:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
0009f340:·6b61·6765·7327·0a20·202d·2061·7564·6974··kages'.··-·audit0009f340:·696e·6572·225d·0a20·202d·2061·7564·6974··iner"].··-·audit
0009f350:·5f61·7263·6820·3d3d·2022·6236·3422·0a20··_arch·==·"b64".·0009f350:·5f61·7263·6820·3d3d·2022·6236·3422·0a20··_arch·==·"b64".·
0009f360:·2074·6167·733a·0a20·202d·2043·4345·2d32···tags:.··-·CCE-20009f360:·2074·6167·733a·0a20·202d·2043·4345·2d32···tags:.··-·CCE-2
0009f370:·3733·3339·2d31·0a20·202d·2043·4a49·532d··7339-1.··-·CJIS-0009f370:·3733·3339·2d31·0a20·202d·2043·4a49·532d··7339-1.··-·CJIS-
0009f380:·352e·342e·312e·310a·2020·2d20·4449·5341··5.4.1.1.··-·DISA0009f380:·352e·342e·312e·310a·2020·2d20·4449·5341··5.4.1.1.··-·DISA
0009f390:·2d53·5449·472d·5248·454c·2d30·372d·3033··-STIG-RHEL-07-030009f390:·2d53·5449·472d·5248·454c·2d30·372d·3033··-STIG-RHEL-07-03
0009f3a0:·3034·3130·0a20·202d·204e·4953·542d·3830··0410.··-·NIST-800009f3a0:·3034·3130·0a20·202d·204e·4953·542d·3830··0410.··-·NIST-80
0009f3b0:·302d·3137·312d·332e·312e·370a·2020·2d20··0-171-3.1.7.··-·0009f3b0:·302d·3137·312d·332e·312e·370a·2020·2d20··0-171-3.1.7.··-·
Offset 40793, 20 lines modifiedOffset 40793, 20 lines modified
0009f580:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-0009f580:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-
0009f590:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps0009f590:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps
0009f5a0:·6522·2069·643d·2269·646d·3235·3534·3822··e"·id="idm25548"0009f5a0:·6522·2069·643d·2269·646d·3235·3534·3822··e"·id="idm25548"
0009f5b0:·3e3c·7072·653e·3c63·6f64·653e·2320·5265··><pre><code>#·Re0009f5b0:·3e3c·7072·653e·3c63·6f64·653e·2320·5265··><pre><code>#·Re
0009f5c0:·6d65·6469·6174·696f·6e20·6973·2061·7070··mediation·is·app0009f5c0:·6d65·6469·6174·696f·6e20·6973·2061·7070··mediation·is·app
0009f5d0:·6c69·6361·626c·6520·6f6e·6c79·2069·6e20··licable·only·in·0009f5d0:·6c69·6361·626c·6520·6f6e·6c79·2069·6e20··licable·only·in·
0009f5e0:·6365·7274·6169·6e20·706c·6174·666f·726d··certain·platform0009f5e0:·6365·7274·6169·6e20·706c·6174·666f·726d··certain·platform
 0009f5f0:·730a·6966·2072·706d·202d·2d71·7569·6574··s.if·rpm·--quiet
 0009f600:·202d·7120·6175·6469·7420·2661·6d70·3b26···-q·audit·&amp;&
0009f5f0:·730a·6966·205b·2021·202d·6620·2f2e·646f··s.if·[·!·-f·/.do0009f610:·616d·703b·205b·2021·202d·6620·2f2e·646f··amp;·[·!·-f·/.do
0009f600:·636b·6572·656e·7620·5d20·2661·6d70·3b26··ckerenv·]·&amp;&0009f620:·636b·6572·656e·7620·5d20·2661·6d70·3b26··ckerenv·]·&amp;&
0009f610:·616d·703b·205b·2021·202d·6620·2f72·756e··amp;·[·!·-f·/run0009f630:·616d·703b·205b·2021·202d·6620·2f72·756e··amp;·[·!·-f·/run
0009f620:·2f2e·636f·6e74·6169·6e65·7265·6e76·205d··/.containerenv·]0009f640:·2f2e·636f·6e74·6169·6e65·7265·6e76·205d··/.containerenv·]
0009f630:·2026·616d·703b·2661·6d70·3b20·7270·6d20···&amp;&amp;·rpm· 
0009f640:·2d2d·7175·6965·7420·2d71·2061·7564·6974··--quiet·-q·audit 
0009f650:·3b20·7468·656e·0a0a·2320·4669·7273·7420··;·then..#·First·0009f650:·3b20·7468·656e·0a0a·2320·4669·7273·7420··;·then..#·First·
0009f660:·7065·7266·6f72·6d20·7468·6520·7265·6d65··perform·the·reme0009f660:·7065·7266·6f72·6d20·7468·6520·7265·6d65··perform·the·reme
0009f670:·6469·6174·696f·6e20·6f66·2074·6865·2073··diation·of·the·s0009f670:·6469·6174·696f·6e20·6f66·2074·6865·2073··diation·of·the·s
0009f680:·7973·6361·6c6c·2072·756c·650a·2320·5265··yscall·rule.#·Re0009f680:·7973·6361·6c6c·2072·756c·650a·2320·5265··yscall·rule.#·Re
Max diff block lines reached; 405971/415485 bytes (97.71%) of diff not shown.
133 KB
html2text {}
    
Offset 44, 15 lines modifiedOffset 44, 15 lines modified
44 ····*·cpe:/o:redhat:enterprise_linux:7::client44 ····*·cpe:/o:redhat:enterprise_linux:7::client
45 ····*·cpe:/o:redhat:enterprise_linux:7::computenode45 ····*·cpe:/o:redhat:enterprise_linux:7::computenode
46 ····*·cpe:/o:redhat:enterprise_linux:7::server46 ····*·cpe:/o:redhat:enterprise_linux:7::server
47 ····*·cpe:/o:redhat:enterprise_linux:7::workstation47 ····*·cpe:/o:redhat:enterprise_linux:7::workstation
48 ····*·cpe:/o:redhat:enterprise_linux:748 ····*·cpe:/o:redhat:enterprise_linux:7
49 *****·Revision·History·*****49 *****·Revision·History·*****
50 Current·version:·0.1.6550 Current·version:·0.1.65
51 ····*·draft·(as·of·2024-01-14)51 ····*·draft·(as·of·2025-02-15)
52 *****·Table·of·Contents·*****52 *****·Table·of·Contents·*****
53 ···1.·System_Settings53 ···1.·System_Settings
54 ·········1.·Installing_and_Maintaining_Software54 ·········1.·Installing_and_Maintaining_Software
55 ·········2.·Account_and_Access_Control55 ·········2.·Account_and_Access_Control
56 ·········3.·System_Accounting_with_auditd56 ·········3.·System_Accounting_with_auditd
57 ·········4.·GRUB2_bootloader_configuration57 ·········4.·GRUB2_bootloader_configuration
58 ·········5.·Network_Configuration_and_Firewalls58 ·········5.·Network_Configuration_and_Firewalls
Offset 3972, 16 lines modifiedOffset 3972, 16 lines modified
3972 ··-·reboot_required3972 ··-·reboot_required
3973 ··-·restrict_strategy3973 ··-·restrict_strategy
  
3974 -·name:·Set·architecture·for·audit·chmod·tasks3974 -·name:·Set·architecture·for·audit·chmod·tasks
3975 ··set_fact:3975 ··set_fact:
3976 ····audit_arch:·b643976 ····audit_arch:·b64
3977 ··when:3977 ··when:
3978 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3979 ··-·'"audit"·in·ansible_facts.packages'3978 ··-·'"audit"·in·ansible_facts.packages'
 3979 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3980 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture3980 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
3981 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"3981 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
3982 ··tags:3982 ··tags:
3983 ··-·CCE-27339-13983 ··-·CCE-27339-1
3984 ··-·CJIS-5.4.1.13984 ··-·CJIS-5.4.1.1
3985 ··-·DISA-STIG-RHEL-07-0304103985 ··-·DISA-STIG-RHEL-07-030410
3986 ··-·NIST-800-171-3.1.73986 ··-·NIST-800-171-3.1.7
Offset 4119, 16 lines modifiedOffset 4119, 16 lines modified
4119 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10004119 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
4120 ········-F·auid!=unset·-F·key=perm_mod4120 ········-F·auid!=unset·-F·key=perm_mod
4121 ······create:·true4121 ······create:·true
4122 ······mode:·o-rwx4122 ······mode:·o-rwx
4123 ······state:·present4123 ······state:·present
4124 ····when:·syscalls_found·|·length·==·04124 ····when:·syscalls_found·|·length·==·0
4125 ··when:4125 ··when:
4126 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4127 ··-·'"audit"·in·ansible_facts.packages'4126 ··-·'"audit"·in·ansible_facts.packages'
 4127 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4128 ··tags:4128 ··tags:
4129 ··-·CCE-27339-14129 ··-·CCE-27339-1
4130 ··-·CJIS-5.4.1.14130 ··-·CJIS-5.4.1.1
4131 ··-·DISA-STIG-RHEL-07-0304104131 ··-·DISA-STIG-RHEL-07-030410
4132 ··-·NIST-800-171-3.1.74132 ··-·NIST-800-171-3.1.7
4133 ··-·NIST-800-53-AU-12(c)4133 ··-·NIST-800-53-AU-12(c)
4134 ··-·NIST-800-53-AU-2(d)4134 ··-·NIST-800-53-AU-2(d)
Offset 4264, 16 lines modifiedOffset 4264, 16 lines modified
4264 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10004264 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
4265 ········-F·auid!=unset·-F·key=perm_mod4265 ········-F·auid!=unset·-F·key=perm_mod
4266 ······create:·true4266 ······create:·true
4267 ······mode:·o-rwx4267 ······mode:·o-rwx
4268 ······state:·present4268 ······state:·present
4269 ····when:·syscalls_found·|·length·==·04269 ····when:·syscalls_found·|·length·==·0
4270 ··when:4270 ··when:
4271 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4272 ··-·'"audit"·in·ansible_facts.packages'4271 ··-·'"audit"·in·ansible_facts.packages'
 4272 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4273 ··-·audit_arch·==·"b64"4273 ··-·audit_arch·==·"b64"
4274 ··tags:4274 ··tags:
4275 ··-·CCE-27339-14275 ··-·CCE-27339-1
4276 ··-·CJIS-5.4.1.14276 ··-·CJIS-5.4.1.1
4277 ··-·DISA-STIG-RHEL-07-0304104277 ··-·DISA-STIG-RHEL-07-030410
4278 ··-·NIST-800-171-3.1.74278 ··-·NIST-800-171-3.1.7
4279 ··-·NIST-800-53-AU-12(c)4279 ··-·NIST-800-53-AU-12(c)
Offset 4284, 15 lines modifiedOffset 4284, 15 lines modified
4284 ··-·low_complexity4284 ··-·low_complexity
4285 ··-·low_disruption4285 ··-·low_disruption
4286 ··-·medium_severity4286 ··-·medium_severity
4287 ··-·reboot_required4287 ··-·reboot_required
4288 ··-·restrict_strategy4288 ··-·restrict_strategy
4289 Remediation_Shell_script_⇲4289 Remediation_Shell_script_⇲
4290 #·Remediation·is·applicable·only·in·certain·platforms4290 #·Remediation·is·applicable·only·in·certain·platforms
4291 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then4291 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
4292 #·First·perform·the·remediation·of·the·syscall·rule4292 #·First·perform·the·remediation·of·the·syscall·rule
4293 #·Retrieve·hardware·architecture·of·the·underlying·system4293 #·Retrieve·hardware·architecture·of·the·underlying·system
4294 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")4294 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
4295 for·ARCH·in·"${RULE_ARCHS[@]}"4295 for·ARCH·in·"${RULE_ARCHS[@]}"
4296 do4296 do
Offset 4655, 16 lines modifiedOffset 4655, 16 lines modified
4655 ··-·reboot_required4655 ··-·reboot_required
4656 ··-·restrict_strategy4656 ··-·restrict_strategy
  
4657 -·name:·Set·architecture·for·audit·chown·tasks4657 -·name:·Set·architecture·for·audit·chown·tasks
4658 ··set_fact:4658 ··set_fact:
4659 ····audit_arch:·b644659 ····audit_arch:·b64
4660 ··when:4660 ··when:
4661 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4662 ··-·'"audit"·in·ansible_facts.packages'4661 ··-·'"audit"·in·ansible_facts.packages'
 4662 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4663 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture4663 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
4664 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"4664 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
4665 ··tags:4665 ··tags:
4666 ··-·CCE-27364-94666 ··-·CCE-27364-9
4667 ··-·CJIS-5.4.1.14667 ··-·CJIS-5.4.1.1
4668 ··-·DISA-STIG-RHEL-07-0303704668 ··-·DISA-STIG-RHEL-07-030370
4669 ··-·NIST-800-171-3.1.74669 ··-·NIST-800-171-3.1.7
Offset 4804, 16 lines modifiedOffset 4804, 16 lines modified
4804 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10004804 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
4805 ········-F·auid!=unset·-F·key=perm_mod4805 ········-F·auid!=unset·-F·key=perm_mod
4806 ······create:·true4806 ······create:·true
4807 ······mode:·o-rwx4807 ······mode:·o-rwx
4808 ······state:·present4808 ······state:·present
4809 ····when:·syscalls_found·|·length·==·04809 ····when:·syscalls_found·|·length·==·0
4810 ··when:4810 ··when:
4811 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4812 ··-·'"audit"·in·ansible_facts.packages'4811 ··-·'"audit"·in·ansible_facts.packages'
 4812 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4813 ··tags:4813 ··tags:
4814 ··-·CCE-27364-94814 ··-·CCE-27364-9
4815 ··-·CJIS-5.4.1.14815 ··-·CJIS-5.4.1.1
4816 ··-·DISA-STIG-RHEL-07-0303704816 ··-·DISA-STIG-RHEL-07-030370
4817 ··-·NIST-800-171-3.1.74817 ··-·NIST-800-171-3.1.7
4818 ··-·NIST-800-53-AU-12(c)4818 ··-·NIST-800-53-AU-12(c)
4819 ··-·NIST-800-53-AU-2(d)4819 ··-·NIST-800-53-AU-2(d)
Offset 4951, 16 lines modifiedOffset 4951, 16 lines modified
4951 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10004951 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
4952 ········-F·auid!=unset·-F·key=perm_mod4952 ········-F·auid!=unset·-F·key=perm_mod
4953 ······create:·true4953 ······create:·true
4954 ······mode:·o-rwx4954 ······mode:·o-rwx
4955 ······state:·present4955 ······state:·present
Max diff block lines reached; 131023/135780 bytes (96.50%) of diff not shown.
6.87 KB
./usr/share/doc/ssg-nondebian/ssg-rhel7-guide-cui.html
    
Offset 14387, 15 lines modifiedOffset 14387, 15 lines modified
00038320:·6f72·793c·2f68·323e·3c70·3e43·7572·7265··ory</h2><p>Curre00038320:·6f72·793c·2f68·323e·3c70·3e43·7572·7265··ory</h2><p>Curre
00038330:·6e74·2076·6572·7369·6f6e·3a20·3c73·7472··nt·version:·<str00038330:·6e74·2076·6572·7369·6f6e·3a20·3c73·7472··nt·version:·<str
00038340:·6f6e·673e·302e·312e·3635·3c2f·7374·726f··ong>0.1.65</stro00038340:·6f6e·673e·302e·312e·3635·3c2f·7374·726f··ong>0.1.65</stro
00038350:·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c··ng></p><ul><li><00038350:·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c··ng></p><ul><li><
00038360:·7374·726f·6e67·3e64·7261·6674·3c2f·7374··strong>draft</st00038360:·7374·726f·6e67·3e64·7261·6674·3c2f·7374··strong>draft</st
00038370:·726f·6e67·3e0a·2020·2020·2020·2020·2020··rong>.··········00038370:·726f·6e67·3e0a·2020·2020·2020·2020·2020··rong>.··········
00038380:·2020·2020·2020·2020·2020·2861·7320·6f66············(as·of00038380:·2020·2020·2020·2020·2020·2861·7320·6f66············(as·of
00038390:·2032·3032·342d·3031·2d31·3429·0a20·2020···2024-01-14).···00038390:·2032·3032·352d·3032·2d31·3529·0a20·2020···2025-02-15).···
000383a0:·2020·2020·2020·2020·2020·2020·203c·2f6c···············</l000383a0:·2020·2020·2020·2020·2020·2020·203c·2f6c···············</l
000383b0:·693e·3c2f·756c·3e3c·2f64·6976·3e3c·6832··i></ul></div><h2000383b0:·693e·3c2f·756c·3e3c·2f64·6976·3e3c·6832··i></ul></div><h2
000383c0:·3e54·6162·6c65·206f·6620·436f·6e74·656e··>Table·of·Conten000383c0:·3e54·6162·6c65·206f·6620·436f·6e74·656e··>Table·of·Conten
000383d0:·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c··ts</h2><ol><li><000383d0:·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c··ts</h2><ol><li><
000383e0:·6120·6872·6566·3d22·2378·6363·6466·5f6f··a·href="#xccdf_o000383e0:·6120·6872·6566·3d22·2378·6363·6466·5f6f··a·href="#xccdf_o
000383f0:·7267·2e73·7367·7072·6f6a·6563·742e·636f··rg.ssgproject.co000383f0:·7267·2e73·7367·7072·6f6a·6563·742e·636f··rg.ssgproject.co
00038400:·6e74·656e·745f·6772·6f75·705f·7379·7374··ntent_group_syst00038400:·6e74·656e·745f·6772·6f75·705f·7379·7374··ntent_group_syst
Offset 47195, 23 lines modifiedOffset 47195, 23 lines modified
000b85a0:·6567·6578·703a·205e·5c73·2a66·6c75·7368··egexp:·^\s*flush000b85a0:·6567·6578·703a·205e·5c73·2a66·6c75·7368··egexp:·^\s*flush
000b85b0:·5c73·2a3d·5c73·2a2e·2a24·0a20·2020·206c··\s*=\s*.*$.····l000b85b0:·5c73·2a3d·5c73·2a2e·2a24·0a20·2020·206c··\s*=\s*.*$.····l
000b85c0:·696e·653a·2066·6c75·7368·203d·207b·7b20··ine:·flush·=·{{·000b85c0:·696e·653a·2066·6c75·7368·203d·207b·7b20··ine:·flush·=·{{·
000b85d0:·7661·725f·6175·6469·7464·5f66·6c75·7368··var_auditd_flush000b85d0:·7661·725f·6175·6469·7464·5f66·6c75·7368··var_auditd_flush
000b85e0:·207d·7d0a·2020·2020·7374·6174·653a·2070···}}.····state:·p000b85e0:·207d·7d0a·2020·2020·7374·6174·653a·2070···}}.····state:·p
000b85f0:·7265·7365·6e74·0a20·2020·2063·7265·6174··resent.····creat000b85f0:·7265·7365·6e74·0a20·2020·2063·7265·6174··resent.····creat
000b8600:·653a·2074·7275·650a·2020·7768·656e·3a0a··e:·true.··when:.000b8600:·653a·2074·7275·650a·2020·7768·656e·3a0a··e:·true.··when:.
000b8610:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt 
000b8620:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type· 
000b8630:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker" 
000b8640:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz 
000b8650:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co 
000b8660:·6e74·6169·6e65·7222·5d0a·2020·2d20·2722··ntainer"].··-·'" 
000b8670:·6175·6469·7422·2069·6e20·616e·7369·626c··audit"·in·ansibl 
000b8680:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages000b8610:·2020·2d20·2722·6175·6469·7422·2069·6e20····-·'"audit"·in·
 000b8620:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
 000b8630:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi
 000b8640:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
 000b8650:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
 000b8660:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
 000b8670:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
 000b8680:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
000b8690:·270a·2020·7461·6773·3a0a·2020·2d20·4343··'.··tags:.··-·CC000b8690:·5d0a·2020·7461·6773·3a0a·2020·2d20·4343··].··tags:.··-·CC
000b86a0:·452d·3237·3333·312d·380a·2020·2d20·4e49··E-27331-8.··-·NI000b86a0:·452d·3237·3333·312d·380a·2020·2d20·4e49··E-27331-8.··-·NI
000b86b0:·5354·2d38·3030·2d31·3731·2d33·2e33·2e31··ST-800-171-3.3.1000b86b0:·5354·2d38·3030·2d31·3731·2d33·2e33·2e31··ST-800-171-3.3.1
000b86c0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53000b86c0:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
000b86d0:·2d41·552d·3131·0a20·202d·204e·4953·542d··-AU-11.··-·NIST-000b86d0:·2d41·552d·3131·0a20·202d·204e·4953·542d··-AU-11.··-·NIST-
000b86e0:·3830·302d·3533·2d43·4d2d·3628·6129·0a20··800-53-CM-6(a).·000b86e0:·3830·302d·3533·2d43·4d2d·3628·6129·0a20··800-53-CM-6(a).·
000b86f0:·202d·2061·7564·6974·645f·6461·7461·5f72···-·auditd_data_r000b86f0:·202d·2061·7564·6974·645f·6461·7461·5f72···-·auditd_data_r
000b8700:·6574·656e·7469·6f6e·5f66·6c75·7368·0a20··etention_flush.·000b8700:·6574·656e·7469·6f6e·5f66·6c75·7368·0a20··etention_flush.·
Offset 47238, 20 lines modifiedOffset 47238, 20 lines modified
000b8850:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col000b8850:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col
000b8860:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·000b8860:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·
000b8870:·6964·3d22·6964·6d33·3835·3230·223e·3c70··id="idm38520"><p000b8870:·6964·3d22·6964·6d33·3835·3230·223e·3c70··id="idm38520"><p
000b8880:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed000b8880:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed
000b8890:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic000b8890:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic
000b88a0:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer000b88a0:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer
000b88b0:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i000b88b0:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i
 000b88c0:·6620·7270·6d20·2d2d·7175·6965·7420·2d71··f·rpm·--quiet·-q
 000b88d0:·2061·7564·6974·2026·616d·703b·2661·6d70···audit·&amp;&amp
000b88c0:·6620·5b20·2120·2d66·202f·2e64·6f63·6b65··f·[·!·-f·/.docke000b88e0:·3b20·5b20·2120·2d66·202f·2e64·6f63·6b65··;·[·!·-f·/.docke
000b88d0:·7265·6e76·205d·2026·616d·703b·2661·6d70··renv·]·&amp;&amp000b88f0:·7265·6e76·205d·2026·616d·703b·2661·6d70··renv·]·&amp;&amp
000b88e0:·3b20·5b20·2120·2d66·202f·7275·6e2f·2e63··;·[·!·-f·/run/.c000b8900:·3b20·5b20·2120·2d66·202f·7275·6e2f·2e63··;·[·!·-f·/run/.c
000b88f0:·6f6e·7461·696e·6572·656e·7620·5d20·2661··ontainerenv·]·&a000b8910:·6f6e·7461·696e·6572·656e·7620·5d3b·2074··ontainerenv·];·t
000b8900:·6d70·3b26·616d·703b·2072·706d·202d·2d71··mp;&amp;·rpm·--q 
000b8910:·7569·6574·202d·7120·6175·6469·743b·2074··uiet·-q·audit;·t 
000b8920:·6865·6e0a·0a76·6172·5f61·7564·6974·645f··hen..var_auditd_000b8920:·6865·6e0a·0a76·6172·5f61·7564·6974·645f··hen..var_auditd_
000b8930:·666c·7573·683d·273c·6162·6272·2074·6974··flush='<abbr·tit000b8930:·666c·7573·683d·273c·6162·6272·2074·6974··flush='<abbr·tit
000b8940:·6c65·3d22·6672·6f6d·2050·726f·6669·6c65··le="from·Profile000b8940:·6c65·3d22·6672·6f6d·2050·726f·6669·6c65··le="from·Profile
000b8950:·2f72·6566·696e·652d·7661·6c75·653a·2078··/refine-value:·x000b8950:·2f72·6566·696e·652d·7661·6c75·653a·2078··/refine-value:·x
000b8960:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj000b8960:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj
000b8970:·6563·742e·636f·6e74·656e·745f·7661·6c75··ect.content_valu000b8970:·6563·742e·636f·6e74·656e·745f·7661·6c75··ect.content_valu
000b8980:·655f·7661·725f·6175·6469·7464·5f66·6c75··e_var_auditd_flu000b8980:·655f·7661·725f·6175·6469·7464·5f66·6c75··e_var_auditd_flu
1.7 KB
html2text {}
    
Offset 54, 15 lines modifiedOffset 54, 15 lines modified
54 ····*·cpe:/o:redhat:enterprise_linux:7::client54 ····*·cpe:/o:redhat:enterprise_linux:7::client
55 ····*·cpe:/o:redhat:enterprise_linux:7::computenode55 ····*·cpe:/o:redhat:enterprise_linux:7::computenode
56 ····*·cpe:/o:redhat:enterprise_linux:7::server56 ····*·cpe:/o:redhat:enterprise_linux:7::server
57 ····*·cpe:/o:redhat:enterprise_linux:7::workstation57 ····*·cpe:/o:redhat:enterprise_linux:7::workstation
58 ····*·cpe:/o:redhat:enterprise_linux:758 ····*·cpe:/o:redhat:enterprise_linux:7
59 *****·Revision·History·*****59 *****·Revision·History·*****
60 Current·version:·0.1.6560 Current·version:·0.1.65
61 ····*·draft·(as·of·2024-01-14)61 ····*·draft·(as·of·2025-02-15)
62 *****·Table·of·Contents·*****62 *****·Table·of·Contents·*****
63 ···1.·System_Settings63 ···1.·System_Settings
64 ·········1.·Installing_and_Maintaining_Software64 ·········1.·Installing_and_Maintaining_Software
65 ·········2.·Account_and_Access_Control65 ·········2.·Account_and_Access_Control
66 ·········3.·System_Accounting_with_auditd66 ·········3.·System_Accounting_with_auditd
67 ·········4.·GRUB2_bootloader_configuration67 ·········4.·GRUB2_bootloader_configuration
68 ·········5.·Network_Configuration_and_Firewalls68 ·········5.·Network_Configuration_and_Firewalls
Offset 6240, 30 lines modifiedOffset 6240, 30 lines modified
6240 ··lineinfile:6240 ··lineinfile:
6241 ····dest:·/etc/audit/auditd.conf6241 ····dest:·/etc/audit/auditd.conf
6242 ····regexp:·^\s*flush\s*=\s*.*$6242 ····regexp:·^\s*flush\s*=\s*.*$
6243 ····line:·flush·=·{{·var_auditd_flush·}}6243 ····line:·flush·=·{{·var_auditd_flush·}}
6244 ····state:·present6244 ····state:·present
6245 ····create:·true6245 ····create:·true
6246 ··when:6246 ··when:
6247 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
6248 ··-·'"audit"·in·ansible_facts.packages'6247 ··-·'"audit"·in·ansible_facts.packages'
 6248 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6249 ··tags:6249 ··tags:
6250 ··-·CCE-27331-86250 ··-·CCE-27331-8
6251 ··-·NIST-800-171-3.3.16251 ··-·NIST-800-171-3.3.1
6252 ··-·NIST-800-53-AU-116252 ··-·NIST-800-53-AU-11
6253 ··-·NIST-800-53-CM-6(a)6253 ··-·NIST-800-53-CM-6(a)
6254 ··-·auditd_data_retention_flush6254 ··-·auditd_data_retention_flush
6255 ··-·low_complexity6255 ··-·low_complexity
6256 ··-·low_disruption6256 ··-·low_disruption
6257 ··-·medium_severity6257 ··-·medium_severity
6258 ··-·no_reboot_needed6258 ··-·no_reboot_needed
6259 ··-·restrict_strategy6259 ··-·restrict_strategy
6260 Remediation_Shell_script_⇲6260 Remediation_Shell_script_⇲
6261 #·Remediation·is·applicable·only·in·certain·platforms6261 #·Remediation·is·applicable·only·in·certain·platforms
6262 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then6262 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
6263 var_auditd_flush='incremental_async'6263 var_auditd_flush='incremental_async'
  
  
6264 AUDITCONFIG=/etc/audit/auditd.conf6264 AUDITCONFIG=/etc/audit/auditd.conf
  
6265 #·if·flush·is·present,·flush·param·edited·to·var_auditd_flush6265 #·if·flush·is·present,·flush·param·edited·to·var_auditd_flush
361 KB
./usr/share/doc/ssg-nondebian/ssg-rhel7-guide-e8.html
    
Offset 14353, 16 lines modifiedOffset 14353, 16 lines modified
00038100:·7669·7369·6f6e·2048·6973·746f·7279·3c2f··vision·History</00038100:·7669·7369·6f6e·2048·6973·746f·7279·3c2f··vision·History</
00038110:·6832·3e3c·703e·4375·7272·656e·7420·7665··h2><p>Current·ve00038110:·6832·3e3c·703e·4375·7272·656e·7420·7665··h2><p>Current·ve
00038120:·7273·696f·6e3a·203c·7374·726f·6e67·3e30··rsion:·<strong>000038120:·7273·696f·6e3a·203c·7374·726f·6e67·3e30··rsion:·<strong>0
00038130:·2e31·2e36·353c·2f73·7472·6f6e·673e·3c2f··.1.65</strong></00038130:·2e31·2e36·353c·2f73·7472·6f6e·673e·3c2f··.1.65</strong></
00038140:·703e·3c75·6c3e·3c6c·693e·3c73·7472·6f6e··p><ul><li><stron00038140:·703e·3c75·6c3e·3c6c·693e·3c73·7472·6f6e··p><ul><li><stron
00038150:·673e·6472·6166·743c·2f73·7472·6f6e·673e··g>draft</strong>00038150:·673e·6472·6166·743c·2f73·7472·6f6e·673e··g>draft</strong>
00038160:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············00038160:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············
00038170:·2020·2020·2028·6173·206f·6620·3230·3234·······(as·of·202400038170:·2020·2020·2028·6173·206f·6620·3230·3235·······(as·of·2025
00038180:·2d30·312d·3134·290a·2020·2020·2020·2020··-01-14).········00038180:·2d30·322d·3135·290a·2020·2020·2020·2020··-02-15).········
00038190:·2020·2020·2020·2020·3c2f·6c69·3e3c·2f75··········</li></u00038190:·2020·2020·2020·2020·3c2f·6c69·3e3c·2f75··········</li></u
000381a0:·6c3e·3c2f·6469·763e·3c68·323e·5461·626c··l></div><h2>Tabl000381a0:·6c3e·3c2f·6469·763e·3c68·323e·5461·626c··l></div><h2>Tabl
000381b0:·6520·6f66·2043·6f6e·7465·6e74·733c·2f68··e·of·Contents</h000381b0:·6520·6f66·2043·6f6e·7465·6e74·733c·2f68··e·of·Contents</h
000381c0:·323e·3c6f·6c3e·3c6c·693e·3c61·2068·7265··2><ol><li><a·hre000381c0:·323e·3c6f·6c3e·3c6c·693e·3c61·2068·7265··2><ol><li><a·hre
000381d0:·663d·2223·7863·6364·665f·6f72·672e·7373··f="#xccdf_org.ss000381d0:·663d·2223·7863·6364·665f·6f72·672e·7373··f="#xccdf_org.ss
000381e0:·6770·726f·6a65·6374·2e63·6f6e·7465·6e74··gproject.content000381e0:·6770·726f·6a65·6374·2e63·6f6e·7465·6e74··gproject.content
000381f0:·5f67·726f·7570·5f73·7973·7465·6d22·3e53··_group_system">S000381f0:·5f67·726f·7570·5f73·7973·7465·6d22·3e53··_group_system">S
Offset 27866, 23 lines modifiedOffset 27866, 23 lines modified
0006cd90:·640a·2020·2d20·7265·7374·7269·6374·5f73··d.··-·restrict_s0006cd90:·640a·2020·2d20·7265·7374·7269·6374·5f73··d.··-·restrict_s
0006cda0:·7472·6174·6567·790a·0a2d·206e·616d·653a··trategy..-·name:0006cda0:·7472·6174·6567·790a·0a2d·206e·616d·653a··trategy..-·name:
0006cdb0:·2053·6574·2061·7263·6869·7465·6374·7572···Set·architectur0006cdb0:·2053·6574·2061·7263·6869·7465·6374·7572···Set·architectur
0006cdc0:·6520·666f·7220·6175·6469·7420·6368·6d6f··e·for·audit·chmo0006cdc0:·6520·666f·7220·6175·6469·7420·6368·6d6f··e·for·audit·chmo
0006cdd0:·6420·7461·736b·730a·2020·7365·745f·6661··d·tasks.··set_fa0006cdd0:·6420·7461·736b·730a·2020·7365·745f·6661··d·tasks.··set_fa
0006cde0:·6374·3a0a·2020·2020·6175·6469·745f·6172··ct:.····audit_ar0006cde0:·6374·3a0a·2020·2020·6175·6469·745f·6172··ct:.····audit_ar
0006cdf0:·6368·3a20·6236·340a·2020·7768·656e·3a0a··ch:·b64.··when:.0006cdf0:·6368·3a20·6236·340a·2020·7768·656e·3a0a··ch:·b64.··when:.
0006ce00:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt 
0006ce10:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type· 
0006ce20:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker" 
0006ce30:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz 
0006ce40:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co 
0006ce50:·6e74·6169·6e65·7222·5d0a·2020·2d20·2722··ntainer"].··-·'" 
0006ce60:·6175·6469·7422·2069·6e20·616e·7369·626c··audit"·in·ansibl 
0006ce70:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages0006ce00:·2020·2d20·2722·6175·6469·7422·2069·6e20····-·'"audit"·in·
 0006ce10:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
 0006ce20:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi
 0006ce30:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
 0006ce40:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
 0006ce50:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
 0006ce60:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
 0006ce70:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
0006ce80:·270a·2020·2d20·616e·7369·626c·655f·6172··'.··-·ansible_ar0006ce80:·5d0a·2020·2d20·616e·7369·626c·655f·6172··].··-·ansible_ar
0006ce90:·6368·6974·6563·7475·7265·203d·3d20·2261··chitecture·==·"a0006ce90:·6368·6974·6563·7475·7265·203d·3d20·2261··chitecture·==·"a
0006cea0:·6172·6368·3634·2220·6f72·2061·6e73·6962··arch64"·or·ansib0006cea0:·6172·6368·3634·2220·6f72·2061·6e73·6962··arch64"·or·ansib
0006ceb0:·6c65·5f61·7263·6869·7465·6374·7572·6520··le_architecture·0006ceb0:·6c65·5f61·7263·6869·7465·6374·7572·6520··le_architecture·
0006cec0:·3d3d·2022·7070·6336·3422·206f·7220·616e··==·"ppc64"·or·an0006cec0:·3d3d·2022·7070·6336·3422·206f·7220·616e··==·"ppc64"·or·an
0006ced0:·7369·626c·655f·6172·6368·6974·6563·7475··sible_architectu0006ced0:·7369·626c·655f·6172·6368·6974·6563·7475··sible_architectu
0006cee0:·7265·0a20·2020·203d·3d20·2270·7063·3634··re.····==·"ppc640006cee0:·7265·0a20·2020·203d·3d20·2270·7063·3634··re.····==·"ppc64
0006cef0:·6c65·2220·6f72·2061·6e73·6962·6c65·5f61··le"·or·ansible_a0006cef0:·6c65·2220·6f72·2061·6e73·6962·6c65·5f61··le"·or·ansible_a
Offset 28190, 23 lines modifiedOffset 28190, 23 lines modified
0006e1d0:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······0006e1d0:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······
0006e1e0:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···0006e1e0:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···
0006e1f0:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·0006e1f0:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·
0006e200:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres0006e200:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres
0006e210:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy0006e210:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy
0006e220:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l0006e220:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l
0006e230:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe0006e230:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe
0006e240:·6e3a·0a20·202d·2061·6e73·6962·6c65·5f76··n:.··-·ansible_v 
0006e250:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty 
0006e260:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock 
0006e270:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope 
0006e280:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",· 
0006e290:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··- 
0006e2a0:·2027·2261·7564·6974·2220·696e·2061·6e73···'"audit"·in·ans 
0006e2b0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0006e240:·6e3a·0a20·202d·2027·2261·7564·6974·2220··n:.··-·'"audit"·
 0006e250:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 0006e260:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a
 0006e270:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
 0006e280:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
 0006e290:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
 0006e2a0:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
 0006e2b0:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
0006e2c0:·6765·7327·0a20·2074·6167·733a·0a20·202d··ges'.··tags:.··-0006e2c0:·6572·225d·0a20·2074·6167·733a·0a20·202d··er"].··tags:.··-
0006e2d0:·2043·4345·2d32·3733·3339·2d31·0a20·202d···CCE-27339-1.··-0006e2d0:·2043·4345·2d32·3733·3339·2d31·0a20·202d···CCE-27339-1.··-
0006e2e0:·2043·4a49·532d·352e·342e·312e·310a·2020···CJIS-5.4.1.1.··0006e2e0:·2043·4a49·532d·352e·342e·312e·310a·2020···CJIS-5.4.1.1.··
0006e2f0:·2d20·4449·5341·2d53·5449·472d·5248·454c··-·DISA-STIG-RHEL0006e2f0:·2d20·4449·5341·2d53·5449·472d·5248·454c··-·DISA-STIG-RHEL
0006e300:·2d30·372d·3033·3034·3130·0a20·202d·204e··-07-030410.··-·N0006e300:·2d30·372d·3033·3034·3130·0a20·202d·204e··-07-030410.··-·N
0006e310:·4953·542d·3830·302d·3137·312d·332e·312e··IST-800-171-3.1.0006e310:·4953·542d·3830·302d·3137·312d·332e·312e··IST-800-171-3.1.
0006e320:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-50006e320:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5
0006e330:·332d·4155·2d31·3228·6329·0a20·202d·204e··3-AU-12(c).··-·N0006e330:·332d·4155·2d31·3228·6329·0a20·202d·204e··3-AU-12(c).··-·N
Offset 28503, 22 lines modifiedOffset 28503, 22 lines modified
0006f560:·6d6f·640a·2020·2020·2020·6372·6561·7465··mod.······create0006f560:·6d6f·640a·2020·2020·2020·6372·6561·7465··mod.······create
0006f570:·3a20·7472·7565·0a20·2020·2020·206d·6f64··:·true.······mod0006f570:·3a20·7472·7565·0a20·2020·2020·206d·6f64··:·true.······mod
0006f580:·653a·206f·2d72·7778·0a20·2020·2020·2073··e:·o-rwx.······s0006f580:·653a·206f·2d72·7778·0a20·2020·2020·2073··e:·o-rwx.······s
0006f590:·7461·7465·3a20·7072·6573·656e·740a·2020··tate:·present.··0006f590:·7461·7465·3a20·7072·6573·656e·740a·2020··tate:·present.··
0006f5a0:·2020·7768·656e·3a20·7379·7363·616c·6c73····when:·syscalls0006f5a0:·2020·7768·656e·3a20·7379·7363·616c·6c73····when:·syscalls
0006f5b0:·5f66·6f75·6e64·207c·206c·656e·6774·6820··_found·|·length·0006f5b0:·5f66·6f75·6e64·207c·206c·656e·6774·6820··_found·|·length·
0006f5c0:·3d3d·2030·0a20·2077·6865·6e3a·0a20·202d··==·0.··when:.··-0006f5c0:·3d3d·2030·0a20·2077·6865·6e3a·0a20·202d··==·0.··when:.··-
0006f5d0:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual 
0006f5e0:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not 
0006f5f0:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·" 
0006f600:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",· 
0006f610:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta 
0006f620:·696e·6572·225d·0a20·202d·2027·2261·7564··iner"].··-·'"aud 
0006f630:·6974·2220·696e·2061·6e73·6962·6c65·5f66··it"·in·ansible_f 
0006f640:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·0006f5d0:·2027·2261·7564·6974·2220·696e·2061·6e73···'"audit"·in·ans
 0006f5e0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
 0006f5f0:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible
 0006f600:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
 0006f610:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
 0006f620:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
 0006f630:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
 0006f640:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
0006f650:·202d·2061·7564·6974·5f61·7263·6820·3d3d···-·audit_arch·==0006f650:·202d·2061·7564·6974·5f61·7263·6820·3d3d···-·audit_arch·==
0006f660:·2022·6236·3422·0a20·2074·6167·733a·0a20···"b64".··tags:.·0006f660:·2022·6236·3422·0a20·2074·6167·733a·0a20···"b64".··tags:.·
0006f670:·202d·2043·4345·2d32·3733·3339·2d31·0a20···-·CCE-27339-1.·0006f670:·202d·2043·4345·2d32·3733·3339·2d31·0a20···-·CCE-27339-1.·
0006f680:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.0006f680:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.
0006f690:·2020·2d20·4449·5341·2d53·5449·472d·5248····-·DISA-STIG-RH0006f690:·2020·2d20·4449·5341·2d53·5449·472d·5248····-·DISA-STIG-RH
0006f6a0:·454c·2d30·372d·3033·3034·3130·0a20·202d··EL-07-030410.··-0006f6a0:·454c·2d30·372d·3033·3034·3130·0a20·202d··EL-07-030410.··-
0006f6b0:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.0006f6b0:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.
Offset 28553, 21 lines modifiedOffset 28553, 21 lines modified
0006f880:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class0006f880:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
0006f890:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse0006f890:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
0006f8a0:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i0006f8a0:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
0006f8b0:·646d·3235·3534·3822·3e3c·7072·653e·3c63··dm25548"><pre><c0006f8b0:·646d·3235·3534·3822·3e3c·7072·653e·3c63··dm25548"><pre><c
0006f8c0:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio0006f8c0:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio
0006f8d0:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·0006f8d0:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·
0006f8e0:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·0006f8e0:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·
0006f8f0:·706c·6174·666f·726d·730a·6966·205b·2021··platforms.if·[·!0006f8f0:·706c·6174·666f·726d·730a·6966·2072·706d··platforms.if·rpm
 0006f900:·202d·2d71·7569·6574·202d·7120·6175·6469···--quiet·-q·audi
 0006f910:·7420·2661·6d70·3b26·616d·703b·205b·2021··t·&amp;&amp;·[·!
0006f900:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·0006f920:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·
0006f910:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!0006f930:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!
0006f920:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai0006f940:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai
 0006f950:·6e65·7265·6e76·205d·3b20·7468·656e·0a0a··nerenv·];·then..
0006f930:·6e65·7265·6e76·205d·2026·616d·703b·2661··nerenv·]·&amp;&a 
0006f940:·6d70·3b20·7270·6d20·2d2d·7175·6965·7420··mp;·rpm·--quiet· 
0006f950:·2d71·2061·7564·6974·3b20·7468·656e·0a0a··-q·audit;·then.. 
0006f960:·2320·4669·7273·7420·7065·7266·6f72·6d20··#·First·perform·0006f960:·2320·4669·7273·7420·7065·7266·6f72·6d20··#·First·perform·
Max diff block lines reached; 270539/279984 bytes (96.63%) of diff not shown.
87.5 KB
html2text {}
    
Offset 45, 15 lines modifiedOffset 45, 15 lines modified
45 ····*·cpe:/o:redhat:enterprise_linux:7::client45 ····*·cpe:/o:redhat:enterprise_linux:7::client
46 ····*·cpe:/o:redhat:enterprise_linux:7::computenode46 ····*·cpe:/o:redhat:enterprise_linux:7::computenode
47 ····*·cpe:/o:redhat:enterprise_linux:7::server47 ····*·cpe:/o:redhat:enterprise_linux:7::server
48 ····*·cpe:/o:redhat:enterprise_linux:7::workstation48 ····*·cpe:/o:redhat:enterprise_linux:7::workstation
49 ····*·cpe:/o:redhat:enterprise_linux:749 ····*·cpe:/o:redhat:enterprise_linux:7
50 *****·Revision·History·*****50 *****·Revision·History·*****
51 Current·version:·0.1.6551 Current·version:·0.1.65
52 ····*·draft·(as·of·2024-01-14)52 ····*·draft·(as·of·2025-02-15)
53 *****·Table·of·Contents·*****53 *****·Table·of·Contents·*****
54 ···1.·System_Settings54 ···1.·System_Settings
55 ·········1.·Installing_and_Maintaining_Software55 ·········1.·Installing_and_Maintaining_Software
56 ·········2.·Account_and_Access_Control56 ·········2.·Account_and_Access_Control
57 ·········3.·System_Accounting_with_auditd57 ·········3.·System_Accounting_with_auditd
58 ·········4.·Configure_Syslog58 ·········4.·Configure_Syslog
59 ·········5.·Network_Configuration_and_Firewalls59 ·········5.·Network_Configuration_and_Firewalls
Offset 1675, 16 lines modifiedOffset 1675, 16 lines modified
1675 ··-·reboot_required1675 ··-·reboot_required
1676 ··-·restrict_strategy1676 ··-·restrict_strategy
  
1677 -·name:·Set·architecture·for·audit·chmod·tasks1677 -·name:·Set·architecture·for·audit·chmod·tasks
1678 ··set_fact:1678 ··set_fact:
1679 ····audit_arch:·b641679 ····audit_arch:·b64
1680 ··when:1680 ··when:
1681 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1682 ··-·'"audit"·in·ansible_facts.packages'1681 ··-·'"audit"·in·ansible_facts.packages'
 1682 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1683 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture1683 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
1684 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"1684 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
1685 ··tags:1685 ··tags:
1686 ··-·CCE-27339-11686 ··-·CCE-27339-1
1687 ··-·CJIS-5.4.1.11687 ··-·CJIS-5.4.1.1
1688 ··-·DISA-STIG-RHEL-07-0304101688 ··-·DISA-STIG-RHEL-07-030410
1689 ··-·NIST-800-171-3.1.71689 ··-·NIST-800-171-3.1.7
Offset 1822, 16 lines modifiedOffset 1822, 16 lines modified
1822 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10001822 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
1823 ········-F·auid!=unset·-F·key=perm_mod1823 ········-F·auid!=unset·-F·key=perm_mod
1824 ······create:·true1824 ······create:·true
1825 ······mode:·o-rwx1825 ······mode:·o-rwx
1826 ······state:·present1826 ······state:·present
1827 ····when:·syscalls_found·|·length·==·01827 ····when:·syscalls_found·|·length·==·0
1828 ··when:1828 ··when:
1829 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1830 ··-·'"audit"·in·ansible_facts.packages'1829 ··-·'"audit"·in·ansible_facts.packages'
 1830 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1831 ··tags:1831 ··tags:
1832 ··-·CCE-27339-11832 ··-·CCE-27339-1
1833 ··-·CJIS-5.4.1.11833 ··-·CJIS-5.4.1.1
1834 ··-·DISA-STIG-RHEL-07-0304101834 ··-·DISA-STIG-RHEL-07-030410
1835 ··-·NIST-800-171-3.1.71835 ··-·NIST-800-171-3.1.7
1836 ··-·NIST-800-53-AU-12(c)1836 ··-·NIST-800-53-AU-12(c)
1837 ··-·NIST-800-53-AU-2(d)1837 ··-·NIST-800-53-AU-2(d)
Offset 1967, 16 lines modifiedOffset 1967, 16 lines modified
1967 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10001967 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
1968 ········-F·auid!=unset·-F·key=perm_mod1968 ········-F·auid!=unset·-F·key=perm_mod
1969 ······create:·true1969 ······create:·true
1970 ······mode:·o-rwx1970 ······mode:·o-rwx
1971 ······state:·present1971 ······state:·present
1972 ····when:·syscalls_found·|·length·==·01972 ····when:·syscalls_found·|·length·==·0
1973 ··when:1973 ··when:
1974 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1975 ··-·'"audit"·in·ansible_facts.packages'1974 ··-·'"audit"·in·ansible_facts.packages'
 1975 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1976 ··-·audit_arch·==·"b64"1976 ··-·audit_arch·==·"b64"
1977 ··tags:1977 ··tags:
1978 ··-·CCE-27339-11978 ··-·CCE-27339-1
1979 ··-·CJIS-5.4.1.11979 ··-·CJIS-5.4.1.1
1980 ··-·DISA-STIG-RHEL-07-0304101980 ··-·DISA-STIG-RHEL-07-030410
1981 ··-·NIST-800-171-3.1.71981 ··-·NIST-800-171-3.1.7
1982 ··-·NIST-800-53-AU-12(c)1982 ··-·NIST-800-53-AU-12(c)
Offset 1987, 15 lines modifiedOffset 1987, 15 lines modified
1987 ··-·low_complexity1987 ··-·low_complexity
1988 ··-·low_disruption1988 ··-·low_disruption
1989 ··-·medium_severity1989 ··-·medium_severity
1990 ··-·reboot_required1990 ··-·reboot_required
1991 ··-·restrict_strategy1991 ··-·restrict_strategy
1992 Remediation_Shell_script_⇲1992 Remediation_Shell_script_⇲
1993 #·Remediation·is·applicable·only·in·certain·platforms1993 #·Remediation·is·applicable·only·in·certain·platforms
1994 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then1994 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
1995 #·First·perform·the·remediation·of·the·syscall·rule1995 #·First·perform·the·remediation·of·the·syscall·rule
1996 #·Retrieve·hardware·architecture·of·the·underlying·system1996 #·Retrieve·hardware·architecture·of·the·underlying·system
1997 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")1997 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
1998 for·ARCH·in·"${RULE_ARCHS[@]}"1998 for·ARCH·in·"${RULE_ARCHS[@]}"
1999 do1999 do
Offset 2358, 16 lines modifiedOffset 2358, 16 lines modified
2358 ··-·reboot_required2358 ··-·reboot_required
2359 ··-·restrict_strategy2359 ··-·restrict_strategy
  
2360 -·name:·Set·architecture·for·audit·chown·tasks2360 -·name:·Set·architecture·for·audit·chown·tasks
2361 ··set_fact:2361 ··set_fact:
2362 ····audit_arch:·b642362 ····audit_arch:·b64
2363 ··when:2363 ··when:
2364 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2365 ··-·'"audit"·in·ansible_facts.packages'2364 ··-·'"audit"·in·ansible_facts.packages'
 2365 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2366 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture2366 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
2367 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"2367 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
2368 ··tags:2368 ··tags:
2369 ··-·CCE-27364-92369 ··-·CCE-27364-9
2370 ··-·CJIS-5.4.1.12370 ··-·CJIS-5.4.1.1
2371 ··-·DISA-STIG-RHEL-07-0303702371 ··-·DISA-STIG-RHEL-07-030370
2372 ··-·NIST-800-171-3.1.72372 ··-·NIST-800-171-3.1.7
Offset 2507, 16 lines modifiedOffset 2507, 16 lines modified
2507 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002507 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2508 ········-F·auid!=unset·-F·key=perm_mod2508 ········-F·auid!=unset·-F·key=perm_mod
2509 ······create:·true2509 ······create:·true
2510 ······mode:·o-rwx2510 ······mode:·o-rwx
2511 ······state:·present2511 ······state:·present
2512 ····when:·syscalls_found·|·length·==·02512 ····when:·syscalls_found·|·length·==·0
2513 ··when:2513 ··when:
2514 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2515 ··-·'"audit"·in·ansible_facts.packages'2514 ··-·'"audit"·in·ansible_facts.packages'
 2515 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2516 ··tags:2516 ··tags:
2517 ··-·CCE-27364-92517 ··-·CCE-27364-9
2518 ··-·CJIS-5.4.1.12518 ··-·CJIS-5.4.1.1
2519 ··-·DISA-STIG-RHEL-07-0303702519 ··-·DISA-STIG-RHEL-07-030370
2520 ··-·NIST-800-171-3.1.72520 ··-·NIST-800-171-3.1.7
2521 ··-·NIST-800-53-AU-12(c)2521 ··-·NIST-800-53-AU-12(c)
2522 ··-·NIST-800-53-AU-2(d)2522 ··-·NIST-800-53-AU-2(d)
Offset 2654, 16 lines modifiedOffset 2654, 16 lines modified
2654 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002654 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2655 ········-F·auid!=unset·-F·key=perm_mod2655 ········-F·auid!=unset·-F·key=perm_mod
2656 ······create:·true2656 ······create:·true
2657 ······mode:·o-rwx2657 ······mode:·o-rwx
2658 ······state:·present2658 ······state:·present
Max diff block lines reached; 84835/89578 bytes (94.71%) of diff not shown.
931 KB
./usr/share/doc/ssg-nondebian/ssg-rhel7-guide-hipaa.html
    
Offset 14373, 15 lines modifiedOffset 14373, 15 lines modified
00038240:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C00038240:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C
00038250:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·00038250:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·
00038260:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</00038260:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</
00038270:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><00038270:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><
00038280:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft00038280:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft
00038290:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······00038290:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······
000382a0:·2020·2020·2020·2020·2020·2020·2020·2861················(a000382a0:·2020·2020·2020·2020·2020·2020·2020·2861················(a
000382b0:·7320·6f66·2032·3032·342d·3031·2d31·3429··s·of·2024-01-14)000382b0:·7320·6f66·2032·3032·352d·3032·2d31·3529··s·of·2025-02-15)
000382c0:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············000382c0:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············
000382d0:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div000382d0:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div
000382e0:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co000382e0:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co
000382f0:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><000382f0:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><
00038300:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc00038300:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc
00038310:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec00038310:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec
00038320:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_00038320:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_
Offset 31841, 23 lines modifiedOffset 31841, 23 lines modified
0007c600:·6571·7569·7265·640a·2020·2d20·7265·7374··equired.··-·rest0007c600:·6571·7569·7265·640a·2020·2d20·7265·7374··equired.··-·rest
0007c610:·7269·6374·5f73·7472·6174·6567·790a·0a2d··rict_strategy..-0007c610:·7269·6374·5f73·7472·6174·6567·790a·0a2d··rict_strategy..-
0007c620:·206e·616d·653a·2053·6574·2061·7263·6869···name:·Set·archi0007c620:·206e·616d·653a·2053·6574·2061·7263·6869···name:·Set·archi
0007c630:·7465·6374·7572·6520·666f·7220·6175·6469··tecture·for·audi0007c630:·7465·6374·7572·6520·666f·7220·6175·6469··tecture·for·audi
0007c640:·7420·6368·6d6f·6420·7461·736b·730a·2020··t·chmod·tasks.··0007c640:·7420·6368·6d6f·6420·7461·736b·730a·2020··t·chmod·tasks.··
0007c650:·7365·745f·6661·6374·3a0a·2020·2020·6175··set_fact:.····au0007c650:·7365·745f·6661·6374·3a0a·2020·2020·6175··set_fact:.····au
0007c660:·6469·745f·6172·6368·3a20·6236·340a·2020··dit_arch:·b64.··0007c660:·6469·745f·6172·6368·3a20·6236·340a·2020··dit_arch:·b64.··
0007c670:·7768·656e·3a0a·2020·2d20·616e·7369·626c··when:.··-·ansibl0007c670:·7768·656e·3a0a·2020·2d20·2722·6175·6469··when:.··-·'"audi
0007c680:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization 
0007c690:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d 
0007c6a0:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·" 
0007c6b0:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman 
0007c6c0:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"]. 
0007c6d0:·2020·2d20·2722·6175·6469·7422·2069·6e20····-·'"audit"·in· 
0007c6e0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa0007c680:·7422·2069·6e20·616e·7369·626c·655f·6661··t"·in·ansible_fa
 0007c690:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
 0007c6a0:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
 0007c6b0:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
 0007c6c0:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
 0007c6d0:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
 0007c6e0:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
0007c6f0:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi0007c6f0:·6169·6e65·7222·5d0a·2020·2d20·616e·7369··ainer"].··-·ansi
0007c700:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture0007c700:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture
0007c710:·203d·3d20·2261·6172·6368·3634·2220·6f72···==·"aarch64"·or0007c710:·203d·3d20·2261·6172·6368·3634·2220·6f72···==·"aarch64"·or
0007c720:·2061·6e73·6962·6c65·5f61·7263·6869·7465···ansible_archite0007c720:·2061·6e73·6962·6c65·5f61·7263·6869·7465···ansible_archite
0007c730:·6374·7572·6520·3d3d·2022·7070·6336·3422··cture·==·"ppc64"0007c730:·6374·7572·6520·3d3d·2022·7070·6336·3422··cture·==·"ppc64"
0007c740:·206f·7220·616e·7369·626c·655f·6172·6368···or·ansible_arch0007c740:·206f·7220·616e·7369·626c·655f·6172·6368···or·ansible_arch
0007c750:·6974·6563·7475·7265·0a20·2020·203d·3d20··itecture.····==·0007c750:·6974·6563·7475·7265·0a20·2020·203d·3d20··itecture.····==·
0007c760:·2270·7063·3634·6c65·2220·6f72·2061·6e73··"ppc64le"·or·ans0007c760:·2270·7063·3634·6c65·2220·6f72·2061·6e73··"ppc64le"·or·ans
Offset 32165, 23 lines modifiedOffset 32165, 23 lines modified
0007da40:·2d46·206b·6579·3d70·6572·6d5f·6d6f·640a··-F·key=perm_mod.0007da40:·2d46·206b·6579·3d70·6572·6d5f·6d6f·640a··-F·key=perm_mod.
0007da50:·2020·2020·2020·6372·6561·7465·3a20·7472········create:·tr0007da50:·2020·2020·2020·6372·6561·7465·3a20·7472········create:·tr
0007da60:·7565·0a20·2020·2020·206d·6f64·653a·206f··ue.······mode:·o0007da60:·7565·0a20·2020·2020·206d·6f64·653a·206f··ue.······mode:·o
0007da70:·2d72·7778·0a20·2020·2020·2073·7461·7465··-rwx.······state0007da70:·2d72·7778·0a20·2020·2020·2073·7461·7465··-rwx.······state
0007da80:·3a20·7072·6573·656e·740a·2020·2020·7768··:·present.····wh0007da80:·3a20·7072·6573·656e·740a·2020·2020·7768··:·present.····wh
0007da90:·656e·3a20·7379·7363·616c·6c73·5f66·6f75··en:·syscalls_fou0007da90:·656e·3a20·7379·7363·616c·6c73·5f66·6f75··en:·syscalls_fou
0007daa0:·6e64·207c·206c·656e·6774·6820·3d3d·2030··nd·|·length·==·00007daa0:·6e64·207c·206c·656e·6774·6820·3d3d·2030··nd·|·length·==·0
0007dab0:·0a20·2077·6865·6e3a·0a20·202d·2061·6e73··.··when:.··-·ans0007dab0:·0a20·2077·6865·6e3a·0a20·202d·2027·2261··.··when:.··-·'"a
0007dac0:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat 
0007dad0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in· 
0007dae0:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc" 
0007daf0:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod 
0007db00:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container 
0007db10:·225d·0a20·202d·2027·2261·7564·6974·2220··"].··-·'"audit"· 
0007db20:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
0007db30:·2e70·6163·6b61·6765·7327·0a20·2074·6167··.packages'.··tag0007dac0:·7564·6974·2220·696e·2061·6e73·6962·6c65··udit"·in·ansible
 0007dad0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 0007dae0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
 0007daf0:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
 0007db00:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
 0007db10:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
 0007db20:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
 0007db30:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag
0007db40:·733a·0a20·202d·2043·4345·2d32·3733·3339··s:.··-·CCE-273390007db40:·733a·0a20·202d·2043·4345·2d32·3733·3339··s:.··-·CCE-27339
0007db50:·2d31·0a20·202d·2043·4a49·532d·352e·342e··-1.··-·CJIS-5.4.0007db50:·2d31·0a20·202d·2043·4a49·532d·352e·342e··-1.··-·CJIS-5.4.
0007db60:·312e·310a·2020·2d20·4449·5341·2d53·5449··1.1.··-·DISA-STI0007db60:·312e·310a·2020·2d20·4449·5341·2d53·5449··1.1.··-·DISA-STI
0007db70:·472d·5248·454c·2d30·372d·3033·3034·3130··G-RHEL-07-0304100007db70:·472d·5248·454c·2d30·372d·3033·3034·3130··G-RHEL-07-030410
0007db80:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-170007db80:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17
0007db90:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST0007db90:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST
0007dba0:·2d38·3030·2d35·332d·4155·2d31·3228·6329··-800-53-AU-12(c)0007dba0:·2d38·3030·2d35·332d·4155·2d31·3228·6329··-800-53-AU-12(c)
Offset 32478, 23 lines modifiedOffset 32478, 23 lines modified
0007edd0:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······0007edd0:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······
0007ede0:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···0007ede0:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···
0007edf0:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·0007edf0:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·
0007ee00:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres0007ee00:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres
0007ee10:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy0007ee10:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy
0007ee20:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l0007ee20:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l
0007ee30:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe0007ee30:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe
0007ee40:·6e3a·0a20·202d·2061·6e73·6962·6c65·5f76··n:.··-·ansible_v 
0007ee50:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty 
0007ee60:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock 
0007ee70:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope 
0007ee80:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",· 
0007ee90:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··- 
0007eea0:·2027·2261·7564·6974·2220·696e·2061·6e73···'"audit"·in·ans 
0007eeb0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0007ee40:·6e3a·0a20·202d·2027·2261·7564·6974·2220··n:.··-·'"audit"·
 0007ee50:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 0007ee60:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a
 0007ee70:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
 0007ee80:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
 0007ee90:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
 0007eea0:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
 0007eeb0:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
0007eec0:·6765·7327·0a20·202d·2061·7564·6974·5f61··ges'.··-·audit_a0007eec0:·6572·225d·0a20·202d·2061·7564·6974·5f61··er"].··-·audit_a
0007eed0:·7263·6820·3d3d·2022·6236·3422·0a20·2074··rch·==·"b64".··t0007eed0:·7263·6820·3d3d·2022·6236·3422·0a20·2074··rch·==·"b64".··t
0007eee0:·6167·733a·0a20·202d·2043·4345·2d32·3733··ags:.··-·CCE-2730007eee0:·6167·733a·0a20·202d·2043·4345·2d32·3733··ags:.··-·CCE-273
0007eef0:·3339·2d31·0a20·202d·2043·4a49·532d·352e··39-1.··-·CJIS-5.0007eef0:·3339·2d31·0a20·202d·2043·4a49·532d·352e··39-1.··-·CJIS-5.
0007ef00:·342e·312e·310a·2020·2d20·4449·5341·2d53··4.1.1.··-·DISA-S0007ef00:·342e·312e·310a·2020·2d20·4449·5341·2d53··4.1.1.··-·DISA-S
0007ef10:·5449·472d·5248·454c·2d30·372d·3033·3034··TIG-RHEL-07-03040007ef10:·5449·472d·5248·454c·2d30·372d·3033·3034··TIG-RHEL-07-0304
0007ef20:·3130·0a20·202d·204e·4953·542d·3830·302d··10.··-·NIST-800-0007ef20:·3130·0a20·202d·204e·4953·542d·3830·302d··10.··-·NIST-800-
0007ef30:·3137·312d·332e·312e·370a·2020·2d20·4e49··171-3.1.7.··-·NI0007ef30:·3137·312d·332e·312e·370a·2020·2d20·4e49··171-3.1.7.··-·NI
Offset 32529, 20 lines modifiedOffset 32529, 20 lines modified
0007f100:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co0007f100:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
0007f110:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"0007f110:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
0007f120:·2069·643d·2269·646d·3235·3534·3822·3e3c···id="idm25548"><0007f120:·2069·643d·2269·646d·3235·3534·3822·3e3c···id="idm25548"><
0007f130:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme0007f130:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme
0007f140:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli0007f140:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli
0007f150:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce0007f150:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce
0007f160:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.0007f160:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.
 0007f170:·6966·2072·706d·202d·2d71·7569·6574·202d··if·rpm·--quiet·-
 0007f180:·7120·6175·6469·7420·2661·6d70·3b26·616d··q·audit·&amp;&am
0007f170:·6966·205b·2021·202d·6620·2f2e·646f·636b··if·[·!·-f·/.dock0007f190:·703b·205b·2021·202d·6620·2f2e·646f·636b··p;·[·!·-f·/.dock
0007f180:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am0007f1a0:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am
0007f190:·703b·205b·2021·202d·6620·2f72·756e·2f2e··p;·[·!·-f·/run/.0007f1b0:·703b·205b·2021·202d·6620·2f72·756e·2f2e··p;·[·!·-f·/run/.
0007f1a0:·636f·6e74·6169·6e65·7265·6e76·205d·2026··containerenv·]·&0007f1c0:·636f·6e74·6169·6e65·7265·6e76·205d·3b20··containerenv·];·
0007f1b0:·616d·703b·2661·6d70·3b20·7270·6d20·2d2d··amp;&amp;·rpm·-- 
0007f1c0:·7175·6965·7420·2d71·2061·7564·6974·3b20··quiet·-q·audit;· 
0007f1d0:·7468·656e·0a0a·2320·4669·7273·7420·7065··then..#·First·pe0007f1d0:·7468·656e·0a0a·2320·4669·7273·7420·7065··then..#·First·pe
0007f1e0:·7266·6f72·6d20·7468·6520·7265·6d65·6469··rform·the·remedi0007f1e0:·7266·6f72·6d20·7468·6520·7265·6d65·6469··rform·the·remedi
0007f1f0:·6174·696f·6e20·6f66·2074·6865·2073·7973··ation·of·the·sys0007f1f0:·6174·696f·6e20·6f66·2074·6865·2073·7973··ation·of·the·sys
0007f200:·6361·6c6c·2072·756c·650a·2320·5265·7472··call·rule.#·Retr0007f200:·6361·6c6c·2072·756c·650a·2320·5265·7472··call·rule.#·Retr
Max diff block lines reached; 719315/728829 bytes (98.69%) of diff not shown.
219 KB
html2text {}
    
Offset 50, 15 lines modifiedOffset 50, 15 lines modified
50 ····*·cpe:/o:redhat:enterprise_linux:7::client50 ····*·cpe:/o:redhat:enterprise_linux:7::client
51 ····*·cpe:/o:redhat:enterprise_linux:7::computenode51 ····*·cpe:/o:redhat:enterprise_linux:7::computenode
52 ····*·cpe:/o:redhat:enterprise_linux:7::server52 ····*·cpe:/o:redhat:enterprise_linux:7::server
53 ····*·cpe:/o:redhat:enterprise_linux:7::workstation53 ····*·cpe:/o:redhat:enterprise_linux:7::workstation
54 ····*·cpe:/o:redhat:enterprise_linux:754 ····*·cpe:/o:redhat:enterprise_linux:7
55 *****·Revision·History·*****55 *****·Revision·History·*****
56 Current·version:·0.1.6556 Current·version:·0.1.65
57 ····*·draft·(as·of·2024-01-14)57 ····*·draft·(as·of·2025-02-15)
58 *****·Table·of·Contents·*****58 *****·Table·of·Contents·*****
59 ···1.·System_Settings59 ···1.·System_Settings
60 ·········1.·Installing_and_Maintaining_Software60 ·········1.·Installing_and_Maintaining_Software
61 ·········2.·Account_and_Access_Control61 ·········2.·Account_and_Access_Control
62 ·········3.·System_Accounting_with_auditd62 ·········3.·System_Accounting_with_auditd
63 ·········4.·GRUB2_bootloader_configuration63 ·········4.·GRUB2_bootloader_configuration
64 ·········5.·Configure_Syslog64 ·········5.·Configure_Syslog
Offset 2105, 16 lines modifiedOffset 2105, 16 lines modified
2105 ··-·reboot_required2105 ··-·reboot_required
2106 ··-·restrict_strategy2106 ··-·restrict_strategy
  
2107 -·name:·Set·architecture·for·audit·chmod·tasks2107 -·name:·Set·architecture·for·audit·chmod·tasks
2108 ··set_fact:2108 ··set_fact:
2109 ····audit_arch:·b642109 ····audit_arch:·b64
2110 ··when:2110 ··when:
2111 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2112 ··-·'"audit"·in·ansible_facts.packages'2111 ··-·'"audit"·in·ansible_facts.packages'
 2112 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2113 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture2113 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
2114 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"2114 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
2115 ··tags:2115 ··tags:
2116 ··-·CCE-27339-12116 ··-·CCE-27339-1
2117 ··-·CJIS-5.4.1.12117 ··-·CJIS-5.4.1.1
2118 ··-·DISA-STIG-RHEL-07-0304102118 ··-·DISA-STIG-RHEL-07-030410
2119 ··-·NIST-800-171-3.1.72119 ··-·NIST-800-171-3.1.7
Offset 2252, 16 lines modifiedOffset 2252, 16 lines modified
2252 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002252 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2253 ········-F·auid!=unset·-F·key=perm_mod2253 ········-F·auid!=unset·-F·key=perm_mod
2254 ······create:·true2254 ······create:·true
2255 ······mode:·o-rwx2255 ······mode:·o-rwx
2256 ······state:·present2256 ······state:·present
2257 ····when:·syscalls_found·|·length·==·02257 ····when:·syscalls_found·|·length·==·0
2258 ··when:2258 ··when:
2259 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2260 ··-·'"audit"·in·ansible_facts.packages'2259 ··-·'"audit"·in·ansible_facts.packages'
 2260 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2261 ··tags:2261 ··tags:
2262 ··-·CCE-27339-12262 ··-·CCE-27339-1
2263 ··-·CJIS-5.4.1.12263 ··-·CJIS-5.4.1.1
2264 ··-·DISA-STIG-RHEL-07-0304102264 ··-·DISA-STIG-RHEL-07-030410
2265 ··-·NIST-800-171-3.1.72265 ··-·NIST-800-171-3.1.7
2266 ··-·NIST-800-53-AU-12(c)2266 ··-·NIST-800-53-AU-12(c)
2267 ··-·NIST-800-53-AU-2(d)2267 ··-·NIST-800-53-AU-2(d)
Offset 2397, 16 lines modifiedOffset 2397, 16 lines modified
2397 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002397 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2398 ········-F·auid!=unset·-F·key=perm_mod2398 ········-F·auid!=unset·-F·key=perm_mod
2399 ······create:·true2399 ······create:·true
2400 ······mode:·o-rwx2400 ······mode:·o-rwx
2401 ······state:·present2401 ······state:·present
2402 ····when:·syscalls_found·|·length·==·02402 ····when:·syscalls_found·|·length·==·0
2403 ··when:2403 ··when:
2404 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2405 ··-·'"audit"·in·ansible_facts.packages'2404 ··-·'"audit"·in·ansible_facts.packages'
 2405 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2406 ··-·audit_arch·==·"b64"2406 ··-·audit_arch·==·"b64"
2407 ··tags:2407 ··tags:
2408 ··-·CCE-27339-12408 ··-·CCE-27339-1
2409 ··-·CJIS-5.4.1.12409 ··-·CJIS-5.4.1.1
2410 ··-·DISA-STIG-RHEL-07-0304102410 ··-·DISA-STIG-RHEL-07-030410
2411 ··-·NIST-800-171-3.1.72411 ··-·NIST-800-171-3.1.7
2412 ··-·NIST-800-53-AU-12(c)2412 ··-·NIST-800-53-AU-12(c)
Offset 2417, 15 lines modifiedOffset 2417, 15 lines modified
2417 ··-·low_complexity2417 ··-·low_complexity
2418 ··-·low_disruption2418 ··-·low_disruption
2419 ··-·medium_severity2419 ··-·medium_severity
2420 ··-·reboot_required2420 ··-·reboot_required
2421 ··-·restrict_strategy2421 ··-·restrict_strategy
2422 Remediation_Shell_script_⇲2422 Remediation_Shell_script_⇲
2423 #·Remediation·is·applicable·only·in·certain·platforms2423 #·Remediation·is·applicable·only·in·certain·platforms
2424 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then2424 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
2425 #·First·perform·the·remediation·of·the·syscall·rule2425 #·First·perform·the·remediation·of·the·syscall·rule
2426 #·Retrieve·hardware·architecture·of·the·underlying·system2426 #·Retrieve·hardware·architecture·of·the·underlying·system
2427 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")2427 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
2428 for·ARCH·in·"${RULE_ARCHS[@]}"2428 for·ARCH·in·"${RULE_ARCHS[@]}"
2429 do2429 do
Offset 2788, 16 lines modifiedOffset 2788, 16 lines modified
2788 ··-·reboot_required2788 ··-·reboot_required
2789 ··-·restrict_strategy2789 ··-·restrict_strategy
  
2790 -·name:·Set·architecture·for·audit·chown·tasks2790 -·name:·Set·architecture·for·audit·chown·tasks
2791 ··set_fact:2791 ··set_fact:
2792 ····audit_arch:·b642792 ····audit_arch:·b64
2793 ··when:2793 ··when:
2794 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2795 ··-·'"audit"·in·ansible_facts.packages'2794 ··-·'"audit"·in·ansible_facts.packages'
 2795 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2796 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture2796 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
2797 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"2797 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
2798 ··tags:2798 ··tags:
2799 ··-·CCE-27364-92799 ··-·CCE-27364-9
2800 ··-·CJIS-5.4.1.12800 ··-·CJIS-5.4.1.1
2801 ··-·DISA-STIG-RHEL-07-0303702801 ··-·DISA-STIG-RHEL-07-030370
2802 ··-·NIST-800-171-3.1.72802 ··-·NIST-800-171-3.1.7
Offset 2937, 16 lines modifiedOffset 2937, 16 lines modified
2937 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002937 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2938 ········-F·auid!=unset·-F·key=perm_mod2938 ········-F·auid!=unset·-F·key=perm_mod
2939 ······create:·true2939 ······create:·true
2940 ······mode:·o-rwx2940 ······mode:·o-rwx
2941 ······state:·present2941 ······state:·present
2942 ····when:·syscalls_found·|·length·==·02942 ····when:·syscalls_found·|·length·==·0
2943 ··when:2943 ··when:
2944 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2945 ··-·'"audit"·in·ansible_facts.packages'2944 ··-·'"audit"·in·ansible_facts.packages'
 2945 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2946 ··tags:2946 ··tags:
2947 ··-·CCE-27364-92947 ··-·CCE-27364-9
2948 ··-·CJIS-5.4.1.12948 ··-·CJIS-5.4.1.1
2949 ··-·DISA-STIG-RHEL-07-0303702949 ··-·DISA-STIG-RHEL-07-030370
2950 ··-·NIST-800-171-3.1.72950 ··-·NIST-800-171-3.1.7
2951 ··-·NIST-800-53-AU-12(c)2951 ··-·NIST-800-53-AU-12(c)
2952 ··-·NIST-800-53-AU-2(d)2952 ··-·NIST-800-53-AU-2(d)
Offset 3084, 16 lines modifiedOffset 3084, 16 lines modified
3084 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10003084 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
3085 ········-F·auid!=unset·-F·key=perm_mod3085 ········-F·auid!=unset·-F·key=perm_mod
3086 ······create:·true3086 ······create:·true
3087 ······mode:·o-rwx3087 ······mode:·o-rwx
3088 ······state:·present3088 ······state:·present
Max diff block lines reached; 219364/224102 bytes (97.89%) of diff not shown.
998 KB
./usr/share/doc/ssg-nondebian/ssg-rhel7-guide-ncp.html
    
Offset 14425, 16 lines modifiedOffset 14425, 16 lines modified
00038580:·696f·6e20·4869·7374·6f72·793c·2f68·323e··ion·History</h2>00038580:·696f·6e20·4869·7374·6f72·793c·2f68·323e··ion·History</h2>
00038590:·3c70·3e43·7572·7265·6e74·2076·6572·7369··<p>Current·versi00038590:·3c70·3e43·7572·7265·6e74·2076·6572·7369··<p>Current·versi
000385a0:·6f6e·3a20·3c73·7472·6f6e·673e·302e·312e··on:·<strong>0.1.000385a0:·6f6e·3a20·3c73·7472·6f6e·673e·302e·312e··on:·<strong>0.1.
000385b0:·3635·3c2f·7374·726f·6e67·3e3c·2f70·3e3c··65</strong></p><000385b0:·3635·3c2f·7374·726f·6e67·3e3c·2f70·3e3c··65</strong></p><
000385c0:·756c·3e3c·6c69·3e3c·7374·726f·6e67·3e64··ul><li><strong>d000385c0:·756c·3e3c·6c69·3e3c·7374·726f·6e67·3e64··ul><li><strong>d
000385d0:·7261·6674·3c2f·7374·726f·6e67·3e0a·2020··raft</strong>.··000385d0:·7261·6674·3c2f·7374·726f·6e67·3e0a·2020··raft</strong>.··
000385e0:·2020·2020·2020·2020·2020·2020·2020·2020··················000385e0:·2020·2020·2020·2020·2020·2020·2020·2020··················
000385f0:·2020·2861·7320·6f66·2032·3032·342d·3031····(as·of·2024-01000385f0:·2020·2861·7320·6f66·2032·3032·352d·3032····(as·of·2025-02
00038600:·2d31·3429·0a20·2020·2020·2020·2020·2020··-14).···········00038600:·2d31·3529·0a20·2020·2020·2020·2020·2020··-15).···········
00038610:·2020·2020·203c·2f6c·693e·3c2f·756c·3e3c·······</li></ul><00038610:·2020·2020·203c·2f6c·693e·3c2f·756c·3e3c·······</li></ul><
00038620:·2f64·6976·3e3c·6832·3e54·6162·6c65·206f··/div><h2>Table·o00038620:·2f64·6976·3e3c·6832·3e54·6162·6c65·206f··/div><h2>Table·o
00038630:·6620·436f·6e74·656e·7473·3c2f·6832·3e3c··f·Contents</h2><00038630:·6620·436f·6e74·656e·7473·3c2f·6832·3e3c··f·Contents</h2><
00038640:·6f6c·3e3c·6c69·3e3c·6120·6872·6566·3d22··ol><li><a·href="00038640:·6f6c·3e3c·6c69·3e3c·6120·6872·6566·3d22··ol><li><a·href="
00038650:·2378·6363·6466·5f6f·7267·2e73·7367·7072··#xccdf_org.ssgpr00038650:·2378·6363·6466·5f6f·7267·2e73·7367·7072··#xccdf_org.ssgpr
00038660:·6f6a·6563·742e·636f·6e74·656e·745f·6772··oject.content_gr00038660:·6f6a·6563·742e·636f·6e74·656e·745f·6772··oject.content_gr
00038670:·6f75·705f·7379·7374·656d·223e·5379·7374··oup_system">Syst00038670:·6f75·705f·7379·7374·656d·223e·5379·7374··oup_system">Syst
Offset 97890, 23 lines modifiedOffset 97890, 23 lines modified
0017e610:·6f74·5f72·6571·7569·7265·640a·2020·2d20··ot_required.··-·0017e610:·6f74·5f72·6571·7569·7265·640a·2020·2d20··ot_required.··-·
0017e620:·7265·7374·7269·6374·5f73·7472·6174·6567··restrict_strateg0017e620:·7265·7374·7269·6374·5f73·7472·6174·6567··restrict_strateg
0017e630:·790a·0a2d·206e·616d·653a·2053·6574·2061··y..-·name:·Set·a0017e630:·790a·0a2d·206e·616d·653a·2053·6574·2061··y..-·name:·Set·a
0017e640:·7263·6869·7465·6374·7572·6520·666f·7220··rchitecture·for·0017e640:·7263·6869·7465·6374·7572·6520·666f·7220··rchitecture·for·
0017e650:·6175·6469·7420·6368·6d6f·6420·7461·736b··audit·chmod·task0017e650:·6175·6469·7420·6368·6d6f·6420·7461·736b··audit·chmod·task
0017e660:·730a·2020·7365·745f·6661·6374·3a0a·2020··s.··set_fact:.··0017e660:·730a·2020·7365·745f·6661·6374·3a0a·2020··s.··set_fact:.··
0017e670:·2020·6175·6469·745f·6172·6368·3a20·6236····audit_arch:·b60017e670:·2020·6175·6469·745f·6172·6368·3a20·6236····audit_arch:·b6
0017e680:·340a·2020·7768·656e·3a0a·2020·2d20·616e··4.··when:.··-·an0017e680:·340a·2020·7768·656e·3a0a·2020·2d20·2722··4.··when:.··-·'"
0017e690:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza 
0017e6a0:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in 
0017e6b0:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc 
0017e6c0:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po 
0017e6d0:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe 
0017e6e0:·7222·5d0a·2020·2d20·2722·6175·6469·7422··r"].··-·'"audit" 
0017e6f0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
0017e700:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·0017e690:·6175·6469·7422·2069·6e20·616e·7369·626c··audit"·in·ansibl
 0017e6a0:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
 0017e6b0:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
 0017e6c0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
 0017e6d0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
 0017e6e0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
 0017e6f0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
 0017e700:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·
0017e710:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec0017e710:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec
0017e720:·7475·7265·203d·3d20·2261·6172·6368·3634··ture·==·"aarch640017e720:·7475·7265·203d·3d20·2261·6172·6368·3634··ture·==·"aarch64
0017e730:·2220·6f72·2061·6e73·6962·6c65·5f61·7263··"·or·ansible_arc0017e730:·2220·6f72·2061·6e73·6962·6c65·5f61·7263··"·or·ansible_arc
0017e740:·6869·7465·6374·7572·6520·3d3d·2022·7070··hitecture·==·"pp0017e740:·6869·7465·6374·7572·6520·3d3d·2022·7070··hitecture·==·"pp
0017e750:·6336·3422·206f·7220·616e·7369·626c·655f··c64"·or·ansible_0017e750:·6336·3422·206f·7220·616e·7369·626c·655f··c64"·or·ansible_
0017e760:·6172·6368·6974·6563·7475·7265·0a20·2020··architecture.···0017e760:·6172·6368·6974·6563·7475·7265·0a20·2020··architecture.···
0017e770:·203d·3d20·2270·7063·3634·6c65·2220·6f72···==·"ppc64le"·or0017e770:·203d·3d20·2270·7063·3634·6c65·2220·6f72···==·"ppc64le"·or
Offset 98215, 22 lines modifiedOffset 98215, 22 lines modified
0017fa60:·6d6f·640a·2020·2020·2020·6372·6561·7465··mod.······create0017fa60:·6d6f·640a·2020·2020·2020·6372·6561·7465··mod.······create
0017fa70:·3a20·7472·7565·0a20·2020·2020·206d·6f64··:·true.······mod0017fa70:·3a20·7472·7565·0a20·2020·2020·206d·6f64··:·true.······mod
0017fa80:·653a·206f·2d72·7778·0a20·2020·2020·2073··e:·o-rwx.······s0017fa80:·653a·206f·2d72·7778·0a20·2020·2020·2073··e:·o-rwx.······s
0017fa90:·7461·7465·3a20·7072·6573·656e·740a·2020··tate:·present.··0017fa90:·7461·7465·3a20·7072·6573·656e·740a·2020··tate:·present.··
0017faa0:·2020·7768·656e·3a20·7379·7363·616c·6c73····when:·syscalls0017faa0:·2020·7768·656e·3a20·7379·7363·616c·6c73····when:·syscalls
0017fab0:·5f66·6f75·6e64·207c·206c·656e·6774·6820··_found·|·length·0017fab0:·5f66·6f75·6e64·207c·206c·656e·6774·6820··_found·|·length·
0017fac0:·3d3d·2030·0a20·2077·6865·6e3a·0a20·202d··==·0.··when:.··-0017fac0:·3d3d·2030·0a20·2077·6865·6e3a·0a20·202d··==·0.··when:.··-
0017fad0:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual 
0017fae0:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not 
0017faf0:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·" 
0017fb00:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",· 
0017fb10:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta 
0017fb20:·696e·6572·225d·0a20·202d·2027·2261·7564··iner"].··-·'"aud 
0017fb30:·6974·2220·696e·2061·6e73·6962·6c65·5f66··it"·in·ansible_f 
0017fb40:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·0017fad0:·2027·2261·7564·6974·2220·696e·2061·6e73···'"audit"·in·ans
 0017fae0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
 0017faf0:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible
 0017fb00:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
 0017fb10:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
 0017fb20:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
 0017fb30:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
 0017fb40:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
0017fb50:·2074·6167·733a·0a20·202d·2043·4345·2d32···tags:.··-·CCE-20017fb50:·2074·6167·733a·0a20·202d·2043·4345·2d32···tags:.··-·CCE-2
0017fb60:·3733·3339·2d31·0a20·202d·2043·4a49·532d··7339-1.··-·CJIS-0017fb60:·3733·3339·2d31·0a20·202d·2043·4a49·532d··7339-1.··-·CJIS-
0017fb70:·352e·342e·312e·310a·2020·2d20·4449·5341··5.4.1.1.··-·DISA0017fb70:·352e·342e·312e·310a·2020·2d20·4449·5341··5.4.1.1.··-·DISA
0017fb80:·2d53·5449·472d·5248·454c·2d30·372d·3033··-STIG-RHEL-07-030017fb80:·2d53·5449·472d·5248·454c·2d30·372d·3033··-STIG-RHEL-07-03
0017fb90:·3034·3130·0a20·202d·204e·4953·542d·3830··0410.··-·NIST-800017fb90:·3034·3130·0a20·202d·204e·4953·542d·3830··0410.··-·NIST-80
0017fba0:·302d·3137·312d·332e·312e·370a·2020·2d20··0-171-3.1.7.··-·0017fba0:·302d·3137·312d·332e·312e·370a·2020·2d20··0-171-3.1.7.··-·
0017fbb0:·4e49·5354·2d38·3030·2d35·332d·4155·2d31··NIST-800-53-AU-10017fbb0:·4e49·5354·2d38·3030·2d35·332d·4155·2d31··NIST-800-53-AU-1
Offset 98527, 23 lines modifiedOffset 98527, 23 lines modified
00180de0:·206b·6579·3d70·6572·6d5f·6d6f·640a·2020···key=perm_mod.··00180de0:·206b·6579·3d70·6572·6d5f·6d6f·640a·2020···key=perm_mod.··
00180df0:·2020·2020·6372·6561·7465·3a20·7472·7565······create:·true00180df0:·2020·2020·6372·6561·7465·3a20·7472·7565······create:·true
00180e00:·0a20·2020·2020·206d·6f64·653a·206f·2d72··.······mode:·o-r00180e00:·0a20·2020·2020·206d·6f64·653a·206f·2d72··.······mode:·o-r
00180e10:·7778·0a20·2020·2020·2073·7461·7465·3a20··wx.······state:·00180e10:·7778·0a20·2020·2020·2073·7461·7465·3a20··wx.······state:·
00180e20:·7072·6573·656e·740a·2020·2020·7768·656e··present.····when00180e20:·7072·6573·656e·740a·2020·2020·7768·656e··present.····when
00180e30:·3a20·7379·7363·616c·6c73·5f66·6f75·6e64··:·syscalls_found00180e30:·3a20·7379·7363·616c·6c73·5f66·6f75·6e64··:·syscalls_found
00180e40:·207c·206c·656e·6774·6820·3d3d·2030·0a20···|·length·==·0.·00180e40:·207c·206c·656e·6774·6820·3d3d·2030·0a20···|·length·==·0.·
00180e50:·2077·6865·6e3a·0a20·202d·2061·6e73·6962···when:.··-·ansib00180e50:·2077·6865·6e3a·0a20·202d·2027·2261·7564···when:.··-·'"aud
00180e60:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio 
00180e70:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·[" 
00180e80:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",· 
00180e90:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma 
00180ea0:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"] 
00180eb0:·0a20·202d·2027·2261·7564·6974·2220·696e··.··-·'"audit"·in 
00180ec0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
00180ed0:·6163·6b61·6765·7327·0a20·202d·2061·7564··ackages'.··-·aud00180e60:·6974·2220·696e·2061·6e73·6962·6c65·5f66··it"·in·ansible_f
 00180e70:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
 00180e80:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu
 00180e90:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n
 00180ea0:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",
 00180eb0:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"
 00180ec0:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con
 00180ed0:·7461·696e·6572·225d·0a20·202d·2061·7564··tainer"].··-·aud
00180ee0:·6974·5f61·7263·6820·3d3d·2022·6236·3422··it_arch·==·"b64"00180ee0:·6974·5f61·7263·6820·3d3d·2022·6236·3422··it_arch·==·"b64"
00180ef0:·0a20·2074·6167·733a·0a20·202d·2043·4345··.··tags:.··-·CCE00180ef0:·0a20·2074·6167·733a·0a20·202d·2043·4345··.··tags:.··-·CCE
00180f00:·2d32·3733·3339·2d31·0a20·202d·2043·4a49··-27339-1.··-·CJI00180f00:·2d32·3733·3339·2d31·0a20·202d·2043·4a49··-27339-1.··-·CJI
00180f10:·532d·352e·342e·312e·310a·2020·2d20·4449··S-5.4.1.1.··-·DI00180f10:·532d·352e·342e·312e·310a·2020·2d20·4449··S-5.4.1.1.··-·DI
00180f20:·5341·2d53·5449·472d·5248·454c·2d30·372d··SA-STIG-RHEL-07-00180f20:·5341·2d53·5449·472d·5248·454c·2d30·372d··SA-STIG-RHEL-07-
00180f30:·3033·3034·3130·0a20·202d·204e·4953·542d··030410.··-·NIST-00180f30:·3033·3034·3130·0a20·202d·204e·4953·542d··030410.··-·NIST-
00180f40:·3830·302d·3137·312d·332e·312e·370a·2020··800-171-3.1.7.··00180f40:·3830·302d·3137·312d·332e·312e·370a·2020··800-171-3.1.7.··
Offset 98578, 21 lines modifiedOffset 98578, 21 lines modified
00181110:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane00181110:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane
00181120:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla00181120:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla
00181130:·7073·6522·2069·643d·2269·646d·3235·3534··pse"·id="idm255400181130:·7073·6522·2069·643d·2269·646d·3235·3534··pse"·id="idm2554
00181140:·3822·3e3c·7072·653e·3c63·6f64·653e·2320··8"><pre><code>#·00181140:·3822·3e3c·7072·653e·3c63·6f64·653e·2320··8"><pre><code>#·
00181150:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a00181150:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a
00181160:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i00181160:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i
00181170:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo00181170:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo
 00181180:·726d·730a·6966·2072·706d·202d·2d71·7569··rms.if·rpm·--qui
 00181190:·6574·202d·7120·6175·6469·7420·2661·6d70··et·-q·audit·&amp
00181180:·726d·730a·6966·205b·2021·202d·6620·2f2e··rms.if·[·!·-f·/.001811a0:·3b26·616d·703b·205b·2021·202d·6620·2f2e··;&amp;·[·!·-f·/.
00181190:·646f·636b·6572·656e·7620·5d20·2661·6d70··dockerenv·]·&amp001811b0:·646f·636b·6572·656e·7620·5d20·2661·6d70··dockerenv·]·&amp
001811a0:·3b26·616d·703b·205b·2021·202d·6620·2f72··;&amp;·[·!·-f·/r001811c0:·3b26·616d·703b·205b·2021·202d·6620·2f72··;&amp;·[·!·-f·/r
001811b0:·756e·2f2e·636f·6e74·6169·6e65·7265·6e76··un/.containerenv001811d0:·756e·2f2e·636f·6e74·6169·6e65·7265·6e76··un/.containerenv
001811c0:·205d·2026·616d·703b·2661·6d70·3b20·7270···]·&amp;&amp;·rp 
001811d0:·6d20·2d2d·7175·6965·7420·2d71·2061·7564··m·--quiet·-q·aud 
001811e0:·6974·3b20·7468·656e·0a0a·2320·4669·7273··it;·then..#·Firs001811e0:·205d·3b20·7468·656e·0a0a·2320·4669·7273···];·then..#·Firs
001811f0:·7420·7065·7266·6f72·6d20·7468·6520·7265··t·perform·the·re001811f0:·7420·7065·7266·6f72·6d20·7468·6520·7265··t·perform·the·re
00181200:·6d65·6469·6174·696f·6e20·6f66·2074·6865··mediation·of·the00181200:·6d65·6469·6174·696f·6e20·6f66·2074·6865··mediation·of·the
Max diff block lines reached; 769591/779105 bytes (98.78%) of diff not shown.
237 KB
html2text {}
    
Offset 62, 15 lines modifiedOffset 62, 15 lines modified
62 ····*·cpe:/o:redhat:enterprise_linux:7::client62 ····*·cpe:/o:redhat:enterprise_linux:7::client
63 ····*·cpe:/o:redhat:enterprise_linux:7::computenode63 ····*·cpe:/o:redhat:enterprise_linux:7::computenode
64 ····*·cpe:/o:redhat:enterprise_linux:7::server64 ····*·cpe:/o:redhat:enterprise_linux:7::server
65 ····*·cpe:/o:redhat:enterprise_linux:7::workstation65 ····*·cpe:/o:redhat:enterprise_linux:7::workstation
66 ····*·cpe:/o:redhat:enterprise_linux:766 ····*·cpe:/o:redhat:enterprise_linux:7
67 *****·Revision·History·*****67 *****·Revision·History·*****
68 Current·version:·0.1.6568 Current·version:·0.1.65
69 ····*·draft·(as·of·2024-01-14)69 ····*·draft·(as·of·2025-02-15)
70 *****·Table·of·Contents·*****70 *****·Table·of·Contents·*****
71 ···1.·System_Settings71 ···1.·System_Settings
72 ·········1.·Installing_and_Maintaining_Software72 ·········1.·Installing_and_Maintaining_Software
73 ·········2.·Account_and_Access_Control73 ·········2.·Account_and_Access_Control
74 ·········3.·System_Accounting_with_auditd74 ·········3.·System_Accounting_with_auditd
75 ·········4.·GRUB2_bootloader_configuration75 ·········4.·GRUB2_bootloader_configuration
76 ·········5.·Configure_Syslog76 ·········5.·Configure_Syslog
Offset 15240, 16 lines modifiedOffset 15240, 16 lines modified
15240 ··-·reboot_required15240 ··-·reboot_required
15241 ··-·restrict_strategy15241 ··-·restrict_strategy
  
15242 -·name:·Set·architecture·for·audit·chmod·tasks15242 -·name:·Set·architecture·for·audit·chmod·tasks
15243 ··set_fact:15243 ··set_fact:
15244 ····audit_arch:·b6415244 ····audit_arch:·b64
15245 ··when:15245 ··when:
15246 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
15247 ··-·'"audit"·in·ansible_facts.packages'15246 ··-·'"audit"·in·ansible_facts.packages'
 15247 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
15248 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture15248 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
15249 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"15249 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
15250 ··tags:15250 ··tags:
15251 ··-·CCE-27339-115251 ··-·CCE-27339-1
15252 ··-·CJIS-5.4.1.115252 ··-·CJIS-5.4.1.1
15253 ··-·DISA-STIG-RHEL-07-03041015253 ··-·DISA-STIG-RHEL-07-030410
15254 ··-·NIST-800-171-3.1.715254 ··-·NIST-800-171-3.1.7
Offset 15387, 16 lines modifiedOffset 15387, 16 lines modified
15387 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100015387 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
15388 ········-F·auid!=unset·-F·key=perm_mod15388 ········-F·auid!=unset·-F·key=perm_mod
15389 ······create:·true15389 ······create:·true
15390 ······mode:·o-rwx15390 ······mode:·o-rwx
15391 ······state:·present15391 ······state:·present
15392 ····when:·syscalls_found·|·length·==·015392 ····when:·syscalls_found·|·length·==·0
15393 ··when:15393 ··when:
15394 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
15395 ··-·'"audit"·in·ansible_facts.packages'15394 ··-·'"audit"·in·ansible_facts.packages'
 15395 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
15396 ··tags:15396 ··tags:
15397 ··-·CCE-27339-115397 ··-·CCE-27339-1
15398 ··-·CJIS-5.4.1.115398 ··-·CJIS-5.4.1.1
15399 ··-·DISA-STIG-RHEL-07-03041015399 ··-·DISA-STIG-RHEL-07-030410
15400 ··-·NIST-800-171-3.1.715400 ··-·NIST-800-171-3.1.7
15401 ··-·NIST-800-53-AU-12(c)15401 ··-·NIST-800-53-AU-12(c)
15402 ··-·NIST-800-53-AU-2(d)15402 ··-·NIST-800-53-AU-2(d)
Offset 15532, 16 lines modifiedOffset 15532, 16 lines modified
15532 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100015532 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
15533 ········-F·auid!=unset·-F·key=perm_mod15533 ········-F·auid!=unset·-F·key=perm_mod
15534 ······create:·true15534 ······create:·true
15535 ······mode:·o-rwx15535 ······mode:·o-rwx
15536 ······state:·present15536 ······state:·present
15537 ····when:·syscalls_found·|·length·==·015537 ····when:·syscalls_found·|·length·==·0
15538 ··when:15538 ··when:
15539 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
15540 ··-·'"audit"·in·ansible_facts.packages'15539 ··-·'"audit"·in·ansible_facts.packages'
 15540 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
15541 ··-·audit_arch·==·"b64"15541 ··-·audit_arch·==·"b64"
15542 ··tags:15542 ··tags:
15543 ··-·CCE-27339-115543 ··-·CCE-27339-1
15544 ··-·CJIS-5.4.1.115544 ··-·CJIS-5.4.1.1
15545 ··-·DISA-STIG-RHEL-07-03041015545 ··-·DISA-STIG-RHEL-07-030410
15546 ··-·NIST-800-171-3.1.715546 ··-·NIST-800-171-3.1.7
15547 ··-·NIST-800-53-AU-12(c)15547 ··-·NIST-800-53-AU-12(c)
Offset 15552, 15 lines modifiedOffset 15552, 15 lines modified
15552 ··-·low_complexity15552 ··-·low_complexity
15553 ··-·low_disruption15553 ··-·low_disruption
15554 ··-·medium_severity15554 ··-·medium_severity
15555 ··-·reboot_required15555 ··-·reboot_required
15556 ··-·restrict_strategy15556 ··-·restrict_strategy
15557 Remediation_Shell_script_⇲15557 Remediation_Shell_script_⇲
15558 #·Remediation·is·applicable·only·in·certain·platforms15558 #·Remediation·is·applicable·only·in·certain·platforms
15559 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then15559 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
15560 #·First·perform·the·remediation·of·the·syscall·rule15560 #·First·perform·the·remediation·of·the·syscall·rule
15561 #·Retrieve·hardware·architecture·of·the·underlying·system15561 #·Retrieve·hardware·architecture·of·the·underlying·system
15562 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")15562 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
15563 for·ARCH·in·"${RULE_ARCHS[@]}"15563 for·ARCH·in·"${RULE_ARCHS[@]}"
15564 do15564 do
Offset 15923, 16 lines modifiedOffset 15923, 16 lines modified
15923 ··-·reboot_required15923 ··-·reboot_required
15924 ··-·restrict_strategy15924 ··-·restrict_strategy
  
15925 -·name:·Set·architecture·for·audit·chown·tasks15925 -·name:·Set·architecture·for·audit·chown·tasks
15926 ··set_fact:15926 ··set_fact:
15927 ····audit_arch:·b6415927 ····audit_arch:·b64
15928 ··when:15928 ··when:
15929 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
15930 ··-·'"audit"·in·ansible_facts.packages'15929 ··-·'"audit"·in·ansible_facts.packages'
 15930 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
15931 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture15931 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
15932 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"15932 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
15933 ··tags:15933 ··tags:
15934 ··-·CCE-27364-915934 ··-·CCE-27364-9
15935 ··-·CJIS-5.4.1.115935 ··-·CJIS-5.4.1.1
15936 ··-·DISA-STIG-RHEL-07-03037015936 ··-·DISA-STIG-RHEL-07-030370
15937 ··-·NIST-800-171-3.1.715937 ··-·NIST-800-171-3.1.7
Offset 16072, 16 lines modifiedOffset 16072, 16 lines modified
16072 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100016072 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
16073 ········-F·auid!=unset·-F·key=perm_mod16073 ········-F·auid!=unset·-F·key=perm_mod
16074 ······create:·true16074 ······create:·true
16075 ······mode:·o-rwx16075 ······mode:·o-rwx
16076 ······state:·present16076 ······state:·present
16077 ····when:·syscalls_found·|·length·==·016077 ····when:·syscalls_found·|·length·==·0
16078 ··when:16078 ··when:
16079 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
16080 ··-·'"audit"·in·ansible_facts.packages'16079 ··-·'"audit"·in·ansible_facts.packages'
 16080 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
16081 ··tags:16081 ··tags:
16082 ··-·CCE-27364-916082 ··-·CCE-27364-9
16083 ··-·CJIS-5.4.1.116083 ··-·CJIS-5.4.1.1
16084 ··-·DISA-STIG-RHEL-07-03037016084 ··-·DISA-STIG-RHEL-07-030370
16085 ··-·NIST-800-171-3.1.716085 ··-·NIST-800-171-3.1.7
16086 ··-·NIST-800-53-AU-12(c)16086 ··-·NIST-800-53-AU-12(c)
16087 ··-·NIST-800-53-AU-2(d)16087 ··-·NIST-800-53-AU-2(d)
Offset 16219, 16 lines modifiedOffset 16219, 16 lines modified
16219 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100016219 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
16220 ········-F·auid!=unset·-F·key=perm_mod16220 ········-F·auid!=unset·-F·key=perm_mod
16221 ······create:·true16221 ······create:·true
16222 ······mode:·o-rwx16222 ······mode:·o-rwx
16223 ······state:·present16223 ······state:·present
Max diff block lines reached; 237807/242559 bytes (98.04%) of diff not shown.
6.87 KB
./usr/share/doc/ssg-nondebian/ssg-rhel7-guide-ospp.html
    
Offset 14362, 15 lines modifiedOffset 14362, 15 lines modified
00038190:·6f72·793c·2f68·323e·3c70·3e43·7572·7265··ory</h2><p>Curre00038190:·6f72·793c·2f68·323e·3c70·3e43·7572·7265··ory</h2><p>Curre
000381a0:·6e74·2076·6572·7369·6f6e·3a20·3c73·7472··nt·version:·<str000381a0:·6e74·2076·6572·7369·6f6e·3a20·3c73·7472··nt·version:·<str
000381b0:·6f6e·673e·302e·312e·3635·3c2f·7374·726f··ong>0.1.65</stro000381b0:·6f6e·673e·302e·312e·3635·3c2f·7374·726f··ong>0.1.65</stro
000381c0:·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c··ng></p><ul><li><000381c0:·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c··ng></p><ul><li><
000381d0:·7374·726f·6e67·3e64·7261·6674·3c2f·7374··strong>draft</st000381d0:·7374·726f·6e67·3e64·7261·6674·3c2f·7374··strong>draft</st
000381e0:·726f·6e67·3e0a·2020·2020·2020·2020·2020··rong>.··········000381e0:·726f·6e67·3e0a·2020·2020·2020·2020·2020··rong>.··········
000381f0:·2020·2020·2020·2020·2020·2861·7320·6f66············(as·of000381f0:·2020·2020·2020·2020·2020·2861·7320·6f66············(as·of
00038200:·2032·3032·342d·3031·2d31·3429·0a20·2020···2024-01-14).···00038200:·2032·3032·352d·3032·2d31·3529·0a20·2020···2025-02-15).···
00038210:·2020·2020·2020·2020·2020·2020·203c·2f6c···············</l00038210:·2020·2020·2020·2020·2020·2020·203c·2f6c···············</l
00038220:·693e·3c2f·756c·3e3c·2f64·6976·3e3c·6832··i></ul></div><h200038220:·693e·3c2f·756c·3e3c·2f64·6976·3e3c·6832··i></ul></div><h2
00038230:·3e54·6162·6c65·206f·6620·436f·6e74·656e··>Table·of·Conten00038230:·3e54·6162·6c65·206f·6620·436f·6e74·656e··>Table·of·Conten
00038240:·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c··ts</h2><ol><li><00038240:·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c··ts</h2><ol><li><
00038250:·6120·6872·6566·3d22·2378·6363·6466·5f6f··a·href="#xccdf_o00038250:·6120·6872·6566·3d22·2378·6363·6466·5f6f··a·href="#xccdf_o
00038260:·7267·2e73·7367·7072·6f6a·6563·742e·636f··rg.ssgproject.co00038260:·7267·2e73·7367·7072·6f6a·6563·742e·636f··rg.ssgproject.co
00038270:·6e74·656e·745f·6772·6f75·705f·7379·7374··ntent_group_syst00038270:·6e74·656e·745f·6772·6f75·705f·7379·7374··ntent_group_syst
Offset 47170, 23 lines modifiedOffset 47170, 23 lines modified
000b8410:·6567·6578·703a·205e·5c73·2a66·6c75·7368··egexp:·^\s*flush000b8410:·6567·6578·703a·205e·5c73·2a66·6c75·7368··egexp:·^\s*flush
000b8420:·5c73·2a3d·5c73·2a2e·2a24·0a20·2020·206c··\s*=\s*.*$.····l000b8420:·5c73·2a3d·5c73·2a2e·2a24·0a20·2020·206c··\s*=\s*.*$.····l
000b8430:·696e·653a·2066·6c75·7368·203d·207b·7b20··ine:·flush·=·{{·000b8430:·696e·653a·2066·6c75·7368·203d·207b·7b20··ine:·flush·=·{{·
000b8440:·7661·725f·6175·6469·7464·5f66·6c75·7368··var_auditd_flush000b8440:·7661·725f·6175·6469·7464·5f66·6c75·7368··var_auditd_flush
000b8450:·207d·7d0a·2020·2020·7374·6174·653a·2070···}}.····state:·p000b8450:·207d·7d0a·2020·2020·7374·6174·653a·2070···}}.····state:·p
000b8460:·7265·7365·6e74·0a20·2020·2063·7265·6174··resent.····creat000b8460:·7265·7365·6e74·0a20·2020·2063·7265·6174··resent.····creat
000b8470:·653a·2074·7275·650a·2020·7768·656e·3a0a··e:·true.··when:.000b8470:·653a·2074·7275·650a·2020·7768·656e·3a0a··e:·true.··when:.
000b8480:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt 
000b8490:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type· 
000b84a0:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker" 
000b84b0:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz 
000b84c0:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co 
000b84d0:·6e74·6169·6e65·7222·5d0a·2020·2d20·2722··ntainer"].··-·'" 
000b84e0:·6175·6469·7422·2069·6e20·616e·7369·626c··audit"·in·ansibl 
000b84f0:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages000b8480:·2020·2d20·2722·6175·6469·7422·2069·6e20····-·'"audit"·in·
 000b8490:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
 000b84a0:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi
 000b84b0:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
 000b84c0:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
 000b84d0:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
 000b84e0:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
 000b84f0:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
000b8500:·270a·2020·7461·6773·3a0a·2020·2d20·4343··'.··tags:.··-·CC000b8500:·5d0a·2020·7461·6773·3a0a·2020·2d20·4343··].··tags:.··-·CC
000b8510:·452d·3237·3333·312d·380a·2020·2d20·4e49··E-27331-8.··-·NI000b8510:·452d·3237·3333·312d·380a·2020·2d20·4e49··E-27331-8.··-·NI
000b8520:·5354·2d38·3030·2d31·3731·2d33·2e33·2e31··ST-800-171-3.3.1000b8520:·5354·2d38·3030·2d31·3731·2d33·2e33·2e31··ST-800-171-3.3.1
000b8530:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53000b8530:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
000b8540:·2d41·552d·3131·0a20·202d·204e·4953·542d··-AU-11.··-·NIST-000b8540:·2d41·552d·3131·0a20·202d·204e·4953·542d··-AU-11.··-·NIST-
000b8550:·3830·302d·3533·2d43·4d2d·3628·6129·0a20··800-53-CM-6(a).·000b8550:·3830·302d·3533·2d43·4d2d·3628·6129·0a20··800-53-CM-6(a).·
000b8560:·202d·2061·7564·6974·645f·6461·7461·5f72···-·auditd_data_r000b8560:·202d·2061·7564·6974·645f·6461·7461·5f72···-·auditd_data_r
000b8570:·6574·656e·7469·6f6e·5f66·6c75·7368·0a20··etention_flush.·000b8570:·6574·656e·7469·6f6e·5f66·6c75·7368·0a20··etention_flush.·
Offset 47213, 20 lines modifiedOffset 47213, 20 lines modified
000b86c0:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col000b86c0:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col
000b86d0:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·000b86d0:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·
000b86e0:·6964·3d22·6964·6d33·3835·3230·223e·3c70··id="idm38520"><p000b86e0:·6964·3d22·6964·6d33·3835·3230·223e·3c70··id="idm38520"><p
000b86f0:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed000b86f0:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed
000b8700:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic000b8700:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic
000b8710:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer000b8710:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer
000b8720:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i000b8720:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i
 000b8730:·6620·7270·6d20·2d2d·7175·6965·7420·2d71··f·rpm·--quiet·-q
 000b8740:·2061·7564·6974·2026·616d·703b·2661·6d70···audit·&amp;&amp
000b8730:·6620·5b20·2120·2d66·202f·2e64·6f63·6b65··f·[·!·-f·/.docke000b8750:·3b20·5b20·2120·2d66·202f·2e64·6f63·6b65··;·[·!·-f·/.docke
000b8740:·7265·6e76·205d·2026·616d·703b·2661·6d70··renv·]·&amp;&amp000b8760:·7265·6e76·205d·2026·616d·703b·2661·6d70··renv·]·&amp;&amp
000b8750:·3b20·5b20·2120·2d66·202f·7275·6e2f·2e63··;·[·!·-f·/run/.c000b8770:·3b20·5b20·2120·2d66·202f·7275·6e2f·2e63··;·[·!·-f·/run/.c
000b8760:·6f6e·7461·696e·6572·656e·7620·5d20·2661··ontainerenv·]·&a000b8780:·6f6e·7461·696e·6572·656e·7620·5d3b·2074··ontainerenv·];·t
000b8770:·6d70·3b26·616d·703b·2072·706d·202d·2d71··mp;&amp;·rpm·--q 
000b8780:·7569·6574·202d·7120·6175·6469·743b·2074··uiet·-q·audit;·t 
000b8790:·6865·6e0a·0a76·6172·5f61·7564·6974·645f··hen..var_auditd_000b8790:·6865·6e0a·0a76·6172·5f61·7564·6974·645f··hen..var_auditd_
000b87a0:·666c·7573·683d·273c·6162·6272·2074·6974··flush='<abbr·tit000b87a0:·666c·7573·683d·273c·6162·6272·2074·6974··flush='<abbr·tit
000b87b0:·6c65·3d22·6672·6f6d·2050·726f·6669·6c65··le="from·Profile000b87b0:·6c65·3d22·6672·6f6d·2050·726f·6669·6c65··le="from·Profile
000b87c0:·2f72·6566·696e·652d·7661·6c75·653a·2078··/refine-value:·x000b87c0:·2f72·6566·696e·652d·7661·6c75·653a·2078··/refine-value:·x
000b87d0:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj000b87d0:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj
000b87e0:·6563·742e·636f·6e74·656e·745f·7661·6c75··ect.content_valu000b87e0:·6563·742e·636f·6e74·656e·745f·7661·6c75··ect.content_valu
000b87f0:·655f·7661·725f·6175·6469·7464·5f66·6c75··e_var_auditd_flu000b87f0:·655f·7661·725f·6175·6469·7464·5f66·6c75··e_var_auditd_flu
1.7 KB
html2text {}
    
Offset 48, 15 lines modifiedOffset 48, 15 lines modified
48 ····*·cpe:/o:redhat:enterprise_linux:7::client48 ····*·cpe:/o:redhat:enterprise_linux:7::client
49 ····*·cpe:/o:redhat:enterprise_linux:7::computenode49 ····*·cpe:/o:redhat:enterprise_linux:7::computenode
50 ····*·cpe:/o:redhat:enterprise_linux:7::server50 ····*·cpe:/o:redhat:enterprise_linux:7::server
51 ····*·cpe:/o:redhat:enterprise_linux:7::workstation51 ····*·cpe:/o:redhat:enterprise_linux:7::workstation
52 ····*·cpe:/o:redhat:enterprise_linux:752 ····*·cpe:/o:redhat:enterprise_linux:7
53 *****·Revision·History·*****53 *****·Revision·History·*****
54 Current·version:·0.1.6554 Current·version:·0.1.65
55 ····*·draft·(as·of·2024-01-14)55 ····*·draft·(as·of·2025-02-15)
56 *****·Table·of·Contents·*****56 *****·Table·of·Contents·*****
57 ···1.·System_Settings57 ···1.·System_Settings
58 ·········1.·Installing_and_Maintaining_Software58 ·········1.·Installing_and_Maintaining_Software
59 ·········2.·Account_and_Access_Control59 ·········2.·Account_and_Access_Control
60 ·········3.·System_Accounting_with_auditd60 ·········3.·System_Accounting_with_auditd
61 ·········4.·GRUB2_bootloader_configuration61 ·········4.·GRUB2_bootloader_configuration
62 ·········5.·Network_Configuration_and_Firewalls62 ·········5.·Network_Configuration_and_Firewalls
Offset 6234, 30 lines modifiedOffset 6234, 30 lines modified
6234 ··lineinfile:6234 ··lineinfile:
6235 ····dest:·/etc/audit/auditd.conf6235 ····dest:·/etc/audit/auditd.conf
6236 ····regexp:·^\s*flush\s*=\s*.*$6236 ····regexp:·^\s*flush\s*=\s*.*$
6237 ····line:·flush·=·{{·var_auditd_flush·}}6237 ····line:·flush·=·{{·var_auditd_flush·}}
6238 ····state:·present6238 ····state:·present
6239 ····create:·true6239 ····create:·true
6240 ··when:6240 ··when:
6241 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
6242 ··-·'"audit"·in·ansible_facts.packages'6241 ··-·'"audit"·in·ansible_facts.packages'
 6242 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6243 ··tags:6243 ··tags:
6244 ··-·CCE-27331-86244 ··-·CCE-27331-8
6245 ··-·NIST-800-171-3.3.16245 ··-·NIST-800-171-3.3.1
6246 ··-·NIST-800-53-AU-116246 ··-·NIST-800-53-AU-11
6247 ··-·NIST-800-53-CM-6(a)6247 ··-·NIST-800-53-CM-6(a)
6248 ··-·auditd_data_retention_flush6248 ··-·auditd_data_retention_flush
6249 ··-·low_complexity6249 ··-·low_complexity
6250 ··-·low_disruption6250 ··-·low_disruption
6251 ··-·medium_severity6251 ··-·medium_severity
6252 ··-·no_reboot_needed6252 ··-·no_reboot_needed
6253 ··-·restrict_strategy6253 ··-·restrict_strategy
6254 Remediation_Shell_script_⇲6254 Remediation_Shell_script_⇲
6255 #·Remediation·is·applicable·only·in·certain·platforms6255 #·Remediation·is·applicable·only·in·certain·platforms
6256 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then6256 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
6257 var_auditd_flush='incremental_async'6257 var_auditd_flush='incremental_async'
  
  
6258 AUDITCONFIG=/etc/audit/auditd.conf6258 AUDITCONFIG=/etc/audit/auditd.conf
  
6259 #·if·flush·is·present,·flush·param·edited·to·var_auditd_flush6259 #·if·flush·is·present,·flush·param·edited·to·var_auditd_flush
540 KB
./usr/share/doc/ssg-nondebian/ssg-rhel7-guide-pci-dss.html
    
Offset 14337, 16 lines modifiedOffset 14337, 16 lines modified
00038000:·6973·696f·6e20·4869·7374·6f72·793c·2f68··ision·History</h00038000:·6973·696f·6e20·4869·7374·6f72·793c·2f68··ision·History</h
00038010:·323e·3c70·3e43·7572·7265·6e74·2076·6572··2><p>Current·ver00038010:·323e·3c70·3e43·7572·7265·6e74·2076·6572··2><p>Current·ver
00038020:·7369·6f6e·3a20·3c73·7472·6f6e·673e·302e··sion:·<strong>0.00038020:·7369·6f6e·3a20·3c73·7472·6f6e·673e·302e··sion:·<strong>0.
00038030:·312e·3635·3c2f·7374·726f·6e67·3e3c·2f70··1.65</strong></p00038030:·312e·3635·3c2f·7374·726f·6e67·3e3c·2f70··1.65</strong></p
00038040:·3e3c·756c·3e3c·6c69·3e3c·7374·726f·6e67··><ul><li><strong00038040:·3e3c·756c·3e3c·6c69·3e3c·7374·726f·6e67··><ul><li><strong
00038050:·3e64·7261·6674·3c2f·7374·726f·6e67·3e0a··>draft</strong>.00038050:·3e64·7261·6674·3c2f·7374·726f·6e67·3e0a··>draft</strong>.
00038060:·2020·2020·2020·2020·2020·2020·2020·2020··················00038060:·2020·2020·2020·2020·2020·2020·2020·2020··················
00038070:·2020·2020·2861·7320·6f66·2032·3032·342d······(as·of·2024-00038070:·2020·2020·2861·7320·6f66·2032·3032·352d······(as·of·2025-
00038080:·3031·2d31·3429·0a20·2020·2020·2020·2020··01-14).·········00038080:·3032·2d31·3529·0a20·2020·2020·2020·2020··02-15).·········
00038090:·2020·2020·2020·203c·2f6c·693e·3c2f·756c·········</li></ul00038090:·2020·2020·2020·203c·2f6c·693e·3c2f·756c·········</li></ul
000380a0:·3e3c·2f64·6976·3e3c·6832·3e54·6162·6c65··></div><h2>Table000380a0:·3e3c·2f64·6976·3e3c·6832·3e54·6162·6c65··></div><h2>Table
000380b0:·206f·6620·436f·6e74·656e·7473·3c2f·6832···of·Contents</h2000380b0:·206f·6620·436f·6e74·656e·7473·3c2f·6832···of·Contents</h2
000380c0:·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872·6566··><ol><li><a·href000380c0:·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872·6566··><ol><li><a·href
000380d0:·3d22·2378·6363·6466·5f6f·7267·2e73·7367··="#xccdf_org.ssg000380d0:·3d22·2378·6363·6466·5f6f·7267·2e73·7367··="#xccdf_org.ssg
000380e0:·7072·6f6a·6563·742e·636f·6e74·656e·745f··project.content_000380e0:·7072·6f6a·6563·742e·636f·6e74·656e·745f··project.content_
000380f0:·6772·6f75·705f·7379·7374·656d·223e·5379··group_system">Sy000380f0:·6772·6f75·705f·7379·7374·656d·223e·5379··group_system">Sy
Offset 49800, 23 lines modifiedOffset 49800, 23 lines modified
000c2870:·7175·6972·6564·0a20·202d·2072·6573·7472··quired.··-·restr000c2870:·7175·6972·6564·0a20·202d·2072·6573·7472··quired.··-·restr
000c2880:·6963·745f·7374·7261·7465·6779·0a0a·2d20··ict_strategy..-·000c2880:·6963·745f·7374·7261·7465·6779·0a0a·2d20··ict_strategy..-·
000c2890:·6e61·6d65·3a20·5365·7420·6172·6368·6974··name:·Set·archit000c2890:·6e61·6d65·3a20·5365·7420·6172·6368·6974··name:·Set·archit
000c28a0:·6563·7475·7265·2066·6f72·2061·7564·6974··ecture·for·audit000c28a0:·6563·7475·7265·2066·6f72·2061·7564·6974··ecture·for·audit
000c28b0:·2063·686d·6f64·2074·6173·6b73·0a20·2073···chmod·tasks.··s000c28b0:·2063·686d·6f64·2074·6173·6b73·0a20·2073···chmod·tasks.··s
000c28c0:·6574·5f66·6163·743a·0a20·2020·2061·7564··et_fact:.····aud000c28c0:·6574·5f66·6163·743a·0a20·2020·2061·7564··et_fact:.····aud
000c28d0:·6974·5f61·7263·683a·2062·3634·0a20·2077··it_arch:·b64.··w000c28d0:·6974·5f61·7263·683a·2062·3634·0a20·2077··it_arch:·b64.··w
000c28e0:·6865·6e3a·0a20·202d·2061·6e73·6962·6c65··hen:.··-·ansible000c28e0:·6865·6e3a·0a20·202d·2027·2261·7564·6974··hen:.··-·'"audit
000c28f0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_ 
000c2900:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do 
000c2910:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o 
000c2920:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman" 
000c2930:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].· 
000c2940:·202d·2027·2261·7564·6974·2220·696e·2061···-·'"audit"·in·a 
000c2950:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac000c28f0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
 000c2900:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-
 000c2910:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
 000c2920:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
 000c2930:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
 000c2940:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
 000c2950:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
000c2960:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib000c2960:·696e·6572·225d·0a20·202d·2061·6e73·6962··iner"].··-·ansib
000c2970:·6c65·5f61·7263·6869·7465·6374·7572·6520··le_architecture·000c2970:·6c65·5f61·7263·6869·7465·6374·7572·6520··le_architecture·
000c2980:·3d3d·2022·6161·7263·6836·3422·206f·7220··==·"aarch64"·or·000c2980:·3d3d·2022·6161·7263·6836·3422·206f·7220··==·"aarch64"·or·
000c2990:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec000c2990:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec
000c29a0:·7475·7265·203d·3d20·2270·7063·3634·2220··ture·==·"ppc64"·000c29a0:·7475·7265·203d·3d20·2270·7063·3634·2220··ture·==·"ppc64"·
000c29b0:·6f72·2061·6e73·6962·6c65·5f61·7263·6869··or·ansible_archi000c29b0:·6f72·2061·6e73·6962·6c65·5f61·7263·6869··or·ansible_archi
000c29c0:·7465·6374·7572·650a·2020·2020·3d3d·2022··tecture.····==·"000c29c0:·7465·6374·7572·650a·2020·2020·3d3d·2022··tecture.····==·"
000c29d0:·7070·6336·346c·6522·206f·7220·616e·7369··ppc64le"·or·ansi000c29d0:·7070·6336·346c·6522·206f·7220·616e·7369··ppc64le"·or·ansi
Offset 50124, 23 lines modifiedOffset 50124, 23 lines modified
000c3cb0:·4620·6b65·793d·7065·726d·5f6d·6f64·0a20··F·key=perm_mod.·000c3cb0:·4620·6b65·793d·7065·726d·5f6d·6f64·0a20··F·key=perm_mod.·
000c3cc0:·2020·2020·2063·7265·6174·653a·2074·7275·······create:·tru000c3cc0:·2020·2020·2063·7265·6174·653a·2074·7275·······create:·tru
000c3cd0:·650a·2020·2020·2020·6d6f·6465·3a20·6f2d··e.······mode:·o-000c3cd0:·650a·2020·2020·2020·6d6f·6465·3a20·6f2d··e.······mode:·o-
000c3ce0:·7277·780a·2020·2020·2020·7374·6174·653a··rwx.······state:000c3ce0:·7277·780a·2020·2020·2020·7374·6174·653a··rwx.······state:
000c3cf0:·2070·7265·7365·6e74·0a20·2020·2077·6865···present.····whe000c3cf0:·2070·7265·7365·6e74·0a20·2020·2077·6865···present.····whe
000c3d00:·6e3a·2073·7973·6361·6c6c·735f·666f·756e··n:·syscalls_foun000c3d00:·6e3a·2073·7973·6361·6c6c·735f·666f·756e··n:·syscalls_foun
000c3d10:·6420·7c20·6c65·6e67·7468·203d·3d20·300a··d·|·length·==·0.000c3d10:·6420·7c20·6c65·6e67·7468·203d·3d20·300a··d·|·length·==·0.
000c3d20:·2020·7768·656e·3a0a·2020·2d20·616e·7369····when:.··-·ansi000c3d20:·2020·7768·656e·3a0a·2020·2d20·2722·6175····when:.··-·'"au
000c3d30:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati 
000c3d40:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[ 
000c3d50:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc", 
000c3d60:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm 
000c3d70:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container" 
000c3d80:·5d0a·2020·2d20·2722·6175·6469·7422·2069··].··-·'"audit"·i 
000c3d90:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
000c3da0:·7061·636b·6167·6573·270a·2020·7461·6773··packages'.··tags000c3d30:·6469·7422·2069·6e20·616e·7369·626c·655f··dit"·in·ansible_
 000c3d40:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.
 000c3d50:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt
 000c3d60:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type·
 000c3d70:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker"
 000c3d80:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz
 000c3d90:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co
 000c3da0:·6e74·6169·6e65·7222·5d0a·2020·7461·6773··ntainer"].··tags
000c3db0:·3a0a·2020·2d20·4343·452d·3237·3333·392d··:.··-·CCE-27339-000c3db0:·3a0a·2020·2d20·4343·452d·3237·3333·392d··:.··-·CCE-27339-
000c3dc0:·310a·2020·2d20·434a·4953·2d35·2e34·2e31··1.··-·CJIS-5.4.1000c3dc0:·310a·2020·2d20·434a·4953·2d35·2e34·2e31··1.··-·CJIS-5.4.1
000c3dd0:·2e31·0a20·202d·2044·4953·412d·5354·4947··.1.··-·DISA-STIG000c3dd0:·2e31·0a20·202d·2044·4953·412d·5354·4947··.1.··-·DISA-STIG
000c3de0:·2d52·4845·4c2d·3037·2d30·3330·3431·300a··-RHEL-07-030410.000c3de0:·2d52·4845·4c2d·3037·2d30·3330·3431·300a··-RHEL-07-030410.
000c3df0:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-171000c3df0:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-171
000c3e00:·2d33·2e31·2e37·0a20·202d·204e·4953·542d··-3.1.7.··-·NIST-000c3e00:·2d33·2e31·2e37·0a20·202d·204e·4953·542d··-3.1.7.··-·NIST-
000c3e10:·3830·302d·3533·2d41·552d·3132·2863·290a··800-53-AU-12(c).000c3e10:·3830·302d·3533·2d41·552d·3132·2863·290a··800-53-AU-12(c).
Offset 50437, 23 lines modifiedOffset 50437, 23 lines modified
000c5040:·7065·726d·5f6d·6f64·0a20·2020·2020·2063··perm_mod.······c000c5040:·7065·726d·5f6d·6f64·0a20·2020·2020·2063··perm_mod.······c
000c5050:·7265·6174·653a·2074·7275·650a·2020·2020··reate:·true.····000c5050:·7265·6174·653a·2074·7275·650a·2020·2020··reate:·true.····
000c5060:·2020·6d6f·6465·3a20·6f2d·7277·780a·2020····mode:·o-rwx.··000c5060:·2020·6d6f·6465·3a20·6f2d·7277·780a·2020····mode:·o-rwx.··
000c5070:·2020·2020·7374·6174·653a·2070·7265·7365······state:·prese000c5070:·2020·2020·7374·6174·653a·2070·7265·7365······state:·prese
000c5080:·6e74·0a20·2020·2077·6865·6e3a·2073·7973··nt.····when:·sys000c5080:·6e74·0a20·2020·2077·6865·6e3a·2073·7973··nt.····when:·sys
000c5090:·6361·6c6c·735f·666f·756e·6420·7c20·6c65··calls_found·|·le000c5090:·6361·6c6c·735f·666f·756e·6420·7c20·6c65··calls_found·|·le
000c50a0:·6e67·7468·203d·3d20·300a·2020·7768·656e··ngth·==·0.··when000c50a0:·6e67·7468·203d·3d20·300a·2020·7768·656e··ngth·==·0.··when
000c50b0:·3a0a·2020·2d20·616e·7369·626c·655f·7669··:.··-·ansible_vi 
000c50c0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ 
000c50d0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke 
000c50e0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open 
000c50f0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·" 
000c5100:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-· 
000c5110:·2722·6175·6469·7422·2069·6e20·616e·7369··'"audit"·in·ansi 
000c5120:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag000c50b0:·3a0a·2020·2d20·2722·6175·6469·7422·2069··:.··-·'"audit"·i
 000c50c0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
 000c50d0:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an
 000c50e0:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
 000c50f0:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
 000c5100:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
 000c5110:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
 000c5120:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
000c5130:·6573·270a·2020·2d20·6175·6469·745f·6172··es'.··-·audit_ar000c5130:·7222·5d0a·2020·2d20·6175·6469·745f·6172··r"].··-·audit_ar
000c5140:·6368·203d·3d20·2262·3634·220a·2020·7461··ch·==·"b64".··ta000c5140:·6368·203d·3d20·2262·3634·220a·2020·7461··ch·==·"b64".··ta
000c5150:·6773·3a0a·2020·2d20·4343·452d·3237·3333··gs:.··-·CCE-2733000c5150:·6773·3a0a·2020·2d20·4343·452d·3237·3333··gs:.··-·CCE-2733
000c5160:·392d·310a·2020·2d20·434a·4953·2d35·2e34··9-1.··-·CJIS-5.4000c5160:·392d·310a·2020·2d20·434a·4953·2d35·2e34··9-1.··-·CJIS-5.4
000c5170:·2e31·2e31·0a20·202d·2044·4953·412d·5354··.1.1.··-·DISA-ST000c5170:·2e31·2e31·0a20·202d·2044·4953·412d·5354··.1.1.··-·DISA-ST
000c5180:·4947·2d52·4845·4c2d·3037·2d30·3330·3431··IG-RHEL-07-03041000c5180:·4947·2d52·4845·4c2d·3037·2d30·3330·3431··IG-RHEL-07-03041
000c5190:·300a·2020·2d20·4e49·5354·2d38·3030·2d31··0.··-·NIST-800-1000c5190:·300a·2020·2d20·4e49·5354·2d38·3030·2d31··0.··-·NIST-800-1
000c51a0:·3731·2d33·2e31·2e37·0a20·202d·204e·4953··71-3.1.7.··-·NIS000c51a0:·3731·2d33·2e31·2e37·0a20·202d·204e·4953··71-3.1.7.··-·NIS
Offset 50488, 20 lines modifiedOffset 50488, 20 lines modified
000c5370:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col000c5370:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col
000c5380:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·000c5380:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·
000c5390:·6964·3d22·6964·6d32·3535·3438·223e·3c70··id="idm25548"><p000c5390:·6964·3d22·6964·6d32·3535·3438·223e·3c70··id="idm25548"><p
000c53a0:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed000c53a0:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed
000c53b0:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic000c53b0:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic
000c53c0:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer000c53c0:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer
000c53d0:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i000c53d0:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i
 000c53e0:·6620·7270·6d20·2d2d·7175·6965·7420·2d71··f·rpm·--quiet·-q
 000c53f0:·2061·7564·6974·2026·616d·703b·2661·6d70···audit·&amp;&amp
000c53e0:·6620·5b20·2120·2d66·202f·2e64·6f63·6b65··f·[·!·-f·/.docke000c5400:·3b20·5b20·2120·2d66·202f·2e64·6f63·6b65··;·[·!·-f·/.docke
000c53f0:·7265·6e76·205d·2026·616d·703b·2661·6d70··renv·]·&amp;&amp000c5410:·7265·6e76·205d·2026·616d·703b·2661·6d70··renv·]·&amp;&amp
000c5400:·3b20·5b20·2120·2d66·202f·7275·6e2f·2e63··;·[·!·-f·/run/.c000c5420:·3b20·5b20·2120·2d66·202f·7275·6e2f·2e63··;·[·!·-f·/run/.c
000c5410:·6f6e·7461·696e·6572·656e·7620·5d20·2661··ontainerenv·]·&a000c5430:·6f6e·7461·696e·6572·656e·7620·5d3b·2074··ontainerenv·];·t
000c5420:·6d70·3b26·616d·703b·2072·706d·202d·2d71··mp;&amp;·rpm·--q 
000c5430:·7569·6574·202d·7120·6175·6469·743b·2074··uiet·-q·audit;·t 
000c5440:·6865·6e0a·0a23·2046·6972·7374·2070·6572··hen..#·First·per000c5440:·6865·6e0a·0a23·2046·6972·7374·2070·6572··hen..#·First·per
000c5450:·666f·726d·2074·6865·2072·656d·6564·6961··form·the·remedia000c5450:·666f·726d·2074·6865·2072·656d·6564·6961··form·the·remedia
000c5460:·7469·6f6e·206f·6620·7468·6520·7379·7363··tion·of·the·sysc000c5460:·7469·6f6e·206f·6620·7468·6520·7379·7363··tion·of·the·sysc
Max diff block lines reached; 407817/417400 bytes (97.70%) of diff not shown.
133 KB
html2text {}
    
Offset 41, 15 lines modifiedOffset 41, 15 lines modified
41 ····*·cpe:/o:redhat:enterprise_linux:7::client41 ····*·cpe:/o:redhat:enterprise_linux:7::client
42 ····*·cpe:/o:redhat:enterprise_linux:7::computenode42 ····*·cpe:/o:redhat:enterprise_linux:7::computenode
43 ····*·cpe:/o:redhat:enterprise_linux:7::server43 ····*·cpe:/o:redhat:enterprise_linux:7::server
44 ····*·cpe:/o:redhat:enterprise_linux:7::workstation44 ····*·cpe:/o:redhat:enterprise_linux:7::workstation
45 ····*·cpe:/o:redhat:enterprise_linux:745 ····*·cpe:/o:redhat:enterprise_linux:7
46 *****·Revision·History·*****46 *****·Revision·History·*****
47 Current·version:·0.1.6547 Current·version:·0.1.65
48 ····*·draft·(as·of·2024-01-14)48 ····*·draft·(as·of·2025-02-15)
49 *****·Table·of·Contents·*****49 *****·Table·of·Contents·*****
50 ···1.·System_Settings50 ···1.·System_Settings
51 ·········1.·Installing_and_Maintaining_Software51 ·········1.·Installing_and_Maintaining_Software
52 ·········2.·Account_and_Access_Control52 ·········2.·Account_and_Access_Control
53 ·········3.·System_Accounting_with_auditd53 ·········3.·System_Accounting_with_auditd
54 ·········4.·GRUB2_bootloader_configuration54 ·········4.·GRUB2_bootloader_configuration
55 ·········5.·Configure_Syslog55 ·········5.·Configure_Syslog
Offset 6404, 16 lines modifiedOffset 6404, 16 lines modified
6404 ··-·reboot_required6404 ··-·reboot_required
6405 ··-·restrict_strategy6405 ··-·restrict_strategy
  
6406 -·name:·Set·architecture·for·audit·chmod·tasks6406 -·name:·Set·architecture·for·audit·chmod·tasks
6407 ··set_fact:6407 ··set_fact:
6408 ····audit_arch:·b646408 ····audit_arch:·b64
6409 ··when:6409 ··when:
6410 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
6411 ··-·'"audit"·in·ansible_facts.packages'6410 ··-·'"audit"·in·ansible_facts.packages'
 6411 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6412 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture6412 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
6413 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"6413 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
6414 ··tags:6414 ··tags:
6415 ··-·CCE-27339-16415 ··-·CCE-27339-1
6416 ··-·CJIS-5.4.1.16416 ··-·CJIS-5.4.1.1
6417 ··-·DISA-STIG-RHEL-07-0304106417 ··-·DISA-STIG-RHEL-07-030410
6418 ··-·NIST-800-171-3.1.76418 ··-·NIST-800-171-3.1.7
Offset 6551, 16 lines modifiedOffset 6551, 16 lines modified
6551 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10006551 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
6552 ········-F·auid!=unset·-F·key=perm_mod6552 ········-F·auid!=unset·-F·key=perm_mod
6553 ······create:·true6553 ······create:·true
6554 ······mode:·o-rwx6554 ······mode:·o-rwx
6555 ······state:·present6555 ······state:·present
6556 ····when:·syscalls_found·|·length·==·06556 ····when:·syscalls_found·|·length·==·0
6557 ··when:6557 ··when:
6558 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
6559 ··-·'"audit"·in·ansible_facts.packages'6558 ··-·'"audit"·in·ansible_facts.packages'
 6559 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6560 ··tags:6560 ··tags:
6561 ··-·CCE-27339-16561 ··-·CCE-27339-1
6562 ··-·CJIS-5.4.1.16562 ··-·CJIS-5.4.1.1
6563 ··-·DISA-STIG-RHEL-07-0304106563 ··-·DISA-STIG-RHEL-07-030410
6564 ··-·NIST-800-171-3.1.76564 ··-·NIST-800-171-3.1.7
6565 ··-·NIST-800-53-AU-12(c)6565 ··-·NIST-800-53-AU-12(c)
6566 ··-·NIST-800-53-AU-2(d)6566 ··-·NIST-800-53-AU-2(d)
Offset 6696, 16 lines modifiedOffset 6696, 16 lines modified
6696 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10006696 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
6697 ········-F·auid!=unset·-F·key=perm_mod6697 ········-F·auid!=unset·-F·key=perm_mod
6698 ······create:·true6698 ······create:·true
6699 ······mode:·o-rwx6699 ······mode:·o-rwx
6700 ······state:·present6700 ······state:·present
6701 ····when:·syscalls_found·|·length·==·06701 ····when:·syscalls_found·|·length·==·0
6702 ··when:6702 ··when:
6703 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
6704 ··-·'"audit"·in·ansible_facts.packages'6703 ··-·'"audit"·in·ansible_facts.packages'
 6704 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6705 ··-·audit_arch·==·"b64"6705 ··-·audit_arch·==·"b64"
6706 ··tags:6706 ··tags:
6707 ··-·CCE-27339-16707 ··-·CCE-27339-1
6708 ··-·CJIS-5.4.1.16708 ··-·CJIS-5.4.1.1
6709 ··-·DISA-STIG-RHEL-07-0304106709 ··-·DISA-STIG-RHEL-07-030410
6710 ··-·NIST-800-171-3.1.76710 ··-·NIST-800-171-3.1.7
6711 ··-·NIST-800-53-AU-12(c)6711 ··-·NIST-800-53-AU-12(c)
Offset 6716, 15 lines modifiedOffset 6716, 15 lines modified
6716 ··-·low_complexity6716 ··-·low_complexity
6717 ··-·low_disruption6717 ··-·low_disruption
6718 ··-·medium_severity6718 ··-·medium_severity
6719 ··-·reboot_required6719 ··-·reboot_required
6720 ··-·restrict_strategy6720 ··-·restrict_strategy
6721 Remediation_Shell_script_⇲6721 Remediation_Shell_script_⇲
6722 #·Remediation·is·applicable·only·in·certain·platforms6722 #·Remediation·is·applicable·only·in·certain·platforms
6723 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then6723 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
6724 #·First·perform·the·remediation·of·the·syscall·rule6724 #·First·perform·the·remediation·of·the·syscall·rule
6725 #·Retrieve·hardware·architecture·of·the·underlying·system6725 #·Retrieve·hardware·architecture·of·the·underlying·system
6726 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")6726 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
6727 for·ARCH·in·"${RULE_ARCHS[@]}"6727 for·ARCH·in·"${RULE_ARCHS[@]}"
6728 do6728 do
Offset 7087, 16 lines modifiedOffset 7087, 16 lines modified
7087 ··-·reboot_required7087 ··-·reboot_required
7088 ··-·restrict_strategy7088 ··-·restrict_strategy
  
7089 -·name:·Set·architecture·for·audit·chown·tasks7089 -·name:·Set·architecture·for·audit·chown·tasks
7090 ··set_fact:7090 ··set_fact:
7091 ····audit_arch:·b647091 ····audit_arch:·b64
7092 ··when:7092 ··when:
7093 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
7094 ··-·'"audit"·in·ansible_facts.packages'7093 ··-·'"audit"·in·ansible_facts.packages'
 7094 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7095 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture7095 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
7096 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"7096 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
7097 ··tags:7097 ··tags:
7098 ··-·CCE-27364-97098 ··-·CCE-27364-9
7099 ··-·CJIS-5.4.1.17099 ··-·CJIS-5.4.1.1
7100 ··-·DISA-STIG-RHEL-07-0303707100 ··-·DISA-STIG-RHEL-07-030370
7101 ··-·NIST-800-171-3.1.77101 ··-·NIST-800-171-3.1.7
Offset 7236, 16 lines modifiedOffset 7236, 16 lines modified
7236 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10007236 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
7237 ········-F·auid!=unset·-F·key=perm_mod7237 ········-F·auid!=unset·-F·key=perm_mod
7238 ······create:·true7238 ······create:·true
7239 ······mode:·o-rwx7239 ······mode:·o-rwx
7240 ······state:·present7240 ······state:·present
7241 ····when:·syscalls_found·|·length·==·07241 ····when:·syscalls_found·|·length·==·0
7242 ··when:7242 ··when:
7243 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
7244 ··-·'"audit"·in·ansible_facts.packages'7243 ··-·'"audit"·in·ansible_facts.packages'
 7244 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7245 ··tags:7245 ··tags:
7246 ··-·CCE-27364-97246 ··-·CCE-27364-9
7247 ··-·CJIS-5.4.1.17247 ··-·CJIS-5.4.1.1
7248 ··-·DISA-STIG-RHEL-07-0303707248 ··-·DISA-STIG-RHEL-07-030370
7249 ··-·NIST-800-171-3.1.77249 ··-·NIST-800-171-3.1.7
7250 ··-·NIST-800-53-AU-12(c)7250 ··-·NIST-800-53-AU-12(c)
7251 ··-·NIST-800-53-AU-2(d)7251 ··-·NIST-800-53-AU-2(d)
Offset 7383, 16 lines modifiedOffset 7383, 16 lines modified
7383 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10007383 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
7384 ········-F·auid!=unset·-F·key=perm_mod7384 ········-F·auid!=unset·-F·key=perm_mod
7385 ······create:·true7385 ······create:·true
7386 ······mode:·o-rwx7386 ······mode:·o-rwx
7387 ······state:·present7387 ······state:·present
Max diff block lines reached; 131031/135769 bytes (96.51%) of diff not shown.
1.02 MB
./usr/share/doc/ssg-nondebian/ssg-rhel7-guide-rhelh-stig.html
    
Offset 14341, 15 lines modifiedOffset 14341, 15 lines modified
00038040:·7374·6f72·793c·2f68·323e·3c70·3e43·7572··story</h2><p>Cur00038040:·7374·6f72·793c·2f68·323e·3c70·3e43·7572··story</h2><p>Cur
00038050:·7265·6e74·2076·6572·7369·6f6e·3a20·3c73··rent·version:·<s00038050:·7265·6e74·2076·6572·7369·6f6e·3a20·3c73··rent·version:·<s
00038060:·7472·6f6e·673e·302e·312e·3635·3c2f·7374··trong>0.1.65</st00038060:·7472·6f6e·673e·302e·312e·3635·3c2f·7374··trong>0.1.65</st
00038070:·726f·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69··rong></p><ul><li00038070:·726f·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69··rong></p><ul><li
00038080:·3e3c·7374·726f·6e67·3e64·7261·6674·3c2f··><strong>draft</00038080:·3e3c·7374·726f·6e67·3e64·7261·6674·3c2f··><strong>draft</
00038090:·7374·726f·6e67·3e0a·2020·2020·2020·2020··strong>.········00038090:·7374·726f·6e67·3e0a·2020·2020·2020·2020··strong>.········
000380a0:·2020·2020·2020·2020·2020·2020·2861·7320··············(as·000380a0:·2020·2020·2020·2020·2020·2020·2861·7320··············(as·
000380b0:·6f66·2032·3032·342d·3031·2d31·3429·0a20··of·2024-01-14).·000380b0:·6f66·2032·3032·352d·3032·2d31·3529·0a20··of·2025-02-15).·
000380c0:·2020·2020·2020·2020·2020·2020·2020·203c·················<000380c0:·2020·2020·2020·2020·2020·2020·2020·203c·················<
000380d0:·2f6c·693e·3c2f·756c·3e3c·2f64·6976·3e3c··/li></ul></div><000380d0:·2f6c·693e·3c2f·756c·3e3c·2f64·6976·3e3c··/li></ul></div><
000380e0:·6832·3e54·6162·6c65·206f·6620·436f·6e74··h2>Table·of·Cont000380e0:·6832·3e54·6162·6c65·206f·6620·436f·6e74··h2>Table·of·Cont
000380f0:·656e·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69··ents</h2><ol><li000380f0:·656e·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69··ents</h2><ol><li
00038100:·3e3c·6120·6872·6566·3d22·2378·6363·6466··><a·href="#xccdf00038100:·3e3c·6120·6872·6566·3d22·2378·6363·6466··><a·href="#xccdf
00038110:·5f6f·7267·2e73·7367·7072·6f6a·6563·742e··_org.ssgproject.00038110:·5f6f·7267·2e73·7367·7072·6f6a·6563·742e··_org.ssgproject.
00038120:·636f·6e74·656e·745f·6772·6f75·705f·7379··content_group_sy00038120:·636f·6e74·656e·745f·6772·6f75·705f·7379··content_group_sy
Offset 87201, 23 lines modifiedOffset 87201, 23 lines modified
00154a00:·745f·7265·7175·6972·6564·0a20·202d·2072··t_required.··-·r00154a00:·745f·7265·7175·6972·6564·0a20·202d·2072··t_required.··-·r
00154a10:·6573·7472·6963·745f·7374·7261·7465·6779··estrict_strategy00154a10:·6573·7472·6963·745f·7374·7261·7465·6779··estrict_strategy
00154a20:·0a0a·2d20·6e61·6d65·3a20·5365·7420·6172··..-·name:·Set·ar00154a20:·0a0a·2d20·6e61·6d65·3a20·5365·7420·6172··..-·name:·Set·ar
00154a30:·6368·6974·6563·7475·7265·2066·6f72·2061··chitecture·for·a00154a30:·6368·6974·6563·7475·7265·2066·6f72·2061··chitecture·for·a
00154a40:·7564·6974·2063·686d·6f64·2074·6173·6b73··udit·chmod·tasks00154a40:·7564·6974·2063·686d·6f64·2074·6173·6b73··udit·chmod·tasks
00154a50:·0a20·2073·6574·5f66·6163·743a·0a20·2020··.··set_fact:.···00154a50:·0a20·2073·6574·5f66·6163·743a·0a20·2020··.··set_fact:.···
00154a60:·2061·7564·6974·5f61·7263·683a·2062·3634···audit_arch:·b6400154a60:·2061·7564·6974·5f61·7263·683a·2062·3634···audit_arch:·b64
00154a70:·0a20·2077·6865·6e3a·0a20·202d·2061·6e73··.··when:.··-·ans00154a70:·0a20·2077·6865·6e3a·0a20·202d·2027·2261··.··when:.··-·'"a
00154a80:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat 
00154a90:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in· 
00154aa0:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc" 
00154ab0:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod 
00154ac0:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container 
00154ad0:·225d·0a20·202d·2027·2261·7564·6974·2220··"].··-·'"audit"· 
00154ae0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
00154af0:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a00154a80:·7564·6974·2220·696e·2061·6e73·6962·6c65··udit"·in·ansible
 00154a90:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 00154aa0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
 00154ab0:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
 00154ac0:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
 00154ad0:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
 00154ae0:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
 00154af0:·6f6e·7461·696e·6572·225d·0a20·202d·2061··ontainer"].··-·a
00154b00:·6e73·6962·6c65·5f61·7263·6869·7465·6374··nsible_architect00154b00:·6e73·6962·6c65·5f61·7263·6869·7465·6374··nsible_architect
00154b10:·7572·6520·3d3d·2022·6161·7263·6836·3422··ure·==·"aarch64"00154b10:·7572·6520·3d3d·2022·6161·7263·6836·3422··ure·==·"aarch64"
00154b20:·206f·7220·616e·7369·626c·655f·6172·6368···or·ansible_arch00154b20:·206f·7220·616e·7369·626c·655f·6172·6368···or·ansible_arch
00154b30:·6974·6563·7475·7265·203d·3d20·2270·7063··itecture·==·"ppc00154b30:·6974·6563·7475·7265·203d·3d20·2270·7063··itecture·==·"ppc
00154b40:·3634·2220·6f72·2061·6e73·6962·6c65·5f61··64"·or·ansible_a00154b40:·3634·2220·6f72·2061·6e73·6962·6c65·5f61··64"·or·ansible_a
00154b50:·7263·6869·7465·6374·7572·650a·2020·2020··rchitecture.····00154b50:·7263·6869·7465·6374·7572·650a·2020·2020··rchitecture.····
00154b60:·3d3d·2022·7070·6336·346c·6522·206f·7220··==·"ppc64le"·or·00154b60:·3d3d·2022·7070·6336·346c·6522·206f·7220··==·"ppc64le"·or·
Offset 87526, 22 lines modifiedOffset 87526, 22 lines modified
00155e50:·6f64·0a20·2020·2020·2063·7265·6174·653a··od.······create:00155e50:·6f64·0a20·2020·2020·2063·7265·6174·653a··od.······create:
00155e60:·2074·7275·650a·2020·2020·2020·6d6f·6465···true.······mode00155e60:·2074·7275·650a·2020·2020·2020·6d6f·6465···true.······mode
00155e70:·3a20·6f2d·7277·780a·2020·2020·2020·7374··:·o-rwx.······st00155e70:·3a20·6f2d·7277·780a·2020·2020·2020·7374··:·o-rwx.······st
00155e80:·6174·653a·2070·7265·7365·6e74·0a20·2020··ate:·present.···00155e80:·6174·653a·2070·7265·7365·6e74·0a20·2020··ate:·present.···
00155e90:·2077·6865·6e3a·2073·7973·6361·6c6c·735f···when:·syscalls_00155e90:·2077·6865·6e3a·2073·7973·6361·6c6c·735f···when:·syscalls_
00155ea0:·666f·756e·6420·7c20·6c65·6e67·7468·203d··found·|·length·=00155ea0:·666f·756e·6420·7c20·6c65·6e67·7468·203d··found·|·length·=
00155eb0:·3d20·300a·2020·7768·656e·3a0a·2020·2d20··=·0.··when:.··-·00155eb0:·3d20·300a·2020·7768·656e·3a0a·2020·2d20··=·0.··when:.··-·
00155ec0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali 
00155ed0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not· 
00155ee0:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l 
00155ef0:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·" 
00155f00:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai 
00155f10:·6e65·7222·5d0a·2020·2d20·2722·6175·6469··ner"].··-·'"audi 
00155f20:·7422·2069·6e20·616e·7369·626c·655f·6661··t"·in·ansible_fa 
00155f30:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··00155ec0:·2722·6175·6469·7422·2069·6e20·616e·7369··'"audit"·in·ansi
 00155ed0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
 00155ee0:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_
 00155ef0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
 00155f00:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
 00155f10:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
 00155f20:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
 00155f30:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
00155f40:·7461·6773·3a0a·2020·2d20·4343·452d·3237··tags:.··-·CCE-2700155f40:·7461·6773·3a0a·2020·2d20·4343·452d·3237··tags:.··-·CCE-27
00155f50:·3333·392d·310a·2020·2d20·434a·4953·2d35··339-1.··-·CJIS-500155f50:·3333·392d·310a·2020·2d20·434a·4953·2d35··339-1.··-·CJIS-5
00155f60:·2e34·2e31·2e31·0a20·202d·2044·4953·412d··.4.1.1.··-·DISA-00155f60:·2e34·2e31·2e31·0a20·202d·2044·4953·412d··.4.1.1.··-·DISA-
00155f70:·5354·4947·2d52·4845·4c2d·3037·2d30·3330··STIG-RHEL-07-03000155f70:·5354·4947·2d52·4845·4c2d·3037·2d30·3330··STIG-RHEL-07-030
00155f80:·3431·300a·2020·2d20·4e49·5354·2d38·3030··410.··-·NIST-80000155f80:·3431·300a·2020·2d20·4e49·5354·2d38·3030··410.··-·NIST-800
00155f90:·2d31·3731·2d33·2e31·2e37·0a20·202d·204e··-171-3.1.7.··-·N00155f90:·2d31·3731·2d33·2e31·2e37·0a20·202d·204e··-171-3.1.7.··-·N
00155fa0:·4953·542d·3830·302d·3533·2d41·552d·3132··IST-800-53-AU-1200155fa0:·4953·542d·3830·302d·3533·2d41·552d·3132··IST-800-53-AU-12
Offset 87838, 23 lines modifiedOffset 87838, 23 lines modified
001571d0:·6b65·793d·7065·726d·5f6d·6f64·0a20·2020··key=perm_mod.···001571d0:·6b65·793d·7065·726d·5f6d·6f64·0a20·2020··key=perm_mod.···
001571e0:·2020·2063·7265·6174·653a·2074·7275·650a·····create:·true.001571e0:·2020·2063·7265·6174·653a·2074·7275·650a·····create:·true.
001571f0:·2020·2020·2020·6d6f·6465·3a20·6f2d·7277········mode:·o-rw001571f0:·2020·2020·2020·6d6f·6465·3a20·6f2d·7277········mode:·o-rw
00157200:·780a·2020·2020·2020·7374·6174·653a·2070··x.······state:·p00157200:·780a·2020·2020·2020·7374·6174·653a·2070··x.······state:·p
00157210:·7265·7365·6e74·0a20·2020·2077·6865·6e3a··resent.····when:00157210:·7265·7365·6e74·0a20·2020·2077·6865·6e3a··resent.····when:
00157220:·2073·7973·6361·6c6c·735f·666f·756e·6420···syscalls_found·00157220:·2073·7973·6361·6c6c·735f·666f·756e·6420···syscalls_found·
00157230:·7c20·6c65·6e67·7468·203d·3d20·300a·2020··|·length·==·0.··00157230:·7c20·6c65·6e67·7468·203d·3d20·300a·2020··|·length·==·0.··
00157240:·7768·656e·3a0a·2020·2d20·616e·7369·626c··when:.··-·ansibl00157240:·7768·656e·3a0a·2020·2d20·2722·6175·6469··when:.··-·'"audi
00157250:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization 
00157260:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d 
00157270:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·" 
00157280:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman 
00157290:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"]. 
001572a0:·2020·2d20·2722·6175·6469·7422·2069·6e20····-·'"audit"·in· 
001572b0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa00157250:·7422·2069·6e20·616e·7369·626c·655f·6661··t"·in·ansible_fa
 00157260:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
 00157270:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
 00157280:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
 00157290:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
 001572a0:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
 001572b0:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
001572c0:·636b·6167·6573·270a·2020·2d20·6175·6469··ckages'.··-·audi001572c0:·6169·6e65·7222·5d0a·2020·2d20·6175·6469··ainer"].··-·audi
001572d0:·745f·6172·6368·203d·3d20·2262·3634·220a··t_arch·==·"b64".001572d0:·745f·6172·6368·203d·3d20·2262·3634·220a··t_arch·==·"b64".
001572e0:·2020·7461·6773·3a0a·2020·2d20·4343·452d····tags:.··-·CCE-001572e0:·2020·7461·6773·3a0a·2020·2d20·4343·452d····tags:.··-·CCE-
001572f0:·3237·3333·392d·310a·2020·2d20·434a·4953··27339-1.··-·CJIS001572f0:·3237·3333·392d·310a·2020·2d20·434a·4953··27339-1.··-·CJIS
00157300:·2d35·2e34·2e31·2e31·0a20·202d·2044·4953··-5.4.1.1.··-·DIS00157300:·2d35·2e34·2e31·2e31·0a20·202d·2044·4953··-5.4.1.1.··-·DIS
00157310:·412d·5354·4947·2d52·4845·4c2d·3037·2d30··A-STIG-RHEL-07-000157310:·412d·5354·4947·2d52·4845·4c2d·3037·2d30··A-STIG-RHEL-07-0
00157320:·3330·3431·300a·2020·2d20·4e49·5354·2d38··30410.··-·NIST-800157320:·3330·3431·300a·2020·2d20·4e49·5354·2d38··30410.··-·NIST-8
00157330:·3030·2d31·3731·2d33·2e31·2e37·0a20·202d··00-171-3.1.7.··-00157330:·3030·2d31·3731·2d33·2e31·2e37·0a20·202d··00-171-3.1.7.··-
Offset 87889, 21 lines modifiedOffset 87889, 21 lines modified
00157500:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel00157500:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel
00157510:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap00157510:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap
00157520:·7365·2220·6964·3d22·6964·6d32·3535·3438··se"·id="idm2554800157520:·7365·2220·6964·3d22·6964·6d32·3535·3438··se"·id="idm25548
00157530:·223e·3c70·7265·3e3c·636f·6465·3e23·2052··"><pre><code>#·R00157530:·223e·3c70·7265·3e3c·636f·6465·3e23·2052··"><pre><code>#·R
00157540:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap00157540:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap
00157550:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in00157550:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in
00157560:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor00157560:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor
 00157570:·6d73·0a69·6620·7270·6d20·2d2d·7175·6965··ms.if·rpm·--quie
 00157580:·7420·2d71·2061·7564·6974·2026·616d·703b··t·-q·audit·&amp;
00157570:·6d73·0a69·6620·5b20·2120·2d66·202f·2e64··ms.if·[·!·-f·/.d00157590:·2661·6d70·3b20·5b20·2120·2d66·202f·2e64··&amp;·[·!·-f·/.d
00157580:·6f63·6b65·7265·6e76·205d·2026·616d·703b··ockerenv·]·&amp;001575a0:·6f63·6b65·7265·6e76·205d·2026·616d·703b··ockerenv·]·&amp;
00157590:·2661·6d70·3b20·5b20·2120·2d66·202f·7275··&amp;·[·!·-f·/ru001575b0:·2661·6d70·3b20·5b20·2120·2d66·202f·7275··&amp;·[·!·-f·/ru
001575a0:·6e2f·2e63·6f6e·7461·696e·6572·656e·7620··n/.containerenv·001575c0:·6e2f·2e63·6f6e·7461·696e·6572·656e·7620··n/.containerenv·
001575b0:·5d20·2661·6d70·3b26·616d·703b·2072·706d··]·&amp;&amp;·rpm 
001575c0:·202d·2d71·7569·6574·202d·7120·6175·6469···--quiet·-q·audi 
001575d0:·743b·2074·6865·6e0a·0a23·2046·6972·7374··t;·then..#·First001575d0:·5d3b·2074·6865·6e0a·0a23·2046·6972·7374··];·then..#·First
001575e0:·2070·6572·666f·726d·2074·6865·2072·656d···perform·the·rem001575e0:·2070·6572·666f·726d·2074·6865·2072·656d···perform·the·rem
001575f0:·6564·6961·7469·6f6e·206f·6620·7468·6520··ediation·of·the·001575f0:·6564·6961·7469·6f6e·206f·6620·7468·6520··ediation·of·the·
00157600:·7379·7363·616c·6c20·7275·6c65·0a23·2052··syscall·rule.#·R00157600:·7379·7363·616c·6c20·7275·6c65·0a23·2052··syscall·rule.#·R
00157610:·6574·7269·6576·6520·6861·7264·7761·7265··etrieve·hardware00157610:·6574·7269·6576·6520·6861·7264·7761·7265··etrieve·hardware
Max diff block lines reached; 803332/812846 bytes (98.83%) of diff not shown.
246 KB
html2text {}
    
Offset 42, 15 lines modifiedOffset 42, 15 lines modified
42 ····*·cpe:/o:redhat:enterprise_linux:7::client42 ····*·cpe:/o:redhat:enterprise_linux:7::client
43 ····*·cpe:/o:redhat:enterprise_linux:7::computenode43 ····*·cpe:/o:redhat:enterprise_linux:7::computenode
44 ····*·cpe:/o:redhat:enterprise_linux:7::server44 ····*·cpe:/o:redhat:enterprise_linux:7::server
45 ····*·cpe:/o:redhat:enterprise_linux:7::workstation45 ····*·cpe:/o:redhat:enterprise_linux:7::workstation
46 ····*·cpe:/o:redhat:enterprise_linux:746 ····*·cpe:/o:redhat:enterprise_linux:7
47 *****·Revision·History·*****47 *****·Revision·History·*****
48 Current·version:·0.1.6548 Current·version:·0.1.65
49 ····*·draft·(as·of·2024-01-14)49 ····*·draft·(as·of·2025-02-15)
50 *****·Table·of·Contents·*****50 *****·Table·of·Contents·*****
51 ···1.·System_Settings51 ···1.·System_Settings
52 ·········1.·Installing_and_Maintaining_Software52 ·········1.·Installing_and_Maintaining_Software
53 ·········2.·Account_and_Access_Control53 ·········2.·Account_and_Access_Control
54 ·········3.·System_Accounting_with_auditd54 ·········3.·System_Accounting_with_auditd
55 ·········4.·GRUB2_bootloader_configuration55 ·········4.·GRUB2_bootloader_configuration
56 ·········5.·Configure_Syslog56 ·········5.·Configure_Syslog
Offset 12049, 16 lines modifiedOffset 12049, 16 lines modified
12049 ··-·reboot_required12049 ··-·reboot_required
12050 ··-·restrict_strategy12050 ··-·restrict_strategy
  
12051 -·name:·Set·architecture·for·audit·chmod·tasks12051 -·name:·Set·architecture·for·audit·chmod·tasks
12052 ··set_fact:12052 ··set_fact:
12053 ····audit_arch:·b6412053 ····audit_arch:·b64
12054 ··when:12054 ··when:
12055 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
12056 ··-·'"audit"·in·ansible_facts.packages'12055 ··-·'"audit"·in·ansible_facts.packages'
 12056 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
12057 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture12057 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
12058 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"12058 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
12059 ··tags:12059 ··tags:
12060 ··-·CCE-27339-112060 ··-·CCE-27339-1
12061 ··-·CJIS-5.4.1.112061 ··-·CJIS-5.4.1.1
12062 ··-·DISA-STIG-RHEL-07-03041012062 ··-·DISA-STIG-RHEL-07-030410
12063 ··-·NIST-800-171-3.1.712063 ··-·NIST-800-171-3.1.7
Offset 12196, 16 lines modifiedOffset 12196, 16 lines modified
12196 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100012196 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
12197 ········-F·auid!=unset·-F·key=perm_mod12197 ········-F·auid!=unset·-F·key=perm_mod
12198 ······create:·true12198 ······create:·true
12199 ······mode:·o-rwx12199 ······mode:·o-rwx
12200 ······state:·present12200 ······state:·present
12201 ····when:·syscalls_found·|·length·==·012201 ····when:·syscalls_found·|·length·==·0
12202 ··when:12202 ··when:
12203 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
12204 ··-·'"audit"·in·ansible_facts.packages'12203 ··-·'"audit"·in·ansible_facts.packages'
 12204 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
12205 ··tags:12205 ··tags:
12206 ··-·CCE-27339-112206 ··-·CCE-27339-1
12207 ··-·CJIS-5.4.1.112207 ··-·CJIS-5.4.1.1
12208 ··-·DISA-STIG-RHEL-07-03041012208 ··-·DISA-STIG-RHEL-07-030410
12209 ··-·NIST-800-171-3.1.712209 ··-·NIST-800-171-3.1.7
12210 ··-·NIST-800-53-AU-12(c)12210 ··-·NIST-800-53-AU-12(c)
12211 ··-·NIST-800-53-AU-2(d)12211 ··-·NIST-800-53-AU-2(d)
Offset 12341, 16 lines modifiedOffset 12341, 16 lines modified
12341 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100012341 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
12342 ········-F·auid!=unset·-F·key=perm_mod12342 ········-F·auid!=unset·-F·key=perm_mod
12343 ······create:·true12343 ······create:·true
12344 ······mode:·o-rwx12344 ······mode:·o-rwx
12345 ······state:·present12345 ······state:·present
12346 ····when:·syscalls_found·|·length·==·012346 ····when:·syscalls_found·|·length·==·0
12347 ··when:12347 ··when:
12348 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
12349 ··-·'"audit"·in·ansible_facts.packages'12348 ··-·'"audit"·in·ansible_facts.packages'
 12349 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
12350 ··-·audit_arch·==·"b64"12350 ··-·audit_arch·==·"b64"
12351 ··tags:12351 ··tags:
12352 ··-·CCE-27339-112352 ··-·CCE-27339-1
12353 ··-·CJIS-5.4.1.112353 ··-·CJIS-5.4.1.1
12354 ··-·DISA-STIG-RHEL-07-03041012354 ··-·DISA-STIG-RHEL-07-030410
12355 ··-·NIST-800-171-3.1.712355 ··-·NIST-800-171-3.1.7
12356 ··-·NIST-800-53-AU-12(c)12356 ··-·NIST-800-53-AU-12(c)
Offset 12361, 15 lines modifiedOffset 12361, 15 lines modified
12361 ··-·low_complexity12361 ··-·low_complexity
12362 ··-·low_disruption12362 ··-·low_disruption
12363 ··-·medium_severity12363 ··-·medium_severity
12364 ··-·reboot_required12364 ··-·reboot_required
12365 ··-·restrict_strategy12365 ··-·restrict_strategy
12366 Remediation_Shell_script_⇲12366 Remediation_Shell_script_⇲
12367 #·Remediation·is·applicable·only·in·certain·platforms12367 #·Remediation·is·applicable·only·in·certain·platforms
12368 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then12368 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
12369 #·First·perform·the·remediation·of·the·syscall·rule12369 #·First·perform·the·remediation·of·the·syscall·rule
12370 #·Retrieve·hardware·architecture·of·the·underlying·system12370 #·Retrieve·hardware·architecture·of·the·underlying·system
12371 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")12371 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
12372 for·ARCH·in·"${RULE_ARCHS[@]}"12372 for·ARCH·in·"${RULE_ARCHS[@]}"
12373 do12373 do
Offset 12732, 16 lines modifiedOffset 12732, 16 lines modified
12732 ··-·reboot_required12732 ··-·reboot_required
12733 ··-·restrict_strategy12733 ··-·restrict_strategy
  
12734 -·name:·Set·architecture·for·audit·chown·tasks12734 -·name:·Set·architecture·for·audit·chown·tasks
12735 ··set_fact:12735 ··set_fact:
12736 ····audit_arch:·b6412736 ····audit_arch:·b64
12737 ··when:12737 ··when:
12738 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
12739 ··-·'"audit"·in·ansible_facts.packages'12738 ··-·'"audit"·in·ansible_facts.packages'
 12739 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
12740 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture12740 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
12741 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"12741 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
12742 ··tags:12742 ··tags:
12743 ··-·CCE-27364-912743 ··-·CCE-27364-9
12744 ··-·CJIS-5.4.1.112744 ··-·CJIS-5.4.1.1
12745 ··-·DISA-STIG-RHEL-07-03037012745 ··-·DISA-STIG-RHEL-07-030370
12746 ··-·NIST-800-171-3.1.712746 ··-·NIST-800-171-3.1.7
Offset 12881, 16 lines modifiedOffset 12881, 16 lines modified
12881 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100012881 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
12882 ········-F·auid!=unset·-F·key=perm_mod12882 ········-F·auid!=unset·-F·key=perm_mod
12883 ······create:·true12883 ······create:·true
12884 ······mode:·o-rwx12884 ······mode:·o-rwx
12885 ······state:·present12885 ······state:·present
12886 ····when:·syscalls_found·|·length·==·012886 ····when:·syscalls_found·|·length·==·0
12887 ··when:12887 ··when:
12888 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
12889 ··-·'"audit"·in·ansible_facts.packages'12888 ··-·'"audit"·in·ansible_facts.packages'
 12889 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
12890 ··tags:12890 ··tags:
12891 ··-·CCE-27364-912891 ··-·CCE-27364-9
12892 ··-·CJIS-5.4.1.112892 ··-·CJIS-5.4.1.1
12893 ··-·DISA-STIG-RHEL-07-03037012893 ··-·DISA-STIG-RHEL-07-030370
12894 ··-·NIST-800-171-3.1.712894 ··-·NIST-800-171-3.1.7
12895 ··-·NIST-800-53-AU-12(c)12895 ··-·NIST-800-53-AU-12(c)
12896 ··-·NIST-800-53-AU-2(d)12896 ··-·NIST-800-53-AU-2(d)
Offset 13028, 16 lines modifiedOffset 13028, 16 lines modified
13028 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100013028 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
13029 ········-F·auid!=unset·-F·key=perm_mod13029 ········-F·auid!=unset·-F·key=perm_mod
13030 ······create:·true13030 ······create:·true
13031 ······mode:·o-rwx13031 ······mode:·o-rwx
13032 ······state:·present13032 ······state:·present
Max diff block lines reached; 247464/252216 bytes (98.12%) of diff not shown.
697 KB
./usr/share/doc/ssg-nondebian/ssg-rhel7-guide-rhelh-vpp.html
    
Offset 14420, 15 lines modifiedOffset 14420, 15 lines modified
00038530:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>00038530:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>
00038540:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:00038540:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:
00038550:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<00038550:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<
00038560:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>00038560:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>
00038570:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf00038570:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf
00038580:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····00038580:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····
00038590:·2020·2020·2020·2020·2020·2020·2020·2028·················(00038590:·2020·2020·2020·2020·2020·2020·2020·2028·················(
000385a0:·6173·206f·6620·3230·3234·2d30·312d·3134··as·of·2024-01-14000385a0:·6173·206f·6620·3230·3235·2d30·322d·3135··as·of·2025-02-15
000385b0:·290a·2020·2020·2020·2020·2020·2020·2020··).··············000385b0:·290a·2020·2020·2020·2020·2020·2020·2020··).··············
000385c0:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di000385c0:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di
000385d0:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C000385d0:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C
000385e0:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>000385e0:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>
000385f0:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc000385f0:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc
00038600:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje00038600:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje
00038610:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group00038610:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group
Offset 60798, 23 lines modifiedOffset 60798, 23 lines modified
000ed7d0:·6564·0a20·202d·2072·6573·7472·6963·745f··ed.··-·restrict_000ed7d0:·6564·0a20·202d·2072·6573·7472·6963·745f··ed.··-·restrict_
000ed7e0:·7374·7261·7465·6779·0a0a·2d20·6e61·6d65··strategy..-·name000ed7e0:·7374·7261·7465·6779·0a0a·2d20·6e61·6d65··strategy..-·name
000ed7f0:·3a20·5365·7420·6172·6368·6974·6563·7475··:·Set·architectu000ed7f0:·3a20·5365·7420·6172·6368·6974·6563·7475··:·Set·architectu
000ed800:·7265·2066·6f72·2061·7564·6974·2063·686d··re·for·audit·chm000ed800:·7265·2066·6f72·2061·7564·6974·2063·686d··re·for·audit·chm
000ed810:·6f64·2074·6173·6b73·0a20·2073·6574·5f66··od·tasks.··set_f000ed810:·6f64·2074·6173·6b73·0a20·2073·6574·5f66··od·tasks.··set_f
000ed820:·6163·743a·0a20·2020·2061·7564·6974·5f61··act:.····audit_a000ed820:·6163·743a·0a20·2020·2061·7564·6974·5f61··act:.····audit_a
000ed830:·7263·683a·2062·3634·0a20·2077·6865·6e3a··rch:·b64.··when:000ed830:·7263·683a·2062·3634·0a20·2077·6865·6e3a··rch:·b64.··when:
000ed840:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir 
000ed850:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type 
000ed860:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker 
000ed870:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv 
000ed880:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c 
000ed890:·6f6e·7461·696e·6572·225d·0a20·202d·2027··ontainer"].··-·' 
000ed8a0:·2261·7564·6974·2220·696e·2061·6e73·6962··"audit"·in·ansib 
000ed8b0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package000ed840:·0a20·202d·2027·2261·7564·6974·2220·696e··.··-·'"audit"·in
 000ed850:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p
 000ed860:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans
 000ed870:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
 000ed880:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
 000ed890:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
 000ed8a0:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
 000ed8b0:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
000ed8c0:·7327·0a20·202d·2061·6e73·6962·6c65·5f61··s'.··-·ansible_a000ed8c0:·225d·0a20·202d·2061·6e73·6962·6c65·5f61··"].··-·ansible_a
000ed8d0:·7263·6869·7465·6374·7572·6520·3d3d·2022··rchitecture·==·"000ed8d0:·7263·6869·7465·6374·7572·6520·3d3d·2022··rchitecture·==·"
000ed8e0:·6161·7263·6836·3422·206f·7220·616e·7369··aarch64"·or·ansi000ed8e0:·6161·7263·6836·3422·206f·7220·616e·7369··aarch64"·or·ansi
000ed8f0:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture000ed8f0:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture
000ed900:·203d·3d20·2270·7063·3634·2220·6f72·2061···==·"ppc64"·or·a000ed900:·203d·3d20·2270·7063·3634·2220·6f72·2061···==·"ppc64"·or·a
000ed910:·6e73·6962·6c65·5f61·7263·6869·7465·6374··nsible_architect000ed910:·6e73·6962·6c65·5f61·7263·6869·7465·6374··nsible_architect
000ed920:·7572·650a·2020·2020·3d3d·2022·7070·6336··ure.····==·"ppc6000ed920:·7572·650a·2020·2020·3d3d·2022·7070·6336··ure.····==·"ppc6
000ed930:·346c·6522·206f·7220·616e·7369·626c·655f··4le"·or·ansible_000ed930:·346c·6522·206f·7220·616e·7369·626c·655f··4le"·or·ansible_
Offset 61122, 23 lines modifiedOffset 61122, 23 lines modified
000eec10:·793d·7065·726d·5f6d·6f64·0a20·2020·2020··y=perm_mod.·····000eec10:·793d·7065·726d·5f6d·6f64·0a20·2020·2020··y=perm_mod.·····
000eec20:·2063·7265·6174·653a·2074·7275·650a·2020···create:·true.··000eec20:·2063·7265·6174·653a·2074·7275·650a·2020···create:·true.··
000eec30:·2020·2020·6d6f·6465·3a20·6f2d·7277·780a······mode:·o-rwx.000eec30:·2020·2020·6d6f·6465·3a20·6f2d·7277·780a······mode:·o-rwx.
000eec40:·2020·2020·2020·7374·6174·653a·2070·7265········state:·pre000eec40:·2020·2020·2020·7374·6174·653a·2070·7265········state:·pre
000eec50:·7365·6e74·0a20·2020·2077·6865·6e3a·2073··sent.····when:·s000eec50:·7365·6e74·0a20·2020·2077·6865·6e3a·2073··sent.····when:·s
000eec60:·7973·6361·6c6c·735f·666f·756e·6420·7c20··yscalls_found·|·000eec60:·7973·6361·6c6c·735f·666f·756e·6420·7c20··yscalls_found·|·
000eec70:·6c65·6e67·7468·203d·3d20·300a·2020·7768··length·==·0.··wh000eec70:·6c65·6e67·7468·203d·3d20·300a·2020·7768··length·==·0.··wh
000eec80:·656e·3a0a·2020·2d20·616e·7369·626c·655f··en:.··-·ansible_ 
000eec90:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t 
000eeca0:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc 
000eecb0:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op 
000eecc0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman", 
000eecd0:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].·· 
000eece0:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an 
000eecf0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack000eec80:·656e·3a0a·2020·2d20·2722·6175·6469·7422··en:.··-·'"audit"
 000eec90:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 000eeca0:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·
 000eecb0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
 000eecc0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
 000eecd0:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
 000eece0:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
 000eecf0:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
000eed00:·6167·6573·270a·2020·7461·6773·3a0a·2020··ages'.··tags:.··000eed00:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··
000eed10:·2d20·4343·452d·3237·3333·392d·310a·2020··-·CCE-27339-1.··000eed10:·2d20·4343·452d·3237·3333·392d·310a·2020··-·CCE-27339-1.··
000eed20:·2d20·434a·4953·2d35·2e34·2e31·2e31·0a20··-·CJIS-5.4.1.1.·000eed20:·2d20·434a·4953·2d35·2e34·2e31·2e31·0a20··-·CJIS-5.4.1.1.·
000eed30:·202d·2044·4953·412d·5354·4947·2d52·4845···-·DISA-STIG-RHE000eed30:·202d·2044·4953·412d·5354·4947·2d52·4845···-·DISA-STIG-RHE
000eed40:·4c2d·3037·2d30·3330·3431·300a·2020·2d20··L-07-030410.··-·000eed40:·4c2d·3037·2d30·3330·3431·300a·2020·2d20··L-07-030410.··-·
000eed50:·4e49·5354·2d38·3030·2d31·3731·2d33·2e31··NIST-800-171-3.1000eed50:·4e49·5354·2d38·3030·2d31·3731·2d33·2e31··NIST-800-171-3.1
000eed60:·2e37·0a20·202d·204e·4953·542d·3830·302d··.7.··-·NIST-800-000eed60:·2e37·0a20·202d·204e·4953·542d·3830·302d··.7.··-·NIST-800-
000eed70:·3533·2d41·552d·3132·2863·290a·2020·2d20··53-AU-12(c).··-·000eed70:·3533·2d41·552d·3132·2863·290a·2020·2d20··53-AU-12(c).··-·
Offset 61435, 22 lines modifiedOffset 61435, 22 lines modified
000effa0:·5f6d·6f64·0a20·2020·2020·2063·7265·6174··_mod.······creat000effa0:·5f6d·6f64·0a20·2020·2020·2063·7265·6174··_mod.······creat
000effb0:·653a·2074·7275·650a·2020·2020·2020·6d6f··e:·true.······mo000effb0:·653a·2074·7275·650a·2020·2020·2020·6d6f··e:·true.······mo
000effc0:·6465·3a20·6f2d·7277·780a·2020·2020·2020··de:·o-rwx.······000effc0:·6465·3a20·6f2d·7277·780a·2020·2020·2020··de:·o-rwx.······
000effd0:·7374·6174·653a·2070·7265·7365·6e74·0a20··state:·present.·000effd0:·7374·6174·653a·2070·7265·7365·6e74·0a20··state:·present.·
000effe0:·2020·2077·6865·6e3a·2073·7973·6361·6c6c·····when:·syscall000effe0:·2020·2077·6865·6e3a·2073·7973·6361·6c6c·····when:·syscall
000efff0:·735f·666f·756e·6420·7c20·6c65·6e67·7468··s_found·|·length000efff0:·735f·666f·756e·6420·7c20·6c65·6e67·7468··s_found·|·length
000f0000:·203d·3d20·300a·2020·7768·656e·3a0a·2020···==·0.··when:.··000f0000:·203d·3d20·300a·2020·7768·656e·3a0a·2020···==·0.··when:.··
000f0010:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua 
000f0020:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no 
000f0030:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",· 
000f0040:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz", 
000f0050:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont 
000f0060:·6169·6e65·7222·5d0a·2020·2d20·2722·6175··ainer"].··-·'"au 
000f0070:·6469·7422·2069·6e20·616e·7369·626c·655f··dit"·in·ansible_ 
000f0080:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.000f0010:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an
 000f0020:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
 000f0030:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl
 000f0040:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
 000f0050:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
 000f0060:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
 000f0070:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
 000f0080:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].
000f0090:·2020·2d20·6175·6469·745f·6172·6368·203d····-·audit_arch·=000f0090:·2020·2d20·6175·6469·745f·6172·6368·203d····-·audit_arch·=
000f00a0:·3d20·2262·3634·220a·2020·7461·6773·3a0a··=·"b64".··tags:.000f00a0:·3d20·2262·3634·220a·2020·7461·6773·3a0a··=·"b64".··tags:.
000f00b0:·2020·2d20·4343·452d·3237·3333·392d·310a····-·CCE-27339-1.000f00b0:·2020·2d20·4343·452d·3237·3333·392d·310a····-·CCE-27339-1.
000f00c0:·2020·2d20·434a·4953·2d35·2e34·2e31·2e31····-·CJIS-5.4.1.1000f00c0:·2020·2d20·434a·4953·2d35·2e34·2e31·2e31····-·CJIS-5.4.1.1
000f00d0:·0a20·202d·2044·4953·412d·5354·4947·2d52··.··-·DISA-STIG-R000f00d0:·0a20·202d·2044·4953·412d·5354·4947·2d52··.··-·DISA-STIG-R
000f00e0:·4845·4c2d·3037·2d30·3330·3431·300a·2020··HEL-07-030410.··000f00e0:·4845·4c2d·3037·2d30·3330·3431·300a·2020··HEL-07-030410.··
000f00f0:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-3000f00f0:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-3
Offset 61485, 21 lines modifiedOffset 61485, 21 lines modified
000f02c0:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas000f02c0:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas
000f02d0:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps000f02d0:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps
000f02e0:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="000f02e0:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="
000f02f0:·6964·6d32·3535·3438·223e·3c70·7265·3e3c··idm25548"><pre><000f02f0:·6964·6d32·3535·3438·223e·3c70·7265·3e3c··idm25548"><pre><
000f0300:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati000f0300:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati
000f0310:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable000f0310:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable
000f0320:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain000f0320:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain
000f0330:·2070·6c61·7466·6f72·6d73·0a69·6620·5b20···platforms.if·[·000f0330:·2070·6c61·7466·6f72·6d73·0a69·6620·7270···platforms.if·rp
 000f0340:·6d20·2d2d·7175·6965·7420·2d71·2061·7564··m·--quiet·-q·aud
 000f0350:·6974·2026·616d·703b·2661·6d70·3b20·5b20··it·&amp;&amp;·[·
000f0340:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv000f0360:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv
000f0350:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·000f0370:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·
000f0360:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta000f0380:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta
 000f0390:·696e·6572·656e·7620·5d3b·2074·6865·6e0a··inerenv·];·then.
000f0370:·696e·6572·656e·7620·5d20·2661·6d70·3b26··inerenv·]·&amp;& 
000f0380:·616d·703b·2072·706d·202d·2d71·7569·6574··amp;·rpm·--quiet 
000f0390:·202d·7120·6175·6469·743b·2074·6865·6e0a···-q·audit;·then. 
000f03a0:·0a23·2046·6972·7374·2070·6572·666f·726d··.#·First·perform000f03a0:·0a23·2046·6972·7374·2070·6572·666f·726d··.#·First·perform
000f03b0:·2074·6865·2072·656d·6564·6961·7469·6f6e···the·remediation000f03b0:·2074·6865·2072·656d·6564·6961·7469·6f6e···the·remediation
Max diff block lines reached; 534214/543590 bytes (98.28%) of diff not shown.
166 KB
html2text {}
    
Offset 62, 15 lines modifiedOffset 62, 15 lines modified
62 ····*·cpe:/o:redhat:enterprise_linux:7::client62 ····*·cpe:/o:redhat:enterprise_linux:7::client
63 ····*·cpe:/o:redhat:enterprise_linux:7::computenode63 ····*·cpe:/o:redhat:enterprise_linux:7::computenode
64 ····*·cpe:/o:redhat:enterprise_linux:7::server64 ····*·cpe:/o:redhat:enterprise_linux:7::server
65 ····*·cpe:/o:redhat:enterprise_linux:7::workstation65 ····*·cpe:/o:redhat:enterprise_linux:7::workstation
66 ····*·cpe:/o:redhat:enterprise_linux:766 ····*·cpe:/o:redhat:enterprise_linux:7
67 *****·Revision·History·*****67 *****·Revision·History·*****
68 Current·version:·0.1.6568 Current·version:·0.1.65
69 ····*·draft·(as·of·2024-01-14)69 ····*·draft·(as·of·2025-02-15)
70 *****·Table·of·Contents·*****70 *****·Table·of·Contents·*****
71 ···1.·System_Settings71 ···1.·System_Settings
72 ·········1.·Installing_and_Maintaining_Software72 ·········1.·Installing_and_Maintaining_Software
73 ·········2.·Account_and_Access_Control73 ·········2.·Account_and_Access_Control
74 ·········3.·System_Accounting_with_auditd74 ·········3.·System_Accounting_with_auditd
75 ·········4.·GRUB2_bootloader_configuration75 ·········4.·GRUB2_bootloader_configuration
76 ·········5.·Network_Configuration_and_Firewalls76 ·········5.·Network_Configuration_and_Firewalls
Offset 8250, 16 lines modifiedOffset 8250, 16 lines modified
8250 ··-·reboot_required8250 ··-·reboot_required
8251 ··-·restrict_strategy8251 ··-·restrict_strategy
  
8252 -·name:·Set·architecture·for·audit·chmod·tasks8252 -·name:·Set·architecture·for·audit·chmod·tasks
8253 ··set_fact:8253 ··set_fact:
8254 ····audit_arch:·b648254 ····audit_arch:·b64
8255 ··when:8255 ··when:
8256 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
8257 ··-·'"audit"·in·ansible_facts.packages'8256 ··-·'"audit"·in·ansible_facts.packages'
 8257 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8258 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture8258 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
8259 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"8259 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
8260 ··tags:8260 ··tags:
8261 ··-·CCE-27339-18261 ··-·CCE-27339-1
8262 ··-·CJIS-5.4.1.18262 ··-·CJIS-5.4.1.1
8263 ··-·DISA-STIG-RHEL-07-0304108263 ··-·DISA-STIG-RHEL-07-030410
8264 ··-·NIST-800-171-3.1.78264 ··-·NIST-800-171-3.1.7
Offset 8397, 16 lines modifiedOffset 8397, 16 lines modified
8397 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10008397 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
8398 ········-F·auid!=unset·-F·key=perm_mod8398 ········-F·auid!=unset·-F·key=perm_mod
8399 ······create:·true8399 ······create:·true
8400 ······mode:·o-rwx8400 ······mode:·o-rwx
8401 ······state:·present8401 ······state:·present
8402 ····when:·syscalls_found·|·length·==·08402 ····when:·syscalls_found·|·length·==·0
8403 ··when:8403 ··when:
8404 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
8405 ··-·'"audit"·in·ansible_facts.packages'8404 ··-·'"audit"·in·ansible_facts.packages'
 8405 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8406 ··tags:8406 ··tags:
8407 ··-·CCE-27339-18407 ··-·CCE-27339-1
8408 ··-·CJIS-5.4.1.18408 ··-·CJIS-5.4.1.1
8409 ··-·DISA-STIG-RHEL-07-0304108409 ··-·DISA-STIG-RHEL-07-030410
8410 ··-·NIST-800-171-3.1.78410 ··-·NIST-800-171-3.1.7
8411 ··-·NIST-800-53-AU-12(c)8411 ··-·NIST-800-53-AU-12(c)
8412 ··-·NIST-800-53-AU-2(d)8412 ··-·NIST-800-53-AU-2(d)
Offset 8542, 16 lines modifiedOffset 8542, 16 lines modified
8542 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10008542 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
8543 ········-F·auid!=unset·-F·key=perm_mod8543 ········-F·auid!=unset·-F·key=perm_mod
8544 ······create:·true8544 ······create:·true
8545 ······mode:·o-rwx8545 ······mode:·o-rwx
8546 ······state:·present8546 ······state:·present
8547 ····when:·syscalls_found·|·length·==·08547 ····when:·syscalls_found·|·length·==·0
8548 ··when:8548 ··when:
8549 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
8550 ··-·'"audit"·in·ansible_facts.packages'8549 ··-·'"audit"·in·ansible_facts.packages'
 8550 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8551 ··-·audit_arch·==·"b64"8551 ··-·audit_arch·==·"b64"
8552 ··tags:8552 ··tags:
8553 ··-·CCE-27339-18553 ··-·CCE-27339-1
8554 ··-·CJIS-5.4.1.18554 ··-·CJIS-5.4.1.1
8555 ··-·DISA-STIG-RHEL-07-0304108555 ··-·DISA-STIG-RHEL-07-030410
8556 ··-·NIST-800-171-3.1.78556 ··-·NIST-800-171-3.1.7
8557 ··-·NIST-800-53-AU-12(c)8557 ··-·NIST-800-53-AU-12(c)
Offset 8562, 15 lines modifiedOffset 8562, 15 lines modified
8562 ··-·low_complexity8562 ··-·low_complexity
8563 ··-·low_disruption8563 ··-·low_disruption
8564 ··-·medium_severity8564 ··-·medium_severity
8565 ··-·reboot_required8565 ··-·reboot_required
8566 ··-·restrict_strategy8566 ··-·restrict_strategy
8567 Remediation_Shell_script_⇲8567 Remediation_Shell_script_⇲
8568 #·Remediation·is·applicable·only·in·certain·platforms8568 #·Remediation·is·applicable·only·in·certain·platforms
8569 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then8569 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
8570 #·First·perform·the·remediation·of·the·syscall·rule8570 #·First·perform·the·remediation·of·the·syscall·rule
8571 #·Retrieve·hardware·architecture·of·the·underlying·system8571 #·Retrieve·hardware·architecture·of·the·underlying·system
8572 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")8572 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
8573 for·ARCH·in·"${RULE_ARCHS[@]}"8573 for·ARCH·in·"${RULE_ARCHS[@]}"
8574 do8574 do
Offset 8933, 16 lines modifiedOffset 8933, 16 lines modified
8933 ··-·reboot_required8933 ··-·reboot_required
8934 ··-·restrict_strategy8934 ··-·restrict_strategy
  
8935 -·name:·Set·architecture·for·audit·chown·tasks8935 -·name:·Set·architecture·for·audit·chown·tasks
8936 ··set_fact:8936 ··set_fact:
8937 ····audit_arch:·b648937 ····audit_arch:·b64
8938 ··when:8938 ··when:
8939 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
8940 ··-·'"audit"·in·ansible_facts.packages'8939 ··-·'"audit"·in·ansible_facts.packages'
 8940 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8941 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture8941 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
8942 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"8942 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
8943 ··tags:8943 ··tags:
8944 ··-·CCE-27364-98944 ··-·CCE-27364-9
8945 ··-·CJIS-5.4.1.18945 ··-·CJIS-5.4.1.1
8946 ··-·DISA-STIG-RHEL-07-0303708946 ··-·DISA-STIG-RHEL-07-030370
8947 ··-·NIST-800-171-3.1.78947 ··-·NIST-800-171-3.1.7
Offset 9082, 16 lines modifiedOffset 9082, 16 lines modified
9082 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10009082 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
9083 ········-F·auid!=unset·-F·key=perm_mod9083 ········-F·auid!=unset·-F·key=perm_mod
9084 ······create:·true9084 ······create:·true
9085 ······mode:·o-rwx9085 ······mode:·o-rwx
9086 ······state:·present9086 ······state:·present
9087 ····when:·syscalls_found·|·length·==·09087 ····when:·syscalls_found·|·length·==·0
9088 ··when:9088 ··when:
9089 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
9090 ··-·'"audit"·in·ansible_facts.packages'9089 ··-·'"audit"·in·ansible_facts.packages'
 9090 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
9091 ··tags:9091 ··tags:
9092 ··-·CCE-27364-99092 ··-·CCE-27364-9
9093 ··-·CJIS-5.4.1.19093 ··-·CJIS-5.4.1.1
9094 ··-·DISA-STIG-RHEL-07-0303709094 ··-·DISA-STIG-RHEL-07-030370
9095 ··-·NIST-800-171-3.1.79095 ··-·NIST-800-171-3.1.7
9096 ··-·NIST-800-53-AU-12(c)9096 ··-·NIST-800-53-AU-12(c)
9097 ··-·NIST-800-53-AU-2(d)9097 ··-·NIST-800-53-AU-2(d)
Offset 9229, 16 lines modifiedOffset 9229, 16 lines modified
9229 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10009229 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
9230 ········-F·auid!=unset·-F·key=perm_mod9230 ········-F·auid!=unset·-F·key=perm_mod
9231 ······create:·true9231 ······create:·true
9232 ······mode:·o-rwx9232 ······mode:·o-rwx
9233 ······state:·present9233 ······state:·present
Max diff block lines reached; 165227/169984 bytes (97.20%) of diff not shown.
28.4 KB
./usr/share/doc/ssg-nondebian/ssg-rhel7-guide-rht-ccp.html
    
Offset 14345, 16 lines modifiedOffset 14345, 16 lines modified
00038080:·7369·6f6e·2048·6973·746f·7279·3c2f·6832··sion·History</h200038080:·7369·6f6e·2048·6973·746f·7279·3c2f·6832··sion·History</h2
00038090:·3e3c·703e·4375·7272·656e·7420·7665·7273··><p>Current·vers00038090:·3e3c·703e·4375·7272·656e·7420·7665·7273··><p>Current·vers
000380a0:·696f·6e3a·203c·7374·726f·6e67·3e30·2e31··ion:·<strong>0.1000380a0:·696f·6e3a·203c·7374·726f·6e67·3e30·2e31··ion:·<strong>0.1
000380b0:·2e36·353c·2f73·7472·6f6e·673e·3c2f·703e··.65</strong></p>000380b0:·2e36·353c·2f73·7472·6f6e·673e·3c2f·703e··.65</strong></p>
000380c0:·3c75·6c3e·3c6c·693e·3c73·7472·6f6e·673e··<ul><li><strong>000380c0:·3c75·6c3e·3c6c·693e·3c73·7472·6f6e·673e··<ul><li><strong>
000380d0:·6472·6166·743c·2f73·7472·6f6e·673e·0a20··draft</strong>.·000380d0:·6472·6166·743c·2f73·7472·6f6e·673e·0a20··draft</strong>.·
000380e0:·2020·2020·2020·2020·2020·2020·2020·2020··················000380e0:·2020·2020·2020·2020·2020·2020·2020·2020··················
000380f0:·2020·2028·6173·206f·6620·3230·3234·2d30·····(as·of·2024-0000380f0:·2020·2028·6173·206f·6620·3230·3235·2d30·····(as·of·2025-0
00038100:·312d·3134·290a·2020·2020·2020·2020·2020··1-14).··········00038100:·322d·3135·290a·2020·2020·2020·2020·2020··2-15).··········
00038110:·2020·2020·2020·3c2f·6c69·3e3c·2f75·6c3e········</li></ul>00038110:·2020·2020·2020·3c2f·6c69·3e3c·2f75·6c3e········</li></ul>
00038120:·3c2f·6469·763e·3c68·323e·5461·626c·6520··</div><h2>Table·00038120:·3c2f·6469·763e·3c68·323e·5461·626c·6520··</div><h2>Table·
00038130:·6f66·2043·6f6e·7465·6e74·733c·2f68·323e··of·Contents</h2>00038130:·6f66·2043·6f6e·7465·6e74·733c·2f68·323e··of·Contents</h2>
00038140:·3c6f·6c3e·3c6c·693e·3c61·2068·7265·663d··<ol><li><a·href=00038140:·3c6f·6c3e·3c6c·693e·3c61·2068·7265·663d··<ol><li><a·href=
00038150:·2223·7863·6364·665f·6f72·672e·7373·6770··"#xccdf_org.ssgp00038150:·2223·7863·6364·665f·6f72·672e·7373·6770··"#xccdf_org.ssgp
00038160:·726f·6a65·6374·2e63·6f6e·7465·6e74·5f67··roject.content_g00038160:·726f·6a65·6374·2e63·6f6e·7465·6e74·5f67··roject.content_g
00038170:·726f·7570·5f73·7973·7465·6d22·3e53·7973··roup_system">Sys00038170:·726f·7570·5f73·7973·7465·6d22·3e53·7973··roup_system">Sys
Offset 40970, 21 lines modifiedOffset 40970, 21 lines modified
000a0090:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel000a0090:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel
000a00a0:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap000a00a0:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap
000a00b0:·7365·2220·6964·3d22·6964·6d32·3533·3833··se"·id="idm25383000a00b0:·7365·2220·6964·3d22·6964·6d32·3533·3833··se"·id="idm25383
000a00c0:·223e·3c70·7265·3e3c·636f·6465·3e23·2052··"><pre><code>#·R000a00c0:·223e·3c70·7265·3e3c·636f·6465·3e23·2052··"><pre><code>#·R
000a00d0:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap000a00d0:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap
000a00e0:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in000a00e0:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in
000a00f0:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor000a00f0:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor
 000a0100:·6d73·0a69·6620·7270·6d20·2d2d·7175·6965··ms.if·rpm·--quie
 000a0110:·7420·2d71·2061·7564·6974·2026·616d·703b··t·-q·audit·&amp;
000a0100:·6d73·0a69·6620·5b20·2120·2d66·202f·2e64··ms.if·[·!·-f·/.d000a0120:·2661·6d70·3b20·5b20·2120·2d66·202f·2e64··&amp;·[·!·-f·/.d
000a0110:·6f63·6b65·7265·6e76·205d·2026·616d·703b··ockerenv·]·&amp;000a0130:·6f63·6b65·7265·6e76·205d·2026·616d·703b··ockerenv·]·&amp;
000a0120:·2661·6d70·3b20·5b20·2120·2d66·202f·7275··&amp;·[·!·-f·/ru000a0140:·2661·6d70·3b20·5b20·2120·2d66·202f·7275··&amp;·[·!·-f·/ru
000a0130:·6e2f·2e63·6f6e·7461·696e·6572·656e·7620··n/.containerenv·000a0150:·6e2f·2e63·6f6e·7461·696e·6572·656e·7620··n/.containerenv·
000a0140:·5d20·2661·6d70·3b26·616d·703b·2072·706d··]·&amp;&amp;·rpm 
000a0150:·202d·2d71·7569·6574·202d·7120·6175·6469···--quiet·-q·audi 
000a0160:·743b·2074·6865·6e0a·0a69·6620·4c43·5f41··t;·then..if·LC_A000a0160:·5d3b·2074·6865·6e0a·0a69·6620·4c43·5f41··];·then..if·LC_A
000a0170:·4c4c·3d43·2067·7265·7020·2d69·7720·5e6c··LL=C·grep·-iw·^l000a0170:·4c4c·3d43·2067·7265·7020·2d69·7720·5e6c··LL=C·grep·-iw·^l
000a0180:·6f67·5f66·696c·6520·2f65·7463·2f61·7564··og_file·/etc/aud000a0180:·6f67·5f66·696c·6520·2f65·7463·2f61·7564··og_file·/etc/aud
000a0190:·6974·2f61·7564·6974·642e·636f·6e66·3b20··it/auditd.conf;·000a0190:·6974·2f61·7564·6974·642e·636f·6e66·3b20··it/auditd.conf;·
000a01a0:·7468·656e·0a20·2020·2046·494c·453d·2428··then.····FILE=$(000a01a0:·7468·656e·0a20·2020·2046·494c·453d·2428··then.····FILE=$(
000a01b0:·6177·6b20·2d46·2022·3d22·2027·2f5e·6c6f··awk·-F·"="·'/^lo000a01b0:·6177·6b20·2d46·2022·3d22·2027·2f5e·6c6f··awk·-F·"="·'/^lo
000a01c0:·675f·6669·6c65·2f20·7b70·7269·6e74·2024··g_file/·{print·$000a01c0:·675f·6669·6c65·2f20·7b70·7269·6e74·2024··g_file/·{print·$
000a01d0:·327d·2720·2f65·7463·2f61·7564·6974·2f61··2}'·/etc/audit/a000a01d0:·327d·2720·2f65·7463·2f61·7564·6974·2f61··2}'·/etc/audit/a
Offset 41652, 22 lines modifiedOffset 41652, 22 lines modified
000a2b30:·3a20·5465·7374·2066·6f72·2065·7869·7374··:·Test·for·exist000a2b30:·3a20·5465·7374·2066·6f72·2065·7869·7374··:·Test·for·exist
000a2b40:·656e·6365·202f·626f·6f74·2f67·7275·6232··ence·/boot/grub2000a2b40:·656e·6365·202f·626f·6f74·2f67·7275·6232··ence·/boot/grub2
000a2b50:·2f67·7275·622e·6366·670a·2020·7374·6174··/grub.cfg.··stat000a2b50:·2f67·7275·622e·6366·670a·2020·7374·6174··/grub.cfg.··stat
000a2b60:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo000a2b60:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo
000a2b70:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg000a2b70:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg
000a2b80:·0a20·2072·6567·6973·7465·723a·2066·696c··.··register:·fil000a2b80:·0a20·2072·6567·6973·7465·723a·2066·696c··.··register:·fil
000a2b90:·655f·6578·6973·7473·0a20·2077·6865·6e3a··e_exists.··when:000a2b90:·655f·6578·6973·7473·0a20·2077·6865·6e3a··e_exists.··when:
000a2ba0:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi 
000a2bb0:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible 
000a2bc0:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at 
000a2bd0:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount") 
000a2be0:·207c·206c·6973·7427·0a20·202d·2027·2267···|·list'.··-·'"g 
000a2bf0:·7275·6232·2d63·6f6d·6d6f·6e22·2069·6e20··rub2-common"·in· 
000a2c00:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa000a2ba0:·0a20·202d·2027·2267·7275·6232·2d63·6f6d··.··-·'"grub2-com
 000a2bb0:·6d6f·6e22·2069·6e20·616e·7369·626c·655f··mon"·in·ansible_
 000a2bc0:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.
 000a2bd0:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi"
 000a2be0:·206e·6f74·2069·6e20·616e·7369·626c·655f···not·in·ansible_
 000a2bf0:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att
 000a2c00:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")·
000a2c10:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi000a2c10:·7c20·6c69·7374·270a·2020·2d20·616e·7369··|·list'.··-·ansi
000a2c20:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati000a2c20:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
000a2c30:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[000a2c30:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
000a2c40:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",000a2c40:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
000a2c50:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm000a2c50:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
000a2c60:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"000a2c60:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
000a2c70:·5d0a·2020·7461·6773·3a0a·2020·2d20·4343··].··tags:.··-·CC000a2c70:·5d0a·2020·7461·6773·3a0a·2020·2d20·4343··].··tags:.··-·CC
000a2c80:·452d·3832·3032·332d·330a·2020·2d20·434a··E-82023-3.··-·CJ000a2c80:·452d·3832·3032·332d·330a·2020·2d20·434a··E-82023-3.··-·CJ
Offset 41689, 22 lines modifiedOffset 41689, 22 lines modified
000a2d80:·653a·2045·6e73·7572·6520·6772·6f75·7020··e:·Ensure·group·000a2d80:·653a·2045·6e73·7572·6520·6772·6f75·7020··e:·Ensure·group·
000a2d90:·6f77·6e65·7220·3020·6f6e·202f·626f·6f74··owner·0·on·/boot000a2d90:·6f77·6e65·7220·3020·6f6e·202f·626f·6f74··owner·0·on·/boot
000a2da0:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.000a2da0:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.
000a2db0:·2020·6669·6c65·3a0a·2020·2020·7061·7468····file:.····path000a2db0:·2020·6669·6c65·3a0a·2020·2020·7061·7468····file:.····path
000a2dc0:·3a20·2f62·6f6f·742f·6772·7562·322f·6772··:·/boot/grub2/gr000a2dc0:·3a20·2f62·6f6f·742f·6772·7562·322f·6772··:·/boot/grub2/gr
000a2dd0:·7562·2e63·6667·0a20·2020·2067·726f·7570··ub.cfg.····group000a2dd0:·7562·2e63·6667·0a20·2020·2067·726f·7570··ub.cfg.····group
000a2de0:·3a20·2730·270a·2020·7768·656e·3a0a·2020··:·'0'.··when:.··000a2de0:·3a20·2730·270a·2020·7768·656e·3a0a·2020··:·'0'.··when:.··
000a2df0:·2d20·2722·2f62·6f6f·742f·6566·6922·206e··-·'"/boot/efi"·n 
000a2e00:·6f74·2069·6e20·616e·7369·626c·655f·6d6f··ot·in·ansible_mo 
000a2e10:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri 
000a2e20:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|· 
000a2e30:·6c69·7374·270a·2020·2d20·2722·6772·7562··list'.··-·'"grub 
000a2e40:·322d·636f·6d6d·6f6e·2220·696e·2061·6e73··2-common"·in·ans 
000a2e50:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa000a2df0:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common
 000a2e00:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
 000a2e10:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-
 000a2e20:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no
 000a2e30:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou
 000a2e40:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib
 000a2e50:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l
000a2e60:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible000a2e60:·6973·7427·0a20·202d·2061·6e73·6962·6c65··ist'.··-·ansible
000a2e70:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_000a2e70:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
000a2e80:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do000a2e80:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
000a2e90:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o000a2e90:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
000a2ea0:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"000a2ea0:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
000a2eb0:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·000a2eb0:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
000a2ec0:·202d·2066·696c·655f·6578·6973·7473·2e73···-·file_exists.s000a2ec0:·202d·2066·696c·655f·6578·6973·7473·2e73···-·file_exists.s
000a2ed0:·7461·7420·6973·2064·6566·696e·6564·2061··tat·is·defined·a000a2ed0:·7461·7420·6973·2064·6566·696e·6564·2061··tat·is·defined·a
Offset 41755, 19 lines modifiedOffset 41755, 19 lines modified
000a31a0:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg000a31a0:·3e3c·7472·3e3c·7468·3e53·7472·6174·6567··><tr><th>Strateg
000a31b0:·793a·3c2f·7468·3e3c·7464·3e63·6f6e·6669··y:</th><td>confi000a31b0:·793a·3c2f·7468·3e3c·7464·3e63·6f6e·6669··y:</th><td>confi
000a31c0:·6775·7265·3c2f·7464·3e3c·2f74·723e·3c2f··gure</td></tr></000a31c0:·6775·7265·3c2f·7464·3e3c·2f74·723e·3c2f··gure</td></tr></
000a31d0:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code000a31d0:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code
000a31e0:·3e23·2052·656d·6564·6961·7469·6f6e·2069··>#·Remediation·i000a31e0:·3e23·2052·656d·6564·6961·7469·6f6e·2069··>#·Remediation·i
000a31f0:·7320·6170·706c·6963·6162·6c65·206f·6e6c··s·applicable·onl000a31f0:·7320·6170·706c·6963·6162·6c65·206f·6e6c··s·applicable·onl
000a3200:·7920·696e·2063·6572·7461·696e·2070·6c61··y·in·certain·pla000a3200:·7920·696e·2063·6572·7461·696e·2070·6c61··y·in·certain·pla
000a3210:·7466·6f72·6d73·0a69·6620·5b20·2120·2d66··tforms.if·[·!·-f000a3210:·7466·6f72·6d73·0a69·6620·7270·6d20·2d2d··tforms.if·rpm·--
000a3220:·202f·7379·732f·6669·726d·7761·7265·2f65···/sys/firmware/e 
000a3230:·6669·205d·2026·616d·703b·2661·6d70·3b20··fi·]·&amp;&amp;· 
000a3240:·7270·6d20·2d2d·7175·6965·7420·2d71·2067··rpm·--quiet·-q·g 
000a3250:·7275·6232·2d63·6f6d·6d6f·6e20·2661·6d70··rub2-common·&amp000a3220:·7175·6965·7420·2d71·2067·7275·6232·2d63··quiet·-q·grub2-c
 000a3230:·6f6d·6d6f·6e20·2661·6d70·3b26·616d·703b··ommon·&amp;&amp;
 000a3240:·205b·2021·202d·6620·2f73·7973·2f66·6972···[·!·-f·/sys/fir
 000a3250:·6d77·6172·652f·6566·6920·5d20·2661·6d70··mware/efi·]·&amp
000a3260:·3b26·616d·703b·207b·205b·2021·202d·6620··;&amp;·{·[·!·-f·000a3260:·3b26·616d·703b·207b·205b·2021·202d·6620··;&amp;·{·[·!·-f·
000a3270:·2f2e·646f·636b·6572·656e·7620·5d20·2661··/.dockerenv·]·&a000a3270:·2f2e·646f·636b·6572·656e·7620·5d20·2661··/.dockerenv·]·&a
000a3280:·6d70·3b26·616d·703b·205b·2021·202d·6620··mp;&amp;·[·!·-f·000a3280:·6d70·3b26·616d·703b·205b·2021·202d·6620··mp;&amp;·[·!·-f·
000a3290:·2f72·756e·2f2e·636f·6e74·6169·6e65·7265··/run/.containere000a3290:·2f72·756e·2f2e·636f·6e74·6169·6e65·7265··/run/.containere
000a32a0:·6e76·205d·3b20·7d3b·2074·6865·6e0a·0a63··nv·];·};·then..c000a32a0:·6e76·205d·3b20·7d3b·2074·6865·6e0a·0a63··nv·];·};·then..c
000a32b0:·6867·7270·2030·202f·626f·6f74·2f67·7275··hgrp·0·/boot/gru000a32b0:·6867·7270·2030·202f·626f·6f74·2f67·7275··hgrp·0·/boot/gru
000a32c0:·6232·2f67·7275·622e·6366·670a·0a65·6c73··b2/grub.cfg..els000a32c0:·6232·2f67·7275·622e·6366·670a·0a65·6c73··b2/grub.cfg..els
Offset 42265, 22 lines modifiedOffset 42265, 22 lines modified
000a5180:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis000a5180:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis
000a5190:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub000a5190:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub
000a51a0:·322f·6772·7562·2e63·6667·0a20·2073·7461··2/grub.cfg.··sta000a51a0:·322f·6772·7562·2e63·6667·0a20·2073·7461··2/grub.cfg.··sta
000a51b0:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo000a51b0:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo
000a51c0:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf000a51c0:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
Max diff block lines reached; 11308/20848 bytes (54.24%) of diff not shown.
7.92 KB
html2text {}
    
Offset 43, 15 lines modifiedOffset 43, 15 lines modified
43 ····*·cpe:/o:redhat:enterprise_linux:7::client43 ····*·cpe:/o:redhat:enterprise_linux:7::client
44 ····*·cpe:/o:redhat:enterprise_linux:7::computenode44 ····*·cpe:/o:redhat:enterprise_linux:7::computenode
45 ····*·cpe:/o:redhat:enterprise_linux:7::server45 ····*·cpe:/o:redhat:enterprise_linux:7::server
46 ····*·cpe:/o:redhat:enterprise_linux:7::workstation46 ····*·cpe:/o:redhat:enterprise_linux:7::workstation
47 ····*·cpe:/o:redhat:enterprise_linux:747 ····*·cpe:/o:redhat:enterprise_linux:7
48 *****·Revision·History·*****48 *****·Revision·History·*****
49 Current·version:·0.1.6549 Current·version:·0.1.65
50 ····*·draft·(as·of·2024-01-14)50 ····*·draft·(as·of·2025-02-15)
51 *****·Table·of·Contents·*****51 *****·Table·of·Contents·*****
52 ···1.·System_Settings52 ···1.·System_Settings
53 ·········1.·Installing_and_Maintaining_Software53 ·········1.·Installing_and_Maintaining_Software
54 ·········2.·Account_and_Access_Control54 ·········2.·Account_and_Access_Control
55 ·········3.·System_Accounting_with_auditd55 ·········3.·System_Accounting_with_auditd
56 ·········4.·GRUB2_bootloader_configuration56 ·········4.·GRUB2_bootloader_configuration
57 ·········5.·Network_Configuration_and_Firewalls57 ·········5.·Network_Configuration_and_Firewalls
Offset 3945, 15 lines modifiedOffset 3945, 15 lines modified
3945 Rationale:·················If·users·can·write·to·audit·logs,·audit·trails·can·be·modified·or·destroyed.3945 Rationale:·················If·users·can·write·to·audit·logs,·audit·trails·can·be·modified·or·destroyed.
3946 Severity: ················medium3946 Severity: ················medium
3947 Rule·ID:···················xccdf_org.ssgproject.content_rule_file_permissions_var_log_audit3947 Rule·ID:···················xccdf_org.ssgproject.content_rule_file_permissions_var_log_audit
3948 Identifiers·and·References·Identifiers: ·CCE-27205-43948 Identifiers·and·References·Identifiers: ·CCE-27205-4
3949 ···························References: ·1,·11,·12,·13,·14,·15,·16,·18,·19,·3,·4,·5,·6,·7,·8,·5.4.1.1,·APO01.06,·APO11.04,·APO12.06,·BAI03.05,·BAI08.02,·DSS02.02,·DSS02.04,·DSS02.07,·DSS03.01,·DSS05.04,·DSS05.07,·DSS06.02,·MEA02.01,·3.3.1,·CCI-000162,·CCI-000163,·CCI-000164,·CCI-001314,·4.2.3.10,·4.3.3.3.9,·4.3.3.5.8,·4.3.3.7.3,·4.3.4.4.7,·4.3.4.5.6,·4.3.4.5.7,·4.3.4.5.8,·4.4.2.1,·4.4.2.2,·4.4.2.4,·SR_2.1,·SR_2.10,·SR_2.11,·SR_2.12,·SR_2.8,·SR_2.9,·SR_5.2,·SR_6.1,·A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.16.1.4,·A.16.1.5,·A.16.1.7,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5,·CIP-003-8_R5.1.1,·CIP-003-8_R5.3,·CIP-004-6_R2.3,·CIP-007-3_R2.1,·CIP-007-3_R2.2,·CIP-007-3_R2.3,·CIP-007-3_R5.1,·CIP-007-3_R5.1.1,·CIP-007-3_R5.1.2,·CM-6(a),·AC-6(1),·AU-9(4),·DE.AE-3,·DE.AE-5,·PR.AC-4,·PR.DS-5,·PR.PT-1,·RS.AN-1,·RS.AN-4,·Req-10.5,·SRG-OS-000057-GPOS-00027,·SRG-OS-000058-GPOS-00028,·SRG-OS-000059-GPOS-00029,·SRG-OS-000206-GPOS-00084,·RHEL-07-910055,·SV-228564r606407_rule3949 ···························References: ·1,·11,·12,·13,·14,·15,·16,·18,·19,·3,·4,·5,·6,·7,·8,·5.4.1.1,·APO01.06,·APO11.04,·APO12.06,·BAI03.05,·BAI08.02,·DSS02.02,·DSS02.04,·DSS02.07,·DSS03.01,·DSS05.04,·DSS05.07,·DSS06.02,·MEA02.01,·3.3.1,·CCI-000162,·CCI-000163,·CCI-000164,·CCI-001314,·4.2.3.10,·4.3.3.3.9,·4.3.3.5.8,·4.3.3.7.3,·4.3.4.4.7,·4.3.4.5.6,·4.3.4.5.7,·4.3.4.5.8,·4.4.2.1,·4.4.2.2,·4.4.2.4,·SR_2.1,·SR_2.10,·SR_2.11,·SR_2.12,·SR_2.8,·SR_2.9,·SR_5.2,·SR_6.1,·A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.16.1.4,·A.16.1.5,·A.16.1.7,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5,·CIP-003-8_R5.1.1,·CIP-003-8_R5.3,·CIP-004-6_R2.3,·CIP-007-3_R2.1,·CIP-007-3_R2.2,·CIP-007-3_R2.3,·CIP-007-3_R5.1,·CIP-007-3_R5.1.1,·CIP-007-3_R5.1.2,·CM-6(a),·AC-6(1),·AU-9(4),·DE.AE-3,·DE.AE-5,·PR.AC-4,·PR.DS-5,·PR.PT-1,·RS.AN-1,·RS.AN-4,·Req-10.5,·SRG-OS-000057-GPOS-00027,·SRG-OS-000058-GPOS-00028,·SRG-OS-000059-GPOS-00029,·SRG-OS-000206-GPOS-00084,·RHEL-07-910055,·SV-228564r606407_rule
3950 Remediation_Shell_script_⇲3950 Remediation_Shell_script_⇲
3951 #·Remediation·is·applicable·only·in·certain·platforms3951 #·Remediation·is·applicable·only·in·certain·platforms
3952 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then3952 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
3953 if·LC_ALL=C·grep·-iw·^log_file·/etc/audit/auditd.conf;·then3953 if·LC_ALL=C·grep·-iw·^log_file·/etc/audit/auditd.conf;·then
3954 ····FILE=$(awk·-F·"="·'/^log_file/·{print·$2}'·/etc/audit/auditd.conf·|·tr·-d·'·')3954 ····FILE=$(awk·-F·"="·'/^log_file/·{print·$2}'·/etc/audit/auditd.conf·|·tr·-d·'·')
3955 else3955 else
3956 ····FILE="/var/log/audit/audit.log"3956 ····FILE="/var/log/audit/audit.log"
3957 fi3957 fi
  
Offset 3997, 16 lines modifiedOffset 3997, 16 lines modified
3997 ··-·no_reboot_needed3997 ··-·no_reboot_needed
  
3998 -·name:·Test·for·existence·/boot/grub2/grub.cfg3998 -·name:·Test·for·existence·/boot/grub2/grub.cfg
3999 ··stat:3999 ··stat:
4000 ····path:·/boot/grub2/grub.cfg4000 ····path:·/boot/grub2/grub.cfg
4001 ··register:·file_exists4001 ··register:·file_exists
4002 ··when:4002 ··when:
4003 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
4004 ··-·'"grub2-common"·in·ansible_facts.packages'4003 ··-·'"grub2-common"·in·ansible_facts.packages'
 4004 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
4005 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4005 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4006 ··tags:4006 ··tags:
4007 ··-·CCE-82023-34007 ··-·CCE-82023-3
4008 ··-·CJIS-5.5.2.24008 ··-·CJIS-5.5.2.2
4009 ··-·NIST-800-171-3.4.54009 ··-·NIST-800-171-3.4.5
4010 ··-·NIST-800-53-AC-6(1)4010 ··-·NIST-800-53-AC-6(1)
4011 ··-·NIST-800-53-CM-6(a)4011 ··-·NIST-800-53-CM-6(a)
Offset 4019, 16 lines modifiedOffset 4019, 16 lines modified
4019 ··-·no_reboot_needed4019 ··-·no_reboot_needed
  
4020 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg4020 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
4021 ··file:4021 ··file:
4022 ····path:·/boot/grub2/grub.cfg4022 ····path:·/boot/grub2/grub.cfg
4023 ····group:·'0'4023 ····group:·'0'
4024 ··when:4024 ··when:
4025 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
4026 ··-·'"grub2-common"·in·ansible_facts.packages'4025 ··-·'"grub2-common"·in·ansible_facts.packages'
 4026 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
4027 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4027 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4028 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists4028 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
4029 ··tags:4029 ··tags:
4030 ··-·CCE-82023-34030 ··-·CCE-82023-3
4031 ··-·CJIS-5.5.2.24031 ··-·CJIS-5.5.2.2
4032 ··-·NIST-800-171-3.4.54032 ··-·NIST-800-171-3.4.5
4033 ··-·NIST-800-53-AC-6(1)4033 ··-·NIST-800-53-AC-6(1)
Offset 4041, 15 lines modifiedOffset 4041, 15 lines modified
4041 ··-·medium_severity4041 ··-·medium_severity
4042 ··-·no_reboot_needed4042 ··-·no_reboot_needed
4043 Remediation_Shell_script_⇲4043 Remediation_Shell_script_⇲
4044 Complexity:·low4044 Complexity:·low
4045 Disruption:·low4045 Disruption:·low
4046 Strategy:···configure4046 Strategy:···configure
4047 #·Remediation·is·applicable·only·in·certain·platforms4047 #·Remediation·is·applicable·only·in·certain·platforms
4048 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then4048 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
4049 chgrp·0·/boot/grub2/grub.cfg4049 chgrp·0·/boot/grub2/grub.cfg
  
4050 else4050 else
4051 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'4051 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
4052 fi4052 fi
4053 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***4053 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 4082, 16 lines modifiedOffset 4082, 16 lines modified
4082 ··-·no_reboot_needed4082 ··-·no_reboot_needed
  
4083 -·name:·Test·for·existence·/boot/grub2/grub.cfg4083 -·name:·Test·for·existence·/boot/grub2/grub.cfg
4084 ··stat:4084 ··stat:
4085 ····path:·/boot/grub2/grub.cfg4085 ····path:·/boot/grub2/grub.cfg
4086 ··register:·file_exists4086 ··register:·file_exists
4087 ··when:4087 ··when:
4088 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
4089 ··-·'"grub2-common"·in·ansible_facts.packages'4088 ··-·'"grub2-common"·in·ansible_facts.packages'
 4089 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
4090 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4090 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4091 ··tags:4091 ··tags:
4092 ··-·CCE-82026-64092 ··-·CCE-82026-6
4093 ··-·CJIS-5.5.2.24093 ··-·CJIS-5.5.2.2
4094 ··-·NIST-800-171-3.4.54094 ··-·NIST-800-171-3.4.5
4095 ··-·NIST-800-53-AC-6(1)4095 ··-·NIST-800-53-AC-6(1)
4096 ··-·NIST-800-53-CM-6(a)4096 ··-·NIST-800-53-CM-6(a)
Offset 4104, 16 lines modifiedOffset 4104, 16 lines modified
4104 ··-·no_reboot_needed4104 ··-·no_reboot_needed
  
4105 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg4105 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
4106 ··file:4106 ··file:
4107 ····path:·/boot/grub2/grub.cfg4107 ····path:·/boot/grub2/grub.cfg
4108 ····owner:·'0'4108 ····owner:·'0'
4109 ··when:4109 ··when:
4110 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
4111 ··-·'"grub2-common"·in·ansible_facts.packages'4110 ··-·'"grub2-common"·in·ansible_facts.packages'
 4111 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
4112 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4112 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4113 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists4113 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
4114 ··tags:4114 ··tags:
4115 ··-·CCE-82026-64115 ··-·CCE-82026-6
4116 ··-·CJIS-5.5.2.24116 ··-·CJIS-5.5.2.2
4117 ··-·NIST-800-171-3.4.54117 ··-·NIST-800-171-3.4.5
4118 ··-·NIST-800-53-AC-6(1)4118 ··-·NIST-800-53-AC-6(1)
Offset 4126, 15 lines modifiedOffset 4126, 15 lines modified
4126 ··-·medium_severity4126 ··-·medium_severity
4127 ··-·no_reboot_needed4127 ··-·no_reboot_needed
4128 Remediation_Shell_script_⇲4128 Remediation_Shell_script_⇲
4129 Complexity:·low4129 Complexity:·low
4130 Disruption:·low4130 Disruption:·low
4131 Strategy:···configure4131 Strategy:···configure
4132 #·Remediation·is·applicable·only·in·certain·platforms4132 #·Remediation·is·applicable·only·in·certain·platforms
Max diff block lines reached; 2041/8082 bytes (25.25%) of diff not shown.
407 KB
./usr/share/doc/ssg-nondebian/ssg-rhel7-guide-standard.html
    
Offset 14344, 16 lines modifiedOffset 14344, 16 lines modified
00038070:·696f·6e20·4869·7374·6f72·793c·2f68·323e··ion·History</h2>00038070:·696f·6e20·4869·7374·6f72·793c·2f68·323e··ion·History</h2>
00038080:·3c70·3e43·7572·7265·6e74·2076·6572·7369··<p>Current·versi00038080:·3c70·3e43·7572·7265·6e74·2076·6572·7369··<p>Current·versi
00038090:·6f6e·3a20·3c73·7472·6f6e·673e·302e·312e··on:·<strong>0.1.00038090:·6f6e·3a20·3c73·7472·6f6e·673e·302e·312e··on:·<strong>0.1.
000380a0:·3635·3c2f·7374·726f·6e67·3e3c·2f70·3e3c··65</strong></p><000380a0:·3635·3c2f·7374·726f·6e67·3e3c·2f70·3e3c··65</strong></p><
000380b0:·756c·3e3c·6c69·3e3c·7374·726f·6e67·3e64··ul><li><strong>d000380b0:·756c·3e3c·6c69·3e3c·7374·726f·6e67·3e64··ul><li><strong>d
000380c0:·7261·6674·3c2f·7374·726f·6e67·3e0a·2020··raft</strong>.··000380c0:·7261·6674·3c2f·7374·726f·6e67·3e0a·2020··raft</strong>.··
000380d0:·2020·2020·2020·2020·2020·2020·2020·2020··················000380d0:·2020·2020·2020·2020·2020·2020·2020·2020··················
000380e0:·2020·2861·7320·6f66·2032·3032·342d·3031····(as·of·2024-01000380e0:·2020·2861·7320·6f66·2032·3032·352d·3032····(as·of·2025-02
000380f0:·2d31·3429·0a20·2020·2020·2020·2020·2020··-14).···········000380f0:·2d31·3529·0a20·2020·2020·2020·2020·2020··-15).···········
00038100:·2020·2020·203c·2f6c·693e·3c2f·756c·3e3c·······</li></ul><00038100:·2020·2020·203c·2f6c·693e·3c2f·756c·3e3c·······</li></ul><
00038110:·2f64·6976·3e3c·6832·3e54·6162·6c65·206f··/div><h2>Table·o00038110:·2f64·6976·3e3c·6832·3e54·6162·6c65·206f··/div><h2>Table·o
00038120:·6620·436f·6e74·656e·7473·3c2f·6832·3e3c··f·Contents</h2><00038120:·6620·436f·6e74·656e·7473·3c2f·6832·3e3c··f·Contents</h2><
00038130:·6f6c·3e3c·6c69·3e3c·6120·6872·6566·3d22··ol><li><a·href="00038130:·6f6c·3e3c·6c69·3e3c·6120·6872·6566·3d22··ol><li><a·href="
00038140:·2378·6363·6466·5f6f·7267·2e73·7367·7072··#xccdf_org.ssgpr00038140:·2378·6363·6466·5f6f·7267·2e73·7367·7072··#xccdf_org.ssgpr
00038150:·6f6a·6563·742e·636f·6e74·656e·745f·6772··oject.content_gr00038150:·6f6a·6563·742e·636f·6e74·656e·745f·6772··oject.content_gr
00038160:·6f75·705f·7379·7374·656d·223e·5379·7374··oup_system">Syst00038160:·6f75·705f·7379·7374·656d·223e·5379·7374··oup_system">Syst
Offset 24234, 23 lines modifiedOffset 24234, 23 lines modified
0005ea90:·745f·7265·7175·6972·6564·0a20·202d·2072··t_required.··-·r0005ea90:·745f·7265·7175·6972·6564·0a20·202d·2072··t_required.··-·r
0005eaa0:·6573·7472·6963·745f·7374·7261·7465·6779··estrict_strategy0005eaa0:·6573·7472·6963·745f·7374·7261·7465·6779··estrict_strategy
0005eab0:·0a0a·2d20·6e61·6d65·3a20·5365·7420·6172··..-·name:·Set·ar0005eab0:·0a0a·2d20·6e61·6d65·3a20·5365·7420·6172··..-·name:·Set·ar
0005eac0:·6368·6974·6563·7475·7265·2066·6f72·2061··chitecture·for·a0005eac0:·6368·6974·6563·7475·7265·2066·6f72·2061··chitecture·for·a
0005ead0:·7564·6974·2063·686d·6f64·2074·6173·6b73··udit·chmod·tasks0005ead0:·7564·6974·2063·686d·6f64·2074·6173·6b73··udit·chmod·tasks
0005eae0:·0a20·2073·6574·5f66·6163·743a·0a20·2020··.··set_fact:.···0005eae0:·0a20·2073·6574·5f66·6163·743a·0a20·2020··.··set_fact:.···
0005eaf0:·2061·7564·6974·5f61·7263·683a·2062·3634···audit_arch:·b640005eaf0:·2061·7564·6974·5f61·7263·683a·2062·3634···audit_arch:·b64
0005eb00:·0a20·2077·6865·6e3a·0a20·202d·2061·6e73··.··when:.··-·ans0005eb00:·0a20·2077·6865·6e3a·0a20·202d·2027·2261··.··when:.··-·'"a
0005eb10:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat 
0005eb20:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in· 
0005eb30:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc" 
0005eb40:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod 
0005eb50:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container 
0005eb60:·225d·0a20·202d·2027·2261·7564·6974·2220··"].··-·'"audit"· 
0005eb70:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
0005eb80:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a0005eb10:·7564·6974·2220·696e·2061·6e73·6962·6c65··udit"·in·ansible
 0005eb20:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 0005eb30:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
 0005eb40:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
 0005eb50:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
 0005eb60:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
 0005eb70:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
 0005eb80:·6f6e·7461·696e·6572·225d·0a20·202d·2061··ontainer"].··-·a
0005eb90:·6e73·6962·6c65·5f61·7263·6869·7465·6374··nsible_architect0005eb90:·6e73·6962·6c65·5f61·7263·6869·7465·6374··nsible_architect
0005eba0:·7572·6520·3d3d·2022·6161·7263·6836·3422··ure·==·"aarch64"0005eba0:·7572·6520·3d3d·2022·6161·7263·6836·3422··ure·==·"aarch64"
0005ebb0:·206f·7220·616e·7369·626c·655f·6172·6368···or·ansible_arch0005ebb0:·206f·7220·616e·7369·626c·655f·6172·6368···or·ansible_arch
0005ebc0:·6974·6563·7475·7265·203d·3d20·2270·7063··itecture·==·"ppc0005ebc0:·6974·6563·7475·7265·203d·3d20·2270·7063··itecture·==·"ppc
0005ebd0:·3634·2220·6f72·2061·6e73·6962·6c65·5f61··64"·or·ansible_a0005ebd0:·3634·2220·6f72·2061·6e73·6962·6c65·5f61··64"·or·ansible_a
0005ebe0:·7263·6869·7465·6374·7572·650a·2020·2020··rchitecture.····0005ebe0:·7263·6869·7465·6374·7572·650a·2020·2020··rchitecture.····
0005ebf0:·3d3d·2022·7070·6336·346c·6522·206f·7220··==·"ppc64le"·or·0005ebf0:·3d3d·2022·7070·6336·346c·6522·206f·7220··==·"ppc64le"·or·
Offset 24559, 22 lines modifiedOffset 24559, 22 lines modified
0005fee0:·6f64·0a20·2020·2020·2063·7265·6174·653a··od.······create:0005fee0:·6f64·0a20·2020·2020·2063·7265·6174·653a··od.······create:
0005fef0:·2074·7275·650a·2020·2020·2020·6d6f·6465···true.······mode0005fef0:·2074·7275·650a·2020·2020·2020·6d6f·6465···true.······mode
0005ff00:·3a20·6f2d·7277·780a·2020·2020·2020·7374··:·o-rwx.······st0005ff00:·3a20·6f2d·7277·780a·2020·2020·2020·7374··:·o-rwx.······st
0005ff10:·6174·653a·2070·7265·7365·6e74·0a20·2020··ate:·present.···0005ff10:·6174·653a·2070·7265·7365·6e74·0a20·2020··ate:·present.···
0005ff20:·2077·6865·6e3a·2073·7973·6361·6c6c·735f···when:·syscalls_0005ff20:·2077·6865·6e3a·2073·7973·6361·6c6c·735f···when:·syscalls_
0005ff30:·666f·756e·6420·7c20·6c65·6e67·7468·203d··found·|·length·=0005ff30:·666f·756e·6420·7c20·6c65·6e67·7468·203d··found·|·length·=
0005ff40:·3d20·300a·2020·7768·656e·3a0a·2020·2d20··=·0.··when:.··-·0005ff40:·3d20·300a·2020·7768·656e·3a0a·2020·2d20··=·0.··when:.··-·
0005ff50:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali 
0005ff60:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not· 
0005ff70:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l 
0005ff80:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·" 
0005ff90:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai 
0005ffa0:·6e65·7222·5d0a·2020·2d20·2722·6175·6469··ner"].··-·'"audi 
0005ffb0:·7422·2069·6e20·616e·7369·626c·655f·6661··t"·in·ansible_fa 
0005ffc0:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··0005ff50:·2722·6175·6469·7422·2069·6e20·616e·7369··'"audit"·in·ansi
 0005ff60:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
 0005ff70:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_
 0005ff80:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
 0005ff90:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
 0005ffa0:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
 0005ffb0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
 0005ffc0:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
0005ffd0:·7461·6773·3a0a·2020·2d20·4343·452d·3237··tags:.··-·CCE-270005ffd0:·7461·6773·3a0a·2020·2d20·4343·452d·3237··tags:.··-·CCE-27
0005ffe0:·3333·392d·310a·2020·2d20·434a·4953·2d35··339-1.··-·CJIS-50005ffe0:·3333·392d·310a·2020·2d20·434a·4953·2d35··339-1.··-·CJIS-5
0005fff0:·2e34·2e31·2e31·0a20·202d·2044·4953·412d··.4.1.1.··-·DISA-0005fff0:·2e34·2e31·2e31·0a20·202d·2044·4953·412d··.4.1.1.··-·DISA-
00060000:·5354·4947·2d52·4845·4c2d·3037·2d30·3330··STIG-RHEL-07-03000060000:·5354·4947·2d52·4845·4c2d·3037·2d30·3330··STIG-RHEL-07-030
00060010:·3431·300a·2020·2d20·4e49·5354·2d38·3030··410.··-·NIST-80000060010:·3431·300a·2020·2d20·4e49·5354·2d38·3030··410.··-·NIST-800
00060020:·2d31·3731·2d33·2e31·2e37·0a20·202d·204e··-171-3.1.7.··-·N00060020:·2d31·3731·2d33·2e31·2e37·0a20·202d·204e··-171-3.1.7.··-·N
00060030:·4953·542d·3830·302d·3533·2d41·552d·3132··IST-800-53-AU-1200060030:·4953·542d·3830·302d·3533·2d41·552d·3132··IST-800-53-AU-12
Offset 24871, 23 lines modifiedOffset 24871, 23 lines modified
00061260:·6b65·793d·7065·726d·5f6d·6f64·0a20·2020··key=perm_mod.···00061260:·6b65·793d·7065·726d·5f6d·6f64·0a20·2020··key=perm_mod.···
00061270:·2020·2063·7265·6174·653a·2074·7275·650a·····create:·true.00061270:·2020·2063·7265·6174·653a·2074·7275·650a·····create:·true.
00061280:·2020·2020·2020·6d6f·6465·3a20·6f2d·7277········mode:·o-rw00061280:·2020·2020·2020·6d6f·6465·3a20·6f2d·7277········mode:·o-rw
00061290:·780a·2020·2020·2020·7374·6174·653a·2070··x.······state:·p00061290:·780a·2020·2020·2020·7374·6174·653a·2070··x.······state:·p
000612a0:·7265·7365·6e74·0a20·2020·2077·6865·6e3a··resent.····when:000612a0:·7265·7365·6e74·0a20·2020·2077·6865·6e3a··resent.····when:
000612b0:·2073·7973·6361·6c6c·735f·666f·756e·6420···syscalls_found·000612b0:·2073·7973·6361·6c6c·735f·666f·756e·6420···syscalls_found·
000612c0:·7c20·6c65·6e67·7468·203d·3d20·300a·2020··|·length·==·0.··000612c0:·7c20·6c65·6e67·7468·203d·3d20·300a·2020··|·length·==·0.··
000612d0:·7768·656e·3a0a·2020·2d20·616e·7369·626c··when:.··-·ansibl000612d0:·7768·656e·3a0a·2020·2d20·2722·6175·6469··when:.··-·'"audi
000612e0:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization 
000612f0:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d 
00061300:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·" 
00061310:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman 
00061320:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"]. 
00061330:·2020·2d20·2722·6175·6469·7422·2069·6e20····-·'"audit"·in· 
00061340:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa000612e0:·7422·2069·6e20·616e·7369·626c·655f·6661··t"·in·ansible_fa
 000612f0:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
 00061300:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
 00061310:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
 00061320:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
 00061330:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
 00061340:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
00061350:·636b·6167·6573·270a·2020·2d20·6175·6469··ckages'.··-·audi00061350:·6169·6e65·7222·5d0a·2020·2d20·6175·6469··ainer"].··-·audi
00061360:·745f·6172·6368·203d·3d20·2262·3634·220a··t_arch·==·"b64".00061360:·745f·6172·6368·203d·3d20·2262·3634·220a··t_arch·==·"b64".
00061370:·2020·7461·6773·3a0a·2020·2d20·4343·452d····tags:.··-·CCE-00061370:·2020·7461·6773·3a0a·2020·2d20·4343·452d····tags:.··-·CCE-
00061380:·3237·3333·392d·310a·2020·2d20·434a·4953··27339-1.··-·CJIS00061380:·3237·3333·392d·310a·2020·2d20·434a·4953··27339-1.··-·CJIS
00061390:·2d35·2e34·2e31·2e31·0a20·202d·2044·4953··-5.4.1.1.··-·DIS00061390:·2d35·2e34·2e31·2e31·0a20·202d·2044·4953··-5.4.1.1.··-·DIS
000613a0:·412d·5354·4947·2d52·4845·4c2d·3037·2d30··A-STIG-RHEL-07-0000613a0:·412d·5354·4947·2d52·4845·4c2d·3037·2d30··A-STIG-RHEL-07-0
000613b0:·3330·3431·300a·2020·2d20·4e49·5354·2d38··30410.··-·NIST-8000613b0:·3330·3431·300a·2020·2d20·4e49·5354·2d38··30410.··-·NIST-8
000613c0:·3030·2d31·3731·2d33·2e31·2e37·0a20·202d··00-171-3.1.7.··-000613c0:·3030·2d31·3731·2d33·2e31·2e37·0a20·202d··00-171-3.1.7.··-
Offset 24922, 21 lines modifiedOffset 24922, 21 lines modified
00061590:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel00061590:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel
000615a0:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap000615a0:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap
000615b0:·7365·2220·6964·3d22·6964·6d32·3535·3438··se"·id="idm25548000615b0:·7365·2220·6964·3d22·6964·6d32·3535·3438··se"·id="idm25548
000615c0:·223e·3c70·7265·3e3c·636f·6465·3e23·2052··"><pre><code>#·R000615c0:·223e·3c70·7265·3e3c·636f·6465·3e23·2052··"><pre><code>#·R
000615d0:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap000615d0:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap
000615e0:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in000615e0:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in
000615f0:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor000615f0:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor
 00061600:·6d73·0a69·6620·7270·6d20·2d2d·7175·6965··ms.if·rpm·--quie
 00061610:·7420·2d71·2061·7564·6974·2026·616d·703b··t·-q·audit·&amp;
00061600:·6d73·0a69·6620·5b20·2120·2d66·202f·2e64··ms.if·[·!·-f·/.d00061620:·2661·6d70·3b20·5b20·2120·2d66·202f·2e64··&amp;·[·!·-f·/.d
00061610:·6f63·6b65·7265·6e76·205d·2026·616d·703b··ockerenv·]·&amp;00061630:·6f63·6b65·7265·6e76·205d·2026·616d·703b··ockerenv·]·&amp;
00061620:·2661·6d70·3b20·5b20·2120·2d66·202f·7275··&amp;·[·!·-f·/ru00061640:·2661·6d70·3b20·5b20·2120·2d66·202f·7275··&amp;·[·!·-f·/ru
00061630:·6e2f·2e63·6f6e·7461·696e·6572·656e·7620··n/.containerenv·00061650:·6e2f·2e63·6f6e·7461·696e·6572·656e·7620··n/.containerenv·
00061640:·5d20·2661·6d70·3b26·616d·703b·2072·706d··]·&amp;&amp;·rpm 
00061650:·202d·2d71·7569·6574·202d·7120·6175·6469···--quiet·-q·audi 
00061660:·743b·2074·6865·6e0a·0a23·2046·6972·7374··t;·then..#·First00061660:·5d3b·2074·6865·6e0a·0a23·2046·6972·7374··];·then..#·First
00061670:·2070·6572·666f·726d·2074·6865·2072·656d···perform·the·rem00061670:·2070·6572·666f·726d·2074·6865·2072·656d···perform·the·rem
00061680:·6564·6961·7469·6f6e·206f·6620·7468·6520··ediation·of·the·00061680:·6564·6961·7469·6f6e·206f·6620·7468·6520··ediation·of·the·
00061690:·7379·7363·616c·6c20·7275·6c65·0a23·2052··syscall·rule.#·R00061690:·7379·7363·616c·6c20·7275·6c65·0a23·2052··syscall·rule.#·R
Max diff block lines reached; 305912/315495 bytes (96.96%) of diff not shown.
99.0 KB
html2text {}
    
Offset 43, 15 lines modifiedOffset 43, 15 lines modified
43 ····*·cpe:/o:redhat:enterprise_linux:7::client43 ····*·cpe:/o:redhat:enterprise_linux:7::client
44 ····*·cpe:/o:redhat:enterprise_linux:7::computenode44 ····*·cpe:/o:redhat:enterprise_linux:7::computenode
45 ····*·cpe:/o:redhat:enterprise_linux:7::server45 ····*·cpe:/o:redhat:enterprise_linux:7::server
46 ····*·cpe:/o:redhat:enterprise_linux:7::workstation46 ····*·cpe:/o:redhat:enterprise_linux:7::workstation
47 ····*·cpe:/o:redhat:enterprise_linux:747 ····*·cpe:/o:redhat:enterprise_linux:7
48 *****·Revision·History·*****48 *****·Revision·History·*****
49 Current·version:·0.1.6549 Current·version:·0.1.65
50 ····*·draft·(as·of·2024-01-14)50 ····*·draft·(as·of·2025-02-15)
51 *****·Table·of·Contents·*****51 *****·Table·of·Contents·*****
52 ···1.·System_Settings52 ···1.·System_Settings
53 ·········1.·Installing_and_Maintaining_Software53 ·········1.·Installing_and_Maintaining_Software
54 ·········2.·Account_and_Access_Control54 ·········2.·Account_and_Access_Control
55 ·········3.·System_Accounting_with_auditd55 ·········3.·System_Accounting_with_auditd
56 ·········4.·Configure_Syslog56 ·········4.·Configure_Syslog
57 ·········5.·File_Permissions_and_Masks57 ·········5.·File_Permissions_and_Masks
Offset 1116, 16 lines modifiedOffset 1116, 16 lines modified
1116 ··-·reboot_required1116 ··-·reboot_required
1117 ··-·restrict_strategy1117 ··-·restrict_strategy
  
1118 -·name:·Set·architecture·for·audit·chmod·tasks1118 -·name:·Set·architecture·for·audit·chmod·tasks
1119 ··set_fact:1119 ··set_fact:
1120 ····audit_arch:·b641120 ····audit_arch:·b64
1121 ··when:1121 ··when:
1122 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1123 ··-·'"audit"·in·ansible_facts.packages'1122 ··-·'"audit"·in·ansible_facts.packages'
 1123 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1124 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture1124 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
1125 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"1125 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
1126 ··tags:1126 ··tags:
1127 ··-·CCE-27339-11127 ··-·CCE-27339-1
1128 ··-·CJIS-5.4.1.11128 ··-·CJIS-5.4.1.1
1129 ··-·DISA-STIG-RHEL-07-0304101129 ··-·DISA-STIG-RHEL-07-030410
1130 ··-·NIST-800-171-3.1.71130 ··-·NIST-800-171-3.1.7
Offset 1263, 16 lines modifiedOffset 1263, 16 lines modified
1263 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10001263 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
1264 ········-F·auid!=unset·-F·key=perm_mod1264 ········-F·auid!=unset·-F·key=perm_mod
1265 ······create:·true1265 ······create:·true
1266 ······mode:·o-rwx1266 ······mode:·o-rwx
1267 ······state:·present1267 ······state:·present
1268 ····when:·syscalls_found·|·length·==·01268 ····when:·syscalls_found·|·length·==·0
1269 ··when:1269 ··when:
1270 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1271 ··-·'"audit"·in·ansible_facts.packages'1270 ··-·'"audit"·in·ansible_facts.packages'
 1271 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1272 ··tags:1272 ··tags:
1273 ··-·CCE-27339-11273 ··-·CCE-27339-1
1274 ··-·CJIS-5.4.1.11274 ··-·CJIS-5.4.1.1
1275 ··-·DISA-STIG-RHEL-07-0304101275 ··-·DISA-STIG-RHEL-07-030410
1276 ··-·NIST-800-171-3.1.71276 ··-·NIST-800-171-3.1.7
1277 ··-·NIST-800-53-AU-12(c)1277 ··-·NIST-800-53-AU-12(c)
1278 ··-·NIST-800-53-AU-2(d)1278 ··-·NIST-800-53-AU-2(d)
Offset 1408, 16 lines modifiedOffset 1408, 16 lines modified
1408 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10001408 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
1409 ········-F·auid!=unset·-F·key=perm_mod1409 ········-F·auid!=unset·-F·key=perm_mod
1410 ······create:·true1410 ······create:·true
1411 ······mode:·o-rwx1411 ······mode:·o-rwx
1412 ······state:·present1412 ······state:·present
1413 ····when:·syscalls_found·|·length·==·01413 ····when:·syscalls_found·|·length·==·0
1414 ··when:1414 ··when:
1415 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1416 ··-·'"audit"·in·ansible_facts.packages'1415 ··-·'"audit"·in·ansible_facts.packages'
 1416 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1417 ··-·audit_arch·==·"b64"1417 ··-·audit_arch·==·"b64"
1418 ··tags:1418 ··tags:
1419 ··-·CCE-27339-11419 ··-·CCE-27339-1
1420 ··-·CJIS-5.4.1.11420 ··-·CJIS-5.4.1.1
1421 ··-·DISA-STIG-RHEL-07-0304101421 ··-·DISA-STIG-RHEL-07-030410
1422 ··-·NIST-800-171-3.1.71422 ··-·NIST-800-171-3.1.7
1423 ··-·NIST-800-53-AU-12(c)1423 ··-·NIST-800-53-AU-12(c)
Offset 1428, 15 lines modifiedOffset 1428, 15 lines modified
1428 ··-·low_complexity1428 ··-·low_complexity
1429 ··-·low_disruption1429 ··-·low_disruption
1430 ··-·medium_severity1430 ··-·medium_severity
1431 ··-·reboot_required1431 ··-·reboot_required
1432 ··-·restrict_strategy1432 ··-·restrict_strategy
1433 Remediation_Shell_script_⇲1433 Remediation_Shell_script_⇲
1434 #·Remediation·is·applicable·only·in·certain·platforms1434 #·Remediation·is·applicable·only·in·certain·platforms
1435 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then1435 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
1436 #·First·perform·the·remediation·of·the·syscall·rule1436 #·First·perform·the·remediation·of·the·syscall·rule
1437 #·Retrieve·hardware·architecture·of·the·underlying·system1437 #·Retrieve·hardware·architecture·of·the·underlying·system
1438 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")1438 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
1439 for·ARCH·in·"${RULE_ARCHS[@]}"1439 for·ARCH·in·"${RULE_ARCHS[@]}"
1440 do1440 do
Offset 1799, 16 lines modifiedOffset 1799, 16 lines modified
1799 ··-·reboot_required1799 ··-·reboot_required
1800 ··-·restrict_strategy1800 ··-·restrict_strategy
  
1801 -·name:·Set·architecture·for·audit·chown·tasks1801 -·name:·Set·architecture·for·audit·chown·tasks
1802 ··set_fact:1802 ··set_fact:
1803 ····audit_arch:·b641803 ····audit_arch:·b64
1804 ··when:1804 ··when:
1805 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1806 ··-·'"audit"·in·ansible_facts.packages'1805 ··-·'"audit"·in·ansible_facts.packages'
 1806 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1807 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture1807 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
1808 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"1808 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
1809 ··tags:1809 ··tags:
1810 ··-·CCE-27364-91810 ··-·CCE-27364-9
1811 ··-·CJIS-5.4.1.11811 ··-·CJIS-5.4.1.1
1812 ··-·DISA-STIG-RHEL-07-0303701812 ··-·DISA-STIG-RHEL-07-030370
1813 ··-·NIST-800-171-3.1.71813 ··-·NIST-800-171-3.1.7
Offset 1948, 16 lines modifiedOffset 1948, 16 lines modified
1948 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10001948 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
1949 ········-F·auid!=unset·-F·key=perm_mod1949 ········-F·auid!=unset·-F·key=perm_mod
1950 ······create:·true1950 ······create:·true
1951 ······mode:·o-rwx1951 ······mode:·o-rwx
1952 ······state:·present1952 ······state:·present
1953 ····when:·syscalls_found·|·length·==·01953 ····when:·syscalls_found·|·length·==·0
1954 ··when:1954 ··when:
1955 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1956 ··-·'"audit"·in·ansible_facts.packages'1955 ··-·'"audit"·in·ansible_facts.packages'
 1956 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1957 ··tags:1957 ··tags:
1958 ··-·CCE-27364-91958 ··-·CCE-27364-9
1959 ··-·CJIS-5.4.1.11959 ··-·CJIS-5.4.1.1
1960 ··-·DISA-STIG-RHEL-07-0303701960 ··-·DISA-STIG-RHEL-07-030370
1961 ··-·NIST-800-171-3.1.71961 ··-·NIST-800-171-3.1.7
1962 ··-·NIST-800-53-AU-12(c)1962 ··-·NIST-800-53-AU-12(c)
1963 ··-·NIST-800-53-AU-2(d)1963 ··-·NIST-800-53-AU-2(d)
Offset 2095, 16 lines modifiedOffset 2095, 16 lines modified
2095 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002095 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2096 ········-F·auid!=unset·-F·key=perm_mod2096 ········-F·auid!=unset·-F·key=perm_mod
2097 ······create:·true2097 ······create:·true
2098 ······mode:·o-rwx2098 ······mode:·o-rwx
2099 ······state:·present2099 ······state:·present
Max diff block lines reached; 96624/101358 bytes (95.33%) of diff not shown.
740 KB
./usr/share/doc/ssg-nondebian/ssg-rhel7-guide-stig.html
    
Offset 14364, 15 lines modifiedOffset 14364, 15 lines modified
000381b0:·7279·3c2f·6832·3e3c·703e·4375·7272·656e··ry</h2><p>Curren000381b0:·7279·3c2f·6832·3e3c·703e·4375·7272·656e··ry</h2><p>Curren
000381c0:·7420·7665·7273·696f·6e3a·203c·7374·726f··t·version:·<stro000381c0:·7420·7665·7273·696f·6e3a·203c·7374·726f··t·version:·<stro
000381d0:·6e67·3e30·2e31·2e36·353c·2f73·7472·6f6e··ng>0.1.65</stron000381d0:·6e67·3e30·2e31·2e36·353c·2f73·7472·6f6e··ng>0.1.65</stron
000381e0:·673e·3c2f·703e·3c75·6c3e·3c6c·693e·3c73··g></p><ul><li><s000381e0:·673e·3c2f·703e·3c75·6c3e·3c6c·693e·3c73··g></p><ul><li><s
000381f0:·7472·6f6e·673e·6472·6166·743c·2f73·7472··trong>draft</str000381f0:·7472·6f6e·673e·6472·6166·743c·2f73·7472··trong>draft</str
00038200:·6f6e·673e·0a20·2020·2020·2020·2020·2020··ong>.···········00038200:·6f6e·673e·0a20·2020·2020·2020·2020·2020··ong>.···········
00038210:·2020·2020·2020·2020·2028·6173·206f·6620···········(as·of·00038210:·2020·2020·2020·2020·2028·6173·206f·6620···········(as·of·
00038220:·3230·3234·2d30·312d·3134·290a·2020·2020··2024-01-14).····00038220:·3230·3235·2d30·322d·3135·290a·2020·2020··2025-02-15).····
00038230:·2020·2020·2020·2020·2020·2020·3c2f·6c69··············</li00038230:·2020·2020·2020·2020·2020·2020·3c2f·6c69··············</li
00038240:·3e3c·2f75·6c3e·3c2f·6469·763e·3c68·323e··></ul></div><h2>00038240:·3e3c·2f75·6c3e·3c2f·6469·763e·3c68·323e··></ul></div><h2>
00038250:·5461·626c·6520·6f66·2043·6f6e·7465·6e74··Table·of·Content00038250:·5461·626c·6520·6f66·2043·6f6e·7465·6e74··Table·of·Content
00038260:·733c·2f68·323e·3c6f·6c3e·3c6c·693e·3c61··s</h2><ol><li><a00038260:·733c·2f68·323e·3c6f·6c3e·3c6c·693e·3c61··s</h2><ol><li><a
00038270:·2068·7265·663d·2223·7863·6364·665f·6f72···href="#xccdf_or00038270:·2068·7265·663d·2223·7863·6364·665f·6f72···href="#xccdf_or
00038280:·672e·7373·6770·726f·6a65·6374·2e63·6f6e··g.ssgproject.con00038280:·672e·7373·6770·726f·6a65·6374·2e63·6f6e··g.ssgproject.con
00038290:·7465·6e74·5f67·726f·7570·5f73·7973·7465··tent_group_syste00038290:·7465·6e74·5f67·726f·7570·5f73·7973·7465··tent_group_syste
Offset 93125, 23 lines modifiedOffset 93125, 23 lines modified
0016bc40:·745f·7265·7175·6972·6564·0a20·202d·2072··t_required.··-·r0016bc40:·745f·7265·7175·6972·6564·0a20·202d·2072··t_required.··-·r
0016bc50:·6573·7472·6963·745f·7374·7261·7465·6779··estrict_strategy0016bc50:·6573·7472·6963·745f·7374·7261·7465·6779··estrict_strategy
0016bc60:·0a0a·2d20·6e61·6d65·3a20·5365·7420·6172··..-·name:·Set·ar0016bc60:·0a0a·2d20·6e61·6d65·3a20·5365·7420·6172··..-·name:·Set·ar
0016bc70:·6368·6974·6563·7475·7265·2066·6f72·2061··chitecture·for·a0016bc70:·6368·6974·6563·7475·7265·2066·6f72·2061··chitecture·for·a
0016bc80:·7564·6974·2063·686d·6f64·2074·6173·6b73··udit·chmod·tasks0016bc80:·7564·6974·2063·686d·6f64·2074·6173·6b73··udit·chmod·tasks
0016bc90:·0a20·2073·6574·5f66·6163·743a·0a20·2020··.··set_fact:.···0016bc90:·0a20·2073·6574·5f66·6163·743a·0a20·2020··.··set_fact:.···
0016bca0:·2061·7564·6974·5f61·7263·683a·2062·3634···audit_arch:·b640016bca0:·2061·7564·6974·5f61·7263·683a·2062·3634···audit_arch:·b64
0016bcb0:·0a20·2077·6865·6e3a·0a20·202d·2061·6e73··.··when:.··-·ans0016bcb0:·0a20·2077·6865·6e3a·0a20·202d·2027·2261··.··when:.··-·'"a
0016bcc0:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat 
0016bcd0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in· 
0016bce0:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc" 
0016bcf0:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod 
0016bd00:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container 
0016bd10:·225d·0a20·202d·2027·2261·7564·6974·2220··"].··-·'"audit"· 
0016bd20:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
0016bd30:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a0016bcc0:·7564·6974·2220·696e·2061·6e73·6962·6c65··udit"·in·ansible
 0016bcd0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 0016bce0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
 0016bcf0:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
 0016bd00:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
 0016bd10:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
 0016bd20:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
 0016bd30:·6f6e·7461·696e·6572·225d·0a20·202d·2061··ontainer"].··-·a
0016bd40:·6e73·6962·6c65·5f61·7263·6869·7465·6374··nsible_architect0016bd40:·6e73·6962·6c65·5f61·7263·6869·7465·6374··nsible_architect
0016bd50:·7572·6520·3d3d·2022·6161·7263·6836·3422··ure·==·"aarch64"0016bd50:·7572·6520·3d3d·2022·6161·7263·6836·3422··ure·==·"aarch64"
0016bd60:·206f·7220·616e·7369·626c·655f·6172·6368···or·ansible_arch0016bd60:·206f·7220·616e·7369·626c·655f·6172·6368···or·ansible_arch
0016bd70:·6974·6563·7475·7265·203d·3d20·2270·7063··itecture·==·"ppc0016bd70:·6974·6563·7475·7265·203d·3d20·2270·7063··itecture·==·"ppc
0016bd80:·3634·2220·6f72·2061·6e73·6962·6c65·5f61··64"·or·ansible_a0016bd80:·3634·2220·6f72·2061·6e73·6962·6c65·5f61··64"·or·ansible_a
0016bd90:·7263·6869·7465·6374·7572·650a·2020·2020··rchitecture.····0016bd90:·7263·6869·7465·6374·7572·650a·2020·2020··rchitecture.····
0016bda0:·3d3d·2022·7070·6336·346c·6522·206f·7220··==·"ppc64le"·or·0016bda0:·3d3d·2022·7070·6336·346c·6522·206f·7220··==·"ppc64le"·or·
Offset 93450, 22 lines modifiedOffset 93450, 22 lines modified
0016d090:·6f64·0a20·2020·2020·2063·7265·6174·653a··od.······create:0016d090:·6f64·0a20·2020·2020·2063·7265·6174·653a··od.······create:
0016d0a0:·2074·7275·650a·2020·2020·2020·6d6f·6465···true.······mode0016d0a0:·2074·7275·650a·2020·2020·2020·6d6f·6465···true.······mode
0016d0b0:·3a20·6f2d·7277·780a·2020·2020·2020·7374··:·o-rwx.······st0016d0b0:·3a20·6f2d·7277·780a·2020·2020·2020·7374··:·o-rwx.······st
0016d0c0:·6174·653a·2070·7265·7365·6e74·0a20·2020··ate:·present.···0016d0c0:·6174·653a·2070·7265·7365·6e74·0a20·2020··ate:·present.···
0016d0d0:·2077·6865·6e3a·2073·7973·6361·6c6c·735f···when:·syscalls_0016d0d0:·2077·6865·6e3a·2073·7973·6361·6c6c·735f···when:·syscalls_
0016d0e0:·666f·756e·6420·7c20·6c65·6e67·7468·203d··found·|·length·=0016d0e0:·666f·756e·6420·7c20·6c65·6e67·7468·203d··found·|·length·=
0016d0f0:·3d20·300a·2020·7768·656e·3a0a·2020·2d20··=·0.··when:.··-·0016d0f0:·3d20·300a·2020·7768·656e·3a0a·2020·2d20··=·0.··when:.··-·
0016d100:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali 
0016d110:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not· 
0016d120:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l 
0016d130:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·" 
0016d140:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai 
0016d150:·6e65·7222·5d0a·2020·2d20·2722·6175·6469··ner"].··-·'"audi 
0016d160:·7422·2069·6e20·616e·7369·626c·655f·6661··t"·in·ansible_fa 
0016d170:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··0016d100:·2722·6175·6469·7422·2069·6e20·616e·7369··'"audit"·in·ansi
 0016d110:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
 0016d120:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_
 0016d130:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
 0016d140:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
 0016d150:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
 0016d160:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
 0016d170:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
0016d180:·7461·6773·3a0a·2020·2d20·4343·452d·3237··tags:.··-·CCE-270016d180:·7461·6773·3a0a·2020·2d20·4343·452d·3237··tags:.··-·CCE-27
0016d190:·3333·392d·310a·2020·2d20·434a·4953·2d35··339-1.··-·CJIS-50016d190:·3333·392d·310a·2020·2d20·434a·4953·2d35··339-1.··-·CJIS-5
0016d1a0:·2e34·2e31·2e31·0a20·202d·2044·4953·412d··.4.1.1.··-·DISA-0016d1a0:·2e34·2e31·2e31·0a20·202d·2044·4953·412d··.4.1.1.··-·DISA-
0016d1b0:·5354·4947·2d52·4845·4c2d·3037·2d30·3330··STIG-RHEL-07-0300016d1b0:·5354·4947·2d52·4845·4c2d·3037·2d30·3330··STIG-RHEL-07-030
0016d1c0:·3431·300a·2020·2d20·4e49·5354·2d38·3030··410.··-·NIST-8000016d1c0:·3431·300a·2020·2d20·4e49·5354·2d38·3030··410.··-·NIST-800
0016d1d0:·2d31·3731·2d33·2e31·2e37·0a20·202d·204e··-171-3.1.7.··-·N0016d1d0:·2d31·3731·2d33·2e31·2e37·0a20·202d·204e··-171-3.1.7.··-·N
0016d1e0:·4953·542d·3830·302d·3533·2d41·552d·3132··IST-800-53-AU-120016d1e0:·4953·542d·3830·302d·3533·2d41·552d·3132··IST-800-53-AU-12
Offset 93762, 23 lines modifiedOffset 93762, 23 lines modified
0016e410:·6b65·793d·7065·726d·5f6d·6f64·0a20·2020··key=perm_mod.···0016e410:·6b65·793d·7065·726d·5f6d·6f64·0a20·2020··key=perm_mod.···
0016e420:·2020·2063·7265·6174·653a·2074·7275·650a·····create:·true.0016e420:·2020·2063·7265·6174·653a·2074·7275·650a·····create:·true.
0016e430:·2020·2020·2020·6d6f·6465·3a20·6f2d·7277········mode:·o-rw0016e430:·2020·2020·2020·6d6f·6465·3a20·6f2d·7277········mode:·o-rw
0016e440:·780a·2020·2020·2020·7374·6174·653a·2070··x.······state:·p0016e440:·780a·2020·2020·2020·7374·6174·653a·2070··x.······state:·p
0016e450:·7265·7365·6e74·0a20·2020·2077·6865·6e3a··resent.····when:0016e450:·7265·7365·6e74·0a20·2020·2077·6865·6e3a··resent.····when:
0016e460:·2073·7973·6361·6c6c·735f·666f·756e·6420···syscalls_found·0016e460:·2073·7973·6361·6c6c·735f·666f·756e·6420···syscalls_found·
0016e470:·7c20·6c65·6e67·7468·203d·3d20·300a·2020··|·length·==·0.··0016e470:·7c20·6c65·6e67·7468·203d·3d20·300a·2020··|·length·==·0.··
0016e480:·7768·656e·3a0a·2020·2d20·616e·7369·626c··when:.··-·ansibl0016e480:·7768·656e·3a0a·2020·2d20·2722·6175·6469··when:.··-·'"audi
0016e490:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization 
0016e4a0:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d 
0016e4b0:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·" 
0016e4c0:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman 
0016e4d0:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"]. 
0016e4e0:·2020·2d20·2722·6175·6469·7422·2069·6e20····-·'"audit"·in· 
0016e4f0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa0016e490:·7422·2069·6e20·616e·7369·626c·655f·6661··t"·in·ansible_fa
 0016e4a0:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
 0016e4b0:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
 0016e4c0:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
 0016e4d0:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
 0016e4e0:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
 0016e4f0:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
0016e500:·636b·6167·6573·270a·2020·2d20·6175·6469··ckages'.··-·audi0016e500:·6169·6e65·7222·5d0a·2020·2d20·6175·6469··ainer"].··-·audi
0016e510:·745f·6172·6368·203d·3d20·2262·3634·220a··t_arch·==·"b64".0016e510:·745f·6172·6368·203d·3d20·2262·3634·220a··t_arch·==·"b64".
0016e520:·2020·7461·6773·3a0a·2020·2d20·4343·452d····tags:.··-·CCE-0016e520:·2020·7461·6773·3a0a·2020·2d20·4343·452d····tags:.··-·CCE-
0016e530:·3237·3333·392d·310a·2020·2d20·434a·4953··27339-1.··-·CJIS0016e530:·3237·3333·392d·310a·2020·2d20·434a·4953··27339-1.··-·CJIS
0016e540:·2d35·2e34·2e31·2e31·0a20·202d·2044·4953··-5.4.1.1.··-·DIS0016e540:·2d35·2e34·2e31·2e31·0a20·202d·2044·4953··-5.4.1.1.··-·DIS
0016e550:·412d·5354·4947·2d52·4845·4c2d·3037·2d30··A-STIG-RHEL-07-00016e550:·412d·5354·4947·2d52·4845·4c2d·3037·2d30··A-STIG-RHEL-07-0
0016e560:·3330·3431·300a·2020·2d20·4e49·5354·2d38··30410.··-·NIST-80016e560:·3330·3431·300a·2020·2d20·4e49·5354·2d38··30410.··-·NIST-8
0016e570:·3030·2d31·3731·2d33·2e31·2e37·0a20·202d··00-171-3.1.7.··-0016e570:·3030·2d31·3731·2d33·2e31·2e37·0a20·202d··00-171-3.1.7.··-
Offset 93813, 21 lines modifiedOffset 93813, 21 lines modified
0016e740:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel0016e740:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel
0016e750:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap0016e750:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap
0016e760:·7365·2220·6964·3d22·6964·6d32·3535·3438··se"·id="idm255480016e760:·7365·2220·6964·3d22·6964·6d32·3535·3438··se"·id="idm25548
0016e770:·223e·3c70·7265·3e3c·636f·6465·3e23·2052··"><pre><code>#·R0016e770:·223e·3c70·7265·3e3c·636f·6465·3e23·2052··"><pre><code>#·R
0016e780:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap0016e780:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap
0016e790:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in0016e790:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in
0016e7a0:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor0016e7a0:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor
 0016e7b0:·6d73·0a69·6620·7270·6d20·2d2d·7175·6965··ms.if·rpm·--quie
 0016e7c0:·7420·2d71·2061·7564·6974·2026·616d·703b··t·-q·audit·&amp;
0016e7b0:·6d73·0a69·6620·5b20·2120·2d66·202f·2e64··ms.if·[·!·-f·/.d0016e7d0:·2661·6d70·3b20·5b20·2120·2d66·202f·2e64··&amp;·[·!·-f·/.d
0016e7c0:·6f63·6b65·7265·6e76·205d·2026·616d·703b··ockerenv·]·&amp;0016e7e0:·6f63·6b65·7265·6e76·205d·2026·616d·703b··ockerenv·]·&amp;
0016e7d0:·2661·6d70·3b20·5b20·2120·2d66·202f·7275··&amp;·[·!·-f·/ru0016e7f0:·2661·6d70·3b20·5b20·2120·2d66·202f·7275··&amp;·[·!·-f·/ru
0016e7e0:·6e2f·2e63·6f6e·7461·696e·6572·656e·7620··n/.containerenv·0016e800:·6e2f·2e63·6f6e·7461·696e·6572·656e·7620··n/.containerenv·
0016e7f0:·5d20·2661·6d70·3b26·616d·703b·2072·706d··]·&amp;&amp;·rpm 
0016e800:·202d·2d71·7569·6574·202d·7120·6175·6469···--quiet·-q·audi 
0016e810:·743b·2074·6865·6e0a·0a23·2046·6972·7374··t;·then..#·First0016e810:·5d3b·2074·6865·6e0a·0a23·2046·6972·7374··];·then..#·First
0016e820:·2070·6572·666f·726d·2074·6865·2072·656d···perform·the·rem0016e820:·2070·6572·666f·726d·2074·6865·2072·656d···perform·the·rem
0016e830:·6564·6961·7469·6f6e·206f·6620·7468·6520··ediation·of·the·0016e830:·6564·6961·7469·6f6e·206f·6620·7468·6520··ediation·of·the·
0016e840:·7379·7363·616c·6c20·7275·6c65·0a23·2052··syscall·rule.#·R0016e840:·7379·7363·616c·6c20·7275·6c65·0a23·2052··syscall·rule.#·R
0016e850:·6574·7269·6576·6520·6861·7264·7761·7265··etrieve·hardware0016e850:·6574·7269·6576·6520·6861·7264·7761·7265··etrieve·hardware
Max diff block lines reached; 568044/577558 bytes (98.35%) of diff not shown.
176 KB
html2text {}
    
Offset 47, 15 lines modifiedOffset 47, 15 lines modified
47 ····*·cpe:/o:redhat:enterprise_linux:7::client47 ····*·cpe:/o:redhat:enterprise_linux:7::client
48 ····*·cpe:/o:redhat:enterprise_linux:7::computenode48 ····*·cpe:/o:redhat:enterprise_linux:7::computenode
49 ····*·cpe:/o:redhat:enterprise_linux:7::server49 ····*·cpe:/o:redhat:enterprise_linux:7::server
50 ····*·cpe:/o:redhat:enterprise_linux:7::workstation50 ····*·cpe:/o:redhat:enterprise_linux:7::workstation
51 ····*·cpe:/o:redhat:enterprise_linux:751 ····*·cpe:/o:redhat:enterprise_linux:7
52 *****·Revision·History·*****52 *****·Revision·History·*****
53 Current·version:·0.1.6553 Current·version:·0.1.65
54 ····*·draft·(as·of·2024-01-14)54 ····*·draft·(as·of·2025-02-15)
55 *****·Table·of·Contents·*****55 *****·Table·of·Contents·*****
56 ···1.·System_Settings56 ···1.·System_Settings
57 ·········1.·Installing_and_Maintaining_Software57 ·········1.·Installing_and_Maintaining_Software
58 ·········2.·Account_and_Access_Control58 ·········2.·Account_and_Access_Control
59 ·········3.·System_Accounting_with_auditd59 ·········3.·System_Accounting_with_auditd
60 ·········4.·GRUB2_bootloader_configuration60 ·········4.·GRUB2_bootloader_configuration
61 ·········5.·Configure_Syslog61 ·········5.·Configure_Syslog
Offset 14291, 16 lines modifiedOffset 14291, 16 lines modified
14291 ··-·reboot_required14291 ··-·reboot_required
14292 ··-·restrict_strategy14292 ··-·restrict_strategy
  
14293 -·name:·Set·architecture·for·audit·chmod·tasks14293 -·name:·Set·architecture·for·audit·chmod·tasks
14294 ··set_fact:14294 ··set_fact:
14295 ····audit_arch:·b6414295 ····audit_arch:·b64
14296 ··when:14296 ··when:
14297 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
14298 ··-·'"audit"·in·ansible_facts.packages'14297 ··-·'"audit"·in·ansible_facts.packages'
 14298 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
14299 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture14299 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
14300 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"14300 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
14301 ··tags:14301 ··tags:
14302 ··-·CCE-27339-114302 ··-·CCE-27339-1
14303 ··-·CJIS-5.4.1.114303 ··-·CJIS-5.4.1.1
14304 ··-·DISA-STIG-RHEL-07-03041014304 ··-·DISA-STIG-RHEL-07-030410
14305 ··-·NIST-800-171-3.1.714305 ··-·NIST-800-171-3.1.7
Offset 14438, 16 lines modifiedOffset 14438, 16 lines modified
14438 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100014438 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
14439 ········-F·auid!=unset·-F·key=perm_mod14439 ········-F·auid!=unset·-F·key=perm_mod
14440 ······create:·true14440 ······create:·true
14441 ······mode:·o-rwx14441 ······mode:·o-rwx
14442 ······state:·present14442 ······state:·present
14443 ····when:·syscalls_found·|·length·==·014443 ····when:·syscalls_found·|·length·==·0
14444 ··when:14444 ··when:
14445 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
14446 ··-·'"audit"·in·ansible_facts.packages'14445 ··-·'"audit"·in·ansible_facts.packages'
 14446 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
14447 ··tags:14447 ··tags:
14448 ··-·CCE-27339-114448 ··-·CCE-27339-1
14449 ··-·CJIS-5.4.1.114449 ··-·CJIS-5.4.1.1
14450 ··-·DISA-STIG-RHEL-07-03041014450 ··-·DISA-STIG-RHEL-07-030410
14451 ··-·NIST-800-171-3.1.714451 ··-·NIST-800-171-3.1.7
14452 ··-·NIST-800-53-AU-12(c)14452 ··-·NIST-800-53-AU-12(c)
14453 ··-·NIST-800-53-AU-2(d)14453 ··-·NIST-800-53-AU-2(d)
Offset 14583, 16 lines modifiedOffset 14583, 16 lines modified
14583 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100014583 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
14584 ········-F·auid!=unset·-F·key=perm_mod14584 ········-F·auid!=unset·-F·key=perm_mod
14585 ······create:·true14585 ······create:·true
14586 ······mode:·o-rwx14586 ······mode:·o-rwx
14587 ······state:·present14587 ······state:·present
14588 ····when:·syscalls_found·|·length·==·014588 ····when:·syscalls_found·|·length·==·0
14589 ··when:14589 ··when:
14590 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
14591 ··-·'"audit"·in·ansible_facts.packages'14590 ··-·'"audit"·in·ansible_facts.packages'
 14591 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
14592 ··-·audit_arch·==·"b64"14592 ··-·audit_arch·==·"b64"
14593 ··tags:14593 ··tags:
14594 ··-·CCE-27339-114594 ··-·CCE-27339-1
14595 ··-·CJIS-5.4.1.114595 ··-·CJIS-5.4.1.1
14596 ··-·DISA-STIG-RHEL-07-03041014596 ··-·DISA-STIG-RHEL-07-030410
14597 ··-·NIST-800-171-3.1.714597 ··-·NIST-800-171-3.1.7
14598 ··-·NIST-800-53-AU-12(c)14598 ··-·NIST-800-53-AU-12(c)
Offset 14603, 15 lines modifiedOffset 14603, 15 lines modified
14603 ··-·low_complexity14603 ··-·low_complexity
14604 ··-·low_disruption14604 ··-·low_disruption
14605 ··-·medium_severity14605 ··-·medium_severity
14606 ··-·reboot_required14606 ··-·reboot_required
14607 ··-·restrict_strategy14607 ··-·restrict_strategy
14608 Remediation_Shell_script_⇲14608 Remediation_Shell_script_⇲
14609 #·Remediation·is·applicable·only·in·certain·platforms14609 #·Remediation·is·applicable·only·in·certain·platforms
14610 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then14610 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
14611 #·First·perform·the·remediation·of·the·syscall·rule14611 #·First·perform·the·remediation·of·the·syscall·rule
14612 #·Retrieve·hardware·architecture·of·the·underlying·system14612 #·Retrieve·hardware·architecture·of·the·underlying·system
14613 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")14613 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
14614 for·ARCH·in·"${RULE_ARCHS[@]}"14614 for·ARCH·in·"${RULE_ARCHS[@]}"
14615 do14615 do
Offset 14974, 16 lines modifiedOffset 14974, 16 lines modified
14974 ··-·reboot_required14974 ··-·reboot_required
14975 ··-·restrict_strategy14975 ··-·restrict_strategy
  
14976 -·name:·Set·architecture·for·audit·chown·tasks14976 -·name:·Set·architecture·for·audit·chown·tasks
14977 ··set_fact:14977 ··set_fact:
14978 ····audit_arch:·b6414978 ····audit_arch:·b64
14979 ··when:14979 ··when:
14980 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
14981 ··-·'"audit"·in·ansible_facts.packages'14980 ··-·'"audit"·in·ansible_facts.packages'
 14981 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
14982 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture14982 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
14983 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"14983 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
14984 ··tags:14984 ··tags:
14985 ··-·CCE-27364-914985 ··-·CCE-27364-9
14986 ··-·CJIS-5.4.1.114986 ··-·CJIS-5.4.1.1
14987 ··-·DISA-STIG-RHEL-07-03037014987 ··-·DISA-STIG-RHEL-07-030370
14988 ··-·NIST-800-171-3.1.714988 ··-·NIST-800-171-3.1.7
Offset 15123, 16 lines modifiedOffset 15123, 16 lines modified
15123 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100015123 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
15124 ········-F·auid!=unset·-F·key=perm_mod15124 ········-F·auid!=unset·-F·key=perm_mod
15125 ······create:·true15125 ······create:·true
15126 ······mode:·o-rwx15126 ······mode:·o-rwx
15127 ······state:·present15127 ······state:·present
15128 ····when:·syscalls_found·|·length·==·015128 ····when:·syscalls_found·|·length·==·0
15129 ··when:15129 ··when:
15130 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
15131 ··-·'"audit"·in·ansible_facts.packages'15130 ··-·'"audit"·in·ansible_facts.packages'
 15131 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
15132 ··tags:15132 ··tags:
15133 ··-·CCE-27364-915133 ··-·CCE-27364-9
15134 ··-·CJIS-5.4.1.115134 ··-·CJIS-5.4.1.1
15135 ··-·DISA-STIG-RHEL-07-03037015135 ··-·DISA-STIG-RHEL-07-030370
15136 ··-·NIST-800-171-3.1.715136 ··-·NIST-800-171-3.1.7
15137 ··-·NIST-800-53-AU-12(c)15137 ··-·NIST-800-53-AU-12(c)
15138 ··-·NIST-800-53-AU-2(d)15138 ··-·NIST-800-53-AU-2(d)
Offset 15270, 16 lines modifiedOffset 15270, 16 lines modified
15270 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100015270 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
15271 ········-F·auid!=unset·-F·key=perm_mod15271 ········-F·auid!=unset·-F·key=perm_mod
15272 ······create:·true15272 ······create:·true
15273 ······mode:·o-rwx15273 ······mode:·o-rwx
15274 ······state:·present15274 ······state:·present
Max diff block lines reached; 175071/179823 bytes (97.36%) of diff not shown.
739 KB
./usr/share/doc/ssg-nondebian/ssg-rhel7-guide-stig_gui.html
    
Offset 14388, 15 lines modifiedOffset 14388, 15 lines modified
00038330:·6973·746f·7279·3c2f·6832·3e3c·703e·4375··istory</h2><p>Cu00038330:·6973·746f·7279·3c2f·6832·3e3c·703e·4375··istory</h2><p>Cu
00038340:·7272·656e·7420·7665·7273·696f·6e3a·203c··rrent·version:·<00038340:·7272·656e·7420·7665·7273·696f·6e3a·203c··rrent·version:·<
00038350:·7374·726f·6e67·3e30·2e31·2e36·353c·2f73··strong>0.1.65</s00038350:·7374·726f·6e67·3e30·2e31·2e36·353c·2f73··strong>0.1.65</s
00038360:·7472·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c··trong></p><ul><l00038360:·7472·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c··trong></p><ul><l
00038370:·693e·3c73·7472·6f6e·673e·6472·6166·743c··i><strong>draft<00038370:·693e·3c73·7472·6f6e·673e·6472·6166·743c··i><strong>draft<
00038380:·2f73·7472·6f6e·673e·0a20·2020·2020·2020··/strong>.·······00038380:·2f73·7472·6f6e·673e·0a20·2020·2020·2020··/strong>.·······
00038390:·2020·2020·2020·2020·2020·2020·2028·6173···············(as00038390:·2020·2020·2020·2020·2020·2020·2028·6173···············(as
000383a0:·206f·6620·3230·3234·2d30·312d·3134·290a···of·2024-01-14).000383a0:·206f·6620·3230·3235·2d30·322d·3135·290a···of·2025-02-15).
000383b0:·2020·2020·2020·2020·2020·2020·2020·2020··················000383b0:·2020·2020·2020·2020·2020·2020·2020·2020··················
000383c0:·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469·763e··</li></ul></div>000383c0:·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469·763e··</li></ul></div>
000383d0:·3c68·323e·5461·626c·6520·6f66·2043·6f6e··<h2>Table·of·Con000383d0:·3c68·323e·5461·626c·6520·6f66·2043·6f6e··<h2>Table·of·Con
000383e0:·7465·6e74·733c·2f68·323e·3c6f·6c3e·3c6c··tents</h2><ol><l000383e0:·7465·6e74·733c·2f68·323e·3c6f·6c3e·3c6c··tents</h2><ol><l
000383f0:·693e·3c61·2068·7265·663d·2223·7863·6364··i><a·href="#xccd000383f0:·693e·3c61·2068·7265·663d·2223·7863·6364··i><a·href="#xccd
00038400:·665f·6f72·672e·7373·6770·726f·6a65·6374··f_org.ssgproject00038400:·665f·6f72·672e·7373·6770·726f·6a65·6374··f_org.ssgproject
00038410:·2e63·6f6e·7465·6e74·5f67·726f·7570·5f73··.content_group_s00038410:·2e63·6f6e·7465·6e74·5f67·726f·7570·5f73··.content_group_s
Offset 93144, 23 lines modifiedOffset 93144, 23 lines modified
0016bd70:·6f74·5f72·6571·7569·7265·640a·2020·2d20··ot_required.··-·0016bd70:·6f74·5f72·6571·7569·7265·640a·2020·2d20··ot_required.··-·
0016bd80:·7265·7374·7269·6374·5f73·7472·6174·6567··restrict_strateg0016bd80:·7265·7374·7269·6374·5f73·7472·6174·6567··restrict_strateg
0016bd90:·790a·0a2d·206e·616d·653a·2053·6574·2061··y..-·name:·Set·a0016bd90:·790a·0a2d·206e·616d·653a·2053·6574·2061··y..-·name:·Set·a
0016bda0:·7263·6869·7465·6374·7572·6520·666f·7220··rchitecture·for·0016bda0:·7263·6869·7465·6374·7572·6520·666f·7220··rchitecture·for·
0016bdb0:·6175·6469·7420·6368·6d6f·6420·7461·736b··audit·chmod·task0016bdb0:·6175·6469·7420·6368·6d6f·6420·7461·736b··audit·chmod·task
0016bdc0:·730a·2020·7365·745f·6661·6374·3a0a·2020··s.··set_fact:.··0016bdc0:·730a·2020·7365·745f·6661·6374·3a0a·2020··s.··set_fact:.··
0016bdd0:·2020·6175·6469·745f·6172·6368·3a20·6236····audit_arch:·b60016bdd0:·2020·6175·6469·745f·6172·6368·3a20·6236····audit_arch:·b6
0016bde0:·340a·2020·7768·656e·3a0a·2020·2d20·616e··4.··when:.··-·an0016bde0:·340a·2020·7768·656e·3a0a·2020·2d20·2722··4.··when:.··-·'"
0016bdf0:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza 
0016be00:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in 
0016be10:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc 
0016be20:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po 
0016be30:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe 
0016be40:·7222·5d0a·2020·2d20·2722·6175·6469·7422··r"].··-·'"audit" 
0016be50:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
0016be60:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·0016bdf0:·6175·6469·7422·2069·6e20·616e·7369·626c··audit"·in·ansibl
 0016be00:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
 0016be10:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
 0016be20:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
 0016be30:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
 0016be40:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
 0016be50:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
 0016be60:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·
0016be70:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec0016be70:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec
0016be80:·7475·7265·203d·3d20·2261·6172·6368·3634··ture·==·"aarch640016be80:·7475·7265·203d·3d20·2261·6172·6368·3634··ture·==·"aarch64
0016be90:·2220·6f72·2061·6e73·6962·6c65·5f61·7263··"·or·ansible_arc0016be90:·2220·6f72·2061·6e73·6962·6c65·5f61·7263··"·or·ansible_arc
0016bea0:·6869·7465·6374·7572·6520·3d3d·2022·7070··hitecture·==·"pp0016bea0:·6869·7465·6374·7572·6520·3d3d·2022·7070··hitecture·==·"pp
0016beb0:·6336·3422·206f·7220·616e·7369·626c·655f··c64"·or·ansible_0016beb0:·6336·3422·206f·7220·616e·7369·626c·655f··c64"·or·ansible_
0016bec0:·6172·6368·6974·6563·7475·7265·0a20·2020··architecture.···0016bec0:·6172·6368·6974·6563·7475·7265·0a20·2020··architecture.···
0016bed0:·203d·3d20·2270·7063·3634·6c65·2220·6f72···==·"ppc64le"·or0016bed0:·203d·3d20·2270·7063·3634·6c65·2220·6f72···==·"ppc64le"·or
Offset 93469, 22 lines modifiedOffset 93469, 22 lines modified
0016d1c0:·6d6f·640a·2020·2020·2020·6372·6561·7465··mod.······create0016d1c0:·6d6f·640a·2020·2020·2020·6372·6561·7465··mod.······create
0016d1d0:·3a20·7472·7565·0a20·2020·2020·206d·6f64··:·true.······mod0016d1d0:·3a20·7472·7565·0a20·2020·2020·206d·6f64··:·true.······mod
0016d1e0:·653a·206f·2d72·7778·0a20·2020·2020·2073··e:·o-rwx.······s0016d1e0:·653a·206f·2d72·7778·0a20·2020·2020·2073··e:·o-rwx.······s
0016d1f0:·7461·7465·3a20·7072·6573·656e·740a·2020··tate:·present.··0016d1f0:·7461·7465·3a20·7072·6573·656e·740a·2020··tate:·present.··
0016d200:·2020·7768·656e·3a20·7379·7363·616c·6c73····when:·syscalls0016d200:·2020·7768·656e·3a20·7379·7363·616c·6c73····when:·syscalls
0016d210:·5f66·6f75·6e64·207c·206c·656e·6774·6820··_found·|·length·0016d210:·5f66·6f75·6e64·207c·206c·656e·6774·6820··_found·|·length·
0016d220:·3d3d·2030·0a20·2077·6865·6e3a·0a20·202d··==·0.··when:.··-0016d220:·3d3d·2030·0a20·2077·6865·6e3a·0a20·202d··==·0.··when:.··-
0016d230:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual 
0016d240:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not 
0016d250:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·" 
0016d260:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",· 
0016d270:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta 
0016d280:·696e·6572·225d·0a20·202d·2027·2261·7564··iner"].··-·'"aud 
0016d290:·6974·2220·696e·2061·6e73·6962·6c65·5f66··it"·in·ansible_f 
0016d2a0:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·0016d230:·2027·2261·7564·6974·2220·696e·2061·6e73···'"audit"·in·ans
 0016d240:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
 0016d250:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible
 0016d260:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
 0016d270:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
 0016d280:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
 0016d290:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
 0016d2a0:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
0016d2b0:·2074·6167·733a·0a20·202d·2043·4345·2d32···tags:.··-·CCE-20016d2b0:·2074·6167·733a·0a20·202d·2043·4345·2d32···tags:.··-·CCE-2
0016d2c0:·3733·3339·2d31·0a20·202d·2043·4a49·532d··7339-1.··-·CJIS-0016d2c0:·3733·3339·2d31·0a20·202d·2043·4a49·532d··7339-1.··-·CJIS-
0016d2d0:·352e·342e·312e·310a·2020·2d20·4449·5341··5.4.1.1.··-·DISA0016d2d0:·352e·342e·312e·310a·2020·2d20·4449·5341··5.4.1.1.··-·DISA
0016d2e0:·2d53·5449·472d·5248·454c·2d30·372d·3033··-STIG-RHEL-07-030016d2e0:·2d53·5449·472d·5248·454c·2d30·372d·3033··-STIG-RHEL-07-03
0016d2f0:·3034·3130·0a20·202d·204e·4953·542d·3830··0410.··-·NIST-800016d2f0:·3034·3130·0a20·202d·204e·4953·542d·3830··0410.··-·NIST-80
0016d300:·302d·3137·312d·332e·312e·370a·2020·2d20··0-171-3.1.7.··-·0016d300:·302d·3137·312d·332e·312e·370a·2020·2d20··0-171-3.1.7.··-·
0016d310:·4e49·5354·2d38·3030·2d35·332d·4155·2d31··NIST-800-53-AU-10016d310:·4e49·5354·2d38·3030·2d35·332d·4155·2d31··NIST-800-53-AU-1
Offset 93781, 23 lines modifiedOffset 93781, 23 lines modified
0016e540:·206b·6579·3d70·6572·6d5f·6d6f·640a·2020···key=perm_mod.··0016e540:·206b·6579·3d70·6572·6d5f·6d6f·640a·2020···key=perm_mod.··
0016e550:·2020·2020·6372·6561·7465·3a20·7472·7565······create:·true0016e550:·2020·2020·6372·6561·7465·3a20·7472·7565······create:·true
0016e560:·0a20·2020·2020·206d·6f64·653a·206f·2d72··.······mode:·o-r0016e560:·0a20·2020·2020·206d·6f64·653a·206f·2d72··.······mode:·o-r
0016e570:·7778·0a20·2020·2020·2073·7461·7465·3a20··wx.······state:·0016e570:·7778·0a20·2020·2020·2073·7461·7465·3a20··wx.······state:·
0016e580:·7072·6573·656e·740a·2020·2020·7768·656e··present.····when0016e580:·7072·6573·656e·740a·2020·2020·7768·656e··present.····when
0016e590:·3a20·7379·7363·616c·6c73·5f66·6f75·6e64··:·syscalls_found0016e590:·3a20·7379·7363·616c·6c73·5f66·6f75·6e64··:·syscalls_found
0016e5a0:·207c·206c·656e·6774·6820·3d3d·2030·0a20···|·length·==·0.·0016e5a0:·207c·206c·656e·6774·6820·3d3d·2030·0a20···|·length·==·0.·
0016e5b0:·2077·6865·6e3a·0a20·202d·2061·6e73·6962···when:.··-·ansib0016e5b0:·2077·6865·6e3a·0a20·202d·2027·2261·7564···when:.··-·'"aud
0016e5c0:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio 
0016e5d0:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·[" 
0016e5e0:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",· 
0016e5f0:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma 
0016e600:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"] 
0016e610:·0a20·202d·2027·2261·7564·6974·2220·696e··.··-·'"audit"·in 
0016e620:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
0016e630:·6163·6b61·6765·7327·0a20·202d·2061·7564··ackages'.··-·aud0016e5c0:·6974·2220·696e·2061·6e73·6962·6c65·5f66··it"·in·ansible_f
 0016e5d0:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
 0016e5e0:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu
 0016e5f0:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n
 0016e600:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",
 0016e610:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"
 0016e620:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con
 0016e630:·7461·696e·6572·225d·0a20·202d·2061·7564··tainer"].··-·aud
0016e640:·6974·5f61·7263·6820·3d3d·2022·6236·3422··it_arch·==·"b64"0016e640:·6974·5f61·7263·6820·3d3d·2022·6236·3422··it_arch·==·"b64"
0016e650:·0a20·2074·6167·733a·0a20·202d·2043·4345··.··tags:.··-·CCE0016e650:·0a20·2074·6167·733a·0a20·202d·2043·4345··.··tags:.··-·CCE
0016e660:·2d32·3733·3339·2d31·0a20·202d·2043·4a49··-27339-1.··-·CJI0016e660:·2d32·3733·3339·2d31·0a20·202d·2043·4a49··-27339-1.··-·CJI
0016e670:·532d·352e·342e·312e·310a·2020·2d20·4449··S-5.4.1.1.··-·DI0016e670:·532d·352e·342e·312e·310a·2020·2d20·4449··S-5.4.1.1.··-·DI
0016e680:·5341·2d53·5449·472d·5248·454c·2d30·372d··SA-STIG-RHEL-07-0016e680:·5341·2d53·5449·472d·5248·454c·2d30·372d··SA-STIG-RHEL-07-
0016e690:·3033·3034·3130·0a20·202d·204e·4953·542d··030410.··-·NIST-0016e690:·3033·3034·3130·0a20·202d·204e·4953·542d··030410.··-·NIST-
0016e6a0:·3830·302d·3137·312d·332e·312e·370a·2020··800-171-3.1.7.··0016e6a0:·3830·302d·3137·312d·332e·312e·370a·2020··800-171-3.1.7.··
Offset 93832, 21 lines modifiedOffset 93832, 21 lines modified
0016e870:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane0016e870:·3c64·6976·2063·6c61·7373·3d22·7061·6e65··<div·class="pane
0016e880:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla0016e880:·6c2d·636f·6c6c·6170·7365·2063·6f6c·6c61··l-collapse·colla
0016e890:·7073·6522·2069·643d·2269·646d·3235·3534··pse"·id="idm25540016e890:·7073·6522·2069·643d·2269·646d·3235·3534··pse"·id="idm2554
0016e8a0:·3822·3e3c·7072·653e·3c63·6f64·653e·2320··8"><pre><code>#·0016e8a0:·3822·3e3c·7072·653e·3c63·6f64·653e·2320··8"><pre><code>#·
0016e8b0:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a0016e8b0:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a
0016e8c0:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i0016e8c0:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i
0016e8d0:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo0016e8d0:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo
 0016e8e0:·726d·730a·6966·2072·706d·202d·2d71·7569··rms.if·rpm·--qui
 0016e8f0:·6574·202d·7120·6175·6469·7420·2661·6d70··et·-q·audit·&amp
0016e8e0:·726d·730a·6966·205b·2021·202d·6620·2f2e··rms.if·[·!·-f·/.0016e900:·3b26·616d·703b·205b·2021·202d·6620·2f2e··;&amp;·[·!·-f·/.
0016e8f0:·646f·636b·6572·656e·7620·5d20·2661·6d70··dockerenv·]·&amp0016e910:·646f·636b·6572·656e·7620·5d20·2661·6d70··dockerenv·]·&amp
0016e900:·3b26·616d·703b·205b·2021·202d·6620·2f72··;&amp;·[·!·-f·/r0016e920:·3b26·616d·703b·205b·2021·202d·6620·2f72··;&amp;·[·!·-f·/r
0016e910:·756e·2f2e·636f·6e74·6169·6e65·7265·6e76··un/.containerenv0016e930:·756e·2f2e·636f·6e74·6169·6e65·7265·6e76··un/.containerenv
0016e920:·205d·2026·616d·703b·2661·6d70·3b20·7270···]·&amp;&amp;·rp 
0016e930:·6d20·2d2d·7175·6965·7420·2d71·2061·7564··m·--quiet·-q·aud 
0016e940:·6974·3b20·7468·656e·0a0a·2320·4669·7273··it;·then..#·Firs0016e940:·205d·3b20·7468·656e·0a0a·2320·4669·7273···];·then..#·Firs
0016e950:·7420·7065·7266·6f72·6d20·7468·6520·7265··t·perform·the·re0016e950:·7420·7065·7266·6f72·6d20·7468·6520·7265··t·perform·the·re
0016e960:·6d65·6469·6174·696f·6e20·6f66·2074·6865··mediation·of·the0016e960:·6d65·6469·6174·696f·6e20·6f66·2074·6865··mediation·of·the
0016e970:·2073·7973·6361·6c6c·2072·756c·650a·2320···syscall·rule.#·0016e970:·2073·7973·6361·6c6c·2072·756c·650a·2320···syscall·rule.#·
Max diff block lines reached; 567561/577006 bytes (98.36%) of diff not shown.
176 KB
html2text {}
    
Offset 53, 15 lines modifiedOffset 53, 15 lines modified
53 ····*·cpe:/o:redhat:enterprise_linux:7::client53 ····*·cpe:/o:redhat:enterprise_linux:7::client
54 ····*·cpe:/o:redhat:enterprise_linux:7::computenode54 ····*·cpe:/o:redhat:enterprise_linux:7::computenode
55 ····*·cpe:/o:redhat:enterprise_linux:7::server55 ····*·cpe:/o:redhat:enterprise_linux:7::server
56 ····*·cpe:/o:redhat:enterprise_linux:7::workstation56 ····*·cpe:/o:redhat:enterprise_linux:7::workstation
57 ····*·cpe:/o:redhat:enterprise_linux:757 ····*·cpe:/o:redhat:enterprise_linux:7
58 *****·Revision·History·*****58 *****·Revision·History·*****
59 Current·version:·0.1.6559 Current·version:·0.1.65
60 ····*·draft·(as·of·2024-01-14)60 ····*·draft·(as·of·2025-02-15)
61 *****·Table·of·Contents·*****61 *****·Table·of·Contents·*****
62 ···1.·System_Settings62 ···1.·System_Settings
63 ·········1.·Installing_and_Maintaining_Software63 ·········1.·Installing_and_Maintaining_Software
64 ·········2.·Account_and_Access_Control64 ·········2.·Account_and_Access_Control
65 ·········3.·System_Accounting_with_auditd65 ·········3.·System_Accounting_with_auditd
66 ·········4.·GRUB2_bootloader_configuration66 ·········4.·GRUB2_bootloader_configuration
67 ·········5.·Configure_Syslog67 ·········5.·Configure_Syslog
Offset 14296, 16 lines modifiedOffset 14296, 16 lines modified
14296 ··-·reboot_required14296 ··-·reboot_required
14297 ··-·restrict_strategy14297 ··-·restrict_strategy
  
14298 -·name:·Set·architecture·for·audit·chmod·tasks14298 -·name:·Set·architecture·for·audit·chmod·tasks
14299 ··set_fact:14299 ··set_fact:
14300 ····audit_arch:·b6414300 ····audit_arch:·b64
14301 ··when:14301 ··when:
14302 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
14303 ··-·'"audit"·in·ansible_facts.packages'14302 ··-·'"audit"·in·ansible_facts.packages'
 14303 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
14304 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture14304 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
14305 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"14305 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
14306 ··tags:14306 ··tags:
14307 ··-·CCE-27339-114307 ··-·CCE-27339-1
14308 ··-·CJIS-5.4.1.114308 ··-·CJIS-5.4.1.1
14309 ··-·DISA-STIG-RHEL-07-03041014309 ··-·DISA-STIG-RHEL-07-030410
14310 ··-·NIST-800-171-3.1.714310 ··-·NIST-800-171-3.1.7
Offset 14443, 16 lines modifiedOffset 14443, 16 lines modified
14443 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100014443 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
14444 ········-F·auid!=unset·-F·key=perm_mod14444 ········-F·auid!=unset·-F·key=perm_mod
14445 ······create:·true14445 ······create:·true
14446 ······mode:·o-rwx14446 ······mode:·o-rwx
14447 ······state:·present14447 ······state:·present
14448 ····when:·syscalls_found·|·length·==·014448 ····when:·syscalls_found·|·length·==·0
14449 ··when:14449 ··when:
14450 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
14451 ··-·'"audit"·in·ansible_facts.packages'14450 ··-·'"audit"·in·ansible_facts.packages'
 14451 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
14452 ··tags:14452 ··tags:
14453 ··-·CCE-27339-114453 ··-·CCE-27339-1
14454 ··-·CJIS-5.4.1.114454 ··-·CJIS-5.4.1.1
14455 ··-·DISA-STIG-RHEL-07-03041014455 ··-·DISA-STIG-RHEL-07-030410
14456 ··-·NIST-800-171-3.1.714456 ··-·NIST-800-171-3.1.7
14457 ··-·NIST-800-53-AU-12(c)14457 ··-·NIST-800-53-AU-12(c)
14458 ··-·NIST-800-53-AU-2(d)14458 ··-·NIST-800-53-AU-2(d)
Offset 14588, 16 lines modifiedOffset 14588, 16 lines modified
14588 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100014588 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
14589 ········-F·auid!=unset·-F·key=perm_mod14589 ········-F·auid!=unset·-F·key=perm_mod
14590 ······create:·true14590 ······create:·true
14591 ······mode:·o-rwx14591 ······mode:·o-rwx
14592 ······state:·present14592 ······state:·present
14593 ····when:·syscalls_found·|·length·==·014593 ····when:·syscalls_found·|·length·==·0
14594 ··when:14594 ··when:
14595 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
14596 ··-·'"audit"·in·ansible_facts.packages'14595 ··-·'"audit"·in·ansible_facts.packages'
 14596 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
14597 ··-·audit_arch·==·"b64"14597 ··-·audit_arch·==·"b64"
14598 ··tags:14598 ··tags:
14599 ··-·CCE-27339-114599 ··-·CCE-27339-1
14600 ··-·CJIS-5.4.1.114600 ··-·CJIS-5.4.1.1
14601 ··-·DISA-STIG-RHEL-07-03041014601 ··-·DISA-STIG-RHEL-07-030410
14602 ··-·NIST-800-171-3.1.714602 ··-·NIST-800-171-3.1.7
14603 ··-·NIST-800-53-AU-12(c)14603 ··-·NIST-800-53-AU-12(c)
Offset 14608, 15 lines modifiedOffset 14608, 15 lines modified
14608 ··-·low_complexity14608 ··-·low_complexity
14609 ··-·low_disruption14609 ··-·low_disruption
14610 ··-·medium_severity14610 ··-·medium_severity
14611 ··-·reboot_required14611 ··-·reboot_required
14612 ··-·restrict_strategy14612 ··-·restrict_strategy
14613 Remediation_Shell_script_⇲14613 Remediation_Shell_script_⇲
14614 #·Remediation·is·applicable·only·in·certain·platforms14614 #·Remediation·is·applicable·only·in·certain·platforms
14615 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then14615 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
14616 #·First·perform·the·remediation·of·the·syscall·rule14616 #·First·perform·the·remediation·of·the·syscall·rule
14617 #·Retrieve·hardware·architecture·of·the·underlying·system14617 #·Retrieve·hardware·architecture·of·the·underlying·system
14618 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")14618 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
14619 for·ARCH·in·"${RULE_ARCHS[@]}"14619 for·ARCH·in·"${RULE_ARCHS[@]}"
14620 do14620 do
Offset 14979, 16 lines modifiedOffset 14979, 16 lines modified
14979 ··-·reboot_required14979 ··-·reboot_required
14980 ··-·restrict_strategy14980 ··-·restrict_strategy
  
14981 -·name:·Set·architecture·for·audit·chown·tasks14981 -·name:·Set·architecture·for·audit·chown·tasks
14982 ··set_fact:14982 ··set_fact:
14983 ····audit_arch:·b6414983 ····audit_arch:·b64
14984 ··when:14984 ··when:
14985 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
14986 ··-·'"audit"·in·ansible_facts.packages'14985 ··-·'"audit"·in·ansible_facts.packages'
 14986 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
14987 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture14987 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
14988 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"14988 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
14989 ··tags:14989 ··tags:
14990 ··-·CCE-27364-914990 ··-·CCE-27364-9
14991 ··-·CJIS-5.4.1.114991 ··-·CJIS-5.4.1.1
14992 ··-·DISA-STIG-RHEL-07-03037014992 ··-·DISA-STIG-RHEL-07-030370
14993 ··-·NIST-800-171-3.1.714993 ··-·NIST-800-171-3.1.7
Offset 15128, 16 lines modifiedOffset 15128, 16 lines modified
15128 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100015128 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
15129 ········-F·auid!=unset·-F·key=perm_mod15129 ········-F·auid!=unset·-F·key=perm_mod
15130 ······create:·true15130 ······create:·true
15131 ······mode:·o-rwx15131 ······mode:·o-rwx
15132 ······state:·present15132 ······state:·present
15133 ····when:·syscalls_found·|·length·==·015133 ····when:·syscalls_found·|·length·==·0
15134 ··when:15134 ··when:
15135 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
15136 ··-·'"audit"·in·ansible_facts.packages'15135 ··-·'"audit"·in·ansible_facts.packages'
 15136 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
15137 ··tags:15137 ··tags:
15138 ··-·CCE-27364-915138 ··-·CCE-27364-9
15139 ··-·CJIS-5.4.1.115139 ··-·CJIS-5.4.1.1
15140 ··-·DISA-STIG-RHEL-07-03037015140 ··-·DISA-STIG-RHEL-07-030370
15141 ··-·NIST-800-171-3.1.715141 ··-·NIST-800-171-3.1.7
15142 ··-·NIST-800-53-AU-12(c)15142 ··-·NIST-800-53-AU-12(c)
15143 ··-·NIST-800-53-AU-2(d)15143 ··-·NIST-800-53-AU-2(d)
Offset 15275, 16 lines modifiedOffset 15275, 16 lines modified
15275 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100015275 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
15276 ········-F·auid!=unset·-F·key=perm_mod15276 ········-F·auid!=unset·-F·key=perm_mod
15277 ······create:·true15277 ······create:·true
15278 ······mode:·o-rwx15278 ······mode:·o-rwx
15279 ······state:·present15279 ······state:·present
Max diff block lines reached; 175071/179823 bytes (97.36%) of diff not shown.
7.1 KB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-anssi_bp28_enhanced.html
    
Offset 14441, 15 lines modifiedOffset 14441, 15 lines modified
00038680:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v00038680:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v
00038690:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>00038690:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>
000386a0:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><000386a0:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><
000386b0:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro000386b0:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro
000386c0:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong000386c0:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong
000386d0:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············000386d0:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············
000386e0:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·202000386e0:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·202
000386f0:·342d·3031·2d31·3429·0a20·2020·2020·2020··4-01-14).·······000386f0:·352d·3032·2d31·3529·0a20·2020·2020·2020··5-02-15).·······
00038700:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></00038700:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></
00038710:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab00038710:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab
00038720:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</00038720:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</
00038730:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr00038730:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr
00038740:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s00038740:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s
00038750:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten00038750:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten
00038760:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">00038760:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">
Offset 56919, 23 lines modifiedOffset 56919, 23 lines modified
000de560:·7072·6976·696c·6567·6564·0a20·2020·2020··privileged.·····000de560:·7072·6976·696c·6567·6564·0a20·2020·2020··privileged.·····
000de570:·2063·7265·6174·653a·2074·7275·650a·2020···create:·true.··000de570:·2063·7265·6174·653a·2074·7275·650a·2020···create:·true.··
000de580:·2020·2020·6d6f·6465·3a20·6f2d·7277·780a······mode:·o-rwx.000de580:·2020·2020·6d6f·6465·3a20·6f2d·7277·780a······mode:·o-rwx.
000de590:·2020·2020·2020·7374·6174·653a·2070·7265········state:·pre000de590:·2020·2020·2020·7374·6174·653a·2070·7265········state:·pre
000de5a0:·7365·6e74·0a20·2020·2077·6865·6e3a·2073··sent.····when:·s000de5a0:·7365·6e74·0a20·2020·2077·6865·6e3a·2073··sent.····when:·s
000de5b0:·7973·6361·6c6c·735f·666f·756e·6420·7c20··yscalls_found·|·000de5b0:·7973·6361·6c6c·735f·666f·756e·6420·7c20··yscalls_found·|·
000de5c0:·6c65·6e67·7468·203d·3d20·300a·2020·7768··length·==·0.··wh000de5c0:·6c65·6e67·7468·203d·3d20·300a·2020·7768··length·==·0.··wh
000de5d0:·656e·3a0a·2020·2d20·2722·6175·6469·7422··en:.··-·'"audit" 
000de5e0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
000de5f0:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-· 
000de600:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali 
000de610:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not· 
000de620:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l 
000de630:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·" 
000de640:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai000de5d0:·656e·3a0a·2020·2d20·616e·7369·626c·655f··en:.··-·ansible_
 000de5e0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
 000de5f0:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
 000de600:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
 000de610:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
 000de620:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
 000de630:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an
 000de640:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
000de650:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··000de650:·6167·6573·270a·2020·7461·6773·3a0a·2020··ages'.··tags:.··
000de660:·2d20·4343·452d·3830·3733·372d·300a·2020··-·CCE-80737-0.··000de660:·2d20·4343·452d·3830·3733·372d·300a·2020··-·CCE-80737-0.··
000de670:·2d20·4449·5341·2d53·5449·472d·5248·454c··-·DISA-STIG-RHEL000de670:·2d20·4449·5341·2d53·5449·472d·5248·454c··-·DISA-STIG-RHEL
000de680:·2d30·382d·3033·3035·3530·0a20·202d·204e··-08-030550.··-·N000de680:·2d30·382d·3033·3035·3530·0a20·202d·204e··-08-030550.··-·N
000de690:·4953·542d·3830·302d·3137·312d·332e·312e··IST-800-171-3.1.000de690:·4953·542d·3830·302d·3137·312d·332e·312e··IST-800-171-3.1.
000de6a0:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5000de6a0:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5
000de6b0:·332d·4143·2d36·2839·290a·2020·2d20·4e49··3-AC-6(9).··-·NI000de6b0:·332d·4143·2d36·2839·290a·2020·2d20·4e49··3-AC-6(9).··-·NI
000de6c0:·5354·2d38·3030·2d35·332d·4155·2d31·3228··ST-800-53-AU-12(000de6c0:·5354·2d38·3030·2d35·332d·4155·2d31·3228··ST-800-53-AU-12(
Offset 56967, 21 lines modifiedOffset 56967, 21 lines modified
000de860:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla000de860:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
000de870:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap000de870:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
000de880:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=000de880:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=
000de890:·2269·646d·3336·3434·3622·3e3c·7072·653e··"idm36446"><pre>000de890:·2269·646d·3336·3434·3622·3e3c·7072·653e··"idm36446"><pre>
000de8a0:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat000de8a0:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat
000de8b0:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl000de8b0:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl
000de8c0:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai000de8c0:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai
000de8d0:·6e20·706c·6174·666f·726d·730a·6966·2072··n·platforms.if·r000de8d0:·6e20·706c·6174·666f·726d·730a·6966·205b··n·platforms.if·[
000de8e0:·706d·202d·2d71·7569·6574·202d·7120·6175··pm·--quiet·-q·au 
000de8f0:·6469·7420·2661·6d70·3b26·616d·703b·205b··dit·&amp;&amp;·[ 
000de900:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren000de8e0:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren
000de910:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[000de8f0:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[
000de920:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont000de900:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont
000de930:·6169·6e65·7265·6e76·205d·3b20·7468·656e··ainerenv·];·then000de910:·6169·6e65·7265·6e76·205d·2026·616d·703b··ainerenv·]·&amp;
 000de920:·2661·6d70·3b20·7270·6d20·2d2d·7175·6965··&amp;·rpm·--quie
 000de930:·7420·2d71·2061·7564·6974·3b20·7468·656e··t·-q·audit;·then
000de940:·0a0a·4143·5449·4f4e·5f41·5243·485f·4649··..ACTION_ARCH_FI000de940:·0a0a·4143·5449·4f4e·5f41·5243·485f·4649··..ACTION_ARCH_FI
000de950:·4c54·4552·533d·222d·6120·616c·7761·7973··LTERS="-a·always000de950:·4c54·4552·533d·222d·6120·616c·7761·7973··LTERS="-a·always
000de960:·2c65·7869·7422·0a4f·5448·4552·5f46·494c··,exit".OTHER_FIL000de960:·2c65·7869·7422·0a4f·5448·4552·5f46·494c··,exit".OTHER_FIL
000de970:·5445·5253·3d22·2d46·2070·6174·683d·2f75··TERS="-F·path=/u000de970:·5445·5253·3d22·2d46·2070·6174·683d·2f75··TERS="-F·path=/u
000de980:·7372·2f62·696e·2f73·7564·6f20·2d46·2070··sr/bin/sudo·-F·p000de980:·7372·2f62·696e·2f73·7564·6f20·2d46·2070··sr/bin/sudo·-F·p
000de990:·6572·6d3d·7822·0a41·5549·445f·4649·4c54··erm=x".AUID_FILT000de990:·6572·6d3d·7822·0a41·5549·445f·4649·4c54··erm=x".AUID_FILT
000de9a0:·4552·533d·222d·4620·6175·6964·2667·743b··ERS="-F·auid&gt;000de9a0:·4552·533d·222d·4620·6175·6964·2667·743b··ERS="-F·auid&gt;
1.76 KB
html2text {}
    
Offset 54, 15 lines modifiedOffset 54, 15 lines modified
54 ····*·cpe:/o:redhat:enterprise_linux:8.654 ····*·cpe:/o:redhat:enterprise_linux:8.6
55 ····*·cpe:/o:redhat:enterprise_linux:8.755 ····*·cpe:/o:redhat:enterprise_linux:8.7
56 ····*·cpe:/o:redhat:enterprise_linux:8.856 ····*·cpe:/o:redhat:enterprise_linux:8.8
57 ····*·cpe:/o:redhat:enterprise_linux:8.957 ····*·cpe:/o:redhat:enterprise_linux:8.9
58 ····*·cpe:/o:redhat:enterprise_linux:858 ····*·cpe:/o:redhat:enterprise_linux:8
59 *****·Revision·History·*****59 *****·Revision·History·*****
60 Current·version:·0.1.6560 Current·version:·0.1.65
61 ····*·draft·(as·of·2024-01-14)61 ····*·draft·(as·of·2025-02-15)
62 *****·Table·of·Contents·*****62 *****·Table·of·Contents·*****
63 ···1.·System_Settings63 ···1.·System_Settings
64 ·········1.·Installing_and_Maintaining_Software64 ·········1.·Installing_and_Maintaining_Software
65 ·········2.·Account_and_Access_Control65 ·········2.·Account_and_Access_Control
66 ·········3.·System_Accounting_with_auditd66 ·········3.·System_Accounting_with_auditd
67 ·········4.·GRUB2_bootloader_configuration67 ·········4.·GRUB2_bootloader_configuration
68 ·········5.·Configure_Syslog68 ·········5.·Configure_Syslog
Offset 8295, 16 lines modifiedOffset 8295, 16 lines modified
8295 ······line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x8295 ······line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x
8296 ········-F·auid>=1000·-F·auid!=unset·-F·key=privileged8296 ········-F·auid>=1000·-F·auid!=unset·-F·key=privileged
8297 ······create:·true8297 ······create:·true
8298 ······mode:·o-rwx8298 ······mode:·o-rwx
8299 ······state:·present8299 ······state:·present
8300 ····when:·syscalls_found·|·length·==·08300 ····when:·syscalls_found·|·length·==·0
8301 ··when:8301 ··when:
8302 ··-·'"audit"·in·ansible_facts.packages' 
8303 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8302 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 8303 ··-·'"audit"·in·ansible_facts.packages'
8304 ··tags:8304 ··tags:
8305 ··-·CCE-80737-08305 ··-·CCE-80737-0
8306 ··-·DISA-STIG-RHEL-08-0305508306 ··-·DISA-STIG-RHEL-08-030550
8307 ··-·NIST-800-171-3.1.78307 ··-·NIST-800-171-3.1.7
8308 ··-·NIST-800-53-AC-6(9)8308 ··-·NIST-800-53-AC-6(9)
8309 ··-·NIST-800-53-AU-12(c)8309 ··-·NIST-800-53-AU-12(c)
8310 ··-·NIST-800-53-AU-2(d)8310 ··-·NIST-800-53-AU-2(d)
Offset 8313, 15 lines modifiedOffset 8313, 15 lines modified
8313 ··-·low_complexity8313 ··-·low_complexity
8314 ··-·low_disruption8314 ··-·low_disruption
8315 ··-·medium_severity8315 ··-·medium_severity
8316 ··-·no_reboot_needed8316 ··-·no_reboot_needed
8317 ··-·restrict_strategy8317 ··-·restrict_strategy
8318 Remediation_Shell_script_⇲8318 Remediation_Shell_script_⇲
8319 #·Remediation·is·applicable·only·in·certain·platforms8319 #·Remediation·is·applicable·only·in·certain·platforms
8320 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then8320 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
8321 ACTION_ARCH_FILTERS="-a·always,exit"8321 ACTION_ARCH_FILTERS="-a·always,exit"
8322 OTHER_FILTERS="-F·path=/usr/bin/sudo·-F·perm=x"8322 OTHER_FILTERS="-F·path=/usr/bin/sudo·-F·perm=x"
8323 AUID_FILTERS="-F·auid>=1000·-F·auid!=unset"8323 AUID_FILTERS="-F·auid>=1000·-F·auid!=unset"
8324 SYSCALL=""8324 SYSCALL=""
8325 KEY="privileged"8325 KEY="privileged"
8326 SYSCALL_GROUPING=""8326 SYSCALL_GROUPING=""
6.89 KB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-anssi_bp28_high.html
    
Offset 14440, 15 lines modifiedOffset 14440, 15 lines modified
00038670:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v00038670:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v
00038680:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>00038680:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>
00038690:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><00038690:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><
000386a0:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro000386a0:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro
000386b0:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong000386b0:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong
000386c0:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············000386c0:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············
000386d0:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·202000386d0:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·202
000386e0:·342d·3031·2d31·3429·0a20·2020·2020·2020··4-01-14).·······000386e0:·352d·3032·2d31·3529·0a20·2020·2020·2020··5-02-15).·······
000386f0:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></000386f0:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></
00038700:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab00038700:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab
00038710:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</00038710:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</
00038720:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr00038720:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr
00038730:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s00038730:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s
00038740:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten00038740:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten
00038750:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">00038750:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">
Offset 59079, 22 lines modifiedOffset 59079, 22 lines modified
000e6c60:·6567·6564·0a20·2020·2020·2063·7265·6174··eged.······creat000e6c60:·6567·6564·0a20·2020·2020·2063·7265·6174··eged.······creat
000e6c70:·653a·2074·7275·650a·2020·2020·2020·6d6f··e:·true.······mo000e6c70:·653a·2074·7275·650a·2020·2020·2020·6d6f··e:·true.······mo
000e6c80:·6465·3a20·6f2d·7277·780a·2020·2020·2020··de:·o-rwx.······000e6c80:·6465·3a20·6f2d·7277·780a·2020·2020·2020··de:·o-rwx.······
000e6c90:·7374·6174·653a·2070·7265·7365·6e74·0a20··state:·present.·000e6c90:·7374·6174·653a·2070·7265·7365·6e74·0a20··state:·present.·
000e6ca0:·2020·2077·6865·6e3a·2073·7973·6361·6c6c·····when:·syscall000e6ca0:·2020·2077·6865·6e3a·2073·7973·6361·6c6c·····when:·syscall
000e6cb0:·735f·666f·756e·6420·7c20·6c65·6e67·7468··s_found·|·length000e6cb0:·735f·666f·756e·6420·7c20·6c65·6e67·7468··s_found·|·length
000e6cc0:·203d·3d20·300a·2020·7768·656e·3a0a·2020···==·0.··when:.··000e6cc0:·203d·3d20·300a·2020·7768·656e·3a0a·2020···==·0.··when:.··
000e6cd0:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an 
000e6ce0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack 
000e6cf0:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl 
000e6d00:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization 
000e6d10:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d 
000e6d20:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·" 
000e6d30:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman 
000e6d40:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].000e6cd0:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
 000e6ce0:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
 000e6cf0:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
 000e6d00:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
 000e6d10:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
 000e6d20:·6169·6e65·7222·5d0a·2020·2d20·2722·6175··ainer"].··-·'"au
 000e6d30:·6469·7422·2069·6e20·616e·7369·626c·655f··dit"·in·ansible_
 000e6d40:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.
000e6d50:·2020·7461·6773·3a0a·2020·2d20·4343·452d····tags:.··-·CCE-000e6d50:·2020·7461·6773·3a0a·2020·2d20·4343·452d····tags:.··-·CCE-
000e6d60:·3830·3733·372d·300a·2020·2d20·4449·5341··80737-0.··-·DISA000e6d60:·3830·3733·372d·300a·2020·2d20·4449·5341··80737-0.··-·DISA
000e6d70:·2d53·5449·472d·5248·454c·2d30·382d·3033··-STIG-RHEL-08-03000e6d70:·2d53·5449·472d·5248·454c·2d30·382d·3033··-STIG-RHEL-08-03
000e6d80:·3035·3530·0a20·202d·204e·4953·542d·3830··0550.··-·NIST-80000e6d80:·3035·3530·0a20·202d·204e·4953·542d·3830··0550.··-·NIST-80
000e6d90:·302d·3137·312d·332e·312e·370a·2020·2d20··0-171-3.1.7.··-·000e6d90:·302d·3137·312d·332e·312e·370a·2020·2d20··0-171-3.1.7.··-·
000e6da0:·4e49·5354·2d38·3030·2d35·332d·4143·2d36··NIST-800-53-AC-6000e6da0:·4e49·5354·2d38·3030·2d35·332d·4143·2d36··NIST-800-53-AC-6
000e6db0:·2839·290a·2020·2d20·4e49·5354·2d38·3030··(9).··-·NIST-800000e6db0:·2839·290a·2020·2d20·4e49·5354·2d38·3030··(9).··-·NIST-800
Offset 59127, 21 lines modifiedOffset 59127, 21 lines modified
000e6f60:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa000e6f60:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa
000e6f70:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col000e6f70:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col
000e6f80:·6c61·7073·6522·2069·643d·2269·646d·3336··lapse"·id="idm36000e6f80:·6c61·7073·6522·2069·643d·2269·646d·3336··lapse"·id="idm36
000e6f90:·3434·3622·3e3c·7072·653e·3c63·6f64·653e··446"><pre><code>000e6f90:·3434·3622·3e3c·7072·653e·3c63·6f64·653e··446"><pre><code>
000e6fa0:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is000e6fa0:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is
000e6fb0:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only000e6fb0:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only
000e6fc0:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat000e6fc0:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat
000e6fd0:·666f·726d·730a·6966·2072·706d·202d·2d71··forms.if·rpm·--q000e6fd0:·666f·726d·730a·6966·205b·2021·202d·6620··forms.if·[·!·-f·
000e6fe0:·7569·6574·202d·7120·6175·6469·7420·2661··uiet·-q·audit·&a000e6fe0:·2f2e·646f·636b·6572·656e·7620·5d20·2661··/.dockerenv·]·&a
000e6ff0:·6d70·3b26·616d·703b·205b·2021·202d·6620··mp;&amp;·[·!·-f·000e6ff0:·6d70·3b26·616d·703b·205b·2021·202d·6620··mp;&amp;·[·!·-f·
000e7000:·2f2e·646f·636b·6572·656e·7620·5d20·2661··/.dockerenv·]·&a 
000e7010:·6d70·3b26·616d·703b·205b·2021·202d·6620··mp;&amp;·[·!·-f· 
000e7020:·2f72·756e·2f2e·636f·6e74·6169·6e65·7265··/run/.containere000e7000:·2f72·756e·2f2e·636f·6e74·6169·6e65·7265··/run/.containere
 000e7010:·6e76·205d·2026·616d·703b·2661·6d70·3b20··nv·]·&amp;&amp;·
 000e7020:·7270·6d20·2d2d·7175·6965·7420·2d71·2061··rpm·--quiet·-q·a
000e7030:·6e76·205d·3b20·7468·656e·0a0a·4143·5449··nv·];·then..ACTI000e7030:·7564·6974·3b20·7468·656e·0a0a·4143·5449··udit;·then..ACTI
000e7040:·4f4e·5f41·5243·485f·4649·4c54·4552·533d··ON_ARCH_FILTERS=000e7040:·4f4e·5f41·5243·485f·4649·4c54·4552·533d··ON_ARCH_FILTERS=
000e7050:·222d·6120·616c·7761·7973·2c65·7869·7422··"-a·always,exit"000e7050:·222d·6120·616c·7761·7973·2c65·7869·7422··"-a·always,exit"
000e7060:·0a4f·5448·4552·5f46·494c·5445·5253·3d22··.OTHER_FILTERS="000e7060:·0a4f·5448·4552·5f46·494c·5445·5253·3d22··.OTHER_FILTERS="
000e7070:·2d46·2070·6174·683d·2f75·7372·2f62·696e··-F·path=/usr/bin000e7070:·2d46·2070·6174·683d·2f75·7372·2f62·696e··-F·path=/usr/bin
000e7080:·2f73·7564·6f20·2d46·2070·6572·6d3d·7822··/sudo·-F·perm=x"000e7080:·2f73·7564·6f20·2d46·2070·6572·6d3d·7822··/sudo·-F·perm=x"
000e7090:·0a41·5549·445f·4649·4c54·4552·533d·222d··.AUID_FILTERS="-000e7090:·0a41·5549·445f·4649·4c54·4552·533d·222d··.AUID_FILTERS="-
000e70a0:·4620·6175·6964·2667·743b·3d31·3030·3020··F·auid&gt;=1000·000e70a0:·4620·6175·6964·2667·743b·3d31·3030·3020··F·auid&gt;=1000·
1.76 KB
html2text {}
    
Offset 54, 15 lines modifiedOffset 54, 15 lines modified
54 ····*·cpe:/o:redhat:enterprise_linux:8.654 ····*·cpe:/o:redhat:enterprise_linux:8.6
55 ····*·cpe:/o:redhat:enterprise_linux:8.755 ····*·cpe:/o:redhat:enterprise_linux:8.7
56 ····*·cpe:/o:redhat:enterprise_linux:8.856 ····*·cpe:/o:redhat:enterprise_linux:8.8
57 ····*·cpe:/o:redhat:enterprise_linux:8.957 ····*·cpe:/o:redhat:enterprise_linux:8.9
58 ····*·cpe:/o:redhat:enterprise_linux:858 ····*·cpe:/o:redhat:enterprise_linux:8
59 *****·Revision·History·*****59 *****·Revision·History·*****
60 Current·version:·0.1.6560 Current·version:·0.1.65
61 ····*·draft·(as·of·2024-01-14)61 ····*·draft·(as·of·2025-02-15)
62 *****·Table·of·Contents·*****62 *****·Table·of·Contents·*****
63 ···1.·System_Settings63 ···1.·System_Settings
64 ·········1.·Installing_and_Maintaining_Software64 ·········1.·Installing_and_Maintaining_Software
65 ·········2.·Account_and_Access_Control65 ·········2.·Account_and_Access_Control
66 ·········3.·System_Accounting_with_auditd66 ·········3.·System_Accounting_with_auditd
67 ·········4.·GRUB2_bootloader_configuration67 ·········4.·GRUB2_bootloader_configuration
68 ·········5.·Configure_Syslog68 ·········5.·Configure_Syslog
Offset 8608, 16 lines modifiedOffset 8608, 16 lines modified
8608 ······line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x8608 ······line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x
8609 ········-F·auid>=1000·-F·auid!=unset·-F·key=privileged8609 ········-F·auid>=1000·-F·auid!=unset·-F·key=privileged
8610 ······create:·true8610 ······create:·true
8611 ······mode:·o-rwx8611 ······mode:·o-rwx
8612 ······state:·present8612 ······state:·present
8613 ····when:·syscalls_found·|·length·==·08613 ····when:·syscalls_found·|·length·==·0
8614 ··when:8614 ··when:
8615 ··-·'"audit"·in·ansible_facts.packages' 
8616 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8615 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 8616 ··-·'"audit"·in·ansible_facts.packages'
8617 ··tags:8617 ··tags:
8618 ··-·CCE-80737-08618 ··-·CCE-80737-0
8619 ··-·DISA-STIG-RHEL-08-0305508619 ··-·DISA-STIG-RHEL-08-030550
8620 ··-·NIST-800-171-3.1.78620 ··-·NIST-800-171-3.1.7
8621 ··-·NIST-800-53-AC-6(9)8621 ··-·NIST-800-53-AC-6(9)
8622 ··-·NIST-800-53-AU-12(c)8622 ··-·NIST-800-53-AU-12(c)
8623 ··-·NIST-800-53-AU-2(d)8623 ··-·NIST-800-53-AU-2(d)
Offset 8626, 15 lines modifiedOffset 8626, 15 lines modified
8626 ··-·low_complexity8626 ··-·low_complexity
8627 ··-·low_disruption8627 ··-·low_disruption
8628 ··-·medium_severity8628 ··-·medium_severity
8629 ··-·no_reboot_needed8629 ··-·no_reboot_needed
8630 ··-·restrict_strategy8630 ··-·restrict_strategy
8631 Remediation_Shell_script_⇲8631 Remediation_Shell_script_⇲
8632 #·Remediation·is·applicable·only·in·certain·platforms8632 #·Remediation·is·applicable·only·in·certain·platforms
8633 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then8633 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
8634 ACTION_ARCH_FILTERS="-a·always,exit"8634 ACTION_ARCH_FILTERS="-a·always,exit"
8635 OTHER_FILTERS="-F·path=/usr/bin/sudo·-F·perm=x"8635 OTHER_FILTERS="-F·path=/usr/bin/sudo·-F·perm=x"
8636 AUID_FILTERS="-F·auid>=1000·-F·auid!=unset"8636 AUID_FILTERS="-F·auid>=1000·-F·auid!=unset"
8637 SYSCALL=""8637 SYSCALL=""
8638 KEY="privileged"8638 KEY="privileged"
8639 SYSCALL_GROUPING=""8639 SYSCALL_GROUPING=""
6.98 KB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-anssi_bp28_intermediary.html
    
Offset 14442, 15 lines modifiedOffset 14442, 15 lines modified
00038690:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v00038690:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v
000386a0:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>000386a0:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>
000386b0:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><000386b0:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><
000386c0:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro000386c0:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro
000386d0:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong000386d0:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong
000386e0:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············000386e0:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············
000386f0:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·202000386f0:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·202
00038700:·342d·3031·2d31·3429·0a20·2020·2020·2020··4-01-14).·······00038700:·352d·3032·2d31·3529·0a20·2020·2020·2020··5-02-15).·······
00038710:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></00038710:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></
00038720:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab00038720:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab
00038730:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</00038730:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</
00038740:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr00038740:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr
00038750:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s00038750:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s
00038760:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten00038760:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten
00038770:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">00038770:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">
Offset 54430, 23 lines modifiedOffset 54430, 23 lines modified
000d49d0:·4620·6b65·793d·7072·6976·696c·6567·6564··F·key=privileged000d49d0:·4620·6b65·793d·7072·6976·696c·6567·6564··F·key=privileged
000d49e0:·0a20·2020·2020·2063·7265·6174·653a·2074··.······create:·t000d49e0:·0a20·2020·2020·2063·7265·6174·653a·2074··.······create:·t
000d49f0:·7275·650a·2020·2020·2020·6d6f·6465·3a20··rue.······mode:·000d49f0:·7275·650a·2020·2020·2020·6d6f·6465·3a20··rue.······mode:·
000d4a00:·6f2d·7277·780a·2020·2020·2020·7374·6174··o-rwx.······stat000d4a00:·6f2d·7277·780a·2020·2020·2020·7374·6174··o-rwx.······stat
000d4a10:·653a·2070·7265·7365·6e74·0a20·2020·2077··e:·present.····w000d4a10:·653a·2070·7265·7365·6e74·0a20·2020·2077··e:·present.····w
000d4a20:·6865·6e3a·2073·7973·6361·6c6c·735f·666f··hen:·syscalls_fo000d4a20:·6865·6e3a·2073·7973·6361·6c6c·735f·666f··hen:·syscalls_fo
000d4a30:·756e·6420·7c20·6c65·6e67·7468·203d·3d20··und·|·length·==·000d4a30:·756e·6420·7c20·6c65·6e67·7468·203d·3d20··und·|·length·==·
000d4a40:·300a·2020·7768·656e·3a0a·2020·2d20·2722··0.··when:.··-·'"000d4a40:·300a·2020·7768·656e·3a0a·2020·2d20·616e··0.··when:.··-·an
000d4a50:·6175·6469·7422·2069·6e20·616e·7369·626c··audit"·in·ansibl 
000d4a60:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages 
000d4a70:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi 
000d4a80:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ 
000d4a90:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke 
000d4aa0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open 
000d4ab0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·" 
000d4ac0:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta000d4a50:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
 000d4a60:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
 000d4a70:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
 000d4a80:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
 000d4a90:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
 000d4aa0:·7222·5d0a·2020·2d20·2722·6175·6469·7422··r"].··-·'"audit"
 000d4ab0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 000d4ac0:·732e·7061·636b·6167·6573·270a·2020·7461··s.packages'.··ta
000d4ad0:·6773·3a0a·2020·2d20·4343·452d·3830·3733··gs:.··-·CCE-8073000d4ad0:·6773·3a0a·2020·2d20·4343·452d·3830·3733··gs:.··-·CCE-8073
000d4ae0:·372d·300a·2020·2d20·4449·5341·2d53·5449··7-0.··-·DISA-STI000d4ae0:·372d·300a·2020·2d20·4449·5341·2d53·5449··7-0.··-·DISA-STI
000d4af0:·472d·5248·454c·2d30·382d·3033·3035·3530··G-RHEL-08-030550000d4af0:·472d·5248·454c·2d30·382d·3033·3035·3530··G-RHEL-08-030550
000d4b00:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17000d4b00:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17
000d4b10:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST000d4b10:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST
000d4b20:·2d38·3030·2d35·332d·4143·2d36·2839·290a··-800-53-AC-6(9).000d4b20:·2d38·3030·2d35·332d·4143·2d36·2839·290a··-800-53-AC-6(9).
000d4b30:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-000d4b30:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-
Offset 54479, 20 lines modifiedOffset 54479, 20 lines modified
000d4ce0:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-000d4ce0:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-
000d4cf0:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps000d4cf0:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps
000d4d00:·6522·2069·643d·2269·646d·3336·3434·3622··e"·id="idm36446"000d4d00:·6522·2069·643d·2269·646d·3336·3434·3622··e"·id="idm36446"
000d4d10:·3e3c·7072·653e·3c63·6f64·653e·2320·5265··><pre><code>#·Re000d4d10:·3e3c·7072·653e·3c63·6f64·653e·2320·5265··><pre><code>#·Re
000d4d20:·6d65·6469·6174·696f·6e20·6973·2061·7070··mediation·is·app000d4d20:·6d65·6469·6174·696f·6e20·6973·2061·7070··mediation·is·app
000d4d30:·6c69·6361·626c·6520·6f6e·6c79·2069·6e20··licable·only·in·000d4d30:·6c69·6361·626c·6520·6f6e·6c79·2069·6e20··licable·only·in·
000d4d40:·6365·7274·6169·6e20·706c·6174·666f·726d··certain·platform000d4d40:·6365·7274·6169·6e20·706c·6174·666f·726d··certain·platform
000d4d50:·730a·6966·2072·706d·202d·2d71·7569·6574··s.if·rpm·--quiet 
000d4d60:·202d·7120·6175·6469·7420·2661·6d70·3b26···-q·audit·&amp;& 
000d4d70:·616d·703b·205b·2021·202d·6620·2f2e·646f··amp;·[·!·-f·/.do000d4d50:·730a·6966·205b·2021·202d·6620·2f2e·646f··s.if·[·!·-f·/.do
000d4d80:·636b·6572·656e·7620·5d20·2661·6d70·3b26··ckerenv·]·&amp;&000d4d60:·636b·6572·656e·7620·5d20·2661·6d70·3b26··ckerenv·]·&amp;&
000d4d90:·616d·703b·205b·2021·202d·6620·2f72·756e··amp;·[·!·-f·/run000d4d70:·616d·703b·205b·2021·202d·6620·2f72·756e··amp;·[·!·-f·/run
000d4da0:·2f2e·636f·6e74·6169·6e65·7265·6e76·205d··/.containerenv·]000d4d80:·2f2e·636f·6e74·6169·6e65·7265·6e76·205d··/.containerenv·]
 000d4d90:·2026·616d·703b·2661·6d70·3b20·7270·6d20···&amp;&amp;·rpm·
 000d4da0:·2d2d·7175·6965·7420·2d71·2061·7564·6974··--quiet·-q·audit
000d4db0:·3b20·7468·656e·0a0a·4143·5449·4f4e·5f41··;·then..ACTION_A000d4db0:·3b20·7468·656e·0a0a·4143·5449·4f4e·5f41··;·then..ACTION_A
000d4dc0:·5243·485f·4649·4c54·4552·533d·222d·6120··RCH_FILTERS="-a·000d4dc0:·5243·485f·4649·4c54·4552·533d·222d·6120··RCH_FILTERS="-a·
000d4dd0:·616c·7761·7973·2c65·7869·7422·0a4f·5448··always,exit".OTH000d4dd0:·616c·7761·7973·2c65·7869·7422·0a4f·5448··always,exit".OTH
000d4de0:·4552·5f46·494c·5445·5253·3d22·2d46·2070··ER_FILTERS="-F·p000d4de0:·4552·5f46·494c·5445·5253·3d22·2d46·2070··ER_FILTERS="-F·p
000d4df0:·6174·683d·2f75·7372·2f62·696e·2f73·7564··ath=/usr/bin/sud000d4df0:·6174·683d·2f75·7372·2f62·696e·2f73·7564··ath=/usr/bin/sud
000d4e00:·6f20·2d46·2070·6572·6d3d·7822·0a41·5549··o·-F·perm=x".AUI000d4e00:·6f20·2d46·2070·6572·6d3d·7822·0a41·5549··o·-F·perm=x".AUI
000d4e10:·445f·4649·4c54·4552·533d·222d·4620·6175··D_FILTERS="-F·au000d4e10:·445f·4649·4c54·4552·533d·222d·4620·6175··D_FILTERS="-F·au
1.77 KB
html2text {}
    
Offset 54, 15 lines modifiedOffset 54, 15 lines modified
54 ····*·cpe:/o:redhat:enterprise_linux:8.654 ····*·cpe:/o:redhat:enterprise_linux:8.6
55 ····*·cpe:/o:redhat:enterprise_linux:8.755 ····*·cpe:/o:redhat:enterprise_linux:8.7
56 ····*·cpe:/o:redhat:enterprise_linux:8.856 ····*·cpe:/o:redhat:enterprise_linux:8.8
57 ····*·cpe:/o:redhat:enterprise_linux:8.957 ····*·cpe:/o:redhat:enterprise_linux:8.9
58 ····*·cpe:/o:redhat:enterprise_linux:858 ····*·cpe:/o:redhat:enterprise_linux:8
59 *****·Revision·History·*****59 *****·Revision·History·*****
60 Current·version:·0.1.6560 Current·version:·0.1.65
61 ····*·draft·(as·of·2024-01-14)61 ····*·draft·(as·of·2025-02-15)
62 *****·Table·of·Contents·*****62 *****·Table·of·Contents·*****
63 ···1.·System_Settings63 ···1.·System_Settings
64 ·········1.·Installing_and_Maintaining_Software64 ·········1.·Installing_and_Maintaining_Software
65 ·········2.·Account_and_Access_Control65 ·········2.·Account_and_Access_Control
66 ·········3.·System_Accounting_with_auditd66 ·········3.·System_Accounting_with_auditd
67 ·········4.·Configure_Syslog67 ·········4.·Configure_Syslog
68 ·········5.·Network_Configuration_and_Firewalls68 ·········5.·Network_Configuration_and_Firewalls
Offset 7866, 16 lines modifiedOffset 7866, 16 lines modified
7866 ······line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x7866 ······line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x
7867 ········-F·auid>=1000·-F·auid!=unset·-F·key=privileged7867 ········-F·auid>=1000·-F·auid!=unset·-F·key=privileged
7868 ······create:·true7868 ······create:·true
7869 ······mode:·o-rwx7869 ······mode:·o-rwx
7870 ······state:·present7870 ······state:·present
7871 ····when:·syscalls_found·|·length·==·07871 ····when:·syscalls_found·|·length·==·0
7872 ··when:7872 ··when:
7873 ··-·'"audit"·in·ansible_facts.packages' 
7874 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]7873 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 7874 ··-·'"audit"·in·ansible_facts.packages'
7875 ··tags:7875 ··tags:
7876 ··-·CCE-80737-07876 ··-·CCE-80737-0
7877 ··-·DISA-STIG-RHEL-08-0305507877 ··-·DISA-STIG-RHEL-08-030550
7878 ··-·NIST-800-171-3.1.77878 ··-·NIST-800-171-3.1.7
7879 ··-·NIST-800-53-AC-6(9)7879 ··-·NIST-800-53-AC-6(9)
7880 ··-·NIST-800-53-AU-12(c)7880 ··-·NIST-800-53-AU-12(c)
7881 ··-·NIST-800-53-AU-2(d)7881 ··-·NIST-800-53-AU-2(d)
Offset 7884, 15 lines modifiedOffset 7884, 15 lines modified
7884 ··-·low_complexity7884 ··-·low_complexity
7885 ··-·low_disruption7885 ··-·low_disruption
7886 ··-·medium_severity7886 ··-·medium_severity
7887 ··-·no_reboot_needed7887 ··-·no_reboot_needed
7888 ··-·restrict_strategy7888 ··-·restrict_strategy
7889 Remediation_Shell_script_⇲7889 Remediation_Shell_script_⇲
7890 #·Remediation·is·applicable·only·in·certain·platforms7890 #·Remediation·is·applicable·only·in·certain·platforms
7891 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then7891 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
7892 ACTION_ARCH_FILTERS="-a·always,exit"7892 ACTION_ARCH_FILTERS="-a·always,exit"
7893 OTHER_FILTERS="-F·path=/usr/bin/sudo·-F·perm=x"7893 OTHER_FILTERS="-F·path=/usr/bin/sudo·-F·perm=x"
7894 AUID_FILTERS="-F·auid>=1000·-F·auid!=unset"7894 AUID_FILTERS="-F·auid>=1000·-F·auid!=unset"
7895 SYSCALL=""7895 SYSCALL=""
7896 KEY="privileged"7896 KEY="privileged"
7897 SYSCALL_GROUPING=""7897 SYSCALL_GROUPING=""
1.96 KB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-anssi_bp28_minimal.html
    
Offset 14440, 16 lines modifiedOffset 14440, 16 lines modified
00038670:·696f·6e20·4869·7374·6f72·793c·2f68·323e··ion·History</h2>00038670:·696f·6e20·4869·7374·6f72·793c·2f68·323e··ion·History</h2>
00038680:·3c70·3e43·7572·7265·6e74·2076·6572·7369··<p>Current·versi00038680:·3c70·3e43·7572·7265·6e74·2076·6572·7369··<p>Current·versi
00038690:·6f6e·3a20·3c73·7472·6f6e·673e·302e·312e··on:·<strong>0.1.00038690:·6f6e·3a20·3c73·7472·6f6e·673e·302e·312e··on:·<strong>0.1.
000386a0:·3635·3c2f·7374·726f·6e67·3e3c·2f70·3e3c··65</strong></p><000386a0:·3635·3c2f·7374·726f·6e67·3e3c·2f70·3e3c··65</strong></p><
000386b0:·756c·3e3c·6c69·3e3c·7374·726f·6e67·3e64··ul><li><strong>d000386b0:·756c·3e3c·6c69·3e3c·7374·726f·6e67·3e64··ul><li><strong>d
000386c0:·7261·6674·3c2f·7374·726f·6e67·3e0a·2020··raft</strong>.··000386c0:·7261·6674·3c2f·7374·726f·6e67·3e0a·2020··raft</strong>.··
000386d0:·2020·2020·2020·2020·2020·2020·2020·2020··················000386d0:·2020·2020·2020·2020·2020·2020·2020·2020··················
000386e0:·2020·2861·7320·6f66·2032·3032·342d·3031····(as·of·2024-01000386e0:·2020·2861·7320·6f66·2032·3032·352d·3032····(as·of·2025-02
000386f0:·2d31·3429·0a20·2020·2020·2020·2020·2020··-14).···········000386f0:·2d31·3529·0a20·2020·2020·2020·2020·2020··-15).···········
00038700:·2020·2020·203c·2f6c·693e·3c2f·756c·3e3c·······</li></ul><00038700:·2020·2020·203c·2f6c·693e·3c2f·756c·3e3c·······</li></ul><
00038710:·2f64·6976·3e3c·6832·3e54·6162·6c65·206f··/div><h2>Table·o00038710:·2f64·6976·3e3c·6832·3e54·6162·6c65·206f··/div><h2>Table·o
00038720:·6620·436f·6e74·656e·7473·3c2f·6832·3e3c··f·Contents</h2><00038720:·6620·436f·6e74·656e·7473·3c2f·6832·3e3c··f·Contents</h2><
00038730:·6f6c·3e3c·6c69·3e3c·6120·6872·6566·3d22··ol><li><a·href="00038730:·6f6c·3e3c·6c69·3e3c·6120·6872·6566·3d22··ol><li><a·href="
00038740:·2378·6363·6466·5f6f·7267·2e73·7367·7072··#xccdf_org.ssgpr00038740:·2378·6363·6466·5f6f·7267·2e73·7367·7072··#xccdf_org.ssgpr
00038750:·6f6a·6563·742e·636f·6e74·656e·745f·6772··oject.content_gr00038750:·6f6a·6563·742e·636f·6e74·656e·745f·6772··oject.content_gr
00038760:·6f75·705f·7379·7374·656d·223e·5379·7374··oup_system">Syst00038760:·6f75·705f·7379·7374·656d·223e·5379·7374··oup_system">Syst
600 B
html2text {}
    
Offset 54, 15 lines modifiedOffset 54, 15 lines modified
54 ····*·cpe:/o:redhat:enterprise_linux:8.654 ····*·cpe:/o:redhat:enterprise_linux:8.6
55 ····*·cpe:/o:redhat:enterprise_linux:8.755 ····*·cpe:/o:redhat:enterprise_linux:8.7
56 ····*·cpe:/o:redhat:enterprise_linux:8.856 ····*·cpe:/o:redhat:enterprise_linux:8.8
57 ····*·cpe:/o:redhat:enterprise_linux:8.957 ····*·cpe:/o:redhat:enterprise_linux:8.9
58 ····*·cpe:/o:redhat:enterprise_linux:858 ····*·cpe:/o:redhat:enterprise_linux:8
59 *****·Revision·History·*****59 *****·Revision·History·*****
60 Current·version:·0.1.6560 Current·version:·0.1.65
61 ····*·draft·(as·of·2024-01-14)61 ····*·draft·(as·of·2025-02-15)
62 *****·Table·of·Contents·*****62 *****·Table·of·Contents·*****
63 ···1.·System_Settings63 ···1.·System_Settings
64 ·········1.·Installing_and_Maintaining_Software64 ·········1.·Installing_and_Maintaining_Software
65 ·········2.·Account_and_Access_Control65 ·········2.·Account_and_Access_Control
66 ·········3.·Configure_Syslog66 ·········3.·Configure_Syslog
67 ·········4.·File_Permissions_and_Masks67 ·········4.·File_Permissions_and_Masks
68 ···2.·Services68 ···2.·Services
834 KB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-cis.html
    
Offset 14433, 16 lines modifiedOffset 14433, 16 lines modified
00038600:·696f·6e20·4869·7374·6f72·793c·2f68·323e··ion·History</h2>00038600:·696f·6e20·4869·7374·6f72·793c·2f68·323e··ion·History</h2>
00038610:·3c70·3e43·7572·7265·6e74·2076·6572·7369··<p>Current·versi00038610:·3c70·3e43·7572·7265·6e74·2076·6572·7369··<p>Current·versi
00038620:·6f6e·3a20·3c73·7472·6f6e·673e·302e·312e··on:·<strong>0.1.00038620:·6f6e·3a20·3c73·7472·6f6e·673e·302e·312e··on:·<strong>0.1.
00038630:·3635·3c2f·7374·726f·6e67·3e3c·2f70·3e3c··65</strong></p><00038630:·3635·3c2f·7374·726f·6e67·3e3c·2f70·3e3c··65</strong></p><
00038640:·756c·3e3c·6c69·3e3c·7374·726f·6e67·3e64··ul><li><strong>d00038640:·756c·3e3c·6c69·3e3c·7374·726f·6e67·3e64··ul><li><strong>d
00038650:·7261·6674·3c2f·7374·726f·6e67·3e0a·2020··raft</strong>.··00038650:·7261·6674·3c2f·7374·726f·6e67·3e0a·2020··raft</strong>.··
00038660:·2020·2020·2020·2020·2020·2020·2020·2020··················00038660:·2020·2020·2020·2020·2020·2020·2020·2020··················
00038670:·2020·2861·7320·6f66·2032·3032·342d·3031····(as·of·2024-0100038670:·2020·2861·7320·6f66·2032·3032·352d·3032····(as·of·2025-02
00038680:·2d31·3429·0a20·2020·2020·2020·2020·2020··-14).···········00038680:·2d31·3529·0a20·2020·2020·2020·2020·2020··-15).···········
00038690:·2020·2020·203c·2f6c·693e·3c2f·756c·3e3c·······</li></ul><00038690:·2020·2020·203c·2f6c·693e·3c2f·756c·3e3c·······</li></ul><
000386a0:·2f64·6976·3e3c·6832·3e54·6162·6c65·206f··/div><h2>Table·o000386a0:·2f64·6976·3e3c·6832·3e54·6162·6c65·206f··/div><h2>Table·o
000386b0:·6620·436f·6e74·656e·7473·3c2f·6832·3e3c··f·Contents</h2><000386b0:·6620·436f·6e74·656e·7473·3c2f·6832·3e3c··f·Contents</h2><
000386c0:·6f6c·3e3c·6c69·3e3c·6120·6872·6566·3d22··ol><li><a·href="000386c0:·6f6c·3e3c·6c69·3e3c·6120·6872·6566·3d22··ol><li><a·href="
000386d0:·2378·6363·6466·5f6f·7267·2e73·7367·7072··#xccdf_org.ssgpr000386d0:·2378·6363·6466·5f6f·7267·2e73·7367·7072··#xccdf_org.ssgpr
000386e0:·6f6a·6563·742e·636f·6e74·656e·745f·6772··oject.content_gr000386e0:·6f6a·6563·742e·636f·6e74·656e·745f·6772··oject.content_gr
000386f0:·6f75·705f·7379·7374·656d·223e·5379·7374··oup_system">Syst000386f0:·6f75·705f·7379·7374·656d·223e·5379·7374··oup_system">Syst
Offset 65180, 23 lines modifiedOffset 65180, 23 lines modified
000fe9b0:·6571·7569·7265·640a·2020·2d20·7265·7374··equired.··-·rest000fe9b0:·6571·7569·7265·640a·2020·2d20·7265·7374··equired.··-·rest
000fe9c0:·7269·6374·5f73·7472·6174·6567·790a·0a2d··rict_strategy..-000fe9c0:·7269·6374·5f73·7472·6174·6567·790a·0a2d··rict_strategy..-
000fe9d0:·206e·616d·653a·2053·6574·2061·7263·6869···name:·Set·archi000fe9d0:·206e·616d·653a·2053·6574·2061·7263·6869···name:·Set·archi
000fe9e0:·7465·6374·7572·6520·666f·7220·6175·6469··tecture·for·audi000fe9e0:·7465·6374·7572·6520·666f·7220·6175·6469··tecture·for·audi
000fe9f0:·7420·6368·6d6f·6420·7461·736b·730a·2020··t·chmod·tasks.··000fe9f0:·7420·6368·6d6f·6420·7461·736b·730a·2020··t·chmod·tasks.··
000fea00:·7365·745f·6661·6374·3a0a·2020·2020·6175··set_fact:.····au000fea00:·7365·745f·6661·6374·3a0a·2020·2020·6175··set_fact:.····au
000fea10:·6469·745f·6172·6368·3a20·6236·340a·2020··dit_arch:·b64.··000fea10:·6469·745f·6172·6368·3a20·6236·340a·2020··dit_arch:·b64.··
000fea20:·7768·656e·3a0a·2020·2d20·2722·6175·6469··when:.··-·'"audi000fea20:·7768·656e·3a0a·2020·2d20·616e·7369·626c··when:.··-·ansibl
000fea30:·7422·2069·6e20·616e·7369·626c·655f·6661··t"·in·ansible_fa 
000fea40:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.·· 
000fea50:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua 
000fea60:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no 
000fea70:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",· 
000fea80:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz", 
000fea90:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont000fea30:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
 000fea40:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
 000fea50:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
 000fea60:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
 000fea70:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].
 000fea80:·2020·2d20·2722·6175·6469·7422·2069·6e20····-·'"audit"·in·
 000fea90:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
000feaa0:·6169·6e65·7222·5d0a·2020·2d20·616e·7369··ainer"].··-·ansi000feaa0:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi
000feab0:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture000feab0:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture
000feac0:·203d·3d20·2261·6172·6368·3634·2220·6f72···==·"aarch64"·or000feac0:·203d·3d20·2261·6172·6368·3634·2220·6f72···==·"aarch64"·or
000fead0:·2061·6e73·6962·6c65·5f61·7263·6869·7465···ansible_archite000fead0:·2061·6e73·6962·6c65·5f61·7263·6869·7465···ansible_archite
000feae0:·6374·7572·6520·3d3d·2022·7070·6336·3422··cture·==·"ppc64"000feae0:·6374·7572·6520·3d3d·2022·7070·6336·3422··cture·==·"ppc64"
000feaf0:·206f·7220·616e·7369·626c·655f·6172·6368···or·ansible_arch000feaf0:·206f·7220·616e·7369·626c·655f·6172·6368···or·ansible_arch
000feb00:·6974·6563·7475·7265·0a20·2020·203d·3d20··itecture.····==·000feb00:·6974·6563·7475·7265·0a20·2020·203d·3d20··itecture.····==·
000feb10:·2270·7063·3634·6c65·2220·6f72·2061·6e73··"ppc64le"·or·ans000feb10:·2270·7063·3634·6c65·2220·6f72·2061·6e73··"ppc64le"·or·ans
Offset 65504, 23 lines modifiedOffset 65504, 23 lines modified
000ffdf0:·2d46·206b·6579·3d70·6572·6d5f·6d6f·640a··-F·key=perm_mod.000ffdf0:·2d46·206b·6579·3d70·6572·6d5f·6d6f·640a··-F·key=perm_mod.
000ffe00:·2020·2020·2020·6372·6561·7465·3a20·7472········create:·tr000ffe00:·2020·2020·2020·6372·6561·7465·3a20·7472········create:·tr
000ffe10:·7565·0a20·2020·2020·206d·6f64·653a·206f··ue.······mode:·o000ffe10:·7565·0a20·2020·2020·206d·6f64·653a·206f··ue.······mode:·o
000ffe20:·2d72·7778·0a20·2020·2020·2073·7461·7465··-rwx.······state000ffe20:·2d72·7778·0a20·2020·2020·2073·7461·7465··-rwx.······state
000ffe30:·3a20·7072·6573·656e·740a·2020·2020·7768··:·present.····wh000ffe30:·3a20·7072·6573·656e·740a·2020·2020·7768··:·present.····wh
000ffe40:·656e·3a20·7379·7363·616c·6c73·5f66·6f75··en:·syscalls_fou000ffe40:·656e·3a20·7379·7363·616c·6c73·5f66·6f75··en:·syscalls_fou
000ffe50:·6e64·207c·206c·656e·6774·6820·3d3d·2030··nd·|·length·==·0000ffe50:·6e64·207c·206c·656e·6774·6820·3d3d·2030··nd·|·length·==·0
000ffe60:·0a20·2077·6865·6e3a·0a20·202d·2027·2261··.··when:.··-·'"a000ffe60:·0a20·2077·6865·6e3a·0a20·202d·2061·6e73··.··when:.··-·ans
000ffe70:·7564·6974·2220·696e·2061·6e73·6962·6c65··udit"·in·ansible 
000ffe80:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages' 
000ffe90:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir 
000ffea0:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type 
000ffeb0:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker 
000ffec0:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv 
000ffed0:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c 
000ffee0:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag000ffe70:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
 000ffe80:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
 000ffe90:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
 000ffea0:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
 000ffeb0:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
 000ffec0:·225d·0a20·202d·2027·2261·7564·6974·2220··"].··-·'"audit"·
 000ffed0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 000ffee0:·2e70·6163·6b61·6765·7327·0a20·2074·6167··.packages'.··tag
000ffef0:·733a·0a20·202d·2043·4345·2d38·3036·3835··s:.··-·CCE-80685000ffef0:·733a·0a20·202d·2043·4345·2d38·3036·3835··s:.··-·CCE-80685
000fff00:·2d31·0a20·202d·2043·4a49·532d·352e·342e··-1.··-·CJIS-5.4.000fff00:·2d31·0a20·202d·2043·4a49·532d·352e·342e··-1.··-·CJIS-5.4.
000fff10:·312e·310a·2020·2d20·4449·5341·2d53·5449··1.1.··-·DISA-STI000fff10:·312e·310a·2020·2d20·4449·5341·2d53·5449··1.1.··-·DISA-STI
000fff20:·472d·5248·454c·2d30·382d·3033·3034·3930··G-RHEL-08-030490000fff20:·472d·5248·454c·2d30·382d·3033·3034·3930··G-RHEL-08-030490
000fff30:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17000fff30:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17
000fff40:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST000fff40:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST
000fff50:·2d38·3030·2d35·332d·4155·2d31·3228·6329··-800-53-AU-12(c)000fff50:·2d38·3030·2d35·332d·4155·2d31·3228·6329··-800-53-AU-12(c)
Offset 65817, 23 lines modifiedOffset 65817, 23 lines modified
00101180:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······00101180:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······
00101190:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···00101190:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···
001011a0:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·001011a0:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·
001011b0:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres001011b0:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres
001011c0:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy001011c0:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy
001011d0:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l001011d0:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l
001011e0:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe001011e0:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe
001011f0:·6e3a·0a20·202d·2027·2261·7564·6974·2220··n:.··-·'"audit"· 
00101200:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
00101210:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a 
00101220:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz 
00101230:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i 
00101240:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx 
00101250:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p 
00101260:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain001011f0:·6e3a·0a20·202d·2061·6e73·6962·6c65·5f76··n:.··-·ansible_v
 00101200:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
 00101210:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
 00101220:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
 00101230:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
 00101240:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··-
 00101250:·2027·2261·7564·6974·2220·696e·2061·6e73···'"audit"·in·ans
 00101260:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
00101270:·6572·225d·0a20·202d·2061·7564·6974·5f61··er"].··-·audit_a00101270:·6765·7327·0a20·202d·2061·7564·6974·5f61··ges'.··-·audit_a
00101280:·7263·6820·3d3d·2022·6236·3422·0a20·2074··rch·==·"b64".··t00101280:·7263·6820·3d3d·2022·6236·3422·0a20·2074··rch·==·"b64".··t
00101290:·6167·733a·0a20·202d·2043·4345·2d38·3036··ags:.··-·CCE-80600101290:·6167·733a·0a20·202d·2043·4345·2d38·3036··ags:.··-·CCE-806
001012a0:·3835·2d31·0a20·202d·2043·4a49·532d·352e··85-1.··-·CJIS-5.001012a0:·3835·2d31·0a20·202d·2043·4a49·532d·352e··85-1.··-·CJIS-5.
001012b0:·342e·312e·310a·2020·2d20·4449·5341·2d53··4.1.1.··-·DISA-S001012b0:·342e·312e·310a·2020·2d20·4449·5341·2d53··4.1.1.··-·DISA-S
001012c0:·5449·472d·5248·454c·2d30·382d·3033·3034··TIG-RHEL-08-0304001012c0:·5449·472d·5248·454c·2d30·382d·3033·3034··TIG-RHEL-08-0304
001012d0:·3930·0a20·202d·204e·4953·542d·3830·302d··90.··-·NIST-800-001012d0:·3930·0a20·202d·204e·4953·542d·3830·302d··90.··-·NIST-800-
001012e0:·3137·312d·332e·312e·370a·2020·2d20·4e49··171-3.1.7.··-·NI001012e0:·3137·312d·332e·312e·370a·2020·2d20·4e49··171-3.1.7.··-·NI
Offset 65868, 20 lines modifiedOffset 65868, 20 lines modified
001014b0:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co001014b0:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
001014c0:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"001014c0:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
001014d0:·2069·643d·2269·646d·3235·3833·3022·3e3c···id="idm25830"><001014d0:·2069·643d·2269·646d·3235·3833·3022·3e3c···id="idm25830"><
001014e0:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme001014e0:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme
001014f0:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli001014f0:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli
00101500:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce00101500:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce
00101510:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.00101510:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.
00101520:·6966·2072·706d·202d·2d71·7569·6574·202d··if·rpm·--quiet·- 
00101530:·7120·6175·6469·7420·2661·6d70·3b26·616d··q·audit·&amp;&am 
00101540:·703b·205b·2021·202d·6620·2f2e·646f·636b··p;·[·!·-f·/.dock00101520:·6966·205b·2021·202d·6620·2f2e·646f·636b··if·[·!·-f·/.dock
00101550:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am00101530:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am
00101560:·703b·205b·2021·202d·6620·2f72·756e·2f2e··p;·[·!·-f·/run/.00101540:·703b·205b·2021·202d·6620·2f72·756e·2f2e··p;·[·!·-f·/run/.
00101570:·636f·6e74·6169·6e65·7265·6e76·205d·3b20··containerenv·];·00101550:·636f·6e74·6169·6e65·7265·6e76·205d·2026··containerenv·]·&
 00101560:·616d·703b·2661·6d70·3b20·7270·6d20·2d2d··amp;&amp;·rpm·--
 00101570:·7175·6965·7420·2d71·2061·7564·6974·3b20··quiet·-q·audit;·
00101580:·7468·656e·0a0a·2320·4669·7273·7420·7065··then..#·First·pe00101580:·7468·656e·0a0a·2320·4669·7273·7420·7065··then..#·First·pe
00101590:·7266·6f72·6d20·7468·6520·7265·6d65·6469··rform·the·remedi00101590:·7266·6f72·6d20·7468·6520·7265·6d65·6469··rform·the·remedi
001015a0:·6174·696f·6e20·6f66·2074·6865·2073·7973··ation·of·the·sys001015a0:·6174·696f·6e20·6f66·2074·6865·2073·7973··ation·of·the·sys
Max diff block lines reached; 652075/661658 bytes (98.55%) of diff not shown.
188 KB
html2text {}
    
Offset 52, 15 lines modifiedOffset 52, 15 lines modified
52 ····*·cpe:/o:redhat:enterprise_linux:8.652 ····*·cpe:/o:redhat:enterprise_linux:8.6
53 ····*·cpe:/o:redhat:enterprise_linux:8.753 ····*·cpe:/o:redhat:enterprise_linux:8.7
54 ····*·cpe:/o:redhat:enterprise_linux:8.854 ····*·cpe:/o:redhat:enterprise_linux:8.8
55 ····*·cpe:/o:redhat:enterprise_linux:8.955 ····*·cpe:/o:redhat:enterprise_linux:8.9
56 ····*·cpe:/o:redhat:enterprise_linux:856 ····*·cpe:/o:redhat:enterprise_linux:8
57 *****·Revision·History·*****57 *****·Revision·History·*****
58 Current·version:·0.1.6558 Current·version:·0.1.65
59 ····*·draft·(as·of·2024-01-14)59 ····*·draft·(as·of·2025-02-15)
60 *****·Table·of·Contents·*****60 *****·Table·of·Contents·*****
61 ···1.·System_Settings61 ···1.·System_Settings
62 ·········1.·Installing_and_Maintaining_Software62 ·········1.·Installing_and_Maintaining_Software
63 ·········2.·Account_and_Access_Control63 ·········2.·Account_and_Access_Control
64 ·········3.·System_Accounting_with_auditd64 ·········3.·System_Accounting_with_auditd
65 ·········4.·GRUB2_bootloader_configuration65 ·········4.·GRUB2_bootloader_configuration
66 ·········5.·Configure_Syslog66 ·········5.·Configure_Syslog
Offset 8486, 16 lines modifiedOffset 8486, 16 lines modified
8486 ··-·reboot_required8486 ··-·reboot_required
8487 ··-·restrict_strategy8487 ··-·restrict_strategy
  
8488 -·name:·Set·architecture·for·audit·chmod·tasks8488 -·name:·Set·architecture·for·audit·chmod·tasks
8489 ··set_fact:8489 ··set_fact:
8490 ····audit_arch:·b648490 ····audit_arch:·b64
8491 ··when:8491 ··when:
8492 ··-·'"audit"·in·ansible_facts.packages' 
8493 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8492 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 8493 ··-·'"audit"·in·ansible_facts.packages'
8494 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture8494 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
8495 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"8495 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
8496 ··tags:8496 ··tags:
8497 ··-·CCE-80685-18497 ··-·CCE-80685-1
8498 ··-·CJIS-5.4.1.18498 ··-·CJIS-5.4.1.1
8499 ··-·DISA-STIG-RHEL-08-0304908499 ··-·DISA-STIG-RHEL-08-030490
8500 ··-·NIST-800-171-3.1.78500 ··-·NIST-800-171-3.1.7
Offset 8633, 16 lines modifiedOffset 8633, 16 lines modified
8633 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10008633 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
8634 ········-F·auid!=unset·-F·key=perm_mod8634 ········-F·auid!=unset·-F·key=perm_mod
8635 ······create:·true8635 ······create:·true
8636 ······mode:·o-rwx8636 ······mode:·o-rwx
8637 ······state:·present8637 ······state:·present
8638 ····when:·syscalls_found·|·length·==·08638 ····when:·syscalls_found·|·length·==·0
8639 ··when:8639 ··when:
8640 ··-·'"audit"·in·ansible_facts.packages' 
8641 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8640 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 8641 ··-·'"audit"·in·ansible_facts.packages'
8642 ··tags:8642 ··tags:
8643 ··-·CCE-80685-18643 ··-·CCE-80685-1
8644 ··-·CJIS-5.4.1.18644 ··-·CJIS-5.4.1.1
8645 ··-·DISA-STIG-RHEL-08-0304908645 ··-·DISA-STIG-RHEL-08-030490
8646 ··-·NIST-800-171-3.1.78646 ··-·NIST-800-171-3.1.7
8647 ··-·NIST-800-53-AU-12(c)8647 ··-·NIST-800-53-AU-12(c)
8648 ··-·NIST-800-53-AU-2(d)8648 ··-·NIST-800-53-AU-2(d)
Offset 8778, 16 lines modifiedOffset 8778, 16 lines modified
8778 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10008778 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
8779 ········-F·auid!=unset·-F·key=perm_mod8779 ········-F·auid!=unset·-F·key=perm_mod
8780 ······create:·true8780 ······create:·true
8781 ······mode:·o-rwx8781 ······mode:·o-rwx
8782 ······state:·present8782 ······state:·present
8783 ····when:·syscalls_found·|·length·==·08783 ····when:·syscalls_found·|·length·==·0
8784 ··when:8784 ··when:
8785 ··-·'"audit"·in·ansible_facts.packages' 
8786 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8785 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 8786 ··-·'"audit"·in·ansible_facts.packages'
8787 ··-·audit_arch·==·"b64"8787 ··-·audit_arch·==·"b64"
8788 ··tags:8788 ··tags:
8789 ··-·CCE-80685-18789 ··-·CCE-80685-1
8790 ··-·CJIS-5.4.1.18790 ··-·CJIS-5.4.1.1
8791 ··-·DISA-STIG-RHEL-08-0304908791 ··-·DISA-STIG-RHEL-08-030490
8792 ··-·NIST-800-171-3.1.78792 ··-·NIST-800-171-3.1.7
8793 ··-·NIST-800-53-AU-12(c)8793 ··-·NIST-800-53-AU-12(c)
Offset 8798, 15 lines modifiedOffset 8798, 15 lines modified
8798 ··-·low_complexity8798 ··-·low_complexity
8799 ··-·low_disruption8799 ··-·low_disruption
8800 ··-·medium_severity8800 ··-·medium_severity
8801 ··-·reboot_required8801 ··-·reboot_required
8802 ··-·restrict_strategy8802 ··-·restrict_strategy
8803 Remediation_Shell_script_⇲8803 Remediation_Shell_script_⇲
8804 #·Remediation·is·applicable·only·in·certain·platforms8804 #·Remediation·is·applicable·only·in·certain·platforms
8805 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then8805 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
8806 #·First·perform·the·remediation·of·the·syscall·rule8806 #·First·perform·the·remediation·of·the·syscall·rule
8807 #·Retrieve·hardware·architecture·of·the·underlying·system8807 #·Retrieve·hardware·architecture·of·the·underlying·system
8808 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")8808 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
8809 for·ARCH·in·"${RULE_ARCHS[@]}"8809 for·ARCH·in·"${RULE_ARCHS[@]}"
8810 do8810 do
Offset 9169, 16 lines modifiedOffset 9169, 16 lines modified
9169 ··-·reboot_required9169 ··-·reboot_required
9170 ··-·restrict_strategy9170 ··-·restrict_strategy
  
9171 -·name:·Set·architecture·for·audit·chown·tasks9171 -·name:·Set·architecture·for·audit·chown·tasks
9172 ··set_fact:9172 ··set_fact:
9173 ····audit_arch:·b649173 ····audit_arch:·b64
9174 ··when:9174 ··when:
9175 ··-·'"audit"·in·ansible_facts.packages' 
9176 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]9175 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 9176 ··-·'"audit"·in·ansible_facts.packages'
9177 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture9177 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
9178 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"9178 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
9179 ··tags:9179 ··tags:
9180 ··-·CCE-80686-99180 ··-·CCE-80686-9
9181 ··-·CJIS-5.4.1.19181 ··-·CJIS-5.4.1.1
9182 ··-·DISA-STIG-RHEL-08-0304809182 ··-·DISA-STIG-RHEL-08-030480
9183 ··-·NIST-800-171-3.1.79183 ··-·NIST-800-171-3.1.7
Offset 9318, 16 lines modifiedOffset 9318, 16 lines modified
9318 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10009318 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
9319 ········-F·auid!=unset·-F·key=perm_mod9319 ········-F·auid!=unset·-F·key=perm_mod
9320 ······create:·true9320 ······create:·true
9321 ······mode:·o-rwx9321 ······mode:·o-rwx
9322 ······state:·present9322 ······state:·present
9323 ····when:·syscalls_found·|·length·==·09323 ····when:·syscalls_found·|·length·==·0
9324 ··when:9324 ··when:
9325 ··-·'"audit"·in·ansible_facts.packages' 
9326 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]9325 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 9326 ··-·'"audit"·in·ansible_facts.packages'
9327 ··tags:9327 ··tags:
9328 ··-·CCE-80686-99328 ··-·CCE-80686-9
9329 ··-·CJIS-5.4.1.19329 ··-·CJIS-5.4.1.1
9330 ··-·DISA-STIG-RHEL-08-0304809330 ··-·DISA-STIG-RHEL-08-030480
9331 ··-·NIST-800-171-3.1.79331 ··-·NIST-800-171-3.1.7
9332 ··-·NIST-800-53-AU-12(c)9332 ··-·NIST-800-53-AU-12(c)
9333 ··-·NIST-800-53-AU-2(d)9333 ··-·NIST-800-53-AU-2(d)
Offset 9465, 16 lines modifiedOffset 9465, 16 lines modified
9465 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10009465 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
9466 ········-F·auid!=unset·-F·key=perm_mod9466 ········-F·auid!=unset·-F·key=perm_mod
9467 ······create:·true9467 ······create:·true
9468 ······mode:·o-rwx9468 ······mode:·o-rwx
9469 ······state:·present9469 ······state:·present
Max diff block lines reached; 187981/192435 bytes (97.69%) of diff not shown.
91.3 KB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-cis_server_l1.html
    
Offset 14434, 15 lines modifiedOffset 14434, 15 lines modified
00038610:·7374·6f72·793c·2f68·323e·3c70·3e43·7572··story</h2><p>Cur00038610:·7374·6f72·793c·2f68·323e·3c70·3e43·7572··story</h2><p>Cur
00038620:·7265·6e74·2076·6572·7369·6f6e·3a20·3c73··rent·version:·<s00038620:·7265·6e74·2076·6572·7369·6f6e·3a20·3c73··rent·version:·<s
00038630:·7472·6f6e·673e·302e·312e·3635·3c2f·7374··trong>0.1.65</st00038630:·7472·6f6e·673e·302e·312e·3635·3c2f·7374··trong>0.1.65</st
00038640:·726f·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69··rong></p><ul><li00038640:·726f·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69··rong></p><ul><li
00038650:·3e3c·7374·726f·6e67·3e64·7261·6674·3c2f··><strong>draft</00038650:·3e3c·7374·726f·6e67·3e64·7261·6674·3c2f··><strong>draft</
00038660:·7374·726f·6e67·3e0a·2020·2020·2020·2020··strong>.········00038660:·7374·726f·6e67·3e0a·2020·2020·2020·2020··strong>.········
00038670:·2020·2020·2020·2020·2020·2020·2861·7320··············(as·00038670:·2020·2020·2020·2020·2020·2020·2861·7320··············(as·
00038680:·6f66·2032·3032·342d·3031·2d31·3429·0a20··of·2024-01-14).·00038680:·6f66·2032·3032·352d·3032·2d31·3529·0a20··of·2025-02-15).·
00038690:·2020·2020·2020·2020·2020·2020·2020·203c·················<00038690:·2020·2020·2020·2020·2020·2020·2020·203c·················<
000386a0:·2f6c·693e·3c2f·756c·3e3c·2f64·6976·3e3c··/li></ul></div><000386a0:·2f6c·693e·3c2f·756c·3e3c·2f64·6976·3e3c··/li></ul></div><
000386b0:·6832·3e54·6162·6c65·206f·6620·436f·6e74··h2>Table·of·Cont000386b0:·6832·3e54·6162·6c65·206f·6620·436f·6e74··h2>Table·of·Cont
000386c0:·656e·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69··ents</h2><ol><li000386c0:·656e·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69··ents</h2><ol><li
000386d0:·3e3c·6120·6872·6566·3d22·2378·6363·6466··><a·href="#xccdf000386d0:·3e3c·6120·6872·6566·3d22·2378·6363·6466··><a·href="#xccdf
000386e0:·5f6f·7267·2e73·7367·7072·6f6a·6563·742e··_org.ssgproject.000386e0:·5f6f·7267·2e73·7367·7072·6f6a·6563·742e··_org.ssgproject.
000386f0:·636f·6e74·656e·745f·6772·6f75·705f·7379··content_group_sy000386f0:·636f·6e74·656e·745f·6772·6f75·705f·7379··content_group_sy
Offset 62058, 22 lines modifiedOffset 62058, 22 lines modified
000f2690:·616d·653a·2054·6573·7420·666f·7220·6578··ame:·Test·for·ex000f2690:·616d·653a·2054·6573·7420·666f·7220·6578··ame:·Test·for·ex
000f26a0:·6973·7465·6e63·6520·2f62·6f6f·742f·6772··istence·/boot/gr000f26a0:·6973·7465·6e63·6520·2f62·6f6f·742f·6772··istence·/boot/gr
000f26b0:·7562·322f·6772·7562·2e63·6667·0a20·2073··ub2/grub.cfg.··s000f26b0:·7562·322f·6772·7562·2e63·6667·0a20·2073··ub2/grub.cfg.··s
000f26c0:·7461·743a·0a20·2020·2070·6174·683a·202f··tat:.····path:·/000f26c0:·7461·743a·0a20·2020·2070·6174·683a·202f··tat:.····path:·/
000f26d0:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.000f26d0:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
000f26e0:·6366·670a·2020·7265·6769·7374·6572·3a20··cfg.··register:·000f26e0:·6366·670a·2020·7265·6769·7374·6572·3a20··cfg.··register:·
000f26f0:·6669·6c65·5f65·7869·7374·730a·2020·7768··file_exists.··wh000f26f0:·6669·6c65·5f65·7869·7374·730a·2020·7768··file_exists.··wh
000f2700:·656e·3a0a·2020·2d20·2722·6772·7562·322d··en:.··-·'"grub2-000f2700:·656e·3a0a·2020·2d20·2722·2f62·6f6f·742f··en:.··-·'"/boot/
000f2710:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib 
000f2720:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package 
000f2730:·7327·0a20·202d·2027·222f·626f·6f74·2f65··s'.··-·'"/boot/e 
000f2740:·6669·2220·6e6f·7420·696e·2061·6e73·6962··fi"·not·in·ansib 
000f2750:·6c65·5f6d·6f75·6e74·7320·7c20·6d61·7028··le_mounts·|·map( 
000f2760:·6174·7472·6962·7574·653d·226d·6f75·6e74··attribute="mount 
000f2770:·2229·207c·206c·6973·7427·0a20·202d·2061··")·|·list'.··-·a000f2710:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi
 000f2720:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map
 000f2730:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun
 000f2740:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-·
 000f2750:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"·
 000f2760:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 000f2770:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a
000f2780:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz000f2780:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
000f2790:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i000f2790:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
000f27a0:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx000f27a0:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
000f27b0:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p000f27b0:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
000f27c0:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain000f27c0:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
000f27d0:·6572·225d·0a20·2074·6167·733a·0a20·202d··er"].··tags:.··-000f27d0:·6572·225d·0a20·2074·6167·733a·0a20·202d··er"].··tags:.··-
000f27e0:·2043·4345·2d38·3038·3030·2d36·0a20·202d···CCE-80800-6.··-000f27e0:·2043·4345·2d38·3038·3030·2d36·0a20·202d···CCE-80800-6.··-
Offset 62095, 22 lines modifiedOffset 62095, 22 lines modified
000f28e0:·6e61·6d65·3a20·456e·7375·7265·2067·726f··name:·Ensure·gro000f28e0:·6e61·6d65·3a20·456e·7375·7265·2067·726f··name:·Ensure·gro
000f28f0:·7570·206f·776e·6572·2030·206f·6e20·2f62··up·owner·0·on·/b000f28f0:·7570·206f·776e·6572·2030·206f·6e20·2f62··up·owner·0·on·/b
000f2900:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c000f2900:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c
000f2910:·6667·0a20·2066·696c·653a·0a20·2020·2070··fg.··file:.····p000f2910:·6667·0a20·2066·696c·653a·0a20·2020·2070··fg.··file:.····p
000f2920:·6174·683a·202f·626f·6f74·2f67·7275·6232··ath:·/boot/grub2000f2920:·6174·683a·202f·626f·6f74·2f67·7275·6232··ath:·/boot/grub2
000f2930:·2f67·7275·622e·6366·670a·2020·2020·6772··/grub.cfg.····gr000f2930:·2f67·7275·622e·6366·670a·2020·2020·6772··/grub.cfg.····gr
000f2940:·6f75·703a·2027·3027·0a20·2077·6865·6e3a··oup:·'0'.··when:000f2940:·6f75·703a·2027·3027·0a20·2077·6865·6e3a··oup:·'0'.··when:
000f2950:·0a20·202d·2027·2267·7275·6232·2d63·6f6d··.··-·'"grub2-com 
000f2960:·6d6f·6e22·2069·6e20·616e·7369·626c·655f··mon"·in·ansible_ 
000f2970:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'. 
000f2980:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi" 
000f2990:·206e·6f74·2069·6e20·616e·7369·626c·655f···not·in·ansible_ 
000f29a0:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att 
000f29b0:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")·000f2950:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi
 000f2960:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible
 000f2970:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at
 000f2980:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount")
 000f2990:·207c·206c·6973·7427·0a20·202d·2027·2267···|·list'.··-·'"g
 000f29a0:·7275·6232·2d63·6f6d·6d6f·6e22·2069·6e20··rub2-common"·in·
 000f29b0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
000f29c0:·7c20·6c69·7374·270a·2020·2d20·616e·7369··|·list'.··-·ansi000f29c0:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi
000f29d0:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati000f29d0:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
000f29e0:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[000f29e0:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
000f29f0:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",000f29f0:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
000f2a00:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm000f2a00:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
000f2a10:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"000f2a10:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
000f2a20:·5d0a·2020·2d20·6669·6c65·5f65·7869·7374··].··-·file_exist000f2a20:·5d0a·2020·2d20·6669·6c65·5f65·7869·7374··].··-·file_exist
000f2a30:·732e·7374·6174·2069·7320·6465·6669·6e65··s.stat·is·define000f2a30:·732e·7374·6174·2069·7320·6465·6669·6e65··s.stat·is·define
Offset 62161, 19 lines modifiedOffset 62161, 19 lines modified
000f2d00:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra000f2d00:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra
000f2d10:·7465·6779·3a3c·2f74·683e·3c74·643e·636f··tegy:</th><td>co000f2d10:·7465·6779·3a3c·2f74·683e·3c74·643e·636f··tegy:</th><td>co
000f2d20:·6e66·6967·7572·653c·2f74·643e·3c2f·7472··nfigure</td></tr000f2d20:·6e66·6967·7572·653c·2f74·643e·3c2f·7472··nfigure</td></tr
000f2d30:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c000f2d30:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c
000f2d40:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio000f2d40:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio
000f2d50:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·000f2d50:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·
000f2d60:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·000f2d60:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·
000f2d70:·706c·6174·666f·726d·730a·6966·2072·706d··platforms.if·rpm000f2d70:·706c·6174·666f·726d·730a·6966·205b·2021··platforms.if·[·!
000f2d80:·202d·2d71·7569·6574·202d·7120·6772·7562···--quiet·-q·grub 
000f2d90:·322d·636f·6d6d·6f6e·2026·616d·703b·2661··2-common·&amp;&a 
000f2da0:·6d70·3b20·5b20·2120·2d66·202f·7379·732f··mp;·[·!·-f·/sys/ 
000f2db0:·6669·726d·7761·7265·2f65·6669·205d·2026··firmware/efi·]·&000f2d80:·202d·6620·2f73·7973·2f66·6972·6d77·6172···-f·/sys/firmwar
 000f2d90:·652f·6566·6920·5d20·2661·6d70·3b26·616d··e/efi·]·&amp;&am
 000f2da0:·703b·2072·706d·202d·2d71·7569·6574·202d··p;·rpm·--quiet·-
 000f2db0:·7120·6772·7562·322d·636f·6d6d·6f6e·2026··q·grub2-common·&
000f2dc0:·616d·703b·2661·6d70·3b20·7b20·5b20·2120··amp;&amp;·{·[·!·000f2dc0:·616d·703b·2661·6d70·3b20·7b20·5b20·2120··amp;&amp;·{·[·!·
000f2dd0:·2d66·202f·2e64·6f63·6b65·7265·6e76·205d··-f·/.dockerenv·]000f2dd0:·2d66·202f·2e64·6f63·6b65·7265·6e76·205d··-f·/.dockerenv·]
000f2de0:·2026·616d·703b·2661·6d70·3b20·5b20·2120···&amp;&amp;·[·!·000f2de0:·2026·616d·703b·2661·6d70·3b20·5b20·2120···&amp;&amp;·[·!·
000f2df0:·2d66·202f·7275·6e2f·2e63·6f6e·7461·696e··-f·/run/.contain000f2df0:·2d66·202f·7275·6e2f·2e63·6f6e·7461·696e··-f·/run/.contain
000f2e00:·6572·656e·7620·5d3b·207d·3b20·7468·656e··erenv·];·};·then000f2e00:·6572·656e·7620·5d3b·207d·3b20·7468·656e··erenv·];·};·then
000f2e10:·0a0a·6368·6772·7020·3020·2f62·6f6f·742f··..chgrp·0·/boot/000f2e10:·0a0a·6368·6772·7020·3020·2f62·6f6f·742f··..chgrp·0·/boot/
000f2e20:·6772·7562·322f·6772·7562·2e63·6667·0a0a··grub2/grub.cfg..000f2e20:·6772·7562·322f·6772·7562·2e63·6667·0a0a··grub2/grub.cfg..
Offset 62695, 22 lines modifiedOffset 62695, 22 lines modified
000f4e60:·6e61·6d65·3a20·5465·7374·2066·6f72·2065··name:·Test·for·e000f4e60:·6e61·6d65·3a20·5465·7374·2066·6f72·2065··name:·Test·for·e
000f4e70:·7869·7374·656e·6365·202f·626f·6f74·2f67··xistence·/boot/g000f4e70:·7869·7374·656e·6365·202f·626f·6f74·2f67··xistence·/boot/g
000f4e80:·7275·6232·2f75·7365·722e·6366·670a·2020··rub2/user.cfg.··000f4e80:·7275·6232·2f75·7365·722e·6366·670a·2020··rub2/user.cfg.··
000f4e90:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:·000f4e90:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:·
000f4ea0:·2f62·6f6f·742f·6772·7562·322f·7573·6572··/boot/grub2/user000f4ea0:·2f62·6f6f·742f·6772·7562·322f·7573·6572··/boot/grub2/user
000f4eb0:·2e63·6667·0a20·2072·6567·6973·7465·723a··.cfg.··register:000f4eb0:·2e63·6667·0a20·2072·6567·6973·7465·723a··.cfg.··register:
000f4ec0:·2066·696c·655f·6578·6973·7473·0a20·2077···file_exists.··w000f4ec0:·2066·696c·655f·6578·6973·7473·0a20·2077···file_exists.··w
000f4ed0:·6865·6e3a·0a20·202d·2027·2267·7275·6232··hen:.··-·'"grub2000f4ed0:·6865·6e3a·0a20·202d·2027·222f·626f·6f74··hen:.··-·'"/boot
000f4ee0:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi 
000f4ef0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag 
000f4f00:·6573·270a·2020·2d20·2722·2f62·6f6f·742f··es'.··-·'"/boot/ 
000f4f10:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi 
000f4f20:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map 
000f4f30:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun 
000f4f40:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-·000f4ee0:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans
 000f4ef0:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma
 000f4f00:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou
 000f4f10:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··-
 000f4f20:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common"
 000f4f30:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 000f4f40:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·
000f4f50:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali000f4f50:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
000f4f60:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·000f4f60:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
000f4f70:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l000f4f70:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
000f4f80:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"000f4f80:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
000f4f90:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai000f4f90:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
000f4fa0:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··000f4fa0:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··
000f4fb0:·2d20·4343·452d·3836·3030·392d·380a·2020··-·CCE-86009-8.··000f4fb0:·2d20·4343·452d·3836·3030·392d·380a·2020··-·CCE-86009-8.··
Offset 62732, 22 lines modifiedOffset 62732, 22 lines modified
000f50b0:·6e61·6d65·3a20·456e·7375·7265·2067·726f··name:·Ensure·gro000f50b0:·6e61·6d65·3a20·456e·7375·7265·2067·726f··name:·Ensure·gro
Max diff block lines reached; 61802/71066 bytes (86.96%) of diff not shown.
21.8 KB
html2text {}
    
Offset 52, 15 lines modifiedOffset 52, 15 lines modified
52 ····*·cpe:/o:redhat:enterprise_linux:8.652 ····*·cpe:/o:redhat:enterprise_linux:8.6
53 ····*·cpe:/o:redhat:enterprise_linux:8.753 ····*·cpe:/o:redhat:enterprise_linux:8.7
54 ····*·cpe:/o:redhat:enterprise_linux:8.854 ····*·cpe:/o:redhat:enterprise_linux:8.8
55 ····*·cpe:/o:redhat:enterprise_linux:8.955 ····*·cpe:/o:redhat:enterprise_linux:8.9
56 ····*·cpe:/o:redhat:enterprise_linux:856 ····*·cpe:/o:redhat:enterprise_linux:8
57 *****·Revision·History·*****57 *****·Revision·History·*****
58 Current·version:·0.1.6558 Current·version:·0.1.65
59 ····*·draft·(as·of·2024-01-14)59 ····*·draft·(as·of·2025-02-15)
60 *****·Table·of·Contents·*****60 *****·Table·of·Contents·*****
61 ···1.·System_Settings61 ···1.·System_Settings
62 ·········1.·Installing_and_Maintaining_Software62 ·········1.·Installing_and_Maintaining_Software
63 ·········2.·Account_and_Access_Control63 ·········2.·Account_and_Access_Control
64 ·········3.·GRUB2_bootloader_configuration64 ·········3.·GRUB2_bootloader_configuration
65 ·········4.·Configure_Syslog65 ·········4.·Configure_Syslog
66 ·········5.·Network_Configuration_and_Firewalls66 ·········5.·Network_Configuration_and_Firewalls
Offset 8333, 16 lines modifiedOffset 8333, 16 lines modified
8333 ··-·no_reboot_needed8333 ··-·no_reboot_needed
  
8334 -·name:·Test·for·existence·/boot/grub2/grub.cfg8334 -·name:·Test·for·existence·/boot/grub2/grub.cfg
8335 ··stat:8335 ··stat:
8336 ····path:·/boot/grub2/grub.cfg8336 ····path:·/boot/grub2/grub.cfg
8337 ··register:·file_exists8337 ··register:·file_exists
8338 ··when:8338 ··when:
8339 ··-·'"grub2-common"·in·ansible_facts.packages' 
8340 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'8339 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 8340 ··-·'"grub2-common"·in·ansible_facts.packages'
8341 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8341 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8342 ··tags:8342 ··tags:
8343 ··-·CCE-80800-68343 ··-·CCE-80800-6
8344 ··-·CJIS-5.5.2.28344 ··-·CJIS-5.5.2.2
8345 ··-·NIST-800-171-3.4.58345 ··-·NIST-800-171-3.4.5
8346 ··-·NIST-800-53-AC-6(1)8346 ··-·NIST-800-53-AC-6(1)
8347 ··-·NIST-800-53-CM-6(a)8347 ··-·NIST-800-53-CM-6(a)
Offset 8355, 16 lines modifiedOffset 8355, 16 lines modified
8355 ··-·no_reboot_needed8355 ··-·no_reboot_needed
  
8356 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg8356 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
8357 ··file:8357 ··file:
8358 ····path:·/boot/grub2/grub.cfg8358 ····path:·/boot/grub2/grub.cfg
8359 ····group:·'0'8359 ····group:·'0'
8360 ··when:8360 ··when:
8361 ··-·'"grub2-common"·in·ansible_facts.packages' 
8362 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'8361 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 8362 ··-·'"grub2-common"·in·ansible_facts.packages'
8363 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8363 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8364 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists8364 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
8365 ··tags:8365 ··tags:
8366 ··-·CCE-80800-68366 ··-·CCE-80800-6
8367 ··-·CJIS-5.5.2.28367 ··-·CJIS-5.5.2.2
8368 ··-·NIST-800-171-3.4.58368 ··-·NIST-800-171-3.4.5
8369 ··-·NIST-800-53-AC-6(1)8369 ··-·NIST-800-53-AC-6(1)
Offset 8377, 15 lines modifiedOffset 8377, 15 lines modified
8377 ··-·medium_severity8377 ··-·medium_severity
8378 ··-·no_reboot_needed8378 ··-·no_reboot_needed
8379 Remediation_Shell_script_⇲8379 Remediation_Shell_script_⇲
8380 Complexity:·low8380 Complexity:·low
8381 Disruption:·low8381 Disruption:·low
8382 Strategy:···configure8382 Strategy:···configure
8383 #·Remediation·is·applicable·only·in·certain·platforms8383 #·Remediation·is·applicable·only·in·certain·platforms
8384 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then8384 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
8385 chgrp·0·/boot/grub2/grub.cfg8385 chgrp·0·/boot/grub2/grub.cfg
  
8386 else8386 else
8387 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'8387 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
8388 fi8388 fi
8389 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***8389 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***
Offset 8418, 16 lines modifiedOffset 8418, 16 lines modified
8418 ··-·no_reboot_needed8418 ··-·no_reboot_needed
  
8419 -·name:·Test·for·existence·/boot/grub2/user.cfg8419 -·name:·Test·for·existence·/boot/grub2/user.cfg
8420 ··stat:8420 ··stat:
8421 ····path:·/boot/grub2/user.cfg8421 ····path:·/boot/grub2/user.cfg
8422 ··register:·file_exists8422 ··register:·file_exists
8423 ··when:8423 ··when:
8424 ··-·'"grub2-common"·in·ansible_facts.packages' 
8425 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'8424 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 8425 ··-·'"grub2-common"·in·ansible_facts.packages'
8426 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8426 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8427 ··tags:8427 ··tags:
8428 ··-·CCE-86009-88428 ··-·CCE-86009-8
8429 ··-·CJIS-5.5.2.28429 ··-·CJIS-5.5.2.2
8430 ··-·NIST-800-171-3.4.58430 ··-·NIST-800-171-3.4.5
8431 ··-·NIST-800-53-AC-6(1)8431 ··-·NIST-800-53-AC-6(1)
8432 ··-·NIST-800-53-CM-6(a)8432 ··-·NIST-800-53-CM-6(a)
Offset 8440, 16 lines modifiedOffset 8440, 16 lines modified
8440 ··-·no_reboot_needed8440 ··-·no_reboot_needed
  
8441 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg8441 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
8442 ··file:8442 ··file:
8443 ····path:·/boot/grub2/user.cfg8443 ····path:·/boot/grub2/user.cfg
8444 ····group:·'0'8444 ····group:·'0'
8445 ··when:8445 ··when:
8446 ··-·'"grub2-common"·in·ansible_facts.packages' 
8447 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'8446 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 8447 ··-·'"grub2-common"·in·ansible_facts.packages'
8448 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8448 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8449 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists8449 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
8450 ··tags:8450 ··tags:
8451 ··-·CCE-86009-88451 ··-·CCE-86009-8
8452 ··-·CJIS-5.5.2.28452 ··-·CJIS-5.5.2.2
8453 ··-·NIST-800-171-3.4.58453 ··-·NIST-800-171-3.4.5
8454 ··-·NIST-800-53-AC-6(1)8454 ··-·NIST-800-53-AC-6(1)
Offset 8462, 15 lines modifiedOffset 8462, 15 lines modified
8462 ··-·medium_severity8462 ··-·medium_severity
8463 ··-·no_reboot_needed8463 ··-·no_reboot_needed
8464 Remediation_Shell_script_⇲8464 Remediation_Shell_script_⇲
8465 Complexity:·low8465 Complexity:·low
8466 Disruption:·low8466 Disruption:·low
8467 Strategy:···configure8467 Strategy:···configure
8468 #·Remediation·is·applicable·only·in·certain·platforms8468 #·Remediation·is·applicable·only·in·certain·platforms
8469 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then8469 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
8470 chgrp·0·/boot/grub2/user.cfg8470 chgrp·0·/boot/grub2/user.cfg
  
8471 else8471 else
8472 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'8472 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
8473 fi8473 fi
8474 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***8474 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 8503, 16 lines modifiedOffset 8503, 16 lines modified
8503 ··-·no_reboot_needed8503 ··-·no_reboot_needed
  
8504 -·name:·Test·for·existence·/boot/grub2/grub.cfg8504 -·name:·Test·for·existence·/boot/grub2/grub.cfg
8505 ··stat:8505 ··stat:
8506 ····path:·/boot/grub2/grub.cfg8506 ····path:·/boot/grub2/grub.cfg
8507 ··register:·file_exists8507 ··register:·file_exists
8508 ··when:8508 ··when:
Max diff block lines reached; 17834/22281 bytes (80.04%) of diff not shown.
91.3 KB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-cis_workstation_l1.html
    
Offset 14435, 16 lines modifiedOffset 14435, 16 lines modified
00038620:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p00038620:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p
00038630:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version00038630:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version
00038640:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.6500038640:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.65
00038650:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul00038650:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul
00038660:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra00038660:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra
00038670:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····00038670:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····
00038680:·2020·2020·2020·2020·2020·2020·2020·2020··················00038680:·2020·2020·2020·2020·2020·2020·2020·2020··················
00038690:·2861·7320·6f66·2032·3032·342d·3031·2d31··(as·of·2024-01-100038690:·2861·7320·6f66·2032·3032·352d·3032·2d31··(as·of·2025-02-1
000386a0:·3429·0a20·2020·2020·2020·2020·2020·2020··4).·············000386a0:·3529·0a20·2020·2020·2020·2020·2020·2020··5).·············
000386b0:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d000386b0:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d
000386c0:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·000386c0:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·
000386d0:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol000386d0:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol
000386e0:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x000386e0:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x
000386f0:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj000386f0:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj
00038700:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou00038700:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou
00038710:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System00038710:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System
Offset 62054, 22 lines modifiedOffset 62054, 22 lines modified
000f2650:·6e61·6d65·3a20·5465·7374·2066·6f72·2065··name:·Test·for·e000f2650:·6e61·6d65·3a20·5465·7374·2066·6f72·2065··name:·Test·for·e
000f2660:·7869·7374·656e·6365·202f·626f·6f74·2f67··xistence·/boot/g000f2660:·7869·7374·656e·6365·202f·626f·6f74·2f67··xistence·/boot/g
000f2670:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··000f2670:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··
000f2680:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:·000f2680:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:·
000f2690:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub000f2690:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
000f26a0:·2e63·6667·0a20·2072·6567·6973·7465·723a··.cfg.··register:000f26a0:·2e63·6667·0a20·2072·6567·6973·7465·723a··.cfg.··register:
000f26b0:·2066·696c·655f·6578·6973·7473·0a20·2077···file_exists.··w000f26b0:·2066·696c·655f·6578·6973·7473·0a20·2077···file_exists.··w
000f26c0:·6865·6e3a·0a20·202d·2027·2267·7275·6232··hen:.··-·'"grub2000f26c0:·6865·6e3a·0a20·202d·2027·222f·626f·6f74··hen:.··-·'"/boot
000f26d0:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi 
000f26e0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag 
000f26f0:·6573·270a·2020·2d20·2722·2f62·6f6f·742f··es'.··-·'"/boot/ 
000f2700:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi 
000f2710:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map 
000f2720:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun 
000f2730:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-·000f26d0:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans
 000f26e0:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma
 000f26f0:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou
 000f2700:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··-
 000f2710:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common"
 000f2720:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 000f2730:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·
000f2740:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali000f2740:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
000f2750:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·000f2750:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
000f2760:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l000f2760:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
000f2770:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"000f2770:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
000f2780:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai000f2780:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
000f2790:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··000f2790:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··
000f27a0:·2d20·4343·452d·3830·3830·302d·360a·2020··-·CCE-80800-6.··000f27a0:·2d20·4343·452d·3830·3830·302d·360a·2020··-·CCE-80800-6.··
Offset 62091, 22 lines modifiedOffset 62091, 22 lines modified
000f28a0:·206e·616d·653a·2045·6e73·7572·6520·6772···name:·Ensure·gr000f28a0:·206e·616d·653a·2045·6e73·7572·6520·6772···name:·Ensure·gr
000f28b0:·6f75·7020·6f77·6e65·7220·3020·6f6e·202f··oup·owner·0·on·/000f28b0:·6f75·7020·6f77·6e65·7220·3020·6f6e·202f··oup·owner·0·on·/
000f28c0:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.000f28c0:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
000f28d0:·6366·670a·2020·6669·6c65·3a0a·2020·2020··cfg.··file:.····000f28d0:·6366·670a·2020·6669·6c65·3a0a·2020·2020··cfg.··file:.····
000f28e0:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub000f28e0:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub
000f28f0:·322f·6772·7562·2e63·6667·0a20·2020·2067··2/grub.cfg.····g000f28f0:·322f·6772·7562·2e63·6667·0a20·2020·2067··2/grub.cfg.····g
000f2900:·726f·7570·3a20·2730·270a·2020·7768·656e··roup:·'0'.··when000f2900:·726f·7570·3a20·2730·270a·2020·7768·656e··roup:·'0'.··when
000f2910:·3a0a·2020·2d20·2722·6772·7562·322d·636f··:.··-·'"grub2-co 
000f2920:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible 
000f2930:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages' 
000f2940:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi 
000f2950:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible 
000f2960:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at 
000f2970:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount") 
000f2980:·207c·206c·6973·7427·0a20·202d·2061·6e73···|·list'.··-·ans000f2910:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef
 000f2920:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl
 000f2930:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a
 000f2940:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount"
 000f2950:·2920·7c20·6c69·7374·270a·2020·2d20·2722··)·|·list'.··-·'"
 000f2960:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in
 000f2970:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p
 000f2980:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans
000f2990:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat000f2990:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
000f29a0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·000f29a0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
000f29b0:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"000f29b0:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
000f29c0:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod000f29c0:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
000f29d0:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container000f29d0:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
000f29e0:·225d·0a20·202d·2066·696c·655f·6578·6973··"].··-·file_exis000f29e0:·225d·0a20·202d·2066·696c·655f·6578·6973··"].··-·file_exis
000f29f0:·7473·2e73·7461·7420·6973·2064·6566·696e··ts.stat·is·defin000f29f0:·7473·2e73·7461·7420·6973·2064·6566·696e··ts.stat·is·defin
Offset 62157, 19 lines modifiedOffset 62157, 19 lines modified
000f2cc0:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str000f2cc0:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str
000f2cd0:·6174·6567·793a·3c2f·7468·3e3c·7464·3e63··ategy:</th><td>c000f2cd0:·6174·6567·793a·3c2f·7468·3e3c·7464·3e63··ategy:</th><td>c
000f2ce0:·6f6e·6669·6775·7265·3c2f·7464·3e3c·2f74··onfigure</td></t000f2ce0:·6f6e·6669·6775·7265·3c2f·7464·3e3c·2f74··onfigure</td></t
000f2cf0:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><000f2cf0:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><
000f2d00:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati000f2d00:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati
000f2d10:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable000f2d10:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable
000f2d20:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain000f2d20:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain
000f2d30:·2070·6c61·7466·6f72·6d73·0a69·6620·7270···platforms.if·rp000f2d30:·2070·6c61·7466·6f72·6d73·0a69·6620·5b20···platforms.if·[·
000f2d40:·6d20·2d2d·7175·6965·7420·2d71·2067·7275··m·--quiet·-q·gru 
000f2d50:·6232·2d63·6f6d·6d6f·6e20·2661·6d70·3b26··b2-common·&amp;& 
000f2d60:·616d·703b·205b·2021·202d·6620·2f73·7973··amp;·[·!·-f·/sys 
000f2d70:·2f66·6972·6d77·6172·652f·6566·6920·5d20··/firmware/efi·]·000f2d40:·2120·2d66·202f·7379·732f·6669·726d·7761··!·-f·/sys/firmwa
 000f2d50:·7265·2f65·6669·205d·2026·616d·703b·2661··re/efi·]·&amp;&a
 000f2d60:·6d70·3b20·7270·6d20·2d2d·7175·6965·7420··mp;·rpm·--quiet·
 000f2d70:·2d71·2067·7275·6232·2d63·6f6d·6d6f·6e20··-q·grub2-common·
000f2d80:·2661·6d70·3b26·616d·703b·207b·205b·2021··&amp;&amp;·{·[·!000f2d80:·2661·6d70·3b26·616d·703b·207b·205b·2021··&amp;&amp;·{·[·!
000f2d90:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·000f2d90:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·
000f2da0:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!000f2da0:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!
000f2db0:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai000f2db0:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai
000f2dc0:·6e65·7265·6e76·205d·3b20·7d3b·2074·6865··nerenv·];·};·the000f2dc0:·6e65·7265·6e76·205d·3b20·7d3b·2074·6865··nerenv·];·};·the
000f2dd0:·6e0a·0a63·6867·7270·2030·202f·626f·6f74··n..chgrp·0·/boot000f2dd0:·6e0a·0a63·6867·7270·2030·202f·626f·6f74··n..chgrp·0·/boot
000f2de0:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.000f2de0:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.
Offset 62691, 22 lines modifiedOffset 62691, 22 lines modified
000f4e20:·206e·616d·653a·2054·6573·7420·666f·7220···name:·Test·for·000f4e20:·206e·616d·653a·2054·6573·7420·666f·7220···name:·Test·for·
000f4e30:·6578·6973·7465·6e63·6520·2f62·6f6f·742f··existence·/boot/000f4e30:·6578·6973·7465·6e63·6520·2f62·6f6f·742f··existence·/boot/
000f4e40:·6772·7562·322f·7573·6572·2e63·6667·0a20··grub2/user.cfg.·000f4e40:·6772·7562·322f·7573·6572·2e63·6667·0a20··grub2/user.cfg.·
000f4e50:·2073·7461·743a·0a20·2020·2070·6174·683a···stat:.····path:000f4e50:·2073·7461·743a·0a20·2020·2070·6174·683a···stat:.····path:
000f4e60:·202f·626f·6f74·2f67·7275·6232·2f75·7365···/boot/grub2/use000f4e60:·202f·626f·6f74·2f67·7275·6232·2f75·7365···/boot/grub2/use
000f4e70:·722e·6366·670a·2020·7265·6769·7374·6572··r.cfg.··register000f4e70:·722e·6366·670a·2020·7265·6769·7374·6572··r.cfg.··register
000f4e80:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··000f4e80:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··
000f4e90:·7768·656e·3a0a·2020·2d20·2722·6772·7562··when:.··-·'"grub000f4e90:·7768·656e·3a0a·2020·2d20·2722·2f62·6f6f··when:.··-·'"/boo
000f4ea0:·322d·636f·6d6d·6f6e·2220·696e·2061·6e73··2-common"·in·ans 
000f4eb0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa 
000f4ec0:·6765·7327·0a20·202d·2027·222f·626f·6f74··ges'.··-·'"/boot 
000f4ed0:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans 
000f4ee0:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma 
000f4ef0:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou 
000f4f00:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··-000f4ea0:·742f·6566·6922·206e·6f74·2069·6e20·616e··t/efi"·not·in·an
 000f4eb0:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m
 000f4ec0:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo
 000f4ed0:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.··
 000f4ee0:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common
 000f4ef0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
 000f4f00:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-
000f4f10:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual000f4f10:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
000f4f20:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not000f4f20:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
000f4f30:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"000f4f30:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
000f4f40:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·000f4f40:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
000f4f50:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta000f4f50:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
000f4f60:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·000f4f60:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·
000f4f70:·202d·2043·4345·2d38·3630·3039·2d38·0a20···-·CCE-86009-8.·000f4f70:·202d·2043·4345·2d38·3630·3039·2d38·0a20···-·CCE-86009-8.·
Max diff block lines reached; 61802/71066 bytes (86.96%) of diff not shown.
21.8 KB
html2text {}
    
Offset 53, 15 lines modifiedOffset 53, 15 lines modified
53 ····*·cpe:/o:redhat:enterprise_linux:8.653 ····*·cpe:/o:redhat:enterprise_linux:8.6
54 ····*·cpe:/o:redhat:enterprise_linux:8.754 ····*·cpe:/o:redhat:enterprise_linux:8.7
55 ····*·cpe:/o:redhat:enterprise_linux:8.855 ····*·cpe:/o:redhat:enterprise_linux:8.8
56 ····*·cpe:/o:redhat:enterprise_linux:8.956 ····*·cpe:/o:redhat:enterprise_linux:8.9
57 ····*·cpe:/o:redhat:enterprise_linux:857 ····*·cpe:/o:redhat:enterprise_linux:8
58 *****·Revision·History·*****58 *****·Revision·History·*****
59 Current·version:·0.1.6559 Current·version:·0.1.65
60 ····*·draft·(as·of·2024-01-14)60 ····*·draft·(as·of·2025-02-15)
61 *****·Table·of·Contents·*****61 *****·Table·of·Contents·*****
62 ···1.·System_Settings62 ···1.·System_Settings
63 ·········1.·Installing_and_Maintaining_Software63 ·········1.·Installing_and_Maintaining_Software
64 ·········2.·Account_and_Access_Control64 ·········2.·Account_and_Access_Control
65 ·········3.·GRUB2_bootloader_configuration65 ·········3.·GRUB2_bootloader_configuration
66 ·········4.·Configure_Syslog66 ·········4.·Configure_Syslog
67 ·········5.·Network_Configuration_and_Firewalls67 ·········5.·Network_Configuration_and_Firewalls
Offset 8333, 16 lines modifiedOffset 8333, 16 lines modified
8333 ··-·no_reboot_needed8333 ··-·no_reboot_needed
  
8334 -·name:·Test·for·existence·/boot/grub2/grub.cfg8334 -·name:·Test·for·existence·/boot/grub2/grub.cfg
8335 ··stat:8335 ··stat:
8336 ····path:·/boot/grub2/grub.cfg8336 ····path:·/boot/grub2/grub.cfg
8337 ··register:·file_exists8337 ··register:·file_exists
8338 ··when:8338 ··when:
8339 ··-·'"grub2-common"·in·ansible_facts.packages' 
8340 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'8339 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 8340 ··-·'"grub2-common"·in·ansible_facts.packages'
8341 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8341 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8342 ··tags:8342 ··tags:
8343 ··-·CCE-80800-68343 ··-·CCE-80800-6
8344 ··-·CJIS-5.5.2.28344 ··-·CJIS-5.5.2.2
8345 ··-·NIST-800-171-3.4.58345 ··-·NIST-800-171-3.4.5
8346 ··-·NIST-800-53-AC-6(1)8346 ··-·NIST-800-53-AC-6(1)
8347 ··-·NIST-800-53-CM-6(a)8347 ··-·NIST-800-53-CM-6(a)
Offset 8355, 16 lines modifiedOffset 8355, 16 lines modified
8355 ··-·no_reboot_needed8355 ··-·no_reboot_needed
  
8356 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg8356 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
8357 ··file:8357 ··file:
8358 ····path:·/boot/grub2/grub.cfg8358 ····path:·/boot/grub2/grub.cfg
8359 ····group:·'0'8359 ····group:·'0'
8360 ··when:8360 ··when:
8361 ··-·'"grub2-common"·in·ansible_facts.packages' 
8362 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'8361 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 8362 ··-·'"grub2-common"·in·ansible_facts.packages'
8363 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8363 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8364 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists8364 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
8365 ··tags:8365 ··tags:
8366 ··-·CCE-80800-68366 ··-·CCE-80800-6
8367 ··-·CJIS-5.5.2.28367 ··-·CJIS-5.5.2.2
8368 ··-·NIST-800-171-3.4.58368 ··-·NIST-800-171-3.4.5
8369 ··-·NIST-800-53-AC-6(1)8369 ··-·NIST-800-53-AC-6(1)
Offset 8377, 15 lines modifiedOffset 8377, 15 lines modified
8377 ··-·medium_severity8377 ··-·medium_severity
8378 ··-·no_reboot_needed8378 ··-·no_reboot_needed
8379 Remediation_Shell_script_⇲8379 Remediation_Shell_script_⇲
8380 Complexity:·low8380 Complexity:·low
8381 Disruption:·low8381 Disruption:·low
8382 Strategy:···configure8382 Strategy:···configure
8383 #·Remediation·is·applicable·only·in·certain·platforms8383 #·Remediation·is·applicable·only·in·certain·platforms
8384 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then8384 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
8385 chgrp·0·/boot/grub2/grub.cfg8385 chgrp·0·/boot/grub2/grub.cfg
  
8386 else8386 else
8387 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'8387 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
8388 fi8388 fi
8389 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***8389 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***
Offset 8418, 16 lines modifiedOffset 8418, 16 lines modified
8418 ··-·no_reboot_needed8418 ··-·no_reboot_needed
  
8419 -·name:·Test·for·existence·/boot/grub2/user.cfg8419 -·name:·Test·for·existence·/boot/grub2/user.cfg
8420 ··stat:8420 ··stat:
8421 ····path:·/boot/grub2/user.cfg8421 ····path:·/boot/grub2/user.cfg
8422 ··register:·file_exists8422 ··register:·file_exists
8423 ··when:8423 ··when:
8424 ··-·'"grub2-common"·in·ansible_facts.packages' 
8425 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'8424 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 8425 ··-·'"grub2-common"·in·ansible_facts.packages'
8426 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8426 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8427 ··tags:8427 ··tags:
8428 ··-·CCE-86009-88428 ··-·CCE-86009-8
8429 ··-·CJIS-5.5.2.28429 ··-·CJIS-5.5.2.2
8430 ··-·NIST-800-171-3.4.58430 ··-·NIST-800-171-3.4.5
8431 ··-·NIST-800-53-AC-6(1)8431 ··-·NIST-800-53-AC-6(1)
8432 ··-·NIST-800-53-CM-6(a)8432 ··-·NIST-800-53-CM-6(a)
Offset 8440, 16 lines modifiedOffset 8440, 16 lines modified
8440 ··-·no_reboot_needed8440 ··-·no_reboot_needed
  
8441 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg8441 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
8442 ··file:8442 ··file:
8443 ····path:·/boot/grub2/user.cfg8443 ····path:·/boot/grub2/user.cfg
8444 ····group:·'0'8444 ····group:·'0'
8445 ··when:8445 ··when:
8446 ··-·'"grub2-common"·in·ansible_facts.packages' 
8447 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'8446 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 8447 ··-·'"grub2-common"·in·ansible_facts.packages'
8448 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8448 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8449 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists8449 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
8450 ··tags:8450 ··tags:
8451 ··-·CCE-86009-88451 ··-·CCE-86009-8
8452 ··-·CJIS-5.5.2.28452 ··-·CJIS-5.5.2.2
8453 ··-·NIST-800-171-3.4.58453 ··-·NIST-800-171-3.4.5
8454 ··-·NIST-800-53-AC-6(1)8454 ··-·NIST-800-53-AC-6(1)
Offset 8462, 15 lines modifiedOffset 8462, 15 lines modified
8462 ··-·medium_severity8462 ··-·medium_severity
8463 ··-·no_reboot_needed8463 ··-·no_reboot_needed
8464 Remediation_Shell_script_⇲8464 Remediation_Shell_script_⇲
8465 Complexity:·low8465 Complexity:·low
8466 Disruption:·low8466 Disruption:·low
8467 Strategy:···configure8467 Strategy:···configure
8468 #·Remediation·is·applicable·only·in·certain·platforms8468 #·Remediation·is·applicable·only·in·certain·platforms
8469 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then8469 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
8470 chgrp·0·/boot/grub2/user.cfg8470 chgrp·0·/boot/grub2/user.cfg
  
8471 else8471 else
8472 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'8472 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
8473 fi8473 fi
8474 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***8474 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 8503, 16 lines modifiedOffset 8503, 16 lines modified
8503 ··-·no_reboot_needed8503 ··-·no_reboot_needed
  
8504 -·name:·Test·for·existence·/boot/grub2/grub.cfg8504 -·name:·Test·for·existence·/boot/grub2/grub.cfg
8505 ··stat:8505 ··stat:
8506 ····path:·/boot/grub2/grub.cfg8506 ····path:·/boot/grub2/grub.cfg
8507 ··register:·file_exists8507 ··register:·file_exists
8508 ··when:8508 ··when:
Max diff block lines reached; 17834/22281 bytes (80.04%) of diff not shown.
833 KB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-cis_workstation_l2.html
    
Offset 14435, 16 lines modifiedOffset 14435, 16 lines modified
00038620:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p00038620:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p
00038630:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version00038630:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version
00038640:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.6500038640:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.65
00038650:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul00038650:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul
00038660:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra00038660:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra
00038670:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····00038670:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····
00038680:·2020·2020·2020·2020·2020·2020·2020·2020··················00038680:·2020·2020·2020·2020·2020·2020·2020·2020··················
00038690:·2861·7320·6f66·2032·3032·342d·3031·2d31··(as·of·2024-01-100038690:·2861·7320·6f66·2032·3032·352d·3032·2d31··(as·of·2025-02-1
000386a0:·3429·0a20·2020·2020·2020·2020·2020·2020··4).·············000386a0:·3529·0a20·2020·2020·2020·2020·2020·2020··5).·············
000386b0:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d000386b0:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d
000386c0:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·000386c0:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·
000386d0:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol000386d0:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol
000386e0:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x000386e0:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x
000386f0:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj000386f0:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj
00038700:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou00038700:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou
00038710:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System00038710:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System
Offset 65177, 23 lines modifiedOffset 65177, 23 lines modified
000fe980:·640a·2020·2d20·7265·7374·7269·6374·5f73··d.··-·restrict_s000fe980:·640a·2020·2d20·7265·7374·7269·6374·5f73··d.··-·restrict_s
000fe990:·7472·6174·6567·790a·0a2d·206e·616d·653a··trategy..-·name:000fe990:·7472·6174·6567·790a·0a2d·206e·616d·653a··trategy..-·name:
000fe9a0:·2053·6574·2061·7263·6869·7465·6374·7572···Set·architectur000fe9a0:·2053·6574·2061·7263·6869·7465·6374·7572···Set·architectur
000fe9b0:·6520·666f·7220·6175·6469·7420·6368·6d6f··e·for·audit·chmo000fe9b0:·6520·666f·7220·6175·6469·7420·6368·6d6f··e·for·audit·chmo
000fe9c0:·6420·7461·736b·730a·2020·7365·745f·6661··d·tasks.··set_fa000fe9c0:·6420·7461·736b·730a·2020·7365·745f·6661··d·tasks.··set_fa
000fe9d0:·6374·3a0a·2020·2020·6175·6469·745f·6172··ct:.····audit_ar000fe9d0:·6374·3a0a·2020·2020·6175·6469·745f·6172··ct:.····audit_ar
000fe9e0:·6368·3a20·6236·340a·2020·7768·656e·3a0a··ch:·b64.··when:.000fe9e0:·6368·3a20·6236·340a·2020·7768·656e·3a0a··ch:·b64.··when:.
000fe9f0:·2020·2d20·2722·6175·6469·7422·2069·6e20····-·'"audit"·in· 
000fea00:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa 
000fea10:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi 
000fea20:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati 
000fea30:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[ 
000fea40:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc", 
000fea50:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm 
000fea60:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"000fe9f0:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt
 000fea00:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type·
 000fea10:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker"
 000fea20:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz
 000fea30:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co
 000fea40:·6e74·6169·6e65·7222·5d0a·2020·2d20·2722··ntainer"].··-·'"
 000fea50:·6175·6469·7422·2069·6e20·616e·7369·626c··audit"·in·ansibl
 000fea60:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
000fea70:·5d0a·2020·2d20·616e·7369·626c·655f·6172··].··-·ansible_ar000fea70:·270a·2020·2d20·616e·7369·626c·655f·6172··'.··-·ansible_ar
000fea80:·6368·6974·6563·7475·7265·203d·3d20·2261··chitecture·==·"a000fea80:·6368·6974·6563·7475·7265·203d·3d20·2261··chitecture·==·"a
000fea90:·6172·6368·3634·2220·6f72·2061·6e73·6962··arch64"·or·ansib000fea90:·6172·6368·3634·2220·6f72·2061·6e73·6962··arch64"·or·ansib
000feaa0:·6c65·5f61·7263·6869·7465·6374·7572·6520··le_architecture·000feaa0:·6c65·5f61·7263·6869·7465·6374·7572·6520··le_architecture·
000feab0:·3d3d·2022·7070·6336·3422·206f·7220·616e··==·"ppc64"·or·an000feab0:·3d3d·2022·7070·6336·3422·206f·7220·616e··==·"ppc64"·or·an
000feac0:·7369·626c·655f·6172·6368·6974·6563·7475··sible_architectu000feac0:·7369·626c·655f·6172·6368·6974·6563·7475··sible_architectu
000fead0:·7265·0a20·2020·203d·3d20·2270·7063·3634··re.····==·"ppc64000fead0:·7265·0a20·2020·203d·3d20·2270·7063·3634··re.····==·"ppc64
000feae0:·6c65·2220·6f72·2061·6e73·6962·6c65·5f61··le"·or·ansible_a000feae0:·6c65·2220·6f72·2061·6e73·6962·6c65·5f61··le"·or·ansible_a
Offset 65501, 23 lines modifiedOffset 65501, 23 lines modified
000ffdc0:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······000ffdc0:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······
000ffdd0:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···000ffdd0:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···
000ffde0:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·000ffde0:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·
000ffdf0:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres000ffdf0:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres
000ffe00:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy000ffe00:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy
000ffe10:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l000ffe10:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l
000ffe20:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe000ffe20:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe
000ffe30:·6e3a·0a20·202d·2027·2261·7564·6974·2220··n:.··-·'"audit"· 
000ffe40:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
000ffe50:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a 
000ffe60:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz 
000ffe70:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i 
000ffe80:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx 
000ffe90:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p 
000ffea0:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain000ffe30:·6e3a·0a20·202d·2061·6e73·6962·6c65·5f76··n:.··-·ansible_v
 000ffe40:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
 000ffe50:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
 000ffe60:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
 000ffe70:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
 000ffe80:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··-
 000ffe90:·2027·2261·7564·6974·2220·696e·2061·6e73···'"audit"·in·ans
 000ffea0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
000ffeb0:·6572·225d·0a20·2074·6167·733a·0a20·202d··er"].··tags:.··-000ffeb0:·6765·7327·0a20·2074·6167·733a·0a20·202d··ges'.··tags:.··-
000ffec0:·2043·4345·2d38·3036·3835·2d31·0a20·202d···CCE-80685-1.··-000ffec0:·2043·4345·2d38·3036·3835·2d31·0a20·202d···CCE-80685-1.··-
000ffed0:·2043·4a49·532d·352e·342e·312e·310a·2020···CJIS-5.4.1.1.··000ffed0:·2043·4a49·532d·352e·342e·312e·310a·2020···CJIS-5.4.1.1.··
000ffee0:·2d20·4449·5341·2d53·5449·472d·5248·454c··-·DISA-STIG-RHEL000ffee0:·2d20·4449·5341·2d53·5449·472d·5248·454c··-·DISA-STIG-RHEL
000ffef0:·2d30·382d·3033·3034·3930·0a20·202d·204e··-08-030490.··-·N000ffef0:·2d30·382d·3033·3034·3930·0a20·202d·204e··-08-030490.··-·N
000fff00:·4953·542d·3830·302d·3137·312d·332e·312e··IST-800-171-3.1.000fff00:·4953·542d·3830·302d·3137·312d·332e·312e··IST-800-171-3.1.
000fff10:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5000fff10:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5
000fff20:·332d·4155·2d31·3228·6329·0a20·202d·204e··3-AU-12(c).··-·N000fff20:·332d·4155·2d31·3228·6329·0a20·202d·204e··3-AU-12(c).··-·N
Offset 65814, 22 lines modifiedOffset 65814, 22 lines modified
00101150:·6d6f·640a·2020·2020·2020·6372·6561·7465··mod.······create00101150:·6d6f·640a·2020·2020·2020·6372·6561·7465··mod.······create
00101160:·3a20·7472·7565·0a20·2020·2020·206d·6f64··:·true.······mod00101160:·3a20·7472·7565·0a20·2020·2020·206d·6f64··:·true.······mod
00101170:·653a·206f·2d72·7778·0a20·2020·2020·2073··e:·o-rwx.······s00101170:·653a·206f·2d72·7778·0a20·2020·2020·2073··e:·o-rwx.······s
00101180:·7461·7465·3a20·7072·6573·656e·740a·2020··tate:·present.··00101180:·7461·7465·3a20·7072·6573·656e·740a·2020··tate:·present.··
00101190:·2020·7768·656e·3a20·7379·7363·616c·6c73····when:·syscalls00101190:·2020·7768·656e·3a20·7379·7363·616c·6c73····when:·syscalls
001011a0:·5f66·6f75·6e64·207c·206c·656e·6774·6820··_found·|·length·001011a0:·5f66·6f75·6e64·207c·206c·656e·6774·6820··_found·|·length·
001011b0:·3d3d·2030·0a20·2077·6865·6e3a·0a20·202d··==·0.··when:.··-001011b0:·3d3d·2030·0a20·2077·6865·6e3a·0a20·202d··==·0.··when:.··-
001011c0:·2027·2261·7564·6974·2220·696e·2061·6e73···'"audit"·in·ans 
001011d0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa 
001011e0:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible 
001011f0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_ 
00101200:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do 
00101210:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o 
00101220:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman" 
00101230:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·001011c0:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
 001011d0:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
 001011e0:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
 001011f0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
 00101200:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
 00101210:·696e·6572·225d·0a20·202d·2027·2261·7564··iner"].··-·'"aud
 00101220:·6974·2220·696e·2061·6e73·6962·6c65·5f66··it"·in·ansible_f
 00101230:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
00101240:·202d·2061·7564·6974·5f61·7263·6820·3d3d···-·audit_arch·==00101240:·202d·2061·7564·6974·5f61·7263·6820·3d3d···-·audit_arch·==
00101250:·2022·6236·3422·0a20·2074·6167·733a·0a20···"b64".··tags:.·00101250:·2022·6236·3422·0a20·2074·6167·733a·0a20···"b64".··tags:.·
00101260:·202d·2043·4345·2d38·3036·3835·2d31·0a20···-·CCE-80685-1.·00101260:·202d·2043·4345·2d38·3036·3835·2d31·0a20···-·CCE-80685-1.·
00101270:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.00101270:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.
00101280:·2020·2d20·4449·5341·2d53·5449·472d·5248····-·DISA-STIG-RH00101280:·2020·2d20·4449·5341·2d53·5449·472d·5248····-·DISA-STIG-RH
00101290:·454c·2d30·382d·3033·3034·3930·0a20·202d··EL-08-030490.··-00101290:·454c·2d30·382d·3033·3034·3930·0a20·202d··EL-08-030490.··-
001012a0:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.001012a0:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.
Offset 65864, 21 lines modifiedOffset 65864, 21 lines modified
00101470:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class00101470:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
00101480:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse00101480:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
00101490:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i00101490:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
001014a0:·646d·3235·3833·3022·3e3c·7072·653e·3c63··dm25830"><pre><c001014a0:·646d·3235·3833·3022·3e3c·7072·653e·3c63··dm25830"><pre><c
001014b0:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio001014b0:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio
001014c0:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·001014c0:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·
001014d0:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·001014d0:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·
001014e0:·706c·6174·666f·726d·730a·6966·2072·706d··platforms.if·rpm001014e0:·706c·6174·666f·726d·730a·6966·205b·2021··platforms.if·[·!
001014f0:·202d·2d71·7569·6574·202d·7120·6175·6469···--quiet·-q·audi 
00101500:·7420·2661·6d70·3b26·616d·703b·205b·2021··t·&amp;&amp;·[·! 
00101510:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·001014f0:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·
00101520:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!00101500:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!
00101530:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai00101510:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai
00101540:·6e65·7265·6e76·205d·3b20·7468·656e·0a0a··nerenv·];·then..00101520:·6e65·7265·6e76·205d·2026·616d·703b·2661··nerenv·]·&amp;&a
 00101530:·6d70·3b20·7270·6d20·2d2d·7175·6965·7420··mp;·rpm·--quiet·
 00101540:·2d71·2061·7564·6974·3b20·7468·656e·0a0a··-q·audit;·then..
00101550:·2320·4669·7273·7420·7065·7266·6f72·6d20··#·First·perform·00101550:·2320·4669·7273·7420·7065·7266·6f72·6d20··#·First·perform·
00101560:·7468·6520·7265·6d65·6469·6174·696f·6e20··the·remediation·00101560:·7468·6520·7265·6d65·6469·6174·696f·6e20··the·remediation·
Max diff block lines reached; 650971/660485 bytes (98.56%) of diff not shown.
188 KB
html2text {}
    
Offset 53, 15 lines modifiedOffset 53, 15 lines modified
53 ····*·cpe:/o:redhat:enterprise_linux:8.653 ····*·cpe:/o:redhat:enterprise_linux:8.6
54 ····*·cpe:/o:redhat:enterprise_linux:8.754 ····*·cpe:/o:redhat:enterprise_linux:8.7
55 ····*·cpe:/o:redhat:enterprise_linux:8.855 ····*·cpe:/o:redhat:enterprise_linux:8.8
56 ····*·cpe:/o:redhat:enterprise_linux:8.956 ····*·cpe:/o:redhat:enterprise_linux:8.9
57 ····*·cpe:/o:redhat:enterprise_linux:857 ····*·cpe:/o:redhat:enterprise_linux:8
58 *****·Revision·History·*****58 *****·Revision·History·*****
59 Current·version:·0.1.6559 Current·version:·0.1.65
60 ····*·draft·(as·of·2024-01-14)60 ····*·draft·(as·of·2025-02-15)
61 *****·Table·of·Contents·*****61 *****·Table·of·Contents·*****
62 ···1.·System_Settings62 ···1.·System_Settings
63 ·········1.·Installing_and_Maintaining_Software63 ·········1.·Installing_and_Maintaining_Software
64 ·········2.·Account_and_Access_Control64 ·········2.·Account_and_Access_Control
65 ·········3.·System_Accounting_with_auditd65 ·········3.·System_Accounting_with_auditd
66 ·········4.·GRUB2_bootloader_configuration66 ·········4.·GRUB2_bootloader_configuration
67 ·········5.·Configure_Syslog67 ·········5.·Configure_Syslog
Offset 8486, 16 lines modifiedOffset 8486, 16 lines modified
8486 ··-·reboot_required8486 ··-·reboot_required
8487 ··-·restrict_strategy8487 ··-·restrict_strategy
  
8488 -·name:·Set·architecture·for·audit·chmod·tasks8488 -·name:·Set·architecture·for·audit·chmod·tasks
8489 ··set_fact:8489 ··set_fact:
8490 ····audit_arch:·b648490 ····audit_arch:·b64
8491 ··when:8491 ··when:
8492 ··-·'"audit"·in·ansible_facts.packages' 
8493 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8492 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 8493 ··-·'"audit"·in·ansible_facts.packages'
8494 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture8494 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
8495 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"8495 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
8496 ··tags:8496 ··tags:
8497 ··-·CCE-80685-18497 ··-·CCE-80685-1
8498 ··-·CJIS-5.4.1.18498 ··-·CJIS-5.4.1.1
8499 ··-·DISA-STIG-RHEL-08-0304908499 ··-·DISA-STIG-RHEL-08-030490
8500 ··-·NIST-800-171-3.1.78500 ··-·NIST-800-171-3.1.7
Offset 8633, 16 lines modifiedOffset 8633, 16 lines modified
8633 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10008633 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
8634 ········-F·auid!=unset·-F·key=perm_mod8634 ········-F·auid!=unset·-F·key=perm_mod
8635 ······create:·true8635 ······create:·true
8636 ······mode:·o-rwx8636 ······mode:·o-rwx
8637 ······state:·present8637 ······state:·present
8638 ····when:·syscalls_found·|·length·==·08638 ····when:·syscalls_found·|·length·==·0
8639 ··when:8639 ··when:
8640 ··-·'"audit"·in·ansible_facts.packages' 
8641 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8640 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 8641 ··-·'"audit"·in·ansible_facts.packages'
8642 ··tags:8642 ··tags:
8643 ··-·CCE-80685-18643 ··-·CCE-80685-1
8644 ··-·CJIS-5.4.1.18644 ··-·CJIS-5.4.1.1
8645 ··-·DISA-STIG-RHEL-08-0304908645 ··-·DISA-STIG-RHEL-08-030490
8646 ··-·NIST-800-171-3.1.78646 ··-·NIST-800-171-3.1.7
8647 ··-·NIST-800-53-AU-12(c)8647 ··-·NIST-800-53-AU-12(c)
8648 ··-·NIST-800-53-AU-2(d)8648 ··-·NIST-800-53-AU-2(d)
Offset 8778, 16 lines modifiedOffset 8778, 16 lines modified
8778 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10008778 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
8779 ········-F·auid!=unset·-F·key=perm_mod8779 ········-F·auid!=unset·-F·key=perm_mod
8780 ······create:·true8780 ······create:·true
8781 ······mode:·o-rwx8781 ······mode:·o-rwx
8782 ······state:·present8782 ······state:·present
8783 ····when:·syscalls_found·|·length·==·08783 ····when:·syscalls_found·|·length·==·0
8784 ··when:8784 ··when:
8785 ··-·'"audit"·in·ansible_facts.packages' 
8786 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8785 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 8786 ··-·'"audit"·in·ansible_facts.packages'
8787 ··-·audit_arch·==·"b64"8787 ··-·audit_arch·==·"b64"
8788 ··tags:8788 ··tags:
8789 ··-·CCE-80685-18789 ··-·CCE-80685-1
8790 ··-·CJIS-5.4.1.18790 ··-·CJIS-5.4.1.1
8791 ··-·DISA-STIG-RHEL-08-0304908791 ··-·DISA-STIG-RHEL-08-030490
8792 ··-·NIST-800-171-3.1.78792 ··-·NIST-800-171-3.1.7
8793 ··-·NIST-800-53-AU-12(c)8793 ··-·NIST-800-53-AU-12(c)
Offset 8798, 15 lines modifiedOffset 8798, 15 lines modified
8798 ··-·low_complexity8798 ··-·low_complexity
8799 ··-·low_disruption8799 ··-·low_disruption
8800 ··-·medium_severity8800 ··-·medium_severity
8801 ··-·reboot_required8801 ··-·reboot_required
8802 ··-·restrict_strategy8802 ··-·restrict_strategy
8803 Remediation_Shell_script_⇲8803 Remediation_Shell_script_⇲
8804 #·Remediation·is·applicable·only·in·certain·platforms8804 #·Remediation·is·applicable·only·in·certain·platforms
8805 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then8805 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
8806 #·First·perform·the·remediation·of·the·syscall·rule8806 #·First·perform·the·remediation·of·the·syscall·rule
8807 #·Retrieve·hardware·architecture·of·the·underlying·system8807 #·Retrieve·hardware·architecture·of·the·underlying·system
8808 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")8808 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
8809 for·ARCH·in·"${RULE_ARCHS[@]}"8809 for·ARCH·in·"${RULE_ARCHS[@]}"
8810 do8810 do
Offset 9169, 16 lines modifiedOffset 9169, 16 lines modified
9169 ··-·reboot_required9169 ··-·reboot_required
9170 ··-·restrict_strategy9170 ··-·restrict_strategy
  
9171 -·name:·Set·architecture·for·audit·chown·tasks9171 -·name:·Set·architecture·for·audit·chown·tasks
9172 ··set_fact:9172 ··set_fact:
9173 ····audit_arch:·b649173 ····audit_arch:·b64
9174 ··when:9174 ··when:
9175 ··-·'"audit"·in·ansible_facts.packages' 
9176 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]9175 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 9176 ··-·'"audit"·in·ansible_facts.packages'
9177 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture9177 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
9178 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"9178 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
9179 ··tags:9179 ··tags:
9180 ··-·CCE-80686-99180 ··-·CCE-80686-9
9181 ··-·CJIS-5.4.1.19181 ··-·CJIS-5.4.1.1
9182 ··-·DISA-STIG-RHEL-08-0304809182 ··-·DISA-STIG-RHEL-08-030480
9183 ··-·NIST-800-171-3.1.79183 ··-·NIST-800-171-3.1.7
Offset 9318, 16 lines modifiedOffset 9318, 16 lines modified
9318 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10009318 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
9319 ········-F·auid!=unset·-F·key=perm_mod9319 ········-F·auid!=unset·-F·key=perm_mod
9320 ······create:·true9320 ······create:·true
9321 ······mode:·o-rwx9321 ······mode:·o-rwx
9322 ······state:·present9322 ······state:·present
9323 ····when:·syscalls_found·|·length·==·09323 ····when:·syscalls_found·|·length·==·0
9324 ··when:9324 ··when:
9325 ··-·'"audit"·in·ansible_facts.packages' 
9326 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]9325 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 9326 ··-·'"audit"·in·ansible_facts.packages'
9327 ··tags:9327 ··tags:
9328 ··-·CCE-80686-99328 ··-·CCE-80686-9
9329 ··-·CJIS-5.4.1.19329 ··-·CJIS-5.4.1.1
9330 ··-·DISA-STIG-RHEL-08-0304809330 ··-·DISA-STIG-RHEL-08-030480
9331 ··-·NIST-800-171-3.1.79331 ··-·NIST-800-171-3.1.7
9332 ··-·NIST-800-53-AU-12(c)9332 ··-·NIST-800-53-AU-12(c)
9333 ··-·NIST-800-53-AU-2(d)9333 ··-·NIST-800-53-AU-2(d)
Offset 9465, 16 lines modifiedOffset 9465, 16 lines modified
9465 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10009465 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
9466 ········-F·auid!=unset·-F·key=perm_mod9466 ········-F·auid!=unset·-F·key=perm_mod
9467 ······create:·true9467 ······create:·true
9468 ······mode:·o-rwx9468 ······mode:·o-rwx
9469 ······state:·present9469 ······state:·present
Max diff block lines reached; 187981/192435 bytes (97.69%) of diff not shown.
532 KB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-cjis.html
    
Offset 14428, 15 lines modifiedOffset 14428, 15 lines modified
000385b0:·7279·3c2f·6832·3e3c·703e·4375·7272·656e··ry</h2><p>Curren000385b0:·7279·3c2f·6832·3e3c·703e·4375·7272·656e··ry</h2><p>Curren
000385c0:·7420·7665·7273·696f·6e3a·203c·7374·726f··t·version:·<stro000385c0:·7420·7665·7273·696f·6e3a·203c·7374·726f··t·version:·<stro
000385d0:·6e67·3e30·2e31·2e36·353c·2f73·7472·6f6e··ng>0.1.65</stron000385d0:·6e67·3e30·2e31·2e36·353c·2f73·7472·6f6e··ng>0.1.65</stron
000385e0:·673e·3c2f·703e·3c75·6c3e·3c6c·693e·3c73··g></p><ul><li><s000385e0:·673e·3c2f·703e·3c75·6c3e·3c6c·693e·3c73··g></p><ul><li><s
000385f0:·7472·6f6e·673e·6472·6166·743c·2f73·7472··trong>draft</str000385f0:·7472·6f6e·673e·6472·6166·743c·2f73·7472··trong>draft</str
00038600:·6f6e·673e·0a20·2020·2020·2020·2020·2020··ong>.···········00038600:·6f6e·673e·0a20·2020·2020·2020·2020·2020··ong>.···········
00038610:·2020·2020·2020·2020·2028·6173·206f·6620···········(as·of·00038610:·2020·2020·2020·2020·2028·6173·206f·6620···········(as·of·
00038620:·3230·3234·2d30·312d·3134·290a·2020·2020··2024-01-14).····00038620:·3230·3235·2d30·322d·3135·290a·2020·2020··2025-02-15).····
00038630:·2020·2020·2020·2020·2020·2020·3c2f·6c69··············</li00038630:·2020·2020·2020·2020·2020·2020·3c2f·6c69··············</li
00038640:·3e3c·2f75·6c3e·3c2f·6469·763e·3c68·323e··></ul></div><h2>00038640:·3e3c·2f75·6c3e·3c2f·6469·763e·3c68·323e··></ul></div><h2>
00038650:·5461·626c·6520·6f66·2043·6f6e·7465·6e74··Table·of·Content00038650:·5461·626c·6520·6f66·2043·6f6e·7465·6e74··Table·of·Content
00038660:·733c·2f68·323e·3c6f·6c3e·3c6c·693e·3c61··s</h2><ol><li><a00038660:·733c·2f68·323e·3c6f·6c3e·3c6c·693e·3c61··s</h2><ol><li><a
00038670:·2068·7265·663d·2223·7863·6364·665f·6f72···href="#xccdf_or00038670:·2068·7265·663d·2223·7863·6364·665f·6f72···href="#xccdf_or
00038680:·672e·7373·6770·726f·6a65·6374·2e63·6f6e··g.ssgproject.con00038680:·672e·7373·6770·726f·6a65·6374·2e63·6f6e··g.ssgproject.con
00038690:·7465·6e74·5f67·726f·7570·5f73·7973·7465··tent_group_syste00038690:·7465·6e74·5f67·726f·7570·5f73·7973·7465··tent_group_syste
Offset 42968, 23 lines modifiedOffset 42968, 23 lines modified
000a7d70:·7175·6972·6564·0a20·202d·2072·6573·7472··quired.··-·restr000a7d70:·7175·6972·6564·0a20·202d·2072·6573·7472··quired.··-·restr
000a7d80:·6963·745f·7374·7261·7465·6779·0a0a·2d20··ict_strategy..-·000a7d80:·6963·745f·7374·7261·7465·6779·0a0a·2d20··ict_strategy..-·
000a7d90:·6e61·6d65·3a20·5365·7420·6172·6368·6974··name:·Set·archit000a7d90:·6e61·6d65·3a20·5365·7420·6172·6368·6974··name:·Set·archit
000a7da0:·6563·7475·7265·2066·6f72·2061·7564·6974··ecture·for·audit000a7da0:·6563·7475·7265·2066·6f72·2061·7564·6974··ecture·for·audit
000a7db0:·2063·686d·6f64·2074·6173·6b73·0a20·2073···chmod·tasks.··s000a7db0:·2063·686d·6f64·2074·6173·6b73·0a20·2073···chmod·tasks.··s
000a7dc0:·6574·5f66·6163·743a·0a20·2020·2061·7564··et_fact:.····aud000a7dc0:·6574·5f66·6163·743a·0a20·2020·2061·7564··et_fact:.····aud
000a7dd0:·6974·5f61·7263·683a·2062·3634·0a20·2077··it_arch:·b64.··w000a7dd0:·6974·5f61·7263·683a·2062·3634·0a20·2077··it_arch:·b64.··w
000a7de0:·6865·6e3a·0a20·202d·2027·2261·7564·6974··hen:.··-·'"audit000a7de0:·6865·6e3a·0a20·202d·2061·6e73·6962·6c65··hen:.··-·ansible
000a7df0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
000a7e00:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··- 
000a7e10:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual 
000a7e20:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not 
000a7e30:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·" 
000a7e40:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",· 
000a7e50:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta000a7df0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
 000a7e00:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
 000a7e10:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
 000a7e20:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
 000a7e30:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
 000a7e40:·202d·2027·2261·7564·6974·2220·696e·2061···-·'"audit"·in·a
 000a7e50:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
000a7e60:·696e·6572·225d·0a20·202d·2061·6e73·6962··iner"].··-·ansib000a7e60:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib
000a7e70:·6c65·5f61·7263·6869·7465·6374·7572·6520··le_architecture·000a7e70:·6c65·5f61·7263·6869·7465·6374·7572·6520··le_architecture·
000a7e80:·3d3d·2022·6161·7263·6836·3422·206f·7220··==·"aarch64"·or·000a7e80:·3d3d·2022·6161·7263·6836·3422·206f·7220··==·"aarch64"·or·
000a7e90:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec000a7e90:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec
000a7ea0:·7475·7265·203d·3d20·2270·7063·3634·2220··ture·==·"ppc64"·000a7ea0:·7475·7265·203d·3d20·2270·7063·3634·2220··ture·==·"ppc64"·
000a7eb0:·6f72·2061·6e73·6962·6c65·5f61·7263·6869··or·ansible_archi000a7eb0:·6f72·2061·6e73·6962·6c65·5f61·7263·6869··or·ansible_archi
000a7ec0:·7465·6374·7572·650a·2020·2020·3d3d·2022··tecture.····==·"000a7ec0:·7465·6374·7572·650a·2020·2020·3d3d·2022··tecture.····==·"
000a7ed0:·7070·6336·346c·6522·206f·7220·616e·7369··ppc64le"·or·ansi000a7ed0:·7070·6336·346c·6522·206f·7220·616e·7369··ppc64le"·or·ansi
Offset 43292, 23 lines modifiedOffset 43292, 23 lines modified
000a91b0:·4620·6b65·793d·7065·726d·5f6d·6f64·0a20··F·key=perm_mod.·000a91b0:·4620·6b65·793d·7065·726d·5f6d·6f64·0a20··F·key=perm_mod.·
000a91c0:·2020·2020·2063·7265·6174·653a·2074·7275·······create:·tru000a91c0:·2020·2020·2063·7265·6174·653a·2074·7275·······create:·tru
000a91d0:·650a·2020·2020·2020·6d6f·6465·3a20·6f2d··e.······mode:·o-000a91d0:·650a·2020·2020·2020·6d6f·6465·3a20·6f2d··e.······mode:·o-
000a91e0:·7277·780a·2020·2020·2020·7374·6174·653a··rwx.······state:000a91e0:·7277·780a·2020·2020·2020·7374·6174·653a··rwx.······state:
000a91f0:·2070·7265·7365·6e74·0a20·2020·2077·6865···present.····whe000a91f0:·2070·7265·7365·6e74·0a20·2020·2077·6865···present.····whe
000a9200:·6e3a·2073·7973·6361·6c6c·735f·666f·756e··n:·syscalls_foun000a9200:·6e3a·2073·7973·6361·6c6c·735f·666f·756e··n:·syscalls_foun
000a9210:·6420·7c20·6c65·6e67·7468·203d·3d20·300a··d·|·length·==·0.000a9210:·6420·7c20·6c65·6e67·7468·203d·3d20·300a··d·|·length·==·0.
000a9220:·2020·7768·656e·3a0a·2020·2d20·2722·6175····when:.··-·'"au000a9220:·2020·7768·656e·3a0a·2020·2d20·616e·7369····when:.··-·ansi
000a9230:·6469·7422·2069·6e20·616e·7369·626c·655f··dit"·in·ansible_ 
000a9240:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'. 
000a9250:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt 
000a9260:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type· 
000a9270:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker" 
000a9280:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz 
000a9290:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co 
000a92a0:·6e74·6169·6e65·7222·5d0a·2020·7461·6773··ntainer"].··tags000a9230:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
 000a9240:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
 000a9250:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
 000a9260:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
 000a9270:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
 000a9280:·5d0a·2020·2d20·2722·6175·6469·7422·2069··].··-·'"audit"·i
 000a9290:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
 000a92a0:·7061·636b·6167·6573·270a·2020·7461·6773··packages'.··tags
000a92b0:·3a0a·2020·2d20·4343·452d·3830·3638·352d··:.··-·CCE-80685-000a92b0:·3a0a·2020·2d20·4343·452d·3830·3638·352d··:.··-·CCE-80685-
000a92c0:·310a·2020·2d20·434a·4953·2d35·2e34·2e31··1.··-·CJIS-5.4.1000a92c0:·310a·2020·2d20·434a·4953·2d35·2e34·2e31··1.··-·CJIS-5.4.1
000a92d0:·2e31·0a20·202d·2044·4953·412d·5354·4947··.1.··-·DISA-STIG000a92d0:·2e31·0a20·202d·2044·4953·412d·5354·4947··.1.··-·DISA-STIG
000a92e0:·2d52·4845·4c2d·3038·2d30·3330·3439·300a··-RHEL-08-030490.000a92e0:·2d52·4845·4c2d·3038·2d30·3330·3439·300a··-RHEL-08-030490.
000a92f0:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-171000a92f0:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-171
000a9300:·2d33·2e31·2e37·0a20·202d·204e·4953·542d··-3.1.7.··-·NIST-000a9300:·2d33·2e31·2e37·0a20·202d·204e·4953·542d··-3.1.7.··-·NIST-
000a9310:·3830·302d·3533·2d41·552d·3132·2863·290a··800-53-AU-12(c).000a9310:·3830·302d·3533·2d41·552d·3132·2863·290a··800-53-AU-12(c).
Offset 43605, 23 lines modifiedOffset 43605, 23 lines modified
000aa540:·7065·726d·5f6d·6f64·0a20·2020·2020·2063··perm_mod.······c000aa540:·7065·726d·5f6d·6f64·0a20·2020·2020·2063··perm_mod.······c
000aa550:·7265·6174·653a·2074·7275·650a·2020·2020··reate:·true.····000aa550:·7265·6174·653a·2074·7275·650a·2020·2020··reate:·true.····
000aa560:·2020·6d6f·6465·3a20·6f2d·7277·780a·2020····mode:·o-rwx.··000aa560:·2020·6d6f·6465·3a20·6f2d·7277·780a·2020····mode:·o-rwx.··
000aa570:·2020·2020·7374·6174·653a·2070·7265·7365······state:·prese000aa570:·2020·2020·7374·6174·653a·2070·7265·7365······state:·prese
000aa580:·6e74·0a20·2020·2077·6865·6e3a·2073·7973··nt.····when:·sys000aa580:·6e74·0a20·2020·2077·6865·6e3a·2073·7973··nt.····when:·sys
000aa590:·6361·6c6c·735f·666f·756e·6420·7c20·6c65··calls_found·|·le000aa590:·6361·6c6c·735f·666f·756e·6420·7c20·6c65··calls_found·|·le
000aa5a0:·6e67·7468·203d·3d20·300a·2020·7768·656e··ngth·==·0.··when000aa5a0:·6e67·7468·203d·3d20·300a·2020·7768·656e··ngth·==·0.··when
000aa5b0:·3a0a·2020·2d20·2722·6175·6469·7422·2069··:.··-·'"audit"·i 
000aa5c0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
000aa5d0:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an 
000aa5e0:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza 
000aa5f0:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in 
000aa600:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc 
000aa610:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po 
000aa620:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe000aa5b0:·3a0a·2020·2d20·616e·7369·626c·655f·7669··:.··-·ansible_vi
 000aa5c0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
 000aa5d0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
 000aa5e0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
 000aa5f0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
 000aa600:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·
 000aa610:·2722·6175·6469·7422·2069·6e20·616e·7369··'"audit"·in·ansi
 000aa620:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
000aa630:·7222·5d0a·2020·2d20·6175·6469·745f·6172··r"].··-·audit_ar000aa630:·6573·270a·2020·2d20·6175·6469·745f·6172··es'.··-·audit_ar
000aa640:·6368·203d·3d20·2262·3634·220a·2020·7461··ch·==·"b64".··ta000aa640:·6368·203d·3d20·2262·3634·220a·2020·7461··ch·==·"b64".··ta
000aa650:·6773·3a0a·2020·2d20·4343·452d·3830·3638··gs:.··-·CCE-8068000aa650:·6773·3a0a·2020·2d20·4343·452d·3830·3638··gs:.··-·CCE-8068
000aa660:·352d·310a·2020·2d20·434a·4953·2d35·2e34··5-1.··-·CJIS-5.4000aa660:·352d·310a·2020·2d20·434a·4953·2d35·2e34··5-1.··-·CJIS-5.4
000aa670:·2e31·2e31·0a20·202d·2044·4953·412d·5354··.1.1.··-·DISA-ST000aa670:·2e31·2e31·0a20·202d·2044·4953·412d·5354··.1.1.··-·DISA-ST
000aa680:·4947·2d52·4845·4c2d·3038·2d30·3330·3439··IG-RHEL-08-03049000aa680:·4947·2d52·4845·4c2d·3038·2d30·3330·3439··IG-RHEL-08-03049
000aa690:·300a·2020·2d20·4e49·5354·2d38·3030·2d31··0.··-·NIST-800-1000aa690:·300a·2020·2d20·4e49·5354·2d38·3030·2d31··0.··-·NIST-800-1
000aa6a0:·3731·2d33·2e31·2e37·0a20·202d·204e·4953··71-3.1.7.··-·NIS000aa6a0:·3731·2d33·2e31·2e37·0a20·202d·204e·4953··71-3.1.7.··-·NIS
Offset 43656, 20 lines modifiedOffset 43656, 20 lines modified
000aa870:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col000aa870:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col
000aa880:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·000aa880:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·
000aa890:·6964·3d22·6964·6d32·3538·3330·223e·3c70··id="idm25830"><p000aa890:·6964·3d22·6964·6d32·3538·3330·223e·3c70··id="idm25830"><p
000aa8a0:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed000aa8a0:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed
000aa8b0:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic000aa8b0:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic
000aa8c0:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer000aa8c0:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer
000aa8d0:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i000aa8d0:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i
000aa8e0:·6620·7270·6d20·2d2d·7175·6965·7420·2d71··f·rpm·--quiet·-q 
000aa8f0:·2061·7564·6974·2026·616d·703b·2661·6d70···audit·&amp;&amp 
000aa900:·3b20·5b20·2120·2d66·202f·2e64·6f63·6b65··;·[·!·-f·/.docke000aa8e0:·6620·5b20·2120·2d66·202f·2e64·6f63·6b65··f·[·!·-f·/.docke
000aa910:·7265·6e76·205d·2026·616d·703b·2661·6d70··renv·]·&amp;&amp000aa8f0:·7265·6e76·205d·2026·616d·703b·2661·6d70··renv·]·&amp;&amp
000aa920:·3b20·5b20·2120·2d66·202f·7275·6e2f·2e63··;·[·!·-f·/run/.c000aa900:·3b20·5b20·2120·2d66·202f·7275·6e2f·2e63··;·[·!·-f·/run/.c
000aa930:·6f6e·7461·696e·6572·656e·7620·5d3b·2074··ontainerenv·];·t000aa910:·6f6e·7461·696e·6572·656e·7620·5d20·2661··ontainerenv·]·&a
 000aa920:·6d70·3b26·616d·703b·2072·706d·202d·2d71··mp;&amp;·rpm·--q
 000aa930:·7569·6574·202d·7120·6175·6469·743b·2074··uiet·-q·audit;·t
000aa940:·6865·6e0a·0a23·2046·6972·7374·2070·6572··hen..#·First·per000aa940:·6865·6e0a·0a23·2046·6972·7374·2070·6572··hen..#·First·per
000aa950:·666f·726d·2074·6865·2072·656d·6564·6961··form·the·remedia000aa950:·666f·726d·2074·6865·2072·656d·6564·6961··form·the·remedia
000aa960:·7469·6f6e·206f·6620·7468·6520·7379·7363··tion·of·the·sysc000aa960:·7469·6f6e·206f·6620·7468·6520·7379·7363··tion·of·the·sysc
000aa970:·616c·6c20·7275·6c65·0a23·2052·6574·7269··all·rule.#·Retri000aa970:·616c·6c20·7275·6c65·0a23·2052·6574·7269··all·rule.#·Retri
Max diff block lines reached; 406997/416511 bytes (97.72%) of diff not shown.
125 KB
html2text {}
    
Offset 51, 15 lines modifiedOffset 51, 15 lines modified
51 ····*·cpe:/o:redhat:enterprise_linux:8.651 ····*·cpe:/o:redhat:enterprise_linux:8.6
52 ····*·cpe:/o:redhat:enterprise_linux:8.752 ····*·cpe:/o:redhat:enterprise_linux:8.7
53 ····*·cpe:/o:redhat:enterprise_linux:8.853 ····*·cpe:/o:redhat:enterprise_linux:8.8
54 ····*·cpe:/o:redhat:enterprise_linux:8.954 ····*·cpe:/o:redhat:enterprise_linux:8.9
55 ····*·cpe:/o:redhat:enterprise_linux:855 ····*·cpe:/o:redhat:enterprise_linux:8
56 *****·Revision·History·*****56 *****·Revision·History·*****
57 Current·version:·0.1.6557 Current·version:·0.1.65
58 ····*·draft·(as·of·2024-01-14)58 ····*·draft·(as·of·2025-02-15)
59 *****·Table·of·Contents·*****59 *****·Table·of·Contents·*****
60 ···1.·System_Settings60 ···1.·System_Settings
61 ·········1.·Installing_and_Maintaining_Software61 ·········1.·Installing_and_Maintaining_Software
62 ·········2.·Account_and_Access_Control62 ·········2.·Account_and_Access_Control
63 ·········3.·System_Accounting_with_auditd63 ·········3.·System_Accounting_with_auditd
64 ·········4.·GRUB2_bootloader_configuration64 ·········4.·GRUB2_bootloader_configuration
65 ·········5.·Network_Configuration_and_Firewalls65 ·········5.·Network_Configuration_and_Firewalls
Offset 4527, 16 lines modifiedOffset 4527, 16 lines modified
4527 ··-·reboot_required4527 ··-·reboot_required
4528 ··-·restrict_strategy4528 ··-·restrict_strategy
  
4529 -·name:·Set·architecture·for·audit·chmod·tasks4529 -·name:·Set·architecture·for·audit·chmod·tasks
4530 ··set_fact:4530 ··set_fact:
4531 ····audit_arch:·b644531 ····audit_arch:·b64
4532 ··when:4532 ··when:
4533 ··-·'"audit"·in·ansible_facts.packages' 
4534 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4533 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4534 ··-·'"audit"·in·ansible_facts.packages'
4535 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture4535 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
4536 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"4536 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
4537 ··tags:4537 ··tags:
4538 ··-·CCE-80685-14538 ··-·CCE-80685-1
4539 ··-·CJIS-5.4.1.14539 ··-·CJIS-5.4.1.1
4540 ··-·DISA-STIG-RHEL-08-0304904540 ··-·DISA-STIG-RHEL-08-030490
4541 ··-·NIST-800-171-3.1.74541 ··-·NIST-800-171-3.1.7
Offset 4674, 16 lines modifiedOffset 4674, 16 lines modified
4674 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10004674 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
4675 ········-F·auid!=unset·-F·key=perm_mod4675 ········-F·auid!=unset·-F·key=perm_mod
4676 ······create:·true4676 ······create:·true
4677 ······mode:·o-rwx4677 ······mode:·o-rwx
4678 ······state:·present4678 ······state:·present
4679 ····when:·syscalls_found·|·length·==·04679 ····when:·syscalls_found·|·length·==·0
4680 ··when:4680 ··when:
4681 ··-·'"audit"·in·ansible_facts.packages' 
4682 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4681 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4682 ··-·'"audit"·in·ansible_facts.packages'
4683 ··tags:4683 ··tags:
4684 ··-·CCE-80685-14684 ··-·CCE-80685-1
4685 ··-·CJIS-5.4.1.14685 ··-·CJIS-5.4.1.1
4686 ··-·DISA-STIG-RHEL-08-0304904686 ··-·DISA-STIG-RHEL-08-030490
4687 ··-·NIST-800-171-3.1.74687 ··-·NIST-800-171-3.1.7
4688 ··-·NIST-800-53-AU-12(c)4688 ··-·NIST-800-53-AU-12(c)
4689 ··-·NIST-800-53-AU-2(d)4689 ··-·NIST-800-53-AU-2(d)
Offset 4819, 16 lines modifiedOffset 4819, 16 lines modified
4819 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10004819 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
4820 ········-F·auid!=unset·-F·key=perm_mod4820 ········-F·auid!=unset·-F·key=perm_mod
4821 ······create:·true4821 ······create:·true
4822 ······mode:·o-rwx4822 ······mode:·o-rwx
4823 ······state:·present4823 ······state:·present
4824 ····when:·syscalls_found·|·length·==·04824 ····when:·syscalls_found·|·length·==·0
4825 ··when:4825 ··when:
4826 ··-·'"audit"·in·ansible_facts.packages' 
4827 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4826 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4827 ··-·'"audit"·in·ansible_facts.packages'
4828 ··-·audit_arch·==·"b64"4828 ··-·audit_arch·==·"b64"
4829 ··tags:4829 ··tags:
4830 ··-·CCE-80685-14830 ··-·CCE-80685-1
4831 ··-·CJIS-5.4.1.14831 ··-·CJIS-5.4.1.1
4832 ··-·DISA-STIG-RHEL-08-0304904832 ··-·DISA-STIG-RHEL-08-030490
4833 ··-·NIST-800-171-3.1.74833 ··-·NIST-800-171-3.1.7
4834 ··-·NIST-800-53-AU-12(c)4834 ··-·NIST-800-53-AU-12(c)
Offset 4839, 15 lines modifiedOffset 4839, 15 lines modified
4839 ··-·low_complexity4839 ··-·low_complexity
4840 ··-·low_disruption4840 ··-·low_disruption
4841 ··-·medium_severity4841 ··-·medium_severity
4842 ··-·reboot_required4842 ··-·reboot_required
4843 ··-·restrict_strategy4843 ··-·restrict_strategy
4844 Remediation_Shell_script_⇲4844 Remediation_Shell_script_⇲
4845 #·Remediation·is·applicable·only·in·certain·platforms4845 #·Remediation·is·applicable·only·in·certain·platforms
4846 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then4846 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
4847 #·First·perform·the·remediation·of·the·syscall·rule4847 #·First·perform·the·remediation·of·the·syscall·rule
4848 #·Retrieve·hardware·architecture·of·the·underlying·system4848 #·Retrieve·hardware·architecture·of·the·underlying·system
4849 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")4849 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
4850 for·ARCH·in·"${RULE_ARCHS[@]}"4850 for·ARCH·in·"${RULE_ARCHS[@]}"
4851 do4851 do
Offset 5210, 16 lines modifiedOffset 5210, 16 lines modified
5210 ··-·reboot_required5210 ··-·reboot_required
5211 ··-·restrict_strategy5211 ··-·restrict_strategy
  
5212 -·name:·Set·architecture·for·audit·chown·tasks5212 -·name:·Set·architecture·for·audit·chown·tasks
5213 ··set_fact:5213 ··set_fact:
5214 ····audit_arch:·b645214 ····audit_arch:·b64
5215 ··when:5215 ··when:
5216 ··-·'"audit"·in·ansible_facts.packages' 
5217 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5216 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5217 ··-·'"audit"·in·ansible_facts.packages'
5218 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture5218 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
5219 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"5219 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
5220 ··tags:5220 ··tags:
5221 ··-·CCE-80686-95221 ··-·CCE-80686-9
5222 ··-·CJIS-5.4.1.15222 ··-·CJIS-5.4.1.1
5223 ··-·DISA-STIG-RHEL-08-0304805223 ··-·DISA-STIG-RHEL-08-030480
5224 ··-·NIST-800-171-3.1.75224 ··-·NIST-800-171-3.1.7
Offset 5359, 16 lines modifiedOffset 5359, 16 lines modified
5359 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10005359 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
5360 ········-F·auid!=unset·-F·key=perm_mod5360 ········-F·auid!=unset·-F·key=perm_mod
5361 ······create:·true5361 ······create:·true
5362 ······mode:·o-rwx5362 ······mode:·o-rwx
5363 ······state:·present5363 ······state:·present
5364 ····when:·syscalls_found·|·length·==·05364 ····when:·syscalls_found·|·length·==·0
5365 ··when:5365 ··when:
5366 ··-·'"audit"·in·ansible_facts.packages' 
5367 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5366 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5367 ··-·'"audit"·in·ansible_facts.packages'
5368 ··tags:5368 ··tags:
5369 ··-·CCE-80686-95369 ··-·CCE-80686-9
5370 ··-·CJIS-5.4.1.15370 ··-·CJIS-5.4.1.1
5371 ··-·DISA-STIG-RHEL-08-0304805371 ··-·DISA-STIG-RHEL-08-030480
5372 ··-·NIST-800-171-3.1.75372 ··-·NIST-800-171-3.1.7
5373 ··-·NIST-800-53-AU-12(c)5373 ··-·NIST-800-53-AU-12(c)
5374 ··-·NIST-800-53-AU-2(d)5374 ··-·NIST-800-53-AU-2(d)
Offset 5506, 16 lines modifiedOffset 5506, 16 lines modified
5506 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10005506 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
5507 ········-F·auid!=unset·-F·key=perm_mod5507 ········-F·auid!=unset·-F·key=perm_mod
5508 ······create:·true5508 ······create:·true
5509 ······mode:·o-rwx5509 ······mode:·o-rwx
5510 ······state:·present5510 ······state:·present
Max diff block lines reached; 123397/127870 bytes (96.50%) of diff not shown.
32.0 KB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-cui.html
    
Offset 14468, 16 lines modifiedOffset 14468, 16 lines modified
00038830:·6973·696f·6e20·4869·7374·6f72·793c·2f68··ision·History</h00038830:·6973·696f·6e20·4869·7374·6f72·793c·2f68··ision·History</h
00038840:·323e·3c70·3e43·7572·7265·6e74·2076·6572··2><p>Current·ver00038840:·323e·3c70·3e43·7572·7265·6e74·2076·6572··2><p>Current·ver
00038850:·7369·6f6e·3a20·3c73·7472·6f6e·673e·302e··sion:·<strong>0.00038850:·7369·6f6e·3a20·3c73·7472·6f6e·673e·302e··sion:·<strong>0.
00038860:·312e·3635·3c2f·7374·726f·6e67·3e3c·2f70··1.65</strong></p00038860:·312e·3635·3c2f·7374·726f·6e67·3e3c·2f70··1.65</strong></p
00038870:·3e3c·756c·3e3c·6c69·3e3c·7374·726f·6e67··><ul><li><strong00038870:·3e3c·756c·3e3c·6c69·3e3c·7374·726f·6e67··><ul><li><strong
00038880:·3e64·7261·6674·3c2f·7374·726f·6e67·3e0a··>draft</strong>.00038880:·3e64·7261·6674·3c2f·7374·726f·6e67·3e0a··>draft</strong>.
00038890:·2020·2020·2020·2020·2020·2020·2020·2020··················00038890:·2020·2020·2020·2020·2020·2020·2020·2020··················
000388a0:·2020·2020·2861·7320·6f66·2032·3032·342d······(as·of·2024-000388a0:·2020·2020·2861·7320·6f66·2032·3032·352d······(as·of·2025-
000388b0:·3031·2d31·3429·0a20·2020·2020·2020·2020··01-14).·········000388b0:·3032·2d31·3529·0a20·2020·2020·2020·2020··02-15).·········
000388c0:·2020·2020·2020·203c·2f6c·693e·3c2f·756c·········</li></ul000388c0:·2020·2020·2020·203c·2f6c·693e·3c2f·756c·········</li></ul
000388d0:·3e3c·2f64·6976·3e3c·6832·3e54·6162·6c65··></div><h2>Table000388d0:·3e3c·2f64·6976·3e3c·6832·3e54·6162·6c65··></div><h2>Table
000388e0:·206f·6620·436f·6e74·656e·7473·3c2f·6832···of·Contents</h2000388e0:·206f·6620·436f·6e74·656e·7473·3c2f·6832···of·Contents</h2
000388f0:·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872·6566··><ol><li><a·href000388f0:·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872·6566··><ol><li><a·href
00038900:·3d22·2378·6363·6466·5f6f·7267·2e73·7367··="#xccdf_org.ssg00038900:·3d22·2378·6363·6466·5f6f·7267·2e73·7367··="#xccdf_org.ssg
00038910:·7072·6f6a·6563·742e·636f·6e74·656e·745f··project.content_00038910:·7072·6f6a·6563·742e·636f·6e74·656e·745f··project.content_
00038920:·6772·6f75·705f·7379·7374·656d·223e·5379··group_system">Sy00038920:·6772·6f75·705f·7379·7374·656d·223e·5379··group_system">Sy
Offset 61057, 23 lines modifiedOffset 61057, 23 lines modified
000ee800:·660a·2020·2020·7265·6765·7870·3a20·5e5c··f.····regexp:·^\000ee800:·660a·2020·2020·7265·6765·7870·3a20·5e5c··f.····regexp:·^\
000ee810:·732a·666c·7573·685c·732a·3d5c·732a·2e2a··s*flush\s*=\s*.*000ee810:·732a·666c·7573·685c·732a·3d5c·732a·2e2a··s*flush\s*=\s*.*
000ee820:·240a·2020·2020·6c69·6e65·3a20·666c·7573··$.····line:·flus000ee820:·240a·2020·2020·6c69·6e65·3a20·666c·7573··$.····line:·flus
000ee830:·6820·3d20·7b7b·2076·6172·5f61·7564·6974··h·=·{{·var_audit000ee830:·6820·3d20·7b7b·2076·6172·5f61·7564·6974··h·=·{{·var_audit
000ee840:·645f·666c·7573·6820·7d7d·0a20·2020·2073··d_flush·}}.····s000ee840:·645f·666c·7573·6820·7d7d·0a20·2020·2073··d_flush·}}.····s
000ee850:·7461·7465·3a20·7072·6573·656e·740a·2020··tate:·present.··000ee850:·7461·7465·3a20·7072·6573·656e·740a·2020··tate:·present.··
000ee860:·2020·6372·6561·7465·3a20·7472·7565·0a20····create:·true.·000ee860:·2020·6372·6561·7465·3a20·7472·7565·0a20····create:·true.·
000ee870:·2077·6865·6e3a·0a20·202d·2027·2261·7564···when:.··-·'"aud000ee870:·2077·6865·6e3a·0a20·202d·2061·6e73·6962···when:.··-·ansib
000ee880:·6974·2220·696e·2061·6e73·6962·6c65·5f66··it"·in·ansible_f 
000ee890:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.· 
000ee8a0:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu 
000ee8b0:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n 
000ee8c0:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker", 
000ee8d0:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz" 
000ee8e0:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con 
000ee8f0:·7461·696e·6572·225d·0a20·2074·6167·733a··tainer"].··tags:000ee880:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio
 000ee890:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["
 000ee8a0:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·
 000ee8b0:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma
 000ee8c0:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]
 000ee8d0:·0a20·202d·2027·2261·7564·6974·2220·696e··.··-·'"audit"·in
 000ee8e0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p
 000ee8f0:·6163·6b61·6765·7327·0a20·2074·6167·733a··ackages'.··tags:
000ee900:·0a20·202d·2043·4345·2d38·3036·3830·2d32··.··-·CCE-80680-2000ee900:·0a20·202d·2043·4345·2d38·3036·3830·2d32··.··-·CCE-80680-2
000ee910:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17000ee910:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17
000ee920:·312d·332e·332e·310a·2020·2d20·4e49·5354··1-3.3.1.··-·NIST000ee920:·312d·332e·332e·310a·2020·2d20·4e49·5354··1-3.3.1.··-·NIST
000ee930:·2d38·3030·2d35·332d·4155·2d31·310a·2020··-800-53-AU-11.··000ee930:·2d38·3030·2d35·332d·4155·2d31·310a·2020··-800-53-AU-11.··
000ee940:·2d20·4e49·5354·2d38·3030·2d35·332d·434d··-·NIST-800-53-CM000ee940:·2d20·4e49·5354·2d38·3030·2d35·332d·434d··-·NIST-800-53-CM
000ee950:·2d36·2861·290a·2020·2d20·6175·6469·7464··-6(a).··-·auditd000ee950:·2d36·2861·290a·2020·2d20·6175·6469·7464··-6(a).··-·auditd
000ee960:·5f64·6174·615f·7265·7465·6e74·696f·6e5f··_data_retention_000ee960:·5f64·6174·615f·7265·7465·6e74·696f·6e5f··_data_retention_
Offset 61100, 21 lines modifiedOffset 61100, 21 lines modified
000eeab0:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa000eeab0:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa
000eeac0:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col000eeac0:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col
000eead0:·6c61·7073·6522·2069·643d·2269·646d·3338··lapse"·id="idm38000eead0:·6c61·7073·6522·2069·643d·2269·646d·3338··lapse"·id="idm38
000eeae0:·3838·3122·3e3c·7072·653e·3c63·6f64·653e··881"><pre><code>000eeae0:·3838·3122·3e3c·7072·653e·3c63·6f64·653e··881"><pre><code>
000eeaf0:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is000eeaf0:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is
000eeb00:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only000eeb00:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only
000eeb10:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat000eeb10:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat
000eeb20:·666f·726d·730a·6966·2072·706d·202d·2d71··forms.if·rpm·--q000eeb20:·666f·726d·730a·6966·205b·2021·202d·6620··forms.if·[·!·-f·
000eeb30:·7569·6574·202d·7120·6175·6469·7420·2661··uiet·-q·audit·&a000eeb30:·2f2e·646f·636b·6572·656e·7620·5d20·2661··/.dockerenv·]·&a
000eeb40:·6d70·3b26·616d·703b·205b·2021·202d·6620··mp;&amp;·[·!·-f·000eeb40:·6d70·3b26·616d·703b·205b·2021·202d·6620··mp;&amp;·[·!·-f·
000eeb50:·2f2e·646f·636b·6572·656e·7620·5d20·2661··/.dockerenv·]·&a 
000eeb60:·6d70·3b26·616d·703b·205b·2021·202d·6620··mp;&amp;·[·!·-f· 
000eeb70:·2f72·756e·2f2e·636f·6e74·6169·6e65·7265··/run/.containere000eeb50:·2f72·756e·2f2e·636f·6e74·6169·6e65·7265··/run/.containere
 000eeb60:·6e76·205d·2026·616d·703b·2661·6d70·3b20··nv·]·&amp;&amp;·
 000eeb70:·7270·6d20·2d2d·7175·6965·7420·2d71·2061··rpm·--quiet·-q·a
000eeb80:·6e76·205d·3b20·7468·656e·0a0a·7661·725f··nv·];·then..var_000eeb80:·7564·6974·3b20·7468·656e·0a0a·7661·725f··udit;·then..var_
000eeb90:·6175·6469·7464·5f66·6c75·7368·3d27·3c61··auditd_flush='<a000eeb90:·6175·6469·7464·5f66·6c75·7368·3d27·3c61··auditd_flush='<a
000eeba0:·6262·7220·7469·746c·653d·2266·726f·6d20··bbr·title="from·000eeba0:·6262·7220·7469·746c·653d·2266·726f·6d20··bbr·title="from·
000eebb0:·5072·6f66·696c·652f·7265·6669·6e65·2d76··Profile/refine-v000eebb0:·5072·6f66·696c·652f·7265·6669·6e65·2d76··Profile/refine-v
000eebc0:·616c·7565·3a20·7863·6364·665f·6f72·672e··alue:·xccdf_org.000eebc0:·616c·7565·3a20·7863·6364·665f·6f72·672e··alue:·xccdf_org.
000eebd0:·7373·6770·726f·6a65·6374·2e63·6f6e·7465··ssgproject.conte000eebd0:·7373·6770·726f·6a65·6374·2e63·6f6e·7465··ssgproject.conte
000eebe0:·6e74·5f76·616c·7565·5f76·6172·5f61·7564··nt_value_var_aud000eebe0:·6e74·5f76·616c·7565·5f76·6172·5f61·7564··nt_value_var_aud
000eebf0:·6974·645f·666c·7573·6822·3e69·6e63·7265··itd_flush">incre000eebf0:·6974·645f·666c·7573·6822·3e69·6e63·7265··itd_flush">incre
Offset 61602, 22 lines modifiedOffset 61602, 22 lines modified
000f0a10:·6f6e·660a·2020·2020·2020·6372·6561·7465··onf.······create000f0a10:·6f6e·660a·2020·2020·2020·6372·6561·7465··onf.······create
000f0a20:·3a20·7472·7565·0a20·2020·2020·2072·6567··:·true.······reg000f0a20:·3a20·7472·7565·0a20·2020·2020·2072·6567··:·true.······reg
000f0a30:·6578·703a·2028·3f69·295e·5c73·2a66·7265··exp:·(?i)^\s*fre000f0a30:·6578·703a·2028·3f69·295e·5c73·2a66·7265··exp:·(?i)^\s*fre
000f0a40:·715c·732a·3d5c·732a·0a20·2020·2020·206c··q\s*=\s*.······l000f0a40:·715c·732a·3d5c·732a·0a20·2020·2020·206c··q\s*=\s*.······l
000f0a50:·696e·653a·2066·7265·7120·3d20·3530·0a20··ine:·freq·=·50.·000f0a50:·696e·653a·2066·7265·7120·3d20·3530·0a20··ine:·freq·=·50.·
000f0a60:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres000f0a60:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres
000f0a70:·656e·740a·2020·7768·656e·3a0a·2020·2d20··ent.··when:.··-·000f0a70:·656e·740a·2020·7768·656e·3a0a·2020·2d20··ent.··when:.··-·
000f0a80:·2722·6175·6469·7422·2069·6e20·616e·7369··'"audit"·in·ansi 
000f0a90:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag 
000f0aa0:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_ 
000f0ab0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t 
000f0ac0:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc 
000f0ad0:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op 
000f0ae0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman", 
000f0af0:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··000f0a80:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
 000f0a90:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
 000f0aa0:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
 000f0ab0:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
 000f0ac0:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
 000f0ad0:·6e65·7222·5d0a·2020·2d20·2722·6175·6469··ner"].··-·'"audi
 000f0ae0:·7422·2069·6e20·616e·7369·626c·655f·6661··t"·in·ansible_fa
 000f0af0:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
000f0b00:·7461·6773·3a0a·2020·2d20·4343·452d·3832··tags:.··-·CCE-82000f0b00:·7461·6773·3a0a·2020·2d20·4343·452d·3832··tags:.··-·CCE-82
000f0b10:·3235·382d·350a·2020·2d20·4e49·5354·2d38··258-5.··-·NIST-8000f0b10:·3235·382d·350a·2020·2d20·4e49·5354·2d38··258-5.··-·NIST-8
000f0b20:·3030·2d35·332d·434d·2d36·0a20·202d·2061··00-53-CM-6.··-·a000f0b20:·3030·2d35·332d·434d·2d36·0a20·202d·2061··00-53-CM-6.··-·a
000f0b30:·7564·6974·645f·6672·6571·0a20·202d·206c··uditd_freq.··-·l000f0b30:·7564·6974·645f·6672·6571·0a20·202d·206c··uditd_freq.··-·l
000f0b40:·6f77·5f63·6f6d·706c·6578·6974·790a·2020··ow_complexity.··000f0b40:·6f77·5f63·6f6d·706c·6578·6974·790a·2020··ow_complexity.··
000f0b50:·2d20·6c6f·775f·6469·7372·7570·7469·6f6e··-·low_disruption000f0b50:·2d20·6c6f·775f·6469·7372·7570·7469·6f6e··-·low_disruption
000f0b60:·0a20·202d·206d·6564·6975·6d5f·7365·7665··.··-·medium_seve000f0b60:·0a20·202d·206d·6564·6975·6d5f·7365·7665··.··-·medium_seve
Offset 61653, 21 lines modifiedOffset 61653, 21 lines modified
000f0d40:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<000f0d40:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<
000f0d50:·2f74·683e·3c74·643e·7265·7374·7269·6374··/th><td>restrict000f0d50:·2f74·683e·3c74·643e·7265·7374·7269·6374··/th><td>restrict
000f0d60:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl000f0d60:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl
000f0d70:·653e·3c70·7265·3e3c·636f·6465·3e23·2052··e><pre><code>#·R000f0d70:·653e·3c70·7265·3e3c·636f·6465·3e23·2052··e><pre><code>#·R
000f0d80:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap000f0d80:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap
000f0d90:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in000f0d90:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in
000f0da0:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor000f0da0:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor
000f0db0:·6d73·0a69·6620·7270·6d20·2d2d·7175·6965··ms.if·rpm·--quie 
000f0dc0:·7420·2d71·2061·7564·6974·2026·616d·703b··t·-q·audit·&amp; 
000f0dd0:·2661·6d70·3b20·5b20·2120·2d66·202f·2e64··&amp;·[·!·-f·/.d000f0db0:·6d73·0a69·6620·5b20·2120·2d66·202f·2e64··ms.if·[·!·-f·/.d
000f0de0:·6f63·6b65·7265·6e76·205d·2026·616d·703b··ockerenv·]·&amp;000f0dc0:·6f63·6b65·7265·6e76·205d·2026·616d·703b··ockerenv·]·&amp;
000f0df0:·2661·6d70·3b20·5b20·2120·2d66·202f·7275··&amp;·[·!·-f·/ru000f0dd0:·2661·6d70·3b20·5b20·2120·2d66·202f·7275··&amp;·[·!·-f·/ru
000f0e00:·6e2f·2e63·6f6e·7461·696e·6572·656e·7620··n/.containerenv·000f0de0:·6e2f·2e63·6f6e·7461·696e·6572·656e·7620··n/.containerenv·
 000f0df0:·5d20·2661·6d70·3b26·616d·703b·2072·706d··]·&amp;&amp;·rpm
 000f0e00:·202d·2d71·7569·6574·202d·7120·6175·6469···--quiet·-q·audi
000f0e10:·5d3b·2074·6865·6e0a·0a69·6620·5b20·2d65··];·then..if·[·-e000f0e10:·743b·2074·6865·6e0a·0a69·6620·5b20·2d65··t;·then..if·[·-e
000f0e20:·2022·2f65·7463·2f61·7564·6974·2f61·7564···"/etc/audit/aud000f0e20:·2022·2f65·7463·2f61·7564·6974·2f61·7564···"/etc/audit/aud
000f0e30:·6974·642e·636f·6e66·2220·5d20·3b20·7468··itd.conf"·]·;·th000f0e30:·6974·642e·636f·6e66·2220·5d20·3b20·7468··itd.conf"·]·;·th
000f0e40:·656e·0a20·2020·200a·2020·2020·4c43·5f41··en.····.····LC_A000f0e40:·656e·0a20·2020·200a·2020·2020·4c43·5f41··en.····.····LC_A
000f0e50:·4c4c·3d43·2073·6564·202d·6920·222f·5e5c··LL=C·sed·-i·"/^\000f0e50:·4c4c·3d43·2073·6564·202d·6920·222f·5e5c··LL=C·sed·-i·"/^\
000f0e60:·732a·6672·6571·5c73·2a3d·5c73·2a2f·4964··s*freq\s*=\s*/Id000f0e60:·732a·6672·6571·5c73·2a3d·5c73·2a2f·4964··s*freq\s*=\s*/Id
000f0e70:·2220·222f·6574·632f·6175·6469·742f·6175··"·"/etc/audit/au000f0e70:·2220·222f·6574·632f·6175·6469·742f·6175··"·"/etc/audit/au
000f0e80:·6469·7464·2e63·6f6e·6622·0a65·6c73·650a··ditd.conf".else.000f0e80:·6469·7464·2e63·6f6e·6622·0a65·6c73·650a··ditd.conf".else.
Offset 62115, 23 lines modifiedOffset 62115, 23 lines modified
000f2a20:·2063·7265·6174·653a·2074·7275·650a·2020···create:·true.··000f2a20:·2063·7265·6174·653a·2074·7275·650a·2020···create:·true.··
Max diff block lines reached; 16121/25730 bytes (62.65%) of diff not shown.
6.72 KB
html2text {}
    
Offset 61, 15 lines modifiedOffset 61, 15 lines modified
61 ····*·cpe:/o:redhat:enterprise_linux:8.661 ····*·cpe:/o:redhat:enterprise_linux:8.6
62 ····*·cpe:/o:redhat:enterprise_linux:8.762 ····*·cpe:/o:redhat:enterprise_linux:8.7
63 ····*·cpe:/o:redhat:enterprise_linux:8.863 ····*·cpe:/o:redhat:enterprise_linux:8.8
64 ····*·cpe:/o:redhat:enterprise_linux:8.964 ····*·cpe:/o:redhat:enterprise_linux:8.9
65 ····*·cpe:/o:redhat:enterprise_linux:865 ····*·cpe:/o:redhat:enterprise_linux:8
66 *****·Revision·History·*****66 *****·Revision·History·*****
67 Current·version:·0.1.6567 Current·version:·0.1.65
68 ····*·draft·(as·of·2024-01-14)68 ····*·draft·(as·of·2025-02-15)
69 *****·Table·of·Contents·*****69 *****·Table·of·Contents·*****
70 ···1.·System_Settings70 ···1.·System_Settings
71 ·········1.·Installing_and_Maintaining_Software71 ·········1.·Installing_and_Maintaining_Software
72 ·········2.·Account_and_Access_Control72 ·········2.·Account_and_Access_Control
73 ·········3.·System_Accounting_with_auditd73 ·········3.·System_Accounting_with_auditd
74 ·········4.·GRUB2_bootloader_configuration74 ·········4.·GRUB2_bootloader_configuration
75 ·········5.·zIPL_bootloader_configuration75 ·········5.·zIPL_bootloader_configuration
Offset 7948, 30 lines modifiedOffset 7948, 30 lines modified
7948 ··lineinfile:7948 ··lineinfile:
7949 ····dest:·/etc/audit/auditd.conf7949 ····dest:·/etc/audit/auditd.conf
7950 ····regexp:·^\s*flush\s*=\s*.*$7950 ····regexp:·^\s*flush\s*=\s*.*$
7951 ····line:·flush·=·{{·var_auditd_flush·}}7951 ····line:·flush·=·{{·var_auditd_flush·}}
7952 ····state:·present7952 ····state:·present
7953 ····create:·true7953 ····create:·true
7954 ··when:7954 ··when:
7955 ··-·'"audit"·in·ansible_facts.packages' 
7956 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]7955 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 7956 ··-·'"audit"·in·ansible_facts.packages'
7957 ··tags:7957 ··tags:
7958 ··-·CCE-80680-27958 ··-·CCE-80680-2
7959 ··-·NIST-800-171-3.3.17959 ··-·NIST-800-171-3.3.1
7960 ··-·NIST-800-53-AU-117960 ··-·NIST-800-53-AU-11
7961 ··-·NIST-800-53-CM-6(a)7961 ··-·NIST-800-53-CM-6(a)
7962 ··-·auditd_data_retention_flush7962 ··-·auditd_data_retention_flush
7963 ··-·low_complexity7963 ··-·low_complexity
7964 ··-·low_disruption7964 ··-·low_disruption
7965 ··-·medium_severity7965 ··-·medium_severity
7966 ··-·no_reboot_needed7966 ··-·no_reboot_needed
7967 ··-·restrict_strategy7967 ··-·restrict_strategy
7968 Remediation_Shell_script_⇲7968 Remediation_Shell_script_⇲
7969 #·Remediation·is·applicable·only·in·certain·platforms7969 #·Remediation·is·applicable·only·in·certain·platforms
7970 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then7970 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
7971 var_auditd_flush='incremental_async'7971 var_auditd_flush='incremental_async'
  
  
7972 AUDITCONFIG=/etc/audit/auditd.conf7972 AUDITCONFIG=/etc/audit/auditd.conf
  
7973 #·if·flush·is·present,·flush·param·edited·to·var_auditd_flush7973 #·if·flush·is·present,·flush·param·edited·to·var_auditd_flush
Offset 8070, 31 lines modifiedOffset 8070, 31 lines modified
8070 ····lineinfile:8070 ····lineinfile:
8071 ······path:·/etc/audit/auditd.conf8071 ······path:·/etc/audit/auditd.conf
8072 ······create:·true8072 ······create:·true
8073 ······regexp:·(?i)^\s*freq\s*=\s*8073 ······regexp:·(?i)^\s*freq\s*=\s*
8074 ······line:·freq·=·508074 ······line:·freq·=·50
8075 ······state:·present8075 ······state:·present
8076 ··when:8076 ··when:
8077 ··-·'"audit"·in·ansible_facts.packages' 
8078 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8077 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 8078 ··-·'"audit"·in·ansible_facts.packages'
8079 ··tags:8079 ··tags:
8080 ··-·CCE-82258-58080 ··-·CCE-82258-5
8081 ··-·NIST-800-53-CM-68081 ··-·NIST-800-53-CM-6
8082 ··-·auditd_freq8082 ··-·auditd_freq
8083 ··-·low_complexity8083 ··-·low_complexity
8084 ··-·low_disruption8084 ··-·low_disruption
8085 ··-·medium_severity8085 ··-·medium_severity
8086 ··-·no_reboot_needed8086 ··-·no_reboot_needed
8087 ··-·restrict_strategy8087 ··-·restrict_strategy
8088 Remediation_Shell_script_⇲8088 Remediation_Shell_script_⇲
8089 Complexity:·low8089 Complexity:·low
8090 Disruption:·low8090 Disruption:·low
8091 Strategy:···restrict8091 Strategy:···restrict
8092 #·Remediation·is·applicable·only·in·certain·platforms8092 #·Remediation·is·applicable·only·in·certain·platforms
8093 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then8093 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
8094 if·[·-e·"/etc/audit/auditd.conf"·]·;·then8094 if·[·-e·"/etc/audit/auditd.conf"·]·;·then
  
8095 ····LC_ALL=C·sed·-i·"/^\s*freq\s*=\s*/Id"·"/etc/audit/auditd.conf"8095 ····LC_ALL=C·sed·-i·"/^\s*freq\s*=\s*/Id"·"/etc/audit/auditd.conf"
8096 else8096 else
8097 ····touch·"/etc/audit/auditd.conf"8097 ····touch·"/etc/audit/auditd.conf"
8098 fi8098 fi
Offset 8179, 16 lines modifiedOffset 8179, 16 lines modified
8179 ····lineinfile:8179 ····lineinfile:
8180 ······path:·/etc/audit/auditd.conf8180 ······path:·/etc/audit/auditd.conf
8181 ······create:·true8181 ······create:·true
8182 ······regexp:·(?i)^\s*local_events\s*=\s*8182 ······regexp:·(?i)^\s*local_events\s*=\s*
8183 ······line:·local_events·=·yes8183 ······line:·local_events·=·yes
8184 ······state:·present8184 ······state:·present
8185 ··when:8185 ··when:
8186 ··-·'"audit"·in·ansible_facts.packages' 
8187 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8186 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 8187 ··-·'"audit"·in·ansible_facts.packages'
8188 ··tags:8188 ··tags:
8189 ··-·CCE-82233-88189 ··-·CCE-82233-8
8190 ··-·DISA-STIG-RHEL-08-0300618190 ··-·DISA-STIG-RHEL-08-030061
8191 ··-·NIST-800-53-CM-68191 ··-·NIST-800-53-CM-6
8192 ··-·auditd_local_events8192 ··-·auditd_local_events
8193 ··-·low_complexity8193 ··-·low_complexity
8194 ··-·low_disruption8194 ··-·low_disruption
Offset 8196, 15 lines modifiedOffset 8196, 15 lines modified
8196 ··-·no_reboot_needed8196 ··-·no_reboot_needed
8197 ··-·restrict_strategy8197 ··-·restrict_strategy
8198 Remediation_Shell_script_⇲8198 Remediation_Shell_script_⇲
8199 Complexity:·low8199 Complexity:·low
8200 Disruption:·low8200 Disruption:·low
8201 Strategy:···restrict8201 Strategy:···restrict
8202 #·Remediation·is·applicable·only·in·certain·platforms8202 #·Remediation·is·applicable·only·in·certain·platforms
8203 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then8203 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
8204 if·[·-e·"/etc/audit/auditd.conf"·]·;·then8204 if·[·-e·"/etc/audit/auditd.conf"·]·;·then
  
8205 ····LC_ALL=C·sed·-i·"/^\s*local_events\s*=\s*/Id"·"/etc/audit/auditd.conf"8205 ····LC_ALL=C·sed·-i·"/^\s*local_events\s*=\s*/Id"·"/etc/audit/auditd.conf"
8206 else8206 else
8207 ····touch·"/etc/audit/auditd.conf"8207 ····touch·"/etc/audit/auditd.conf"
8208 fi8208 fi
Offset 8290, 16 lines modifiedOffset 8290, 16 lines modified
8290 ····lineinfile:8290 ····lineinfile:
8291 ······path:·/etc/audit/auditd.conf8291 ······path:·/etc/audit/auditd.conf
8292 ······create:·true8292 ······create:·true
8293 ······regexp:·(?i)^\s*log_format\s*=\s*8293 ······regexp:·(?i)^\s*log_format\s*=\s*
8294 ······line:·log_format·=·ENRICHED8294 ······line:·log_format·=·ENRICHED
8295 ······state:·present8295 ······state:·present
8296 ··when:8296 ··when:
8297 ··-·'"audit"·in·ansible_facts.packages' 
8298 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8297 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 8298 ··-·'"audit"·in·ansible_facts.packages'
8299 ··tags:8299 ··tags:
8300 ··-·CCE-82201-58300 ··-·CCE-82201-5
Max diff block lines reached; 2728/6856 bytes (39.79%) of diff not shown.
357 KB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-e8.html
    
Offset 14435, 15 lines modifiedOffset 14435, 15 lines modified
00038620:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>00038620:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>
00038630:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:00038630:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:
00038640:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<00038640:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<
00038650:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>00038650:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>
00038660:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf00038660:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf
00038670:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····00038670:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····
00038680:·2020·2020·2020·2020·2020·2020·2020·2028·················(00038680:·2020·2020·2020·2020·2020·2020·2020·2028·················(
00038690:·6173·206f·6620·3230·3234·2d30·312d·3134··as·of·2024-01-1400038690:·6173·206f·6620·3230·3235·2d30·322d·3135··as·of·2025-02-15
000386a0:·290a·2020·2020·2020·2020·2020·2020·2020··).··············000386a0:·290a·2020·2020·2020·2020·2020·2020·2020··).··············
000386b0:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di000386b0:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di
000386c0:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C000386c0:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C
000386d0:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>000386d0:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>
000386e0:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc000386e0:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc
000386f0:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje000386f0:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje
00038700:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group00038700:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group
Offset 29870, 23 lines modifiedOffset 29870, 23 lines modified
00074ad0:·7175·6972·6564·0a20·202d·2072·6573·7472··quired.··-·restr00074ad0:·7175·6972·6564·0a20·202d·2072·6573·7472··quired.··-·restr
00074ae0:·6963·745f·7374·7261·7465·6779·0a0a·2d20··ict_strategy..-·00074ae0:·6963·745f·7374·7261·7465·6779·0a0a·2d20··ict_strategy..-·
00074af0:·6e61·6d65·3a20·5365·7420·6172·6368·6974··name:·Set·archit00074af0:·6e61·6d65·3a20·5365·7420·6172·6368·6974··name:·Set·archit
00074b00:·6563·7475·7265·2066·6f72·2061·7564·6974··ecture·for·audit00074b00:·6563·7475·7265·2066·6f72·2061·7564·6974··ecture·for·audit
00074b10:·2063·686d·6f64·2074·6173·6b73·0a20·2073···chmod·tasks.··s00074b10:·2063·686d·6f64·2074·6173·6b73·0a20·2073···chmod·tasks.··s
00074b20:·6574·5f66·6163·743a·0a20·2020·2061·7564··et_fact:.····aud00074b20:·6574·5f66·6163·743a·0a20·2020·2061·7564··et_fact:.····aud
00074b30:·6974·5f61·7263·683a·2062·3634·0a20·2077··it_arch:·b64.··w00074b30:·6974·5f61·7263·683a·2062·3634·0a20·2077··it_arch:·b64.··w
00074b40:·6865·6e3a·0a20·202d·2027·2261·7564·6974··hen:.··-·'"audit00074b40:·6865·6e3a·0a20·202d·2061·6e73·6962·6c65··hen:.··-·ansible
00074b50:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
00074b60:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··- 
00074b70:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual 
00074b80:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not 
00074b90:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·" 
00074ba0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",· 
00074bb0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta00074b50:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
 00074b60:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
 00074b70:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
 00074b80:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
 00074b90:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
 00074ba0:·202d·2027·2261·7564·6974·2220·696e·2061···-·'"audit"·in·a
 00074bb0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
00074bc0:·696e·6572·225d·0a20·202d·2061·6e73·6962··iner"].··-·ansib00074bc0:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib
00074bd0:·6c65·5f61·7263·6869·7465·6374·7572·6520··le_architecture·00074bd0:·6c65·5f61·7263·6869·7465·6374·7572·6520··le_architecture·
00074be0:·3d3d·2022·6161·7263·6836·3422·206f·7220··==·"aarch64"·or·00074be0:·3d3d·2022·6161·7263·6836·3422·206f·7220··==·"aarch64"·or·
00074bf0:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec00074bf0:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec
00074c00:·7475·7265·203d·3d20·2270·7063·3634·2220··ture·==·"ppc64"·00074c00:·7475·7265·203d·3d20·2270·7063·3634·2220··ture·==·"ppc64"·
00074c10:·6f72·2061·6e73·6962·6c65·5f61·7263·6869··or·ansible_archi00074c10:·6f72·2061·6e73·6962·6c65·5f61·7263·6869··or·ansible_archi
00074c20:·7465·6374·7572·650a·2020·2020·3d3d·2022··tecture.····==·"00074c20:·7465·6374·7572·650a·2020·2020·3d3d·2022··tecture.····==·"
00074c30:·7070·6336·346c·6522·206f·7220·616e·7369··ppc64le"·or·ansi00074c30:·7070·6336·346c·6522·206f·7220·616e·7369··ppc64le"·or·ansi
Offset 30194, 23 lines modifiedOffset 30194, 23 lines modified
00075f10:·4620·6b65·793d·7065·726d·5f6d·6f64·0a20··F·key=perm_mod.·00075f10:·4620·6b65·793d·7065·726d·5f6d·6f64·0a20··F·key=perm_mod.·
00075f20:·2020·2020·2063·7265·6174·653a·2074·7275·······create:·tru00075f20:·2020·2020·2063·7265·6174·653a·2074·7275·······create:·tru
00075f30:·650a·2020·2020·2020·6d6f·6465·3a20·6f2d··e.······mode:·o-00075f30:·650a·2020·2020·2020·6d6f·6465·3a20·6f2d··e.······mode:·o-
00075f40:·7277·780a·2020·2020·2020·7374·6174·653a··rwx.······state:00075f40:·7277·780a·2020·2020·2020·7374·6174·653a··rwx.······state:
00075f50:·2070·7265·7365·6e74·0a20·2020·2077·6865···present.····whe00075f50:·2070·7265·7365·6e74·0a20·2020·2077·6865···present.····whe
00075f60:·6e3a·2073·7973·6361·6c6c·735f·666f·756e··n:·syscalls_foun00075f60:·6e3a·2073·7973·6361·6c6c·735f·666f·756e··n:·syscalls_foun
00075f70:·6420·7c20·6c65·6e67·7468·203d·3d20·300a··d·|·length·==·0.00075f70:·6420·7c20·6c65·6e67·7468·203d·3d20·300a··d·|·length·==·0.
00075f80:·2020·7768·656e·3a0a·2020·2d20·2722·6175····when:.··-·'"au00075f80:·2020·7768·656e·3a0a·2020·2d20·616e·7369····when:.··-·ansi
00075f90:·6469·7422·2069·6e20·616e·7369·626c·655f··dit"·in·ansible_ 
00075fa0:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'. 
00075fb0:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt 
00075fc0:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type· 
00075fd0:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker" 
00075fe0:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz 
00075ff0:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co 
00076000:·6e74·6169·6e65·7222·5d0a·2020·7461·6773··ntainer"].··tags00075f90:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
 00075fa0:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
 00075fb0:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
 00075fc0:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
 00075fd0:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
 00075fe0:·5d0a·2020·2d20·2722·6175·6469·7422·2069··].··-·'"audit"·i
 00075ff0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
 00076000:·7061·636b·6167·6573·270a·2020·7461·6773··packages'.··tags
00076010:·3a0a·2020·2d20·4343·452d·3830·3638·352d··:.··-·CCE-80685-00076010:·3a0a·2020·2d20·4343·452d·3830·3638·352d··:.··-·CCE-80685-
00076020:·310a·2020·2d20·434a·4953·2d35·2e34·2e31··1.··-·CJIS-5.4.100076020:·310a·2020·2d20·434a·4953·2d35·2e34·2e31··1.··-·CJIS-5.4.1
00076030:·2e31·0a20·202d·2044·4953·412d·5354·4947··.1.··-·DISA-STIG00076030:·2e31·0a20·202d·2044·4953·412d·5354·4947··.1.··-·DISA-STIG
00076040:·2d52·4845·4c2d·3038·2d30·3330·3439·300a··-RHEL-08-030490.00076040:·2d52·4845·4c2d·3038·2d30·3330·3439·300a··-RHEL-08-030490.
00076050:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-17100076050:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-171
00076060:·2d33·2e31·2e37·0a20·202d·204e·4953·542d··-3.1.7.··-·NIST-00076060:·2d33·2e31·2e37·0a20·202d·204e·4953·542d··-3.1.7.··-·NIST-
00076070:·3830·302d·3533·2d41·552d·3132·2863·290a··800-53-AU-12(c).00076070:·3830·302d·3533·2d41·552d·3132·2863·290a··800-53-AU-12(c).
Offset 30507, 23 lines modifiedOffset 30507, 23 lines modified
000772a0:·7065·726d·5f6d·6f64·0a20·2020·2020·2063··perm_mod.······c000772a0:·7065·726d·5f6d·6f64·0a20·2020·2020·2063··perm_mod.······c
000772b0:·7265·6174·653a·2074·7275·650a·2020·2020··reate:·true.····000772b0:·7265·6174·653a·2074·7275·650a·2020·2020··reate:·true.····
000772c0:·2020·6d6f·6465·3a20·6f2d·7277·780a·2020····mode:·o-rwx.··000772c0:·2020·6d6f·6465·3a20·6f2d·7277·780a·2020····mode:·o-rwx.··
000772d0:·2020·2020·7374·6174·653a·2070·7265·7365······state:·prese000772d0:·2020·2020·7374·6174·653a·2070·7265·7365······state:·prese
000772e0:·6e74·0a20·2020·2077·6865·6e3a·2073·7973··nt.····when:·sys000772e0:·6e74·0a20·2020·2077·6865·6e3a·2073·7973··nt.····when:·sys
000772f0:·6361·6c6c·735f·666f·756e·6420·7c20·6c65··calls_found·|·le000772f0:·6361·6c6c·735f·666f·756e·6420·7c20·6c65··calls_found·|·le
00077300:·6e67·7468·203d·3d20·300a·2020·7768·656e··ngth·==·0.··when00077300:·6e67·7468·203d·3d20·300a·2020·7768·656e··ngth·==·0.··when
00077310:·3a0a·2020·2d20·2722·6175·6469·7422·2069··:.··-·'"audit"·i 
00077320:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
00077330:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an 
00077340:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza 
00077350:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in 
00077360:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc 
00077370:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po 
00077380:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe00077310:·3a0a·2020·2d20·616e·7369·626c·655f·7669··:.··-·ansible_vi
 00077320:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
 00077330:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
 00077340:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
 00077350:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
 00077360:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·
 00077370:·2722·6175·6469·7422·2069·6e20·616e·7369··'"audit"·in·ansi
 00077380:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
00077390:·7222·5d0a·2020·2d20·6175·6469·745f·6172··r"].··-·audit_ar00077390:·6573·270a·2020·2d20·6175·6469·745f·6172··es'.··-·audit_ar
000773a0:·6368·203d·3d20·2262·3634·220a·2020·7461··ch·==·"b64".··ta000773a0:·6368·203d·3d20·2262·3634·220a·2020·7461··ch·==·"b64".··ta
000773b0:·6773·3a0a·2020·2d20·4343·452d·3830·3638··gs:.··-·CCE-8068000773b0:·6773·3a0a·2020·2d20·4343·452d·3830·3638··gs:.··-·CCE-8068
000773c0:·352d·310a·2020·2d20·434a·4953·2d35·2e34··5-1.··-·CJIS-5.4000773c0:·352d·310a·2020·2d20·434a·4953·2d35·2e34··5-1.··-·CJIS-5.4
000773d0:·2e31·2e31·0a20·202d·2044·4953·412d·5354··.1.1.··-·DISA-ST000773d0:·2e31·2e31·0a20·202d·2044·4953·412d·5354··.1.1.··-·DISA-ST
000773e0:·4947·2d52·4845·4c2d·3038·2d30·3330·3439··IG-RHEL-08-03049000773e0:·4947·2d52·4845·4c2d·3038·2d30·3330·3439··IG-RHEL-08-03049
000773f0:·300a·2020·2d20·4e49·5354·2d38·3030·2d31··0.··-·NIST-800-1000773f0:·300a·2020·2d20·4e49·5354·2d38·3030·2d31··0.··-·NIST-800-1
00077400:·3731·2d33·2e31·2e37·0a20·202d·204e·4953··71-3.1.7.··-·NIS00077400:·3731·2d33·2e31·2e37·0a20·202d·204e·4953··71-3.1.7.··-·NIS
Offset 30558, 20 lines modifiedOffset 30558, 20 lines modified
000775d0:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col000775d0:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col
000775e0:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·000775e0:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·
000775f0:·6964·3d22·6964·6d32·3538·3330·223e·3c70··id="idm25830"><p000775f0:·6964·3d22·6964·6d32·3538·3330·223e·3c70··id="idm25830"><p
00077600:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed00077600:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed
00077610:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic00077610:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic
00077620:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer00077620:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer
00077630:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i00077630:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i
00077640:·6620·7270·6d20·2d2d·7175·6965·7420·2d71··f·rpm·--quiet·-q 
00077650:·2061·7564·6974·2026·616d·703b·2661·6d70···audit·&amp;&amp 
00077660:·3b20·5b20·2120·2d66·202f·2e64·6f63·6b65··;·[·!·-f·/.docke00077640:·6620·5b20·2120·2d66·202f·2e64·6f63·6b65··f·[·!·-f·/.docke
00077670:·7265·6e76·205d·2026·616d·703b·2661·6d70··renv·]·&amp;&amp00077650:·7265·6e76·205d·2026·616d·703b·2661·6d70··renv·]·&amp;&amp
00077680:·3b20·5b20·2120·2d66·202f·7275·6e2f·2e63··;·[·!·-f·/run/.c00077660:·3b20·5b20·2120·2d66·202f·7275·6e2f·2e63··;·[·!·-f·/run/.c
00077690:·6f6e·7461·696e·6572·656e·7620·5d3b·2074··ontainerenv·];·t00077670:·6f6e·7461·696e·6572·656e·7620·5d20·2661··ontainerenv·]·&a
 00077680:·6d70·3b26·616d·703b·2072·706d·202d·2d71··mp;&amp;·rpm·--q
 00077690:·7569·6574·202d·7120·6175·6469·743b·2074··uiet·-q·audit;·t
000776a0:·6865·6e0a·0a23·2046·6972·7374·2070·6572··hen..#·First·per000776a0:·6865·6e0a·0a23·2046·6972·7374·2070·6572··hen..#·First·per
000776b0:·666f·726d·2074·6865·2072·656d·6564·6961··form·the·remedia000776b0:·666f·726d·2074·6865·2072·656d·6564·6961··form·the·remedia
000776c0:·7469·6f6e·206f·6620·7468·6520·7379·7363··tion·of·the·sysc000776c0:·7469·6f6e·206f·6620·7468·6520·7379·7363··tion·of·the·sysc
000776d0:·616c·6c20·7275·6c65·0a23·2052·6574·7269··all·rule.#·Retri000776d0:·616c·6c20·7275·6c65·0a23·2052·6574·7269··all·rule.#·Retri
Max diff block lines reached; 271574/281088 bytes (96.62%) of diff not shown.
82.4 KB
html2text {}
    
Offset 52, 15 lines modifiedOffset 52, 15 lines modified
52 ····*·cpe:/o:redhat:enterprise_linux:8.652 ····*·cpe:/o:redhat:enterprise_linux:8.6
53 ····*·cpe:/o:redhat:enterprise_linux:8.753 ····*·cpe:/o:redhat:enterprise_linux:8.7
54 ····*·cpe:/o:redhat:enterprise_linux:8.854 ····*·cpe:/o:redhat:enterprise_linux:8.8
55 ····*·cpe:/o:redhat:enterprise_linux:8.955 ····*·cpe:/o:redhat:enterprise_linux:8.9
56 ····*·cpe:/o:redhat:enterprise_linux:856 ····*·cpe:/o:redhat:enterprise_linux:8
57 *****·Revision·History·*****57 *****·Revision·History·*****
58 Current·version:·0.1.6558 Current·version:·0.1.65
59 ····*·draft·(as·of·2024-01-14)59 ····*·draft·(as·of·2025-02-15)
60 *****·Table·of·Contents·*****60 *****·Table·of·Contents·*****
61 ···1.·System_Settings61 ···1.·System_Settings
62 ·········1.·Installing_and_Maintaining_Software62 ·········1.·Installing_and_Maintaining_Software
63 ·········2.·Account_and_Access_Control63 ·········2.·Account_and_Access_Control
64 ·········3.·System_Accounting_with_auditd64 ·········3.·System_Accounting_with_auditd
65 ·········4.·Configure_Syslog65 ·········4.·Configure_Syslog
66 ·········5.·Network_Configuration_and_Firewalls66 ·········5.·Network_Configuration_and_Firewalls
Offset 1934, 16 lines modifiedOffset 1934, 16 lines modified
1934 ··-·reboot_required1934 ··-·reboot_required
1935 ··-·restrict_strategy1935 ··-·restrict_strategy
  
1936 -·name:·Set·architecture·for·audit·chmod·tasks1936 -·name:·Set·architecture·for·audit·chmod·tasks
1937 ··set_fact:1937 ··set_fact:
1938 ····audit_arch:·b641938 ····audit_arch:·b64
1939 ··when:1939 ··when:
1940 ··-·'"audit"·in·ansible_facts.packages' 
1941 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1940 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1941 ··-·'"audit"·in·ansible_facts.packages'
1942 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture1942 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
1943 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"1943 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
1944 ··tags:1944 ··tags:
1945 ··-·CCE-80685-11945 ··-·CCE-80685-1
1946 ··-·CJIS-5.4.1.11946 ··-·CJIS-5.4.1.1
1947 ··-·DISA-STIG-RHEL-08-0304901947 ··-·DISA-STIG-RHEL-08-030490
1948 ··-·NIST-800-171-3.1.71948 ··-·NIST-800-171-3.1.7
Offset 2081, 16 lines modifiedOffset 2081, 16 lines modified
2081 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002081 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2082 ········-F·auid!=unset·-F·key=perm_mod2082 ········-F·auid!=unset·-F·key=perm_mod
2083 ······create:·true2083 ······create:·true
2084 ······mode:·o-rwx2084 ······mode:·o-rwx
2085 ······state:·present2085 ······state:·present
2086 ····when:·syscalls_found·|·length·==·02086 ····when:·syscalls_found·|·length·==·0
2087 ··when:2087 ··when:
2088 ··-·'"audit"·in·ansible_facts.packages' 
2089 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2088 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 2089 ··-·'"audit"·in·ansible_facts.packages'
2090 ··tags:2090 ··tags:
2091 ··-·CCE-80685-12091 ··-·CCE-80685-1
2092 ··-·CJIS-5.4.1.12092 ··-·CJIS-5.4.1.1
2093 ··-·DISA-STIG-RHEL-08-0304902093 ··-·DISA-STIG-RHEL-08-030490
2094 ··-·NIST-800-171-3.1.72094 ··-·NIST-800-171-3.1.7
2095 ··-·NIST-800-53-AU-12(c)2095 ··-·NIST-800-53-AU-12(c)
2096 ··-·NIST-800-53-AU-2(d)2096 ··-·NIST-800-53-AU-2(d)
Offset 2226, 16 lines modifiedOffset 2226, 16 lines modified
2226 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002226 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2227 ········-F·auid!=unset·-F·key=perm_mod2227 ········-F·auid!=unset·-F·key=perm_mod
2228 ······create:·true2228 ······create:·true
2229 ······mode:·o-rwx2229 ······mode:·o-rwx
2230 ······state:·present2230 ······state:·present
2231 ····when:·syscalls_found·|·length·==·02231 ····when:·syscalls_found·|·length·==·0
2232 ··when:2232 ··when:
2233 ··-·'"audit"·in·ansible_facts.packages' 
2234 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2233 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 2234 ··-·'"audit"·in·ansible_facts.packages'
2235 ··-·audit_arch·==·"b64"2235 ··-·audit_arch·==·"b64"
2236 ··tags:2236 ··tags:
2237 ··-·CCE-80685-12237 ··-·CCE-80685-1
2238 ··-·CJIS-5.4.1.12238 ··-·CJIS-5.4.1.1
2239 ··-·DISA-STIG-RHEL-08-0304902239 ··-·DISA-STIG-RHEL-08-030490
2240 ··-·NIST-800-171-3.1.72240 ··-·NIST-800-171-3.1.7
2241 ··-·NIST-800-53-AU-12(c)2241 ··-·NIST-800-53-AU-12(c)
Offset 2246, 15 lines modifiedOffset 2246, 15 lines modified
2246 ··-·low_complexity2246 ··-·low_complexity
2247 ··-·low_disruption2247 ··-·low_disruption
2248 ··-·medium_severity2248 ··-·medium_severity
2249 ··-·reboot_required2249 ··-·reboot_required
2250 ··-·restrict_strategy2250 ··-·restrict_strategy
2251 Remediation_Shell_script_⇲2251 Remediation_Shell_script_⇲
2252 #·Remediation·is·applicable·only·in·certain·platforms2252 #·Remediation·is·applicable·only·in·certain·platforms
2253 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then2253 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
2254 #·First·perform·the·remediation·of·the·syscall·rule2254 #·First·perform·the·remediation·of·the·syscall·rule
2255 #·Retrieve·hardware·architecture·of·the·underlying·system2255 #·Retrieve·hardware·architecture·of·the·underlying·system
2256 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")2256 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
2257 for·ARCH·in·"${RULE_ARCHS[@]}"2257 for·ARCH·in·"${RULE_ARCHS[@]}"
2258 do2258 do
Offset 2617, 16 lines modifiedOffset 2617, 16 lines modified
2617 ··-·reboot_required2617 ··-·reboot_required
2618 ··-·restrict_strategy2618 ··-·restrict_strategy
  
2619 -·name:·Set·architecture·for·audit·chown·tasks2619 -·name:·Set·architecture·for·audit·chown·tasks
2620 ··set_fact:2620 ··set_fact:
2621 ····audit_arch:·b642621 ····audit_arch:·b64
2622 ··when:2622 ··when:
2623 ··-·'"audit"·in·ansible_facts.packages' 
2624 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2623 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 2624 ··-·'"audit"·in·ansible_facts.packages'
2625 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture2625 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
2626 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"2626 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
2627 ··tags:2627 ··tags:
2628 ··-·CCE-80686-92628 ··-·CCE-80686-9
2629 ··-·CJIS-5.4.1.12629 ··-·CJIS-5.4.1.1
2630 ··-·DISA-STIG-RHEL-08-0304802630 ··-·DISA-STIG-RHEL-08-030480
2631 ··-·NIST-800-171-3.1.72631 ··-·NIST-800-171-3.1.7
Offset 2766, 16 lines modifiedOffset 2766, 16 lines modified
2766 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002766 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2767 ········-F·auid!=unset·-F·key=perm_mod2767 ········-F·auid!=unset·-F·key=perm_mod
2768 ······create:·true2768 ······create:·true
2769 ······mode:·o-rwx2769 ······mode:·o-rwx
2770 ······state:·present2770 ······state:·present
2771 ····when:·syscalls_found·|·length·==·02771 ····when:·syscalls_found·|·length·==·0
2772 ··when:2772 ··when:
2773 ··-·'"audit"·in·ansible_facts.packages' 
2774 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2773 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 2774 ··-·'"audit"·in·ansible_facts.packages'
2775 ··tags:2775 ··tags:
2776 ··-·CCE-80686-92776 ··-·CCE-80686-9
2777 ··-·CJIS-5.4.1.12777 ··-·CJIS-5.4.1.1
2778 ··-·DISA-STIG-RHEL-08-0304802778 ··-·DISA-STIG-RHEL-08-030480
2779 ··-·NIST-800-171-3.1.72779 ··-·NIST-800-171-3.1.7
2780 ··-·NIST-800-53-AU-12(c)2780 ··-·NIST-800-53-AU-12(c)
2781 ··-·NIST-800-53-AU-2(d)2781 ··-·NIST-800-53-AU-2(d)
Offset 2913, 16 lines modifiedOffset 2913, 16 lines modified
2913 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002913 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2914 ········-F·auid!=unset·-F·key=perm_mod2914 ········-F·auid!=unset·-F·key=perm_mod
2915 ······create:·true2915 ······create:·true
2916 ······mode:·o-rwx2916 ······mode:·o-rwx
2917 ······state:·present2917 ······state:·present
Max diff block lines reached; 79860/84319 bytes (94.71%) of diff not shown.
918 KB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-hipaa.html
    
Offset 14455, 15 lines modifiedOffset 14455, 15 lines modified
00038760:·746f·7279·3c2f·6832·3e3c·703e·4375·7272··tory</h2><p>Curr00038760:·746f·7279·3c2f·6832·3e3c·703e·4375·7272··tory</h2><p>Curr
00038770:·656e·7420·7665·7273·696f·6e3a·203c·7374··ent·version:·<st00038770:·656e·7420·7665·7273·696f·6e3a·203c·7374··ent·version:·<st
00038780:·726f·6e67·3e30·2e31·2e36·353c·2f73·7472··rong>0.1.65</str00038780:·726f·6e67·3e30·2e31·2e36·353c·2f73·7472··rong>0.1.65</str
00038790:·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c·693e··ong></p><ul><li>00038790:·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c·693e··ong></p><ul><li>
000387a0:·3c73·7472·6f6e·673e·6472·6166·743c·2f73··<strong>draft</s000387a0:·3c73·7472·6f6e·673e·6472·6166·743c·2f73··<strong>draft</s
000387b0:·7472·6f6e·673e·0a20·2020·2020·2020·2020··trong>.·········000387b0:·7472·6f6e·673e·0a20·2020·2020·2020·2020··trong>.·········
000387c0:·2020·2020·2020·2020·2020·2028·6173·206f·············(as·o000387c0:·2020·2020·2020·2020·2020·2028·6173·206f·············(as·o
000387d0:·6620·3230·3234·2d30·312d·3134·290a·2020··f·2024-01-14).··000387d0:·6620·3230·3235·2d30·322d·3135·290a·2020··f·2025-02-15).··
000387e0:·2020·2020·2020·2020·2020·2020·2020·3c2f················</000387e0:·2020·2020·2020·2020·2020·2020·2020·3c2f················</
000387f0:·6c69·3e3c·2f75·6c3e·3c2f·6469·763e·3c68··li></ul></div><h000387f0:·6c69·3e3c·2f75·6c3e·3c2f·6469·763e·3c68··li></ul></div><h
00038800:·323e·5461·626c·6520·6f66·2043·6f6e·7465··2>Table·of·Conte00038800:·323e·5461·626c·6520·6f66·2043·6f6e·7465··2>Table·of·Conte
00038810:·6e74·733c·2f68·323e·3c6f·6c3e·3c6c·693e··nts</h2><ol><li>00038810:·6e74·733c·2f68·323e·3c6f·6c3e·3c6c·693e··nts</h2><ol><li>
00038820:·3c61·2068·7265·663d·2223·7863·6364·665f··<a·href="#xccdf_00038820:·3c61·2068·7265·663d·2223·7863·6364·665f··<a·href="#xccdf_
00038830:·6f72·672e·7373·6770·726f·6a65·6374·2e63··org.ssgproject.c00038830:·6f72·672e·7373·6770·726f·6a65·6374·2e63··org.ssgproject.c
00038840:·6f6e·7465·6e74·5f67·726f·7570·5f73·7973··ontent_group_sys00038840:·6f6e·7465·6e74·5f67·726f·7570·5f73·7973··ontent_group_sys
Offset 33643, 23 lines modifiedOffset 33643, 23 lines modified
000836a0:·5f72·6571·7569·7265·640a·2020·2d20·7265··_required.··-·re000836a0:·5f72·6571·7569·7265·640a·2020·2d20·7265··_required.··-·re
000836b0:·7374·7269·6374·5f73·7472·6174·6567·790a··strict_strategy.000836b0:·7374·7269·6374·5f73·7472·6174·6567·790a··strict_strategy.
000836c0:·0a2d·206e·616d·653a·2053·6574·2061·7263··.-·name:·Set·arc000836c0:·0a2d·206e·616d·653a·2053·6574·2061·7263··.-·name:·Set·arc
000836d0:·6869·7465·6374·7572·6520·666f·7220·6175··hitecture·for·au000836d0:·6869·7465·6374·7572·6520·666f·7220·6175··hitecture·for·au
000836e0:·6469·7420·6368·6d6f·6420·7461·736b·730a··dit·chmod·tasks.000836e0:·6469·7420·6368·6d6f·6420·7461·736b·730a··dit·chmod·tasks.
000836f0:·2020·7365·745f·6661·6374·3a0a·2020·2020····set_fact:.····000836f0:·2020·7365·745f·6661·6374·3a0a·2020·2020····set_fact:.····
00083700:·6175·6469·745f·6172·6368·3a20·6236·340a··audit_arch:·b64.00083700:·6175·6469·745f·6172·6368·3a20·6236·340a··audit_arch:·b64.
00083710:·2020·7768·656e·3a0a·2020·2d20·2722·6175····when:.··-·'"au00083710:·2020·7768·656e·3a0a·2020·2d20·616e·7369····when:.··-·ansi
00083720:·6469·7422·2069·6e20·616e·7369·626c·655f··dit"·in·ansible_ 
00083730:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'. 
00083740:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt 
00083750:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type· 
00083760:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker" 
00083770:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz 
00083780:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co 
00083790:·6e74·6169·6e65·7222·5d0a·2020·2d20·616e··ntainer"].··-·an00083720:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
 00083730:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
 00083740:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
 00083750:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
 00083760:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
 00083770:·5d0a·2020·2d20·2722·6175·6469·7422·2069··].··-·'"audit"·i
 00083780:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
 00083790:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an
000837a0:·7369·626c·655f·6172·6368·6974·6563·7475··sible_architectu000837a0:·7369·626c·655f·6172·6368·6974·6563·7475··sible_architectu
000837b0:·7265·203d·3d20·2261·6172·6368·3634·2220··re·==·"aarch64"·000837b0:·7265·203d·3d20·2261·6172·6368·3634·2220··re·==·"aarch64"·
000837c0:·6f72·2061·6e73·6962·6c65·5f61·7263·6869··or·ansible_archi000837c0:·6f72·2061·6e73·6962·6c65·5f61·7263·6869··or·ansible_archi
000837d0:·7465·6374·7572·6520·3d3d·2022·7070·6336··tecture·==·"ppc6000837d0:·7465·6374·7572·6520·3d3d·2022·7070·6336··tecture·==·"ppc6
000837e0:·3422·206f·7220·616e·7369·626c·655f·6172··4"·or·ansible_ar000837e0:·3422·206f·7220·616e·7369·626c·655f·6172··4"·or·ansible_ar
000837f0:·6368·6974·6563·7475·7265·0a20·2020·203d··chitecture.····=000837f0:·6368·6974·6563·7475·7265·0a20·2020·203d··chitecture.····=
00083800:·3d20·2270·7063·3634·6c65·2220·6f72·2061··=·"ppc64le"·or·a00083800:·3d20·2270·7063·3634·6c65·2220·6f72·2061··=·"ppc64le"·or·a
Offset 33967, 23 lines modifiedOffset 33967, 23 lines modified
00084ae0:·7420·2d46·206b·6579·3d70·6572·6d5f·6d6f··t·-F·key=perm_mo00084ae0:·7420·2d46·206b·6579·3d70·6572·6d5f·6d6f··t·-F·key=perm_mo
00084af0:·640a·2020·2020·2020·6372·6561·7465·3a20··d.······create:·00084af0:·640a·2020·2020·2020·6372·6561·7465·3a20··d.······create:·
00084b00:·7472·7565·0a20·2020·2020·206d·6f64·653a··true.······mode:00084b00:·7472·7565·0a20·2020·2020·206d·6f64·653a··true.······mode:
00084b10:·206f·2d72·7778·0a20·2020·2020·2073·7461···o-rwx.······sta00084b10:·206f·2d72·7778·0a20·2020·2020·2073·7461···o-rwx.······sta
00084b20:·7465·3a20·7072·6573·656e·740a·2020·2020··te:·present.····00084b20:·7465·3a20·7072·6573·656e·740a·2020·2020··te:·present.····
00084b30:·7768·656e·3a20·7379·7363·616c·6c73·5f66··when:·syscalls_f00084b30:·7768·656e·3a20·7379·7363·616c·6c73·5f66··when:·syscalls_f
00084b40:·6f75·6e64·207c·206c·656e·6774·6820·3d3d··ound·|·length·==00084b40:·6f75·6e64·207c·206c·656e·6774·6820·3d3d··ound·|·length·==
00084b50:·2030·0a20·2077·6865·6e3a·0a20·202d·2027···0.··when:.··-·'00084b50:·2030·0a20·2077·6865·6e3a·0a20·202d·2061···0.··when:.··-·a
00084b60:·2261·7564·6974·2220·696e·2061·6e73·6962··"audit"·in·ansib 
00084b70:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package 
00084b80:·7327·0a20·202d·2061·6e73·6962·6c65·5f76··s'.··-·ansible_v 
00084b90:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty 
00084ba0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock 
00084bb0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope 
00084bc0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",· 
00084bd0:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t00084b60:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
 00084b70:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
 00084b80:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
 00084b90:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
 00084ba0:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
 00084bb0:·6572·225d·0a20·202d·2027·2261·7564·6974··er"].··-·'"audit
 00084bc0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
 00084bd0:·7473·2e70·6163·6b61·6765·7327·0a20·2074··ts.packages'.··t
00084be0:·6167·733a·0a20·202d·2043·4345·2d38·3036··ags:.··-·CCE-80600084be0:·6167·733a·0a20·202d·2043·4345·2d38·3036··ags:.··-·CCE-806
00084bf0:·3835·2d31·0a20·202d·2043·4a49·532d·352e··85-1.··-·CJIS-5.00084bf0:·3835·2d31·0a20·202d·2043·4a49·532d·352e··85-1.··-·CJIS-5.
00084c00:·342e·312e·310a·2020·2d20·4449·5341·2d53··4.1.1.··-·DISA-S00084c00:·342e·312e·310a·2020·2d20·4449·5341·2d53··4.1.1.··-·DISA-S
00084c10:·5449·472d·5248·454c·2d30·382d·3033·3034··TIG-RHEL-08-030400084c10:·5449·472d·5248·454c·2d30·382d·3033·3034··TIG-RHEL-08-0304
00084c20:·3930·0a20·202d·204e·4953·542d·3830·302d··90.··-·NIST-800-00084c20:·3930·0a20·202d·204e·4953·542d·3830·302d··90.··-·NIST-800-
00084c30:·3137·312d·332e·312e·370a·2020·2d20·4e49··171-3.1.7.··-·NI00084c30:·3137·312d·332e·312e·370a·2020·2d20·4e49··171-3.1.7.··-·NI
00084c40:·5354·2d38·3030·2d35·332d·4155·2d31·3228··ST-800-53-AU-12(00084c40:·5354·2d38·3030·2d35·332d·4155·2d31·3228··ST-800-53-AU-12(
Offset 34280, 23 lines modifiedOffset 34280, 23 lines modified
00085e70:·6579·3d70·6572·6d5f·6d6f·640a·2020·2020··ey=perm_mod.····00085e70:·6579·3d70·6572·6d5f·6d6f·640a·2020·2020··ey=perm_mod.····
00085e80:·2020·6372·6561·7465·3a20·7472·7565·0a20····create:·true.·00085e80:·2020·6372·6561·7465·3a20·7472·7565·0a20····create:·true.·
00085e90:·2020·2020·206d·6f64·653a·206f·2d72·7778·······mode:·o-rwx00085e90:·2020·2020·206d·6f64·653a·206f·2d72·7778·······mode:·o-rwx
00085ea0:·0a20·2020·2020·2073·7461·7465·3a20·7072··.······state:·pr00085ea0:·0a20·2020·2020·2073·7461·7465·3a20·7072··.······state:·pr
00085eb0:·6573·656e·740a·2020·2020·7768·656e·3a20··esent.····when:·00085eb0:·6573·656e·740a·2020·2020·7768·656e·3a20··esent.····when:·
00085ec0:·7379·7363·616c·6c73·5f66·6f75·6e64·207c··syscalls_found·|00085ec0:·7379·7363·616c·6c73·5f66·6f75·6e64·207c··syscalls_found·|
00085ed0:·206c·656e·6774·6820·3d3d·2030·0a20·2077···length·==·0.··w00085ed0:·206c·656e·6774·6820·3d3d·2030·0a20·2077···length·==·0.··w
00085ee0:·6865·6e3a·0a20·202d·2027·2261·7564·6974··hen:.··-·'"audit00085ee0:·6865·6e3a·0a20·202d·2061·6e73·6962·6c65··hen:.··-·ansible
00085ef0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
00085f00:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··- 
00085f10:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual 
00085f20:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not 
00085f30:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·" 
00085f40:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",· 
00085f50:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta00085ef0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
 00085f00:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
 00085f10:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
 00085f20:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
 00085f30:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
 00085f40:·202d·2027·2261·7564·6974·2220·696e·2061···-·'"audit"·in·a
 00085f50:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
00085f60:·696e·6572·225d·0a20·202d·2061·7564·6974··iner"].··-·audit00085f60:·6b61·6765·7327·0a20·202d·2061·7564·6974··kages'.··-·audit
00085f70:·5f61·7263·6820·3d3d·2022·6236·3422·0a20··_arch·==·"b64".·00085f70:·5f61·7263·6820·3d3d·2022·6236·3422·0a20··_arch·==·"b64".·
00085f80:·2074·6167·733a·0a20·202d·2043·4345·2d38···tags:.··-·CCE-800085f80:·2074·6167·733a·0a20·202d·2043·4345·2d38···tags:.··-·CCE-8
00085f90:·3036·3835·2d31·0a20·202d·2043·4a49·532d··0685-1.··-·CJIS-00085f90:·3036·3835·2d31·0a20·202d·2043·4a49·532d··0685-1.··-·CJIS-
00085fa0:·352e·342e·312e·310a·2020·2d20·4449·5341··5.4.1.1.··-·DISA00085fa0:·352e·342e·312e·310a·2020·2d20·4449·5341··5.4.1.1.··-·DISA
00085fb0:·2d53·5449·472d·5248·454c·2d30·382d·3033··-STIG-RHEL-08-0300085fb0:·2d53·5449·472d·5248·454c·2d30·382d·3033··-STIG-RHEL-08-03
00085fc0:·3034·3930·0a20·202d·204e·4953·542d·3830··0490.··-·NIST-8000085fc0:·3034·3930·0a20·202d·204e·4953·542d·3830··0490.··-·NIST-80
00085fd0:·302d·3137·312d·332e·312e·370a·2020·2d20··0-171-3.1.7.··-·00085fd0:·302d·3137·312d·332e·312e·370a·2020·2d20··0-171-3.1.7.··-·
Offset 34331, 20 lines modifiedOffset 34331, 20 lines modified
000861a0:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-000861a0:·6976·2063·6c61·7373·3d22·7061·6e65·6c2d··iv·class="panel-
000861b0:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps000861b0:·636f·6c6c·6170·7365·2063·6f6c·6c61·7073··collapse·collaps
000861c0:·6522·2069·643d·2269·646d·3235·3833·3022··e"·id="idm25830"000861c0:·6522·2069·643d·2269·646d·3235·3833·3022··e"·id="idm25830"
000861d0:·3e3c·7072·653e·3c63·6f64·653e·2320·5265··><pre><code>#·Re000861d0:·3e3c·7072·653e·3c63·6f64·653e·2320·5265··><pre><code>#·Re
000861e0:·6d65·6469·6174·696f·6e20·6973·2061·7070··mediation·is·app000861e0:·6d65·6469·6174·696f·6e20·6973·2061·7070··mediation·is·app
000861f0:·6c69·6361·626c·6520·6f6e·6c79·2069·6e20··licable·only·in·000861f0:·6c69·6361·626c·6520·6f6e·6c79·2069·6e20··licable·only·in·
00086200:·6365·7274·6169·6e20·706c·6174·666f·726d··certain·platform00086200:·6365·7274·6169·6e20·706c·6174·666f·726d··certain·platform
00086210:·730a·6966·2072·706d·202d·2d71·7569·6574··s.if·rpm·--quiet 
00086220:·202d·7120·6175·6469·7420·2661·6d70·3b26···-q·audit·&amp;& 
00086230:·616d·703b·205b·2021·202d·6620·2f2e·646f··amp;·[·!·-f·/.do00086210:·730a·6966·205b·2021·202d·6620·2f2e·646f··s.if·[·!·-f·/.do
00086240:·636b·6572·656e·7620·5d20·2661·6d70·3b26··ckerenv·]·&amp;&00086220:·636b·6572·656e·7620·5d20·2661·6d70·3b26··ckerenv·]·&amp;&
00086250:·616d·703b·205b·2021·202d·6620·2f72·756e··amp;·[·!·-f·/run00086230:·616d·703b·205b·2021·202d·6620·2f72·756e··amp;·[·!·-f·/run
00086260:·2f2e·636f·6e74·6169·6e65·7265·6e76·205d··/.containerenv·]00086240:·2f2e·636f·6e74·6169·6e65·7265·6e76·205d··/.containerenv·]
 00086250:·2026·616d·703b·2661·6d70·3b20·7270·6d20···&amp;&amp;·rpm·
 00086260:·2d2d·7175·6965·7420·2d71·2061·7564·6974··--quiet·-q·audit
00086270:·3b20·7468·656e·0a0a·2320·4669·7273·7420··;·then..#·First·00086270:·3b20·7468·656e·0a0a·2320·4669·7273·7420··;·then..#·First·
00086280:·7065·7266·6f72·6d20·7468·6520·7265·6d65··perform·the·reme00086280:·7065·7266·6f72·6d20·7468·6520·7265·6d65··perform·the·reme
00086290:·6469·6174·696f·6e20·6f66·2074·6865·2073··diation·of·the·s00086290:·6469·6174·696f·6e20·6f66·2074·6865·2073··diation·of·the·s
000862a0:·7973·6361·6c6c·2072·756c·650a·2320·5265··yscall·rule.#·Re000862a0:·7973·6361·6c6c·2072·756c·650a·2320·5265··yscall·rule.#·Re
Max diff block lines reached; 720384/729898 bytes (98.70%) of diff not shown.
205 KB
html2text {}
    
Offset 57, 15 lines modifiedOffset 57, 15 lines modified
57 ····*·cpe:/o:redhat:enterprise_linux:8.657 ····*·cpe:/o:redhat:enterprise_linux:8.6
58 ····*·cpe:/o:redhat:enterprise_linux:8.758 ····*·cpe:/o:redhat:enterprise_linux:8.7
59 ····*·cpe:/o:redhat:enterprise_linux:8.859 ····*·cpe:/o:redhat:enterprise_linux:8.8
60 ····*·cpe:/o:redhat:enterprise_linux:8.960 ····*·cpe:/o:redhat:enterprise_linux:8.9
61 ····*·cpe:/o:redhat:enterprise_linux:861 ····*·cpe:/o:redhat:enterprise_linux:8
62 *****·Revision·History·*****62 *****·Revision·History·*****
63 Current·version:·0.1.6563 Current·version:·0.1.65
64 ····*·draft·(as·of·2024-01-14)64 ····*·draft·(as·of·2025-02-15)
65 *****·Table·of·Contents·*****65 *****·Table·of·Contents·*****
66 ···1.·System_Settings66 ···1.·System_Settings
67 ·········1.·Installing_and_Maintaining_Software67 ·········1.·Installing_and_Maintaining_Software
68 ·········2.·Account_and_Access_Control68 ·········2.·Account_and_Access_Control
69 ·········3.·System_Accounting_with_auditd69 ·········3.·System_Accounting_with_auditd
70 ·········4.·GRUB2_bootloader_configuration70 ·········4.·GRUB2_bootloader_configuration
71 ·········5.·Configure_Syslog71 ·········5.·Configure_Syslog
Offset 2357, 16 lines modifiedOffset 2357, 16 lines modified
2357 ··-·reboot_required2357 ··-·reboot_required
2358 ··-·restrict_strategy2358 ··-·restrict_strategy
  
2359 -·name:·Set·architecture·for·audit·chmod·tasks2359 -·name:·Set·architecture·for·audit·chmod·tasks
2360 ··set_fact:2360 ··set_fact:
2361 ····audit_arch:·b642361 ····audit_arch:·b64
2362 ··when:2362 ··when:
2363 ··-·'"audit"·in·ansible_facts.packages' 
2364 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2363 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 2364 ··-·'"audit"·in·ansible_facts.packages'
2365 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture2365 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
2366 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"2366 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
2367 ··tags:2367 ··tags:
2368 ··-·CCE-80685-12368 ··-·CCE-80685-1
2369 ··-·CJIS-5.4.1.12369 ··-·CJIS-5.4.1.1
2370 ··-·DISA-STIG-RHEL-08-0304902370 ··-·DISA-STIG-RHEL-08-030490
2371 ··-·NIST-800-171-3.1.72371 ··-·NIST-800-171-3.1.7
Offset 2504, 16 lines modifiedOffset 2504, 16 lines modified
2504 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002504 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2505 ········-F·auid!=unset·-F·key=perm_mod2505 ········-F·auid!=unset·-F·key=perm_mod
2506 ······create:·true2506 ······create:·true
2507 ······mode:·o-rwx2507 ······mode:·o-rwx
2508 ······state:·present2508 ······state:·present
2509 ····when:·syscalls_found·|·length·==·02509 ····when:·syscalls_found·|·length·==·0
2510 ··when:2510 ··when:
2511 ··-·'"audit"·in·ansible_facts.packages' 
2512 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2511 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 2512 ··-·'"audit"·in·ansible_facts.packages'
2513 ··tags:2513 ··tags:
2514 ··-·CCE-80685-12514 ··-·CCE-80685-1
2515 ··-·CJIS-5.4.1.12515 ··-·CJIS-5.4.1.1
2516 ··-·DISA-STIG-RHEL-08-0304902516 ··-·DISA-STIG-RHEL-08-030490
2517 ··-·NIST-800-171-3.1.72517 ··-·NIST-800-171-3.1.7
2518 ··-·NIST-800-53-AU-12(c)2518 ··-·NIST-800-53-AU-12(c)
2519 ··-·NIST-800-53-AU-2(d)2519 ··-·NIST-800-53-AU-2(d)
Offset 2649, 16 lines modifiedOffset 2649, 16 lines modified
2649 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002649 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2650 ········-F·auid!=unset·-F·key=perm_mod2650 ········-F·auid!=unset·-F·key=perm_mod
2651 ······create:·true2651 ······create:·true
2652 ······mode:·o-rwx2652 ······mode:·o-rwx
2653 ······state:·present2653 ······state:·present
2654 ····when:·syscalls_found·|·length·==·02654 ····when:·syscalls_found·|·length·==·0
2655 ··when:2655 ··when:
2656 ··-·'"audit"·in·ansible_facts.packages' 
2657 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2656 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 2657 ··-·'"audit"·in·ansible_facts.packages'
2658 ··-·audit_arch·==·"b64"2658 ··-·audit_arch·==·"b64"
2659 ··tags:2659 ··tags:
2660 ··-·CCE-80685-12660 ··-·CCE-80685-1
2661 ··-·CJIS-5.4.1.12661 ··-·CJIS-5.4.1.1
2662 ··-·DISA-STIG-RHEL-08-0304902662 ··-·DISA-STIG-RHEL-08-030490
2663 ··-·NIST-800-171-3.1.72663 ··-·NIST-800-171-3.1.7
2664 ··-·NIST-800-53-AU-12(c)2664 ··-·NIST-800-53-AU-12(c)
Offset 2669, 15 lines modifiedOffset 2669, 15 lines modified
2669 ··-·low_complexity2669 ··-·low_complexity
2670 ··-·low_disruption2670 ··-·low_disruption
2671 ··-·medium_severity2671 ··-·medium_severity
2672 ··-·reboot_required2672 ··-·reboot_required
2673 ··-·restrict_strategy2673 ··-·restrict_strategy
2674 Remediation_Shell_script_⇲2674 Remediation_Shell_script_⇲
2675 #·Remediation·is·applicable·only·in·certain·platforms2675 #·Remediation·is·applicable·only·in·certain·platforms
2676 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then2676 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
2677 #·First·perform·the·remediation·of·the·syscall·rule2677 #·First·perform·the·remediation·of·the·syscall·rule
2678 #·Retrieve·hardware·architecture·of·the·underlying·system2678 #·Retrieve·hardware·architecture·of·the·underlying·system
2679 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")2679 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
2680 for·ARCH·in·"${RULE_ARCHS[@]}"2680 for·ARCH·in·"${RULE_ARCHS[@]}"
2681 do2681 do
Offset 3040, 16 lines modifiedOffset 3040, 16 lines modified
3040 ··-·reboot_required3040 ··-·reboot_required
3041 ··-·restrict_strategy3041 ··-·restrict_strategy
  
3042 -·name:·Set·architecture·for·audit·chown·tasks3042 -·name:·Set·architecture·for·audit·chown·tasks
3043 ··set_fact:3043 ··set_fact:
3044 ····audit_arch:·b643044 ····audit_arch:·b64
3045 ··when:3045 ··when:
3046 ··-·'"audit"·in·ansible_facts.packages' 
3047 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3046 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3047 ··-·'"audit"·in·ansible_facts.packages'
3048 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture3048 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
3049 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"3049 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
3050 ··tags:3050 ··tags:
3051 ··-·CCE-80686-93051 ··-·CCE-80686-9
3052 ··-·CJIS-5.4.1.13052 ··-·CJIS-5.4.1.1
3053 ··-·DISA-STIG-RHEL-08-0304803053 ··-·DISA-STIG-RHEL-08-030480
3054 ··-·NIST-800-171-3.1.73054 ··-·NIST-800-171-3.1.7
Offset 3189, 16 lines modifiedOffset 3189, 16 lines modified
3189 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10003189 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
3190 ········-F·auid!=unset·-F·key=perm_mod3190 ········-F·auid!=unset·-F·key=perm_mod
3191 ······create:·true3191 ······create:·true
3192 ······mode:·o-rwx3192 ······mode:·o-rwx
3193 ······state:·present3193 ······state:·present
3194 ····when:·syscalls_found·|·length·==·03194 ····when:·syscalls_found·|·length·==·0
3195 ··when:3195 ··when:
3196 ··-·'"audit"·in·ansible_facts.packages' 
3197 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3196 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3197 ··-·'"audit"·in·ansible_facts.packages'
3198 ··tags:3198 ··tags:
3199 ··-·CCE-80686-93199 ··-·CCE-80686-9
3200 ··-·CJIS-5.4.1.13200 ··-·CJIS-5.4.1.1
3201 ··-·DISA-STIG-RHEL-08-0304803201 ··-·DISA-STIG-RHEL-08-030480
3202 ··-·NIST-800-171-3.1.73202 ··-·NIST-800-171-3.1.7
3203 ··-·NIST-800-53-AU-12(c)3203 ··-·NIST-800-53-AU-12(c)
3204 ··-·NIST-800-53-AU-2(d)3204 ··-·NIST-800-53-AU-2(d)
Offset 3336, 16 lines modifiedOffset 3336, 16 lines modified
3336 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10003336 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
3337 ········-F·auid!=unset·-F·key=perm_mod3337 ········-F·auid!=unset·-F·key=perm_mod
3338 ······create:·true3338 ······create:·true
3339 ······mode:·o-rwx3339 ······mode:·o-rwx
3340 ······state:·present3340 ······state:·present
Max diff block lines reached; 205880/210334 bytes (97.88%) of diff not shown.
437 KB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-ism_o.html
    
Offset 14448, 15 lines modifiedOffset 14448, 15 lines modified
000386f0:·746f·7279·3c2f·6832·3e3c·703e·4375·7272··tory</h2><p>Curr000386f0:·746f·7279·3c2f·6832·3e3c·703e·4375·7272··tory</h2><p>Curr
00038700:·656e·7420·7665·7273·696f·6e3a·203c·7374··ent·version:·<st00038700:·656e·7420·7665·7273·696f·6e3a·203c·7374··ent·version:·<st
00038710:·726f·6e67·3e30·2e31·2e36·353c·2f73·7472··rong>0.1.65</str00038710:·726f·6e67·3e30·2e31·2e36·353c·2f73·7472··rong>0.1.65</str
00038720:·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c·693e··ong></p><ul><li>00038720:·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c·693e··ong></p><ul><li>
00038730:·3c73·7472·6f6e·673e·6472·6166·743c·2f73··<strong>draft</s00038730:·3c73·7472·6f6e·673e·6472·6166·743c·2f73··<strong>draft</s
00038740:·7472·6f6e·673e·0a20·2020·2020·2020·2020··trong>.·········00038740:·7472·6f6e·673e·0a20·2020·2020·2020·2020··trong>.·········
00038750:·2020·2020·2020·2020·2020·2028·6173·206f·············(as·o00038750:·2020·2020·2020·2020·2020·2028·6173·206f·············(as·o
00038760:·6620·3230·3234·2d30·312d·3134·290a·2020··f·2024-01-14).··00038760:·6620·3230·3235·2d30·322d·3135·290a·2020··f·2025-02-15).··
00038770:·2020·2020·2020·2020·2020·2020·2020·3c2f················</00038770:·2020·2020·2020·2020·2020·2020·2020·3c2f················</
00038780:·6c69·3e3c·2f75·6c3e·3c2f·6469·763e·3c68··li></ul></div><h00038780:·6c69·3e3c·2f75·6c3e·3c2f·6469·763e·3c68··li></ul></div><h
00038790:·323e·5461·626c·6520·6f66·2043·6f6e·7465··2>Table·of·Conte00038790:·323e·5461·626c·6520·6f66·2043·6f6e·7465··2>Table·of·Conte
000387a0:·6e74·733c·2f68·323e·3c6f·6c3e·3c6c·693e··nts</h2><ol><li>000387a0:·6e74·733c·2f68·323e·3c6f·6c3e·3c6c·693e··nts</h2><ol><li>
000387b0:·3c61·2068·7265·663d·2223·7863·6364·665f··<a·href="#xccdf_000387b0:·3c61·2068·7265·663d·2223·7863·6364·665f··<a·href="#xccdf_
000387c0:·6f72·672e·7373·6770·726f·6a65·6374·2e63··org.ssgproject.c000387c0:·6f72·672e·7373·6770·726f·6a65·6374·2e63··org.ssgproject.c
000387d0:·6f6e·7465·6e74·5f67·726f·7570·5f73·7973··ontent_group_sys000387d0:·6f6e·7465·6e74·5f67·726f·7570·5f73·7973··ontent_group_sys
Offset 50155, 23 lines modifiedOffset 50155, 23 lines modified
000c3ea0:·640a·2020·2d20·7265·7374·7269·6374·5f73··d.··-·restrict_s000c3ea0:·640a·2020·2d20·7265·7374·7269·6374·5f73··d.··-·restrict_s
000c3eb0:·7472·6174·6567·790a·0a2d·206e·616d·653a··trategy..-·name:000c3eb0:·7472·6174·6567·790a·0a2d·206e·616d·653a··trategy..-·name:
000c3ec0:·2053·6574·2061·7263·6869·7465·6374·7572···Set·architectur000c3ec0:·2053·6574·2061·7263·6869·7465·6374·7572···Set·architectur
000c3ed0:·6520·666f·7220·6175·6469·7420·6368·6d6f··e·for·audit·chmo000c3ed0:·6520·666f·7220·6175·6469·7420·6368·6d6f··e·for·audit·chmo
000c3ee0:·6420·7461·736b·730a·2020·7365·745f·6661··d·tasks.··set_fa000c3ee0:·6420·7461·736b·730a·2020·7365·745f·6661··d·tasks.··set_fa
000c3ef0:·6374·3a0a·2020·2020·6175·6469·745f·6172··ct:.····audit_ar000c3ef0:·6374·3a0a·2020·2020·6175·6469·745f·6172··ct:.····audit_ar
000c3f00:·6368·3a20·6236·340a·2020·7768·656e·3a0a··ch:·b64.··when:.000c3f00:·6368·3a20·6236·340a·2020·7768·656e·3a0a··ch:·b64.··when:.
000c3f10:·2020·2d20·2722·6175·6469·7422·2069·6e20····-·'"audit"·in· 
000c3f20:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa 
000c3f30:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi 
000c3f40:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati 
000c3f50:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[ 
000c3f60:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc", 
000c3f70:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm 
000c3f80:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"000c3f10:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt
 000c3f20:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type·
 000c3f30:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker"
 000c3f40:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz
 000c3f50:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co
 000c3f60:·6e74·6169·6e65·7222·5d0a·2020·2d20·2722··ntainer"].··-·'"
 000c3f70:·6175·6469·7422·2069·6e20·616e·7369·626c··audit"·in·ansibl
 000c3f80:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
000c3f90:·5d0a·2020·2d20·616e·7369·626c·655f·6172··].··-·ansible_ar000c3f90:·270a·2020·2d20·616e·7369·626c·655f·6172··'.··-·ansible_ar
000c3fa0:·6368·6974·6563·7475·7265·203d·3d20·2261··chitecture·==·"a000c3fa0:·6368·6974·6563·7475·7265·203d·3d20·2261··chitecture·==·"a
000c3fb0:·6172·6368·3634·2220·6f72·2061·6e73·6962··arch64"·or·ansib000c3fb0:·6172·6368·3634·2220·6f72·2061·6e73·6962··arch64"·or·ansib
000c3fc0:·6c65·5f61·7263·6869·7465·6374·7572·6520··le_architecture·000c3fc0:·6c65·5f61·7263·6869·7465·6374·7572·6520··le_architecture·
000c3fd0:·3d3d·2022·7070·6336·3422·206f·7220·616e··==·"ppc64"·or·an000c3fd0:·3d3d·2022·7070·6336·3422·206f·7220·616e··==·"ppc64"·or·an
000c3fe0:·7369·626c·655f·6172·6368·6974·6563·7475··sible_architectu000c3fe0:·7369·626c·655f·6172·6368·6974·6563·7475··sible_architectu
000c3ff0:·7265·0a20·2020·203d·3d20·2270·7063·3634··re.····==·"ppc64000c3ff0:·7265·0a20·2020·203d·3d20·2270·7063·3634··re.····==·"ppc64
000c4000:·6c65·2220·6f72·2061·6e73·6962·6c65·5f61··le"·or·ansible_a000c4000:·6c65·2220·6f72·2061·6e73·6962·6c65·5f61··le"·or·ansible_a
Offset 50479, 23 lines modifiedOffset 50479, 23 lines modified
000c52e0:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······000c52e0:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······
000c52f0:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···000c52f0:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···
000c5300:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·000c5300:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·
000c5310:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres000c5310:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres
000c5320:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy000c5320:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy
000c5330:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l000c5330:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l
000c5340:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe000c5340:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe
000c5350:·6e3a·0a20·202d·2027·2261·7564·6974·2220··n:.··-·'"audit"· 
000c5360:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
000c5370:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a 
000c5380:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz 
000c5390:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i 
000c53a0:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx 
000c53b0:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p 
000c53c0:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain000c5350:·6e3a·0a20·202d·2061·6e73·6962·6c65·5f76··n:.··-·ansible_v
 000c5360:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
 000c5370:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
 000c5380:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
 000c5390:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
 000c53a0:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··-
 000c53b0:·2027·2261·7564·6974·2220·696e·2061·6e73···'"audit"·in·ans
 000c53c0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
000c53d0:·6572·225d·0a20·2074·6167·733a·0a20·202d··er"].··tags:.··-000c53d0:·6765·7327·0a20·2074·6167·733a·0a20·202d··ges'.··tags:.··-
000c53e0:·2043·4345·2d38·3036·3835·2d31·0a20·202d···CCE-80685-1.··-000c53e0:·2043·4345·2d38·3036·3835·2d31·0a20·202d···CCE-80685-1.··-
000c53f0:·2043·4a49·532d·352e·342e·312e·310a·2020···CJIS-5.4.1.1.··000c53f0:·2043·4a49·532d·352e·342e·312e·310a·2020···CJIS-5.4.1.1.··
000c5400:·2d20·4449·5341·2d53·5449·472d·5248·454c··-·DISA-STIG-RHEL000c5400:·2d20·4449·5341·2d53·5449·472d·5248·454c··-·DISA-STIG-RHEL
000c5410:·2d30·382d·3033·3034·3930·0a20·202d·204e··-08-030490.··-·N000c5410:·2d30·382d·3033·3034·3930·0a20·202d·204e··-08-030490.··-·N
000c5420:·4953·542d·3830·302d·3137·312d·332e·312e··IST-800-171-3.1.000c5420:·4953·542d·3830·302d·3137·312d·332e·312e··IST-800-171-3.1.
000c5430:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5000c5430:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5
000c5440:·332d·4155·2d31·3228·6329·0a20·202d·204e··3-AU-12(c).··-·N000c5440:·332d·4155·2d31·3228·6329·0a20·202d·204e··3-AU-12(c).··-·N
Offset 50792, 22 lines modifiedOffset 50792, 22 lines modified
000c6670:·6d6f·640a·2020·2020·2020·6372·6561·7465··mod.······create000c6670:·6d6f·640a·2020·2020·2020·6372·6561·7465··mod.······create
000c6680:·3a20·7472·7565·0a20·2020·2020·206d·6f64··:·true.······mod000c6680:·3a20·7472·7565·0a20·2020·2020·206d·6f64··:·true.······mod
000c6690:·653a·206f·2d72·7778·0a20·2020·2020·2073··e:·o-rwx.······s000c6690:·653a·206f·2d72·7778·0a20·2020·2020·2073··e:·o-rwx.······s
000c66a0:·7461·7465·3a20·7072·6573·656e·740a·2020··tate:·present.··000c66a0:·7461·7465·3a20·7072·6573·656e·740a·2020··tate:·present.··
000c66b0:·2020·7768·656e·3a20·7379·7363·616c·6c73····when:·syscalls000c66b0:·2020·7768·656e·3a20·7379·7363·616c·6c73····when:·syscalls
000c66c0:·5f66·6f75·6e64·207c·206c·656e·6774·6820··_found·|·length·000c66c0:·5f66·6f75·6e64·207c·206c·656e·6774·6820··_found·|·length·
000c66d0:·3d3d·2030·0a20·2077·6865·6e3a·0a20·202d··==·0.··when:.··-000c66d0:·3d3d·2030·0a20·2077·6865·6e3a·0a20·202d··==·0.··when:.··-
000c66e0:·2027·2261·7564·6974·2220·696e·2061·6e73···'"audit"·in·ans 
000c66f0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa 
000c6700:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible 
000c6710:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_ 
000c6720:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do 
000c6730:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o 
000c6740:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman" 
000c6750:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·000c66e0:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
 000c66f0:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
 000c6700:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
 000c6710:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
 000c6720:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
 000c6730:·696e·6572·225d·0a20·202d·2027·2261·7564··iner"].··-·'"aud
 000c6740:·6974·2220·696e·2061·6e73·6962·6c65·5f66··it"·in·ansible_f
 000c6750:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
000c6760:·202d·2061·7564·6974·5f61·7263·6820·3d3d···-·audit_arch·==000c6760:·202d·2061·7564·6974·5f61·7263·6820·3d3d···-·audit_arch·==
000c6770:·2022·6236·3422·0a20·2074·6167·733a·0a20···"b64".··tags:.·000c6770:·2022·6236·3422·0a20·2074·6167·733a·0a20···"b64".··tags:.·
000c6780:·202d·2043·4345·2d38·3036·3835·2d31·0a20···-·CCE-80685-1.·000c6780:·202d·2043·4345·2d38·3036·3835·2d31·0a20···-·CCE-80685-1.·
000c6790:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.000c6790:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.
000c67a0:·2020·2d20·4449·5341·2d53·5449·472d·5248····-·DISA-STIG-RH000c67a0:·2020·2d20·4449·5341·2d53·5449·472d·5248····-·DISA-STIG-RH
000c67b0:·454c·2d30·382d·3033·3034·3930·0a20·202d··EL-08-030490.··-000c67b0:·454c·2d30·382d·3033·3034·3930·0a20·202d··EL-08-030490.··-
000c67c0:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.000c67c0:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.
Offset 50842, 21 lines modifiedOffset 50842, 21 lines modified
000c6990:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class000c6990:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
000c69a0:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse000c69a0:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
000c69b0:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i000c69b0:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
000c69c0:·646d·3235·3833·3022·3e3c·7072·653e·3c63··dm25830"><pre><c000c69c0:·646d·3235·3833·3022·3e3c·7072·653e·3c63··dm25830"><pre><c
000c69d0:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio000c69d0:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio
000c69e0:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·000c69e0:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·
000c69f0:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·000c69f0:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·
000c6a00:·706c·6174·666f·726d·730a·6966·2072·706d··platforms.if·rpm000c6a00:·706c·6174·666f·726d·730a·6966·205b·2021··platforms.if·[·!
000c6a10:·202d·2d71·7569·6574·202d·7120·6175·6469···--quiet·-q·audi 
000c6a20:·7420·2661·6d70·3b26·616d·703b·205b·2021··t·&amp;&amp;·[·! 
000c6a30:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·000c6a10:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·
000c6a40:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!000c6a20:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!
000c6a50:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai000c6a30:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai
000c6a60:·6e65·7265·6e76·205d·3b20·7468·656e·0a0a··nerenv·];·then..000c6a40:·6e65·7265·6e76·205d·2026·616d·703b·2661··nerenv·]·&amp;&a
 000c6a50:·6d70·3b20·7270·6d20·2d2d·7175·6965·7420··mp;·rpm·--quiet·
 000c6a60:·2d71·2061·7564·6974·3b20·7468·656e·0a0a··-q·audit;·then..
000c6a70:·2320·4669·7273·7420·7065·7266·6f72·6d20··#·First·perform·000c6a70:·2320·4669·7273·7420·7065·7266·6f72·6d20··#·First·perform·
000c6a80:·7468·6520·7265·6d65·6469·6174·696f·6e20··the·remediation·000c6a80:·7468·6520·7265·6d65·6469·6174·696f·6e20··the·remediation·
000c6a90:·6f66·2074·6865·2073·7973·6361·6c6c·2072··of·the·syscall·r000c6a90:·6f66·2074·6865·2073·7973·6361·6c6c·2072··of·the·syscall·r
Max diff block lines reached; 334829/344274 bytes (97.26%) of diff not shown.
101 KB
html2text {}
    
Offset 55, 15 lines modifiedOffset 55, 15 lines modified
55 ····*·cpe:/o:redhat:enterprise_linux:8.655 ····*·cpe:/o:redhat:enterprise_linux:8.6
56 ····*·cpe:/o:redhat:enterprise_linux:8.756 ····*·cpe:/o:redhat:enterprise_linux:8.7
57 ····*·cpe:/o:redhat:enterprise_linux:8.857 ····*·cpe:/o:redhat:enterprise_linux:8.8
58 ····*·cpe:/o:redhat:enterprise_linux:8.958 ····*·cpe:/o:redhat:enterprise_linux:8.9
59 ····*·cpe:/o:redhat:enterprise_linux:859 ····*·cpe:/o:redhat:enterprise_linux:8
60 *****·Revision·History·*****60 *****·Revision·History·*****
61 Current·version:·0.1.6561 Current·version:·0.1.65
62 ····*·draft·(as·of·2024-01-14)62 ····*·draft·(as·of·2025-02-15)
63 *****·Table·of·Contents·*****63 *****·Table·of·Contents·*****
64 ···1.·System_Settings64 ···1.·System_Settings
65 ·········1.·Installing_and_Maintaining_Software65 ·········1.·Installing_and_Maintaining_Software
66 ·········2.·Account_and_Access_Control66 ·········2.·Account_and_Access_Control
67 ·········3.·System_Accounting_with_auditd67 ·········3.·System_Accounting_with_auditd
68 ·········4.·Configure_Syslog68 ·········4.·Configure_Syslog
69 ·········5.·Network_Configuration_and_Firewalls69 ·········5.·Network_Configuration_and_Firewalls
Offset 6517, 16 lines modifiedOffset 6517, 16 lines modified
6517 ··-·reboot_required6517 ··-·reboot_required
6518 ··-·restrict_strategy6518 ··-·restrict_strategy
  
6519 -·name:·Set·architecture·for·audit·chmod·tasks6519 -·name:·Set·architecture·for·audit·chmod·tasks
6520 ··set_fact:6520 ··set_fact:
6521 ····audit_arch:·b646521 ····audit_arch:·b64
6522 ··when:6522 ··when:
6523 ··-·'"audit"·in·ansible_facts.packages' 
6524 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]6523 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 6524 ··-·'"audit"·in·ansible_facts.packages'
6525 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture6525 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
6526 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"6526 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
6527 ··tags:6527 ··tags:
6528 ··-·CCE-80685-16528 ··-·CCE-80685-1
6529 ··-·CJIS-5.4.1.16529 ··-·CJIS-5.4.1.1
6530 ··-·DISA-STIG-RHEL-08-0304906530 ··-·DISA-STIG-RHEL-08-030490
6531 ··-·NIST-800-171-3.1.76531 ··-·NIST-800-171-3.1.7
Offset 6664, 16 lines modifiedOffset 6664, 16 lines modified
6664 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10006664 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
6665 ········-F·auid!=unset·-F·key=perm_mod6665 ········-F·auid!=unset·-F·key=perm_mod
6666 ······create:·true6666 ······create:·true
6667 ······mode:·o-rwx6667 ······mode:·o-rwx
6668 ······state:·present6668 ······state:·present
6669 ····when:·syscalls_found·|·length·==·06669 ····when:·syscalls_found·|·length·==·0
6670 ··when:6670 ··when:
6671 ··-·'"audit"·in·ansible_facts.packages' 
6672 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]6671 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 6672 ··-·'"audit"·in·ansible_facts.packages'
6673 ··tags:6673 ··tags:
6674 ··-·CCE-80685-16674 ··-·CCE-80685-1
6675 ··-·CJIS-5.4.1.16675 ··-·CJIS-5.4.1.1
6676 ··-·DISA-STIG-RHEL-08-0304906676 ··-·DISA-STIG-RHEL-08-030490
6677 ··-·NIST-800-171-3.1.76677 ··-·NIST-800-171-3.1.7
6678 ··-·NIST-800-53-AU-12(c)6678 ··-·NIST-800-53-AU-12(c)
6679 ··-·NIST-800-53-AU-2(d)6679 ··-·NIST-800-53-AU-2(d)
Offset 6809, 16 lines modifiedOffset 6809, 16 lines modified
6809 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10006809 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
6810 ········-F·auid!=unset·-F·key=perm_mod6810 ········-F·auid!=unset·-F·key=perm_mod
6811 ······create:·true6811 ······create:·true
6812 ······mode:·o-rwx6812 ······mode:·o-rwx
6813 ······state:·present6813 ······state:·present
6814 ····when:·syscalls_found·|·length·==·06814 ····when:·syscalls_found·|·length·==·0
6815 ··when:6815 ··when:
6816 ··-·'"audit"·in·ansible_facts.packages' 
6817 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]6816 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 6817 ··-·'"audit"·in·ansible_facts.packages'
6818 ··-·audit_arch·==·"b64"6818 ··-·audit_arch·==·"b64"
6819 ··tags:6819 ··tags:
6820 ··-·CCE-80685-16820 ··-·CCE-80685-1
6821 ··-·CJIS-5.4.1.16821 ··-·CJIS-5.4.1.1
6822 ··-·DISA-STIG-RHEL-08-0304906822 ··-·DISA-STIG-RHEL-08-030490
6823 ··-·NIST-800-171-3.1.76823 ··-·NIST-800-171-3.1.7
6824 ··-·NIST-800-53-AU-12(c)6824 ··-·NIST-800-53-AU-12(c)
Offset 6829, 15 lines modifiedOffset 6829, 15 lines modified
6829 ··-·low_complexity6829 ··-·low_complexity
6830 ··-·low_disruption6830 ··-·low_disruption
6831 ··-·medium_severity6831 ··-·medium_severity
6832 ··-·reboot_required6832 ··-·reboot_required
6833 ··-·restrict_strategy6833 ··-·restrict_strategy
6834 Remediation_Shell_script_⇲6834 Remediation_Shell_script_⇲
6835 #·Remediation·is·applicable·only·in·certain·platforms6835 #·Remediation·is·applicable·only·in·certain·platforms
6836 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then6836 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
6837 #·First·perform·the·remediation·of·the·syscall·rule6837 #·First·perform·the·remediation·of·the·syscall·rule
6838 #·Retrieve·hardware·architecture·of·the·underlying·system6838 #·Retrieve·hardware·architecture·of·the·underlying·system
6839 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")6839 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
6840 for·ARCH·in·"${RULE_ARCHS[@]}"6840 for·ARCH·in·"${RULE_ARCHS[@]}"
6841 do6841 do
Offset 7200, 16 lines modifiedOffset 7200, 16 lines modified
7200 ··-·reboot_required7200 ··-·reboot_required
7201 ··-·restrict_strategy7201 ··-·restrict_strategy
  
7202 -·name:·Set·architecture·for·audit·chown·tasks7202 -·name:·Set·architecture·for·audit·chown·tasks
7203 ··set_fact:7203 ··set_fact:
7204 ····audit_arch:·b647204 ····audit_arch:·b64
7205 ··when:7205 ··when:
7206 ··-·'"audit"·in·ansible_facts.packages' 
7207 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]7206 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 7207 ··-·'"audit"·in·ansible_facts.packages'
7208 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture7208 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
7209 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"7209 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
7210 ··tags:7210 ··tags:
7211 ··-·CCE-80686-97211 ··-·CCE-80686-9
7212 ··-·CJIS-5.4.1.17212 ··-·CJIS-5.4.1.1
7213 ··-·DISA-STIG-RHEL-08-0304807213 ··-·DISA-STIG-RHEL-08-030480
7214 ··-·NIST-800-171-3.1.77214 ··-·NIST-800-171-3.1.7
Offset 7349, 16 lines modifiedOffset 7349, 16 lines modified
7349 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10007349 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
7350 ········-F·auid!=unset·-F·key=perm_mod7350 ········-F·auid!=unset·-F·key=perm_mod
7351 ······create:·true7351 ······create:·true
7352 ······mode:·o-rwx7352 ······mode:·o-rwx
7353 ······state:·present7353 ······state:·present
7354 ····when:·syscalls_found·|·length·==·07354 ····when:·syscalls_found·|·length·==·0
7355 ··when:7355 ··when:
7356 ··-·'"audit"·in·ansible_facts.packages' 
7357 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]7356 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 7357 ··-·'"audit"·in·ansible_facts.packages'
7358 ··tags:7358 ··tags:
7359 ··-·CCE-80686-97359 ··-·CCE-80686-9
7360 ··-·CJIS-5.4.1.17360 ··-·CJIS-5.4.1.1
7361 ··-·DISA-STIG-RHEL-08-0304807361 ··-·DISA-STIG-RHEL-08-030480
7362 ··-·NIST-800-171-3.1.77362 ··-·NIST-800-171-3.1.7
7363 ··-·NIST-800-53-AU-12(c)7363 ··-·NIST-800-53-AU-12(c)
7364 ··-·NIST-800-53-AU-2(d)7364 ··-·NIST-800-53-AU-2(d)
Offset 7496, 16 lines modifiedOffset 7496, 16 lines modified
7496 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10007496 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
7497 ········-F·auid!=unset·-F·key=perm_mod7497 ········-F·auid!=unset·-F·key=perm_mod
7498 ······create:·true7498 ······create:·true
7499 ······mode:·o-rwx7499 ······mode:·o-rwx
7500 ······state:·present7500 ······state:·present
Max diff block lines reached; 98905/103364 bytes (95.69%) of diff not shown.
32.1 KB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-ospp.html
    
Offset 14442, 15 lines modifiedOffset 14442, 15 lines modified
00038690:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current00038690:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current
000386a0:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron000386a0:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron
000386b0:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong000386b0:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong
000386c0:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st000386c0:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st
000386d0:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro000386d0:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro
000386e0:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············000386e0:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············
000386f0:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·2000386f0:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·2
00038700:·3032·342d·3031·2d31·3429·0a20·2020·2020··024-01-14).·····00038700:·3032·352d·3032·2d31·3529·0a20·2020·2020··025-02-15).·····
00038710:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>00038710:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>
00038720:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T00038720:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T
00038730:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents00038730:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents
00038740:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·00038740:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·
00038750:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org00038750:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org
00038760:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont00038760:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont
00038770:·656e·745f·6772·6f75·705f·7379·7374·656d··ent_group_system00038770:·656e·745f·6772·6f75·705f·7379·7374·656d··ent_group_system
Offset 61030, 23 lines modifiedOffset 61030, 23 lines modified
000ee650:·2e63·6f6e·660a·2020·2020·7265·6765·7870··.conf.····regexp000ee650:·2e63·6f6e·660a·2020·2020·7265·6765·7870··.conf.····regexp
000ee660:·3a20·5e5c·732a·666c·7573·685c·732a·3d5c··:·^\s*flush\s*=\000ee660:·3a20·5e5c·732a·666c·7573·685c·732a·3d5c··:·^\s*flush\s*=\
000ee670:·732a·2e2a·240a·2020·2020·6c69·6e65·3a20··s*.*$.····line:·000ee670:·732a·2e2a·240a·2020·2020·6c69·6e65·3a20··s*.*$.····line:·
000ee680:·666c·7573·6820·3d20·7b7b·2076·6172·5f61··flush·=·{{·var_a000ee680:·666c·7573·6820·3d20·7b7b·2076·6172·5f61··flush·=·{{·var_a
000ee690:·7564·6974·645f·666c·7573·6820·7d7d·0a20··uditd_flush·}}.·000ee690:·7564·6974·645f·666c·7573·6820·7d7d·0a20··uditd_flush·}}.·
000ee6a0:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen000ee6a0:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen
000ee6b0:·740a·2020·2020·6372·6561·7465·3a20·7472··t.····create:·tr000ee6b0:·740a·2020·2020·6372·6561·7465·3a20·7472··t.····create:·tr
000ee6c0:·7565·0a20·2077·6865·6e3a·0a20·202d·2027··ue.··when:.··-·'000ee6c0:·7565·0a20·2077·6865·6e3a·0a20·202d·2061··ue.··when:.··-·a
000ee6d0:·2261·7564·6974·2220·696e·2061·6e73·6962··"audit"·in·ansib 
000ee6e0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package 
000ee6f0:·7327·0a20·202d·2061·6e73·6962·6c65·5f76··s'.··-·ansible_v 
000ee700:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty 
000ee710:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock 
000ee720:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope 
000ee730:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",· 
000ee740:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t000ee6d0:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
 000ee6e0:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
 000ee6f0:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
 000ee700:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
 000ee710:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
 000ee720:·6572·225d·0a20·202d·2027·2261·7564·6974··er"].··-·'"audit
 000ee730:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
 000ee740:·7473·2e70·6163·6b61·6765·7327·0a20·2074··ts.packages'.··t
000ee750:·6167·733a·0a20·202d·2043·4345·2d38·3036··ags:.··-·CCE-806000ee750:·6167·733a·0a20·202d·2043·4345·2d38·3036··ags:.··-·CCE-806
000ee760:·3830·2d32·0a20·202d·204e·4953·542d·3830··80-2.··-·NIST-80000ee760:·3830·2d32·0a20·202d·204e·4953·542d·3830··80-2.··-·NIST-80
000ee770:·302d·3137·312d·332e·332e·310a·2020·2d20··0-171-3.3.1.··-·000ee770:·302d·3137·312d·332e·332e·310a·2020·2d20··0-171-3.3.1.··-·
000ee780:·4e49·5354·2d38·3030·2d35·332d·4155·2d31··NIST-800-53-AU-1000ee780:·4e49·5354·2d38·3030·2d35·332d·4155·2d31··NIST-800-53-AU-1
000ee790:·310a·2020·2d20·4e49·5354·2d38·3030·2d35··1.··-·NIST-800-5000ee790:·310a·2020·2d20·4e49·5354·2d38·3030·2d35··1.··-·NIST-800-5
000ee7a0:·332d·434d·2d36·2861·290a·2020·2d20·6175··3-CM-6(a).··-·au000ee7a0:·332d·434d·2d36·2861·290a·2020·2d20·6175··3-CM-6(a).··-·au
000ee7b0:·6469·7464·5f64·6174·615f·7265·7465·6e74··ditd_data_retent000ee7b0:·6469·7464·5f64·6174·615f·7265·7465·6e74··ditd_data_retent
Offset 61073, 21 lines modifiedOffset 61073, 21 lines modified
000ee900:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class000ee900:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
000ee910:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse000ee910:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
000ee920:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i000ee920:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
000ee930:·646d·3338·3838·3122·3e3c·7072·653e·3c63··dm38881"><pre><c000ee930:·646d·3338·3838·3122·3e3c·7072·653e·3c63··dm38881"><pre><c
000ee940:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio000ee940:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio
000ee950:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·000ee950:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·
000ee960:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·000ee960:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·
000ee970:·706c·6174·666f·726d·730a·6966·2072·706d··platforms.if·rpm000ee970:·706c·6174·666f·726d·730a·6966·205b·2021··platforms.if·[·!
000ee980:·202d·2d71·7569·6574·202d·7120·6175·6469···--quiet·-q·audi 
000ee990:·7420·2661·6d70·3b26·616d·703b·205b·2021··t·&amp;&amp;·[·! 
000ee9a0:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·000ee980:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·
000ee9b0:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!000ee990:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!
000ee9c0:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai000ee9a0:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai
000ee9d0:·6e65·7265·6e76·205d·3b20·7468·656e·0a0a··nerenv·];·then..000ee9b0:·6e65·7265·6e76·205d·2026·616d·703b·2661··nerenv·]·&amp;&a
 000ee9c0:·6d70·3b20·7270·6d20·2d2d·7175·6965·7420··mp;·rpm·--quiet·
 000ee9d0:·2d71·2061·7564·6974·3b20·7468·656e·0a0a··-q·audit;·then..
000ee9e0:·7661·725f·6175·6469·7464·5f66·6c75·7368··var_auditd_flush000ee9e0:·7661·725f·6175·6469·7464·5f66·6c75·7368··var_auditd_flush
000ee9f0:·3d27·3c61·6262·7220·7469·746c·653d·2266··='<abbr·title="f000ee9f0:·3d27·3c61·6262·7220·7469·746c·653d·2266··='<abbr·title="f
000eea00:·726f·6d20·5072·6f66·696c·652f·7265·6669··rom·Profile/refi000eea00:·726f·6d20·5072·6f66·696c·652f·7265·6669··rom·Profile/refi
000eea10:·6e65·2d76·616c·7565·3a20·7863·6364·665f··ne-value:·xccdf_000eea10:·6e65·2d76·616c·7565·3a20·7863·6364·665f··ne-value:·xccdf_
000eea20:·6f72·672e·7373·6770·726f·6a65·6374·2e63··org.ssgproject.c000eea20:·6f72·672e·7373·6770·726f·6a65·6374·2e63··org.ssgproject.c
000eea30:·6f6e·7465·6e74·5f76·616c·7565·5f76·6172··ontent_value_var000eea30:·6f6e·7465·6e74·5f76·616c·7565·5f76·6172··ontent_value_var
000eea40:·5f61·7564·6974·645f·666c·7573·6822·3e69··_auditd_flush">i000eea40:·5f61·7564·6974·645f·666c·7573·6822·3e69··_auditd_flush">i
Offset 61575, 23 lines modifiedOffset 61575, 23 lines modified
000f0860:·7464·2e63·6f6e·660a·2020·2020·2020·6372··td.conf.······cr000f0860:·7464·2e63·6f6e·660a·2020·2020·2020·6372··td.conf.······cr
000f0870:·6561·7465·3a20·7472·7565·0a20·2020·2020··eate:·true.·····000f0870:·6561·7465·3a20·7472·7565·0a20·2020·2020··eate:·true.·····
000f0880:·2072·6567·6578·703a·2028·3f69·295e·5c73···regexp:·(?i)^\s000f0880:·2072·6567·6578·703a·2028·3f69·295e·5c73···regexp:·(?i)^\s
000f0890:·2a66·7265·715c·732a·3d5c·732a·0a20·2020··*freq\s*=\s*.···000f0890:·2a66·7265·715c·732a·3d5c·732a·0a20·2020··*freq\s*=\s*.···
000f08a0:·2020·206c·696e·653a·2066·7265·7120·3d20·····line:·freq·=·000f08a0:·2020·206c·696e·653a·2066·7265·7120·3d20·····line:·freq·=·
000f08b0:·3530·0a20·2020·2020·2073·7461·7465·3a20··50.······state:·000f08b0:·3530·0a20·2020·2020·2073·7461·7465·3a20··50.······state:·
000f08c0:·7072·6573·656e·740a·2020·7768·656e·3a0a··present.··when:.000f08c0:·7072·6573·656e·740a·2020·7768·656e·3a0a··present.··when:.
000f08d0:·2020·2d20·2722·6175·6469·7422·2069·6e20····-·'"audit"·in· 
000f08e0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa 
000f08f0:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi 
000f0900:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati 
000f0910:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[ 
000f0920:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc", 
000f0930:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm 
000f0940:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"000f08d0:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt
 000f08e0:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type·
 000f08f0:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker"
 000f0900:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz
 000f0910:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co
 000f0920:·6e74·6169·6e65·7222·5d0a·2020·2d20·2722··ntainer"].··-·'"
 000f0930:·6175·6469·7422·2069·6e20·616e·7369·626c··audit"·in·ansibl
 000f0940:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
000f0950:·5d0a·2020·7461·6773·3a0a·2020·2d20·4343··].··tags:.··-·CC000f0950:·270a·2020·7461·6773·3a0a·2020·2d20·4343··'.··tags:.··-·CC
000f0960:·452d·3832·3235·382d·350a·2020·2d20·4e49··E-82258-5.··-·NI000f0960:·452d·3832·3235·382d·350a·2020·2d20·4e49··E-82258-5.··-·NI
000f0970:·5354·2d38·3030·2d35·332d·434d·2d36·0a20··ST-800-53-CM-6.·000f0970:·5354·2d38·3030·2d35·332d·434d·2d36·0a20··ST-800-53-CM-6.·
000f0980:·202d·2061·7564·6974·645f·6672·6571·0a20···-·auditd_freq.·000f0980:·202d·2061·7564·6974·645f·6672·6571·0a20···-·auditd_freq.·
000f0990:·202d·206c·6f77·5f63·6f6d·706c·6578·6974···-·low_complexit000f0990:·202d·206c·6f77·5f63·6f6d·706c·6578·6974···-·low_complexit
000f09a0:·790a·2020·2d20·6c6f·775f·6469·7372·7570··y.··-·low_disrup000f09a0:·790a·2020·2d20·6c6f·775f·6469·7372·7570··y.··-·low_disrup
000f09b0:·7469·6f6e·0a20·202d·206d·6564·6975·6d5f··tion.··-·medium_000f09b0:·7469·6f6e·0a20·202d·206d·6564·6975·6d5f··tion.··-·medium_
000f09c0:·7365·7665·7269·7479·0a20·202d·206e·6f5f··severity.··-·no_000f09c0:·7365·7665·7269·7479·0a20·202d·206e·6f5f··severity.··-·no_
Offset 61626, 21 lines modifiedOffset 61626, 21 lines modified
000f0b90:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate000f0b90:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate
000f0ba0:·6779·3a3c·2f74·683e·3c74·643e·7265·7374··gy:</th><td>rest000f0ba0:·6779·3a3c·2f74·683e·3c74·643e·7265·7374··gy:</th><td>rest
000f0bb0:·7269·6374·3c2f·7464·3e3c·2f74·723e·3c2f··rict</td></tr></000f0bb0:·7269·6374·3c2f·7464·3e3c·2f74·723e·3c2f··rict</td></tr></
000f0bc0:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code000f0bc0:·7461·626c·653e·3c70·7265·3e3c·636f·6465··table><pre><code
000f0bd0:·3e23·2052·656d·6564·6961·7469·6f6e·2069··>#·Remediation·i000f0bd0:·3e23·2052·656d·6564·6961·7469·6f6e·2069··>#·Remediation·i
000f0be0:·7320·6170·706c·6963·6162·6c65·206f·6e6c··s·applicable·onl000f0be0:·7320·6170·706c·6963·6162·6c65·206f·6e6c··s·applicable·onl
000f0bf0:·7920·696e·2063·6572·7461·696e·2070·6c61··y·in·certain·pla000f0bf0:·7920·696e·2063·6572·7461·696e·2070·6c61··y·in·certain·pla
000f0c00:·7466·6f72·6d73·0a69·6620·7270·6d20·2d2d··tforms.if·rpm·--000f0c00:·7466·6f72·6d73·0a69·6620·5b20·2120·2d66··tforms.if·[·!·-f
000f0c10:·7175·6965·7420·2d71·2061·7564·6974·2026··quiet·-q·audit·&000f0c10:·202f·2e64·6f63·6b65·7265·6e76·205d·2026···/.dockerenv·]·&
000f0c20:·616d·703b·2661·6d70·3b20·5b20·2120·2d66··amp;&amp;·[·!·-f000f0c20:·616d·703b·2661·6d70·3b20·5b20·2120·2d66··amp;&amp;·[·!·-f
000f0c30:·202f·2e64·6f63·6b65·7265·6e76·205d·2026···/.dockerenv·]·& 
000f0c40:·616d·703b·2661·6d70·3b20·5b20·2120·2d66··amp;&amp;·[·!·-f 
000f0c50:·202f·7275·6e2f·2e63·6f6e·7461·696e·6572···/run/.container000f0c30:·202f·7275·6e2f·2e63·6f6e·7461·696e·6572···/run/.container
 000f0c40:·656e·7620·5d20·2661·6d70·3b26·616d·703b··env·]·&amp;&amp;
 000f0c50:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q·
000f0c60:·656e·7620·5d3b·2074·6865·6e0a·0a69·6620··env·];·then..if·000f0c60:·6175·6469·743b·2074·6865·6e0a·0a69·6620··audit;·then..if·
000f0c70:·5b20·2d65·2022·2f65·7463·2f61·7564·6974··[·-e·"/etc/audit000f0c70:·5b20·2d65·2022·2f65·7463·2f61·7564·6974··[·-e·"/etc/audit
000f0c80:·2f61·7564·6974·642e·636f·6e66·2220·5d20··/auditd.conf"·]·000f0c80:·2f61·7564·6974·642e·636f·6e66·2220·5d20··/auditd.conf"·]·
000f0c90:·3b20·7468·656e·0a20·2020·200a·2020·2020··;·then.····.····000f0c90:·3b20·7468·656e·0a20·2020·200a·2020·2020··;·then.····.····
000f0ca0:·4c43·5f41·4c4c·3d43·2073·6564·202d·6920··LC_ALL=C·sed·-i·000f0ca0:·4c43·5f41·4c4c·3d43·2073·6564·202d·6920··LC_ALL=C·sed·-i·
000f0cb0:·222f·5e5c·732a·6672·6571·5c73·2a3d·5c73··"/^\s*freq\s*=\s000f0cb0:·222f·5e5c·732a·6672·6571·5c73·2a3d·5c73··"/^\s*freq\s*=\s
000f0cc0:·2a2f·4964·2220·222f·6574·632f·6175·6469··*/Id"·"/etc/audi000f0cc0:·2a2f·4964·2220·222f·6574·632f·6175·6469··*/Id"·"/etc/audi
000f0cd0:·742f·6175·6469·7464·2e63·6f6e·6622·0a65··t/auditd.conf".e000f0cd0:·742f·6175·6469·7464·2e63·6f6e·6622·0a65··t/auditd.conf".e
Offset 62088, 23 lines modifiedOffset 62088, 23 lines modified
000f2870:·2020·2020·2063·7265·6174·653a·2074·7275·······create:·tru000f2870:·2020·2020·2063·7265·6174·653a·2074·7275·······create:·tru
Max diff block lines reached; 16259/25868 bytes (62.85%) of diff not shown.
6.72 KB
html2text {}
    
Offset 53, 15 lines modifiedOffset 53, 15 lines modified
53 ····*·cpe:/o:redhat:enterprise_linux:8.653 ····*·cpe:/o:redhat:enterprise_linux:8.6
54 ····*·cpe:/o:redhat:enterprise_linux:8.754 ····*·cpe:/o:redhat:enterprise_linux:8.7
55 ····*·cpe:/o:redhat:enterprise_linux:8.855 ····*·cpe:/o:redhat:enterprise_linux:8.8
56 ····*·cpe:/o:redhat:enterprise_linux:8.956 ····*·cpe:/o:redhat:enterprise_linux:8.9
57 ····*·cpe:/o:redhat:enterprise_linux:857 ····*·cpe:/o:redhat:enterprise_linux:8
58 *****·Revision·History·*****58 *****·Revision·History·*****
59 Current·version:·0.1.6559 Current·version:·0.1.65
60 ····*·draft·(as·of·2024-01-14)60 ····*·draft·(as·of·2025-02-15)
61 *****·Table·of·Contents·*****61 *****·Table·of·Contents·*****
62 ···1.·System_Settings62 ···1.·System_Settings
63 ·········1.·Installing_and_Maintaining_Software63 ·········1.·Installing_and_Maintaining_Software
64 ·········2.·Account_and_Access_Control64 ·········2.·Account_and_Access_Control
65 ·········3.·System_Accounting_with_auditd65 ·········3.·System_Accounting_with_auditd
66 ·········4.·GRUB2_bootloader_configuration66 ·········4.·GRUB2_bootloader_configuration
67 ·········5.·zIPL_bootloader_configuration67 ·········5.·zIPL_bootloader_configuration
Offset 7940, 30 lines modifiedOffset 7940, 30 lines modified
7940 ··lineinfile:7940 ··lineinfile:
7941 ····dest:·/etc/audit/auditd.conf7941 ····dest:·/etc/audit/auditd.conf
7942 ····regexp:·^\s*flush\s*=\s*.*$7942 ····regexp:·^\s*flush\s*=\s*.*$
7943 ····line:·flush·=·{{·var_auditd_flush·}}7943 ····line:·flush·=·{{·var_auditd_flush·}}
7944 ····state:·present7944 ····state:·present
7945 ····create:·true7945 ····create:·true
7946 ··when:7946 ··when:
7947 ··-·'"audit"·in·ansible_facts.packages' 
7948 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]7947 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 7948 ··-·'"audit"·in·ansible_facts.packages'
7949 ··tags:7949 ··tags:
7950 ··-·CCE-80680-27950 ··-·CCE-80680-2
7951 ··-·NIST-800-171-3.3.17951 ··-·NIST-800-171-3.3.1
7952 ··-·NIST-800-53-AU-117952 ··-·NIST-800-53-AU-11
7953 ··-·NIST-800-53-CM-6(a)7953 ··-·NIST-800-53-CM-6(a)
7954 ··-·auditd_data_retention_flush7954 ··-·auditd_data_retention_flush
7955 ··-·low_complexity7955 ··-·low_complexity
7956 ··-·low_disruption7956 ··-·low_disruption
7957 ··-·medium_severity7957 ··-·medium_severity
7958 ··-·no_reboot_needed7958 ··-·no_reboot_needed
7959 ··-·restrict_strategy7959 ··-·restrict_strategy
7960 Remediation_Shell_script_⇲7960 Remediation_Shell_script_⇲
7961 #·Remediation·is·applicable·only·in·certain·platforms7961 #·Remediation·is·applicable·only·in·certain·platforms
7962 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then7962 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
7963 var_auditd_flush='incremental_async'7963 var_auditd_flush='incremental_async'
  
  
7964 AUDITCONFIG=/etc/audit/auditd.conf7964 AUDITCONFIG=/etc/audit/auditd.conf
  
7965 #·if·flush·is·present,·flush·param·edited·to·var_auditd_flush7965 #·if·flush·is·present,·flush·param·edited·to·var_auditd_flush
Offset 8062, 31 lines modifiedOffset 8062, 31 lines modified
8062 ····lineinfile:8062 ····lineinfile:
8063 ······path:·/etc/audit/auditd.conf8063 ······path:·/etc/audit/auditd.conf
8064 ······create:·true8064 ······create:·true
8065 ······regexp:·(?i)^\s*freq\s*=\s*8065 ······regexp:·(?i)^\s*freq\s*=\s*
8066 ······line:·freq·=·508066 ······line:·freq·=·50
8067 ······state:·present8067 ······state:·present
8068 ··when:8068 ··when:
8069 ··-·'"audit"·in·ansible_facts.packages' 
8070 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8069 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 8070 ··-·'"audit"·in·ansible_facts.packages'
8071 ··tags:8071 ··tags:
8072 ··-·CCE-82258-58072 ··-·CCE-82258-5
8073 ··-·NIST-800-53-CM-68073 ··-·NIST-800-53-CM-6
8074 ··-·auditd_freq8074 ··-·auditd_freq
8075 ··-·low_complexity8075 ··-·low_complexity
8076 ··-·low_disruption8076 ··-·low_disruption
8077 ··-·medium_severity8077 ··-·medium_severity
8078 ··-·no_reboot_needed8078 ··-·no_reboot_needed
8079 ··-·restrict_strategy8079 ··-·restrict_strategy
8080 Remediation_Shell_script_⇲8080 Remediation_Shell_script_⇲
8081 Complexity:·low8081 Complexity:·low
8082 Disruption:·low8082 Disruption:·low
8083 Strategy:···restrict8083 Strategy:···restrict
8084 #·Remediation·is·applicable·only·in·certain·platforms8084 #·Remediation·is·applicable·only·in·certain·platforms
8085 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then8085 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
8086 if·[·-e·"/etc/audit/auditd.conf"·]·;·then8086 if·[·-e·"/etc/audit/auditd.conf"·]·;·then
  
8087 ····LC_ALL=C·sed·-i·"/^\s*freq\s*=\s*/Id"·"/etc/audit/auditd.conf"8087 ····LC_ALL=C·sed·-i·"/^\s*freq\s*=\s*/Id"·"/etc/audit/auditd.conf"
8088 else8088 else
8089 ····touch·"/etc/audit/auditd.conf"8089 ····touch·"/etc/audit/auditd.conf"
8090 fi8090 fi
Offset 8171, 16 lines modifiedOffset 8171, 16 lines modified
8171 ····lineinfile:8171 ····lineinfile:
8172 ······path:·/etc/audit/auditd.conf8172 ······path:·/etc/audit/auditd.conf
8173 ······create:·true8173 ······create:·true
8174 ······regexp:·(?i)^\s*local_events\s*=\s*8174 ······regexp:·(?i)^\s*local_events\s*=\s*
8175 ······line:·local_events·=·yes8175 ······line:·local_events·=·yes
8176 ······state:·present8176 ······state:·present
8177 ··when:8177 ··when:
8178 ··-·'"audit"·in·ansible_facts.packages' 
8179 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8178 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 8179 ··-·'"audit"·in·ansible_facts.packages'
8180 ··tags:8180 ··tags:
8181 ··-·CCE-82233-88181 ··-·CCE-82233-8
8182 ··-·DISA-STIG-RHEL-08-0300618182 ··-·DISA-STIG-RHEL-08-030061
8183 ··-·NIST-800-53-CM-68183 ··-·NIST-800-53-CM-6
8184 ··-·auditd_local_events8184 ··-·auditd_local_events
8185 ··-·low_complexity8185 ··-·low_complexity
8186 ··-·low_disruption8186 ··-·low_disruption
Offset 8188, 15 lines modifiedOffset 8188, 15 lines modified
8188 ··-·no_reboot_needed8188 ··-·no_reboot_needed
8189 ··-·restrict_strategy8189 ··-·restrict_strategy
8190 Remediation_Shell_script_⇲8190 Remediation_Shell_script_⇲
8191 Complexity:·low8191 Complexity:·low
8192 Disruption:·low8192 Disruption:·low
8193 Strategy:···restrict8193 Strategy:···restrict
8194 #·Remediation·is·applicable·only·in·certain·platforms8194 #·Remediation·is·applicable·only·in·certain·platforms
8195 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then8195 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
8196 if·[·-e·"/etc/audit/auditd.conf"·]·;·then8196 if·[·-e·"/etc/audit/auditd.conf"·]·;·then
  
8197 ····LC_ALL=C·sed·-i·"/^\s*local_events\s*=\s*/Id"·"/etc/audit/auditd.conf"8197 ····LC_ALL=C·sed·-i·"/^\s*local_events\s*=\s*/Id"·"/etc/audit/auditd.conf"
8198 else8198 else
8199 ····touch·"/etc/audit/auditd.conf"8199 ····touch·"/etc/audit/auditd.conf"
8200 fi8200 fi
Offset 8282, 16 lines modifiedOffset 8282, 16 lines modified
8282 ····lineinfile:8282 ····lineinfile:
8283 ······path:·/etc/audit/auditd.conf8283 ······path:·/etc/audit/auditd.conf
8284 ······create:·true8284 ······create:·true
8285 ······regexp:·(?i)^\s*log_format\s*=\s*8285 ······regexp:·(?i)^\s*log_format\s*=\s*
8286 ······line:·log_format·=·ENRICHED8286 ······line:·log_format·=·ENRICHED
8287 ······state:·present8287 ······state:·present
8288 ··when:8288 ··when:
8289 ··-·'"audit"·in·ansible_facts.packages' 
8290 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8289 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 8290 ··-·'"audit"·in·ansible_facts.packages'
8291 ··tags:8291 ··tags:
8292 ··-·CCE-82201-58292 ··-·CCE-82201-5
Max diff block lines reached; 2728/6856 bytes (39.79%) of diff not shown.
802 KB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-pci-dss.html
    
Offset 14419, 15 lines modifiedOffset 14419, 15 lines modified
00038520:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C00038520:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C
00038530:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·00038530:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·
00038540:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</00038540:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</
00038550:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><00038550:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><
00038560:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft00038560:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft
00038570:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······00038570:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······
00038580:·2020·2020·2020·2020·2020·2020·2020·2861················(a00038580:·2020·2020·2020·2020·2020·2020·2020·2861················(a
00038590:·7320·6f66·2032·3032·342d·3031·2d31·3429··s·of·2024-01-14)00038590:·7320·6f66·2032·3032·352d·3032·2d31·3529··s·of·2025-02-15)
000385a0:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············000385a0:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············
000385b0:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div000385b0:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div
000385c0:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co000385c0:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co
000385d0:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><000385d0:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><
000385e0:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc000385e0:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc
000385f0:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec000385f0:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec
00038600:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_00038600:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_
Offset 56299, 23 lines modifiedOffset 56299, 23 lines modified
000dbea0:·6972·6564·0a20·202d·2072·6573·7472·6963··ired.··-·restric000dbea0:·6972·6564·0a20·202d·2072·6573·7472·6963··ired.··-·restric
000dbeb0:·745f·7374·7261·7465·6779·0a0a·2d20·6e61··t_strategy..-·na000dbeb0:·745f·7374·7261·7465·6779·0a0a·2d20·6e61··t_strategy..-·na
000dbec0:·6d65·3a20·5365·7420·6172·6368·6974·6563··me:·Set·architec000dbec0:·6d65·3a20·5365·7420·6172·6368·6974·6563··me:·Set·architec
000dbed0:·7475·7265·2066·6f72·2061·7564·6974·2063··ture·for·audit·c000dbed0:·7475·7265·2066·6f72·2061·7564·6974·2063··ture·for·audit·c
000dbee0:·686d·6f64·2074·6173·6b73·0a20·2073·6574··hmod·tasks.··set000dbee0:·686d·6f64·2074·6173·6b73·0a20·2073·6574··hmod·tasks.··set
000dbef0:·5f66·6163·743a·0a20·2020·2061·7564·6974··_fact:.····audit000dbef0:·5f66·6163·743a·0a20·2020·2061·7564·6974··_fact:.····audit
000dbf00:·5f61·7263·683a·2062·3634·0a20·2077·6865··_arch:·b64.··whe000dbf00:·5f61·7263·683a·2062·3634·0a20·2077·6865··_arch:·b64.··whe
000dbf10:·6e3a·0a20·202d·2027·2261·7564·6974·2220··n:.··-·'"audit"· 
000dbf20:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
000dbf30:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a 
000dbf40:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz 
000dbf50:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i 
000dbf60:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx 
000dbf70:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p 
000dbf80:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain000dbf10:·6e3a·0a20·202d·2061·6e73·6962·6c65·5f76··n:.··-·ansible_v
 000dbf20:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
 000dbf30:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
 000dbf40:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
 000dbf50:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
 000dbf60:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··-
 000dbf70:·2027·2261·7564·6974·2220·696e·2061·6e73···'"audit"·in·ans
 000dbf80:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
000dbf90:·6572·225d·0a20·202d·2061·6e73·6962·6c65··er"].··-·ansible000dbf90:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible
000dbfa0:·5f61·7263·6869·7465·6374·7572·6520·3d3d··_architecture·==000dbfa0:·5f61·7263·6869·7465·6374·7572·6520·3d3d··_architecture·==
000dbfb0:·2022·6161·7263·6836·3422·206f·7220·616e···"aarch64"·or·an000dbfb0:·2022·6161·7263·6836·3422·206f·7220·616e···"aarch64"·or·an
000dbfc0:·7369·626c·655f·6172·6368·6974·6563·7475··sible_architectu000dbfc0:·7369·626c·655f·6172·6368·6974·6563·7475··sible_architectu
000dbfd0:·7265·203d·3d20·2270·7063·3634·2220·6f72··re·==·"ppc64"·or000dbfd0:·7265·203d·3d20·2270·7063·3634·2220·6f72··re·==·"ppc64"·or
000dbfe0:·2061·6e73·6962·6c65·5f61·7263·6869·7465···ansible_archite000dbfe0:·2061·6e73·6962·6c65·5f61·7263·6869·7465···ansible_archite
000dbff0:·6374·7572·650a·2020·2020·3d3d·2022·7070··cture.····==·"pp000dbff0:·6374·7572·650a·2020·2020·3d3d·2022·7070··cture.····==·"pp
000dc000:·6336·346c·6522·206f·7220·616e·7369·626c··c64le"·or·ansibl000dc000:·6336·346c·6522·206f·7220·616e·7369·626c··c64le"·or·ansibl
Offset 56623, 23 lines modifiedOffset 56623, 23 lines modified
000dd2e0:·6b65·793d·7065·726d·5f6d·6f64·0a20·2020··key=perm_mod.···000dd2e0:·6b65·793d·7065·726d·5f6d·6f64·0a20·2020··key=perm_mod.···
000dd2f0:·2020·2063·7265·6174·653a·2074·7275·650a·····create:·true.000dd2f0:·2020·2063·7265·6174·653a·2074·7275·650a·····create:·true.
000dd300:·2020·2020·2020·6d6f·6465·3a20·6f2d·7277········mode:·o-rw000dd300:·2020·2020·2020·6d6f·6465·3a20·6f2d·7277········mode:·o-rw
000dd310:·780a·2020·2020·2020·7374·6174·653a·2070··x.······state:·p000dd310:·780a·2020·2020·2020·7374·6174·653a·2070··x.······state:·p
000dd320:·7265·7365·6e74·0a20·2020·2077·6865·6e3a··resent.····when:000dd320:·7265·7365·6e74·0a20·2020·2077·6865·6e3a··resent.····when:
000dd330:·2073·7973·6361·6c6c·735f·666f·756e·6420···syscalls_found·000dd330:·2073·7973·6361·6c6c·735f·666f·756e·6420···syscalls_found·
000dd340:·7c20·6c65·6e67·7468·203d·3d20·300a·2020··|·length·==·0.··000dd340:·7c20·6c65·6e67·7468·203d·3d20·300a·2020··|·length·==·0.··
000dd350:·7768·656e·3a0a·2020·2d20·2722·6175·6469··when:.··-·'"audi000dd350:·7768·656e·3a0a·2020·2d20·616e·7369·626c··when:.··-·ansibl
000dd360:·7422·2069·6e20·616e·7369·626c·655f·6661··t"·in·ansible_fa 
000dd370:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.·· 
000dd380:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua 
000dd390:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no 
000dd3a0:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",· 
000dd3b0:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz", 
000dd3c0:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont000dd360:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
 000dd370:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
 000dd380:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
 000dd390:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
 000dd3a0:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].
 000dd3b0:·2020·2d20·2722·6175·6469·7422·2069·6e20····-·'"audit"·in·
 000dd3c0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
000dd3d0:·6169·6e65·7222·5d0a·2020·7461·6773·3a0a··ainer"].··tags:.000dd3d0:·636b·6167·6573·270a·2020·7461·6773·3a0a··ckages'.··tags:.
000dd3e0:·2020·2d20·4343·452d·3830·3638·352d·310a····-·CCE-80685-1.000dd3e0:·2020·2d20·4343·452d·3830·3638·352d·310a····-·CCE-80685-1.
000dd3f0:·2020·2d20·434a·4953·2d35·2e34·2e31·2e31····-·CJIS-5.4.1.1000dd3f0:·2020·2d20·434a·4953·2d35·2e34·2e31·2e31····-·CJIS-5.4.1.1
000dd400:·0a20·202d·2044·4953·412d·5354·4947·2d52··.··-·DISA-STIG-R000dd400:·0a20·202d·2044·4953·412d·5354·4947·2d52··.··-·DISA-STIG-R
000dd410:·4845·4c2d·3038·2d30·3330·3439·300a·2020··HEL-08-030490.··000dd410:·4845·4c2d·3038·2d30·3330·3439·300a·2020··HEL-08-030490.··
000dd420:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-3000dd420:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-3
000dd430:·2e31·2e37·0a20·202d·204e·4953·542d·3830··.1.7.··-·NIST-80000dd430:·2e31·2e37·0a20·202d·204e·4953·542d·3830··.1.7.··-·NIST-80
000dd440:·302d·3533·2d41·552d·3132·2863·290a·2020··0-53-AU-12(c).··000dd440:·302d·3533·2d41·552d·3132·2863·290a·2020··0-53-AU-12(c).··
Offset 56936, 23 lines modifiedOffset 56936, 23 lines modified
000de670:·726d·5f6d·6f64·0a20·2020·2020·2063·7265··rm_mod.······cre000de670:·726d·5f6d·6f64·0a20·2020·2020·2063·7265··rm_mod.······cre
000de680:·6174·653a·2074·7275·650a·2020·2020·2020··ate:·true.······000de680:·6174·653a·2074·7275·650a·2020·2020·2020··ate:·true.······
000de690:·6d6f·6465·3a20·6f2d·7277·780a·2020·2020··mode:·o-rwx.····000de690:·6d6f·6465·3a20·6f2d·7277·780a·2020·2020··mode:·o-rwx.····
000de6a0:·2020·7374·6174·653a·2070·7265·7365·6e74····state:·present000de6a0:·2020·7374·6174·653a·2070·7265·7365·6e74····state:·present
000de6b0:·0a20·2020·2077·6865·6e3a·2073·7973·6361··.····when:·sysca000de6b0:·0a20·2020·2077·6865·6e3a·2073·7973·6361··.····when:·sysca
000de6c0:·6c6c·735f·666f·756e·6420·7c20·6c65·6e67··lls_found·|·leng000de6c0:·6c6c·735f·666f·756e·6420·7c20·6c65·6e67··lls_found·|·leng
000de6d0:·7468·203d·3d20·300a·2020·7768·656e·3a0a··th·==·0.··when:.000de6d0:·7468·203d·3d20·300a·2020·7768·656e·3a0a··th·==·0.··when:.
000de6e0:·2020·2d20·2722·6175·6469·7422·2069·6e20····-·'"audit"·in· 
000de6f0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa 
000de700:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi 
000de710:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati 
000de720:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[ 
000de730:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc", 
000de740:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm 
000de750:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"000de6e0:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt
 000de6f0:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type·
 000de700:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker"
 000de710:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz
 000de720:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co
 000de730:·6e74·6169·6e65·7222·5d0a·2020·2d20·2722··ntainer"].··-·'"
 000de740:·6175·6469·7422·2069·6e20·616e·7369·626c··audit"·in·ansibl
 000de750:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
000de760:·5d0a·2020·2d20·6175·6469·745f·6172·6368··].··-·audit_arch000de760:·270a·2020·2d20·6175·6469·745f·6172·6368··'.··-·audit_arch
000de770:·203d·3d20·2262·3634·220a·2020·7461·6773···==·"b64".··tags000de770:·203d·3d20·2262·3634·220a·2020·7461·6773···==·"b64".··tags
000de780:·3a0a·2020·2d20·4343·452d·3830·3638·352d··:.··-·CCE-80685-000de780:·3a0a·2020·2d20·4343·452d·3830·3638·352d··:.··-·CCE-80685-
000de790:·310a·2020·2d20·434a·4953·2d35·2e34·2e31··1.··-·CJIS-5.4.1000de790:·310a·2020·2d20·434a·4953·2d35·2e34·2e31··1.··-·CJIS-5.4.1
000de7a0:·2e31·0a20·202d·2044·4953·412d·5354·4947··.1.··-·DISA-STIG000de7a0:·2e31·0a20·202d·2044·4953·412d·5354·4947··.1.··-·DISA-STIG
000de7b0:·2d52·4845·4c2d·3038·2d30·3330·3439·300a··-RHEL-08-030490.000de7b0:·2d52·4845·4c2d·3038·2d30·3330·3439·300a··-RHEL-08-030490.
000de7c0:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-171000de7c0:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-171
000de7d0:·2d33·2e31·2e37·0a20·202d·204e·4953·542d··-3.1.7.··-·NIST-000de7d0:·2d33·2e31·2e37·0a20·202d·204e·4953·542d··-3.1.7.··-·NIST-
Offset 56987, 20 lines modifiedOffset 56987, 20 lines modified
000de9a0:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla000de9a0:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
000de9b0:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id000de9b0:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
000de9c0:·3d22·6964·6d32·3538·3330·223e·3c70·7265··="idm25830"><pre000de9c0:·3d22·6964·6d32·3538·3330·223e·3c70·7265··="idm25830"><pre
000de9d0:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia000de9d0:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia
000de9e0:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab000de9e0:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab
000de9f0:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa000de9f0:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa
000dea00:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·000dea00:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·
000dea10:·7270·6d20·2d2d·7175·6965·7420·2d71·2061··rpm·--quiet·-q·a 
000dea20:·7564·6974·2026·616d·703b·2661·6d70·3b20··udit·&amp;&amp;· 
000dea30:·5b20·2120·2d66·202f·2e64·6f63·6b65·7265··[·!·-f·/.dockere000dea10:·5b20·2120·2d66·202f·2e64·6f63·6b65·7265··[·!·-f·/.dockere
000dea40:·6e76·205d·2026·616d·703b·2661·6d70·3b20··nv·]·&amp;&amp;·000dea20:·6e76·205d·2026·616d·703b·2661·6d70·3b20··nv·]·&amp;&amp;·
000dea50:·5b20·2120·2d66·202f·7275·6e2f·2e63·6f6e··[·!·-f·/run/.con000dea30:·5b20·2120·2d66·202f·7275·6e2f·2e63·6f6e··[·!·-f·/run/.con
000dea60:·7461·696e·6572·656e·7620·5d3b·2074·6865··tainerenv·];·the000dea40:·7461·696e·6572·656e·7620·5d20·2661·6d70··tainerenv·]·&amp
 000dea50:·3b26·616d·703b·2072·706d·202d·2d71·7569··;&amp;·rpm·--qui
 000dea60:·6574·202d·7120·6175·6469·743b·2074·6865··et·-q·audit;·the
000dea70:·6e0a·0a23·2046·6972·7374·2070·6572·666f··n..#·First·perfo000dea70:·6e0a·0a23·2046·6972·7374·2070·6572·666f··n..#·First·perfo
000dea80:·726d·2074·6865·2072·656d·6564·6961·7469··rm·the·remediati000dea80:·726d·2074·6865·2072·656d·6564·6961·7469··rm·the·remediati
000dea90:·6f6e·206f·6620·7468·6520·7379·7363·616c··on·of·the·syscal000dea90:·6f6e·206f·6620·7468·6520·7379·7363·616c··on·of·the·syscal
000deaa0:·6c20·7275·6c65·0a23·2052·6574·7269·6576··l·rule.#·Retriev000deaa0:·6c20·7275·6c65·0a23·2052·6574·7269·6576··l·rule.#·Retriev
Max diff block lines reached; 625208/634722 bytes (98.50%) of diff not shown.
182 KB
html2text {}
    
Offset 48, 15 lines modifiedOffset 48, 15 lines modified
48 ····*·cpe:/o:redhat:enterprise_linux:8.648 ····*·cpe:/o:redhat:enterprise_linux:8.6
49 ····*·cpe:/o:redhat:enterprise_linux:8.749 ····*·cpe:/o:redhat:enterprise_linux:8.7
50 ····*·cpe:/o:redhat:enterprise_linux:8.850 ····*·cpe:/o:redhat:enterprise_linux:8.8
51 ····*·cpe:/o:redhat:enterprise_linux:8.951 ····*·cpe:/o:redhat:enterprise_linux:8.9
52 ····*·cpe:/o:redhat:enterprise_linux:852 ····*·cpe:/o:redhat:enterprise_linux:8
53 *****·Revision·History·*****53 *****·Revision·History·*****
54 Current·version:·0.1.6554 Current·version:·0.1.65
55 ····*·draft·(as·of·2024-01-14)55 ····*·draft·(as·of·2025-02-15)
56 *****·Table·of·Contents·*****56 *****·Table·of·Contents·*****
57 ···1.·System_Settings57 ···1.·System_Settings
58 ·········1.·Installing_and_Maintaining_Software58 ·········1.·Installing_and_Maintaining_Software
59 ·········2.·Account_and_Access_Control59 ·········2.·Account_and_Access_Control
60 ·········3.·System_Accounting_with_auditd60 ·········3.·System_Accounting_with_auditd
61 ·········4.·GRUB2_bootloader_configuration61 ·········4.·GRUB2_bootloader_configuration
62 ·········5.·Configure_Syslog62 ·········5.·Configure_Syslog
Offset 7527, 16 lines modifiedOffset 7527, 16 lines modified
7527 ··-·reboot_required7527 ··-·reboot_required
7528 ··-·restrict_strategy7528 ··-·restrict_strategy
  
7529 -·name:·Set·architecture·for·audit·chmod·tasks7529 -·name:·Set·architecture·for·audit·chmod·tasks
7530 ··set_fact:7530 ··set_fact:
7531 ····audit_arch:·b647531 ····audit_arch:·b64
7532 ··when:7532 ··when:
7533 ··-·'"audit"·in·ansible_facts.packages' 
7534 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]7533 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 7534 ··-·'"audit"·in·ansible_facts.packages'
7535 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture7535 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
7536 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"7536 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
7537 ··tags:7537 ··tags:
7538 ··-·CCE-80685-17538 ··-·CCE-80685-1
7539 ··-·CJIS-5.4.1.17539 ··-·CJIS-5.4.1.1
7540 ··-·DISA-STIG-RHEL-08-0304907540 ··-·DISA-STIG-RHEL-08-030490
7541 ··-·NIST-800-171-3.1.77541 ··-·NIST-800-171-3.1.7
Offset 7674, 16 lines modifiedOffset 7674, 16 lines modified
7674 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10007674 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
7675 ········-F·auid!=unset·-F·key=perm_mod7675 ········-F·auid!=unset·-F·key=perm_mod
7676 ······create:·true7676 ······create:·true
7677 ······mode:·o-rwx7677 ······mode:·o-rwx
7678 ······state:·present7678 ······state:·present
7679 ····when:·syscalls_found·|·length·==·07679 ····when:·syscalls_found·|·length·==·0
7680 ··when:7680 ··when:
7681 ··-·'"audit"·in·ansible_facts.packages' 
7682 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]7681 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 7682 ··-·'"audit"·in·ansible_facts.packages'
7683 ··tags:7683 ··tags:
7684 ··-·CCE-80685-17684 ··-·CCE-80685-1
7685 ··-·CJIS-5.4.1.17685 ··-·CJIS-5.4.1.1
7686 ··-·DISA-STIG-RHEL-08-0304907686 ··-·DISA-STIG-RHEL-08-030490
7687 ··-·NIST-800-171-3.1.77687 ··-·NIST-800-171-3.1.7
7688 ··-·NIST-800-53-AU-12(c)7688 ··-·NIST-800-53-AU-12(c)
7689 ··-·NIST-800-53-AU-2(d)7689 ··-·NIST-800-53-AU-2(d)
Offset 7819, 16 lines modifiedOffset 7819, 16 lines modified
7819 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10007819 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
7820 ········-F·auid!=unset·-F·key=perm_mod7820 ········-F·auid!=unset·-F·key=perm_mod
7821 ······create:·true7821 ······create:·true
7822 ······mode:·o-rwx7822 ······mode:·o-rwx
7823 ······state:·present7823 ······state:·present
7824 ····when:·syscalls_found·|·length·==·07824 ····when:·syscalls_found·|·length·==·0
7825 ··when:7825 ··when:
7826 ··-·'"audit"·in·ansible_facts.packages' 
7827 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]7826 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 7827 ··-·'"audit"·in·ansible_facts.packages'
7828 ··-·audit_arch·==·"b64"7828 ··-·audit_arch·==·"b64"
7829 ··tags:7829 ··tags:
7830 ··-·CCE-80685-17830 ··-·CCE-80685-1
7831 ··-·CJIS-5.4.1.17831 ··-·CJIS-5.4.1.1
7832 ··-·DISA-STIG-RHEL-08-0304907832 ··-·DISA-STIG-RHEL-08-030490
7833 ··-·NIST-800-171-3.1.77833 ··-·NIST-800-171-3.1.7
7834 ··-·NIST-800-53-AU-12(c)7834 ··-·NIST-800-53-AU-12(c)
Offset 7839, 15 lines modifiedOffset 7839, 15 lines modified
7839 ··-·low_complexity7839 ··-·low_complexity
7840 ··-·low_disruption7840 ··-·low_disruption
7841 ··-·medium_severity7841 ··-·medium_severity
7842 ··-·reboot_required7842 ··-·reboot_required
7843 ··-·restrict_strategy7843 ··-·restrict_strategy
7844 Remediation_Shell_script_⇲7844 Remediation_Shell_script_⇲
7845 #·Remediation·is·applicable·only·in·certain·platforms7845 #·Remediation·is·applicable·only·in·certain·platforms
7846 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then7846 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
7847 #·First·perform·the·remediation·of·the·syscall·rule7847 #·First·perform·the·remediation·of·the·syscall·rule
7848 #·Retrieve·hardware·architecture·of·the·underlying·system7848 #·Retrieve·hardware·architecture·of·the·underlying·system
7849 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")7849 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
7850 for·ARCH·in·"${RULE_ARCHS[@]}"7850 for·ARCH·in·"${RULE_ARCHS[@]}"
7851 do7851 do
Offset 8210, 16 lines modifiedOffset 8210, 16 lines modified
8210 ··-·reboot_required8210 ··-·reboot_required
8211 ··-·restrict_strategy8211 ··-·restrict_strategy
  
8212 -·name:·Set·architecture·for·audit·chown·tasks8212 -·name:·Set·architecture·for·audit·chown·tasks
8213 ··set_fact:8213 ··set_fact:
8214 ····audit_arch:·b648214 ····audit_arch:·b64
8215 ··when:8215 ··when:
8216 ··-·'"audit"·in·ansible_facts.packages' 
8217 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8216 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 8217 ··-·'"audit"·in·ansible_facts.packages'
8218 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture8218 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
8219 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"8219 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
8220 ··tags:8220 ··tags:
8221 ··-·CCE-80686-98221 ··-·CCE-80686-9
8222 ··-·CJIS-5.4.1.18222 ··-·CJIS-5.4.1.1
8223 ··-·DISA-STIG-RHEL-08-0304808223 ··-·DISA-STIG-RHEL-08-030480
8224 ··-·NIST-800-171-3.1.78224 ··-·NIST-800-171-3.1.7
Offset 8359, 16 lines modifiedOffset 8359, 16 lines modified
8359 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10008359 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
8360 ········-F·auid!=unset·-F·key=perm_mod8360 ········-F·auid!=unset·-F·key=perm_mod
8361 ······create:·true8361 ······create:·true
8362 ······mode:·o-rwx8362 ······mode:·o-rwx
8363 ······state:·present8363 ······state:·present
8364 ····when:·syscalls_found·|·length·==·08364 ····when:·syscalls_found·|·length·==·0
8365 ··when:8365 ··when:
8366 ··-·'"audit"·in·ansible_facts.packages' 
8367 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8366 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 8367 ··-·'"audit"·in·ansible_facts.packages'
8368 ··tags:8368 ··tags:
8369 ··-·CCE-80686-98369 ··-·CCE-80686-9
8370 ··-·CJIS-5.4.1.18370 ··-·CJIS-5.4.1.1
8371 ··-·DISA-STIG-RHEL-08-0304808371 ··-·DISA-STIG-RHEL-08-030480
8372 ··-·NIST-800-171-3.1.78372 ··-·NIST-800-171-3.1.7
8373 ··-·NIST-800-53-AU-12(c)8373 ··-·NIST-800-53-AU-12(c)
8374 ··-·NIST-800-53-AU-2(d)8374 ··-·NIST-800-53-AU-2(d)
Offset 8506, 16 lines modifiedOffset 8506, 16 lines modified
8506 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10008506 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
8507 ········-F·auid!=unset·-F·key=perm_mod8507 ········-F·auid!=unset·-F·key=perm_mod
8508 ······create:·true8508 ······create:·true
8509 ······mode:·o-rwx8509 ······mode:·o-rwx
8510 ······state:·present8510 ······state:·present
Max diff block lines reached; 181902/186356 bytes (97.61%) of diff not shown.
27.7 KB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-rht-ccp.html
    
Offset 14427, 15 lines modifiedOffset 14427, 15 lines modified
000385a0:·6973·746f·7279·3c2f·6832·3e3c·703e·4375··istory</h2><p>Cu000385a0:·6973·746f·7279·3c2f·6832·3e3c·703e·4375··istory</h2><p>Cu
000385b0:·7272·656e·7420·7665·7273·696f·6e3a·203c··rrent·version:·<000385b0:·7272·656e·7420·7665·7273·696f·6e3a·203c··rrent·version:·<
000385c0:·7374·726f·6e67·3e30·2e31·2e36·353c·2f73··strong>0.1.65</s000385c0:·7374·726f·6e67·3e30·2e31·2e36·353c·2f73··strong>0.1.65</s
000385d0:·7472·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c··trong></p><ul><l000385d0:·7472·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c··trong></p><ul><l
000385e0:·693e·3c73·7472·6f6e·673e·6472·6166·743c··i><strong>draft<000385e0:·693e·3c73·7472·6f6e·673e·6472·6166·743c··i><strong>draft<
000385f0:·2f73·7472·6f6e·673e·0a20·2020·2020·2020··/strong>.·······000385f0:·2f73·7472·6f6e·673e·0a20·2020·2020·2020··/strong>.·······
00038600:·2020·2020·2020·2020·2020·2020·2028·6173···············(as00038600:·2020·2020·2020·2020·2020·2020·2028·6173···············(as
00038610:·206f·6620·3230·3234·2d30·312d·3134·290a···of·2024-01-14).00038610:·206f·6620·3230·3235·2d30·322d·3135·290a···of·2025-02-15).
00038620:·2020·2020·2020·2020·2020·2020·2020·2020··················00038620:·2020·2020·2020·2020·2020·2020·2020·2020··················
00038630:·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469·763e··</li></ul></div>00038630:·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469·763e··</li></ul></div>
00038640:·3c68·323e·5461·626c·6520·6f66·2043·6f6e··<h2>Table·of·Con00038640:·3c68·323e·5461·626c·6520·6f66·2043·6f6e··<h2>Table·of·Con
00038650:·7465·6e74·733c·2f68·323e·3c6f·6c3e·3c6c··tents</h2><ol><l00038650:·7465·6e74·733c·2f68·323e·3c6f·6c3e·3c6c··tents</h2><ol><l
00038660:·693e·3c61·2068·7265·663d·2223·7863·6364··i><a·href="#xccd00038660:·693e·3c61·2068·7265·663d·2223·7863·6364··i><a·href="#xccd
00038670:·665f·6f72·672e·7373·6770·726f·6a65·6374··f_org.ssgproject00038670:·665f·6f72·672e·7373·6770·726f·6a65·6374··f_org.ssgproject
00038680:·2e63·6f6e·7465·6e74·5f67·726f·7570·5f73··.content_group_s00038680:·2e63·6f6e·7465·6e74·5f67·726f·7570·5f73··.content_group_s
Offset 45053, 20 lines modifiedOffset 45053, 20 lines modified
000affc0:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co000affc0:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
000affd0:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"000affd0:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
000affe0:·2069·643d·2269·646d·3235·3636·3522·3e3c···id="idm25665"><000affe0:·2069·643d·2269·646d·3235·3636·3522·3e3c···id="idm25665"><
000afff0:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme000afff0:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme
000b0000:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli000b0000:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli
000b0010:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce000b0010:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce
000b0020:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.000b0020:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.
000b0030:·6966·2072·706d·202d·2d71·7569·6574·202d··if·rpm·--quiet·- 
000b0040:·7120·6175·6469·7420·2661·6d70·3b26·616d··q·audit·&amp;&am 
000b0050:·703b·205b·2021·202d·6620·2f2e·646f·636b··p;·[·!·-f·/.dock000b0030:·6966·205b·2021·202d·6620·2f2e·646f·636b··if·[·!·-f·/.dock
000b0060:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am000b0040:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am
000b0070:·703b·205b·2021·202d·6620·2f72·756e·2f2e··p;·[·!·-f·/run/.000b0050:·703b·205b·2021·202d·6620·2f72·756e·2f2e··p;·[·!·-f·/run/.
000b0080:·636f·6e74·6169·6e65·7265·6e76·205d·3b20··containerenv·];·000b0060:·636f·6e74·6169·6e65·7265·6e76·205d·2026··containerenv·]·&
 000b0070:·616d·703b·2661·6d70·3b20·7270·6d20·2d2d··amp;&amp;·rpm·--
 000b0080:·7175·6965·7420·2d71·2061·7564·6974·3b20··quiet·-q·audit;·
000b0090:·7468·656e·0a0a·6966·204c·435f·414c·4c3d··then..if·LC_ALL=000b0090:·7468·656e·0a0a·6966·204c·435f·414c·4c3d··then..if·LC_ALL=
000b00a0:·4320·6772·6570·202d·6977·205e·6c6f·675f··C·grep·-iw·^log_000b00a0:·4320·6772·6570·202d·6977·205e·6c6f·675f··C·grep·-iw·^log_
000b00b0:·6669·6c65·202f·6574·632f·6175·6469·742f··file·/etc/audit/000b00b0:·6669·6c65·202f·6574·632f·6175·6469·742f··file·/etc/audit/
000b00c0:·6175·6469·7464·2e63·6f6e·663b·2074·6865··auditd.conf;·the000b00c0:·6175·6469·7464·2e63·6f6e·663b·2074·6865··auditd.conf;·the
000b00d0:·6e0a·2020·2020·4649·4c45·3d24·2861·776b··n.····FILE=$(awk000b00d0:·6e0a·2020·2020·4649·4c45·3d24·2861·776b··n.····FILE=$(awk
000b00e0:·202d·4620·223d·2220·272f·5e6c·6f67·5f66···-F·"="·'/^log_f000b00e0:·202d·4620·223d·2220·272f·5e6c·6f67·5f66···-F·"="·'/^log_f
000b00f0:·696c·652f·207b·7072·696e·7420·2432·7d27··ile/·{print·$2}'000b00f0:·696c·652f·207b·7072·696e·7420·2432·7d27··ile/·{print·$2}'
Offset 45735, 22 lines modifiedOffset 45735, 22 lines modified
000b2a60:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc000b2a60:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc
000b2a70:·6520·2f62·6f6f·742f·6772·7562·322f·6772··e·/boot/grub2/gr000b2a70:·6520·2f62·6f6f·742f·6772·7562·322f·6772··e·/boot/grub2/gr
000b2a80:·7562·2e63·6667·0a20·2073·7461·743a·0a20··ub.cfg.··stat:.·000b2a80:·7562·2e63·6667·0a20·2073·7461·743a·0a20··ub.cfg.··stat:.·
000b2a90:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g000b2a90:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g
000b2aa0:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··000b2aa0:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··
000b2ab0:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e000b2ab0:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e
000b2ac0:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··000b2ac0:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··
000b2ad0:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common 
000b2ae0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
000b2af0:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··- 
000b2b00:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no 
000b2b10:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou 
000b2b20:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib 
000b2b30:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l000b2ad0:·2d20·2722·2f62·6f6f·742f·6566·6922·206e··-·'"/boot/efi"·n
 000b2ae0:·6f74·2069·6e20·616e·7369·626c·655f·6d6f··ot·in·ansible_mo
 000b2af0:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri
 000b2b00:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|·
 000b2b10:·6c69·7374·270a·2020·2d20·2722·6772·7562··list'.··-·'"grub
 000b2b20:·322d·636f·6d6d·6f6e·2220·696e·2061·6e73··2-common"·in·ans
 000b2b30:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
000b2b40:·6973·7427·0a20·202d·2061·6e73·6962·6c65··ist'.··-·ansible000b2b40:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible
000b2b50:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_000b2b50:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
000b2b60:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do000b2b60:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
000b2b70:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o000b2b70:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
000b2b80:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"000b2b80:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
000b2b90:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·000b2b90:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
000b2ba0:·2074·6167·733a·0a20·202d·2043·4345·2d38···tags:.··-·CCE-8000b2ba0:·2074·6167·733a·0a20·202d·2043·4345·2d38···tags:.··-·CCE-8
000b2bb0:·3038·3030·2d36·0a20·202d·2043·4a49·532d··0800-6.··-·CJIS-000b2bb0:·3038·3030·2d36·0a20·202d·2043·4a49·532d··0800-6.··-·CJIS-
Offset 45772, 21 lines modifiedOffset 45772, 21 lines modified
000b2cb0:·456e·7375·7265·2067·726f·7570·206f·776e··Ensure·group·own000b2cb0:·456e·7375·7265·2067·726f·7570·206f·776e··Ensure·group·own
000b2cc0:·6572·2030·206f·6e20·2f62·6f6f·742f·6772··er·0·on·/boot/gr000b2cc0:·6572·2030·206f·6e20·2f62·6f6f·742f·6772··er·0·on·/boot/gr
000b2cd0:·7562·322f·6772·7562·2e63·6667·0a20·2066··ub2/grub.cfg.··f000b2cd0:·7562·322f·6772·7562·2e63·6667·0a20·2066··ub2/grub.cfg.··f
000b2ce0:·696c·653a·0a20·2020·2070·6174·683a·202f··ile:.····path:·/000b2ce0:·696c·653a·0a20·2020·2070·6174·683a·202f··ile:.····path:·/
000b2cf0:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.000b2cf0:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
000b2d00:·6366·670a·2020·2020·6772·6f75·703a·2027··cfg.····group:·'000b2d00:·6366·670a·2020·2020·6772·6f75·703a·2027··cfg.····group:·'
000b2d10:·3027·0a20·2077·6865·6e3a·0a20·202d·2027··0'.··when:.··-·'000b2d10:·3027·0a20·2077·6865·6e3a·0a20·202d·2027··0'.··when:.··-·'
000b2d20:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i 
000b2d30:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
000b2d40:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'" 
000b2d50:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i 
000b2d60:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts 
000b2d70:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute 
000b2d80:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list000b2d20:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not·
 000b2d30:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount
 000b2d40:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut
 000b2d50:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis
 000b2d60:·7427·0a20·202d·2027·2267·7275·6232·2d63··t'.··-·'"grub2-c
 000b2d70:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl
 000b2d80:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
000b2d90:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi000b2d90:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
000b2da0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ000b2da0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
000b2db0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke000b2db0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
000b2dc0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open000b2dc0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
000b2dd0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"000b2dd0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
000b2de0:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·000b2de0:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·
000b2df0:·6669·6c65·5f65·7869·7374·732e·7374·6174··file_exists.stat000b2df0:·6669·6c65·5f65·7869·7374·732e·7374·6174··file_exists.stat
Offset 45838, 19 lines modifiedOffset 45838, 19 lines modified
000b30d0:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<000b30d0:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<
000b30e0:·2f74·683e·3c74·643e·636f·6e66·6967·7572··/th><td>configur000b30e0:·2f74·683e·3c74·643e·636f·6e66·6967·7572··/th><td>configur
000b30f0:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab000b30f0:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab
000b3100:·6c65·3e3c·7072·653e·3c63·6f64·653e·2320··le><pre><code>#·000b3100:·6c65·3e3c·7072·653e·3c63·6f64·653e·2320··le><pre><code>#·
000b3110:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a000b3110:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a
000b3120:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i000b3120:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i
000b3130:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo000b3130:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo
000b3140:·726d·730a·6966·2072·706d·202d·2d71·7569··rms.if·rpm·--qui 
000b3150:·6574·202d·7120·6772·7562·322d·636f·6d6d··et·-q·grub2-comm 
000b3160:·6f6e·2026·616d·703b·2661·6d70·3b20·5b20··on·&amp;&amp;·[· 
000b3170:·2120·2d66·202f·7379·732f·6669·726d·7761··!·-f·/sys/firmwa 
000b3180:·7265·2f65·6669·205d·2026·616d·703b·2661··re/efi·]·&amp;&a000b3140:·726d·730a·6966·205b·2021·202d·6620·2f73··rms.if·[·!·-f·/s
 000b3150:·7973·2f66·6972·6d77·6172·652f·6566·6920··ys/firmware/efi·
 000b3160:·5d20·2661·6d70·3b26·616d·703b·2072·706d··]·&amp;&amp;·rpm
 000b3170:·202d·2d71·7569·6574·202d·7120·6772·7562···--quiet·-q·grub
 000b3180:·322d·636f·6d6d·6f6e·2026·616d·703b·2661··2-common·&amp;&a
000b3190:·6d70·3b20·7b20·5b20·2120·2d66·202f·2e64··mp;·{·[·!·-f·/.d000b3190:·6d70·3b20·7b20·5b20·2120·2d66·202f·2e64··mp;·{·[·!·-f·/.d
000b31a0:·6f63·6b65·7265·6e76·205d·2026·616d·703b··ockerenv·]·&amp;000b31a0:·6f63·6b65·7265·6e76·205d·2026·616d·703b··ockerenv·]·&amp;
000b31b0:·2661·6d70·3b20·5b20·2120·2d66·202f·7275··&amp;·[·!·-f·/ru000b31b0:·2661·6d70·3b20·5b20·2120·2d66·202f·7275··&amp;·[·!·-f·/ru
000b31c0:·6e2f·2e63·6f6e·7461·696e·6572·656e·7620··n/.containerenv·000b31c0:·6e2f·2e63·6f6e·7461·696e·6572·656e·7620··n/.containerenv·
000b31d0:·5d3b·207d·3b20·7468·656e·0a0a·6368·6772··];·};·then..chgr000b31d0:·5d3b·207d·3b20·7468·656e·0a0a·6368·6772··];·};·then..chgr
000b31e0:·7020·3020·2f62·6f6f·742f·6772·7562·322f··p·0·/boot/grub2/000b31e0:·7020·3020·2f62·6f6f·742f·6772·7562·322f··p·0·/boot/grub2/
000b31f0:·6772·7562·2e63·6667·0a0a·656c·7365·0a20··grub.cfg..else.·000b31f0:·6772·7562·2e63·6667·0a0a·656c·7365·0a20··grub.cfg..else.·
Offset 46348, 22 lines modifiedOffset 46348, 22 lines modified
000b50b0:·5465·7374·2066·6f72·2065·7869·7374·656e··Test·for·existen000b50b0:·5465·7374·2066·6f72·2065·7869·7374·656e··Test·for·existen
000b50c0:·6365·202f·626f·6f74·2f67·7275·6232·2f67··ce·/boot/grub2/g000b50c0:·6365·202f·626f·6f74·2f67·7275·6232·2f67··ce·/boot/grub2/g
000b50d0:·7275·622e·6366·670a·2020·7374·6174·3a0a··rub.cfg.··stat:.000b50d0:·7275·622e·6366·670a·2020·7374·6174·3a0a··rub.cfg.··stat:.
000b50e0:·2020·2020·7061·7468·3a20·2f62·6f6f·742f······path:·/boot/000b50e0:·2020·2020·7061·7468·3a20·2f62·6f6f·742f······path:·/boot/
000b50f0:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·000b50f0:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·
000b5100:·2072·6567·6973·7465·723a·2066·696c·655f···register:·file_000b5100:·2072·6567·6973·7465·723a·2066·696c·655f···register:·file_
000b5110:·6578·6973·7473·0a20·2077·6865·6e3a·0a20··exists.··when:.·000b5110:·6578·6973·7473·0a20·2077·6865·6e3a·0a20··exists.··when:.·
Max diff block lines reached; 9928/20296 bytes (48.92%) of diff not shown.
7.74 KB
html2text {}
    
Offset 50, 15 lines modifiedOffset 50, 15 lines modified
50 ····*·cpe:/o:redhat:enterprise_linux:8.650 ····*·cpe:/o:redhat:enterprise_linux:8.6
51 ····*·cpe:/o:redhat:enterprise_linux:8.751 ····*·cpe:/o:redhat:enterprise_linux:8.7
52 ····*·cpe:/o:redhat:enterprise_linux:8.852 ····*·cpe:/o:redhat:enterprise_linux:8.8
53 ····*·cpe:/o:redhat:enterprise_linux:8.953 ····*·cpe:/o:redhat:enterprise_linux:8.9
54 ····*·cpe:/o:redhat:enterprise_linux:854 ····*·cpe:/o:redhat:enterprise_linux:8
55 *****·Revision·History·*****55 *****·Revision·History·*****
56 Current·version:·0.1.6556 Current·version:·0.1.65
57 ····*·draft·(as·of·2024-01-14)57 ····*·draft·(as·of·2025-02-15)
58 *****·Table·of·Contents·*****58 *****·Table·of·Contents·*****
59 ···1.·System_Settings59 ···1.·System_Settings
60 ·········1.·Installing_and_Maintaining_Software60 ·········1.·Installing_and_Maintaining_Software
61 ·········2.·Account_and_Access_Control61 ·········2.·Account_and_Access_Control
62 ·········3.·System_Accounting_with_auditd62 ·········3.·System_Accounting_with_auditd
63 ·········4.·GRUB2_bootloader_configuration63 ·········4.·GRUB2_bootloader_configuration
64 ·········5.·Network_Configuration_and_Firewalls64 ·········5.·Network_Configuration_and_Firewalls
Offset 4845, 15 lines modifiedOffset 4845, 15 lines modified
4845 Rationale:·················If·users·can·write·to·audit·logs,·audit·trails·can·be·modified·or·destroyed.4845 Rationale:·················If·users·can·write·to·audit·logs,·audit·trails·can·be·modified·or·destroyed.
4846 Severity: ················medium4846 Severity: ················medium
4847 Rule·ID:···················xccdf_org.ssgproject.content_rule_file_permissions_var_log_audit4847 Rule·ID:···················xccdf_org.ssgproject.content_rule_file_permissions_var_log_audit
4848 Identifiers·and·References·Identifiers: ·CCE-80819-64848 Identifiers·and·References·Identifiers: ·CCE-80819-6
4849 ···························References: ·1,·11,·12,·13,·14,·15,·16,·18,·19,·3,·4,·5,·6,·7,·8,·5.4.1.1,·APO01.06,·APO11.04,·APO12.06,·BAI03.05,·BAI08.02,·DSS02.02,·DSS02.04,·DSS02.07,·DSS03.01,·DSS05.04,·DSS05.07,·DSS06.02,·MEA02.01,·3.3.1,·CCI-000162,·CCI-000163,·CCI-000164,·CCI-001314,·4.2.3.10,·4.3.3.3.9,·4.3.3.5.8,·4.3.3.7.3,·4.3.4.4.7,·4.3.4.5.6,·4.3.4.5.7,·4.3.4.5.8,·4.4.2.1,·4.4.2.2,·4.4.2.4,·SR_2.1,·SR_2.10,·SR_2.11,·SR_2.12,·SR_2.8,·SR_2.9,·SR_5.2,·SR_6.1,·A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.16.1.4,·A.16.1.5,·A.16.1.7,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5,·CIP-003-8_R5.1.1,·CIP-003-8_R5.3,·CIP-004-6_R2.3,·CIP-007-3_R2.1,·CIP-007-3_R2.2,·CIP-007-3_R2.3,·CIP-007-3_R5.1,·CIP-007-3_R5.1.1,·CIP-007-3_R5.1.2,·CM-6(a),·AC-6(1),·AU-9(4),·DE.AE-3,·DE.AE-5,·PR.AC-4,·PR.DS-5,·PR.PT-1,·RS.AN-1,·RS.AN-4,·Req-10.5,·SRG-OS-000057-GPOS-00027,·SRG-OS-000058-GPOS-00028,·SRG-OS-000059-GPOS-00029,·SRG-OS-000206-GPOS-00084,·RHEL-08-030070,·SV-230396r627750_rule4849 ···························References: ·1,·11,·12,·13,·14,·15,·16,·18,·19,·3,·4,·5,·6,·7,·8,·5.4.1.1,·APO01.06,·APO11.04,·APO12.06,·BAI03.05,·BAI08.02,·DSS02.02,·DSS02.04,·DSS02.07,·DSS03.01,·DSS05.04,·DSS05.07,·DSS06.02,·MEA02.01,·3.3.1,·CCI-000162,·CCI-000163,·CCI-000164,·CCI-001314,·4.2.3.10,·4.3.3.3.9,·4.3.3.5.8,·4.3.3.7.3,·4.3.4.4.7,·4.3.4.5.6,·4.3.4.5.7,·4.3.4.5.8,·4.4.2.1,·4.4.2.2,·4.4.2.4,·SR_2.1,·SR_2.10,·SR_2.11,·SR_2.12,·SR_2.8,·SR_2.9,·SR_5.2,·SR_6.1,·A.10.1.1,·A.11.1.4,·A.11.1.5,·A.11.2.1,·A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.7.1,·A.13.1.1,·A.13.1.3,·A.13.2.1,·A.13.2.3,·A.13.2.4,·A.14.1.2,·A.14.1.3,·A.16.1.4,·A.16.1.5,·A.16.1.7,·A.6.1.2,·A.7.1.1,·A.7.1.2,·A.7.3.1,·A.8.2.2,·A.8.2.3,·A.9.1.1,·A.9.1.2,·A.9.2.3,·A.9.4.1,·A.9.4.4,·A.9.4.5,·CIP-003-8_R5.1.1,·CIP-003-8_R5.3,·CIP-004-6_R2.3,·CIP-007-3_R2.1,·CIP-007-3_R2.2,·CIP-007-3_R2.3,·CIP-007-3_R5.1,·CIP-007-3_R5.1.1,·CIP-007-3_R5.1.2,·CM-6(a),·AC-6(1),·AU-9(4),·DE.AE-3,·DE.AE-5,·PR.AC-4,·PR.DS-5,·PR.PT-1,·RS.AN-1,·RS.AN-4,·Req-10.5,·SRG-OS-000057-GPOS-00027,·SRG-OS-000058-GPOS-00028,·SRG-OS-000059-GPOS-00029,·SRG-OS-000206-GPOS-00084,·RHEL-08-030070,·SV-230396r627750_rule
4850 Remediation_Shell_script_⇲4850 Remediation_Shell_script_⇲
4851 #·Remediation·is·applicable·only·in·certain·platforms4851 #·Remediation·is·applicable·only·in·certain·platforms
4852 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then4852 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
4853 if·LC_ALL=C·grep·-iw·^log_file·/etc/audit/auditd.conf;·then4853 if·LC_ALL=C·grep·-iw·^log_file·/etc/audit/auditd.conf;·then
4854 ····FILE=$(awk·-F·"="·'/^log_file/·{print·$2}'·/etc/audit/auditd.conf·|·tr·-d·'·')4854 ····FILE=$(awk·-F·"="·'/^log_file/·{print·$2}'·/etc/audit/auditd.conf·|·tr·-d·'·')
4855 else4855 else
4856 ····FILE="/var/log/audit/audit.log"4856 ····FILE="/var/log/audit/audit.log"
4857 fi4857 fi
  
Offset 4897, 16 lines modifiedOffset 4897, 16 lines modified
4897 ··-·no_reboot_needed4897 ··-·no_reboot_needed
  
4898 -·name:·Test·for·existence·/boot/grub2/grub.cfg4898 -·name:·Test·for·existence·/boot/grub2/grub.cfg
4899 ··stat:4899 ··stat:
4900 ····path:·/boot/grub2/grub.cfg4900 ····path:·/boot/grub2/grub.cfg
4901 ··register:·file_exists4901 ··register:·file_exists
4902 ··when:4902 ··when:
4903 ··-·'"grub2-common"·in·ansible_facts.packages' 
4904 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'4903 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 4904 ··-·'"grub2-common"·in·ansible_facts.packages'
4905 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4905 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4906 ··tags:4906 ··tags:
4907 ··-·CCE-80800-64907 ··-·CCE-80800-6
4908 ··-·CJIS-5.5.2.24908 ··-·CJIS-5.5.2.2
4909 ··-·NIST-800-171-3.4.54909 ··-·NIST-800-171-3.4.5
4910 ··-·NIST-800-53-AC-6(1)4910 ··-·NIST-800-53-AC-6(1)
4911 ··-·NIST-800-53-CM-6(a)4911 ··-·NIST-800-53-CM-6(a)
Offset 4919, 16 lines modifiedOffset 4919, 16 lines modified
4919 ··-·no_reboot_needed4919 ··-·no_reboot_needed
  
4920 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg4920 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
4921 ··file:4921 ··file:
4922 ····path:·/boot/grub2/grub.cfg4922 ····path:·/boot/grub2/grub.cfg
4923 ····group:·'0'4923 ····group:·'0'
4924 ··when:4924 ··when:
4925 ··-·'"grub2-common"·in·ansible_facts.packages' 
4926 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'4925 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 4926 ··-·'"grub2-common"·in·ansible_facts.packages'
4927 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4927 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4928 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists4928 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
4929 ··tags:4929 ··tags:
4930 ··-·CCE-80800-64930 ··-·CCE-80800-6
4931 ··-·CJIS-5.5.2.24931 ··-·CJIS-5.5.2.2
4932 ··-·NIST-800-171-3.4.54932 ··-·NIST-800-171-3.4.5
4933 ··-·NIST-800-53-AC-6(1)4933 ··-·NIST-800-53-AC-6(1)
Offset 4941, 15 lines modifiedOffset 4941, 15 lines modified
4941 ··-·medium_severity4941 ··-·medium_severity
4942 ··-·no_reboot_needed4942 ··-·no_reboot_needed
4943 Remediation_Shell_script_⇲4943 Remediation_Shell_script_⇲
4944 Complexity:·low4944 Complexity:·low
4945 Disruption:·low4945 Disruption:·low
4946 Strategy:···configure4946 Strategy:···configure
4947 #·Remediation·is·applicable·only·in·certain·platforms4947 #·Remediation·is·applicable·only·in·certain·platforms
4948 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then4948 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
4949 chgrp·0·/boot/grub2/grub.cfg4949 chgrp·0·/boot/grub2/grub.cfg
  
4950 else4950 else
4951 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'4951 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
4952 fi4952 fi
4953 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***4953 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 4982, 16 lines modifiedOffset 4982, 16 lines modified
4982 ··-·no_reboot_needed4982 ··-·no_reboot_needed
  
4983 -·name:·Test·for·existence·/boot/grub2/grub.cfg4983 -·name:·Test·for·existence·/boot/grub2/grub.cfg
4984 ··stat:4984 ··stat:
4985 ····path:·/boot/grub2/grub.cfg4985 ····path:·/boot/grub2/grub.cfg
4986 ··register:·file_exists4986 ··register:·file_exists
4987 ··when:4987 ··when:
4988 ··-·'"grub2-common"·in·ansible_facts.packages' 
4989 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'4988 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 4989 ··-·'"grub2-common"·in·ansible_facts.packages'
4990 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4990 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4991 ··tags:4991 ··tags:
4992 ··-·CCE-80805-54992 ··-·CCE-80805-5
4993 ··-·CJIS-5.5.2.24993 ··-·CJIS-5.5.2.2
4994 ··-·NIST-800-171-3.4.54994 ··-·NIST-800-171-3.4.5
4995 ··-·NIST-800-53-AC-6(1)4995 ··-·NIST-800-53-AC-6(1)
4996 ··-·NIST-800-53-CM-6(a)4996 ··-·NIST-800-53-CM-6(a)
Offset 5004, 16 lines modifiedOffset 5004, 16 lines modified
5004 ··-·no_reboot_needed5004 ··-·no_reboot_needed
  
5005 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg5005 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
5006 ··file:5006 ··file:
5007 ····path:·/boot/grub2/grub.cfg5007 ····path:·/boot/grub2/grub.cfg
5008 ····owner:·'0'5008 ····owner:·'0'
5009 ··when:5009 ··when:
5010 ··-·'"grub2-common"·in·ansible_facts.packages' 
5011 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'5010 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 5011 ··-·'"grub2-common"·in·ansible_facts.packages'
5012 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5012 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5013 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists5013 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
5014 ··tags:5014 ··tags:
5015 ··-·CCE-80805-55015 ··-·CCE-80805-5
5016 ··-·CJIS-5.5.2.25016 ··-·CJIS-5.5.2.2
5017 ··-·NIST-800-171-3.4.55017 ··-·NIST-800-171-3.4.5
5018 ··-·NIST-800-53-AC-6(1)5018 ··-·NIST-800-53-AC-6(1)
Offset 5026, 15 lines modifiedOffset 5026, 15 lines modified
5026 ··-·medium_severity5026 ··-·medium_severity
5027 ··-·no_reboot_needed5027 ··-·no_reboot_needed
5028 Remediation_Shell_script_⇲5028 Remediation_Shell_script_⇲
5029 Complexity:·low5029 Complexity:·low
5030 Disruption:·low5030 Disruption:·low
5031 Strategy:···configure5031 Strategy:···configure
5032 #·Remediation·is·applicable·only·in·certain·platforms5032 #·Remediation·is·applicable·only·in·certain·platforms
Max diff block lines reached; 1991/7898 bytes (25.21%) of diff not shown.
401 KB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-standard.html
    
Offset 14426, 15 lines modifiedOffset 14426, 15 lines modified
00038590:·7374·6f72·793c·2f68·323e·3c70·3e43·7572··story</h2><p>Cur00038590:·7374·6f72·793c·2f68·323e·3c70·3e43·7572··story</h2><p>Cur
000385a0:·7265·6e74·2076·6572·7369·6f6e·3a20·3c73··rent·version:·<s000385a0:·7265·6e74·2076·6572·7369·6f6e·3a20·3c73··rent·version:·<s
000385b0:·7472·6f6e·673e·302e·312e·3635·3c2f·7374··trong>0.1.65</st000385b0:·7472·6f6e·673e·302e·312e·3635·3c2f·7374··trong>0.1.65</st
000385c0:·726f·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69··rong></p><ul><li000385c0:·726f·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69··rong></p><ul><li
000385d0:·3e3c·7374·726f·6e67·3e64·7261·6674·3c2f··><strong>draft</000385d0:·3e3c·7374·726f·6e67·3e64·7261·6674·3c2f··><strong>draft</
000385e0:·7374·726f·6e67·3e0a·2020·2020·2020·2020··strong>.········000385e0:·7374·726f·6e67·3e0a·2020·2020·2020·2020··strong>.········
000385f0:·2020·2020·2020·2020·2020·2020·2861·7320··············(as·000385f0:·2020·2020·2020·2020·2020·2020·2861·7320··············(as·
00038600:·6f66·2032·3032·342d·3031·2d31·3429·0a20··of·2024-01-14).·00038600:·6f66·2032·3032·352d·3032·2d31·3529·0a20··of·2025-02-15).·
00038610:·2020·2020·2020·2020·2020·2020·2020·203c·················<00038610:·2020·2020·2020·2020·2020·2020·2020·203c·················<
00038620:·2f6c·693e·3c2f·756c·3e3c·2f64·6976·3e3c··/li></ul></div><00038620:·2f6c·693e·3c2f·756c·3e3c·2f64·6976·3e3c··/li></ul></div><
00038630:·6832·3e54·6162·6c65·206f·6620·436f·6e74··h2>Table·of·Cont00038630:·6832·3e54·6162·6c65·206f·6620·436f·6e74··h2>Table·of·Cont
00038640:·656e·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69··ents</h2><ol><li00038640:·656e·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69··ents</h2><ol><li
00038650:·3e3c·6120·6872·6566·3d22·2378·6363·6466··><a·href="#xccdf00038650:·3e3c·6120·6872·6566·3d22·2378·6363·6466··><a·href="#xccdf
00038660:·5f6f·7267·2e73·7367·7072·6f6a·6563·742e··_org.ssgproject.00038660:·5f6f·7267·2e73·7367·7072·6f6a·6563·742e··_org.ssgproject.
00038670:·636f·6e74·656e·745f·6772·6f75·705f·7379··content_group_sy00038670:·636f·6e74·656e·745f·6772·6f75·705f·7379··content_group_sy
Offset 26946, 23 lines modifiedOffset 26946, 23 lines modified
00069410:·7569·7265·640a·2020·2d20·7265·7374·7269··uired.··-·restri00069410:·7569·7265·640a·2020·2d20·7265·7374·7269··uired.··-·restri
00069420:·6374·5f73·7472·6174·6567·790a·0a2d·206e··ct_strategy..-·n00069420:·6374·5f73·7472·6174·6567·790a·0a2d·206e··ct_strategy..-·n
00069430:·616d·653a·2053·6574·2061·7263·6869·7465··ame:·Set·archite00069430:·616d·653a·2053·6574·2061·7263·6869·7465··ame:·Set·archite
00069440:·6374·7572·6520·666f·7220·6175·6469·7420··cture·for·audit·00069440:·6374·7572·6520·666f·7220·6175·6469·7420··cture·for·audit·
00069450:·6368·6d6f·6420·7461·736b·730a·2020·7365··chmod·tasks.··se00069450:·6368·6d6f·6420·7461·736b·730a·2020·7365··chmod·tasks.··se
00069460:·745f·6661·6374·3a0a·2020·2020·6175·6469··t_fact:.····audi00069460:·745f·6661·6374·3a0a·2020·2020·6175·6469··t_fact:.····audi
00069470:·745f·6172·6368·3a20·6236·340a·2020·7768··t_arch:·b64.··wh00069470:·745f·6172·6368·3a20·6236·340a·2020·7768··t_arch:·b64.··wh
00069480:·656e·3a0a·2020·2d20·2722·6175·6469·7422··en:.··-·'"audit" 
00069490:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
000694a0:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-· 
000694b0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali 
000694c0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not· 
000694d0:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l 
000694e0:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·" 
000694f0:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai00069480:·656e·3a0a·2020·2d20·616e·7369·626c·655f··en:.··-·ansible_
 00069490:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
 000694a0:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
 000694b0:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
 000694c0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
 000694d0:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
 000694e0:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an
 000694f0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
00069500:·6e65·7222·5d0a·2020·2d20·616e·7369·626c··ner"].··-·ansibl00069500:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl
00069510:·655f·6172·6368·6974·6563·7475·7265·203d··e_architecture·=00069510:·655f·6172·6368·6974·6563·7475·7265·203d··e_architecture·=
00069520:·3d20·2261·6172·6368·3634·2220·6f72·2061··=·"aarch64"·or·a00069520:·3d20·2261·6172·6368·3634·2220·6f72·2061··=·"aarch64"·or·a
00069530:·6e73·6962·6c65·5f61·7263·6869·7465·6374··nsible_architect00069530:·6e73·6962·6c65·5f61·7263·6869·7465·6374··nsible_architect
00069540:·7572·6520·3d3d·2022·7070·6336·3422·206f··ure·==·"ppc64"·o00069540:·7572·6520·3d3d·2022·7070·6336·3422·206f··ure·==·"ppc64"·o
00069550:·7220·616e·7369·626c·655f·6172·6368·6974··r·ansible_archit00069550:·7220·616e·7369·626c·655f·6172·6368·6974··r·ansible_archit
00069560:·6563·7475·7265·0a20·2020·203d·3d20·2270··ecture.····==·"p00069560:·6563·7475·7265·0a20·2020·203d·3d20·2270··ecture.····==·"p
00069570:·7063·3634·6c65·2220·6f72·2061·6e73·6962··pc64le"·or·ansib00069570:·7063·3634·6c65·2220·6f72·2061·6e73·6962··pc64le"·or·ansib
Offset 27270, 23 lines modifiedOffset 27270, 23 lines modified
0006a850:·206b·6579·3d70·6572·6d5f·6d6f·640a·2020···key=perm_mod.··0006a850:·206b·6579·3d70·6572·6d5f·6d6f·640a·2020···key=perm_mod.··
0006a860:·2020·2020·6372·6561·7465·3a20·7472·7565······create:·true0006a860:·2020·2020·6372·6561·7465·3a20·7472·7565······create:·true
0006a870:·0a20·2020·2020·206d·6f64·653a·206f·2d72··.······mode:·o-r0006a870:·0a20·2020·2020·206d·6f64·653a·206f·2d72··.······mode:·o-r
0006a880:·7778·0a20·2020·2020·2073·7461·7465·3a20··wx.······state:·0006a880:·7778·0a20·2020·2020·2073·7461·7465·3a20··wx.······state:·
0006a890:·7072·6573·656e·740a·2020·2020·7768·656e··present.····when0006a890:·7072·6573·656e·740a·2020·2020·7768·656e··present.····when
0006a8a0:·3a20·7379·7363·616c·6c73·5f66·6f75·6e64··:·syscalls_found0006a8a0:·3a20·7379·7363·616c·6c73·5f66·6f75·6e64··:·syscalls_found
0006a8b0:·207c·206c·656e·6774·6820·3d3d·2030·0a20···|·length·==·0.·0006a8b0:·207c·206c·656e·6774·6820·3d3d·2030·0a20···|·length·==·0.·
0006a8c0:·2077·6865·6e3a·0a20·202d·2027·2261·7564···when:.··-·'"aud0006a8c0:·2077·6865·6e3a·0a20·202d·2061·6e73·6962···when:.··-·ansib
0006a8d0:·6974·2220·696e·2061·6e73·6962·6c65·5f66··it"·in·ansible_f 
0006a8e0:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.· 
0006a8f0:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu 
0006a900:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n 
0006a910:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker", 
0006a920:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz" 
0006a930:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con 
0006a940:·7461·696e·6572·225d·0a20·2074·6167·733a··tainer"].··tags:0006a8d0:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio
 0006a8e0:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["
 0006a8f0:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·
 0006a900:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma
 0006a910:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]
 0006a920:·0a20·202d·2027·2261·7564·6974·2220·696e··.··-·'"audit"·in
 0006a930:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p
 0006a940:·6163·6b61·6765·7327·0a20·2074·6167·733a··ackages'.··tags:
0006a950:·0a20·202d·2043·4345·2d38·3036·3835·2d31··.··-·CCE-80685-10006a950:·0a20·202d·2043·4345·2d38·3036·3835·2d31··.··-·CCE-80685-1
0006a960:·0a20·202d·2043·4a49·532d·352e·342e·312e··.··-·CJIS-5.4.1.0006a960:·0a20·202d·2043·4a49·532d·352e·342e·312e··.··-·CJIS-5.4.1.
0006a970:·310a·2020·2d20·4449·5341·2d53·5449·472d··1.··-·DISA-STIG-0006a970:·310a·2020·2d20·4449·5341·2d53·5449·472d··1.··-·DISA-STIG-
0006a980:·5248·454c·2d30·382d·3033·3034·3930·0a20··RHEL-08-030490.·0006a980:·5248·454c·2d30·382d·3033·3034·3930·0a20··RHEL-08-030490.·
0006a990:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-0006a990:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-
0006a9a0:·332e·312e·370a·2020·2d20·4e49·5354·2d38··3.1.7.··-·NIST-80006a9a0:·332e·312e·370a·2020·2d20·4e49·5354·2d38··3.1.7.··-·NIST-8
0006a9b0:·3030·2d35·332d·4155·2d31·3228·6329·0a20··00-53-AU-12(c).·0006a9b0:·3030·2d35·332d·4155·2d31·3228·6329·0a20··00-53-AU-12(c).·
Offset 27583, 23 lines modifiedOffset 27583, 23 lines modified
0006bbe0:·6572·6d5f·6d6f·640a·2020·2020·2020·6372··erm_mod.······cr0006bbe0:·6572·6d5f·6d6f·640a·2020·2020·2020·6372··erm_mod.······cr
0006bbf0:·6561·7465·3a20·7472·7565·0a20·2020·2020··eate:·true.·····0006bbf0:·6561·7465·3a20·7472·7565·0a20·2020·2020··eate:·true.·····
0006bc00:·206d·6f64·653a·206f·2d72·7778·0a20·2020···mode:·o-rwx.···0006bc00:·206d·6f64·653a·206f·2d72·7778·0a20·2020···mode:·o-rwx.···
0006bc10:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen0006bc10:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen
0006bc20:·740a·2020·2020·7768·656e·3a20·7379·7363··t.····when:·sysc0006bc20:·740a·2020·2020·7768·656e·3a20·7379·7363··t.····when:·sysc
0006bc30:·616c·6c73·5f66·6f75·6e64·207c·206c·656e··alls_found·|·len0006bc30:·616c·6c73·5f66·6f75·6e64·207c·206c·656e··alls_found·|·len
0006bc40:·6774·6820·3d3d·2030·0a20·2077·6865·6e3a··gth·==·0.··when:0006bc40:·6774·6820·3d3d·2030·0a20·2077·6865·6e3a··gth·==·0.··when:
0006bc50:·0a20·202d·2027·2261·7564·6974·2220·696e··.··-·'"audit"·in 
0006bc60:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
0006bc70:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans 
0006bc80:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat 
0006bc90:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in· 
0006bca0:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc" 
0006bcb0:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod 
0006bcc0:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container0006bc50:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
 0006bc60:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
 0006bc70:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
 0006bc80:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
 0006bc90:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
 0006bca0:·6f6e·7461·696e·6572·225d·0a20·202d·2027··ontainer"].··-·'
 0006bcb0:·2261·7564·6974·2220·696e·2061·6e73·6962··"audit"·in·ansib
 0006bcc0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
0006bcd0:·225d·0a20·202d·2061·7564·6974·5f61·7263··"].··-·audit_arc0006bcd0:·7327·0a20·202d·2061·7564·6974·5f61·7263··s'.··-·audit_arc
0006bce0:·6820·3d3d·2022·6236·3422·0a20·2074·6167··h·==·"b64".··tag0006bce0:·6820·3d3d·2022·6236·3422·0a20·2074·6167··h·==·"b64".··tag
0006bcf0:·733a·0a20·202d·2043·4345·2d38·3036·3835··s:.··-·CCE-806850006bcf0:·733a·0a20·202d·2043·4345·2d38·3036·3835··s:.··-·CCE-80685
0006bd00:·2d31·0a20·202d·2043·4a49·532d·352e·342e··-1.··-·CJIS-5.4.0006bd00:·2d31·0a20·202d·2043·4a49·532d·352e·342e··-1.··-·CJIS-5.4.
0006bd10:·312e·310a·2020·2d20·4449·5341·2d53·5449··1.1.··-·DISA-STI0006bd10:·312e·310a·2020·2d20·4449·5341·2d53·5449··1.1.··-·DISA-STI
0006bd20:·472d·5248·454c·2d30·382d·3033·3034·3930··G-RHEL-08-0304900006bd20:·472d·5248·454c·2d30·382d·3033·3034·3930··G-RHEL-08-030490
0006bd30:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-170006bd30:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17
0006bd40:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST0006bd40:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST
Offset 27634, 20 lines modifiedOffset 27634, 20 lines modified
0006bf10:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll0006bf10:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
0006bf20:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i0006bf20:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i
0006bf30:·643d·2269·646d·3235·3833·3022·3e3c·7072··d="idm25830"><pr0006bf30:·643d·2269·646d·3235·3833·3022·3e3c·7072··d="idm25830"><pr
0006bf40:·653e·3c63·6f64·653e·2320·5265·6d65·6469··e><code>#·Remedi0006bf40:·653e·3c63·6f64·653e·2320·5265·6d65·6469··e><code>#·Remedi
0006bf50:·6174·696f·6e20·6973·2061·7070·6c69·6361··ation·is·applica0006bf50:·6174·696f·6e20·6973·2061·7070·6c69·6361··ation·is·applica
0006bf60:·626c·6520·6f6e·6c79·2069·6e20·6365·7274··ble·only·in·cert0006bf60:·626c·6520·6f6e·6c79·2069·6e20·6365·7274··ble·only·in·cert
0006bf70:·6169·6e20·706c·6174·666f·726d·730a·6966··ain·platforms.if0006bf70:·6169·6e20·706c·6174·666f·726d·730a·6966··ain·platforms.if
0006bf80:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q· 
0006bf90:·6175·6469·7420·2661·6d70·3b26·616d·703b··audit·&amp;&amp; 
0006bfa0:·205b·2021·202d·6620·2f2e·646f·636b·6572···[·!·-f·/.docker0006bf80:·205b·2021·202d·6620·2f2e·646f·636b·6572···[·!·-f·/.docker
0006bfb0:·656e·7620·5d20·2661·6d70·3b26·616d·703b··env·]·&amp;&amp;0006bf90:·656e·7620·5d20·2661·6d70·3b26·616d·703b··env·]·&amp;&amp;
0006bfc0:·205b·2021·202d·6620·2f72·756e·2f2e·636f···[·!·-f·/run/.co0006bfa0:·205b·2021·202d·6620·2f72·756e·2f2e·636f···[·!·-f·/run/.co
0006bfd0:·6e74·6169·6e65·7265·6e76·205d·3b20·7468··ntainerenv·];·th0006bfb0:·6e74·6169·6e65·7265·6e76·205d·2026·616d··ntainerenv·]·&am
 0006bfc0:·703b·2661·6d70·3b20·7270·6d20·2d2d·7175··p;&amp;·rpm·--qu
 0006bfd0:·6965·7420·2d71·2061·7564·6974·3b20·7468··iet·-q·audit;·th
0006bfe0:·656e·0a0a·2320·4669·7273·7420·7065·7266··en..#·First·perf0006bfe0:·656e·0a0a·2320·4669·7273·7420·7065·7266··en..#·First·perf
0006bff0:·6f72·6d20·7468·6520·7265·6d65·6469·6174··orm·the·remediat0006bff0:·6f72·6d20·7468·6520·7265·6d65·6469·6174··orm·the·remediat
0006c000:·696f·6e20·6f66·2074·6865·2073·7973·6361··ion·of·the·sysca0006c000:·696f·6e20·6f66·2074·6865·2073·7973·6361··ion·of·the·sysca
Max diff block lines reached; 305776/315221 bytes (97.00%) of diff not shown.
92.9 KB
html2text {}
    
Offset 50, 15 lines modifiedOffset 50, 15 lines modified
50 ····*·cpe:/o:redhat:enterprise_linux:8.650 ····*·cpe:/o:redhat:enterprise_linux:8.6
51 ····*·cpe:/o:redhat:enterprise_linux:8.751 ····*·cpe:/o:redhat:enterprise_linux:8.7
52 ····*·cpe:/o:redhat:enterprise_linux:8.852 ····*·cpe:/o:redhat:enterprise_linux:8.8
53 ····*·cpe:/o:redhat:enterprise_linux:8.953 ····*·cpe:/o:redhat:enterprise_linux:8.9
54 ····*·cpe:/o:redhat:enterprise_linux:854 ····*·cpe:/o:redhat:enterprise_linux:8
55 *****·Revision·History·*****55 *****·Revision·History·*****
56 Current·version:·0.1.6556 Current·version:·0.1.65
57 ····*·draft·(as·of·2024-01-14)57 ····*·draft·(as·of·2025-02-15)
58 *****·Table·of·Contents·*****58 *****·Table·of·Contents·*****
59 ···1.·System_Settings59 ···1.·System_Settings
60 ·········1.·Installing_and_Maintaining_Software60 ·········1.·Installing_and_Maintaining_Software
61 ·········2.·Account_and_Access_Control61 ·········2.·Account_and_Access_Control
62 ·········3.·System_Accounting_with_auditd62 ·········3.·System_Accounting_with_auditd
63 ·········4.·Configure_Syslog63 ·········4.·Configure_Syslog
64 ·········5.·File_Permissions_and_Masks64 ·········5.·File_Permissions_and_Masks
Offset 1484, 16 lines modifiedOffset 1484, 16 lines modified
1484 ··-·reboot_required1484 ··-·reboot_required
1485 ··-·restrict_strategy1485 ··-·restrict_strategy
  
1486 -·name:·Set·architecture·for·audit·chmod·tasks1486 -·name:·Set·architecture·for·audit·chmod·tasks
1487 ··set_fact:1487 ··set_fact:
1488 ····audit_arch:·b641488 ····audit_arch:·b64
1489 ··when:1489 ··when:
1490 ··-·'"audit"·in·ansible_facts.packages' 
1491 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1490 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1491 ··-·'"audit"·in·ansible_facts.packages'
1492 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture1492 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
1493 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"1493 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
1494 ··tags:1494 ··tags:
1495 ··-·CCE-80685-11495 ··-·CCE-80685-1
1496 ··-·CJIS-5.4.1.11496 ··-·CJIS-5.4.1.1
1497 ··-·DISA-STIG-RHEL-08-0304901497 ··-·DISA-STIG-RHEL-08-030490
1498 ··-·NIST-800-171-3.1.71498 ··-·NIST-800-171-3.1.7
Offset 1631, 16 lines modifiedOffset 1631, 16 lines modified
1631 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10001631 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
1632 ········-F·auid!=unset·-F·key=perm_mod1632 ········-F·auid!=unset·-F·key=perm_mod
1633 ······create:·true1633 ······create:·true
1634 ······mode:·o-rwx1634 ······mode:·o-rwx
1635 ······state:·present1635 ······state:·present
1636 ····when:·syscalls_found·|·length·==·01636 ····when:·syscalls_found·|·length·==·0
1637 ··when:1637 ··when:
1638 ··-·'"audit"·in·ansible_facts.packages' 
1639 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1638 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1639 ··-·'"audit"·in·ansible_facts.packages'
1640 ··tags:1640 ··tags:
1641 ··-·CCE-80685-11641 ··-·CCE-80685-1
1642 ··-·CJIS-5.4.1.11642 ··-·CJIS-5.4.1.1
1643 ··-·DISA-STIG-RHEL-08-0304901643 ··-·DISA-STIG-RHEL-08-030490
1644 ··-·NIST-800-171-3.1.71644 ··-·NIST-800-171-3.1.7
1645 ··-·NIST-800-53-AU-12(c)1645 ··-·NIST-800-53-AU-12(c)
1646 ··-·NIST-800-53-AU-2(d)1646 ··-·NIST-800-53-AU-2(d)
Offset 1776, 16 lines modifiedOffset 1776, 16 lines modified
1776 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10001776 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
1777 ········-F·auid!=unset·-F·key=perm_mod1777 ········-F·auid!=unset·-F·key=perm_mod
1778 ······create:·true1778 ······create:·true
1779 ······mode:·o-rwx1779 ······mode:·o-rwx
1780 ······state:·present1780 ······state:·present
1781 ····when:·syscalls_found·|·length·==·01781 ····when:·syscalls_found·|·length·==·0
1782 ··when:1782 ··when:
1783 ··-·'"audit"·in·ansible_facts.packages' 
1784 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1783 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1784 ··-·'"audit"·in·ansible_facts.packages'
1785 ··-·audit_arch·==·"b64"1785 ··-·audit_arch·==·"b64"
1786 ··tags:1786 ··tags:
1787 ··-·CCE-80685-11787 ··-·CCE-80685-1
1788 ··-·CJIS-5.4.1.11788 ··-·CJIS-5.4.1.1
1789 ··-·DISA-STIG-RHEL-08-0304901789 ··-·DISA-STIG-RHEL-08-030490
1790 ··-·NIST-800-171-3.1.71790 ··-·NIST-800-171-3.1.7
1791 ··-·NIST-800-53-AU-12(c)1791 ··-·NIST-800-53-AU-12(c)
Offset 1796, 15 lines modifiedOffset 1796, 15 lines modified
1796 ··-·low_complexity1796 ··-·low_complexity
1797 ··-·low_disruption1797 ··-·low_disruption
1798 ··-·medium_severity1798 ··-·medium_severity
1799 ··-·reboot_required1799 ··-·reboot_required
1800 ··-·restrict_strategy1800 ··-·restrict_strategy
1801 Remediation_Shell_script_⇲1801 Remediation_Shell_script_⇲
1802 #·Remediation·is·applicable·only·in·certain·platforms1802 #·Remediation·is·applicable·only·in·certain·platforms
1803 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then1803 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
1804 #·First·perform·the·remediation·of·the·syscall·rule1804 #·First·perform·the·remediation·of·the·syscall·rule
1805 #·Retrieve·hardware·architecture·of·the·underlying·system1805 #·Retrieve·hardware·architecture·of·the·underlying·system
1806 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")1806 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
1807 for·ARCH·in·"${RULE_ARCHS[@]}"1807 for·ARCH·in·"${RULE_ARCHS[@]}"
1808 do1808 do
Offset 2167, 16 lines modifiedOffset 2167, 16 lines modified
2167 ··-·reboot_required2167 ··-·reboot_required
2168 ··-·restrict_strategy2168 ··-·restrict_strategy
  
2169 -·name:·Set·architecture·for·audit·chown·tasks2169 -·name:·Set·architecture·for·audit·chown·tasks
2170 ··set_fact:2170 ··set_fact:
2171 ····audit_arch:·b642171 ····audit_arch:·b64
2172 ··when:2172 ··when:
2173 ··-·'"audit"·in·ansible_facts.packages' 
2174 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2173 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 2174 ··-·'"audit"·in·ansible_facts.packages'
2175 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture2175 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
2176 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"2176 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
2177 ··tags:2177 ··tags:
2178 ··-·CCE-80686-92178 ··-·CCE-80686-9
2179 ··-·CJIS-5.4.1.12179 ··-·CJIS-5.4.1.1
2180 ··-·DISA-STIG-RHEL-08-0304802180 ··-·DISA-STIG-RHEL-08-030480
2181 ··-·NIST-800-171-3.1.72181 ··-·NIST-800-171-3.1.7
Offset 2316, 16 lines modifiedOffset 2316, 16 lines modified
2316 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002316 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2317 ········-F·auid!=unset·-F·key=perm_mod2317 ········-F·auid!=unset·-F·key=perm_mod
2318 ······create:·true2318 ······create:·true
2319 ······mode:·o-rwx2319 ······mode:·o-rwx
2320 ······state:·present2320 ······state:·present
2321 ····when:·syscalls_found·|·length·==·02321 ····when:·syscalls_found·|·length·==·0
2322 ··when:2322 ··when:
2323 ··-·'"audit"·in·ansible_facts.packages' 
2324 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2323 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 2324 ··-·'"audit"·in·ansible_facts.packages'
2325 ··tags:2325 ··tags:
2326 ··-·CCE-80686-92326 ··-·CCE-80686-9
2327 ··-·CJIS-5.4.1.12327 ··-·CJIS-5.4.1.1
2328 ··-·DISA-STIG-RHEL-08-0304802328 ··-·DISA-STIG-RHEL-08-030480
2329 ··-·NIST-800-171-3.1.72329 ··-·NIST-800-171-3.1.7
2330 ··-·NIST-800-53-AU-12(c)2330 ··-·NIST-800-53-AU-12(c)
2331 ··-·NIST-800-53-AU-2(d)2331 ··-·NIST-800-53-AU-2(d)
Offset 2463, 16 lines modifiedOffset 2463, 16 lines modified
2463 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002463 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2464 ········-F·auid!=unset·-F·key=perm_mod2464 ········-F·auid!=unset·-F·key=perm_mod
2465 ······create:·true2465 ······create:·true
2466 ······mode:·o-rwx2466 ······mode:·o-rwx
2467 ······state:·present2467 ······state:·present
Max diff block lines reached; 90684/95134 bytes (95.32%) of diff not shown.
744 KB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-stig.html
    
Offset 14445, 16 lines modifiedOffset 14445, 16 lines modified
000386c0:·7669·7369·6f6e·2048·6973·746f·7279·3c2f··vision·History</000386c0:·7669·7369·6f6e·2048·6973·746f·7279·3c2f··vision·History</
000386d0:·6832·3e3c·703e·4375·7272·656e·7420·7665··h2><p>Current·ve000386d0:·6832·3e3c·703e·4375·7272·656e·7420·7665··h2><p>Current·ve
000386e0:·7273·696f·6e3a·203c·7374·726f·6e67·3e30··rsion:·<strong>0000386e0:·7273·696f·6e3a·203c·7374·726f·6e67·3e30··rsion:·<strong>0
000386f0:·2e31·2e36·353c·2f73·7472·6f6e·673e·3c2f··.1.65</strong></000386f0:·2e31·2e36·353c·2f73·7472·6f6e·673e·3c2f··.1.65</strong></
00038700:·703e·3c75·6c3e·3c6c·693e·3c73·7472·6f6e··p><ul><li><stron00038700:·703e·3c75·6c3e·3c6c·693e·3c73·7472·6f6e··p><ul><li><stron
00038710:·673e·6472·6166·743c·2f73·7472·6f6e·673e··g>draft</strong>00038710:·673e·6472·6166·743c·2f73·7472·6f6e·673e··g>draft</strong>
00038720:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············00038720:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············
00038730:·2020·2020·2028·6173·206f·6620·3230·3234·······(as·of·202400038730:·2020·2020·2028·6173·206f·6620·3230·3235·······(as·of·2025
00038740:·2d30·312d·3134·290a·2020·2020·2020·2020··-01-14).········00038740:·2d30·322d·3135·290a·2020·2020·2020·2020··-02-15).········
00038750:·2020·2020·2020·2020·3c2f·6c69·3e3c·2f75··········</li></u00038750:·2020·2020·2020·2020·3c2f·6c69·3e3c·2f75··········</li></u
00038760:·6c3e·3c2f·6469·763e·3c68·323e·5461·626c··l></div><h2>Tabl00038760:·6c3e·3c2f·6469·763e·3c68·323e·5461·626c··l></div><h2>Tabl
00038770:·6520·6f66·2043·6f6e·7465·6e74·733c·2f68··e·of·Contents</h00038770:·6520·6f66·2043·6f6e·7465·6e74·733c·2f68··e·of·Contents</h
00038780:·323e·3c6f·6c3e·3c6c·693e·3c61·2068·7265··2><ol><li><a·hre00038780:·323e·3c6f·6c3e·3c6c·693e·3c61·2068·7265··2><ol><li><a·hre
00038790:·663d·2223·7863·6364·665f·6f72·672e·7373··f="#xccdf_org.ss00038790:·663d·2223·7863·6364·665f·6f72·672e·7373··f="#xccdf_org.ss
000387a0:·6770·726f·6a65·6374·2e63·6f6e·7465·6e74··gproject.content000387a0:·6770·726f·6a65·6374·2e63·6f6e·7465·6e74··gproject.content
000387b0:·5f67·726f·7570·5f73·7973·7465·6d22·3e53··_group_system">S000387b0:·5f67·726f·7570·5f73·7973·7465·6d22·3e53··_group_system">S
Offset 108531, 23 lines modifiedOffset 108531, 23 lines modified
001a7f20:·745f·7265·7175·6972·6564·0a20·202d·2072··t_required.··-·r001a7f20:·745f·7265·7175·6972·6564·0a20·202d·2072··t_required.··-·r
001a7f30:·6573·7472·6963·745f·7374·7261·7465·6779··estrict_strategy001a7f30:·6573·7472·6963·745f·7374·7261·7465·6779··estrict_strategy
001a7f40:·0a0a·2d20·6e61·6d65·3a20·5365·7420·6172··..-·name:·Set·ar001a7f40:·0a0a·2d20·6e61·6d65·3a20·5365·7420·6172··..-·name:·Set·ar
001a7f50:·6368·6974·6563·7475·7265·2066·6f72·2061··chitecture·for·a001a7f50:·6368·6974·6563·7475·7265·2066·6f72·2061··chitecture·for·a
001a7f60:·7564·6974·2063·686d·6f64·2074·6173·6b73··udit·chmod·tasks001a7f60:·7564·6974·2063·686d·6f64·2074·6173·6b73··udit·chmod·tasks
001a7f70:·0a20·2073·6574·5f66·6163·743a·0a20·2020··.··set_fact:.···001a7f70:·0a20·2073·6574·5f66·6163·743a·0a20·2020··.··set_fact:.···
001a7f80:·2061·7564·6974·5f61·7263·683a·2062·3634···audit_arch:·b64001a7f80:·2061·7564·6974·5f61·7263·683a·2062·3634···audit_arch:·b64
001a7f90:·0a20·2077·6865·6e3a·0a20·202d·2027·2261··.··when:.··-·'"a001a7f90:·0a20·2077·6865·6e3a·0a20·202d·2061·6e73··.··when:.··-·ans
001a7fa0:·7564·6974·2220·696e·2061·6e73·6962·6c65··udit"·in·ansible 
001a7fb0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages' 
001a7fc0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir 
001a7fd0:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type 
001a7fe0:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker 
001a7ff0:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv 
001a8000:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c 
001a8010:·6f6e·7461·696e·6572·225d·0a20·202d·2061··ontainer"].··-·a001a7fa0:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
 001a7fb0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
 001a7fc0:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
 001a7fd0:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
 001a7fe0:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
 001a7ff0:·225d·0a20·202d·2027·2261·7564·6974·2220··"].··-·'"audit"·
 001a8000:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 001a8010:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a
001a8020:·6e73·6962·6c65·5f61·7263·6869·7465·6374··nsible_architect001a8020:·6e73·6962·6c65·5f61·7263·6869·7465·6374··nsible_architect
001a8030:·7572·6520·3d3d·2022·6161·7263·6836·3422··ure·==·"aarch64"001a8030:·7572·6520·3d3d·2022·6161·7263·6836·3422··ure·==·"aarch64"
001a8040:·206f·7220·616e·7369·626c·655f·6172·6368···or·ansible_arch001a8040:·206f·7220·616e·7369·626c·655f·6172·6368···or·ansible_arch
001a8050:·6974·6563·7475·7265·203d·3d20·2270·7063··itecture·==·"ppc001a8050:·6974·6563·7475·7265·203d·3d20·2270·7063··itecture·==·"ppc
001a8060:·3634·2220·6f72·2061·6e73·6962·6c65·5f61··64"·or·ansible_a001a8060:·3634·2220·6f72·2061·6e73·6962·6c65·5f61··64"·or·ansible_a
001a8070:·7263·6869·7465·6374·7572·650a·2020·2020··rchitecture.····001a8070:·7263·6869·7465·6374·7572·650a·2020·2020··rchitecture.····
001a8080:·3d3d·2022·7070·6336·346c·6522·206f·7220··==·"ppc64le"·or·001a8080:·3d3d·2022·7070·6336·346c·6522·206f·7220··==·"ppc64le"·or·
Offset 108856, 22 lines modifiedOffset 108856, 22 lines modified
001a9370:·6f64·0a20·2020·2020·2063·7265·6174·653a··od.······create:001a9370:·6f64·0a20·2020·2020·2063·7265·6174·653a··od.······create:
001a9380:·2074·7275·650a·2020·2020·2020·6d6f·6465···true.······mode001a9380:·2074·7275·650a·2020·2020·2020·6d6f·6465···true.······mode
001a9390:·3a20·6f2d·7277·780a·2020·2020·2020·7374··:·o-rwx.······st001a9390:·3a20·6f2d·7277·780a·2020·2020·2020·7374··:·o-rwx.······st
001a93a0:·6174·653a·2070·7265·7365·6e74·0a20·2020··ate:·present.···001a93a0:·6174·653a·2070·7265·7365·6e74·0a20·2020··ate:·present.···
001a93b0:·2077·6865·6e3a·2073·7973·6361·6c6c·735f···when:·syscalls_001a93b0:·2077·6865·6e3a·2073·7973·6361·6c6c·735f···when:·syscalls_
001a93c0:·666f·756e·6420·7c20·6c65·6e67·7468·203d··found·|·length·=001a93c0:·666f·756e·6420·7c20·6c65·6e67·7468·203d··found·|·length·=
001a93d0:·3d20·300a·2020·7768·656e·3a0a·2020·2d20··=·0.··when:.··-·001a93d0:·3d20·300a·2020·7768·656e·3a0a·2020·2d20··=·0.··when:.··-·
001a93e0:·2722·6175·6469·7422·2069·6e20·616e·7369··'"audit"·in·ansi 
001a93f0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag 
001a9400:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_ 
001a9410:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t 
001a9420:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc 
001a9430:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op 
001a9440:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman", 
001a9450:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··001a93e0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
 001a93f0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
 001a9400:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
 001a9410:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
 001a9420:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
 001a9430:·6e65·7222·5d0a·2020·2d20·2722·6175·6469··ner"].··-·'"audi
 001a9440:·7422·2069·6e20·616e·7369·626c·655f·6661··t"·in·ansible_fa
 001a9450:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
001a9460:·7461·6773·3a0a·2020·2d20·4343·452d·3830··tags:.··-·CCE-80001a9460:·7461·6773·3a0a·2020·2d20·4343·452d·3830··tags:.··-·CCE-80
001a9470:·3638·352d·310a·2020·2d20·434a·4953·2d35··685-1.··-·CJIS-5001a9470:·3638·352d·310a·2020·2d20·434a·4953·2d35··685-1.··-·CJIS-5
001a9480:·2e34·2e31·2e31·0a20·202d·2044·4953·412d··.4.1.1.··-·DISA-001a9480:·2e34·2e31·2e31·0a20·202d·2044·4953·412d··.4.1.1.··-·DISA-
001a9490:·5354·4947·2d52·4845·4c2d·3038·2d30·3330··STIG-RHEL-08-030001a9490:·5354·4947·2d52·4845·4c2d·3038·2d30·3330··STIG-RHEL-08-030
001a94a0:·3439·300a·2020·2d20·4e49·5354·2d38·3030··490.··-·NIST-800001a94a0:·3439·300a·2020·2d20·4e49·5354·2d38·3030··490.··-·NIST-800
001a94b0:·2d31·3731·2d33·2e31·2e37·0a20·202d·204e··-171-3.1.7.··-·N001a94b0:·2d31·3731·2d33·2e31·2e37·0a20·202d·204e··-171-3.1.7.··-·N
001a94c0:·4953·542d·3830·302d·3533·2d41·552d·3132··IST-800-53-AU-12001a94c0:·4953·542d·3830·302d·3533·2d41·552d·3132··IST-800-53-AU-12
Offset 109168, 23 lines modifiedOffset 109168, 23 lines modified
001aa6f0:·6b65·793d·7065·726d·5f6d·6f64·0a20·2020··key=perm_mod.···001aa6f0:·6b65·793d·7065·726d·5f6d·6f64·0a20·2020··key=perm_mod.···
001aa700:·2020·2063·7265·6174·653a·2074·7275·650a·····create:·true.001aa700:·2020·2063·7265·6174·653a·2074·7275·650a·····create:·true.
001aa710:·2020·2020·2020·6d6f·6465·3a20·6f2d·7277········mode:·o-rw001aa710:·2020·2020·2020·6d6f·6465·3a20·6f2d·7277········mode:·o-rw
001aa720:·780a·2020·2020·2020·7374·6174·653a·2070··x.······state:·p001aa720:·780a·2020·2020·2020·7374·6174·653a·2070··x.······state:·p
001aa730:·7265·7365·6e74·0a20·2020·2077·6865·6e3a··resent.····when:001aa730:·7265·7365·6e74·0a20·2020·2077·6865·6e3a··resent.····when:
001aa740:·2073·7973·6361·6c6c·735f·666f·756e·6420···syscalls_found·001aa740:·2073·7973·6361·6c6c·735f·666f·756e·6420···syscalls_found·
001aa750:·7c20·6c65·6e67·7468·203d·3d20·300a·2020··|·length·==·0.··001aa750:·7c20·6c65·6e67·7468·203d·3d20·300a·2020··|·length·==·0.··
001aa760:·7768·656e·3a0a·2020·2d20·2722·6175·6469··when:.··-·'"audi001aa760:·7768·656e·3a0a·2020·2d20·616e·7369·626c··when:.··-·ansibl
001aa770:·7422·2069·6e20·616e·7369·626c·655f·6661··t"·in·ansible_fa 
001aa780:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.·· 
001aa790:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua 
001aa7a0:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no 
001aa7b0:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",· 
001aa7c0:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz", 
001aa7d0:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont001aa770:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
 001aa780:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
 001aa790:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
 001aa7a0:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
 001aa7b0:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].
 001aa7c0:·2020·2d20·2722·6175·6469·7422·2069·6e20····-·'"audit"·in·
 001aa7d0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
001aa7e0:·6169·6e65·7222·5d0a·2020·2d20·6175·6469··ainer"].··-·audi001aa7e0:·636b·6167·6573·270a·2020·2d20·6175·6469··ckages'.··-·audi
001aa7f0:·745f·6172·6368·203d·3d20·2262·3634·220a··t_arch·==·"b64".001aa7f0:·745f·6172·6368·203d·3d20·2262·3634·220a··t_arch·==·"b64".
001aa800:·2020·7461·6773·3a0a·2020·2d20·4343·452d····tags:.··-·CCE-001aa800:·2020·7461·6773·3a0a·2020·2d20·4343·452d····tags:.··-·CCE-
001aa810:·3830·3638·352d·310a·2020·2d20·434a·4953··80685-1.··-·CJIS001aa810:·3830·3638·352d·310a·2020·2d20·434a·4953··80685-1.··-·CJIS
001aa820:·2d35·2e34·2e31·2e31·0a20·202d·2044·4953··-5.4.1.1.··-·DIS001aa820:·2d35·2e34·2e31·2e31·0a20·202d·2044·4953··-5.4.1.1.··-·DIS
001aa830:·412d·5354·4947·2d52·4845·4c2d·3038·2d30··A-STIG-RHEL-08-0001aa830:·412d·5354·4947·2d52·4845·4c2d·3038·2d30··A-STIG-RHEL-08-0
001aa840:·3330·3439·300a·2020·2d20·4e49·5354·2d38··30490.··-·NIST-8001aa840:·3330·3439·300a·2020·2d20·4e49·5354·2d38··30490.··-·NIST-8
001aa850:·3030·2d31·3731·2d33·2e31·2e37·0a20·202d··00-171-3.1.7.··-001aa850:·3030·2d31·3731·2d33·2e31·2e37·0a20·202d··00-171-3.1.7.··-
Offset 109219, 21 lines modifiedOffset 109219, 21 lines modified
001aaa20:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel001aaa20:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel
001aaa30:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap001aaa30:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap
001aaa40:·7365·2220·6964·3d22·6964·6d32·3538·3330··se"·id="idm25830001aaa40:·7365·2220·6964·3d22·6964·6d32·3538·3330··se"·id="idm25830
001aaa50:·223e·3c70·7265·3e3c·636f·6465·3e23·2052··"><pre><code>#·R001aaa50:·223e·3c70·7265·3e3c·636f·6465·3e23·2052··"><pre><code>#·R
001aaa60:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap001aaa60:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap
001aaa70:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in001aaa70:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in
001aaa80:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor001aaa80:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor
001aaa90:·6d73·0a69·6620·7270·6d20·2d2d·7175·6965··ms.if·rpm·--quie 
001aaaa0:·7420·2d71·2061·7564·6974·2026·616d·703b··t·-q·audit·&amp; 
001aaab0:·2661·6d70·3b20·5b20·2120·2d66·202f·2e64··&amp;·[·!·-f·/.d001aaa90:·6d73·0a69·6620·5b20·2120·2d66·202f·2e64··ms.if·[·!·-f·/.d
001aaac0:·6f63·6b65·7265·6e76·205d·2026·616d·703b··ockerenv·]·&amp;001aaaa0:·6f63·6b65·7265·6e76·205d·2026·616d·703b··ockerenv·]·&amp;
001aaad0:·2661·6d70·3b20·5b20·2120·2d66·202f·7275··&amp;·[·!·-f·/ru001aaab0:·2661·6d70·3b20·5b20·2120·2d66·202f·7275··&amp;·[·!·-f·/ru
001aaae0:·6e2f·2e63·6f6e·7461·696e·6572·656e·7620··n/.containerenv·001aaac0:·6e2f·2e63·6f6e·7461·696e·6572·656e·7620··n/.containerenv·
 001aaad0:·5d20·2661·6d70·3b26·616d·703b·2072·706d··]·&amp;&amp;·rpm
 001aaae0:·202d·2d71·7569·6574·202d·7120·6175·6469···--quiet·-q·audi
001aaaf0:·5d3b·2074·6865·6e0a·0a23·2046·6972·7374··];·then..#·First001aaaf0:·743b·2074·6865·6e0a·0a23·2046·6972·7374··t;·then..#·First
001aab00:·2070·6572·666f·726d·2074·6865·2072·656d···perform·the·rem001aab00:·2070·6572·666f·726d·2074·6865·2072·656d···perform·the·rem
001aab10:·6564·6961·7469·6f6e·206f·6620·7468·6520··ediation·of·the·001aab10:·6564·6961·7469·6f6e·206f·6620·7468·6520··ediation·of·the·
001aab20:·7379·7363·616c·6c20·7275·6c65·0a23·2052··syscall·rule.#·R001aab20:·7379·7363·616c·6c20·7275·6c65·0a23·2052··syscall·rule.#·R
Max diff block lines reached; 575721/585312 bytes (98.36%) of diff not shown.
173 KB
html2text {}
    
Offset 54, 15 lines modifiedOffset 54, 15 lines modified
54 ····*·cpe:/o:redhat:enterprise_linux:8.654 ····*·cpe:/o:redhat:enterprise_linux:8.6
55 ····*·cpe:/o:redhat:enterprise_linux:8.755 ····*·cpe:/o:redhat:enterprise_linux:8.7
56 ····*·cpe:/o:redhat:enterprise_linux:8.856 ····*·cpe:/o:redhat:enterprise_linux:8.8
57 ····*·cpe:/o:redhat:enterprise_linux:8.957 ····*·cpe:/o:redhat:enterprise_linux:8.9
58 ····*·cpe:/o:redhat:enterprise_linux:858 ····*·cpe:/o:redhat:enterprise_linux:8
59 *****·Revision·History·*****59 *****·Revision·History·*****
60 Current·version:·0.1.6560 Current·version:·0.1.65
61 ····*·draft·(as·of·2024-01-14)61 ····*·draft·(as·of·2025-02-15)
62 *****·Table·of·Contents·*****62 *****·Table·of·Contents·*****
63 ···1.·System_Settings63 ···1.·System_Settings
64 ·········1.·Installing_and_Maintaining_Software64 ·········1.·Installing_and_Maintaining_Software
65 ·········2.·Account_and_Access_Control65 ·········2.·Account_and_Access_Control
66 ·········3.·System_Accounting_with_auditd66 ·········3.·System_Accounting_with_auditd
67 ·········4.·GRUB2_bootloader_configuration67 ·········4.·GRUB2_bootloader_configuration
68 ·········5.·Configure_Syslog68 ·········5.·Configure_Syslog
Offset 17673, 16 lines modifiedOffset 17673, 16 lines modified
17673 ··-·reboot_required17673 ··-·reboot_required
17674 ··-·restrict_strategy17674 ··-·restrict_strategy
  
17675 -·name:·Set·architecture·for·audit·chmod·tasks17675 -·name:·Set·architecture·for·audit·chmod·tasks
17676 ··set_fact:17676 ··set_fact:
17677 ····audit_arch:·b6417677 ····audit_arch:·b64
17678 ··when:17678 ··when:
17679 ··-·'"audit"·in·ansible_facts.packages' 
17680 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]17679 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 17680 ··-·'"audit"·in·ansible_facts.packages'
17681 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture17681 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
17682 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"17682 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
17683 ··tags:17683 ··tags:
17684 ··-·CCE-80685-117684 ··-·CCE-80685-1
17685 ··-·CJIS-5.4.1.117685 ··-·CJIS-5.4.1.1
17686 ··-·DISA-STIG-RHEL-08-03049017686 ··-·DISA-STIG-RHEL-08-030490
17687 ··-·NIST-800-171-3.1.717687 ··-·NIST-800-171-3.1.7
Offset 17820, 16 lines modifiedOffset 17820, 16 lines modified
17820 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100017820 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
17821 ········-F·auid!=unset·-F·key=perm_mod17821 ········-F·auid!=unset·-F·key=perm_mod
17822 ······create:·true17822 ······create:·true
17823 ······mode:·o-rwx17823 ······mode:·o-rwx
17824 ······state:·present17824 ······state:·present
17825 ····when:·syscalls_found·|·length·==·017825 ····when:·syscalls_found·|·length·==·0
17826 ··when:17826 ··when:
17827 ··-·'"audit"·in·ansible_facts.packages' 
17828 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]17827 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 17828 ··-·'"audit"·in·ansible_facts.packages'
17829 ··tags:17829 ··tags:
17830 ··-·CCE-80685-117830 ··-·CCE-80685-1
17831 ··-·CJIS-5.4.1.117831 ··-·CJIS-5.4.1.1
17832 ··-·DISA-STIG-RHEL-08-03049017832 ··-·DISA-STIG-RHEL-08-030490
17833 ··-·NIST-800-171-3.1.717833 ··-·NIST-800-171-3.1.7
17834 ··-·NIST-800-53-AU-12(c)17834 ··-·NIST-800-53-AU-12(c)
17835 ··-·NIST-800-53-AU-2(d)17835 ··-·NIST-800-53-AU-2(d)
Offset 17965, 16 lines modifiedOffset 17965, 16 lines modified
17965 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100017965 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
17966 ········-F·auid!=unset·-F·key=perm_mod17966 ········-F·auid!=unset·-F·key=perm_mod
17967 ······create:·true17967 ······create:·true
17968 ······mode:·o-rwx17968 ······mode:·o-rwx
17969 ······state:·present17969 ······state:·present
17970 ····when:·syscalls_found·|·length·==·017970 ····when:·syscalls_found·|·length·==·0
17971 ··when:17971 ··when:
17972 ··-·'"audit"·in·ansible_facts.packages' 
17973 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]17972 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 17973 ··-·'"audit"·in·ansible_facts.packages'
17974 ··-·audit_arch·==·"b64"17974 ··-·audit_arch·==·"b64"
17975 ··tags:17975 ··tags:
17976 ··-·CCE-80685-117976 ··-·CCE-80685-1
17977 ··-·CJIS-5.4.1.117977 ··-·CJIS-5.4.1.1
17978 ··-·DISA-STIG-RHEL-08-03049017978 ··-·DISA-STIG-RHEL-08-030490
17979 ··-·NIST-800-171-3.1.717979 ··-·NIST-800-171-3.1.7
17980 ··-·NIST-800-53-AU-12(c)17980 ··-·NIST-800-53-AU-12(c)
Offset 17985, 15 lines modifiedOffset 17985, 15 lines modified
17985 ··-·low_complexity17985 ··-·low_complexity
17986 ··-·low_disruption17986 ··-·low_disruption
17987 ··-·medium_severity17987 ··-·medium_severity
17988 ··-·reboot_required17988 ··-·reboot_required
17989 ··-·restrict_strategy17989 ··-·restrict_strategy
17990 Remediation_Shell_script_⇲17990 Remediation_Shell_script_⇲
17991 #·Remediation·is·applicable·only·in·certain·platforms17991 #·Remediation·is·applicable·only·in·certain·platforms
17992 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then17992 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
17993 #·First·perform·the·remediation·of·the·syscall·rule17993 #·First·perform·the·remediation·of·the·syscall·rule
17994 #·Retrieve·hardware·architecture·of·the·underlying·system17994 #·Retrieve·hardware·architecture·of·the·underlying·system
17995 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")17995 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
17996 for·ARCH·in·"${RULE_ARCHS[@]}"17996 for·ARCH·in·"${RULE_ARCHS[@]}"
17997 do17997 do
Offset 18356, 16 lines modifiedOffset 18356, 16 lines modified
18356 ··-·reboot_required18356 ··-·reboot_required
18357 ··-·restrict_strategy18357 ··-·restrict_strategy
  
18358 -·name:·Set·architecture·for·audit·chown·tasks18358 -·name:·Set·architecture·for·audit·chown·tasks
18359 ··set_fact:18359 ··set_fact:
18360 ····audit_arch:·b6418360 ····audit_arch:·b64
18361 ··when:18361 ··when:
18362 ··-·'"audit"·in·ansible_facts.packages' 
18363 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]18362 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 18363 ··-·'"audit"·in·ansible_facts.packages'
18364 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture18364 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
18365 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"18365 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
18366 ··tags:18366 ··tags:
18367 ··-·CCE-80686-918367 ··-·CCE-80686-9
18368 ··-·CJIS-5.4.1.118368 ··-·CJIS-5.4.1.1
18369 ··-·DISA-STIG-RHEL-08-03048018369 ··-·DISA-STIG-RHEL-08-030480
18370 ··-·NIST-800-171-3.1.718370 ··-·NIST-800-171-3.1.7
Offset 18505, 16 lines modifiedOffset 18505, 16 lines modified
18505 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100018505 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
18506 ········-F·auid!=unset·-F·key=perm_mod18506 ········-F·auid!=unset·-F·key=perm_mod
18507 ······create:·true18507 ······create:·true
18508 ······mode:·o-rwx18508 ······mode:·o-rwx
18509 ······state:·present18509 ······state:·present
18510 ····when:·syscalls_found·|·length·==·018510 ····when:·syscalls_found·|·length·==·0
18511 ··when:18511 ··when:
18512 ··-·'"audit"·in·ansible_facts.packages' 
18513 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]18512 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 18513 ··-·'"audit"·in·ansible_facts.packages'
18514 ··tags:18514 ··tags:
18515 ··-·CCE-80686-918515 ··-·CCE-80686-9
18516 ··-·CJIS-5.4.1.118516 ··-·CJIS-5.4.1.1
18517 ··-·DISA-STIG-RHEL-08-03048018517 ··-·DISA-STIG-RHEL-08-030480
18518 ··-·NIST-800-171-3.1.718518 ··-·NIST-800-171-3.1.7
18519 ··-·NIST-800-53-AU-12(c)18519 ··-·NIST-800-53-AU-12(c)
18520 ··-·NIST-800-53-AU-2(d)18520 ··-·NIST-800-53-AU-2(d)
Offset 18652, 16 lines modifiedOffset 18652, 16 lines modified
18652 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100018652 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
18653 ········-F·auid!=unset·-F·key=perm_mod18653 ········-F·auid!=unset·-F·key=perm_mod
18654 ······create:·true18654 ······create:·true
18655 ······mode:·o-rwx18655 ······mode:·o-rwx
18656 ······state:·present18656 ······state:·present
Max diff block lines reached; 172313/176781 bytes (97.47%) of diff not shown.
746 KB
./usr/share/doc/ssg-nondebian/ssg-rhel8-guide-stig_gui.html
    
Offset 14470, 15 lines modifiedOffset 14470, 15 lines modified
00038850:·7279·3c2f·6832·3e3c·703e·4375·7272·656e··ry</h2><p>Curren00038850:·7279·3c2f·6832·3e3c·703e·4375·7272·656e··ry</h2><p>Curren
00038860:·7420·7665·7273·696f·6e3a·203c·7374·726f··t·version:·<stro00038860:·7420·7665·7273·696f·6e3a·203c·7374·726f··t·version:·<stro
00038870:·6e67·3e30·2e31·2e36·353c·2f73·7472·6f6e··ng>0.1.65</stron00038870:·6e67·3e30·2e31·2e36·353c·2f73·7472·6f6e··ng>0.1.65</stron
00038880:·673e·3c2f·703e·3c75·6c3e·3c6c·693e·3c73··g></p><ul><li><s00038880:·673e·3c2f·703e·3c75·6c3e·3c6c·693e·3c73··g></p><ul><li><s
00038890:·7472·6f6e·673e·6472·6166·743c·2f73·7472··trong>draft</str00038890:·7472·6f6e·673e·6472·6166·743c·2f73·7472··trong>draft</str
000388a0:·6f6e·673e·0a20·2020·2020·2020·2020·2020··ong>.···········000388a0:·6f6e·673e·0a20·2020·2020·2020·2020·2020··ong>.···········
000388b0:·2020·2020·2020·2020·2028·6173·206f·6620···········(as·of·000388b0:·2020·2020·2020·2020·2028·6173·206f·6620···········(as·of·
000388c0:·3230·3234·2d30·312d·3134·290a·2020·2020··2024-01-14).····000388c0:·3230·3235·2d30·322d·3135·290a·2020·2020··2025-02-15).····
000388d0:·2020·2020·2020·2020·2020·2020·3c2f·6c69··············</li000388d0:·2020·2020·2020·2020·2020·2020·3c2f·6c69··············</li
000388e0:·3e3c·2f75·6c3e·3c2f·6469·763e·3c68·323e··></ul></div><h2>000388e0:·3e3c·2f75·6c3e·3c2f·6469·763e·3c68·323e··></ul></div><h2>
000388f0:·5461·626c·6520·6f66·2043·6f6e·7465·6e74··Table·of·Content000388f0:·5461·626c·6520·6f66·2043·6f6e·7465·6e74··Table·of·Content
00038900:·733c·2f68·323e·3c6f·6c3e·3c6c·693e·3c61··s</h2><ol><li><a00038900:·733c·2f68·323e·3c6f·6c3e·3c6c·693e·3c61··s</h2><ol><li><a
00038910:·2068·7265·663d·2223·7863·6364·665f·6f72···href="#xccdf_or00038910:·2068·7265·663d·2223·7863·6364·665f·6f72···href="#xccdf_or
00038920:·672e·7373·6770·726f·6a65·6374·2e63·6f6e··g.ssgproject.con00038920:·672e·7373·6770·726f·6a65·6374·2e63·6f6e··g.ssgproject.con
00038930:·7465·6e74·5f67·726f·7570·5f73·7973·7465··tent_group_syste00038930:·7465·6e74·5f67·726f·7570·5f73·7973·7465··tent_group_syste
Offset 108203, 23 lines modifiedOffset 108203, 23 lines modified
001a6aa0:·7265·640a·2020·2d20·7265·7374·7269·6374··red.··-·restrict001a6aa0:·7265·640a·2020·2d20·7265·7374·7269·6374··red.··-·restrict
001a6ab0:·5f73·7472·6174·6567·790a·0a2d·206e·616d··_strategy..-·nam001a6ab0:·5f73·7472·6174·6567·790a·0a2d·206e·616d··_strategy..-·nam
001a6ac0:·653a·2053·6574·2061·7263·6869·7465·6374··e:·Set·architect001a6ac0:·653a·2053·6574·2061·7263·6869·7465·6374··e:·Set·architect
001a6ad0:·7572·6520·666f·7220·6175·6469·7420·6368··ure·for·audit·ch001a6ad0:·7572·6520·666f·7220·6175·6469·7420·6368··ure·for·audit·ch
001a6ae0:·6d6f·6420·7461·736b·730a·2020·7365·745f··mod·tasks.··set_001a6ae0:·6d6f·6420·7461·736b·730a·2020·7365·745f··mod·tasks.··set_
001a6af0:·6661·6374·3a0a·2020·2020·6175·6469·745f··fact:.····audit_001a6af0:·6661·6374·3a0a·2020·2020·6175·6469·745f··fact:.····audit_
001a6b00:·6172·6368·3a20·6236·340a·2020·7768·656e··arch:·b64.··when001a6b00:·6172·6368·3a20·6236·340a·2020·7768·656e··arch:·b64.··when
001a6b10:·3a0a·2020·2d20·2722·6175·6469·7422·2069··:.··-·'"audit"·i 
001a6b20:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
001a6b30:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an 
001a6b40:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza 
001a6b50:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in 
001a6b60:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc 
001a6b70:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po 
001a6b80:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe001a6b10:·3a0a·2020·2d20·616e·7369·626c·655f·7669··:.··-·ansible_vi
 001a6b20:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
 001a6b30:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
 001a6b40:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
 001a6b50:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
 001a6b60:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·
 001a6b70:·2722·6175·6469·7422·2069·6e20·616e·7369··'"audit"·in·ansi
 001a6b80:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
001a6b90:·7222·5d0a·2020·2d20·616e·7369·626c·655f··r"].··-·ansible_001a6b90:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_
001a6ba0:·6172·6368·6974·6563·7475·7265·203d·3d20··architecture·==·001a6ba0:·6172·6368·6974·6563·7475·7265·203d·3d20··architecture·==·
001a6bb0:·2261·6172·6368·3634·2220·6f72·2061·6e73··"aarch64"·or·ans001a6bb0:·2261·6172·6368·3634·2220·6f72·2061·6e73··"aarch64"·or·ans
001a6bc0:·6962·6c65·5f61·7263·6869·7465·6374·7572··ible_architectur001a6bc0:·6962·6c65·5f61·7263·6869·7465·6374·7572··ible_architectur
001a6bd0:·6520·3d3d·2022·7070·6336·3422·206f·7220··e·==·"ppc64"·or·001a6bd0:·6520·3d3d·2022·7070·6336·3422·206f·7220··e·==·"ppc64"·or·
001a6be0:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec001a6be0:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec
001a6bf0:·7475·7265·0a20·2020·203d·3d20·2270·7063··ture.····==·"ppc001a6bf0:·7475·7265·0a20·2020·203d·3d20·2270·7063··ture.····==·"ppc
001a6c00:·3634·6c65·2220·6f72·2061·6e73·6962·6c65··64le"·or·ansible001a6c00:·3634·6c65·2220·6f72·2061·6e73·6962·6c65··64le"·or·ansible
Offset 108527, 23 lines modifiedOffset 108527, 23 lines modified
001a7ee0:·6579·3d70·6572·6d5f·6d6f·640a·2020·2020··ey=perm_mod.····001a7ee0:·6579·3d70·6572·6d5f·6d6f·640a·2020·2020··ey=perm_mod.····
001a7ef0:·2020·6372·6561·7465·3a20·7472·7565·0a20····create:·true.·001a7ef0:·2020·6372·6561·7465·3a20·7472·7565·0a20····create:·true.·
001a7f00:·2020·2020·206d·6f64·653a·206f·2d72·7778·······mode:·o-rwx001a7f00:·2020·2020·206d·6f64·653a·206f·2d72·7778·······mode:·o-rwx
001a7f10:·0a20·2020·2020·2073·7461·7465·3a20·7072··.······state:·pr001a7f10:·0a20·2020·2020·2073·7461·7465·3a20·7072··.······state:·pr
001a7f20:·6573·656e·740a·2020·2020·7768·656e·3a20··esent.····when:·001a7f20:·6573·656e·740a·2020·2020·7768·656e·3a20··esent.····when:·
001a7f30:·7379·7363·616c·6c73·5f66·6f75·6e64·207c··syscalls_found·|001a7f30:·7379·7363·616c·6c73·5f66·6f75·6e64·207c··syscalls_found·|
001a7f40:·206c·656e·6774·6820·3d3d·2030·0a20·2077···length·==·0.··w001a7f40:·206c·656e·6774·6820·3d3d·2030·0a20·2077···length·==·0.··w
001a7f50:·6865·6e3a·0a20·202d·2027·2261·7564·6974··hen:.··-·'"audit001a7f50:·6865·6e3a·0a20·202d·2061·6e73·6962·6c65··hen:.··-·ansible
001a7f60:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
001a7f70:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··- 
001a7f80:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual 
001a7f90:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not 
001a7fa0:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·" 
001a7fb0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",· 
001a7fc0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta001a7f60:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
 001a7f70:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
 001a7f80:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
 001a7f90:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
 001a7fa0:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
 001a7fb0:·202d·2027·2261·7564·6974·2220·696e·2061···-·'"audit"·in·a
 001a7fc0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
001a7fd0:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·001a7fd0:·6b61·6765·7327·0a20·2074·6167·733a·0a20··kages'.··tags:.·
001a7fe0:·202d·2043·4345·2d38·3036·3835·2d31·0a20···-·CCE-80685-1.·001a7fe0:·202d·2043·4345·2d38·3036·3835·2d31·0a20···-·CCE-80685-1.·
001a7ff0:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.001a7ff0:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.
001a8000:·2020·2d20·4449·5341·2d53·5449·472d·5248····-·DISA-STIG-RH001a8000:·2020·2d20·4449·5341·2d53·5449·472d·5248····-·DISA-STIG-RH
001a8010:·454c·2d30·382d·3033·3034·3930·0a20·202d··EL-08-030490.··-001a8010:·454c·2d30·382d·3033·3034·3930·0a20·202d··EL-08-030490.··-
001a8020:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.001a8020:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.
001a8030:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-800001a8030:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-800
001a8040:·2d35·332d·4155·2d31·3228·6329·0a20·202d··-53-AU-12(c).··-001a8040:·2d35·332d·4155·2d31·3228·6329·0a20·202d··-53-AU-12(c).··-
Offset 108840, 22 lines modifiedOffset 108840, 22 lines modified
001a9270:·6d5f·6d6f·640a·2020·2020·2020·6372·6561··m_mod.······crea001a9270:·6d5f·6d6f·640a·2020·2020·2020·6372·6561··m_mod.······crea
001a9280:·7465·3a20·7472·7565·0a20·2020·2020·206d··te:·true.······m001a9280:·7465·3a20·7472·7565·0a20·2020·2020·206d··te:·true.······m
001a9290:·6f64·653a·206f·2d72·7778·0a20·2020·2020··ode:·o-rwx.·····001a9290:·6f64·653a·206f·2d72·7778·0a20·2020·2020··ode:·o-rwx.·····
001a92a0:·2073·7461·7465·3a20·7072·6573·656e·740a···state:·present.001a92a0:·2073·7461·7465·3a20·7072·6573·656e·740a···state:·present.
001a92b0:·2020·2020·7768·656e·3a20·7379·7363·616c······when:·syscal001a92b0:·2020·2020·7768·656e·3a20·7379·7363·616c······when:·syscal
001a92c0:·6c73·5f66·6f75·6e64·207c·206c·656e·6774··ls_found·|·lengt001a92c0:·6c73·5f66·6f75·6e64·207c·206c·656e·6774··ls_found·|·lengt
001a92d0:·6820·3d3d·2030·0a20·2077·6865·6e3a·0a20··h·==·0.··when:.·001a92d0:·6820·3d3d·2030·0a20·2077·6865·6e3a·0a20··h·==·0.··when:.·
001a92e0:·202d·2027·2261·7564·6974·2220·696e·2061···-·'"audit"·in·a 
001a92f0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac 
001a9300:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib 
001a9310:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio 
001a9320:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·[" 
001a9330:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",· 
001a9340:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma 
001a9350:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]001a92e0:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu
 001a92f0:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n
 001a9300:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",
 001a9310:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"
 001a9320:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con
 001a9330:·7461·696e·6572·225d·0a20·202d·2027·2261··tainer"].··-·'"a
 001a9340:·7564·6974·2220·696e·2061·6e73·6962·6c65··udit"·in·ansible
 001a9350:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
001a9360:·0a20·202d·2061·7564·6974·5f61·7263·6820··.··-·audit_arch·001a9360:·0a20·202d·2061·7564·6974·5f61·7263·6820··.··-·audit_arch·
001a9370:·3d3d·2022·6236·3422·0a20·2074·6167·733a··==·"b64".··tags:001a9370:·3d3d·2022·6236·3422·0a20·2074·6167·733a··==·"b64".··tags:
001a9380:·0a20·202d·2043·4345·2d38·3036·3835·2d31··.··-·CCE-80685-1001a9380:·0a20·202d·2043·4345·2d38·3036·3835·2d31··.··-·CCE-80685-1
001a9390:·0a20·202d·2043·4a49·532d·352e·342e·312e··.··-·CJIS-5.4.1.001a9390:·0a20·202d·2043·4a49·532d·352e·342e·312e··.··-·CJIS-5.4.1.
001a93a0:·310a·2020·2d20·4449·5341·2d53·5449·472d··1.··-·DISA-STIG-001a93a0:·310a·2020·2d20·4449·5341·2d53·5449·472d··1.··-·DISA-STIG-
001a93b0:·5248·454c·2d30·382d·3033·3034·3930·0a20··RHEL-08-030490.·001a93b0:·5248·454c·2d30·382d·3033·3034·3930·0a20··RHEL-08-030490.·
001a93c0:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-001a93c0:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-
Offset 108890, 21 lines modifiedOffset 108890, 21 lines modified
001a9590:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla001a9590:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
001a95a0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap001a95a0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
001a95b0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=001a95b0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=
001a95c0:·2269·646d·3235·3833·3022·3e3c·7072·653e··"idm25830"><pre>001a95c0:·2269·646d·3235·3833·3022·3e3c·7072·653e··"idm25830"><pre>
001a95d0:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat001a95d0:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat
001a95e0:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl001a95e0:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl
001a95f0:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai001a95f0:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai
001a9600:·6e20·706c·6174·666f·726d·730a·6966·2072··n·platforms.if·r001a9600:·6e20·706c·6174·666f·726d·730a·6966·205b··n·platforms.if·[
001a9610:·706d·202d·2d71·7569·6574·202d·7120·6175··pm·--quiet·-q·au 
001a9620:·6469·7420·2661·6d70·3b26·616d·703b·205b··dit·&amp;&amp;·[ 
001a9630:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren001a9610:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren
001a9640:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[001a9620:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[
001a9650:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont001a9630:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont
001a9660:·6169·6e65·7265·6e76·205d·3b20·7468·656e··ainerenv·];·then001a9640:·6169·6e65·7265·6e76·205d·2026·616d·703b··ainerenv·]·&amp;
 001a9650:·2661·6d70·3b20·7270·6d20·2d2d·7175·6965··&amp;·rpm·--quie
 001a9660:·7420·2d71·2061·7564·6974·3b20·7468·656e··t·-q·audit;·then
001a9670:·0a0a·2320·4669·7273·7420·7065·7266·6f72··..#·First·perfor001a9670:·0a0a·2320·4669·7273·7420·7065·7266·6f72··..#·First·perfor
001a9680:·6d20·7468·6520·7265·6d65·6469·6174·696f··m·the·remediatio001a9680:·6d20·7468·6520·7265·6d65·6469·6174·696f··m·the·remediatio
001a9690:·6e20·6f66·2074·6865·2073·7973·6361·6c6c··n·of·the·syscall001a9690:·6e20·6f66·2074·6865·2073·7973·6361·6c6c··n·of·the·syscall
001a96a0:·2072·756c·650a·2320·5265·7472·6965·7665···rule.#·Retrieve001a96a0:·2072·756c·650a·2320·5265·7472·6965·7665···rule.#·Retrieve
Max diff block lines reached; 577170/586692 bytes (98.38%) of diff not shown.
173 KB
html2text {}
    
Offset 60, 15 lines modifiedOffset 60, 15 lines modified
60 ····*·cpe:/o:redhat:enterprise_linux:8.660 ····*·cpe:/o:redhat:enterprise_linux:8.6
61 ····*·cpe:/o:redhat:enterprise_linux:8.761 ····*·cpe:/o:redhat:enterprise_linux:8.7
62 ····*·cpe:/o:redhat:enterprise_linux:8.862 ····*·cpe:/o:redhat:enterprise_linux:8.8
63 ····*·cpe:/o:redhat:enterprise_linux:8.963 ····*·cpe:/o:redhat:enterprise_linux:8.9
64 ····*·cpe:/o:redhat:enterprise_linux:864 ····*·cpe:/o:redhat:enterprise_linux:8
65 *****·Revision·History·*****65 *****·Revision·History·*****
66 Current·version:·0.1.6566 Current·version:·0.1.65
67 ····*·draft·(as·of·2024-01-14)67 ····*·draft·(as·of·2025-02-15)
68 *****·Table·of·Contents·*****68 *****·Table·of·Contents·*****
69 ···1.·System_Settings69 ···1.·System_Settings
70 ·········1.·Installing_and_Maintaining_Software70 ·········1.·Installing_and_Maintaining_Software
71 ·········2.·Account_and_Access_Control71 ·········2.·Account_and_Access_Control
72 ·········3.·System_Accounting_with_auditd72 ·········3.·System_Accounting_with_auditd
73 ·········4.·GRUB2_bootloader_configuration73 ·········4.·GRUB2_bootloader_configuration
74 ·········5.·Configure_Syslog74 ·········5.·Configure_Syslog
Offset 17620, 16 lines modifiedOffset 17620, 16 lines modified
17620 ··-·reboot_required17620 ··-·reboot_required
17621 ··-·restrict_strategy17621 ··-·restrict_strategy
  
17622 -·name:·Set·architecture·for·audit·chmod·tasks17622 -·name:·Set·architecture·for·audit·chmod·tasks
17623 ··set_fact:17623 ··set_fact:
17624 ····audit_arch:·b6417624 ····audit_arch:·b64
17625 ··when:17625 ··when:
17626 ··-·'"audit"·in·ansible_facts.packages' 
17627 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]17626 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 17627 ··-·'"audit"·in·ansible_facts.packages'
17628 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture17628 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
17629 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"17629 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
17630 ··tags:17630 ··tags:
17631 ··-·CCE-80685-117631 ··-·CCE-80685-1
17632 ··-·CJIS-5.4.1.117632 ··-·CJIS-5.4.1.1
17633 ··-·DISA-STIG-RHEL-08-03049017633 ··-·DISA-STIG-RHEL-08-030490
17634 ··-·NIST-800-171-3.1.717634 ··-·NIST-800-171-3.1.7
Offset 17767, 16 lines modifiedOffset 17767, 16 lines modified
17767 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100017767 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
17768 ········-F·auid!=unset·-F·key=perm_mod17768 ········-F·auid!=unset·-F·key=perm_mod
17769 ······create:·true17769 ······create:·true
17770 ······mode:·o-rwx17770 ······mode:·o-rwx
17771 ······state:·present17771 ······state:·present
17772 ····when:·syscalls_found·|·length·==·017772 ····when:·syscalls_found·|·length·==·0
17773 ··when:17773 ··when:
17774 ··-·'"audit"·in·ansible_facts.packages' 
17775 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]17774 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 17775 ··-·'"audit"·in·ansible_facts.packages'
17776 ··tags:17776 ··tags:
17777 ··-·CCE-80685-117777 ··-·CCE-80685-1
17778 ··-·CJIS-5.4.1.117778 ··-·CJIS-5.4.1.1
17779 ··-·DISA-STIG-RHEL-08-03049017779 ··-·DISA-STIG-RHEL-08-030490
17780 ··-·NIST-800-171-3.1.717780 ··-·NIST-800-171-3.1.7
17781 ··-·NIST-800-53-AU-12(c)17781 ··-·NIST-800-53-AU-12(c)
17782 ··-·NIST-800-53-AU-2(d)17782 ··-·NIST-800-53-AU-2(d)
Offset 17912, 16 lines modifiedOffset 17912, 16 lines modified
17912 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100017912 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
17913 ········-F·auid!=unset·-F·key=perm_mod17913 ········-F·auid!=unset·-F·key=perm_mod
17914 ······create:·true17914 ······create:·true
17915 ······mode:·o-rwx17915 ······mode:·o-rwx
17916 ······state:·present17916 ······state:·present
17917 ····when:·syscalls_found·|·length·==·017917 ····when:·syscalls_found·|·length·==·0
17918 ··when:17918 ··when:
17919 ··-·'"audit"·in·ansible_facts.packages' 
17920 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]17919 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 17920 ··-·'"audit"·in·ansible_facts.packages'
17921 ··-·audit_arch·==·"b64"17921 ··-·audit_arch·==·"b64"
17922 ··tags:17922 ··tags:
17923 ··-·CCE-80685-117923 ··-·CCE-80685-1
17924 ··-·CJIS-5.4.1.117924 ··-·CJIS-5.4.1.1
17925 ··-·DISA-STIG-RHEL-08-03049017925 ··-·DISA-STIG-RHEL-08-030490
17926 ··-·NIST-800-171-3.1.717926 ··-·NIST-800-171-3.1.7
17927 ··-·NIST-800-53-AU-12(c)17927 ··-·NIST-800-53-AU-12(c)
Offset 17932, 15 lines modifiedOffset 17932, 15 lines modified
17932 ··-·low_complexity17932 ··-·low_complexity
17933 ··-·low_disruption17933 ··-·low_disruption
17934 ··-·medium_severity17934 ··-·medium_severity
17935 ··-·reboot_required17935 ··-·reboot_required
17936 ··-·restrict_strategy17936 ··-·restrict_strategy
17937 Remediation_Shell_script_⇲17937 Remediation_Shell_script_⇲
17938 #·Remediation·is·applicable·only·in·certain·platforms17938 #·Remediation·is·applicable·only·in·certain·platforms
17939 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then17939 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
17940 #·First·perform·the·remediation·of·the·syscall·rule17940 #·First·perform·the·remediation·of·the·syscall·rule
17941 #·Retrieve·hardware·architecture·of·the·underlying·system17941 #·Retrieve·hardware·architecture·of·the·underlying·system
17942 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")17942 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
17943 for·ARCH·in·"${RULE_ARCHS[@]}"17943 for·ARCH·in·"${RULE_ARCHS[@]}"
17944 do17944 do
Offset 18303, 16 lines modifiedOffset 18303, 16 lines modified
18303 ··-·reboot_required18303 ··-·reboot_required
18304 ··-·restrict_strategy18304 ··-·restrict_strategy
  
18305 -·name:·Set·architecture·for·audit·chown·tasks18305 -·name:·Set·architecture·for·audit·chown·tasks
18306 ··set_fact:18306 ··set_fact:
18307 ····audit_arch:·b6418307 ····audit_arch:·b64
18308 ··when:18308 ··when:
18309 ··-·'"audit"·in·ansible_facts.packages' 
18310 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]18309 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 18310 ··-·'"audit"·in·ansible_facts.packages'
18311 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture18311 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
18312 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"18312 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
18313 ··tags:18313 ··tags:
18314 ··-·CCE-80686-918314 ··-·CCE-80686-9
18315 ··-·CJIS-5.4.1.118315 ··-·CJIS-5.4.1.1
18316 ··-·DISA-STIG-RHEL-08-03048018316 ··-·DISA-STIG-RHEL-08-030480
18317 ··-·NIST-800-171-3.1.718317 ··-·NIST-800-171-3.1.7
Offset 18452, 16 lines modifiedOffset 18452, 16 lines modified
18452 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100018452 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
18453 ········-F·auid!=unset·-F·key=perm_mod18453 ········-F·auid!=unset·-F·key=perm_mod
18454 ······create:·true18454 ······create:·true
18455 ······mode:·o-rwx18455 ······mode:·o-rwx
18456 ······state:·present18456 ······state:·present
18457 ····when:·syscalls_found·|·length·==·018457 ····when:·syscalls_found·|·length·==·0
18458 ··when:18458 ··when:
18459 ··-·'"audit"·in·ansible_facts.packages' 
18460 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]18459 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 18460 ··-·'"audit"·in·ansible_facts.packages'
18461 ··tags:18461 ··tags:
18462 ··-·CCE-80686-918462 ··-·CCE-80686-9
18463 ··-·CJIS-5.4.1.118463 ··-·CJIS-5.4.1.1
18464 ··-·DISA-STIG-RHEL-08-03048018464 ··-·DISA-STIG-RHEL-08-030480
18465 ··-·NIST-800-171-3.1.718465 ··-·NIST-800-171-3.1.7
18466 ··-·NIST-800-53-AU-12(c)18466 ··-·NIST-800-53-AU-12(c)
18467 ··-·NIST-800-53-AU-2(d)18467 ··-·NIST-800-53-AU-2(d)
Offset 18599, 16 lines modifiedOffset 18599, 16 lines modified
18599 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100018599 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
18600 ········-F·auid!=unset·-F·key=perm_mod18600 ········-F·auid!=unset·-F·key=perm_mod
18601 ······create:·true18601 ······create:·true
18602 ······mode:·o-rwx18602 ······mode:·o-rwx
18603 ······state:·present18603 ······state:·present
Max diff block lines reached; 172313/176781 bytes (97.47%) of diff not shown.
1.99 KB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-anssi_bp28_enhanced.html
    
Offset 14305, 16 lines modifiedOffset 14305, 16 lines modified
00037e00:·7369·6f6e·2048·6973·746f·7279·3c2f·6832··sion·History</h200037e00:·7369·6f6e·2048·6973·746f·7279·3c2f·6832··sion·History</h2
00037e10:·3e3c·703e·4375·7272·656e·7420·7665·7273··><p>Current·vers00037e10:·3e3c·703e·4375·7272·656e·7420·7665·7273··><p>Current·vers
00037e20:·696f·6e3a·203c·7374·726f·6e67·3e30·2e31··ion:·<strong>0.100037e20:·696f·6e3a·203c·7374·726f·6e67·3e30·2e31··ion:·<strong>0.1
00037e30:·2e36·353c·2f73·7472·6f6e·673e·3c2f·703e··.65</strong></p>00037e30:·2e36·353c·2f73·7472·6f6e·673e·3c2f·703e··.65</strong></p>
00037e40:·3c75·6c3e·3c6c·693e·3c73·7472·6f6e·673e··<ul><li><strong>00037e40:·3c75·6c3e·3c6c·693e·3c73·7472·6f6e·673e··<ul><li><strong>
00037e50:·6472·6166·743c·2f73·7472·6f6e·673e·0a20··draft</strong>.·00037e50:·6472·6166·743c·2f73·7472·6f6e·673e·0a20··draft</strong>.·
00037e60:·2020·2020·2020·2020·2020·2020·2020·2020··················00037e60:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037e70:·2020·2028·6173·206f·6620·3230·3234·2d30·····(as·of·2024-000037e70:·2020·2028·6173·206f·6620·3230·3235·2d30·····(as·of·2025-0
00037e80:·312d·3134·290a·2020·2020·2020·2020·2020··1-14).··········00037e80:·322d·3135·290a·2020·2020·2020·2020·2020··2-15).··········
00037e90:·2020·2020·2020·3c2f·6c69·3e3c·2f75·6c3e········</li></ul>00037e90:·2020·2020·2020·3c2f·6c69·3e3c·2f75·6c3e········</li></ul>
00037ea0:·3c2f·6469·763e·3c68·323e·5461·626c·6520··</div><h2>Table·00037ea0:·3c2f·6469·763e·3c68·323e·5461·626c·6520··</div><h2>Table·
00037eb0:·6f66·2043·6f6e·7465·6e74·733c·2f68·323e··of·Contents</h2>00037eb0:·6f66·2043·6f6e·7465·6e74·733c·2f68·323e··of·Contents</h2>
00037ec0:·3c6f·6c3e·3c6c·693e·3c61·2068·7265·663d··<ol><li><a·href=00037ec0:·3c6f·6c3e·3c6c·693e·3c61·2068·7265·663d··<ol><li><a·href=
00037ed0:·2223·7863·6364·665f·6f72·672e·7373·6770··"#xccdf_org.ssgp00037ed0:·2223·7863·6364·665f·6f72·672e·7373·6770··"#xccdf_org.ssgp
00037ee0:·726f·6a65·6374·2e63·6f6e·7465·6e74·5f67··roject.content_g00037ee0:·726f·6a65·6374·2e63·6f6e·7465·6e74·5f67··roject.content_g
00037ef0:·726f·7570·5f73·7973·7465·6d22·3e53·7973··roup_system">Sys00037ef0:·726f·7570·5f73·7973·7465·6d22·3e53·7973··roup_system">Sys
630 B
html2text {}
    
Offset 43, 15 lines modifiedOffset 43, 15 lines modified
43 *****·Profile·Information·*****43 *****·Profile·Information·*****
44 Profile·Title·ANSSI-BP-028·(enhanced)44 Profile·Title·ANSSI-BP-028·(enhanced)
45 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced45 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced
46 ***·CPE·Platforms·***46 ***·CPE·Platforms·***
47 ····*·cpe:/o:redhat:enterprise_linux:947 ····*·cpe:/o:redhat:enterprise_linux:9
48 *****·Revision·History·*****48 *****·Revision·History·*****
49 Current·version:·0.1.6549 Current·version:·0.1.65
50 ····*·draft·(as·of·2024-01-14)50 ····*·draft·(as·of·2025-02-15)
51 *****·Table·of·Contents·*****51 *****·Table·of·Contents·*****
52 ···1.·System_Settings52 ···1.·System_Settings
53 ·········1.·Installing_and_Maintaining_Software53 ·········1.·Installing_and_Maintaining_Software
54 ·········2.·Account_and_Access_Control54 ·········2.·Account_and_Access_Control
55 ·········3.·System_Accounting_with_auditd55 ·········3.·System_Accounting_with_auditd
56 ·········4.·GRUB2_bootloader_configuration56 ·········4.·GRUB2_bootloader_configuration
57 ·········5.·Configure_Syslog57 ·········5.·Configure_Syslog
1.97 KB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-anssi_bp28_high.html
    
Offset 14304, 16 lines modifiedOffset 14304, 16 lines modified
00037df0:·7369·6f6e·2048·6973·746f·7279·3c2f·6832··sion·History</h200037df0:·7369·6f6e·2048·6973·746f·7279·3c2f·6832··sion·History</h2
00037e00:·3e3c·703e·4375·7272·656e·7420·7665·7273··><p>Current·vers00037e00:·3e3c·703e·4375·7272·656e·7420·7665·7273··><p>Current·vers
00037e10:·696f·6e3a·203c·7374·726f·6e67·3e30·2e31··ion:·<strong>0.100037e10:·696f·6e3a·203c·7374·726f·6e67·3e30·2e31··ion:·<strong>0.1
00037e20:·2e36·353c·2f73·7472·6f6e·673e·3c2f·703e··.65</strong></p>00037e20:·2e36·353c·2f73·7472·6f6e·673e·3c2f·703e··.65</strong></p>
00037e30:·3c75·6c3e·3c6c·693e·3c73·7472·6f6e·673e··<ul><li><strong>00037e30:·3c75·6c3e·3c6c·693e·3c73·7472·6f6e·673e··<ul><li><strong>
00037e40:·6472·6166·743c·2f73·7472·6f6e·673e·0a20··draft</strong>.·00037e40:·6472·6166·743c·2f73·7472·6f6e·673e·0a20··draft</strong>.·
00037e50:·2020·2020·2020·2020·2020·2020·2020·2020··················00037e50:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037e60:·2020·2028·6173·206f·6620·3230·3234·2d30·····(as·of·2024-000037e60:·2020·2028·6173·206f·6620·3230·3235·2d30·····(as·of·2025-0
00037e70:·312d·3134·290a·2020·2020·2020·2020·2020··1-14).··········00037e70:·322d·3135·290a·2020·2020·2020·2020·2020··2-15).··········
00037e80:·2020·2020·2020·3c2f·6c69·3e3c·2f75·6c3e········</li></ul>00037e80:·2020·2020·2020·3c2f·6c69·3e3c·2f75·6c3e········</li></ul>
00037e90:·3c2f·6469·763e·3c68·323e·5461·626c·6520··</div><h2>Table·00037e90:·3c2f·6469·763e·3c68·323e·5461·626c·6520··</div><h2>Table·
00037ea0:·6f66·2043·6f6e·7465·6e74·733c·2f68·323e··of·Contents</h2>00037ea0:·6f66·2043·6f6e·7465·6e74·733c·2f68·323e··of·Contents</h2>
00037eb0:·3c6f·6c3e·3c6c·693e·3c61·2068·7265·663d··<ol><li><a·href=00037eb0:·3c6f·6c3e·3c6c·693e·3c61·2068·7265·663d··<ol><li><a·href=
00037ec0:·2223·7863·6364·665f·6f72·672e·7373·6770··"#xccdf_org.ssgp00037ec0:·2223·7863·6364·665f·6f72·672e·7373·6770··"#xccdf_org.ssgp
00037ed0:·726f·6a65·6374·2e63·6f6e·7465·6e74·5f67··roject.content_g00037ed0:·726f·6a65·6374·2e63·6f6e·7465·6e74·5f67··roject.content_g
00037ee0:·726f·7570·5f73·7973·7465·6d22·3e53·7973··roup_system">Sys00037ee0:·726f·7570·5f73·7973·7465·6d22·3e53·7973··roup_system">Sys
622 B
html2text {}
    
Offset 43, 15 lines modifiedOffset 43, 15 lines modified
43 *****·Profile·Information·*****43 *****·Profile·Information·*****
44 Profile·Title·ANSSI-BP-028·(high)44 Profile·Title·ANSSI-BP-028·(high)
45 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_high45 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_high
46 ***·CPE·Platforms·***46 ***·CPE·Platforms·***
47 ····*·cpe:/o:redhat:enterprise_linux:947 ····*·cpe:/o:redhat:enterprise_linux:9
48 *****·Revision·History·*****48 *****·Revision·History·*****
49 Current·version:·0.1.6549 Current·version:·0.1.65
50 ····*·draft·(as·of·2024-01-14)50 ····*·draft·(as·of·2025-02-15)
51 *****·Table·of·Contents·*****51 *****·Table·of·Contents·*****
52 ···1.·System_Settings52 ···1.·System_Settings
53 ·········1.·Installing_and_Maintaining_Software53 ·········1.·Installing_and_Maintaining_Software
54 ·········2.·Account_and_Access_Control54 ·········2.·Account_and_Access_Control
55 ·········3.·System_Accounting_with_auditd55 ·········3.·System_Accounting_with_auditd
56 ·········4.·GRUB2_bootloader_configuration56 ·········4.·GRUB2_bootloader_configuration
57 ·········5.·Configure_Syslog57 ·········5.·Configure_Syslog
2.01 KB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-anssi_bp28_intermediary.html
    
Offset 14306, 16 lines modifiedOffset 14306, 16 lines modified
00037e10:·7369·6f6e·2048·6973·746f·7279·3c2f·6832··sion·History</h200037e10:·7369·6f6e·2048·6973·746f·7279·3c2f·6832··sion·History</h2
00037e20:·3e3c·703e·4375·7272·656e·7420·7665·7273··><p>Current·vers00037e20:·3e3c·703e·4375·7272·656e·7420·7665·7273··><p>Current·vers
00037e30:·696f·6e3a·203c·7374·726f·6e67·3e30·2e31··ion:·<strong>0.100037e30:·696f·6e3a·203c·7374·726f·6e67·3e30·2e31··ion:·<strong>0.1
00037e40:·2e36·353c·2f73·7472·6f6e·673e·3c2f·703e··.65</strong></p>00037e40:·2e36·353c·2f73·7472·6f6e·673e·3c2f·703e··.65</strong></p>
00037e50:·3c75·6c3e·3c6c·693e·3c73·7472·6f6e·673e··<ul><li><strong>00037e50:·3c75·6c3e·3c6c·693e·3c73·7472·6f6e·673e··<ul><li><strong>
00037e60:·6472·6166·743c·2f73·7472·6f6e·673e·0a20··draft</strong>.·00037e60:·6472·6166·743c·2f73·7472·6f6e·673e·0a20··draft</strong>.·
00037e70:·2020·2020·2020·2020·2020·2020·2020·2020··················00037e70:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037e80:·2020·2028·6173·206f·6620·3230·3234·2d30·····(as·of·2024-000037e80:·2020·2028·6173·206f·6620·3230·3235·2d30·····(as·of·2025-0
00037e90:·312d·3134·290a·2020·2020·2020·2020·2020··1-14).··········00037e90:·322d·3135·290a·2020·2020·2020·2020·2020··2-15).··········
00037ea0:·2020·2020·2020·3c2f·6c69·3e3c·2f75·6c3e········</li></ul>00037ea0:·2020·2020·2020·3c2f·6c69·3e3c·2f75·6c3e········</li></ul>
00037eb0:·3c2f·6469·763e·3c68·323e·5461·626c·6520··</div><h2>Table·00037eb0:·3c2f·6469·763e·3c68·323e·5461·626c·6520··</div><h2>Table·
00037ec0:·6f66·2043·6f6e·7465·6e74·733c·2f68·323e··of·Contents</h2>00037ec0:·6f66·2043·6f6e·7465·6e74·733c·2f68·323e··of·Contents</h2>
00037ed0:·3c6f·6c3e·3c6c·693e·3c61·2068·7265·663d··<ol><li><a·href=00037ed0:·3c6f·6c3e·3c6c·693e·3c61·2068·7265·663d··<ol><li><a·href=
00037ee0:·2223·7863·6364·665f·6f72·672e·7373·6770··"#xccdf_org.ssgp00037ee0:·2223·7863·6364·665f·6f72·672e·7373·6770··"#xccdf_org.ssgp
00037ef0:·726f·6a65·6374·2e63·6f6e·7465·6e74·5f67··roject.content_g00037ef0:·726f·6a65·6374·2e63·6f6e·7465·6e74·5f67··roject.content_g
00037f00:·726f·7570·5f73·7973·7465·6d22·3e53·7973··roup_system">Sys00037f00:·726f·7570·5f73·7973·7465·6d22·3e53·7973··roup_system">Sys
643 B
html2text {}
    
Offset 43, 15 lines modifiedOffset 43, 15 lines modified
43 *****·Profile·Information·*****43 *****·Profile·Information·*****
44 Profile·Title·ANSSI-BP-028·(intermediary)44 Profile·Title·ANSSI-BP-028·(intermediary)
45 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary45 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary
46 ***·CPE·Platforms·***46 ***·CPE·Platforms·***
47 ····*·cpe:/o:redhat:enterprise_linux:947 ····*·cpe:/o:redhat:enterprise_linux:9
48 *****·Revision·History·*****48 *****·Revision·History·*****
49 Current·version:·0.1.6549 Current·version:·0.1.65
50 ····*·draft·(as·of·2024-01-14)50 ····*·draft·(as·of·2025-02-15)
51 *****·Table·of·Contents·*****51 *****·Table·of·Contents·*****
52 ···1.·System_Settings52 ···1.·System_Settings
53 ·········1.·Installing_and_Maintaining_Software53 ·········1.·Installing_and_Maintaining_Software
54 ·········2.·Account_and_Access_Control54 ·········2.·Account_and_Access_Control
55 ·········3.·System_Accounting_with_auditd55 ·········3.·System_Accounting_with_auditd
56 ·········4.·Configure_Syslog56 ·········4.·Configure_Syslog
57 ·········5.·Network_Configuration_and_Firewalls57 ·········5.·Network_Configuration_and_Firewalls
1.82 KB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-anssi_bp28_minimal.html
    
Offset 14305, 15 lines modifiedOffset 14305, 15 lines modified
00037e00:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>00037e00:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>
00037e10:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:00037e10:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:
00037e20:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<00037e20:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<
00037e30:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>00037e30:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>
00037e40:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf00037e40:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf
00037e50:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····00037e50:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····
00037e60:·2020·2020·2020·2020·2020·2020·2020·2028·················(00037e60:·2020·2020·2020·2020·2020·2020·2020·2028·················(
00037e70:·6173·206f·6620·3230·3234·2d30·312d·3134··as·of·2024-01-1400037e70:·6173·206f·6620·3230·3235·2d30·322d·3135··as·of·2025-02-15
00037e80:·290a·2020·2020·2020·2020·2020·2020·2020··).··············00037e80:·290a·2020·2020·2020·2020·2020·2020·2020··).··············
00037e90:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di00037e90:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di
00037ea0:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C00037ea0:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C
00037eb0:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>00037eb0:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>
00037ec0:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc00037ec0:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc
00037ed0:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje00037ed0:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje
00037ee0:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group00037ee0:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group
597 B
html2text {}
    
Offset 43, 15 lines modifiedOffset 43, 15 lines modified
43 *****·Profile·Information·*****43 *****·Profile·Information·*****
44 Profile·Title·ANSSI-BP-028·(minimal)44 Profile·Title·ANSSI-BP-028·(minimal)
45 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_minimal45 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_minimal
46 ***·CPE·Platforms·***46 ***·CPE·Platforms·***
47 ····*·cpe:/o:redhat:enterprise_linux:947 ····*·cpe:/o:redhat:enterprise_linux:9
48 *****·Revision·History·*****48 *****·Revision·History·*****
49 Current·version:·0.1.6549 Current·version:·0.1.65
50 ····*·draft·(as·of·2024-01-14)50 ····*·draft·(as·of·2025-02-15)
51 *****·Table·of·Contents·*****51 *****·Table·of·Contents·*****
52 ···1.·System_Settings52 ···1.·System_Settings
53 ·········1.·Installing_and_Maintaining_Software53 ·········1.·Installing_and_Maintaining_Software
54 ·········2.·Account_and_Access_Control54 ·········2.·Account_and_Access_Control
55 ·········3.·Configure_Syslog55 ·········3.·Configure_Syslog
56 ·········4.·File_Permissions_and_Masks56 ·········4.·File_Permissions_and_Masks
57 ···2.·Services57 ···2.·Services
76.8 KB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-cis.html
    
Offset 14292, 15 lines modifiedOffset 14292, 15 lines modified
00037d30:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>00037d30:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>
00037d40:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:00037d40:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:
00037d50:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<00037d50:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<
00037d60:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>00037d60:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>
00037d70:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf00037d70:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf
00037d80:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····00037d80:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····
00037d90:·2020·2020·2020·2020·2020·2020·2020·2028·················(00037d90:·2020·2020·2020·2020·2020·2020·2020·2028·················(
00037da0:·6173·206f·6620·3230·3234·2d30·312d·3134··as·of·2024-01-1400037da0:·6173·206f·6620·3230·3235·2d30·322d·3135··as·of·2025-02-15
00037db0:·290a·2020·2020·2020·2020·2020·2020·2020··).··············00037db0:·290a·2020·2020·2020·2020·2020·2020·2020··).··············
00037dc0:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di00037dc0:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di
00037dd0:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C00037dd0:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C
00037de0:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>00037de0:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>
00037df0:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc00037df0:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc
00037e00:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje00037e00:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje
00037e10:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group00037e10:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group
Offset 186588, 22 lines modifiedOffset 186588, 22 lines modified
002d8db0:·0a2d·206e·616d·653a·2054·6573·7420·666f··.-·name:·Test·fo002d8db0:·0a2d·206e·616d·653a·2054·6573·7420·666f··.-·name:·Test·fo
002d8dc0:·7220·6578·6973·7465·6e63·6520·2f62·6f6f··r·existence·/boo002d8dc0:·7220·6578·6973·7465·6e63·6520·2f62·6f6f··r·existence·/boo
002d8dd0:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg002d8dd0:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg
002d8de0:·0a20·2073·7461·743a·0a20·2020·2070·6174··.··stat:.····pat002d8de0:·0a20·2073·7461·743a·0a20·2020·2070·6174··.··stat:.····pat
002d8df0:·683a·202f·626f·6f74·2f67·7275·6232·2f67··h:·/boot/grub2/g002d8df0:·683a·202f·626f·6f74·2f67·7275·6232·2f67··h:·/boot/grub2/g
002d8e00:·7275·622e·6366·670a·2020·7265·6769·7374··rub.cfg.··regist002d8e00:·7275·622e·6366·670a·2020·7265·6769·7374··rub.cfg.··regist
002d8e10:·6572·3a20·6669·6c65·5f65·7869·7374·730a··er:·file_exists.002d8e10:·6572·3a20·6669·6c65·5f65·7869·7374·730a··er:·file_exists.
002d8e20:·2020·7768·656e·3a0a·2020·2d20·2722·2f62····when:.··-·'"/b002d8e20:·2020·7768·656e·3a0a·2020·2d20·2722·6772····when:.··-·'"gr
002d8e30:·6f6f·742f·6566·6922·206e·6f74·2069·6e20··oot/efi"·not·in· 
002d8e40:·616e·7369·626c·655f·6d6f·756e·7473·207c··ansible_mounts·| 
002d8e50:·206d·6170·2861·7474·7269·6275·7465·3d22···map(attribute=" 
002d8e60:·6d6f·756e·7422·2920·7c20·6c69·7374·270a··mount")·|·list'. 
002d8e70:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm 
002d8e80:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f 
002d8e90:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·002d8e30:·7562·322d·636f·6d6d·6f6e·2220·696e·2061··ub2-common"·in·a
 002d8e40:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
 002d8e50:·6b61·6765·7327·0a20·202d·2027·222f·626f··kages'.··-·'"/bo
 002d8e60:·6f74·2f65·6669·2220·6e6f·7420·696e·2061··ot/efi"·not·in·a
 002d8e70:·6e73·6962·6c65·5f6d·6f75·6e74·7320·7c20··nsible_mounts·|·
 002d8e80:·6d61·7028·6174·7472·6962·7574·653d·226d··map(attribute="m
 002d8e90:·6f75·6e74·2229·207c·206c·6973·7427·0a20··ount")·|·list'.·
002d8ea0:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu002d8ea0:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu
002d8eb0:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n002d8eb0:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n
002d8ec0:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",002d8ec0:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",
002d8ed0:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"002d8ed0:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"
002d8ee0:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con002d8ee0:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con
002d8ef0:·7461·696e·6572·225d·0a20·2074·6167·733a··tainer"].··tags:002d8ef0:·7461·696e·6572·225d·0a20·2074·6167·733a··tainer"].··tags:
002d8f00:·0a20·202d·2043·4345·2d38·3338·3438·2d32··.··-·CCE-83848-2002d8f00:·0a20·202d·2043·4345·2d38·3338·3438·2d32··.··-·CCE-83848-2
Offset 186625, 22 lines modifiedOffset 186625, 22 lines modified
002d9000:·0a0a·2d20·6e61·6d65·3a20·456e·7375·7265··..-·name:·Ensure002d9000:·0a0a·2d20·6e61·6d65·3a20·456e·7375·7265··..-·name:·Ensure
002d9010:·2067·726f·7570·206f·776e·6572·2030·206f···group·owner·0·o002d9010:·2067·726f·7570·206f·776e·6572·2030·206f···group·owner·0·o
002d9020:·6e20·2f62·6f6f·742f·6772·7562·322f·6772··n·/boot/grub2/gr002d9020:·6e20·2f62·6f6f·742f·6772·7562·322f·6772··n·/boot/grub2/gr
002d9030:·7562·2e63·6667·0a20·2066·696c·653a·0a20··ub.cfg.··file:.·002d9030:·7562·2e63·6667·0a20·2066·696c·653a·0a20··ub.cfg.··file:.·
002d9040:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g002d9040:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g
002d9050:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··002d9050:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··
002d9060:·2020·6772·6f75·703a·2027·3027·0a20·2077····group:·'0'.··w002d9060:·2020·6772·6f75·703a·2027·3027·0a20·2077····group:·'0'.··w
002d9070:·6865·6e3a·0a20·202d·2027·222f·626f·6f74··hen:.··-·'"/boot002d9070:·6865·6e3a·0a20·202d·2027·2267·7275·6232··hen:.··-·'"grub2
002d9080:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans 
002d9090:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma 
002d90a0:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou 
002d90b0:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··- 
002d90c0:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common" 
002d90d0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
002d90e0:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·002d9080:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi
 002d9090:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
 002d90a0:·6573·270a·2020·2d20·2722·2f62·6f6f·742f··es'.··-·'"/boot/
 002d90b0:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi
 002d90c0:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map
 002d90d0:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun
 002d90e0:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-·
002d90f0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali002d90f0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
002d9100:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·002d9100:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
002d9110:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l002d9110:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
002d9120:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"002d9120:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
002d9130:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai002d9130:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
002d9140:·6e65·7222·5d0a·2020·2d20·6669·6c65·5f65··ner"].··-·file_e002d9140:·6e65·7222·5d0a·2020·2d20·6669·6c65·5f65··ner"].··-·file_e
002d9150:·7869·7374·732e·7374·6174·2069·7320·6465··xists.stat·is·de002d9150:·7869·7374·732e·7374·6174·2069·7320·6465··xists.stat·is·de
Offset 186692, 19 lines modifiedOffset 186692, 19 lines modified
002d9430:·5374·7261·7465·6779·3a3c·2f74·683e·3c74··Strategy:</th><t002d9430:·5374·7261·7465·6779·3a3c·2f74·683e·3c74··Strategy:</th><t
002d9440:·643e·636f·6e66·6967·7572·653c·2f74·643e··d>configure</td>002d9440:·643e·636f·6e66·6967·7572·653c·2f74·643e··d>configure</td>
002d9450:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr002d9450:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr
002d9460:·653e·3c63·6f64·653e·2320·5265·6d65·6469··e><code>#·Remedi002d9460:·653e·3c63·6f64·653e·2320·5265·6d65·6469··e><code>#·Remedi
002d9470:·6174·696f·6e20·6973·2061·7070·6c69·6361··ation·is·applica002d9470:·6174·696f·6e20·6973·2061·7070·6c69·6361··ation·is·applica
002d9480:·626c·6520·6f6e·6c79·2069·6e20·6365·7274··ble·only·in·cert002d9480:·626c·6520·6f6e·6c79·2069·6e20·6365·7274··ble·only·in·cert
002d9490:·6169·6e20·706c·6174·666f·726d·730a·6966··ain·platforms.if002d9490:·6169·6e20·706c·6174·666f·726d·730a·6966··ain·platforms.if
002d94a0:·205b·2021·202d·6620·2f73·7973·2f66·6972···[·!·-f·/sys/fir 
002d94b0:·6d77·6172·652f·6566·6920·5d20·2661·6d70··mware/efi·]·&amp 
002d94c0:·3b26·616d·703b·2072·706d·202d·2d71·7569··;&amp;·rpm·--qui 
002d94d0:·6574·202d·7120·6772·7562·322d·636f·6d6d··et·-q·grub2-comm002d94a0:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q·
 002d94b0:·6772·7562·322d·636f·6d6d·6f6e·2026·616d··grub2-common·&am
 002d94c0:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/
 002d94d0:·7379·732f·6669·726d·7761·7265·2f65·6669··sys/firmware/efi
002d94e0:·6f6e·2026·616d·703b·2661·6d70·3b20·7b20··on·&amp;&amp;·{·002d94e0:·205d·2026·616d·703b·2661·6d70·3b20·7b20···]·&amp;&amp;·{·
002d94f0:·5b20·2120·2d66·202f·2e64·6f63·6b65·7265··[·!·-f·/.dockere002d94f0:·5b20·2120·2d66·202f·2e64·6f63·6b65·7265··[·!·-f·/.dockere
002d9500:·6e76·205d·2026·616d·703b·2661·6d70·3b20··nv·]·&amp;&amp;·002d9500:·6e76·205d·2026·616d·703b·2661·6d70·3b20··nv·]·&amp;&amp;·
002d9510:·5b20·2120·2d66·202f·7275·6e2f·2e63·6f6e··[·!·-f·/run/.con002d9510:·5b20·2120·2d66·202f·7275·6e2f·2e63·6f6e··[·!·-f·/run/.con
002d9520:·7461·696e·6572·656e·7620·5d3b·207d·3b20··tainerenv·];·};·002d9520:·7461·696e·6572·656e·7620·5d3b·207d·3b20··tainerenv·];·};·
002d9530:·7468·656e·0a0a·6368·6772·7020·3020·2f62··then..chgrp·0·/b002d9530:·7468·656e·0a0a·6368·6772·7020·3020·2f62··then..chgrp·0·/b
002d9540:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c002d9540:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c
002d9550:·6667·0a0a·656c·7365·0a20·2020·2026·6774··fg..else.····&gt002d9550:·6667·0a0a·656c·7365·0a20·2020·2026·6774··fg..else.····&gt
Offset 187221, 22 lines modifiedOffset 187221, 22 lines modified
002db540:·2054·6573·7420·666f·7220·6578·6973·7465···Test·for·existe002db540:·2054·6573·7420·666f·7220·6578·6973·7465···Test·for·existe
002db550:·6e63·6520·2f62·6f6f·742f·6772·7562·322f··nce·/boot/grub2/002db550:·6e63·6520·2f62·6f6f·742f·6772·7562·322f··nce·/boot/grub2/
002db560:·7573·6572·2e63·6667·0a20·2073·7461·743a··user.cfg.··stat:002db560:·7573·6572·2e63·6667·0a20·2073·7461·743a··user.cfg.··stat:
002db570:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot002db570:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot
002db580:·2f67·7275·6232·2f75·7365·722e·6366·670a··/grub2/user.cfg.002db580:·2f67·7275·6232·2f75·7365·722e·6366·670a··/grub2/user.cfg.
002db590:·2020·7265·6769·7374·6572·3a20·6669·6c65····register:·file002db590:·2020·7265·6769·7374·6572·3a20·6669·6c65····register:·file
002db5a0:·5f65·7869·7374·730a·2020·7768·656e·3a0a··_exists.··when:.002db5a0:·5f65·7869·7374·730a·2020·7768·656e·3a0a··_exists.··when:.
002db5b0:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi" 
002db5c0:·206e·6f74·2069·6e20·616e·7369·626c·655f···not·in·ansible_ 
002db5d0:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att 
002db5e0:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")· 
002db5f0:·7c20·6c69·7374·270a·2020·2d20·2722·6772··|·list'.··-·'"gr 
002db600:·7562·322d·636f·6d6d·6f6e·2220·696e·2061··ub2-common"·in·a 
002db610:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac002db5b0:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm
 002db5c0:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f
 002db5d0:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
 002db5e0:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"·
 002db5f0:·6e6f·7420·696e·2061·6e73·6962·6c65·5f6d··not·in·ansible_m
 002db600:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr
 002db610:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·|
002db620:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib002db620:·206c·6973·7427·0a20·202d·2061·6e73·6962···list'.··-·ansib
002db630:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio002db630:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio
002db640:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["002db640:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["
002db650:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·002db650:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·
002db660:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma002db660:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma
002db670:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]002db670:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]
002db680:·0a20·2074·6167·733a·0a20·202d·2043·4345··.··tags:.··-·CCE002db680:·0a20·2074·6167·733a·0a20·202d·2043·4345··.··tags:.··-·CCE
002db690:·2d38·3630·3130·2d36·0a20·202d·2043·4a49··-86010-6.··-·CJI002db690:·2d38·3630·3130·2d36·0a20·202d·2043·4a49··-86010-6.··-·CJI
Offset 187258, 22 lines modifiedOffset 187258, 22 lines modified
002db790:·2045·6e73·7572·6520·6772·6f75·7020·6f77···Ensure·group·ow002db790:·2045·6e73·7572·6520·6772·6f75·7020·6f77···Ensure·group·ow
Max diff block lines reached; 50242/59516 bytes (84.42%) of diff not shown.
18.6 KB
html2text {}
    
Offset 40, 15 lines modifiedOffset 40, 15 lines modified
40 Profile·Title·[DRAFT]·CIS·Red·Hat·Enterprise·Linux·9·Benchmark·for·Level·2·-40 Profile·Title·[DRAFT]·CIS·Red·Hat·Enterprise·Linux·9·Benchmark·for·Level·2·-
41 ··············Server41 ··············Server
42 Profile·ID····xccdf_org.ssgproject.content_profile_cis42 Profile·ID····xccdf_org.ssgproject.content_profile_cis
43 ***·CPE·Platforms·***43 ***·CPE·Platforms·***
44 ····*·cpe:/o:redhat:enterprise_linux:944 ····*·cpe:/o:redhat:enterprise_linux:9
45 *****·Revision·History·*****45 *****·Revision·History·*****
46 Current·version:·0.1.6546 Current·version:·0.1.65
47 ····*·draft·(as·of·2024-01-14)47 ····*·draft·(as·of·2025-02-15)
48 *****·Table·of·Contents·*****48 *****·Table·of·Contents·*****
49 ···1.·System_Settings49 ···1.·System_Settings
50 ·········1.·Installing_and_Maintaining_Software50 ·········1.·Installing_and_Maintaining_Software
51 ·········2.·Account_and_Access_Control51 ·········2.·Account_and_Access_Control
52 ·········3.·System_Accounting_with_auditd52 ·········3.·System_Accounting_with_auditd
53 ·········4.·GRUB2_bootloader_configuration53 ·········4.·GRUB2_bootloader_configuration
54 ·········5.·Configure_Syslog54 ·········5.·Configure_Syslog
Offset 41772, 16 lines modifiedOffset 41772, 16 lines modified
41772 ··-·no_reboot_needed41772 ··-·no_reboot_needed
  
41773 -·name:·Test·for·existence·/boot/grub2/grub.cfg41773 -·name:·Test·for·existence·/boot/grub2/grub.cfg
41774 ··stat:41774 ··stat:
41775 ····path:·/boot/grub2/grub.cfg41775 ····path:·/boot/grub2/grub.cfg
41776 ··register:·file_exists41776 ··register:·file_exists
41777 ··when:41777 ··when:
41778 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41779 ··-·'"grub2-common"·in·ansible_facts.packages'41778 ··-·'"grub2-common"·in·ansible_facts.packages'
 41779 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
41780 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41780 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41781 ··tags:41781 ··tags:
41782 ··-·CCE-83848-241782 ··-·CCE-83848-2
41783 ··-·CJIS-5.5.2.241783 ··-·CJIS-5.5.2.2
41784 ··-·NIST-800-171-3.4.541784 ··-·NIST-800-171-3.4.5
41785 ··-·NIST-800-53-AC-6(1)41785 ··-·NIST-800-53-AC-6(1)
41786 ··-·NIST-800-53-CM-6(a)41786 ··-·NIST-800-53-CM-6(a)
Offset 41794, 16 lines modifiedOffset 41794, 16 lines modified
41794 ··-·no_reboot_needed41794 ··-·no_reboot_needed
  
41795 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg41795 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
41796 ··file:41796 ··file:
41797 ····path:·/boot/grub2/grub.cfg41797 ····path:·/boot/grub2/grub.cfg
41798 ····group:·'0'41798 ····group:·'0'
41799 ··when:41799 ··when:
41800 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41801 ··-·'"grub2-common"·in·ansible_facts.packages'41800 ··-·'"grub2-common"·in·ansible_facts.packages'
 41801 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
41802 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41802 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41803 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists41803 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
41804 ··tags:41804 ··tags:
41805 ··-·CCE-83848-241805 ··-·CCE-83848-2
41806 ··-·CJIS-5.5.2.241806 ··-·CJIS-5.5.2.2
41807 ··-·NIST-800-171-3.4.541807 ··-·NIST-800-171-3.4.5
41808 ··-·NIST-800-53-AC-6(1)41808 ··-·NIST-800-53-AC-6(1)
Offset 41816, 15 lines modifiedOffset 41816, 15 lines modified
41816 ··-·medium_severity41816 ··-·medium_severity
41817 ··-·no_reboot_needed41817 ··-·no_reboot_needed
41818 Remediation_Shell_script_⇲41818 Remediation_Shell_script_⇲
41819 Complexity:·low41819 Complexity:·low
41820 Disruption:·low41820 Disruption:·low
41821 Strategy:···configure41821 Strategy:···configure
41822 #·Remediation·is·applicable·only·in·certain·platforms41822 #·Remediation·is·applicable·only·in·certain·platforms
41823 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then41823 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
41824 chgrp·0·/boot/grub2/grub.cfg41824 chgrp·0·/boot/grub2/grub.cfg
  
41825 else41825 else
41826 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'41826 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
41827 fi41827 fi
41828 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***41828 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***
Offset 41857, 16 lines modifiedOffset 41857, 16 lines modified
41857 ··-·no_reboot_needed41857 ··-·no_reboot_needed
  
41858 -·name:·Test·for·existence·/boot/grub2/user.cfg41858 -·name:·Test·for·existence·/boot/grub2/user.cfg
41859 ··stat:41859 ··stat:
41860 ····path:·/boot/grub2/user.cfg41860 ····path:·/boot/grub2/user.cfg
41861 ··register:·file_exists41861 ··register:·file_exists
41862 ··when:41862 ··when:
41863 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41864 ··-·'"grub2-common"·in·ansible_facts.packages'41863 ··-·'"grub2-common"·in·ansible_facts.packages'
 41864 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
41865 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41865 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41866 ··tags:41866 ··tags:
41867 ··-·CCE-86010-641867 ··-·CCE-86010-6
41868 ··-·CJIS-5.5.2.241868 ··-·CJIS-5.5.2.2
41869 ··-·NIST-800-171-3.4.541869 ··-·NIST-800-171-3.4.5
41870 ··-·NIST-800-53-AC-6(1)41870 ··-·NIST-800-53-AC-6(1)
41871 ··-·NIST-800-53-CM-6(a)41871 ··-·NIST-800-53-CM-6(a)
Offset 41879, 16 lines modifiedOffset 41879, 16 lines modified
41879 ··-·no_reboot_needed41879 ··-·no_reboot_needed
  
41880 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg41880 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
41881 ··file:41881 ··file:
41882 ····path:·/boot/grub2/user.cfg41882 ····path:·/boot/grub2/user.cfg
41883 ····group:·'0'41883 ····group:·'0'
41884 ··when:41884 ··when:
41885 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41886 ··-·'"grub2-common"·in·ansible_facts.packages'41885 ··-·'"grub2-common"·in·ansible_facts.packages'
 41886 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
41887 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41887 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41888 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists41888 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
41889 ··tags:41889 ··tags:
41890 ··-·CCE-86010-641890 ··-·CCE-86010-6
41891 ··-·CJIS-5.5.2.241891 ··-·CJIS-5.5.2.2
41892 ··-·NIST-800-171-3.4.541892 ··-·NIST-800-171-3.4.5
41893 ··-·NIST-800-53-AC-6(1)41893 ··-·NIST-800-53-AC-6(1)
Offset 41901, 15 lines modifiedOffset 41901, 15 lines modified
41901 ··-·medium_severity41901 ··-·medium_severity
41902 ··-·no_reboot_needed41902 ··-·no_reboot_needed
41903 Remediation_Shell_script_⇲41903 Remediation_Shell_script_⇲
41904 Complexity:·low41904 Complexity:·low
41905 Disruption:·low41905 Disruption:·low
41906 Strategy:···configure41906 Strategy:···configure
41907 #·Remediation·is·applicable·only·in·certain·platforms41907 #·Remediation·is·applicable·only·in·certain·platforms
41908 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then41908 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
41909 chgrp·0·/boot/grub2/user.cfg41909 chgrp·0·/boot/grub2/user.cfg
  
41910 else41910 else
41911 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'41911 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
41912 fi41912 fi
41913 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***41913 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 41942, 16 lines modifiedOffset 41942, 16 lines modified
41942 ··-·no_reboot_needed41942 ··-·no_reboot_needed
  
41943 -·name:·Test·for·existence·/boot/grub2/grub.cfg41943 -·name:·Test·for·existence·/boot/grub2/grub.cfg
41944 ··stat:41944 ··stat:
41945 ····path:·/boot/grub2/grub.cfg41945 ····path:·/boot/grub2/grub.cfg
41946 ··register:·file_exists41946 ··register:·file_exists
41947 ··when:41947 ··when:
Max diff block lines reached; 14431/18997 bytes (75.96%) of diff not shown.
76.3 KB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-cis_server_l1.html
    
Offset 14293, 15 lines modifiedOffset 14293, 15 lines modified
00037d40:·7279·3c2f·6832·3e3c·703e·4375·7272·656e··ry</h2><p>Curren00037d40:·7279·3c2f·6832·3e3c·703e·4375·7272·656e··ry</h2><p>Curren
00037d50:·7420·7665·7273·696f·6e3a·203c·7374·726f··t·version:·<stro00037d50:·7420·7665·7273·696f·6e3a·203c·7374·726f··t·version:·<stro
00037d60:·6e67·3e30·2e31·2e36·353c·2f73·7472·6f6e··ng>0.1.65</stron00037d60:·6e67·3e30·2e31·2e36·353c·2f73·7472·6f6e··ng>0.1.65</stron
00037d70:·673e·3c2f·703e·3c75·6c3e·3c6c·693e·3c73··g></p><ul><li><s00037d70:·673e·3c2f·703e·3c75·6c3e·3c6c·693e·3c73··g></p><ul><li><s
00037d80:·7472·6f6e·673e·6472·6166·743c·2f73·7472··trong>draft</str00037d80:·7472·6f6e·673e·6472·6166·743c·2f73·7472··trong>draft</str
00037d90:·6f6e·673e·0a20·2020·2020·2020·2020·2020··ong>.···········00037d90:·6f6e·673e·0a20·2020·2020·2020·2020·2020··ong>.···········
00037da0:·2020·2020·2020·2020·2028·6173·206f·6620···········(as·of·00037da0:·2020·2020·2020·2020·2028·6173·206f·6620···········(as·of·
00037db0:·3230·3234·2d30·312d·3134·290a·2020·2020··2024-01-14).····00037db0:·3230·3235·2d30·322d·3135·290a·2020·2020··2025-02-15).····
00037dc0:·2020·2020·2020·2020·2020·2020·3c2f·6c69··············</li00037dc0:·2020·2020·2020·2020·2020·2020·3c2f·6c69··············</li
00037dd0:·3e3c·2f75·6c3e·3c2f·6469·763e·3c68·323e··></ul></div><h2>00037dd0:·3e3c·2f75·6c3e·3c2f·6469·763e·3c68·323e··></ul></div><h2>
00037de0:·5461·626c·6520·6f66·2043·6f6e·7465·6e74··Table·of·Content00037de0:·5461·626c·6520·6f66·2043·6f6e·7465·6e74··Table·of·Content
00037df0:·733c·2f68·323e·3c6f·6c3e·3c6c·693e·3c61··s</h2><ol><li><a00037df0:·733c·2f68·323e·3c6f·6c3e·3c6c·693e·3c61··s</h2><ol><li><a
00037e00:·2068·7265·663d·2223·7863·6364·665f·6f72···href="#xccdf_or00037e00:·2068·7265·663d·2223·7863·6364·665f·6f72···href="#xccdf_or
00037e10:·672e·7373·6770·726f·6a65·6374·2e63·6f6e··g.ssgproject.con00037e10:·672e·7373·6770·726f·6a65·6374·2e63·6f6e··g.ssgproject.con
00037e20:·7465·6e74·5f67·726f·7570·5f73·7973·7465··tent_group_syste00037e20:·7465·6e74·5f67·726f·7570·5f73·7973·7465··tent_group_syste
Offset 59369, 21 lines modifiedOffset 59369, 21 lines modified
000e7e80:·666f·7220·6578·6973·7465·6e63·6520·2f62··for·existence·/b000e7e80:·666f·7220·6578·6973·7465·6e63·6520·2f62··for·existence·/b
000e7e90:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c000e7e90:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c
000e7ea0:·6667·0a20·2073·7461·743a·0a20·2020·2070··fg.··stat:.····p000e7ea0:·6667·0a20·2073·7461·743a·0a20·2020·2070··fg.··stat:.····p
000e7eb0:·6174·683a·202f·626f·6f74·2f67·7275·6232··ath:·/boot/grub2000e7eb0:·6174·683a·202f·626f·6f74·2f67·7275·6232··ath:·/boot/grub2
000e7ec0:·2f67·7275·622e·6366·670a·2020·7265·6769··/grub.cfg.··regi000e7ec0:·2f67·7275·622e·6366·670a·2020·7265·6769··/grub.cfg.··regi
000e7ed0:·7374·6572·3a20·6669·6c65·5f65·7869·7374··ster:·file_exist000e7ed0:·7374·6572·3a20·6669·6c65·5f65·7869·7374··ster:·file_exist
000e7ee0:·730a·2020·7768·656e·3a0a·2020·2d20·2722··s.··when:.··-·'"000e7ee0:·730a·2020·7768·656e·3a0a·2020·2d20·2722··s.··when:.··-·'"
000e7ef0:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i 
000e7f00:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts 
000e7f10:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute 
000e7f20:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list 
000e7f30:·270a·2020·2d20·2722·6772·7562·322d·636f··'.··-·'"grub2-co 
000e7f40:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible 
000e7f50:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'000e7ef0:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in
 000e7f00:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p
 000e7f10:·6163·6b61·6765·7327·0a20·202d·2027·222f··ackages'.··-·'"/
 000e7f20:·626f·6f74·2f65·6669·2220·6e6f·7420·696e··boot/efi"·not·in
 000e7f30:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts·
 000e7f40:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute=
 000e7f50:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list'
000e7f60:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir000e7f60:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
000e7f70:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type000e7f70:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
000e7f80:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker000e7f80:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
000e7f90:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv000e7f90:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
000e7fa0:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c000e7fa0:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
000e7fb0:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag000e7fb0:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag
000e7fc0:·733a·0a20·202d·2043·4345·2d38·3338·3438··s:.··-·CCE-83848000e7fc0:·733a·0a20·202d·2043·4345·2d38·3338·3438··s:.··-·CCE-83848
Offset 59405, 22 lines modifiedOffset 59405, 22 lines modified
000e80c0:·6564·0a0a·2d20·6e61·6d65·3a20·456e·7375··ed..-·name:·Ensu000e80c0:·6564·0a0a·2d20·6e61·6d65·3a20·456e·7375··ed..-·name:·Ensu
000e80d0:·7265·2067·726f·7570·206f·776e·6572·2030··re·group·owner·0000e80d0:·7265·2067·726f·7570·206f·776e·6572·2030··re·group·owner·0
000e80e0:·206f·6e20·2f62·6f6f·742f·6772·7562·322f···on·/boot/grub2/000e80e0:·206f·6e20·2f62·6f6f·742f·6772·7562·322f···on·/boot/grub2/
000e80f0:·6772·7562·2e63·6667·0a20·2066·696c·653a··grub.cfg.··file:000e80f0:·6772·7562·2e63·6667·0a20·2066·696c·653a··grub.cfg.··file:
000e8100:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot000e8100:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot
000e8110:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.000e8110:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.
000e8120:·2020·2020·6772·6f75·703a·2027·3027·0a20······group:·'0'.·000e8120:·2020·2020·6772·6f75·703a·2027·3027·0a20······group:·'0'.·
000e8130:·2077·6865·6e3a·0a20·202d·2027·222f·626f···when:.··-·'"/bo000e8130:·2077·6865·6e3a·0a20·202d·2027·2267·7275···when:.··-·'"gru
000e8140:·6f74·2f65·6669·2220·6e6f·7420·696e·2061··ot/efi"·not·in·a 
000e8150:·6e73·6962·6c65·5f6d·6f75·6e74·7320·7c20··nsible_mounts·|· 
000e8160:·6d61·7028·6174·7472·6962·7574·653d·226d··map(attribute="m 
000e8170:·6f75·6e74·2229·207c·206c·6973·7427·0a20··ount")·|·list'.· 
000e8180:·202d·2027·2267·7275·6232·2d63·6f6d·6d6f···-·'"grub2-commo 
000e8190:·6e22·2069·6e20·616e·7369·626c·655f·6661··n"·in·ansible_fa 
000e81a0:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··000e8140:·6232·2d63·6f6d·6d6f·6e22·2069·6e20·616e··b2-common"·in·an
 000e8150:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
 000e8160:·6167·6573·270a·2020·2d20·2722·2f62·6f6f··ages'.··-·'"/boo
 000e8170:·742f·6566·6922·206e·6f74·2069·6e20·616e··t/efi"·not·in·an
 000e8180:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m
 000e8190:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo
 000e81a0:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.··
000e81b0:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua000e81b0:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
000e81c0:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no000e81c0:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
000e81d0:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·000e81d0:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
000e81e0:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",000e81e0:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
000e81f0:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont000e81f0:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
000e8200:·6169·6e65·7222·5d0a·2020·2d20·6669·6c65··ainer"].··-·file000e8200:·6169·6e65·7222·5d0a·2020·2d20·6669·6c65··ainer"].··-·file
000e8210:·5f65·7869·7374·732e·7374·6174·2069·7320··_exists.stat·is·000e8210:·5f65·7869·7374·732e·7374·6174·2069·7320··_exists.stat·is·
Offset 59472, 19 lines modifiedOffset 59472, 19 lines modified
000e84f0:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>000e84f0:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>
000e8500:·3c74·643e·636f·6e66·6967·7572·653c·2f74··<td>configure</t000e8500:·3c74·643e·636f·6e66·6967·7572·653c·2f74··<td>configure</t
000e8510:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table><000e8510:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table><
000e8520:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme000e8520:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme
000e8530:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli000e8530:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli
000e8540:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce000e8540:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce
000e8550:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.000e8550:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.
000e8560:·6966·205b·2021·202d·6620·2f73·7973·2f66··if·[·!·-f·/sys/f 
000e8570:·6972·6d77·6172·652f·6566·6920·5d20·2661··irmware/efi·]·&a 
000e8580:·6d70·3b26·616d·703b·2072·706d·202d·2d71··mp;&amp;·rpm·--q 
000e8590:·7569·6574·202d·7120·6772·7562·322d·636f··uiet·-q·grub2-co000e8560:·6966·2072·706d·202d·2d71·7569·6574·202d··if·rpm·--quiet·-
 000e8570:·7120·6772·7562·322d·636f·6d6d·6f6e·2026··q·grub2-common·&
 000e8580:·616d·703b·2661·6d70·3b20·5b20·2120·2d66··amp;&amp;·[·!·-f
 000e8590:·202f·7379·732f·6669·726d·7761·7265·2f65···/sys/firmware/e
000e85a0:·6d6d·6f6e·2026·616d·703b·2661·6d70·3b20··mmon·&amp;&amp;·000e85a0:·6669·205d·2026·616d·703b·2661·6d70·3b20··fi·]·&amp;&amp;·
000e85b0:·7b20·5b20·2120·2d66·202f·2e64·6f63·6b65··{·[·!·-f·/.docke000e85b0:·7b20·5b20·2120·2d66·202f·2e64·6f63·6b65··{·[·!·-f·/.docke
000e85c0:·7265·6e76·205d·2026·616d·703b·2661·6d70··renv·]·&amp;&amp000e85c0:·7265·6e76·205d·2026·616d·703b·2661·6d70··renv·]·&amp;&amp
000e85d0:·3b20·5b20·2120·2d66·202f·7275·6e2f·2e63··;·[·!·-f·/run/.c000e85d0:·3b20·5b20·2120·2d66·202f·7275·6e2f·2e63··;·[·!·-f·/run/.c
000e85e0:·6f6e·7461·696e·6572·656e·7620·5d3b·207d··ontainerenv·];·}000e85e0:·6f6e·7461·696e·6572·656e·7620·5d3b·207d··ontainerenv·];·}
000e85f0:·3b20·7468·656e·0a0a·6368·6772·7020·3020··;·then..chgrp·0·000e85f0:·3b20·7468·656e·0a0a·6368·6772·7020·3020··;·then..chgrp·0·
000e8600:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub000e8600:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
000e8610:·2e63·6667·0a0a·656c·7365·0a20·2020·2026··.cfg..else.····&000e8610:·2e63·6667·0a0a·656c·7365·0a20·2020·2026··.cfg..else.····&
Offset 60001, 22 lines modifiedOffset 60001, 22 lines modified
000ea600:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis000ea600:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis
000ea610:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub000ea610:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub
000ea620:·322f·7573·6572·2e63·6667·0a20·2073·7461··2/user.cfg.··sta000ea620:·322f·7573·6572·2e63·6667·0a20·2073·7461··2/user.cfg.··sta
000ea630:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo000ea630:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo
000ea640:·6f74·2f67·7275·6232·2f75·7365·722e·6366··ot/grub2/user.cf000ea640:·6f74·2f67·7275·6232·2f75·7365·722e·6366··ot/grub2/user.cf
000ea650:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi000ea650:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi
000ea660:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when000ea660:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when
000ea670:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef 
000ea680:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl 
000ea690:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a 
000ea6a0:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount" 
000ea6b0:·2920·7c20·6c69·7374·270a·2020·2d20·2722··)·|·list'.··-·'" 
000ea6c0:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in 
000ea6d0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
000ea6e0:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans000ea670:·3a0a·2020·2d20·2722·6772·7562·322d·636f··:.··-·'"grub2-co
 000ea680:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible
 000ea690:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 000ea6a0:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi
 000ea6b0:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible
 000ea6c0:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at
 000ea6d0:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount")
 000ea6e0:·207c·206c·6973·7427·0a20·202d·2061·6e73···|·list'.··-·ans
000ea6f0:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat000ea6f0:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
000ea700:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·000ea700:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
000ea710:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"000ea710:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
000ea720:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod000ea720:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
000ea730:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container000ea730:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
000ea740:·225d·0a20·2074·6167·733a·0a20·202d·2043··"].··tags:.··-·C000ea740:·225d·0a20·2074·6167·733a·0a20·202d·2043··"].··tags:.··-·C
000ea750:·4345·2d38·3630·3130·2d36·0a20·202d·2043··CE-86010-6.··-·C000ea750:·4345·2d38·3630·3130·2d36·0a20·202d·2043··CE-86010-6.··-·C
Offset 60038, 22 lines modifiedOffset 60038, 22 lines modified
000ea850:·653a·2045·6e73·7572·6520·6772·6f75·7020··e:·Ensure·group·000ea850:·653a·2045·6e73·7572·6520·6772·6f75·7020··e:·Ensure·group·
Max diff block lines reached; 49916/59042 bytes (84.54%) of diff not shown.
18.5 KB
html2text {}
    
Offset 40, 15 lines modifiedOffset 40, 15 lines modified
40 Profile·Title·[DRAFT]·CIS·Red·Hat·Enterprise·Linux·9·Benchmark·for·Level·1·-40 Profile·Title·[DRAFT]·CIS·Red·Hat·Enterprise·Linux·9·Benchmark·for·Level·1·-
41 ··············Server41 ··············Server
42 Profile·ID····xccdf_org.ssgproject.content_profile_cis_server_l142 Profile·ID····xccdf_org.ssgproject.content_profile_cis_server_l1
43 ***·CPE·Platforms·***43 ***·CPE·Platforms·***
44 ····*·cpe:/o:redhat:enterprise_linux:944 ····*·cpe:/o:redhat:enterprise_linux:9
45 *****·Revision·History·*****45 *****·Revision·History·*****
46 Current·version:·0.1.6546 Current·version:·0.1.65
47 ····*·draft·(as·of·2024-01-14)47 ····*·draft·(as·of·2025-02-15)
48 *****·Table·of·Contents·*****48 *****·Table·of·Contents·*****
49 ···1.·System_Settings49 ···1.·System_Settings
50 ·········1.·Installing_and_Maintaining_Software50 ·········1.·Installing_and_Maintaining_Software
51 ·········2.·Account_and_Access_Control51 ·········2.·Account_and_Access_Control
52 ·········3.·GRUB2_bootloader_configuration52 ·········3.·GRUB2_bootloader_configuration
53 ·········4.·Configure_Syslog53 ·········4.·Configure_Syslog
54 ·········5.·Network_Configuration_and_Firewalls54 ·········5.·Network_Configuration_and_Firewalls
Offset 7947, 16 lines modifiedOffset 7947, 16 lines modified
7947 ··-·no_reboot_needed7947 ··-·no_reboot_needed
  
7948 -·name:·Test·for·existence·/boot/grub2/grub.cfg7948 -·name:·Test·for·existence·/boot/grub2/grub.cfg
7949 ··stat:7949 ··stat:
7950 ····path:·/boot/grub2/grub.cfg7950 ····path:·/boot/grub2/grub.cfg
7951 ··register:·file_exists7951 ··register:·file_exists
7952 ··when:7952 ··when:
7953 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
7954 ··-·'"grub2-common"·in·ansible_facts.packages'7953 ··-·'"grub2-common"·in·ansible_facts.packages'
 7954 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
7955 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]7955 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7956 ··tags:7956 ··tags:
7957 ··-·CCE-83848-27957 ··-·CCE-83848-2
7958 ··-·CJIS-5.5.2.27958 ··-·CJIS-5.5.2.2
7959 ··-·NIST-800-171-3.4.57959 ··-·NIST-800-171-3.4.5
7960 ··-·NIST-800-53-AC-6(1)7960 ··-·NIST-800-53-AC-6(1)
7961 ··-·NIST-800-53-CM-6(a)7961 ··-·NIST-800-53-CM-6(a)
Offset 7969, 16 lines modifiedOffset 7969, 16 lines modified
7969 ··-·no_reboot_needed7969 ··-·no_reboot_needed
  
7970 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg7970 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
7971 ··file:7971 ··file:
7972 ····path:·/boot/grub2/grub.cfg7972 ····path:·/boot/grub2/grub.cfg
7973 ····group:·'0'7973 ····group:·'0'
7974 ··when:7974 ··when:
7975 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
7976 ··-·'"grub2-common"·in·ansible_facts.packages'7975 ··-·'"grub2-common"·in·ansible_facts.packages'
 7976 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
7977 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]7977 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7978 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists7978 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
7979 ··tags:7979 ··tags:
7980 ··-·CCE-83848-27980 ··-·CCE-83848-2
7981 ··-·CJIS-5.5.2.27981 ··-·CJIS-5.5.2.2
7982 ··-·NIST-800-171-3.4.57982 ··-·NIST-800-171-3.4.5
7983 ··-·NIST-800-53-AC-6(1)7983 ··-·NIST-800-53-AC-6(1)
Offset 7991, 15 lines modifiedOffset 7991, 15 lines modified
7991 ··-·medium_severity7991 ··-·medium_severity
7992 ··-·no_reboot_needed7992 ··-·no_reboot_needed
7993 Remediation_Shell_script_⇲7993 Remediation_Shell_script_⇲
7994 Complexity:·low7994 Complexity:·low
7995 Disruption:·low7995 Disruption:·low
7996 Strategy:···configure7996 Strategy:···configure
7997 #·Remediation·is·applicable·only·in·certain·platforms7997 #·Remediation·is·applicable·only·in·certain·platforms
7998 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then7998 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
7999 chgrp·0·/boot/grub2/grub.cfg7999 chgrp·0·/boot/grub2/grub.cfg
  
8000 else8000 else
8001 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'8001 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
8002 fi8002 fi
8003 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***8003 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***
Offset 8032, 16 lines modifiedOffset 8032, 16 lines modified
8032 ··-·no_reboot_needed8032 ··-·no_reboot_needed
  
8033 -·name:·Test·for·existence·/boot/grub2/user.cfg8033 -·name:·Test·for·existence·/boot/grub2/user.cfg
8034 ··stat:8034 ··stat:
8035 ····path:·/boot/grub2/user.cfg8035 ····path:·/boot/grub2/user.cfg
8036 ··register:·file_exists8036 ··register:·file_exists
8037 ··when:8037 ··when:
8038 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8039 ··-·'"grub2-common"·in·ansible_facts.packages'8038 ··-·'"grub2-common"·in·ansible_facts.packages'
 8039 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
8040 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8040 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8041 ··tags:8041 ··tags:
8042 ··-·CCE-86010-68042 ··-·CCE-86010-6
8043 ··-·CJIS-5.5.2.28043 ··-·CJIS-5.5.2.2
8044 ··-·NIST-800-171-3.4.58044 ··-·NIST-800-171-3.4.5
8045 ··-·NIST-800-53-AC-6(1)8045 ··-·NIST-800-53-AC-6(1)
8046 ··-·NIST-800-53-CM-6(a)8046 ··-·NIST-800-53-CM-6(a)
Offset 8054, 16 lines modifiedOffset 8054, 16 lines modified
8054 ··-·no_reboot_needed8054 ··-·no_reboot_needed
  
8055 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg8055 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
8056 ··file:8056 ··file:
8057 ····path:·/boot/grub2/user.cfg8057 ····path:·/boot/grub2/user.cfg
8058 ····group:·'0'8058 ····group:·'0'
8059 ··when:8059 ··when:
8060 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8061 ··-·'"grub2-common"·in·ansible_facts.packages'8060 ··-·'"grub2-common"·in·ansible_facts.packages'
 8061 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
8062 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8062 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8063 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists8063 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
8064 ··tags:8064 ··tags:
8065 ··-·CCE-86010-68065 ··-·CCE-86010-6
8066 ··-·CJIS-5.5.2.28066 ··-·CJIS-5.5.2.2
8067 ··-·NIST-800-171-3.4.58067 ··-·NIST-800-171-3.4.5
8068 ··-·NIST-800-53-AC-6(1)8068 ··-·NIST-800-53-AC-6(1)
Offset 8076, 15 lines modifiedOffset 8076, 15 lines modified
8076 ··-·medium_severity8076 ··-·medium_severity
8077 ··-·no_reboot_needed8077 ··-·no_reboot_needed
8078 Remediation_Shell_script_⇲8078 Remediation_Shell_script_⇲
8079 Complexity:·low8079 Complexity:·low
8080 Disruption:·low8080 Disruption:·low
8081 Strategy:···configure8081 Strategy:···configure
8082 #·Remediation·is·applicable·only·in·certain·platforms8082 #·Remediation·is·applicable·only·in·certain·platforms
8083 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then8083 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
8084 chgrp·0·/boot/grub2/user.cfg8084 chgrp·0·/boot/grub2/user.cfg
  
8085 else8085 else
8086 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'8086 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
8087 fi8087 fi
8088 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***8088 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 8117, 16 lines modifiedOffset 8117, 16 lines modified
8117 ··-·no_reboot_needed8117 ··-·no_reboot_needed
  
8118 -·name:·Test·for·existence·/boot/grub2/grub.cfg8118 -·name:·Test·for·existence·/boot/grub2/grub.cfg
8119 ··stat:8119 ··stat:
8120 ····path:·/boot/grub2/grub.cfg8120 ····path:·/boot/grub2/grub.cfg
8121 ··register:·file_exists8121 ··register:·file_exists
8122 ··when:8122 ··when:
Max diff block lines reached; 14385/18953 bytes (75.90%) of diff not shown.
76.2 KB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-cis_workstation_l1.html
    
Offset 14294, 15 lines modifiedOffset 14294, 15 lines modified
00037d50:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current00037d50:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current
00037d60:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron00037d60:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron
00037d70:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong00037d70:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong
00037d80:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st00037d80:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st
00037d90:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro00037d90:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro
00037da0:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············00037da0:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············
00037db0:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·200037db0:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·2
00037dc0:·3032·342d·3031·2d31·3429·0a20·2020·2020··024-01-14).·····00037dc0:·3032·352d·3032·2d31·3529·0a20·2020·2020··025-02-15).·····
00037dd0:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>00037dd0:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>
00037de0:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T00037de0:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T
00037df0:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents00037df0:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents
00037e00:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·00037e00:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·
00037e10:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org00037e10:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org
00037e20:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont00037e20:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont
00037e30:·656e·745f·6772·6f75·705f·7379·7374·656d··ent_group_system00037e30:·656e·745f·6772·6f75·705f·7379·7374·656d··ent_group_system
Offset 59364, 22 lines modifiedOffset 59364, 22 lines modified
000e7e30:·206e·616d·653a·2054·6573·7420·666f·7220···name:·Test·for·000e7e30:·206e·616d·653a·2054·6573·7420·666f·7220···name:·Test·for·
000e7e40:·6578·6973·7465·6e63·6520·2f62·6f6f·742f··existence·/boot/000e7e40:·6578·6973·7465·6e63·6520·2f62·6f6f·742f··existence·/boot/
000e7e50:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·000e7e50:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·
000e7e60:·2073·7461·743a·0a20·2020·2070·6174·683a···stat:.····path:000e7e60:·2073·7461·743a·0a20·2020·2070·6174·683a···stat:.····path:
000e7e70:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru000e7e70:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
000e7e80:·622e·6366·670a·2020·7265·6769·7374·6572··b.cfg.··register000e7e80:·622e·6366·670a·2020·7265·6769·7374·6572··b.cfg.··register
000e7e90:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··000e7e90:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··
000e7ea0:·7768·656e·3a0a·2020·2d20·2722·2f62·6f6f··when:.··-·'"/boo000e7ea0:·7768·656e·3a0a·2020·2d20·2722·6772·7562··when:.··-·'"grub
000e7eb0:·742f·6566·6922·206e·6f74·2069·6e20·616e··t/efi"·not·in·an 
000e7ec0:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m 
000e7ed0:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo 
000e7ee0:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.·· 
000e7ef0:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common 
000e7f00:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
000e7f10:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-000e7eb0:·322d·636f·6d6d·6f6e·2220·696e·2061·6e73··2-common"·in·ans
 000e7ec0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
 000e7ed0:·6765·7327·0a20·202d·2027·222f·626f·6f74··ges'.··-·'"/boot
 000e7ee0:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans
 000e7ef0:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma
 000e7f00:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou
 000e7f10:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··-
000e7f20:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual000e7f20:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
000e7f30:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not000e7f30:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
000e7f40:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"000e7f40:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
000e7f50:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·000e7f50:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
000e7f60:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta000e7f60:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
000e7f70:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·000e7f70:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·
000e7f80:·202d·2043·4345·2d38·3338·3438·2d32·0a20···-·CCE-83848-2.·000e7f80:·202d·2043·4345·2d38·3338·3438·2d32·0a20···-·CCE-83848-2.·
Offset 59401, 22 lines modifiedOffset 59401, 22 lines modified
000e8080:·2d20·6e61·6d65·3a20·456e·7375·7265·2067··-·name:·Ensure·g000e8080:·2d20·6e61·6d65·3a20·456e·7375·7265·2067··-·name:·Ensure·g
000e8090:·726f·7570·206f·776e·6572·2030·206f·6e20··roup·owner·0·on·000e8090:·726f·7570·206f·776e·6572·2030·206f·6e20··roup·owner·0·on·
000e80a0:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub000e80a0:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
000e80b0:·2e63·6667·0a20·2066·696c·653a·0a20·2020··.cfg.··file:.···000e80b0:·2e63·6667·0a20·2066·696c·653a·0a20·2020··.cfg.··file:.···
000e80c0:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru000e80c0:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru
000e80d0:·6232·2f67·7275·622e·6366·670a·2020·2020··b2/grub.cfg.····000e80d0:·6232·2f67·7275·622e·6366·670a·2020·2020··b2/grub.cfg.····
000e80e0:·6772·6f75·703a·2027·3027·0a20·2077·6865··group:·'0'.··whe000e80e0:·6772·6f75·703a·2027·3027·0a20·2077·6865··group:·'0'.··whe
000e80f0:·6e3a·0a20·202d·2027·222f·626f·6f74·2f65··n:.··-·'"/boot/e000e80f0:·6e3a·0a20·202d·2027·2267·7275·6232·2d63··n:.··-·'"grub2-c
000e8100:·6669·2220·6e6f·7420·696e·2061·6e73·6962··fi"·not·in·ansib 
000e8110:·6c65·5f6d·6f75·6e74·7320·7c20·6d61·7028··le_mounts·|·map( 
000e8120:·6174·7472·6962·7574·653d·226d·6f75·6e74··attribute="mount 
000e8130:·2229·207c·206c·6973·7427·0a20·202d·2027··")·|·list'.··-·' 
000e8140:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i 
000e8150:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
000e8160:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an000e8100:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl
 000e8110:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
 000e8120:·270a·2020·2d20·2722·2f62·6f6f·742f·6566··'.··-·'"/boot/ef
 000e8130:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl
 000e8140:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a
 000e8150:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount"
 000e8160:·2920·7c20·6c69·7374·270a·2020·2d20·616e··)·|·list'.··-·an
000e8170:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza000e8170:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
000e8180:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in000e8180:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
000e8190:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc000e8190:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
000e81a0:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po000e81a0:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
000e81b0:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe000e81b0:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
000e81c0:·7222·5d0a·2020·2d20·6669·6c65·5f65·7869··r"].··-·file_exi000e81c0:·7222·5d0a·2020·2d20·6669·6c65·5f65·7869··r"].··-·file_exi
000e81d0:·7374·732e·7374·6174·2069·7320·6465·6669··sts.stat·is·defi000e81d0:·7374·732e·7374·6174·2069·7320·6465·6669··sts.stat·is·defi
Offset 59467, 19 lines modifiedOffset 59467, 19 lines modified
000e84a0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St000e84a0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St
000e84b0:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>000e84b0:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>
000e84c0:·636f·6e66·6967·7572·653c·2f74·643e·3c2f··configure</td></000e84c0:·636f·6e66·6967·7572·653c·2f74·643e·3c2f··configure</td></
000e84d0:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>000e84d0:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>
000e84e0:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat000e84e0:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat
000e84f0:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl000e84f0:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl
000e8500:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai000e8500:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai
000e8510:·6e20·706c·6174·666f·726d·730a·6966·205b··n·platforms.if·[000e8510:·6e20·706c·6174·666f·726d·730a·6966·2072··n·platforms.if·r
000e8520:·2021·202d·6620·2f73·7973·2f66·6972·6d77···!·-f·/sys/firmw 
000e8530:·6172·652f·6566·6920·5d20·2661·6d70·3b26··are/efi·]·&amp;& 
000e8540:·616d·703b·2072·706d·202d·2d71·7569·6574··amp;·rpm·--quiet 
000e8550:·202d·7120·6772·7562·322d·636f·6d6d·6f6e···-q·grub2-common000e8520:·706d·202d·2d71·7569·6574·202d·7120·6772··pm·--quiet·-q·gr
 000e8530:·7562·322d·636f·6d6d·6f6e·2026·616d·703b··ub2-common·&amp;
 000e8540:·2661·6d70·3b20·5b20·2120·2d66·202f·7379··&amp;·[·!·-f·/sy
 000e8550:·732f·6669·726d·7761·7265·2f65·6669·205d··s/firmware/efi·]
000e8560:·2026·616d·703b·2661·6d70·3b20·7b20·5b20···&amp;&amp;·{·[·000e8560:·2026·616d·703b·2661·6d70·3b20·7b20·5b20···&amp;&amp;·{·[·
000e8570:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv000e8570:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv
000e8580:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·000e8580:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·
000e8590:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta000e8590:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta
000e85a0:·696e·6572·656e·7620·5d3b·207d·3b20·7468··inerenv·];·};·th000e85a0:·696e·6572·656e·7620·5d3b·207d·3b20·7468··inerenv·];·};·th
000e85b0:·656e·0a0a·6368·6772·7020·3020·2f62·6f6f··en..chgrp·0·/boo000e85b0:·656e·0a0a·6368·6772·7020·3020·2f62·6f6f··en..chgrp·0·/boo
000e85c0:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg000e85c0:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg
Offset 59997, 22 lines modifiedOffset 59997, 22 lines modified
000ea5c0:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc000ea5c0:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc
000ea5d0:·6520·2f62·6f6f·742f·6772·7562·322f·7573··e·/boot/grub2/us000ea5d0:·6520·2f62·6f6f·742f·6772·7562·322f·7573··e·/boot/grub2/us
000ea5e0:·6572·2e63·6667·0a20·2073·7461·743a·0a20··er.cfg.··stat:.·000ea5e0:·6572·2e63·6667·0a20·2073·7461·743a·0a20··er.cfg.··stat:.·
000ea5f0:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g000ea5f0:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g
000ea600:·7275·6232·2f75·7365·722e·6366·670a·2020··rub2/user.cfg.··000ea600:·7275·6232·2f75·7365·722e·6366·670a·2020··rub2/user.cfg.··
000ea610:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e000ea610:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e
000ea620:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··000ea620:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··
000ea630:·2d20·2722·2f62·6f6f·742f·6566·6922·206e··-·'"/boot/efi"·n 
000ea640:·6f74·2069·6e20·616e·7369·626c·655f·6d6f··ot·in·ansible_mo 
000ea650:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri 
000ea660:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|· 
000ea670:·6c69·7374·270a·2020·2d20·2722·6772·7562··list'.··-·'"grub 
000ea680:·322d·636f·6d6d·6f6e·2220·696e·2061·6e73··2-common"·in·ans 
000ea690:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa000ea630:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common
 000ea640:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
 000ea650:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-
 000ea660:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no
 000ea670:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou
 000ea680:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib
 000ea690:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l
000ea6a0:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible000ea6a0:·6973·7427·0a20·202d·2061·6e73·6962·6c65··ist'.··-·ansible
000ea6b0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_000ea6b0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
000ea6c0:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do000ea6c0:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
000ea6d0:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o000ea6d0:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
000ea6e0:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"000ea6e0:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
000ea6f0:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·000ea6f0:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
000ea700:·2074·6167·733a·0a20·202d·2043·4345·2d38···tags:.··-·CCE-8000ea700:·2074·6167·733a·0a20·202d·2043·4345·2d38···tags:.··-·CCE-8
000ea710:·3630·3130·2d36·0a20·202d·2043·4a49·532d··6010-6.··-·CJIS-000ea710:·3630·3130·2d36·0a20·202d·2043·4a49·532d··6010-6.··-·CJIS-
Offset 60034, 21 lines modifiedOffset 60034, 21 lines modified
000ea810:·6e73·7572·6520·6772·6f75·7020·6f77·6e65··nsure·group·owne000ea810:·6e73·7572·6520·6772·6f75·7020·6f77·6e65··nsure·group·owne
Max diff block lines reached; 49640/58904 bytes (84.27%) of diff not shown.
18.5 KB
html2text {}
    
Offset 40, 15 lines modifiedOffset 40, 15 lines modified
40 Profile·Title·[DRAFT]·CIS·Red·Hat·Enterprise·Linux·9·Benchmark·for·Level·1·-40 Profile·Title·[DRAFT]·CIS·Red·Hat·Enterprise·Linux·9·Benchmark·for·Level·1·-
41 ··············Workstation41 ··············Workstation
42 Profile·ID····xccdf_org.ssgproject.content_profile_cis_workstation_l142 Profile·ID····xccdf_org.ssgproject.content_profile_cis_workstation_l1
43 ***·CPE·Platforms·***43 ***·CPE·Platforms·***
44 ····*·cpe:/o:redhat:enterprise_linux:944 ····*·cpe:/o:redhat:enterprise_linux:9
45 *****·Revision·History·*****45 *****·Revision·History·*****
46 Current·version:·0.1.6546 Current·version:·0.1.65
47 ····*·draft·(as·of·2024-01-14)47 ····*·draft·(as·of·2025-02-15)
48 *****·Table·of·Contents·*****48 *****·Table·of·Contents·*****
49 ···1.·System_Settings49 ···1.·System_Settings
50 ·········1.·Installing_and_Maintaining_Software50 ·········1.·Installing_and_Maintaining_Software
51 ·········2.·Account_and_Access_Control51 ·········2.·Account_and_Access_Control
52 ·········3.·GRUB2_bootloader_configuration52 ·········3.·GRUB2_bootloader_configuration
53 ·········4.·Configure_Syslog53 ·········4.·Configure_Syslog
54 ·········5.·Network_Configuration_and_Firewalls54 ·········5.·Network_Configuration_and_Firewalls
Offset 7946, 16 lines modifiedOffset 7946, 16 lines modified
7946 ··-·no_reboot_needed7946 ··-·no_reboot_needed
  
7947 -·name:·Test·for·existence·/boot/grub2/grub.cfg7947 -·name:·Test·for·existence·/boot/grub2/grub.cfg
7948 ··stat:7948 ··stat:
7949 ····path:·/boot/grub2/grub.cfg7949 ····path:·/boot/grub2/grub.cfg
7950 ··register:·file_exists7950 ··register:·file_exists
7951 ··when:7951 ··when:
7952 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
7953 ··-·'"grub2-common"·in·ansible_facts.packages'7952 ··-·'"grub2-common"·in·ansible_facts.packages'
 7953 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
7954 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]7954 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7955 ··tags:7955 ··tags:
7956 ··-·CCE-83848-27956 ··-·CCE-83848-2
7957 ··-·CJIS-5.5.2.27957 ··-·CJIS-5.5.2.2
7958 ··-·NIST-800-171-3.4.57958 ··-·NIST-800-171-3.4.5
7959 ··-·NIST-800-53-AC-6(1)7959 ··-·NIST-800-53-AC-6(1)
7960 ··-·NIST-800-53-CM-6(a)7960 ··-·NIST-800-53-CM-6(a)
Offset 7968, 16 lines modifiedOffset 7968, 16 lines modified
7968 ··-·no_reboot_needed7968 ··-·no_reboot_needed
  
7969 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg7969 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
7970 ··file:7970 ··file:
7971 ····path:·/boot/grub2/grub.cfg7971 ····path:·/boot/grub2/grub.cfg
7972 ····group:·'0'7972 ····group:·'0'
7973 ··when:7973 ··when:
7974 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
7975 ··-·'"grub2-common"·in·ansible_facts.packages'7974 ··-·'"grub2-common"·in·ansible_facts.packages'
 7975 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
7976 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]7976 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7977 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists7977 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
7978 ··tags:7978 ··tags:
7979 ··-·CCE-83848-27979 ··-·CCE-83848-2
7980 ··-·CJIS-5.5.2.27980 ··-·CJIS-5.5.2.2
7981 ··-·NIST-800-171-3.4.57981 ··-·NIST-800-171-3.4.5
7982 ··-·NIST-800-53-AC-6(1)7982 ··-·NIST-800-53-AC-6(1)
Offset 7990, 15 lines modifiedOffset 7990, 15 lines modified
7990 ··-·medium_severity7990 ··-·medium_severity
7991 ··-·no_reboot_needed7991 ··-·no_reboot_needed
7992 Remediation_Shell_script_⇲7992 Remediation_Shell_script_⇲
7993 Complexity:·low7993 Complexity:·low
7994 Disruption:·low7994 Disruption:·low
7995 Strategy:···configure7995 Strategy:···configure
7996 #·Remediation·is·applicable·only·in·certain·platforms7996 #·Remediation·is·applicable·only·in·certain·platforms
7997 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then7997 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
7998 chgrp·0·/boot/grub2/grub.cfg7998 chgrp·0·/boot/grub2/grub.cfg
  
7999 else7999 else
8000 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'8000 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
8001 fi8001 fi
8002 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***8002 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***
Offset 8031, 16 lines modifiedOffset 8031, 16 lines modified
8031 ··-·no_reboot_needed8031 ··-·no_reboot_needed
  
8032 -·name:·Test·for·existence·/boot/grub2/user.cfg8032 -·name:·Test·for·existence·/boot/grub2/user.cfg
8033 ··stat:8033 ··stat:
8034 ····path:·/boot/grub2/user.cfg8034 ····path:·/boot/grub2/user.cfg
8035 ··register:·file_exists8035 ··register:·file_exists
8036 ··when:8036 ··when:
8037 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8038 ··-·'"grub2-common"·in·ansible_facts.packages'8037 ··-·'"grub2-common"·in·ansible_facts.packages'
 8038 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
8039 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8039 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8040 ··tags:8040 ··tags:
8041 ··-·CCE-86010-68041 ··-·CCE-86010-6
8042 ··-·CJIS-5.5.2.28042 ··-·CJIS-5.5.2.2
8043 ··-·NIST-800-171-3.4.58043 ··-·NIST-800-171-3.4.5
8044 ··-·NIST-800-53-AC-6(1)8044 ··-·NIST-800-53-AC-6(1)
8045 ··-·NIST-800-53-CM-6(a)8045 ··-·NIST-800-53-CM-6(a)
Offset 8053, 16 lines modifiedOffset 8053, 16 lines modified
8053 ··-·no_reboot_needed8053 ··-·no_reboot_needed
  
8054 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg8054 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
8055 ··file:8055 ··file:
8056 ····path:·/boot/grub2/user.cfg8056 ····path:·/boot/grub2/user.cfg
8057 ····group:·'0'8057 ····group:·'0'
8058 ··when:8058 ··when:
8059 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8060 ··-·'"grub2-common"·in·ansible_facts.packages'8059 ··-·'"grub2-common"·in·ansible_facts.packages'
 8060 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
8061 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8061 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8062 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists8062 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
8063 ··tags:8063 ··tags:
8064 ··-·CCE-86010-68064 ··-·CCE-86010-6
8065 ··-·CJIS-5.5.2.28065 ··-·CJIS-5.5.2.2
8066 ··-·NIST-800-171-3.4.58066 ··-·NIST-800-171-3.4.5
8067 ··-·NIST-800-53-AC-6(1)8067 ··-·NIST-800-53-AC-6(1)
Offset 8075, 15 lines modifiedOffset 8075, 15 lines modified
8075 ··-·medium_severity8075 ··-·medium_severity
8076 ··-·no_reboot_needed8076 ··-·no_reboot_needed
8077 Remediation_Shell_script_⇲8077 Remediation_Shell_script_⇲
8078 Complexity:·low8078 Complexity:·low
8079 Disruption:·low8079 Disruption:·low
8080 Strategy:···configure8080 Strategy:···configure
8081 #·Remediation·is·applicable·only·in·certain·platforms8081 #·Remediation·is·applicable·only·in·certain·platforms
8082 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then8082 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
8083 chgrp·0·/boot/grub2/user.cfg8083 chgrp·0·/boot/grub2/user.cfg
  
8084 else8084 else
8085 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'8085 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
8086 fi8086 fi
8087 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***8087 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 8116, 16 lines modifiedOffset 8116, 16 lines modified
8116 ··-·no_reboot_needed8116 ··-·no_reboot_needed
  
8117 -·name:·Test·for·existence·/boot/grub2/grub.cfg8117 -·name:·Test·for·existence·/boot/grub2/grub.cfg
8118 ··stat:8118 ··stat:
8119 ····path:·/boot/grub2/grub.cfg8119 ····path:·/boot/grub2/grub.cfg
8120 ··register:·file_exists8120 ··register:·file_exists
8121 ··when:8121 ··when:
Max diff block lines reached; 14385/18963 bytes (75.86%) of diff not shown.
76.9 KB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-cis_workstation_l2.html
    
Offset 14294, 15 lines modifiedOffset 14294, 15 lines modified
00037d50:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current00037d50:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current
00037d60:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron00037d60:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron
00037d70:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong00037d70:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong
00037d80:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st00037d80:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st
00037d90:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro00037d90:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro
00037da0:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············00037da0:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············
00037db0:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·200037db0:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·2
00037dc0:·3032·342d·3031·2d31·3429·0a20·2020·2020··024-01-14).·····00037dc0:·3032·352d·3032·2d31·3529·0a20·2020·2020··025-02-15).·····
00037dd0:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>00037dd0:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>
00037de0:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T00037de0:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T
00037df0:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents00037df0:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents
00037e00:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·00037e00:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·
00037e10:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org00037e10:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org
00037e20:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont00037e20:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont
00037e30:·656e·745f·6772·6f75·705f·7379·7374·656d··ent_group_system00037e30:·656e·745f·6772·6f75·705f·7379·7374·656d··ent_group_system
Offset 186585, 22 lines modifiedOffset 186585, 22 lines modified
002d8d80:·7374·2066·6f72·2065·7869·7374·656e·6365··st·for·existence002d8d80:·7374·2066·6f72·2065·7869·7374·656e·6365··st·for·existence
002d8d90:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru002d8d90:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
002d8da0:·622e·6366·670a·2020·7374·6174·3a0a·2020··b.cfg.··stat:.··002d8da0:·622e·6366·670a·2020·7374·6174·3a0a·2020··b.cfg.··stat:.··
002d8db0:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr002d8db0:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr
002d8dc0:·7562·322f·6772·7562·2e63·6667·0a20·2072··ub2/grub.cfg.··r002d8dc0:·7562·322f·6772·7562·2e63·6667·0a20·2072··ub2/grub.cfg.··r
002d8dd0:·6567·6973·7465·723a·2066·696c·655f·6578··egister:·file_ex002d8dd0:·6567·6973·7465·723a·2066·696c·655f·6578··egister:·file_ex
002d8de0:·6973·7473·0a20·2077·6865·6e3a·0a20·202d··ists.··when:.··-002d8de0:·6973·7473·0a20·2077·6865·6e3a·0a20·202d··ists.··when:.··-
002d8df0:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no 
002d8e00:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou 
002d8e10:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib 
002d8e20:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l 
002d8e30:·6973·7427·0a20·202d·2027·2267·7275·6232··ist'.··-·'"grub2 
002d8e40:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi 
002d8e50:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag002d8df0:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common"
 002d8e00:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 002d8e10:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·
 002d8e20:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not
 002d8e30:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun
 002d8e40:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu
 002d8e50:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li
002d8e60:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_002d8e60:·7374·270a·2020·2d20·616e·7369·626c·655f··st'.··-·ansible_
002d8e70:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t002d8e70:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
002d8e80:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc002d8e80:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
002d8e90:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op002d8e90:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
002d8ea0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",002d8ea0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
002d8eb0:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··002d8eb0:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
002d8ec0:·7461·6773·3a0a·2020·2d20·4343·452d·3833··tags:.··-·CCE-83002d8ec0:·7461·6773·3a0a·2020·2d20·4343·452d·3833··tags:.··-·CCE-83
002d8ed0:·3834·382d·320a·2020·2d20·434a·4953·2d35··848-2.··-·CJIS-5002d8ed0:·3834·382d·320a·2020·2d20·434a·4953·2d35··848-2.··-·CJIS-5
Offset 186622, 21 lines modifiedOffset 186622, 21 lines modified
002d8fd0:·6e73·7572·6520·6772·6f75·7020·6f77·6e65··nsure·group·owne002d8fd0:·6e73·7572·6520·6772·6f75·7020·6f77·6e65··nsure·group·owne
002d8fe0:·7220·3020·6f6e·202f·626f·6f74·2f67·7275··r·0·on·/boot/gru002d8fe0:·7220·3020·6f6e·202f·626f·6f74·2f67·7275··r·0·on·/boot/gru
002d8ff0:·6232·2f67·7275·622e·6366·670a·2020·6669··b2/grub.cfg.··fi002d8ff0:·6232·2f67·7275·622e·6366·670a·2020·6669··b2/grub.cfg.··fi
002d9000:·6c65·3a0a·2020·2020·7061·7468·3a20·2f62··le:.····path:·/b002d9000:·6c65·3a0a·2020·2020·7061·7468·3a20·2f62··le:.····path:·/b
002d9010:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c002d9010:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c
002d9020:·6667·0a20·2020·2067·726f·7570·3a20·2730··fg.····group:·'0002d9020:·6667·0a20·2020·2067·726f·7570·3a20·2730··fg.····group:·'0
002d9030:·270a·2020·7768·656e·3a0a·2020·2d20·2722··'.··when:.··-·'"002d9030:·270a·2020·7768·656e·3a0a·2020·2d20·2722··'.··when:.··-·'"
002d9040:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i 
002d9050:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts 
002d9060:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute 
002d9070:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list 
002d9080:·270a·2020·2d20·2722·6772·7562·322d·636f··'.··-·'"grub2-co 
002d9090:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible 
002d90a0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'002d9040:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in
 002d9050:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p
 002d9060:·6163·6b61·6765·7327·0a20·202d·2027·222f··ackages'.··-·'"/
 002d9070:·626f·6f74·2f65·6669·2220·6e6f·7420·696e··boot/efi"·not·in
 002d9080:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts·
 002d9090:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute=
 002d90a0:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list'
002d90b0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir002d90b0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
002d90c0:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type002d90c0:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
002d90d0:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker002d90d0:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
002d90e0:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv002d90e0:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
002d90f0:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c002d90f0:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
002d9100:·6f6e·7461·696e·6572·225d·0a20·202d·2066··ontainer"].··-·f002d9100:·6f6e·7461·696e·6572·225d·0a20·202d·2066··ontainer"].··-·f
002d9110:·696c·655f·6578·6973·7473·2e73·7461·7420··ile_exists.stat·002d9110:·696c·655f·6578·6973·7473·2e73·7461·7420··ile_exists.stat·
Offset 186688, 19 lines modifiedOffset 186688, 19 lines modified
002d93f0:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</002d93f0:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</
002d9400:·7468·3e3c·7464·3e63·6f6e·6669·6775·7265··th><td>configure002d9400:·7468·3e3c·7464·3e63·6f6e·6669·6775·7265··th><td>configure
002d9410:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl002d9410:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl
002d9420:·653e·3c70·7265·3e3c·636f·6465·3e23·2052··e><pre><code>#·R002d9420:·653e·3c70·7265·3e3c·636f·6465·3e23·2052··e><pre><code>#·R
002d9430:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap002d9430:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap
002d9440:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in002d9440:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in
002d9450:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor002d9450:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor
002d9460:·6d73·0a69·6620·5b20·2120·2d66·202f·7379··ms.if·[·!·-f·/sy 
002d9470:·732f·6669·726d·7761·7265·2f65·6669·205d··s/firmware/efi·] 
002d9480:·2026·616d·703b·2661·6d70·3b20·7270·6d20···&amp;&amp;·rpm· 
002d9490:·2d2d·7175·6965·7420·2d71·2067·7275·6232··--quiet·-q·grub2 
002d94a0:·2d63·6f6d·6d6f·6e20·2661·6d70·3b26·616d··-common·&amp;&am002d9460:·6d73·0a69·6620·7270·6d20·2d2d·7175·6965··ms.if·rpm·--quie
 002d9470:·7420·2d71·2067·7275·6232·2d63·6f6d·6d6f··t·-q·grub2-commo
 002d9480:·6e20·2661·6d70·3b26·616d·703b·205b·2021··n·&amp;&amp;·[·!
 002d9490:·202d·6620·2f73·7973·2f66·6972·6d77·6172···-f·/sys/firmwar
 002d94a0:·652f·6566·6920·5d20·2661·6d70·3b26·616d··e/efi·]·&amp;&am
002d94b0:·703b·207b·205b·2021·202d·6620·2f2e·646f··p;·{·[·!·-f·/.do002d94b0:·703b·207b·205b·2021·202d·6620·2f2e·646f··p;·{·[·!·-f·/.do
002d94c0:·636b·6572·656e·7620·5d20·2661·6d70·3b26··ckerenv·]·&amp;&002d94c0:·636b·6572·656e·7620·5d20·2661·6d70·3b26··ckerenv·]·&amp;&
002d94d0:·616d·703b·205b·2021·202d·6620·2f72·756e··amp;·[·!·-f·/run002d94d0:·616d·703b·205b·2021·202d·6620·2f72·756e··amp;·[·!·-f·/run
002d94e0:·2f2e·636f·6e74·6169·6e65·7265·6e76·205d··/.containerenv·]002d94e0:·2f2e·636f·6e74·6169·6e65·7265·6e76·205d··/.containerenv·]
002d94f0:·3b20·7d3b·2074·6865·6e0a·0a63·6867·7270··;·};·then..chgrp002d94f0:·3b20·7d3b·2074·6865·6e0a·0a63·6867·7270··;·};·then..chgrp
002d9500:·2030·202f·626f·6f74·2f67·7275·6232·2f67···0·/boot/grub2/g002d9500:·2030·202f·626f·6f74·2f67·7275·6232·2f67···0·/boot/grub2/g
002d9510:·7275·622e·6366·670a·0a65·6c73·650a·2020··rub.cfg..else.··002d9510:·7275·622e·6366·670a·0a65·6c73·650a·2020··rub.cfg..else.··
Offset 187217, 22 lines modifiedOffset 187217, 22 lines modified
002db500:·6e61·6d65·3a20·5465·7374·2066·6f72·2065··name:·Test·for·e002db500:·6e61·6d65·3a20·5465·7374·2066·6f72·2065··name:·Test·for·e
002db510:·7869·7374·656e·6365·202f·626f·6f74·2f67··xistence·/boot/g002db510:·7869·7374·656e·6365·202f·626f·6f74·2f67··xistence·/boot/g
002db520:·7275·6232·2f75·7365·722e·6366·670a·2020··rub2/user.cfg.··002db520:·7275·6232·2f75·7365·722e·6366·670a·2020··rub2/user.cfg.··
002db530:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:·002db530:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:·
002db540:·2f62·6f6f·742f·6772·7562·322f·7573·6572··/boot/grub2/user002db540:·2f62·6f6f·742f·6772·7562·322f·7573·6572··/boot/grub2/user
002db550:·2e63·6667·0a20·2072·6567·6973·7465·723a··.cfg.··register:002db550:·2e63·6667·0a20·2072·6567·6973·7465·723a··.cfg.··register:
002db560:·2066·696c·655f·6578·6973·7473·0a20·2077···file_exists.··w002db560:·2066·696c·655f·6578·6973·7473·0a20·2077···file_exists.··w
002db570:·6865·6e3a·0a20·202d·2027·222f·626f·6f74··hen:.··-·'"/boot002db570:·6865·6e3a·0a20·202d·2027·2267·7275·6232··hen:.··-·'"grub2
002db580:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans 
002db590:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma 
002db5a0:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou 
002db5b0:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··- 
002db5c0:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common" 
002db5d0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
002db5e0:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·002db580:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi
 002db590:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
 002db5a0:·6573·270a·2020·2d20·2722·2f62·6f6f·742f··es'.··-·'"/boot/
 002db5b0:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi
 002db5c0:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map
 002db5d0:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun
 002db5e0:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-·
002db5f0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali002db5f0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
002db600:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·002db600:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
002db610:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l002db610:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
002db620:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"002db620:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
002db630:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai002db630:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
002db640:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··002db640:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··
002db650:·2d20·4343·452d·3836·3031·302d·360a·2020··-·CCE-86010-6.··002db650:·2d20·4343·452d·3836·3031·302d·360a·2020··-·CCE-86010-6.··
Offset 187254, 22 lines modifiedOffset 187254, 22 lines modified
002db750:·6e61·6d65·3a20·456e·7375·7265·2067·726f··name:·Ensure·gro002db750:·6e61·6d65·3a20·456e·7375·7265·2067·726f··name:·Ensure·gro
Max diff block lines reached; 50380/59516 bytes (84.65%) of diff not shown.
18.6 KB
html2text {}
    
Offset 40, 15 lines modifiedOffset 40, 15 lines modified
40 Profile·Title·[DRAFT]·CIS·Red·Hat·Enterprise·Linux·9·Benchmark·for·Level·2·-40 Profile·Title·[DRAFT]·CIS·Red·Hat·Enterprise·Linux·9·Benchmark·for·Level·2·-
41 ··············Workstation41 ··············Workstation
42 Profile·ID····xccdf_org.ssgproject.content_profile_cis_workstation_l242 Profile·ID····xccdf_org.ssgproject.content_profile_cis_workstation_l2
43 ***·CPE·Platforms·***43 ***·CPE·Platforms·***
44 ····*·cpe:/o:redhat:enterprise_linux:944 ····*·cpe:/o:redhat:enterprise_linux:9
45 *****·Revision·History·*****45 *****·Revision·History·*****
46 Current·version:·0.1.6546 Current·version:·0.1.65
47 ····*·draft·(as·of·2024-01-14)47 ····*·draft·(as·of·2025-02-15)
48 *****·Table·of·Contents·*****48 *****·Table·of·Contents·*****
49 ···1.·System_Settings49 ···1.·System_Settings
50 ·········1.·Installing_and_Maintaining_Software50 ·········1.·Installing_and_Maintaining_Software
51 ·········2.·Account_and_Access_Control51 ·········2.·Account_and_Access_Control
52 ·········3.·System_Accounting_with_auditd52 ·········3.·System_Accounting_with_auditd
53 ·········4.·GRUB2_bootloader_configuration53 ·········4.·GRUB2_bootloader_configuration
54 ·········5.·Configure_Syslog54 ·········5.·Configure_Syslog
Offset 41771, 16 lines modifiedOffset 41771, 16 lines modified
41771 ··-·no_reboot_needed41771 ··-·no_reboot_needed
  
41772 -·name:·Test·for·existence·/boot/grub2/grub.cfg41772 -·name:·Test·for·existence·/boot/grub2/grub.cfg
41773 ··stat:41773 ··stat:
41774 ····path:·/boot/grub2/grub.cfg41774 ····path:·/boot/grub2/grub.cfg
41775 ··register:·file_exists41775 ··register:·file_exists
41776 ··when:41776 ··when:
41777 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41778 ··-·'"grub2-common"·in·ansible_facts.packages'41777 ··-·'"grub2-common"·in·ansible_facts.packages'
 41778 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
41779 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41779 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41780 ··tags:41780 ··tags:
41781 ··-·CCE-83848-241781 ··-·CCE-83848-2
41782 ··-·CJIS-5.5.2.241782 ··-·CJIS-5.5.2.2
41783 ··-·NIST-800-171-3.4.541783 ··-·NIST-800-171-3.4.5
41784 ··-·NIST-800-53-AC-6(1)41784 ··-·NIST-800-53-AC-6(1)
41785 ··-·NIST-800-53-CM-6(a)41785 ··-·NIST-800-53-CM-6(a)
Offset 41793, 16 lines modifiedOffset 41793, 16 lines modified
41793 ··-·no_reboot_needed41793 ··-·no_reboot_needed
  
41794 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg41794 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
41795 ··file:41795 ··file:
41796 ····path:·/boot/grub2/grub.cfg41796 ····path:·/boot/grub2/grub.cfg
41797 ····group:·'0'41797 ····group:·'0'
41798 ··when:41798 ··when:
41799 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41800 ··-·'"grub2-common"·in·ansible_facts.packages'41799 ··-·'"grub2-common"·in·ansible_facts.packages'
 41800 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
41801 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41801 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41802 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists41802 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
41803 ··tags:41803 ··tags:
41804 ··-·CCE-83848-241804 ··-·CCE-83848-2
41805 ··-·CJIS-5.5.2.241805 ··-·CJIS-5.5.2.2
41806 ··-·NIST-800-171-3.4.541806 ··-·NIST-800-171-3.4.5
41807 ··-·NIST-800-53-AC-6(1)41807 ··-·NIST-800-53-AC-6(1)
Offset 41815, 15 lines modifiedOffset 41815, 15 lines modified
41815 ··-·medium_severity41815 ··-·medium_severity
41816 ··-·no_reboot_needed41816 ··-·no_reboot_needed
41817 Remediation_Shell_script_⇲41817 Remediation_Shell_script_⇲
41818 Complexity:·low41818 Complexity:·low
41819 Disruption:·low41819 Disruption:·low
41820 Strategy:···configure41820 Strategy:···configure
41821 #·Remediation·is·applicable·only·in·certain·platforms41821 #·Remediation·is·applicable·only·in·certain·platforms
41822 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then41822 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
41823 chgrp·0·/boot/grub2/grub.cfg41823 chgrp·0·/boot/grub2/grub.cfg
  
41824 else41824 else
41825 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'41825 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
41826 fi41826 fi
41827 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***41827 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***
Offset 41856, 16 lines modifiedOffset 41856, 16 lines modified
41856 ··-·no_reboot_needed41856 ··-·no_reboot_needed
  
41857 -·name:·Test·for·existence·/boot/grub2/user.cfg41857 -·name:·Test·for·existence·/boot/grub2/user.cfg
41858 ··stat:41858 ··stat:
41859 ····path:·/boot/grub2/user.cfg41859 ····path:·/boot/grub2/user.cfg
41860 ··register:·file_exists41860 ··register:·file_exists
41861 ··when:41861 ··when:
41862 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41863 ··-·'"grub2-common"·in·ansible_facts.packages'41862 ··-·'"grub2-common"·in·ansible_facts.packages'
 41863 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
41864 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41864 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41865 ··tags:41865 ··tags:
41866 ··-·CCE-86010-641866 ··-·CCE-86010-6
41867 ··-·CJIS-5.5.2.241867 ··-·CJIS-5.5.2.2
41868 ··-·NIST-800-171-3.4.541868 ··-·NIST-800-171-3.4.5
41869 ··-·NIST-800-53-AC-6(1)41869 ··-·NIST-800-53-AC-6(1)
41870 ··-·NIST-800-53-CM-6(a)41870 ··-·NIST-800-53-CM-6(a)
Offset 41878, 16 lines modifiedOffset 41878, 16 lines modified
41878 ··-·no_reboot_needed41878 ··-·no_reboot_needed
  
41879 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg41879 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
41880 ··file:41880 ··file:
41881 ····path:·/boot/grub2/user.cfg41881 ····path:·/boot/grub2/user.cfg
41882 ····group:·'0'41882 ····group:·'0'
41883 ··when:41883 ··when:
41884 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41885 ··-·'"grub2-common"·in·ansible_facts.packages'41884 ··-·'"grub2-common"·in·ansible_facts.packages'
 41885 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
41886 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41886 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41887 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists41887 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
41888 ··tags:41888 ··tags:
41889 ··-·CCE-86010-641889 ··-·CCE-86010-6
41890 ··-·CJIS-5.5.2.241890 ··-·CJIS-5.5.2.2
41891 ··-·NIST-800-171-3.4.541891 ··-·NIST-800-171-3.4.5
41892 ··-·NIST-800-53-AC-6(1)41892 ··-·NIST-800-53-AC-6(1)
Offset 41900, 15 lines modifiedOffset 41900, 15 lines modified
41900 ··-·medium_severity41900 ··-·medium_severity
41901 ··-·no_reboot_needed41901 ··-·no_reboot_needed
41902 Remediation_Shell_script_⇲41902 Remediation_Shell_script_⇲
41903 Complexity:·low41903 Complexity:·low
41904 Disruption:·low41904 Disruption:·low
41905 Strategy:···configure41905 Strategy:···configure
41906 #·Remediation·is·applicable·only·in·certain·platforms41906 #·Remediation·is·applicable·only·in·certain·platforms
41907 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then41907 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
41908 chgrp·0·/boot/grub2/user.cfg41908 chgrp·0·/boot/grub2/user.cfg
  
41909 else41909 else
41910 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'41910 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
41911 fi41911 fi
41912 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***41912 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 41941, 16 lines modifiedOffset 41941, 16 lines modified
41941 ··-·no_reboot_needed41941 ··-·no_reboot_needed
  
41942 -·name:·Test·for·existence·/boot/grub2/grub.cfg41942 -·name:·Test·for·existence·/boot/grub2/grub.cfg
41943 ··stat:41943 ··stat:
41944 ····path:·/boot/grub2/grub.cfg41944 ····path:·/boot/grub2/grub.cfg
41945 ··register:·file_exists41945 ··register:·file_exists
41946 ··when:41946 ··when:
Max diff block lines reached; 14431/19017 bytes (75.88%) of diff not shown.
1.88 KB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-cui.html
    
Offset 14335, 15 lines modifiedOffset 14335, 15 lines modified
00037fe0:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v00037fe0:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v
00037ff0:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>00037ff0:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>
00038000:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><00038000:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><
00038010:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro00038010:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro
00038020:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong00038020:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong
00038030:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············00038030:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············
00038040:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·20200038040:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·202
00038050:·342d·3031·2d31·3429·0a20·2020·2020·2020··4-01-14).·······00038050:·352d·3032·2d31·3529·0a20·2020·2020·2020··5-02-15).·······
00038060:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></00038060:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></
00038070:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab00038070:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab
00038080:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</00038080:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</
00038090:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr00038090:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr
000380a0:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s000380a0:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s
000380b0:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten000380b0:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten
000380c0:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">000380c0:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">
686 B
html2text {}
    
Offset 50, 15 lines modifiedOffset 50, 15 lines modified
50 Profile·Title·[DRAFT]·Unclassified·Information·in·Non-federal·Information50 Profile·Title·[DRAFT]·Unclassified·Information·in·Non-federal·Information
51 ··············Systems·and·Organizations·(NIST·800-171)51 ··············Systems·and·Organizations·(NIST·800-171)
52 Profile·ID····xccdf_org.ssgproject.content_profile_cui52 Profile·ID····xccdf_org.ssgproject.content_profile_cui
53 ***·CPE·Platforms·***53 ***·CPE·Platforms·***
54 ····*·cpe:/o:redhat:enterprise_linux:954 ····*·cpe:/o:redhat:enterprise_linux:9
55 *****·Revision·History·*****55 *****·Revision·History·*****
56 Current·version:·0.1.6556 Current·version:·0.1.65
57 ····*·draft·(as·of·2024-01-14)57 ····*·draft·(as·of·2025-02-15)
58 *****·Table·of·Contents·*****58 *****·Table·of·Contents·*****
59 ···1.·System_Settings59 ···1.·System_Settings
60 ·········1.·Installing_and_Maintaining_Software60 ·········1.·Installing_and_Maintaining_Software
61 ·········2.·Account_and_Access_Control61 ·········2.·Account_and_Access_Control
62 ·········3.·System_Accounting_with_auditd62 ·········3.·System_Accounting_with_auditd
63 ·········4.·GRUB2_bootloader_configuration63 ·········4.·GRUB2_bootloader_configuration
64 ·········5.·zIPL_bootloader_configuration64 ·········5.·zIPL_bootloader_configuration
1.98 KB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-e8.html
    
Offset 14300, 16 lines modifiedOffset 14300, 16 lines modified
00037db0:·6f6e·2048·6973·746f·7279·3c2f·6832·3e3c··on·History</h2><00037db0:·6f6e·2048·6973·746f·7279·3c2f·6832·3e3c··on·History</h2><
00037dc0:·703e·4375·7272·656e·7420·7665·7273·696f··p>Current·versio00037dc0:·703e·4375·7272·656e·7420·7665·7273·696f··p>Current·versio
00037dd0:·6e3a·203c·7374·726f·6e67·3e30·2e31·2e36··n:·<strong>0.1.600037dd0:·6e3a·203c·7374·726f·6e67·3e30·2e31·2e36··n:·<strong>0.1.6
00037de0:·353c·2f73·7472·6f6e·673e·3c2f·703e·3c75··5</strong></p><u00037de0:·353c·2f73·7472·6f6e·673e·3c2f·703e·3c75··5</strong></p><u
00037df0:·6c3e·3c6c·693e·3c73·7472·6f6e·673e·6472··l><li><strong>dr00037df0:·6c3e·3c6c·693e·3c73·7472·6f6e·673e·6472··l><li><strong>dr
00037e00:·6166·743c·2f73·7472·6f6e·673e·0a20·2020··aft</strong>.···00037e00:·6166·743c·2f73·7472·6f6e·673e·0a20·2020··aft</strong>.···
00037e10:·2020·2020·2020·2020·2020·2020·2020·2020··················00037e10:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037e20:·2028·6173·206f·6620·3230·3234·2d30·312d···(as·of·2024-01-00037e20:·2028·6173·206f·6620·3230·3235·2d30·322d···(as·of·2025-02-
00037e30:·3134·290a·2020·2020·2020·2020·2020·2020··14).············00037e30:·3135·290a·2020·2020·2020·2020·2020·2020··15).············
00037e40:·2020·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f······</li></ul></00037e40:·2020·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f······</li></ul></
00037e50:·6469·763e·3c68·323e·5461·626c·6520·6f66··div><h2>Table·of00037e50:·6469·763e·3c68·323e·5461·626c·6520·6f66··div><h2>Table·of
00037e60:·2043·6f6e·7465·6e74·733c·2f68·323e·3c6f···Contents</h2><o00037e60:·2043·6f6e·7465·6e74·733c·2f68·323e·3c6f···Contents</h2><o
00037e70:·6c3e·3c6c·693e·3c61·2068·7265·663d·2223··l><li><a·href="#00037e70:·6c3e·3c6c·693e·3c61·2068·7265·663d·2223··l><li><a·href="#
00037e80:·7863·6364·665f·6f72·672e·7373·6770·726f··xccdf_org.ssgpro00037e80:·7863·6364·665f·6f72·672e·7373·6770·726f··xccdf_org.ssgpro
00037e90:·6a65·6374·2e63·6f6e·7465·6e74·5f67·726f··ject.content_gro00037e90:·6a65·6374·2e63·6f6e·7465·6e74·5f67·726f··ject.content_gro
00037ea0:·7570·5f73·7973·7465·6d22·3e53·7973·7465··up_system">Syste00037ea0:·7570·5f73·7973·7465·6d22·3e53·7973·7465··up_system">Syste
650 B
html2text {}
    
Offset 41, 15 lines modifiedOffset 41, 15 lines modified
41 *****·Profile·Information·*****41 *****·Profile·Information·*****
42 Profile·Title·Australian·Cyber·Security·Centre·(ACSC)·Essential·Eight42 Profile·Title·Australian·Cyber·Security·Centre·(ACSC)·Essential·Eight
43 Profile·ID····xccdf_org.ssgproject.content_profile_e843 Profile·ID····xccdf_org.ssgproject.content_profile_e8
44 ***·CPE·Platforms·***44 ***·CPE·Platforms·***
45 ····*·cpe:/o:redhat:enterprise_linux:945 ····*·cpe:/o:redhat:enterprise_linux:9
46 *****·Revision·History·*****46 *****·Revision·History·*****
47 Current·version:·0.1.6547 Current·version:·0.1.65
48 ····*·draft·(as·of·2024-01-14)48 ····*·draft·(as·of·2025-02-15)
49 *****·Table·of·Contents·*****49 *****·Table·of·Contents·*****
50 ···1.·System_Settings50 ···1.·System_Settings
51 ·········1.·Installing_and_Maintaining_Software51 ·········1.·Installing_and_Maintaining_Software
52 ·········2.·Account_and_Access_Control52 ·········2.·Account_and_Access_Control
53 ·········3.·System_Accounting_with_auditd53 ·········3.·System_Accounting_with_auditd
54 ·········4.·Configure_Syslog54 ·········4.·Configure_Syslog
55 ·········5.·Network_Configuration_and_Firewalls55 ·········5.·Network_Configuration_and_Firewalls
16.8 KB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-hipaa.html
    
Offset 14320, 15 lines modifiedOffset 14320, 15 lines modified
00037ef0:·6973·746f·7279·3c2f·6832·3e3c·703e·4375··istory</h2><p>Cu00037ef0:·6973·746f·7279·3c2f·6832·3e3c·703e·4375··istory</h2><p>Cu
00037f00:·7272·656e·7420·7665·7273·696f·6e3a·203c··rrent·version:·<00037f00:·7272·656e·7420·7665·7273·696f·6e3a·203c··rrent·version:·<
00037f10:·7374·726f·6e67·3e30·2e31·2e36·353c·2f73··strong>0.1.65</s00037f10:·7374·726f·6e67·3e30·2e31·2e36·353c·2f73··strong>0.1.65</s
00037f20:·7472·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c··trong></p><ul><l00037f20:·7472·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c··trong></p><ul><l
00037f30:·693e·3c73·7472·6f6e·673e·6472·6166·743c··i><strong>draft<00037f30:·693e·3c73·7472·6f6e·673e·6472·6166·743c··i><strong>draft<
00037f40:·2f73·7472·6f6e·673e·0a20·2020·2020·2020··/strong>.·······00037f40:·2f73·7472·6f6e·673e·0a20·2020·2020·2020··/strong>.·······
00037f50:·2020·2020·2020·2020·2020·2020·2028·6173···············(as00037f50:·2020·2020·2020·2020·2020·2020·2028·6173···············(as
00037f60:·206f·6620·3230·3234·2d30·312d·3134·290a···of·2024-01-14).00037f60:·206f·6620·3230·3235·2d30·322d·3135·290a···of·2025-02-15).
00037f70:·2020·2020·2020·2020·2020·2020·2020·2020··················00037f70:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037f80:·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469·763e··</li></ul></div>00037f80:·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469·763e··</li></ul></div>
00037f90:·3c68·323e·5461·626c·6520·6f66·2043·6f6e··<h2>Table·of·Con00037f90:·3c68·323e·5461·626c·6520·6f66·2043·6f6e··<h2>Table·of·Con
00037fa0:·7465·6e74·733c·2f68·323e·3c6f·6c3e·3c6c··tents</h2><ol><l00037fa0:·7465·6e74·733c·2f68·323e·3c6f·6c3e·3c6c··tents</h2><ol><l
00037fb0:·693e·3c61·2068·7265·663d·2223·7863·6364··i><a·href="#xccd00037fb0:·693e·3c61·2068·7265·663d·2223·7863·6364··i><a·href="#xccd
00037fc0:·665f·6f72·672e·7373·6770·726f·6a65·6374··f_org.ssgproject00037fc0:·665f·6f72·672e·7373·6770·726f·6a65·6374··f_org.ssgproject
00037fd0:·2e63·6f6e·7465·6e74·5f67·726f·7570·5f73··.content_group_s00037fd0:·2e63·6f6e·7465·6e74·5f67·726f·7570·5f73··.content_group_s
Offset 202384, 22 lines modifiedOffset 202384, 22 lines modified
003168f0:·6d65·3a20·5465·7374·2066·6f72·2065·7869··me:·Test·for·exi003168f0:·6d65·3a20·5465·7374·2066·6f72·2065·7869··me:·Test·for·exi
00316900:·7374·656e·6365·202f·626f·6f74·2f67·7275··stence·/boot/gru00316900:·7374·656e·6365·202f·626f·6f74·2f67·7275··stence·/boot/gru
00316910:·6232·2f67·7275·622e·6366·670a·2020·7374··b2/grub.cfg.··st00316910:·6232·2f67·7275·622e·6366·670a·2020·7374··b2/grub.cfg.··st
00316920:·6174·3a0a·2020·2020·7061·7468·3a20·2f62··at:.····path:·/b00316920:·6174·3a0a·2020·2020·7061·7468·3a20·2f62··at:.····path:·/b
00316930:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c00316930:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c
00316940:·6667·0a20·2072·6567·6973·7465·723a·2066··fg.··register:·f00316940:·6667·0a20·2072·6567·6973·7465·723a·2066··fg.··register:·f
00316950:·696c·655f·6578·6973·7473·0a20·2077·6865··ile_exists.··whe00316950:·696c·655f·6578·6973·7473·0a20·2077·6865··ile_exists.··whe
00316960:·6e3a·0a20·202d·2027·222f·626f·6f74·2f65··n:.··-·'"/boot/e00316960:·6e3a·0a20·202d·2027·2267·7275·6232·2d63··n:.··-·'"grub2-c
00316970:·6669·2220·6e6f·7420·696e·2061·6e73·6962··fi"·not·in·ansib 
00316980:·6c65·5f6d·6f75·6e74·7320·7c20·6d61·7028··le_mounts·|·map( 
00316990:·6174·7472·6962·7574·653d·226d·6f75·6e74··attribute="mount 
003169a0:·2229·207c·206c·6973·7427·0a20·202d·2027··")·|·list'.··-·' 
003169b0:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i 
003169c0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
003169d0:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an00316970:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl
 00316980:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
 00316990:·270a·2020·2d20·2722·2f62·6f6f·742f·6566··'.··-·'"/boot/ef
 003169a0:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl
 003169b0:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a
 003169c0:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount"
 003169d0:·2920·7c20·6c69·7374·270a·2020·2d20·616e··)·|·list'.··-·an
003169e0:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza003169e0:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
003169f0:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in003169f0:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
00316a00:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc00316a00:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
00316a10:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po00316a10:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
00316a20:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe00316a20:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
00316a30:·7222·5d0a·2020·7461·6773·3a0a·2020·2d20··r"].··tags:.··-·00316a30:·7222·5d0a·2020·7461·6773·3a0a·2020·2d20··r"].··tags:.··-·
00316a40:·4343·452d·3833·3834·382d·320a·2020·2d20··CCE-83848-2.··-·00316a40:·4343·452d·3833·3834·382d·320a·2020·2d20··CCE-83848-2.··-·
Offset 202421, 22 lines modifiedOffset 202421, 22 lines modified
00316b40:·616d·653a·2045·6e73·7572·6520·6772·6f75··ame:·Ensure·grou00316b40:·616d·653a·2045·6e73·7572·6520·6772·6f75··ame:·Ensure·grou
00316b50:·7020·6f77·6e65·7220·3020·6f6e·202f·626f··p·owner·0·on·/bo00316b50:·7020·6f77·6e65·7220·3020·6f6e·202f·626f··p·owner·0·on·/bo
00316b60:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf00316b60:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
00316b70:·670a·2020·6669·6c65·3a0a·2020·2020·7061··g.··file:.····pa00316b70:·670a·2020·6669·6c65·3a0a·2020·2020·7061··g.··file:.····pa
00316b80:·7468·3a20·2f62·6f6f·742f·6772·7562·322f··th:·/boot/grub2/00316b80:·7468·3a20·2f62·6f6f·742f·6772·7562·322f··th:·/boot/grub2/
00316b90:·6772·7562·2e63·6667·0a20·2020·2067·726f··grub.cfg.····gro00316b90:·6772·7562·2e63·6667·0a20·2020·2067·726f··grub.cfg.····gro
00316ba0:·7570·3a20·2730·270a·2020·7768·656e·3a0a··up:·'0'.··when:.00316ba0:·7570·3a20·2730·270a·2020·7768·656e·3a0a··up:·'0'.··when:.
00316bb0:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi" 
00316bc0:·206e·6f74·2069·6e20·616e·7369·626c·655f···not·in·ansible_ 
00316bd0:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att 
00316be0:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")· 
00316bf0:·7c20·6c69·7374·270a·2020·2d20·2722·6772··|·list'.··-·'"gr 
00316c00:·7562·322d·636f·6d6d·6f6e·2220·696e·2061··ub2-common"·in·a 
00316c10:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac00316bb0:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm
 00316bc0:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f
 00316bd0:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
 00316be0:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"·
 00316bf0:·6e6f·7420·696e·2061·6e73·6962·6c65·5f6d··not·in·ansible_m
 00316c00:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr
 00316c10:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·|
00316c20:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib00316c20:·206c·6973·7427·0a20·202d·2061·6e73·6962···list'.··-·ansib
00316c30:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio00316c30:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio
00316c40:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["00316c40:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["
00316c50:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·00316c50:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·
00316c60:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma00316c60:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma
00316c70:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]00316c70:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]
00316c80:·0a20·202d·2066·696c·655f·6578·6973·7473··.··-·file_exists00316c80:·0a20·202d·2066·696c·655f·6578·6973·7473··.··-·file_exists
00316c90:·2e73·7461·7420·6973·2064·6566·696e·6564··.stat·is·defined00316c90:·2e73·7461·7420·6973·2064·6566·696e·6564··.stat·is·defined
Offset 202487, 19 lines modifiedOffset 202487, 19 lines modified
00316f60:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat00316f60:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat
00316f70:·6567·793a·3c2f·7468·3e3c·7464·3e63·6f6e··egy:</th><td>con00316f70:·6567·793a·3c2f·7468·3e3c·7464·3e63·6f6e··egy:</th><td>con
00316f80:·6669·6775·7265·3c2f·7464·3e3c·2f74·723e··figure</td></tr>00316f80:·6669·6775·7265·3c2f·7464·3e3c·2f74·723e··figure</td></tr>
00316f90:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co00316f90:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co
00316fa0:·6465·3e23·2052·656d·6564·6961·7469·6f6e··de>#·Remediation00316fa0:·6465·3e23·2052·656d·6564·6961·7469·6f6e··de>#·Remediation
00316fb0:·2069·7320·6170·706c·6963·6162·6c65·206f···is·applicable·o00316fb0:·2069·7320·6170·706c·6963·6162·6c65·206f···is·applicable·o
00316fc0:·6e6c·7920·696e·2063·6572·7461·696e·2070··nly·in·certain·p00316fc0:·6e6c·7920·696e·2063·6572·7461·696e·2070··nly·in·certain·p
00316fd0:·6c61·7466·6f72·6d73·0a69·6620·5b20·2120··latforms.if·[·!·00316fd0:·6c61·7466·6f72·6d73·0a69·6620·7270·6d20··latforms.if·rpm·
00316fe0:·2d66·202f·7379·732f·6669·726d·7761·7265··-f·/sys/firmware 
00316ff0:·2f65·6669·205d·2026·616d·703b·2661·6d70··/efi·]·&amp;&amp 
00317000:·3b20·7270·6d20·2d2d·7175·6965·7420·2d71··;·rpm·--quiet·-q 
00317010:·2067·7275·6232·2d63·6f6d·6d6f·6e20·2661···grub2-common·&a00316fe0:·2d2d·7175·6965·7420·2d71·2067·7275·6232··--quiet·-q·grub2
 00316ff0:·2d63·6f6d·6d6f·6e20·2661·6d70·3b26·616d··-common·&amp;&am
 00317000:·703b·205b·2021·202d·6620·2f73·7973·2f66··p;·[·!·-f·/sys/f
 00317010:·6972·6d77·6172·652f·6566·6920·5d20·2661··irmware/efi·]·&a
00317020:·6d70·3b26·616d·703b·207b·205b·2021·202d··mp;&amp;·{·[·!·-00317020:·6d70·3b26·616d·703b·207b·205b·2021·202d··mp;&amp;·{·[·!·-
00317030:·6620·2f2e·646f·636b·6572·656e·7620·5d20··f·/.dockerenv·]·00317030:·6620·2f2e·646f·636b·6572·656e·7620·5d20··f·/.dockerenv·]·
00317040:·2661·6d70·3b26·616d·703b·205b·2021·202d··&amp;&amp;·[·!·-00317040:·2661·6d70·3b26·616d·703b·205b·2021·202d··&amp;&amp;·[·!·-
00317050:·6620·2f72·756e·2f2e·636f·6e74·6169·6e65··f·/run/.containe00317050:·6620·2f72·756e·2f2e·636f·6e74·6169·6e65··f·/run/.containe
00317060:·7265·6e76·205d·3b20·7d3b·2074·6865·6e0a··renv·];·};·then.00317060:·7265·6e76·205d·3b20·7d3b·2074·6865·6e0a··renv·];·};·then.
00317070:·0a63·6867·7270·2030·202f·626f·6f74·2f67··.chgrp·0·/boot/g00317070:·0a63·6867·7270·2030·202f·626f·6f74·2f67··.chgrp·0·/boot/g
00317080:·7275·6232·2f67·7275·622e·6366·670a·0a65··rub2/grub.cfg..e00317080:·7275·6232·2f67·7275·622e·6366·670a·0a65··rub2/grub.cfg..e
Offset 202993, 21 lines modifiedOffset 202993, 21 lines modified
00318f00:·2066·6f72·2065·7869·7374·656e·6365·202f···for·existence·/00318f00:·2066·6f72·2065·7869·7374·656e·6365·202f···for·existence·/
00318f10:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.00318f10:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
00318f20:·6366·670a·2020·7374·6174·3a0a·2020·2020··cfg.··stat:.····00318f20:·6366·670a·2020·7374·6174·3a0a·2020·2020··cfg.··stat:.····
00318f30:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub00318f30:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub
00318f40:·322f·6772·7562·2e63·6667·0a20·2072·6567··2/grub.cfg.··reg00318f40:·322f·6772·7562·2e63·6667·0a20·2072·6567··2/grub.cfg.··reg
00318f50:·6973·7465·723a·2066·696c·655f·6578·6973··ister:·file_exis00318f50:·6973·7465·723a·2066·696c·655f·6578·6973··ister:·file_exis
00318f60:·7473·0a20·2077·6865·6e3a·0a20·202d·2027··ts.··when:.··-·'00318f60:·7473·0a20·2077·6865·6e3a·0a20·202d·2027··ts.··when:.··-·'
00318f70:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not· 
00318f80:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount 
00318f90:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut 
00318fa0:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis 
00318fb0:·7427·0a20·202d·2027·2267·7275·6232·2d63··t'.··-·'"grub2-c 
00318fc0:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl 
00318fd0:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages00318f70:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i
 00318f80:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
 00318f90:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'"
 00318fa0:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i
 00318fb0:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts
 00318fc0:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute
 00318fd0:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list
00318fe0:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi00318fe0:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
00318ff0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ00318ff0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
00319000:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke00319000:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
00319010:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open00319010:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
00319020:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"00319020:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
00319030:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta00319030:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta
00319040:·6773·3a0a·2020·2d20·4343·452d·3833·3834··gs:.··-·CCE-838400319040:·6773·3a0a·2020·2d20·4343·452d·3833·3834··gs:.··-·CCE-8384
Offset 203029, 22 lines modifiedOffset 203029, 22 lines modified
00319140:·2d20·6e61·6d65·3a20·456e·7375·7265·206f··-·name:·Ensure·o00319140:·2d20·6e61·6d65·3a20·456e·7375·7265·206f··-·name:·Ensure·o
00319150:·776e·6572·2030·206f·6e20·2f62·6f6f·742f··wner·0·on·/boot/00319150:·776e·6572·2030·206f·6e20·2f62·6f6f·742f··wner·0·on·/boot/
Max diff block lines reached; 3547/12752 bytes (27.82%) of diff not shown.
4.19 KB
html2text {}
    
Offset 46, 15 lines modifiedOffset 46, 15 lines modified
46 *****·Profile·Information·*****46 *****·Profile·Information·*****
47 Profile·Title·Health·Insurance·Portability·and·Accountability·Act·(HIPAA)47 Profile·Title·Health·Insurance·Portability·and·Accountability·Act·(HIPAA)
48 Profile·ID····xccdf_org.ssgproject.content_profile_hipaa48 Profile·ID····xccdf_org.ssgproject.content_profile_hipaa
49 ***·CPE·Platforms·***49 ***·CPE·Platforms·***
50 ····*·cpe:/o:redhat:enterprise_linux:950 ····*·cpe:/o:redhat:enterprise_linux:9
51 *****·Revision·History·*****51 *****·Revision·History·*****
52 Current·version:·0.1.6552 Current·version:·0.1.65
53 ····*·draft·(as·of·2024-01-14)53 ····*·draft·(as·of·2025-02-15)
54 *****·Table·of·Contents·*****54 *****·Table·of·Contents·*****
55 ···1.·System_Settings55 ···1.·System_Settings
56 ·········1.·Installing_and_Maintaining_Software56 ·········1.·Installing_and_Maintaining_Software
57 ·········2.·Account_and_Access_Control57 ·········2.·Account_and_Access_Control
58 ·········3.·System_Accounting_with_auditd58 ·········3.·System_Accounting_with_auditd
59 ·········4.·GRUB2_bootloader_configuration59 ·········4.·GRUB2_bootloader_configuration
60 ·········5.·Configure_Syslog60 ·········5.·Configure_Syslog
Offset 48394, 16 lines modifiedOffset 48394, 16 lines modified
48394 ··-·no_reboot_needed48394 ··-·no_reboot_needed
  
48395 -·name:·Test·for·existence·/boot/grub2/grub.cfg48395 -·name:·Test·for·existence·/boot/grub2/grub.cfg
48396 ··stat:48396 ··stat:
48397 ····path:·/boot/grub2/grub.cfg48397 ····path:·/boot/grub2/grub.cfg
48398 ··register:·file_exists48398 ··register:·file_exists
48399 ··when:48399 ··when:
48400 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
48401 ··-·'"grub2-common"·in·ansible_facts.packages'48400 ··-·'"grub2-common"·in·ansible_facts.packages'
 48401 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
48402 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]48402 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
48403 ··tags:48403 ··tags:
48404 ··-·CCE-83848-248404 ··-·CCE-83848-2
48405 ··-·CJIS-5.5.2.248405 ··-·CJIS-5.5.2.2
48406 ··-·NIST-800-171-3.4.548406 ··-·NIST-800-171-3.4.5
48407 ··-·NIST-800-53-AC-6(1)48407 ··-·NIST-800-53-AC-6(1)
48408 ··-·NIST-800-53-CM-6(a)48408 ··-·NIST-800-53-CM-6(a)
Offset 48416, 16 lines modifiedOffset 48416, 16 lines modified
48416 ··-·no_reboot_needed48416 ··-·no_reboot_needed
  
48417 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg48417 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
48418 ··file:48418 ··file:
48419 ····path:·/boot/grub2/grub.cfg48419 ····path:·/boot/grub2/grub.cfg
48420 ····group:·'0'48420 ····group:·'0'
48421 ··when:48421 ··when:
48422 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
48423 ··-·'"grub2-common"·in·ansible_facts.packages'48422 ··-·'"grub2-common"·in·ansible_facts.packages'
 48423 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
48424 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]48424 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
48425 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists48425 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
48426 ··tags:48426 ··tags:
48427 ··-·CCE-83848-248427 ··-·CCE-83848-2
48428 ··-·CJIS-5.5.2.248428 ··-·CJIS-5.5.2.2
48429 ··-·NIST-800-171-3.4.548429 ··-·NIST-800-171-3.4.5
48430 ··-·NIST-800-53-AC-6(1)48430 ··-·NIST-800-53-AC-6(1)
Offset 48438, 15 lines modifiedOffset 48438, 15 lines modified
48438 ··-·medium_severity48438 ··-·medium_severity
48439 ··-·no_reboot_needed48439 ··-·no_reboot_needed
48440 Remediation_Shell_script_⇲48440 Remediation_Shell_script_⇲
48441 Complexity:·low48441 Complexity:·low
48442 Disruption:·low48442 Disruption:·low
48443 Strategy:···configure48443 Strategy:···configure
48444 #·Remediation·is·applicable·only·in·certain·platforms48444 #·Remediation·is·applicable·only·in·certain·platforms
48445 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then48445 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
48446 chgrp·0·/boot/grub2/grub.cfg48446 chgrp·0·/boot/grub2/grub.cfg
  
48447 else48447 else
48448 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'48448 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
48449 fi48449 fi
48450 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***48450 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 48479, 16 lines modifiedOffset 48479, 16 lines modified
48479 ··-·no_reboot_needed48479 ··-·no_reboot_needed
  
48480 -·name:·Test·for·existence·/boot/grub2/grub.cfg48480 -·name:·Test·for·existence·/boot/grub2/grub.cfg
48481 ··stat:48481 ··stat:
48482 ····path:·/boot/grub2/grub.cfg48482 ····path:·/boot/grub2/grub.cfg
48483 ··register:·file_exists48483 ··register:·file_exists
48484 ··when:48484 ··when:
48485 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
48486 ··-·'"grub2-common"·in·ansible_facts.packages'48485 ··-·'"grub2-common"·in·ansible_facts.packages'
 48486 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
48487 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]48487 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
48488 ··tags:48488 ··tags:
48489 ··-·CCE-83845-848489 ··-·CCE-83845-8
48490 ··-·CJIS-5.5.2.248490 ··-·CJIS-5.5.2.2
48491 ··-·NIST-800-171-3.4.548491 ··-·NIST-800-171-3.4.5
48492 ··-·NIST-800-53-AC-6(1)48492 ··-·NIST-800-53-AC-6(1)
48493 ··-·NIST-800-53-CM-6(a)48493 ··-·NIST-800-53-CM-6(a)
Offset 48501, 16 lines modifiedOffset 48501, 16 lines modified
48501 ··-·no_reboot_needed48501 ··-·no_reboot_needed
  
48502 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg48502 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
48503 ··file:48503 ··file:
48504 ····path:·/boot/grub2/grub.cfg48504 ····path:·/boot/grub2/grub.cfg
48505 ····owner:·'0'48505 ····owner:·'0'
48506 ··when:48506 ··when:
48507 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
48508 ··-·'"grub2-common"·in·ansible_facts.packages'48507 ··-·'"grub2-common"·in·ansible_facts.packages'
 48508 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
48509 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]48509 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
48510 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists48510 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
48511 ··tags:48511 ··tags:
48512 ··-·CCE-83845-848512 ··-·CCE-83845-8
48513 ··-·CJIS-5.5.2.248513 ··-·CJIS-5.5.2.2
48514 ··-·NIST-800-171-3.4.548514 ··-·NIST-800-171-3.4.5
48515 ··-·NIST-800-53-AC-6(1)48515 ··-·NIST-800-53-AC-6(1)
Offset 48523, 15 lines modifiedOffset 48523, 15 lines modified
48523 ··-·medium_severity48523 ··-·medium_severity
48524 ··-·no_reboot_needed48524 ··-·no_reboot_needed
48525 Remediation_Shell_script_⇲48525 Remediation_Shell_script_⇲
48526 Complexity:·low48526 Complexity:·low
48527 Disruption:·low48527 Disruption:·low
48528 Strategy:···configure48528 Strategy:···configure
48529 #·Remediation·is·applicable·only·in·certain·platforms48529 #·Remediation·is·applicable·only·in·certain·platforms
48530 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then48530 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
48531 chown·0·/boot/grub2/grub.cfg48531 chown·0·/boot/grub2/grub.cfg
  
48532 else48532 else
48533 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'48533 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
48534 fi48534 fi
48535 ***·Rule  ·Set·Boot·Loader·Password·in·grub2·  [ref]·***48535 ***·Rule  ·Set·Boot·Loader·Password·in·grub2·  [ref]·***
1.85 KB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-ism_o.html
    
Offset 14313, 15 lines modifiedOffset 14313, 15 lines modified
00037e80:·6973·746f·7279·3c2f·6832·3e3c·703e·4375··istory</h2><p>Cu00037e80:·6973·746f·7279·3c2f·6832·3e3c·703e·4375··istory</h2><p>Cu
00037e90:·7272·656e·7420·7665·7273·696f·6e3a·203c··rrent·version:·<00037e90:·7272·656e·7420·7665·7273·696f·6e3a·203c··rrent·version:·<
00037ea0:·7374·726f·6e67·3e30·2e31·2e36·353c·2f73··strong>0.1.65</s00037ea0:·7374·726f·6e67·3e30·2e31·2e36·353c·2f73··strong>0.1.65</s
00037eb0:·7472·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c··trong></p><ul><l00037eb0:·7472·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c··trong></p><ul><l
00037ec0:·693e·3c73·7472·6f6e·673e·6472·6166·743c··i><strong>draft<00037ec0:·693e·3c73·7472·6f6e·673e·6472·6166·743c··i><strong>draft<
00037ed0:·2f73·7472·6f6e·673e·0a20·2020·2020·2020··/strong>.·······00037ed0:·2f73·7472·6f6e·673e·0a20·2020·2020·2020··/strong>.·······
00037ee0:·2020·2020·2020·2020·2020·2020·2028·6173···············(as00037ee0:·2020·2020·2020·2020·2020·2020·2028·6173···············(as
00037ef0:·206f·6620·3230·3234·2d30·312d·3134·290a···of·2024-01-14).00037ef0:·206f·6620·3230·3235·2d30·322d·3135·290a···of·2025-02-15).
00037f00:·2020·2020·2020·2020·2020·2020·2020·2020··················00037f00:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037f10:·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469·763e··</li></ul></div>00037f10:·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469·763e··</li></ul></div>
00037f20:·3c68·323e·5461·626c·6520·6f66·2043·6f6e··<h2>Table·of·Con00037f20:·3c68·323e·5461·626c·6520·6f66·2043·6f6e··<h2>Table·of·Con
00037f30:·7465·6e74·733c·2f68·323e·3c6f·6c3e·3c6c··tents</h2><ol><l00037f30:·7465·6e74·733c·2f68·323e·3c6f·6c3e·3c6c··tents</h2><ol><l
00037f40:·693e·3c61·2068·7265·663d·2223·7863·6364··i><a·href="#xccd00037f40:·693e·3c61·2068·7265·663d·2223·7863·6364··i><a·href="#xccd
00037f50:·665f·6f72·672e·7373·6770·726f·6a65·6374··f_org.ssgproject00037f50:·665f·6f72·672e·7373·6770·726f·6a65·6374··f_org.ssgproject
00037f60:·2e63·6f6e·7465·6e74·5f67·726f·7570·5f73··.content_group_s00037f60:·2e63·6f6e·7465·6e74·5f67·726f·7570·5f73··.content_group_s
650 B
html2text {}
    
Offset 44, 15 lines modifiedOffset 44, 15 lines modified
44 *****·Profile·Information·*****44 *****·Profile·Information·*****
45 Profile·Title·Australian·Cyber·Security·Centre·(ACSC)·ISM·Official45 Profile·Title·Australian·Cyber·Security·Centre·(ACSC)·ISM·Official
46 Profile·ID····xccdf_org.ssgproject.content_profile_ism_o46 Profile·ID····xccdf_org.ssgproject.content_profile_ism_o
47 ***·CPE·Platforms·***47 ***·CPE·Platforms·***
48 ····*·cpe:/o:redhat:enterprise_linux:948 ····*·cpe:/o:redhat:enterprise_linux:9
49 *****·Revision·History·*****49 *****·Revision·History·*****
50 Current·version:·0.1.6550 Current·version:·0.1.65
51 ····*·draft·(as·of·2024-01-14)51 ····*·draft·(as·of·2025-02-15)
52 *****·Table·of·Contents·*****52 *****·Table·of·Contents·*****
53 ···1.·System_Settings53 ···1.·System_Settings
54 ·········1.·Installing_and_Maintaining_Software54 ·········1.·Installing_and_Maintaining_Software
55 ·········2.·Account_and_Access_Control55 ·········2.·Account_and_Access_Control
56 ·········3.·System_Accounting_with_auditd56 ·········3.·System_Accounting_with_auditd
57 ·········4.·Configure_Syslog57 ·········4.·Configure_Syslog
58 ·········5.·Network_Configuration_and_Firewalls58 ·········5.·Network_Configuration_and_Firewalls
1.86 KB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-ospp.html
    
Offset 14302, 15 lines modifiedOffset 14302, 15 lines modified
00037dd0:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>00037dd0:·2048·6973·746f·7279·3c2f·6832·3e3c·703e···History</h2><p>
00037de0:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:00037de0:·4375·7272·656e·7420·7665·7273·696f·6e3a··Current·version:
00037df0:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<00037df0:·203c·7374·726f·6e67·3e30·2e31·2e36·353c···<strong>0.1.65<
00037e00:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>00037e00:·2f73·7472·6f6e·673e·3c2f·703e·3c75·6c3e··/strong></p><ul>
00037e10:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf00037e10:·3c6c·693e·3c73·7472·6f6e·673e·6472·6166··<li><strong>draf
00037e20:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····00037e20:·743c·2f73·7472·6f6e·673e·0a20·2020·2020··t</strong>.·····
00037e30:·2020·2020·2020·2020·2020·2020·2020·2028·················(00037e30:·2020·2020·2020·2020·2020·2020·2020·2028·················(
00037e40:·6173·206f·6620·3230·3234·2d30·312d·3134··as·of·2024-01-1400037e40:·6173·206f·6620·3230·3235·2d30·322d·3135··as·of·2025-02-15
00037e50:·290a·2020·2020·2020·2020·2020·2020·2020··).··············00037e50:·290a·2020·2020·2020·2020·2020·2020·2020··).··············
00037e60:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di00037e60:·2020·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469····</li></ul></di
00037e70:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C00037e70:·763e·3c68·323e·5461·626c·6520·6f66·2043··v><h2>Table·of·C
00037e80:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>00037e80:·6f6e·7465·6e74·733c·2f68·323e·3c6f·6c3e··ontents</h2><ol>
00037e90:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc00037e90:·3c6c·693e·3c61·2068·7265·663d·2223·7863··<li><a·href="#xc
00037ea0:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje00037ea0:·6364·665f·6f72·672e·7373·6770·726f·6a65··cdf_org.ssgproje
00037eb0:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group00037eb0:·6374·2e63·6f6e·7465·6e74·5f67·726f·7570··ct.content_group
661 B
html2text {}
    
Offset 41, 15 lines modifiedOffset 41, 15 lines modified
41 *****·Profile·Information·*****41 *****·Profile·Information·*****
42 Profile·Title·Protection·Profile·for·General·Purpose·Operating·Systems42 Profile·Title·Protection·Profile·for·General·Purpose·Operating·Systems
43 Profile·ID····xccdf_org.ssgproject.content_profile_ospp43 Profile·ID····xccdf_org.ssgproject.content_profile_ospp
44 ***·CPE·Platforms·***44 ***·CPE·Platforms·***
45 ····*·cpe:/o:redhat:enterprise_linux:945 ····*·cpe:/o:redhat:enterprise_linux:9
46 *****·Revision·History·*****46 *****·Revision·History·*****
47 Current·version:·0.1.6547 Current·version:·0.1.65
48 ····*·draft·(as·of·2024-01-14)48 ····*·draft·(as·of·2025-02-15)
49 *****·Table·of·Contents·*****49 *****·Table·of·Contents·*****
50 ···1.·System_Settings50 ···1.·System_Settings
51 ·········1.·Installing_and_Maintaining_Software51 ·········1.·Installing_and_Maintaining_Software
52 ·········2.·Account_and_Access_Control52 ·········2.·Account_and_Access_Control
53 ·········3.·System_Accounting_with_auditd53 ·········3.·System_Accounting_with_auditd
54 ·········4.·GRUB2_bootloader_configuration54 ·········4.·GRUB2_bootloader_configuration
55 ·········5.·zIPL_bootloader_configuration55 ·········5.·zIPL_bootloader_configuration
17.0 KB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-pci-dss.html
    
Offset 14284, 16 lines modifiedOffset 14284, 16 lines modified
00037cb0:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p00037cb0:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p
00037cc0:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version00037cc0:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version
00037cd0:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.6500037cd0:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.65
00037ce0:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul00037ce0:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul
00037cf0:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra00037cf0:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra
00037d00:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····00037d00:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····
00037d10:·2020·2020·2020·2020·2020·2020·2020·2020··················00037d10:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037d20:·2861·7320·6f66·2032·3032·342d·3031·2d31··(as·of·2024-01-100037d20:·2861·7320·6f66·2032·3032·352d·3032·2d31··(as·of·2025-02-1
00037d30:·3429·0a20·2020·2020·2020·2020·2020·2020··4).·············00037d30:·3529·0a20·2020·2020·2020·2020·2020·2020··5).·············
00037d40:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d00037d40:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d
00037d50:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·00037d50:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·
00037d60:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol00037d60:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol
00037d70:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x00037d70:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x
00037d80:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj00037d80:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj
00037d90:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou00037d90:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou
00037da0:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System00037da0:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System
Offset 194287, 22 lines modifiedOffset 194287, 22 lines modified
002f6ee0:·2d20·6e61·6d65·3a20·5465·7374·2066·6f72··-·name:·Test·for002f6ee0:·2d20·6e61·6d65·3a20·5465·7374·2066·6f72··-·name:·Test·for
002f6ef0:·2065·7869·7374·656e·6365·202f·626f·6f74···existence·/boot002f6ef0:·2065·7869·7374·656e·6365·202f·626f·6f74···existence·/boot
002f6f00:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.002f6f00:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.
002f6f10:·2020·7374·6174·3a0a·2020·2020·7061·7468····stat:.····path002f6f10:·2020·7374·6174·3a0a·2020·2020·7061·7468····stat:.····path
002f6f20:·3a20·2f62·6f6f·742f·6772·7562·322f·6772··:·/boot/grub2/gr002f6f20:·3a20·2f62·6f6f·742f·6772·7562·322f·6772··:·/boot/grub2/gr
002f6f30:·7562·2e63·6667·0a20·2072·6567·6973·7465··ub.cfg.··registe002f6f30:·7562·2e63·6667·0a20·2072·6567·6973·7465··ub.cfg.··registe
002f6f40:·723a·2066·696c·655f·6578·6973·7473·0a20··r:·file_exists.·002f6f40:·723a·2066·696c·655f·6578·6973·7473·0a20··r:·file_exists.·
002f6f50:·2077·6865·6e3a·0a20·202d·2027·222f·626f···when:.··-·'"/bo002f6f50:·2077·6865·6e3a·0a20·202d·2027·2267·7275···when:.··-·'"gru
002f6f60:·6f74·2f65·6669·2220·6e6f·7420·696e·2061··ot/efi"·not·in·a 
002f6f70:·6e73·6962·6c65·5f6d·6f75·6e74·7320·7c20··nsible_mounts·|· 
002f6f80:·6d61·7028·6174·7472·6962·7574·653d·226d··map(attribute="m 
002f6f90:·6f75·6e74·2229·207c·206c·6973·7427·0a20··ount")·|·list'.· 
002f6fa0:·202d·2027·2267·7275·6232·2d63·6f6d·6d6f···-·'"grub2-commo 
002f6fb0:·6e22·2069·6e20·616e·7369·626c·655f·6661··n"·in·ansible_fa 
002f6fc0:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··002f6f60:·6232·2d63·6f6d·6d6f·6e22·2069·6e20·616e··b2-common"·in·an
 002f6f70:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
 002f6f80:·6167·6573·270a·2020·2d20·2722·2f62·6f6f··ages'.··-·'"/boo
 002f6f90:·742f·6566·6922·206e·6f74·2069·6e20·616e··t/efi"·not·in·an
 002f6fa0:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m
 002f6fb0:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo
 002f6fc0:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.··
002f6fd0:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua002f6fd0:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
002f6fe0:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no002f6fe0:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
002f6ff0:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·002f6ff0:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
002f7000:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",002f7000:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
002f7010:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont002f7010:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
002f7020:·6169·6e65·7222·5d0a·2020·7461·6773·3a0a··ainer"].··tags:.002f7020:·6169·6e65·7222·5d0a·2020·7461·6773·3a0a··ainer"].··tags:.
002f7030:·2020·2d20·4343·452d·3833·3834·382d·320a····-·CCE-83848-2.002f7030:·2020·2d20·4343·452d·3833·3834·382d·320a····-·CCE-83848-2.
Offset 194324, 22 lines modifiedOffset 194324, 22 lines modified
002f7130:·0a2d·206e·616d·653a·2045·6e73·7572·6520··.-·name:·Ensure·002f7130:·0a2d·206e·616d·653a·2045·6e73·7572·6520··.-·name:·Ensure·
002f7140:·6772·6f75·7020·6f77·6e65·7220·3020·6f6e··group·owner·0·on002f7140:·6772·6f75·7020·6f77·6e65·7220·3020·6f6e··group·owner·0·on
002f7150:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru002f7150:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
002f7160:·622e·6366·670a·2020·6669·6c65·3a0a·2020··b.cfg.··file:.··002f7160:·622e·6366·670a·2020·6669·6c65·3a0a·2020··b.cfg.··file:.··
002f7170:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr002f7170:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr
002f7180:·7562·322f·6772·7562·2e63·6667·0a20·2020··ub2/grub.cfg.···002f7180:·7562·322f·6772·7562·2e63·6667·0a20·2020··ub2/grub.cfg.···
002f7190:·2067·726f·7570·3a20·2730·270a·2020·7768···group:·'0'.··wh002f7190:·2067·726f·7570·3a20·2730·270a·2020·7768···group:·'0'.··wh
002f71a0:·656e·3a0a·2020·2d20·2722·2f62·6f6f·742f··en:.··-·'"/boot/002f71a0:·656e·3a0a·2020·2d20·2722·6772·7562·322d··en:.··-·'"grub2-
002f71b0:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi 
002f71c0:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map 
002f71d0:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun 
002f71e0:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-· 
002f71f0:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"· 
002f7200:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
002f7210:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a002f71b0:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib
 002f71c0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
 002f71d0:·7327·0a20·202d·2027·222f·626f·6f74·2f65··s'.··-·'"/boot/e
 002f71e0:·6669·2220·6e6f·7420·696e·2061·6e73·6962··fi"·not·in·ansib
 002f71f0:·6c65·5f6d·6f75·6e74·7320·7c20·6d61·7028··le_mounts·|·map(
 002f7200:·6174·7472·6962·7574·653d·226d·6f75·6e74··attribute="mount
 002f7210:·2229·207c·206c·6973·7427·0a20·202d·2061··")·|·list'.··-·a
002f7220:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz002f7220:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
002f7230:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i002f7230:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
002f7240:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx002f7240:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
002f7250:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p002f7250:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
002f7260:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain002f7260:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
002f7270:·6572·225d·0a20·202d·2066·696c·655f·6578··er"].··-·file_ex002f7270:·6572·225d·0a20·202d·2066·696c·655f·6578··er"].··-·file_ex
002f7280:·6973·7473·2e73·7461·7420·6973·2064·6566··ists.stat·is·def002f7280:·6973·7473·2e73·7461·7420·6973·2064·6566··ists.stat·is·def
Offset 194391, 19 lines modifiedOffset 194391, 19 lines modified
002f7560:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td002f7560:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td
002f7570:·3e63·6f6e·6669·6775·7265·3c2f·7464·3e3c··>configure</td><002f7570:·3e63·6f6e·6669·6775·7265·3c2f·7464·3e3c··>configure</td><
002f7580:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre002f7580:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre
002f7590:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia002f7590:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia
002f75a0:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab002f75a0:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab
002f75b0:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa002f75b0:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa
002f75c0:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·002f75c0:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·
002f75d0:·5b20·2120·2d66·202f·7379·732f·6669·726d··[·!·-f·/sys/firm 
002f75e0:·7761·7265·2f65·6669·205d·2026·616d·703b··ware/efi·]·&amp; 
002f75f0:·2661·6d70·3b20·7270·6d20·2d2d·7175·6965··&amp;·rpm·--quie 
002f7600:·7420·2d71·2067·7275·6232·2d63·6f6d·6d6f··t·-q·grub2-commo002f75d0:·7270·6d20·2d2d·7175·6965·7420·2d71·2067··rpm·--quiet·-q·g
 002f75e0:·7275·6232·2d63·6f6d·6d6f·6e20·2661·6d70··rub2-common·&amp
 002f75f0:·3b26·616d·703b·205b·2021·202d·6620·2f73··;&amp;·[·!·-f·/s
 002f7600:·7973·2f66·6972·6d77·6172·652f·6566·6920··ys/firmware/efi·
002f7610:·6e20·2661·6d70·3b26·616d·703b·207b·205b··n·&amp;&amp;·{·[002f7610:·5d20·2661·6d70·3b26·616d·703b·207b·205b··]·&amp;&amp;·{·[
002f7620:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren002f7620:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren
002f7630:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[002f7630:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[
002f7640:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont002f7640:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont
002f7650:·6169·6e65·7265·6e76·205d·3b20·7d3b·2074··ainerenv·];·};·t002f7650:·6169·6e65·7265·6e76·205d·3b20·7d3b·2074··ainerenv·];·};·t
002f7660:·6865·6e0a·0a63·6867·7270·2030·202f·626f··hen..chgrp·0·/bo002f7660:·6865·6e0a·0a63·6867·7270·2030·202f·626f··hen..chgrp·0·/bo
002f7670:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf002f7670:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
002f7680:·670a·0a65·6c73·650a·2020·2020·2667·743b··g..else.····&gt;002f7680:·670a·0a65·6c73·650a·2020·2020·2667·743b··g..else.····&gt;
Offset 194896, 22 lines modifiedOffset 194896, 22 lines modified
002f94f0:·5465·7374·2066·6f72·2065·7869·7374·656e··Test·for·existen002f94f0:·5465·7374·2066·6f72·2065·7869·7374·656e··Test·for·existen
002f9500:·6365·202f·626f·6f74·2f67·7275·6232·2f67··ce·/boot/grub2/g002f9500:·6365·202f·626f·6f74·2f67·7275·6232·2f67··ce·/boot/grub2/g
002f9510:·7275·622e·6366·670a·2020·7374·6174·3a0a··rub.cfg.··stat:.002f9510:·7275·622e·6366·670a·2020·7374·6174·3a0a··rub.cfg.··stat:.
002f9520:·2020·2020·7061·7468·3a20·2f62·6f6f·742f······path:·/boot/002f9520:·2020·2020·7061·7468·3a20·2f62·6f6f·742f······path:·/boot/
002f9530:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·002f9530:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·
002f9540:·2072·6567·6973·7465·723a·2066·696c·655f···register:·file_002f9540:·2072·6567·6973·7465·723a·2066·696c·655f···register:·file_
002f9550:·6578·6973·7473·0a20·2077·6865·6e3a·0a20··exists.··when:.·002f9550:·6578·6973·7473·0a20·2077·6865·6e3a·0a20··exists.··when:.·
002f9560:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"· 
002f9570:·6e6f·7420·696e·2061·6e73·6962·6c65·5f6d··not·in·ansible_m 
002f9580:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr 
002f9590:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·| 
002f95a0:·206c·6973·7427·0a20·202d·2027·2267·7275···list'.··-·'"gru 
002f95b0:·6232·2d63·6f6d·6d6f·6e22·2069·6e20·616e··b2-common"·in·an 
002f95c0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack002f9560:·202d·2027·2267·7275·6232·2d63·6f6d·6d6f···-·'"grub2-commo
 002f9570:·6e22·2069·6e20·616e·7369·626c·655f·6661··n"·in·ansible_fa
 002f9580:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
 002f9590:·2d20·2722·2f62·6f6f·742f·6566·6922·206e··-·'"/boot/efi"·n
 002f95a0:·6f74·2069·6e20·616e·7369·626c·655f·6d6f··ot·in·ansible_mo
 002f95b0:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri
 002f95c0:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|·
002f95d0:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl002f95d0:·6c69·7374·270a·2020·2d20·616e·7369·626c··list'.··-·ansibl
002f95e0:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization002f95e0:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
002f95f0:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d002f95f0:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
002f9600:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"002f9600:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
002f9610:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman002f9610:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
002f9620:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].002f9620:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].
002f9630:·2020·7461·6773·3a0a·2020·2d20·4343·452d····tags:.··-·CCE-002f9630:·2020·7461·6773·3a0a·2020·2d20·4343·452d····tags:.··-·CCE-
002f9640:·3833·3834·352d·380a·2020·2d20·434a·4953··83845-8.··-·CJIS002f9640:·3833·3834·352d·380a·2020·2d20·434a·4953··83845-8.··-·CJIS
Offset 194932, 22 lines modifiedOffset 194932, 22 lines modified
Max diff block lines reached; 3754/13028 bytes (28.81%) of diff not shown.
4.2 KB
html2text {}
    
Offset 37, 15 lines modifiedOffset 37, 15 lines modified
37 *****·Profile·Information·*****37 *****·Profile·Information·*****
38 Profile·Title·PCI-DSS·v3.2.1·Control·Baseline·for·Red·Hat·Enterprise·Linux·938 Profile·Title·PCI-DSS·v3.2.1·Control·Baseline·for·Red·Hat·Enterprise·Linux·9
39 Profile·ID····xccdf_org.ssgproject.content_profile_pci-dss39 Profile·ID····xccdf_org.ssgproject.content_profile_pci-dss
40 ***·CPE·Platforms·***40 ***·CPE·Platforms·***
41 ····*·cpe:/o:redhat:enterprise_linux:941 ····*·cpe:/o:redhat:enterprise_linux:9
42 *****·Revision·History·*****42 *****·Revision·History·*****
43 Current·version:·0.1.6543 Current·version:·0.1.65
44 ····*·draft·(as·of·2024-01-14)44 ····*·draft·(as·of·2025-02-15)
45 *****·Table·of·Contents·*****45 *****·Table·of·Contents·*****
46 ···1.·System_Settings46 ···1.·System_Settings
47 ·········1.·Installing_and_Maintaining_Software47 ·········1.·Installing_and_Maintaining_Software
48 ·········2.·Account_and_Access_Control48 ·········2.·Account_and_Access_Control
49 ·········3.·System_Accounting_with_auditd49 ·········3.·System_Accounting_with_auditd
50 ·········4.·GRUB2_bootloader_configuration50 ·········4.·GRUB2_bootloader_configuration
51 ·········5.·Configure_Syslog51 ·········5.·Configure_Syslog
Offset 44729, 16 lines modifiedOffset 44729, 16 lines modified
44729 ··-·no_reboot_needed44729 ··-·no_reboot_needed
  
44730 -·name:·Test·for·existence·/boot/grub2/grub.cfg44730 -·name:·Test·for·existence·/boot/grub2/grub.cfg
44731 ··stat:44731 ··stat:
44732 ····path:·/boot/grub2/grub.cfg44732 ····path:·/boot/grub2/grub.cfg
44733 ··register:·file_exists44733 ··register:·file_exists
44734 ··when:44734 ··when:
44735 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
44736 ··-·'"grub2-common"·in·ansible_facts.packages'44735 ··-·'"grub2-common"·in·ansible_facts.packages'
 44736 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
44737 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]44737 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
44738 ··tags:44738 ··tags:
44739 ··-·CCE-83848-244739 ··-·CCE-83848-2
44740 ··-·CJIS-5.5.2.244740 ··-·CJIS-5.5.2.2
44741 ··-·NIST-800-171-3.4.544741 ··-·NIST-800-171-3.4.5
44742 ··-·NIST-800-53-AC-6(1)44742 ··-·NIST-800-53-AC-6(1)
44743 ··-·NIST-800-53-CM-6(a)44743 ··-·NIST-800-53-CM-6(a)
Offset 44751, 16 lines modifiedOffset 44751, 16 lines modified
44751 ··-·no_reboot_needed44751 ··-·no_reboot_needed
  
44752 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg44752 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
44753 ··file:44753 ··file:
44754 ····path:·/boot/grub2/grub.cfg44754 ····path:·/boot/grub2/grub.cfg
44755 ····group:·'0'44755 ····group:·'0'
44756 ··when:44756 ··when:
44757 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
44758 ··-·'"grub2-common"·in·ansible_facts.packages'44757 ··-·'"grub2-common"·in·ansible_facts.packages'
 44758 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
44759 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]44759 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
44760 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists44760 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
44761 ··tags:44761 ··tags:
44762 ··-·CCE-83848-244762 ··-·CCE-83848-2
44763 ··-·CJIS-5.5.2.244763 ··-·CJIS-5.5.2.2
44764 ··-·NIST-800-171-3.4.544764 ··-·NIST-800-171-3.4.5
44765 ··-·NIST-800-53-AC-6(1)44765 ··-·NIST-800-53-AC-6(1)
Offset 44773, 15 lines modifiedOffset 44773, 15 lines modified
44773 ··-·medium_severity44773 ··-·medium_severity
44774 ··-·no_reboot_needed44774 ··-·no_reboot_needed
44775 Remediation_Shell_script_⇲44775 Remediation_Shell_script_⇲
44776 Complexity:·low44776 Complexity:·low
44777 Disruption:·low44777 Disruption:·low
44778 Strategy:···configure44778 Strategy:···configure
44779 #·Remediation·is·applicable·only·in·certain·platforms44779 #·Remediation·is·applicable·only·in·certain·platforms
44780 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then44780 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
44781 chgrp·0·/boot/grub2/grub.cfg44781 chgrp·0·/boot/grub2/grub.cfg
  
44782 else44782 else
44783 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'44783 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
44784 fi44784 fi
44785 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***44785 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 44814, 16 lines modifiedOffset 44814, 16 lines modified
44814 ··-·no_reboot_needed44814 ··-·no_reboot_needed
  
44815 -·name:·Test·for·existence·/boot/grub2/grub.cfg44815 -·name:·Test·for·existence·/boot/grub2/grub.cfg
44816 ··stat:44816 ··stat:
44817 ····path:·/boot/grub2/grub.cfg44817 ····path:·/boot/grub2/grub.cfg
44818 ··register:·file_exists44818 ··register:·file_exists
44819 ··when:44819 ··when:
44820 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
44821 ··-·'"grub2-common"·in·ansible_facts.packages'44820 ··-·'"grub2-common"·in·ansible_facts.packages'
 44821 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
44822 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]44822 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
44823 ··tags:44823 ··tags:
44824 ··-·CCE-83845-844824 ··-·CCE-83845-8
44825 ··-·CJIS-5.5.2.244825 ··-·CJIS-5.5.2.2
44826 ··-·NIST-800-171-3.4.544826 ··-·NIST-800-171-3.4.5
44827 ··-·NIST-800-53-AC-6(1)44827 ··-·NIST-800-53-AC-6(1)
44828 ··-·NIST-800-53-CM-6(a)44828 ··-·NIST-800-53-CM-6(a)
Offset 44836, 16 lines modifiedOffset 44836, 16 lines modified
44836 ··-·no_reboot_needed44836 ··-·no_reboot_needed
  
44837 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg44837 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
44838 ··file:44838 ··file:
44839 ····path:·/boot/grub2/grub.cfg44839 ····path:·/boot/grub2/grub.cfg
44840 ····owner:·'0'44840 ····owner:·'0'
44841 ··when:44841 ··when:
44842 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
44843 ··-·'"grub2-common"·in·ansible_facts.packages'44842 ··-·'"grub2-common"·in·ansible_facts.packages'
 44843 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
44844 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]44844 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
44845 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists44845 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
44846 ··tags:44846 ··tags:
44847 ··-·CCE-83845-844847 ··-·CCE-83845-8
44848 ··-·CJIS-5.5.2.244848 ··-·CJIS-5.5.2.2
44849 ··-·NIST-800-171-3.4.544849 ··-·NIST-800-171-3.4.5
44850 ··-·NIST-800-53-AC-6(1)44850 ··-·NIST-800-53-AC-6(1)
Offset 44858, 15 lines modifiedOffset 44858, 15 lines modified
44858 ··-·medium_severity44858 ··-·medium_severity
44859 ··-·no_reboot_needed44859 ··-·no_reboot_needed
44860 Remediation_Shell_script_⇲44860 Remediation_Shell_script_⇲
44861 Complexity:·low44861 Complexity:·low
44862 Disruption:·low44862 Disruption:·low
44863 Strategy:···configure44863 Strategy:···configure
44864 #·Remediation·is·applicable·only·in·certain·platforms44864 #·Remediation·is·applicable·only·in·certain·platforms
44865 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then44865 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
44866 chown·0·/boot/grub2/grub.cfg44866 chown·0·/boot/grub2/grub.cfg
  
44867 else44867 else
44868 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'44868 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
44869 fi44869 fi
44870 Group  ·Configure·Syslog·  Group·contains·2·groups·and·4·rules44870 Group  ·Configure·Syslog·  Group·contains·2·groups·and·4·rules
14.5 KB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-stig.html
    
Offset 14316, 16 lines modifiedOffset 14316, 16 lines modified
00037eb0:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p00037eb0:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p
00037ec0:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version00037ec0:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version
00037ed0:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.6500037ed0:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.65
00037ee0:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul00037ee0:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul
00037ef0:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra00037ef0:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra
00037f00:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····00037f00:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····
00037f10:·2020·2020·2020·2020·2020·2020·2020·2020··················00037f10:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037f20:·2861·7320·6f66·2032·3032·342d·3031·2d31··(as·of·2024-01-100037f20:·2861·7320·6f66·2032·3032·352d·3032·2d31··(as·of·2025-02-1
00037f30:·3429·0a20·2020·2020·2020·2020·2020·2020··4).·············00037f30:·3529·0a20·2020·2020·2020·2020·2020·2020··5).·············
00037f40:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d00037f40:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d
00037f50:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·00037f50:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·
00037f60:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol00037f60:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol
00037f70:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x00037f70:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x
00037f80:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj00037f80:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj
00037f90:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou00037f90:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou
00037fa0:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System00037fa0:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System
Offset 318289, 22 lines modifiedOffset 318289, 22 lines modified
004db500:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc004db500:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc
004db510:·6520·2f62·6f6f·742f·6772·7562·322f·6772··e·/boot/grub2/gr004db510:·6520·2f62·6f6f·742f·6772·7562·322f·6772··e·/boot/grub2/gr
004db520:·7562·2e63·6667·0a20·2073·7461·743a·0a20··ub.cfg.··stat:.·004db520:·7562·2e63·6667·0a20·2073·7461·743a·0a20··ub.cfg.··stat:.·
004db530:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g004db530:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g
004db540:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··004db540:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··
004db550:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e004db550:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e
004db560:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··004db560:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··
004db570:·2d20·2722·2f62·6f6f·742f·6566·6922·206e··-·'"/boot/efi"·n 
004db580:·6f74·2069·6e20·616e·7369·626c·655f·6d6f··ot·in·ansible_mo 
004db590:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri 
004db5a0:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|· 
004db5b0:·6c69·7374·270a·2020·2d20·2722·6772·7562··list'.··-·'"grub 
004db5c0:·322d·636f·6d6d·6f6e·2220·696e·2061·6e73··2-common"·in·ans 
004db5d0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa004db570:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common
 004db580:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
 004db590:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-
 004db5a0:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no
 004db5b0:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou
 004db5c0:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib
 004db5d0:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l
004db5e0:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible004db5e0:·6973·7427·0a20·202d·2061·6e73·6962·6c65··ist'.··-·ansible
004db5f0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_004db5f0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
004db600:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do004db600:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
004db610:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o004db610:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
004db620:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"004db620:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
004db630:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·004db630:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
004db640:·2074·6167·733a·0a20·202d·2043·4345·2d38···tags:.··-·CCE-8004db640:·2074·6167·733a·0a20·202d·2043·4345·2d38···tags:.··-·CCE-8
004db650:·3338·3438·2d32·0a20·202d·2043·4a49·532d··3848-2.··-·CJIS-004db650:·3338·3438·2d32·0a20·202d·2043·4a49·532d··3848-2.··-·CJIS-
Offset 318326, 21 lines modifiedOffset 318326, 21 lines modified
004db750:·456e·7375·7265·2067·726f·7570·206f·776e··Ensure·group·own004db750:·456e·7375·7265·2067·726f·7570·206f·776e··Ensure·group·own
004db760:·6572·2030·206f·6e20·2f62·6f6f·742f·6772··er·0·on·/boot/gr004db760:·6572·2030·206f·6e20·2f62·6f6f·742f·6772··er·0·on·/boot/gr
004db770:·7562·322f·6772·7562·2e63·6667·0a20·2066··ub2/grub.cfg.··f004db770:·7562·322f·6772·7562·2e63·6667·0a20·2066··ub2/grub.cfg.··f
004db780:·696c·653a·0a20·2020·2070·6174·683a·202f··ile:.····path:·/004db780:·696c·653a·0a20·2020·2070·6174·683a·202f··ile:.····path:·/
004db790:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.004db790:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
004db7a0:·6366·670a·2020·2020·6772·6f75·703a·2027··cfg.····group:·'004db7a0:·6366·670a·2020·2020·6772·6f75·703a·2027··cfg.····group:·'
004db7b0:·3027·0a20·2077·6865·6e3a·0a20·202d·2027··0'.··when:.··-·'004db7b0:·3027·0a20·2077·6865·6e3a·0a20·202d·2027··0'.··when:.··-·'
004db7c0:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not· 
004db7d0:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount 
004db7e0:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut 
004db7f0:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis 
004db800:·7427·0a20·202d·2027·2267·7275·6232·2d63··t'.··-·'"grub2-c 
004db810:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl 
004db820:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages004db7c0:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i
 004db7d0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
 004db7e0:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'"
 004db7f0:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i
 004db800:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts
 004db810:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute
 004db820:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list
004db830:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi004db830:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
004db840:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ004db840:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
004db850:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke004db850:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
004db860:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open004db860:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
004db870:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"004db870:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
004db880:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·004db880:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·
004db890:·6669·6c65·5f65·7869·7374·732e·7374·6174··file_exists.stat004db890:·6669·6c65·5f65·7869·7374·732e·7374·6174··file_exists.stat
Offset 318392, 19 lines modifiedOffset 318392, 19 lines modified
004dbb70:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<004dbb70:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<
004dbb80:·2f74·683e·3c74·643e·636f·6e66·6967·7572··/th><td>configur004dbb80:·2f74·683e·3c74·643e·636f·6e66·6967·7572··/th><td>configur
004dbb90:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab004dbb90:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab
004dbba0:·6c65·3e3c·7072·653e·3c63·6f64·653e·2320··le><pre><code>#·004dbba0:·6c65·3e3c·7072·653e·3c63·6f64·653e·2320··le><pre><code>#·
004dbbb0:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a004dbbb0:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a
004dbbc0:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i004dbbc0:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i
004dbbd0:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo004dbbd0:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo
004dbbe0:·726d·730a·6966·205b·2021·202d·6620·2f73··rms.if·[·!·-f·/s 
004dbbf0:·7973·2f66·6972·6d77·6172·652f·6566·6920··ys/firmware/efi· 
004dbc00:·5d20·2661·6d70·3b26·616d·703b·2072·706d··]·&amp;&amp;·rpm 
004dbc10:·202d·2d71·7569·6574·202d·7120·6772·7562···--quiet·-q·grub 
004dbc20:·322d·636f·6d6d·6f6e·2026·616d·703b·2661··2-common·&amp;&a004dbbe0:·726d·730a·6966·2072·706d·202d·2d71·7569··rms.if·rpm·--qui
 004dbbf0:·6574·202d·7120·6772·7562·322d·636f·6d6d··et·-q·grub2-comm
 004dbc00:·6f6e·2026·616d·703b·2661·6d70·3b20·5b20··on·&amp;&amp;·[·
 004dbc10:·2120·2d66·202f·7379·732f·6669·726d·7761··!·-f·/sys/firmwa
 004dbc20:·7265·2f65·6669·205d·2026·616d·703b·2661··re/efi·]·&amp;&a
004dbc30:·6d70·3b20·7b20·5b20·2120·2d66·202f·2e64··mp;·{·[·!·-f·/.d004dbc30:·6d70·3b20·7b20·5b20·2120·2d66·202f·2e64··mp;·{·[·!·-f·/.d
004dbc40:·6f63·6b65·7265·6e76·205d·2026·616d·703b··ockerenv·]·&amp;004dbc40:·6f63·6b65·7265·6e76·205d·2026·616d·703b··ockerenv·]·&amp;
004dbc50:·2661·6d70·3b20·5b20·2120·2d66·202f·7275··&amp;·[·!·-f·/ru004dbc50:·2661·6d70·3b20·5b20·2120·2d66·202f·7275··&amp;·[·!·-f·/ru
004dbc60:·6e2f·2e63·6f6e·7461·696e·6572·656e·7620··n/.containerenv·004dbc60:·6e2f·2e63·6f6e·7461·696e·6572·656e·7620··n/.containerenv·
004dbc70:·5d3b·207d·3b20·7468·656e·0a0a·6368·6772··];·};·then..chgr004dbc70:·5d3b·207d·3b20·7468·656e·0a0a·6368·6772··];·};·then..chgr
004dbc80:·7020·3020·2f62·6f6f·742f·6772·7562·322f··p·0·/boot/grub2/004dbc80:·7020·3020·2f62·6f6f·742f·6772·7562·322f··p·0·/boot/grub2/
004dbc90:·6772·7562·2e63·6667·0a0a·656c·7365·0a20··grub.cfg..else.·004dbc90:·6772·7562·2e63·6667·0a0a·656c·7365·0a20··grub.cfg..else.·
Offset 431202, 23 lines modifiedOffset 431202, 23 lines modified
00694610:·5f63·6c69·656e·745f·7265·7374·7269·6374··_client_restrict00694610:·5f63·6c69·656e·745f·7265·7374·7269·6374··_client_restrict
00694620:·696f·6e73·5c73·2a3d·5c73·2a0a·2020·2020··ions\s*=\s*.····00694620:·696f·6e73·5c73·2a3d·5c73·2a0a·2020·2020··ions\s*=\s*.····
00694630:·2020·6c69·6e65·3a20·736d·7470·645f·636c····line:·smtpd_cl00694630:·2020·6c69·6e65·3a20·736d·7470·645f·636c····line:·smtpd_cl
00694640:·6965·6e74·5f72·6573·7472·6963·7469·6f6e··ient_restriction00694640:·6965·6e74·5f72·6573·7472·6963·7469·6f6e··ient_restriction
00694650:·7320·3d20·7065·726d·6974·5f6d·796e·6574··s·=·permit_mynet00694650:·7320·3d20·7065·726d·6974·5f6d·796e·6574··s·=·permit_mynet
00694660:·776f·726b·732c·7265·6a65·6374·0a20·2020··works,reject.···00694660:·776f·726b·732c·7265·6a65·6374·0a20·2020··works,reject.···
00694670:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen00694670:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen
00694680:·740a·2020·7768·656e·3a0a·2020·2d20·2722··t.··when:.··-·'"00694680:·740a·2020·7768·656e·3a0a·2020·2d20·616e··t.··when:.··-·an
00694690:·706f·7374·6669·7822·2069·6e20·616e·7369··postfix"·in·ansi 
006946a0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag 
006946b0:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_ 
006946c0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t 
006946d0:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc 
006946e0:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op 
006946f0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman", 
00694700:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··00694690:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
 006946a0:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
 006946b0:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
 006946c0:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
 006946d0:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
 006946e0:·7222·5d0a·2020·2d20·2722·706f·7374·6669··r"].··-·'"postfi
 006946f0:·7822·2069·6e20·616e·7369·626c·655f·6661··x"·in·ansible_fa
 00694700:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
00694710:·7461·6773·3a0a·2020·2d20·4343·452d·3837··tags:.··-·CCE-8700694710:·7461·6773·3a0a·2020·2d20·4343·452d·3837··tags:.··-·CCE-87
00694720:·3233·322d·350a·2020·2d20·6c6f·775f·636f··232-5.··-·low_co00694720:·3233·322d·350a·2020·2d20·6c6f·775f·636f··232-5.··-·low_co
00694730:·6d70·6c65·7869·7479·0a20·202d·206c·6f77··mplexity.··-·low00694730:·6d70·6c65·7869·7479·0a20·202d·206c·6f77··mplexity.··-·low
00694740:·5f64·6973·7275·7074·696f·6e0a·2020·2d20··_disruption.··-·00694740:·5f64·6973·7275·7074·696f·6e0a·2020·2d20··_disruption.··-·
00694750:·6d65·6469·756d·5f73·6576·6572·6974·790a··medium_severity.00694750:·6d65·6469·756d·5f73·6576·6572·6974·790a··medium_severity.
00694760:·2020·2d20·6e6f·5f72·6562·6f6f·745f·6e65····-·no_reboot_ne00694760:·2020·2d20·6e6f·5f72·6562·6f6f·745f·6e65····-·no_reboot_ne
Max diff block lines reached; 1822/11068 bytes (16.46%) of diff not shown.
3.54 KB
html2text {}
    
Offset 44, 15 lines modifiedOffset 44, 15 lines modified
44 *****·Profile·Information·*****44 *****·Profile·Information·*****
45 Profile·Title·[DRAFT]·DISA·STIG·for·Red·Hat·Enterprise·Linux·945 Profile·Title·[DRAFT]·DISA·STIG·for·Red·Hat·Enterprise·Linux·9
46 Profile·ID····xccdf_org.ssgproject.content_profile_stig46 Profile·ID····xccdf_org.ssgproject.content_profile_stig
47 ***·CPE·Platforms·***47 ***·CPE·Platforms·***
48 ····*·cpe:/o:redhat:enterprise_linux:948 ····*·cpe:/o:redhat:enterprise_linux:9
49 *****·Revision·History·*****49 *****·Revision·History·*****
50 Current·version:·0.1.6550 Current·version:·0.1.65
51 ····*·draft·(as·of·2024-01-14)51 ····*·draft·(as·of·2025-02-15)
52 *****·Table·of·Contents·*****52 *****·Table·of·Contents·*****
53 ···1.·System_Settings53 ···1.·System_Settings
54 ·········1.·Installing_and_Maintaining_Software54 ·········1.·Installing_and_Maintaining_Software
55 ·········2.·Account_and_Access_Control55 ·········2.·Account_and_Access_Control
56 ·········3.·System_Accounting_with_auditd56 ·········3.·System_Accounting_with_auditd
57 ·········4.·GRUB2_bootloader_configuration57 ·········4.·GRUB2_bootloader_configuration
58 ·········5.·Configure_Syslog58 ·········5.·Configure_Syslog
Offset 73669, 16 lines modifiedOffset 73669, 16 lines modified
73669 ··-·no_reboot_needed73669 ··-·no_reboot_needed
  
73670 -·name:·Test·for·existence·/boot/grub2/grub.cfg73670 -·name:·Test·for·existence·/boot/grub2/grub.cfg
73671 ··stat:73671 ··stat:
73672 ····path:·/boot/grub2/grub.cfg73672 ····path:·/boot/grub2/grub.cfg
73673 ··register:·file_exists73673 ··register:·file_exists
73674 ··when:73674 ··when:
73675 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
73676 ··-·'"grub2-common"·in·ansible_facts.packages'73675 ··-·'"grub2-common"·in·ansible_facts.packages'
 73676 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
73677 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]73677 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
73678 ··tags:73678 ··tags:
73679 ··-·CCE-83848-273679 ··-·CCE-83848-2
73680 ··-·CJIS-5.5.2.273680 ··-·CJIS-5.5.2.2
73681 ··-·NIST-800-171-3.4.573681 ··-·NIST-800-171-3.4.5
73682 ··-·NIST-800-53-AC-6(1)73682 ··-·NIST-800-53-AC-6(1)
73683 ··-·NIST-800-53-CM-6(a)73683 ··-·NIST-800-53-CM-6(a)
Offset 73691, 16 lines modifiedOffset 73691, 16 lines modified
73691 ··-·no_reboot_needed73691 ··-·no_reboot_needed
  
73692 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg73692 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
73693 ··file:73693 ··file:
73694 ····path:·/boot/grub2/grub.cfg73694 ····path:·/boot/grub2/grub.cfg
73695 ····group:·'0'73695 ····group:·'0'
73696 ··when:73696 ··when:
73697 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
73698 ··-·'"grub2-common"·in·ansible_facts.packages'73697 ··-·'"grub2-common"·in·ansible_facts.packages'
 73698 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
73699 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]73699 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
73700 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists73700 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
73701 ··tags:73701 ··tags:
73702 ··-·CCE-83848-273702 ··-·CCE-83848-2
73703 ··-·CJIS-5.5.2.273703 ··-·CJIS-5.5.2.2
73704 ··-·NIST-800-171-3.4.573704 ··-·NIST-800-171-3.4.5
73705 ··-·NIST-800-53-AC-6(1)73705 ··-·NIST-800-53-AC-6(1)
Offset 73713, 15 lines modifiedOffset 73713, 15 lines modified
73713 ··-·medium_severity73713 ··-·medium_severity
73714 ··-·no_reboot_needed73714 ··-·no_reboot_needed
73715 Remediation_Shell_script_⇲73715 Remediation_Shell_script_⇲
73716 Complexity:·low73716 Complexity:·low
73717 Disruption:·low73717 Disruption:·low
73718 Strategy:···configure73718 Strategy:···configure
73719 #·Remediation·is·applicable·only·in·certain·platforms73719 #·Remediation·is·applicable·only·in·certain·platforms
73720 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then73720 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
73721 chgrp·0·/boot/grub2/grub.cfg73721 chgrp·0·/boot/grub2/grub.cfg
  
73722 else73722 else
73723 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'73723 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
73724 fi73724 fi
73725 ***·Rule  ·Set·the·Boot·Loader·Admin·Username·to·a·Non-Default·Value·  [ref]·***73725 ***·Rule  ·Set·the·Boot·Loader·Admin·Username·to·a·Non-Default·Value·  [ref]·***
Offset 90301, 27 lines modifiedOffset 90301, 27 lines modified
90301 ····lineinfile:90301 ····lineinfile:
90302 ······path:·/etc/postfix/main.cf90302 ······path:·/etc/postfix/main.cf
90303 ······create:·true90303 ······create:·true
90304 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*90304 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
90305 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject90305 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject
90306 ······state:·present90306 ······state:·present
90307 ··when:90307 ··when:
90308 ··-·'"postfix"·in·ansible_facts.packages' 
90309 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]90308 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 90309 ··-·'"postfix"·in·ansible_facts.packages'
90310 ··tags:90310 ··tags:
90311 ··-·CCE-87232-590311 ··-·CCE-87232-5
90312 ··-·low_complexity90312 ··-·low_complexity
90313 ··-·low_disruption90313 ··-·low_disruption
90314 ··-·medium_severity90314 ··-·medium_severity
90315 ··-·no_reboot_needed90315 ··-·no_reboot_needed
90316 ··-·postfix_prevent_unrestricted_relay90316 ··-·postfix_prevent_unrestricted_relay
90317 ··-·restrict_strategy90317 ··-·restrict_strategy
90318 Remediation_Shell_script_⇲90318 Remediation_Shell_script_⇲
90319 #·Remediation·is·applicable·only·in·certain·platforms90319 #·Remediation·is·applicable·only·in·certain·platforms
90320 if·rpm·--quiet·-q·postfix·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then90320 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·postfix;·then
  
90321 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then90321 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then
90322 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf90322 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf
90323 else90323 else
90324 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf90324 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf
90325 fi90325 fi
  
14.6 KB
./usr/share/doc/ssg-nondebian/ssg-rhel9-guide-stig_gui.html
    
Offset 14340, 15 lines modifiedOffset 14340, 15 lines modified
00038030:·746f·7279·3c2f·6832·3e3c·703e·4375·7272··tory</h2><p>Curr00038030:·746f·7279·3c2f·6832·3e3c·703e·4375·7272··tory</h2><p>Curr
00038040:·656e·7420·7665·7273·696f·6e3a·203c·7374··ent·version:·<st00038040:·656e·7420·7665·7273·696f·6e3a·203c·7374··ent·version:·<st
00038050:·726f·6e67·3e30·2e31·2e36·353c·2f73·7472··rong>0.1.65</str00038050:·726f·6e67·3e30·2e31·2e36·353c·2f73·7472··rong>0.1.65</str
00038060:·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c·693e··ong></p><ul><li>00038060:·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c·693e··ong></p><ul><li>
00038070:·3c73·7472·6f6e·673e·6472·6166·743c·2f73··<strong>draft</s00038070:·3c73·7472·6f6e·673e·6472·6166·743c·2f73··<strong>draft</s
00038080:·7472·6f6e·673e·0a20·2020·2020·2020·2020··trong>.·········00038080:·7472·6f6e·673e·0a20·2020·2020·2020·2020··trong>.·········
00038090:·2020·2020·2020·2020·2020·2028·6173·206f·············(as·o00038090:·2020·2020·2020·2020·2020·2028·6173·206f·············(as·o
000380a0:·6620·3230·3234·2d30·312d·3134·290a·2020··f·2024-01-14).··000380a0:·6620·3230·3235·2d30·322d·3135·290a·2020··f·2025-02-15).··
000380b0:·2020·2020·2020·2020·2020·2020·2020·3c2f················</000380b0:·2020·2020·2020·2020·2020·2020·2020·3c2f················</
000380c0:·6c69·3e3c·2f75·6c3e·3c2f·6469·763e·3c68··li></ul></div><h000380c0:·6c69·3e3c·2f75·6c3e·3c2f·6469·763e·3c68··li></ul></div><h
000380d0:·323e·5461·626c·6520·6f66·2043·6f6e·7465··2>Table·of·Conte000380d0:·323e·5461·626c·6520·6f66·2043·6f6e·7465··2>Table·of·Conte
000380e0:·6e74·733c·2f68·323e·3c6f·6c3e·3c6c·693e··nts</h2><ol><li>000380e0:·6e74·733c·2f68·323e·3c6f·6c3e·3c6c·693e··nts</h2><ol><li>
000380f0:·3c61·2068·7265·663d·2223·7863·6364·665f··<a·href="#xccdf_000380f0:·3c61·2068·7265·663d·2223·7863·6364·665f··<a·href="#xccdf_
00038100:·6f72·672e·7373·6770·726f·6a65·6374·2e63··org.ssgproject.c00038100:·6f72·672e·7373·6770·726f·6a65·6374·2e63··org.ssgproject.c
00038110:·6f6e·7465·6e74·5f67·726f·7570·5f73·7973··ontent_group_sys00038110:·6f6e·7465·6e74·5f67·726f·7570·5f73·7973··ontent_group_sys
Offset 317931, 22 lines modifiedOffset 317931, 22 lines modified
004d9ea0:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis004d9ea0:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis
004d9eb0:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub004d9eb0:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub
004d9ec0:·322f·6772·7562·2e63·6667·0a20·2073·7461··2/grub.cfg.··sta004d9ec0:·322f·6772·7562·2e63·6667·0a20·2073·7461··2/grub.cfg.··sta
004d9ed0:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo004d9ed0:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo
004d9ee0:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf004d9ee0:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
004d9ef0:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi004d9ef0:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi
004d9f00:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when004d9f00:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when
004d9f10:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef 
004d9f20:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl 
004d9f30:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a 
004d9f40:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount" 
004d9f50:·2920·7c20·6c69·7374·270a·2020·2d20·2722··)·|·list'.··-·'" 
004d9f60:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in 
004d9f70:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
004d9f80:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans004d9f10:·3a0a·2020·2d20·2722·6772·7562·322d·636f··:.··-·'"grub2-co
 004d9f20:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible
 004d9f30:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 004d9f40:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi
 004d9f50:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible
 004d9f60:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at
 004d9f70:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount")
 004d9f80:·207c·206c·6973·7427·0a20·202d·2061·6e73···|·list'.··-·ans
004d9f90:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat004d9f90:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
004d9fa0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·004d9fa0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
004d9fb0:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"004d9fb0:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
004d9fc0:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod004d9fc0:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
004d9fd0:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container004d9fd0:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
004d9fe0:·225d·0a20·2074·6167·733a·0a20·202d·2043··"].··tags:.··-·C004d9fe0:·225d·0a20·2074·6167·733a·0a20·202d·2043··"].··tags:.··-·C
004d9ff0:·4345·2d38·3338·3438·2d32·0a20·202d·2043··CE-83848-2.··-·C004d9ff0:·4345·2d38·3338·3438·2d32·0a20·202d·2043··CE-83848-2.··-·C
Offset 317968, 22 lines modifiedOffset 317968, 22 lines modified
004da0f0:·6d65·3a20·456e·7375·7265·2067·726f·7570··me:·Ensure·group004da0f0:·6d65·3a20·456e·7375·7265·2067·726f·7570··me:·Ensure·group
004da100:·206f·776e·6572·2030·206f·6e20·2f62·6f6f···owner·0·on·/boo004da100:·206f·776e·6572·2030·206f·6e20·2f62·6f6f···owner·0·on·/boo
004da110:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg004da110:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg
004da120:·0a20·2066·696c·653a·0a20·2020·2070·6174··.··file:.····pat004da120:·0a20·2066·696c·653a·0a20·2020·2070·6174··.··file:.····pat
004da130:·683a·202f·626f·6f74·2f67·7275·6232·2f67··h:·/boot/grub2/g004da130:·683a·202f·626f·6f74·2f67·7275·6232·2f67··h:·/boot/grub2/g
004da140:·7275·622e·6366·670a·2020·2020·6772·6f75··rub.cfg.····grou004da140:·7275·622e·6366·670a·2020·2020·6772·6f75··rub.cfg.····grou
004da150:·703a·2027·3027·0a20·2077·6865·6e3a·0a20··p:·'0'.··when:.·004da150:·703a·2027·3027·0a20·2077·6865·6e3a·0a20··p:·'0'.··when:.·
004da160:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"· 
004da170:·6e6f·7420·696e·2061·6e73·6962·6c65·5f6d··not·in·ansible_m 
004da180:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr 
004da190:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·| 
004da1a0:·206c·6973·7427·0a20·202d·2027·2267·7275···list'.··-·'"gru 
004da1b0:·6232·2d63·6f6d·6d6f·6e22·2069·6e20·616e··b2-common"·in·an 
004da1c0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack004da160:·202d·2027·2267·7275·6232·2d63·6f6d·6d6f···-·'"grub2-commo
 004da170:·6e22·2069·6e20·616e·7369·626c·655f·6661··n"·in·ansible_fa
 004da180:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
 004da190:·2d20·2722·2f62·6f6f·742f·6566·6922·206e··-·'"/boot/efi"·n
 004da1a0:·6f74·2069·6e20·616e·7369·626c·655f·6d6f··ot·in·ansible_mo
 004da1b0:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri
 004da1c0:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|·
004da1d0:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl004da1d0:·6c69·7374·270a·2020·2d20·616e·7369·626c··list'.··-·ansibl
004da1e0:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization004da1e0:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
004da1f0:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d004da1f0:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
004da200:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"004da200:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
004da210:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman004da210:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
004da220:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].004da220:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].
004da230:·2020·2d20·6669·6c65·5f65·7869·7374·732e····-·file_exists.004da230:·2020·2d20·6669·6c65·5f65·7869·7374·732e····-·file_exists.
004da240:·7374·6174·2069·7320·6465·6669·6e65·6420··stat·is·defined·004da240:·7374·6174·2069·7320·6465·6669·6e65·6420··stat·is·defined·
Offset 318034, 19 lines modifiedOffset 318034, 19 lines modified
004da510:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate004da510:·723e·3c74·723e·3c74·683e·5374·7261·7465··r><tr><th>Strate
004da520:·6779·3a3c·2f74·683e·3c74·643e·636f·6e66··gy:</th><td>conf004da520:·6779·3a3c·2f74·683e·3c74·643e·636f·6e66··gy:</th><td>conf
004da530:·6967·7572·653c·2f74·643e·3c2f·7472·3e3c··igure</td></tr><004da530:·6967·7572·653c·2f74·643e·3c2f·7472·3e3c··igure</td></tr><
004da540:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod004da540:·2f74·6162·6c65·3e3c·7072·653e·3c63·6f64··/table><pre><cod
004da550:·653e·2320·5265·6d65·6469·6174·696f·6e20··e>#·Remediation·004da550:·653e·2320·5265·6d65·6469·6174·696f·6e20··e>#·Remediation·
004da560:·6973·2061·7070·6c69·6361·626c·6520·6f6e··is·applicable·on004da560:·6973·2061·7070·6c69·6361·626c·6520·6f6e··is·applicable·on
004da570:·6c79·2069·6e20·6365·7274·6169·6e20·706c··ly·in·certain·pl004da570:·6c79·2069·6e20·6365·7274·6169·6e20·706c··ly·in·certain·pl
004da580:·6174·666f·726d·730a·6966·205b·2021·202d··atforms.if·[·!·-004da580:·6174·666f·726d·730a·6966·2072·706d·202d··atforms.if·rpm·-
004da590:·6620·2f73·7973·2f66·6972·6d77·6172·652f··f·/sys/firmware/ 
004da5a0:·6566·6920·5d20·2661·6d70·3b26·616d·703b··efi·]·&amp;&amp; 
004da5b0:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q· 
004da5c0:·6772·7562·322d·636f·6d6d·6f6e·2026·616d··grub2-common·&am004da590:·2d71·7569·6574·202d·7120·6772·7562·322d··-quiet·-q·grub2-
 004da5a0:·636f·6d6d·6f6e·2026·616d·703b·2661·6d70··common·&amp;&amp
 004da5b0:·3b20·5b20·2120·2d66·202f·7379·732f·6669··;·[·!·-f·/sys/fi
 004da5c0:·726d·7761·7265·2f65·6669·205d·2026·616d··rmware/efi·]·&am
004da5d0:·703b·2661·6d70·3b20·7b20·5b20·2120·2d66··p;&amp;·{·[·!·-f004da5d0:·703b·2661·6d70·3b20·7b20·5b20·2120·2d66··p;&amp;·{·[·!·-f
004da5e0:·202f·2e64·6f63·6b65·7265·6e76·205d·2026···/.dockerenv·]·&004da5e0:·202f·2e64·6f63·6b65·7265·6e76·205d·2026···/.dockerenv·]·&
004da5f0:·616d·703b·2661·6d70·3b20·5b20·2120·2d66··amp;&amp;·[·!·-f004da5f0:·616d·703b·2661·6d70·3b20·5b20·2120·2d66··amp;&amp;·[·!·-f
004da600:·202f·7275·6e2f·2e63·6f6e·7461·696e·6572···/run/.container004da600:·202f·7275·6e2f·2e63·6f6e·7461·696e·6572···/run/.container
004da610:·656e·7620·5d3b·207d·3b20·7468·656e·0a0a··env·];·};·then..004da610:·656e·7620·5d3b·207d·3b20·7468·656e·0a0a··env·];·};·then..
004da620:·6368·6772·7020·3020·2f62·6f6f·742f·6772··chgrp·0·/boot/gr004da620:·6368·6772·7020·3020·2f62·6f6f·742f·6772··chgrp·0·/boot/gr
004da630:·7562·322f·6772·7562·2e63·6667·0a0a·656c··ub2/grub.cfg..el004da630:·7562·322f·6772·7562·2e63·6667·0a0a·656c··ub2/grub.cfg..el
Offset 430845, 23 lines modifiedOffset 430845, 23 lines modified
00692fc0:·7269·6374·696f·6e73·5c73·2a3d·5c73·2a0a··rictions\s*=\s*.00692fc0:·7269·6374·696f·6e73·5c73·2a3d·5c73·2a0a··rictions\s*=\s*.
00692fd0:·2020·2020·2020·6c69·6e65·3a20·736d·7470········line:·smtp00692fd0:·2020·2020·2020·6c69·6e65·3a20·736d·7470········line:·smtp
00692fe0:·645f·636c·6965·6e74·5f72·6573·7472·6963··d_client_restric00692fe0:·645f·636c·6965·6e74·5f72·6573·7472·6963··d_client_restric
00692ff0:·7469·6f6e·7320·3d20·7065·726d·6974·5f6d··tions·=·permit_m00692ff0:·7469·6f6e·7320·3d20·7065·726d·6974·5f6d··tions·=·permit_m
00693000:·796e·6574·776f·726b·732c·7265·6a65·6374··ynetworks,reject00693000:·796e·6574·776f·726b·732c·7265·6a65·6374··ynetworks,reject
00693010:·0a20·2020·2020·2073·7461·7465·3a20·7072··.······state:·pr00693010:·0a20·2020·2020·2073·7461·7465·3a20·7072··.······state:·pr
00693020:·6573·656e·740a·2020·7768·656e·3a0a·2020··esent.··when:.··00693020:·6573·656e·740a·2020·7768·656e·3a0a·2020··esent.··when:.··
00693030:·2d20·2722·706f·7374·6669·7822·2069·6e20··-·'"postfix"·in· 
00693040:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa 
00693050:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi 
00693060:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati 
00693070:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[ 
00693080:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc", 
00693090:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm 
006930a0:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"00693030:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
 00693040:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
 00693050:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
 00693060:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
 00693070:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
 00693080:·6169·6e65·7222·5d0a·2020·2d20·2722·706f··ainer"].··-·'"po
 00693090:·7374·6669·7822·2069·6e20·616e·7369·626c··stfix"·in·ansibl
 006930a0:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
006930b0:·5d0a·2020·7461·6773·3a0a·2020·2d20·4343··].··tags:.··-·CC006930b0:·270a·2020·7461·6773·3a0a·2020·2d20·4343··'.··tags:.··-·CC
006930c0:·452d·3837·3233·322d·350a·2020·2d20·6c6f··E-87232-5.··-·lo006930c0:·452d·3837·3233·322d·350a·2020·2d20·6c6f··E-87232-5.··-·lo
006930d0:·775f·636f·6d70·6c65·7869·7479·0a20·202d··w_complexity.··-006930d0:·775f·636f·6d70·6c65·7869·7479·0a20·202d··w_complexity.··-
006930e0:·206c·6f77·5f64·6973·7275·7074·696f·6e0a···low_disruption.006930e0:·206c·6f77·5f64·6973·7275·7074·696f·6e0a···low_disruption.
006930f0:·2020·2d20·6d65·6469·756d·5f73·6576·6572····-·medium_sever006930f0:·2020·2d20·6d65·6469·756d·5f73·6576·6572····-·medium_sever
00693100:·6974·790a·2020·2d20·6e6f·5f72·6562·6f6f··ity.··-·no_reboo00693100:·6974·790a·2020·2d20·6e6f·5f72·6562·6f6f··ity.··-·no_reboo
00693110:·745f·6e65·6564·6564·0a20·202d·2070·6f73··t_needed.··-·pos00693110:·745f·6e65·6564·6564·0a20·202d·2070·6f73··t_needed.··-·pos
Max diff block lines reached; 1960/11206 bytes (17.49%) of diff not shown.
3.55 KB
html2text {}
    
Offset 51, 15 lines modifiedOffset 51, 15 lines modified
51 *****·Profile·Information·*****51 *****·Profile·Information·*****
52 Profile·Title·[DRAFT]·DISA·STIG·with·GUI·for·Red·Hat·Enterprise·Linux·952 Profile·Title·[DRAFT]·DISA·STIG·with·GUI·for·Red·Hat·Enterprise·Linux·9
53 Profile·ID····xccdf_org.ssgproject.content_profile_stig_gui53 Profile·ID····xccdf_org.ssgproject.content_profile_stig_gui
54 ***·CPE·Platforms·***54 ***·CPE·Platforms·***
55 ····*·cpe:/o:redhat:enterprise_linux:955 ····*·cpe:/o:redhat:enterprise_linux:9
56 *****·Revision·History·*****56 *****·Revision·History·*****
57 Current·version:·0.1.6557 Current·version:·0.1.65
58 ····*·draft·(as·of·2024-01-14)58 ····*·draft·(as·of·2025-02-15)
59 *****·Table·of·Contents·*****59 *****·Table·of·Contents·*****
60 ···1.·System_Settings60 ···1.·System_Settings
61 ·········1.·Installing_and_Maintaining_Software61 ·········1.·Installing_and_Maintaining_Software
62 ·········2.·Account_and_Access_Control62 ·········2.·Account_and_Access_Control
63 ·········3.·System_Accounting_with_auditd63 ·········3.·System_Accounting_with_auditd
64 ·········4.·GRUB2_bootloader_configuration64 ·········4.·GRUB2_bootloader_configuration
65 ·········5.·Configure_Syslog65 ·········5.·Configure_Syslog
Offset 73593, 16 lines modifiedOffset 73593, 16 lines modified
73593 ··-·no_reboot_needed73593 ··-·no_reboot_needed
  
73594 -·name:·Test·for·existence·/boot/grub2/grub.cfg73594 -·name:·Test·for·existence·/boot/grub2/grub.cfg
73595 ··stat:73595 ··stat:
73596 ····path:·/boot/grub2/grub.cfg73596 ····path:·/boot/grub2/grub.cfg
73597 ··register:·file_exists73597 ··register:·file_exists
73598 ··when:73598 ··when:
73599 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
73600 ··-·'"grub2-common"·in·ansible_facts.packages'73599 ··-·'"grub2-common"·in·ansible_facts.packages'
 73600 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
73601 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]73601 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
73602 ··tags:73602 ··tags:
73603 ··-·CCE-83848-273603 ··-·CCE-83848-2
73604 ··-·CJIS-5.5.2.273604 ··-·CJIS-5.5.2.2
73605 ··-·NIST-800-171-3.4.573605 ··-·NIST-800-171-3.4.5
73606 ··-·NIST-800-53-AC-6(1)73606 ··-·NIST-800-53-AC-6(1)
73607 ··-·NIST-800-53-CM-6(a)73607 ··-·NIST-800-53-CM-6(a)
Offset 73615, 16 lines modifiedOffset 73615, 16 lines modified
73615 ··-·no_reboot_needed73615 ··-·no_reboot_needed
  
73616 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg73616 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
73617 ··file:73617 ··file:
73618 ····path:·/boot/grub2/grub.cfg73618 ····path:·/boot/grub2/grub.cfg
73619 ····group:·'0'73619 ····group:·'0'
73620 ··when:73620 ··when:
73621 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
73622 ··-·'"grub2-common"·in·ansible_facts.packages'73621 ··-·'"grub2-common"·in·ansible_facts.packages'
 73622 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
73623 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]73623 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
73624 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists73624 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
73625 ··tags:73625 ··tags:
73626 ··-·CCE-83848-273626 ··-·CCE-83848-2
73627 ··-·CJIS-5.5.2.273627 ··-·CJIS-5.5.2.2
73628 ··-·NIST-800-171-3.4.573628 ··-·NIST-800-171-3.4.5
73629 ··-·NIST-800-53-AC-6(1)73629 ··-·NIST-800-53-AC-6(1)
Offset 73637, 15 lines modifiedOffset 73637, 15 lines modified
73637 ··-·medium_severity73637 ··-·medium_severity
73638 ··-·no_reboot_needed73638 ··-·no_reboot_needed
73639 Remediation_Shell_script_⇲73639 Remediation_Shell_script_⇲
73640 Complexity:·low73640 Complexity:·low
73641 Disruption:·low73641 Disruption:·low
73642 Strategy:···configure73642 Strategy:···configure
73643 #·Remediation·is·applicable·only·in·certain·platforms73643 #·Remediation·is·applicable·only·in·certain·platforms
73644 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then73644 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
73645 chgrp·0·/boot/grub2/grub.cfg73645 chgrp·0·/boot/grub2/grub.cfg
  
73646 else73646 else
73647 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'73647 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
73648 fi73648 fi
73649 ***·Rule  ·Set·the·Boot·Loader·Admin·Username·to·a·Non-Default·Value·  [ref]·***73649 ***·Rule  ·Set·the·Boot·Loader·Admin·Username·to·a·Non-Default·Value·  [ref]·***
Offset 90225, 27 lines modifiedOffset 90225, 27 lines modified
90225 ····lineinfile:90225 ····lineinfile:
90226 ······path:·/etc/postfix/main.cf90226 ······path:·/etc/postfix/main.cf
90227 ······create:·true90227 ······create:·true
90228 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*90228 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
90229 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject90229 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject
90230 ······state:·present90230 ······state:·present
90231 ··when:90231 ··when:
90232 ··-·'"postfix"·in·ansible_facts.packages' 
90233 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]90232 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 90233 ··-·'"postfix"·in·ansible_facts.packages'
90234 ··tags:90234 ··tags:
90235 ··-·CCE-87232-590235 ··-·CCE-87232-5
90236 ··-·low_complexity90236 ··-·low_complexity
90237 ··-·low_disruption90237 ··-·low_disruption
90238 ··-·medium_severity90238 ··-·medium_severity
90239 ··-·no_reboot_needed90239 ··-·no_reboot_needed
90240 ··-·postfix_prevent_unrestricted_relay90240 ··-·postfix_prevent_unrestricted_relay
90241 ··-·restrict_strategy90241 ··-·restrict_strategy
90242 Remediation_Shell_script_⇲90242 Remediation_Shell_script_⇲
90243 #·Remediation·is·applicable·only·in·certain·platforms90243 #·Remediation·is·applicable·only·in·certain·platforms
90244 if·rpm·--quiet·-q·postfix·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then90244 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·postfix;·then
  
90245 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then90245 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then
90246 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf90246 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf
90247 else90247 else
90248 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf90248 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf
90249 fi90249 fi
  
1.97 KB
./usr/share/doc/ssg-nondebian/ssg-rhv4-guide-pci-dss.html
    
Offset 14300, 16 lines modifiedOffset 14300, 16 lines modified
00037db0:·6973·696f·6e20·4869·7374·6f72·793c·2f68··ision·History</h00037db0:·6973·696f·6e20·4869·7374·6f72·793c·2f68··ision·History</h
00037dc0:·323e·3c70·3e43·7572·7265·6e74·2076·6572··2><p>Current·ver00037dc0:·323e·3c70·3e43·7572·7265·6e74·2076·6572··2><p>Current·ver
00037dd0:·7369·6f6e·3a20·3c73·7472·6f6e·673e·302e··sion:·<strong>0.00037dd0:·7369·6f6e·3a20·3c73·7472·6f6e·673e·302e··sion:·<strong>0.
00037de0:·312e·3635·3c2f·7374·726f·6e67·3e3c·2f70··1.65</strong></p00037de0:·312e·3635·3c2f·7374·726f·6e67·3e3c·2f70··1.65</strong></p
00037df0:·3e3c·756c·3e3c·6c69·3e3c·7374·726f·6e67··><ul><li><strong00037df0:·3e3c·756c·3e3c·6c69·3e3c·7374·726f·6e67··><ul><li><strong
00037e00:·3e64·7261·6674·3c2f·7374·726f·6e67·3e0a··>draft</strong>.00037e00:·3e64·7261·6674·3c2f·7374·726f·6e67·3e0a··>draft</strong>.
00037e10:·2020·2020·2020·2020·2020·2020·2020·2020··················00037e10:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037e20:·2020·2020·2861·7320·6f66·2032·3032·342d······(as·of·2024-00037e20:·2020·2020·2861·7320·6f66·2032·3032·352d······(as·of·2025-
00037e30:·3031·2d31·3429·0a20·2020·2020·2020·2020··01-14).·········00037e30:·3032·2d31·3529·0a20·2020·2020·2020·2020··02-15).·········
00037e40:·2020·2020·2020·203c·2f6c·693e·3c2f·756c·········</li></ul00037e40:·2020·2020·2020·203c·2f6c·693e·3c2f·756c·········</li></ul
00037e50:·3e3c·2f64·6976·3e3c·6832·3e54·6162·6c65··></div><h2>Table00037e50:·3e3c·2f64·6976·3e3c·6832·3e54·6162·6c65··></div><h2>Table
00037e60:·206f·6620·436f·6e74·656e·7473·3c2f·6832···of·Contents</h200037e60:·206f·6620·436f·6e74·656e·7473·3c2f·6832···of·Contents</h2
00037e70:·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872·6566··><ol><li><a·href00037e70:·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872·6566··><ol><li><a·href
00037e80:·3d22·2378·6363·6466·5f6f·7267·2e73·7367··="#xccdf_org.ssg00037e80:·3d22·2378·6363·6466·5f6f·7267·2e73·7367··="#xccdf_org.ssg
00037e90:·7072·6f6a·6563·742e·636f·6e74·656e·745f··project.content_00037e90:·7072·6f6a·6563·742e·636f·6e74·656e·745f··project.content_
00037ea0:·6772·6f75·705f·7379·7374·656d·223e·5379··group_system">Sy00037ea0:·6772·6f75·705f·7379·7374·656d·223e·5379··group_system">Sy
637 B
html2text {}
    
Offset 39, 15 lines modifiedOffset 39, 15 lines modified
39 ··············(RHVH)39 ··············(RHVH)
40 Profile·ID····xccdf_org.ssgproject.content_profile_pci-dss40 Profile·ID····xccdf_org.ssgproject.content_profile_pci-dss
41 ***·CPE·Platforms·***41 ***·CPE·Platforms·***
42 ····*·cpe:/o:redhat:enterprise_linux:8::hypervisor42 ····*·cpe:/o:redhat:enterprise_linux:8::hypervisor
43 ····*·cpe:/a:redhat:enterprise_virtualization_manager:443 ····*·cpe:/a:redhat:enterprise_virtualization_manager:4
44 *****·Revision·History·*****44 *****·Revision·History·*****
45 Current·version:·0.1.6545 Current·version:·0.1.65
46 ····*·draft·(as·of·2024-01-14)46 ····*·draft·(as·of·2025-02-15)
47 *****·Table·of·Contents·*****47 *****·Table·of·Contents·*****
48 ···1.·System_Settings48 ···1.·System_Settings
49 ·········1.·Installing_and_Maintaining_Software49 ·········1.·Installing_and_Maintaining_Software
50 ·········2.·Account_and_Access_Control50 ·········2.·Account_and_Access_Control
51 ·········3.·System_Accounting_with_auditd51 ·········3.·System_Accounting_with_auditd
52 ·········4.·GRUB2_bootloader_configuration52 ·········4.·GRUB2_bootloader_configuration
53 ·········5.·Configure_Syslog53 ·········5.·Configure_Syslog
1.89 KB
./usr/share/doc/ssg-nondebian/ssg-rhv4-guide-rhvh-stig.html
    
Offset 14302, 15 lines modifiedOffset 14302, 15 lines modified
00037dd0:·6973·746f·7279·3c2f·6832·3e3c·703e·4375··istory</h2><p>Cu00037dd0:·6973·746f·7279·3c2f·6832·3e3c·703e·4375··istory</h2><p>Cu
00037de0:·7272·656e·7420·7665·7273·696f·6e3a·203c··rrent·version:·<00037de0:·7272·656e·7420·7665·7273·696f·6e3a·203c··rrent·version:·<
00037df0:·7374·726f·6e67·3e30·2e31·2e36·353c·2f73··strong>0.1.65</s00037df0:·7374·726f·6e67·3e30·2e31·2e36·353c·2f73··strong>0.1.65</s
00037e00:·7472·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c··trong></p><ul><l00037e00:·7472·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c··trong></p><ul><l
00037e10:·693e·3c73·7472·6f6e·673e·6472·6166·743c··i><strong>draft<00037e10:·693e·3c73·7472·6f6e·673e·6472·6166·743c··i><strong>draft<
00037e20:·2f73·7472·6f6e·673e·0a20·2020·2020·2020··/strong>.·······00037e20:·2f73·7472·6f6e·673e·0a20·2020·2020·2020··/strong>.·······
00037e30:·2020·2020·2020·2020·2020·2020·2028·6173···············(as00037e30:·2020·2020·2020·2020·2020·2020·2028·6173···············(as
00037e40:·206f·6620·3230·3234·2d30·312d·3134·290a···of·2024-01-14).00037e40:·206f·6620·3230·3235·2d30·322d·3135·290a···of·2025-02-15).
00037e50:·2020·2020·2020·2020·2020·2020·2020·2020··················00037e50:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037e60:·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469·763e··</li></ul></div>00037e60:·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469·763e··</li></ul></div>
00037e70:·3c68·323e·5461·626c·6520·6f66·2043·6f6e··<h2>Table·of·Con00037e70:·3c68·323e·5461·626c·6520·6f66·2043·6f6e··<h2>Table·of·Con
00037e80:·7465·6e74·733c·2f68·323e·3c6f·6c3e·3c6c··tents</h2><ol><l00037e80:·7465·6e74·733c·2f68·323e·3c6f·6c3e·3c6c··tents</h2><ol><l
00037e90:·693e·3c61·2068·7265·663d·2223·7863·6364··i><a·href="#xccd00037e90:·693e·3c61·2068·7265·663d·2223·7863·6364··i><a·href="#xccd
00037ea0:·665f·6f72·672e·7373·6770·726f·6a65·6374··f_org.ssgproject00037ea0:·665f·6f72·672e·7373·6770·726f·6a65·6374··f_org.ssgproject
00037eb0:·2e63·6f6e·7465·6e74·5f67·726f·7570·5f73··.content_group_s00037eb0:·2e63·6f6e·7465·6e74·5f67·726f·7570·5f73··.content_group_s
689 B
html2text {}
    
Offset 38, 15 lines modifiedOffset 38, 15 lines modified
38 Profile·Title·[DRAFT]·DISA·STIG·for·Red·Hat·Virtualization·Host·(RHVH)38 Profile·Title·[DRAFT]·DISA·STIG·for·Red·Hat·Virtualization·Host·(RHVH)
39 Profile·ID····xccdf_org.ssgproject.content_profile_rhvh-stig39 Profile·ID····xccdf_org.ssgproject.content_profile_rhvh-stig
40 ***·CPE·Platforms·***40 ***·CPE·Platforms·***
41 ····*·cpe:/o:redhat:enterprise_linux:8::hypervisor41 ····*·cpe:/o:redhat:enterprise_linux:8::hypervisor
42 ····*·cpe:/a:redhat:enterprise_virtualization_manager:442 ····*·cpe:/a:redhat:enterprise_virtualization_manager:4
43 *****·Revision·History·*****43 *****·Revision·History·*****
44 Current·version:·0.1.6544 Current·version:·0.1.65
45 ····*·draft·(as·of·2024-01-14)45 ····*·draft·(as·of·2025-02-15)
46 *****·Table·of·Contents·*****46 *****·Table·of·Contents·*****
47 ···1.·System_Settings47 ···1.·System_Settings
48 ·········1.·Installing_and_Maintaining_Software48 ·········1.·Installing_and_Maintaining_Software
49 ·········2.·Account_and_Access_Control49 ·········2.·Account_and_Access_Control
50 ·········3.·System_Accounting_with_auditd50 ·········3.·System_Accounting_with_auditd
51 ·········4.·GRUB2_bootloader_configuration51 ·········4.·GRUB2_bootloader_configuration
52 ·········5.·Configure_Syslog52 ·········5.·Configure_Syslog
1.88 KB
./usr/share/doc/ssg-nondebian/ssg-rhv4-guide-rhvh-vpp.html
    
Offset 14383, 15 lines modifiedOffset 14383, 15 lines modified
000382e0:·6973·746f·7279·3c2f·6832·3e3c·703e·4375··istory</h2><p>Cu000382e0:·6973·746f·7279·3c2f·6832·3e3c·703e·4375··istory</h2><p>Cu
000382f0:·7272·656e·7420·7665·7273·696f·6e3a·203c··rrent·version:·<000382f0:·7272·656e·7420·7665·7273·696f·6e3a·203c··rrent·version:·<
00038300:·7374·726f·6e67·3e30·2e31·2e36·353c·2f73··strong>0.1.65</s00038300:·7374·726f·6e67·3e30·2e31·2e36·353c·2f73··strong>0.1.65</s
00038310:·7472·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c··trong></p><ul><l00038310:·7472·6f6e·673e·3c2f·703e·3c75·6c3e·3c6c··trong></p><ul><l
00038320:·693e·3c73·7472·6f6e·673e·6472·6166·743c··i><strong>draft<00038320:·693e·3c73·7472·6f6e·673e·6472·6166·743c··i><strong>draft<
00038330:·2f73·7472·6f6e·673e·0a20·2020·2020·2020··/strong>.·······00038330:·2f73·7472·6f6e·673e·0a20·2020·2020·2020··/strong>.·······
00038340:·2020·2020·2020·2020·2020·2020·2028·6173···············(as00038340:·2020·2020·2020·2020·2020·2020·2028·6173···············(as
00038350:·206f·6620·3230·3234·2d30·312d·3134·290a···of·2024-01-14).00038350:·206f·6620·3230·3235·2d30·322d·3135·290a···of·2025-02-15).
00038360:·2020·2020·2020·2020·2020·2020·2020·2020··················00038360:·2020·2020·2020·2020·2020·2020·2020·2020··················
00038370:·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469·763e··</li></ul></div>00038370:·3c2f·6c69·3e3c·2f75·6c3e·3c2f·6469·763e··</li></ul></div>
00038380:·3c68·323e·5461·626c·6520·6f66·2043·6f6e··<h2>Table·of·Con00038380:·3c68·323e·5461·626c·6520·6f66·2043·6f6e··<h2>Table·of·Con
00038390:·7465·6e74·733c·2f68·323e·3c6f·6c3e·3c6c··tents</h2><ol><l00038390:·7465·6e74·733c·2f68·323e·3c6f·6c3e·3c6c··tents</h2><ol><l
000383a0:·693e·3c61·2068·7265·663d·2223·7863·6364··i><a·href="#xccd000383a0:·693e·3c61·2068·7265·663d·2223·7863·6364··i><a·href="#xccd
000383b0:·665f·6f72·672e·7373·6770·726f·6a65·6374··f_org.ssgproject000383b0:·665f·6f72·672e·7373·6770·726f·6a65·6374··f_org.ssgproject
000383c0:·2e63·6f6e·7465·6e74·5f67·726f·7570·5f73··.content_group_s000383c0:·2e63·6f6e·7465·6e74·5f67·726f·7570·5f73··.content_group_s
677 B
html2text {}
    
Offset 59, 15 lines modifiedOffset 59, 15 lines modified
59 ··············Virtualization·Host·(RHVH)59 ··············Virtualization·Host·(RHVH)
60 Profile·ID····xccdf_org.ssgproject.content_profile_rhvh-vpp60 Profile·ID····xccdf_org.ssgproject.content_profile_rhvh-vpp
61 ***·CPE·Platforms·***61 ***·CPE·Platforms·***
62 ····*·cpe:/o:redhat:enterprise_linux:8::hypervisor62 ····*·cpe:/o:redhat:enterprise_linux:8::hypervisor
63 ····*·cpe:/a:redhat:enterprise_virtualization_manager:463 ····*·cpe:/a:redhat:enterprise_virtualization_manager:4
64 *****·Revision·History·*****64 *****·Revision·History·*****
65 Current·version:·0.1.6565 Current·version:·0.1.65
66 ····*·draft·(as·of·2024-01-14)66 ····*·draft·(as·of·2025-02-15)
67 *****·Table·of·Contents·*****67 *****·Table·of·Contents·*****
68 ···1.·System_Settings68 ···1.·System_Settings
69 ·········1.·Installing_and_Maintaining_Software69 ·········1.·Installing_and_Maintaining_Software
70 ·········2.·Account_and_Access_Control70 ·········2.·Account_and_Access_Control
71 ·········3.·System_Accounting_with_auditd71 ·········3.·System_Accounting_with_auditd
72 ·········4.·GRUB2_bootloader_configuration72 ·········4.·GRUB2_bootloader_configuration
73 ·········5.·Network_Configuration_and_Firewalls73 ·········5.·Network_Configuration_and_Firewalls
541 KB
./usr/share/doc/ssg-nondebian/ssg-sl7-guide-pci-dss.html
    
Offset 14483, 16 lines modifiedOffset 14483, 16 lines modified
00038920:·7669·7369·6f6e·2048·6973·746f·7279·3c2f··vision·History</00038920:·7669·7369·6f6e·2048·6973·746f·7279·3c2f··vision·History</
00038930:·6832·3e3c·703e·4375·7272·656e·7420·7665··h2><p>Current·ve00038930:·6832·3e3c·703e·4375·7272·656e·7420·7665··h2><p>Current·ve
00038940:·7273·696f·6e3a·203c·7374·726f·6e67·3e30··rsion:·<strong>000038940:·7273·696f·6e3a·203c·7374·726f·6e67·3e30··rsion:·<strong>0
00038950:·2e31·2e36·353c·2f73·7472·6f6e·673e·3c2f··.1.65</strong></00038950:·2e31·2e36·353c·2f73·7472·6f6e·673e·3c2f··.1.65</strong></
00038960:·703e·3c75·6c3e·3c6c·693e·3c73·7472·6f6e··p><ul><li><stron00038960:·703e·3c75·6c3e·3c6c·693e·3c73·7472·6f6e··p><ul><li><stron
00038970:·673e·6472·6166·743c·2f73·7472·6f6e·673e··g>draft</strong>00038970:·673e·6472·6166·743c·2f73·7472·6f6e·673e··g>draft</strong>
00038980:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············00038980:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············
00038990:·2020·2020·2028·6173·206f·6620·3230·3234·······(as·of·202400038990:·2020·2020·2028·6173·206f·6620·3230·3235·······(as·of·2025
000389a0:·2d30·312d·3134·290a·2020·2020·2020·2020··-01-14).········000389a0:·2d30·322d·3135·290a·2020·2020·2020·2020··-02-15).········
000389b0:·2020·2020·2020·2020·3c2f·6c69·3e3c·2f75··········</li></u000389b0:·2020·2020·2020·2020·3c2f·6c69·3e3c·2f75··········</li></u
000389c0:·6c3e·3c2f·6469·763e·3c68·323e·5461·626c··l></div><h2>Tabl000389c0:·6c3e·3c2f·6469·763e·3c68·323e·5461·626c··l></div><h2>Tabl
000389d0:·6520·6f66·2043·6f6e·7465·6e74·733c·2f68··e·of·Contents</h000389d0:·6520·6f66·2043·6f6e·7465·6e74·733c·2f68··e·of·Contents</h
000389e0:·323e·3c6f·6c3e·3c6c·693e·3c61·2068·7265··2><ol><li><a·hre000389e0:·323e·3c6f·6c3e·3c6c·693e·3c61·2068·7265··2><ol><li><a·hre
000389f0:·663d·2223·7863·6364·665f·6f72·672e·7373··f="#xccdf_org.ss000389f0:·663d·2223·7863·6364·665f·6f72·672e·7373··f="#xccdf_org.ss
00038a00:·6770·726f·6a65·6374·2e63·6f6e·7465·6e74··gproject.content00038a00:·6770·726f·6a65·6374·2e63·6f6e·7465·6e74··gproject.content
00038a10:·5f67·726f·7570·5f73·7973·7465·6d22·3e53··_group_system">S00038a10:·5f67·726f·7570·5f73·7973·7465·6d22·3e53··_group_system">S
Offset 48576, 23 lines modifiedOffset 48576, 23 lines modified
000bdbf0:·6564·0a20·202d·2072·6573·7472·6963·745f··ed.··-·restrict_000bdbf0:·6564·0a20·202d·2072·6573·7472·6963·745f··ed.··-·restrict_
000bdc00:·7374·7261·7465·6779·0a0a·2d20·6e61·6d65··strategy..-·name000bdc00:·7374·7261·7465·6779·0a0a·2d20·6e61·6d65··strategy..-·name
000bdc10:·3a20·5365·7420·6172·6368·6974·6563·7475··:·Set·architectu000bdc10:·3a20·5365·7420·6172·6368·6974·6563·7475··:·Set·architectu
000bdc20:·7265·2066·6f72·2061·7564·6974·2063·686d··re·for·audit·chm000bdc20:·7265·2066·6f72·2061·7564·6974·2063·686d··re·for·audit·chm
000bdc30:·6f64·2074·6173·6b73·0a20·2073·6574·5f66··od·tasks.··set_f000bdc30:·6f64·2074·6173·6b73·0a20·2073·6574·5f66··od·tasks.··set_f
000bdc40:·6163·743a·0a20·2020·2061·7564·6974·5f61··act:.····audit_a000bdc40:·6163·743a·0a20·2020·2061·7564·6974·5f61··act:.····audit_a
000bdc50:·7263·683a·2062·3634·0a20·2077·6865·6e3a··rch:·b64.··when:000bdc50:·7263·683a·2062·3634·0a20·2077·6865·6e3a··rch:·b64.··when:
000bdc60:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir 
000bdc70:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type 
000bdc80:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker 
000bdc90:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv 
000bdca0:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c 
000bdcb0:·6f6e·7461·696e·6572·225d·0a20·202d·2027··ontainer"].··-·' 
000bdcc0:·2261·7564·6974·2220·696e·2061·6e73·6962··"audit"·in·ansib 
000bdcd0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package000bdc60:·0a20·202d·2027·2261·7564·6974·2220·696e··.··-·'"audit"·in
 000bdc70:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p
 000bdc80:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans
 000bdc90:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
 000bdca0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
 000bdcb0:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
 000bdcc0:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
 000bdcd0:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
000bdce0:·7327·0a20·202d·2061·6e73·6962·6c65·5f61··s'.··-·ansible_a000bdce0:·225d·0a20·202d·2061·6e73·6962·6c65·5f61··"].··-·ansible_a
000bdcf0:·7263·6869·7465·6374·7572·6520·3d3d·2022··rchitecture·==·"000bdcf0:·7263·6869·7465·6374·7572·6520·3d3d·2022··rchitecture·==·"
000bdd00:·6161·7263·6836·3422·206f·7220·616e·7369··aarch64"·or·ansi000bdd00:·6161·7263·6836·3422·206f·7220·616e·7369··aarch64"·or·ansi
000bdd10:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture000bdd10:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture
000bdd20:·203d·3d20·2270·7063·3634·2220·6f72·2061···==·"ppc64"·or·a000bdd20:·203d·3d20·2270·7063·3634·2220·6f72·2061···==·"ppc64"·or·a
000bdd30:·6e73·6962·6c65·5f61·7263·6869·7465·6374··nsible_architect000bdd30:·6e73·6962·6c65·5f61·7263·6869·7465·6374··nsible_architect
000bdd40:·7572·650a·2020·2020·3d3d·2022·7070·6336··ure.····==·"ppc6000bdd40:·7572·650a·2020·2020·3d3d·2022·7070·6336··ure.····==·"ppc6
000bdd50:·346c·6522·206f·7220·616e·7369·626c·655f··4le"·or·ansible_000bdd50:·346c·6522·206f·7220·616e·7369·626c·655f··4le"·or·ansible_
Offset 48899, 23 lines modifiedOffset 48899, 23 lines modified
000bf020:·793d·7065·726d·5f6d·6f64·0a20·2020·2020··y=perm_mod.·····000bf020:·793d·7065·726d·5f6d·6f64·0a20·2020·2020··y=perm_mod.·····
000bf030:·2063·7265·6174·653a·2074·7275·650a·2020···create:·true.··000bf030:·2063·7265·6174·653a·2074·7275·650a·2020···create:·true.··
000bf040:·2020·2020·6d6f·6465·3a20·6f2d·7277·780a······mode:·o-rwx.000bf040:·2020·2020·6d6f·6465·3a20·6f2d·7277·780a······mode:·o-rwx.
000bf050:·2020·2020·2020·7374·6174·653a·2070·7265········state:·pre000bf050:·2020·2020·2020·7374·6174·653a·2070·7265········state:·pre
000bf060:·7365·6e74·0a20·2020·2077·6865·6e3a·2073··sent.····when:·s000bf060:·7365·6e74·0a20·2020·2077·6865·6e3a·2073··sent.····when:·s
000bf070:·7973·6361·6c6c·735f·666f·756e·6420·7c20··yscalls_found·|·000bf070:·7973·6361·6c6c·735f·666f·756e·6420·7c20··yscalls_found·|·
000bf080:·6c65·6e67·7468·203d·3d20·300a·2020·7768··length·==·0.··wh000bf080:·6c65·6e67·7468·203d·3d20·300a·2020·7768··length·==·0.··wh
000bf090:·656e·3a0a·2020·2d20·616e·7369·626c·655f··en:.··-·ansible_ 
000bf0a0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t 
000bf0b0:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc 
000bf0c0:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op 
000bf0d0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman", 
000bf0e0:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].·· 
000bf0f0:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an 
000bf100:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack000bf090:·656e·3a0a·2020·2d20·2722·6175·6469·7422··en:.··-·'"audit"
 000bf0a0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 000bf0b0:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·
 000bf0c0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
 000bf0d0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
 000bf0e0:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
 000bf0f0:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
 000bf100:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
000bf110:·6167·6573·270a·2020·7461·6773·3a0a·2020··ages'.··tags:.··000bf110:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··
000bf120:·2d20·434a·4953·2d35·2e34·2e31·2e31·0a20··-·CJIS-5.4.1.1.·000bf120:·2d20·434a·4953·2d35·2e34·2e31·2e31·0a20··-·CJIS-5.4.1.1.·
000bf130:·202d·2044·4953·412d·5354·4947·2d52·4845···-·DISA-STIG-RHE000bf130:·202d·2044·4953·412d·5354·4947·2d52·4845···-·DISA-STIG-RHE
000bf140:·4c2d·3037·2d30·3330·3431·300a·2020·2d20··L-07-030410.··-·000bf140:·4c2d·3037·2d30·3330·3431·300a·2020·2d20··L-07-030410.··-·
000bf150:·4e49·5354·2d38·3030·2d31·3731·2d33·2e31··NIST-800-171-3.1000bf150:·4e49·5354·2d38·3030·2d31·3731·2d33·2e31··NIST-800-171-3.1
000bf160:·2e37·0a20·202d·204e·4953·542d·3830·302d··.7.··-·NIST-800-000bf160:·2e37·0a20·202d·204e·4953·542d·3830·302d··.7.··-·NIST-800-
000bf170:·3533·2d41·552d·3132·2863·290a·2020·2d20··53-AU-12(c).··-·000bf170:·3533·2d41·552d·3132·2863·290a·2020·2d20··53-AU-12(c).··-·
000bf180:·4e49·5354·2d38·3030·2d35·332d·4155·2d32··NIST-800-53-AU-2000bf180:·4e49·5354·2d38·3030·2d35·332d·4155·2d32··NIST-800-53-AU-2
Offset 49211, 22 lines modifiedOffset 49211, 22 lines modified
000c03a0:·5f6d·6f64·0a20·2020·2020·2063·7265·6174··_mod.······creat000c03a0:·5f6d·6f64·0a20·2020·2020·2063·7265·6174··_mod.······creat
000c03b0:·653a·2074·7275·650a·2020·2020·2020·6d6f··e:·true.······mo000c03b0:·653a·2074·7275·650a·2020·2020·2020·6d6f··e:·true.······mo
000c03c0:·6465·3a20·6f2d·7277·780a·2020·2020·2020··de:·o-rwx.······000c03c0:·6465·3a20·6f2d·7277·780a·2020·2020·2020··de:·o-rwx.······
000c03d0:·7374·6174·653a·2070·7265·7365·6e74·0a20··state:·present.·000c03d0:·7374·6174·653a·2070·7265·7365·6e74·0a20··state:·present.·
000c03e0:·2020·2077·6865·6e3a·2073·7973·6361·6c6c·····when:·syscall000c03e0:·2020·2077·6865·6e3a·2073·7973·6361·6c6c·····when:·syscall
000c03f0:·735f·666f·756e·6420·7c20·6c65·6e67·7468··s_found·|·length000c03f0:·735f·666f·756e·6420·7c20·6c65·6e67·7468··s_found·|·length
000c0400:·203d·3d20·300a·2020·7768·656e·3a0a·2020···==·0.··when:.··000c0400:·203d·3d20·300a·2020·7768·656e·3a0a·2020···==·0.··when:.··
000c0410:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua 
000c0420:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no 
000c0430:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",· 
000c0440:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz", 
000c0450:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont 
000c0460:·6169·6e65·7222·5d0a·2020·2d20·2722·6175··ainer"].··-·'"au 
000c0470:·6469·7422·2069·6e20·616e·7369·626c·655f··dit"·in·ansible_ 
000c0480:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.000c0410:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an
 000c0420:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
 000c0430:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl
 000c0440:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
 000c0450:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
 000c0460:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
 000c0470:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
 000c0480:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].
000c0490:·2020·2d20·6175·6469·745f·6172·6368·203d····-·audit_arch·=000c0490:·2020·2d20·6175·6469·745f·6172·6368·203d····-·audit_arch·=
000c04a0:·3d20·2262·3634·220a·2020·7461·6773·3a0a··=·"b64".··tags:.000c04a0:·3d20·2262·3634·220a·2020·7461·6773·3a0a··=·"b64".··tags:.
000c04b0:·2020·2d20·434a·4953·2d35·2e34·2e31·2e31····-·CJIS-5.4.1.1000c04b0:·2020·2d20·434a·4953·2d35·2e34·2e31·2e31····-·CJIS-5.4.1.1
000c04c0:·0a20·202d·2044·4953·412d·5354·4947·2d52··.··-·DISA-STIG-R000c04c0:·0a20·202d·2044·4953·412d·5354·4947·2d52··.··-·DISA-STIG-R
000c04d0:·4845·4c2d·3037·2d30·3330·3431·300a·2020··HEL-07-030410.··000c04d0:·4845·4c2d·3037·2d30·3330·3431·300a·2020··HEL-07-030410.··
000c04e0:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-3000c04e0:·2d20·4e49·5354·2d38·3030·2d31·3731·2d33··-·NIST-800-171-3
000c04f0:·2e31·2e37·0a20·202d·204e·4953·542d·3830··.1.7.··-·NIST-80000c04f0:·2e31·2e37·0a20·202d·204e·4953·542d·3830··.1.7.··-·NIST-80
Offset 49260, 21 lines modifiedOffset 49260, 21 lines modified
000c06b0:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas000c06b0:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas
000c06c0:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps000c06c0:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps
000c06d0:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="000c06d0:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="
000c06e0:·6964·6d31·3731·3337·223e·3c70·7265·3e3c··idm17137"><pre><000c06e0:·6964·6d31·3731·3337·223e·3c70·7265·3e3c··idm17137"><pre><
000c06f0:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati000c06f0:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati
000c0700:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable000c0700:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable
000c0710:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain000c0710:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain
000c0720:·2070·6c61·7466·6f72·6d73·0a69·6620·5b20···platforms.if·[·000c0720:·2070·6c61·7466·6f72·6d73·0a69·6620·7270···platforms.if·rp
 000c0730:·6d20·2d2d·7175·6965·7420·2d71·2061·7564··m·--quiet·-q·aud
 000c0740:·6974·2026·616d·703b·2661·6d70·3b20·5b20··it·&amp;&amp;·[·
000c0730:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv000c0750:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv
000c0740:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·000c0760:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·
000c0750:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta000c0770:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta
 000c0780:·696e·6572·656e·7620·5d3b·2074·6865·6e0a··inerenv·];·then.
000c0760:·696e·6572·656e·7620·5d20·2661·6d70·3b26··inerenv·]·&amp;& 
000c0770:·616d·703b·2072·706d·202d·2d71·7569·6574··amp;·rpm·--quiet 
000c0780:·202d·7120·6175·6469·743b·2074·6865·6e0a···-q·audit;·then. 
000c0790:·0a23·2046·6972·7374·2070·6572·666f·726d··.#·First·perform000c0790:·0a23·2046·6972·7374·2070·6572·666f·726d··.#·First·perform
Max diff block lines reached; 406989/416434 bytes (97.73%) of diff not shown.
134 KB
html2text {}
    
Offset 66, 15 lines modifiedOffset 66, 15 lines modified
66 ····*·cpe:/o:redhat:enterprise_linux:7::computenode66 ····*·cpe:/o:redhat:enterprise_linux:7::computenode
67 ····*·cpe:/o:redhat:enterprise_linux:7::server67 ····*·cpe:/o:redhat:enterprise_linux:7::server
68 ····*·cpe:/o:redhat:enterprise_linux:7::workstation68 ····*·cpe:/o:redhat:enterprise_linux:7::workstation
69 ····*·cpe:/o:redhat:enterprise_linux:769 ····*·cpe:/o:redhat:enterprise_linux:7
70 ····*·cpe:/o:scientificlinux:scientificlinux:770 ····*·cpe:/o:scientificlinux:scientificlinux:7
71 *****·Revision·History·*****71 *****·Revision·History·*****
72 Current·version:·0.1.6572 Current·version:·0.1.65
73 ····*·draft·(as·of·2024-01-14)73 ····*·draft·(as·of·2025-02-15)
74 *****·Table·of·Contents·*****74 *****·Table·of·Contents·*****
75 ···1.·System_Settings75 ···1.·System_Settings
76 ·········1.·Installing_and_Maintaining_Software76 ·········1.·Installing_and_Maintaining_Software
77 ·········2.·Account_and_Access_Control77 ·········2.·Account_and_Access_Control
78 ·········3.·System_Accounting_with_auditd78 ·········3.·System_Accounting_with_auditd
79 ·········4.·GRUB2_bootloader_configuration79 ·········4.·GRUB2_bootloader_configuration
80 ·········5.·Configure_Syslog80 ·········5.·Configure_Syslog
Offset 6294, 16 lines modifiedOffset 6294, 16 lines modified
6294 ··-·reboot_required6294 ··-·reboot_required
6295 ··-·restrict_strategy6295 ··-·restrict_strategy
  
6296 -·name:·Set·architecture·for·audit·chmod·tasks6296 -·name:·Set·architecture·for·audit·chmod·tasks
6297 ··set_fact:6297 ··set_fact:
6298 ····audit_arch:·b646298 ····audit_arch:·b64
6299 ··when:6299 ··when:
6300 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
6301 ··-·'"audit"·in·ansible_facts.packages'6300 ··-·'"audit"·in·ansible_facts.packages'
 6301 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6302 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture6302 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
6303 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"6303 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
6304 ··tags:6304 ··tags:
6305 ··-·CJIS-5.4.1.16305 ··-·CJIS-5.4.1.1
6306 ··-·DISA-STIG-RHEL-07-0304106306 ··-·DISA-STIG-RHEL-07-030410
6307 ··-·NIST-800-171-3.1.76307 ··-·NIST-800-171-3.1.7
6308 ··-·NIST-800-53-AU-12(c)6308 ··-·NIST-800-53-AU-12(c)
Offset 6440, 16 lines modifiedOffset 6440, 16 lines modified
6440 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10006440 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
6441 ········-F·auid!=unset·-F·key=perm_mod6441 ········-F·auid!=unset·-F·key=perm_mod
6442 ······create:·true6442 ······create:·true
6443 ······mode:·o-rwx6443 ······mode:·o-rwx
6444 ······state:·present6444 ······state:·present
6445 ····when:·syscalls_found·|·length·==·06445 ····when:·syscalls_found·|·length·==·0
6446 ··when:6446 ··when:
6447 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
6448 ··-·'"audit"·in·ansible_facts.packages'6447 ··-·'"audit"·in·ansible_facts.packages'
 6448 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6449 ··tags:6449 ··tags:
6450 ··-·CJIS-5.4.1.16450 ··-·CJIS-5.4.1.1
6451 ··-·DISA-STIG-RHEL-07-0304106451 ··-·DISA-STIG-RHEL-07-030410
6452 ··-·NIST-800-171-3.1.76452 ··-·NIST-800-171-3.1.7
6453 ··-·NIST-800-53-AU-12(c)6453 ··-·NIST-800-53-AU-12(c)
6454 ··-·NIST-800-53-AU-2(d)6454 ··-·NIST-800-53-AU-2(d)
6455 ··-·NIST-800-53-CM-6(a)6455 ··-·NIST-800-53-CM-6(a)
Offset 6584, 16 lines modifiedOffset 6584, 16 lines modified
6584 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10006584 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
6585 ········-F·auid!=unset·-F·key=perm_mod6585 ········-F·auid!=unset·-F·key=perm_mod
6586 ······create:·true6586 ······create:·true
6587 ······mode:·o-rwx6587 ······mode:·o-rwx
6588 ······state:·present6588 ······state:·present
6589 ····when:·syscalls_found·|·length·==·06589 ····when:·syscalls_found·|·length·==·0
6590 ··when:6590 ··when:
6591 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
6592 ··-·'"audit"·in·ansible_facts.packages'6591 ··-·'"audit"·in·ansible_facts.packages'
 6592 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6593 ··-·audit_arch·==·"b64"6593 ··-·audit_arch·==·"b64"
6594 ··tags:6594 ··tags:
6595 ··-·CJIS-5.4.1.16595 ··-·CJIS-5.4.1.1
6596 ··-·DISA-STIG-RHEL-07-0304106596 ··-·DISA-STIG-RHEL-07-030410
6597 ··-·NIST-800-171-3.1.76597 ··-·NIST-800-171-3.1.7
6598 ··-·NIST-800-53-AU-12(c)6598 ··-·NIST-800-53-AU-12(c)
6599 ··-·NIST-800-53-AU-2(d)6599 ··-·NIST-800-53-AU-2(d)
Offset 6603, 15 lines modifiedOffset 6603, 15 lines modified
6603 ··-·low_complexity6603 ··-·low_complexity
6604 ··-·low_disruption6604 ··-·low_disruption
6605 ··-·medium_severity6605 ··-·medium_severity
6606 ··-·reboot_required6606 ··-·reboot_required
6607 ··-·restrict_strategy6607 ··-·restrict_strategy
6608 Remediation_Shell_script_⇲6608 Remediation_Shell_script_⇲
6609 #·Remediation·is·applicable·only·in·certain·platforms6609 #·Remediation·is·applicable·only·in·certain·platforms
6610 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then6610 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
6611 #·First·perform·the·remediation·of·the·syscall·rule6611 #·First·perform·the·remediation·of·the·syscall·rule
6612 #·Retrieve·hardware·architecture·of·the·underlying·system6612 #·Retrieve·hardware·architecture·of·the·underlying·system
6613 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")6613 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
6614 for·ARCH·in·"${RULE_ARCHS[@]}"6614 for·ARCH·in·"${RULE_ARCHS[@]}"
6615 do6615 do
Offset 6972, 16 lines modifiedOffset 6972, 16 lines modified
6972 ··-·reboot_required6972 ··-·reboot_required
6973 ··-·restrict_strategy6973 ··-·restrict_strategy
  
6974 -·name:·Set·architecture·for·audit·chown·tasks6974 -·name:·Set·architecture·for·audit·chown·tasks
6975 ··set_fact:6975 ··set_fact:
6976 ····audit_arch:·b646976 ····audit_arch:·b64
6977 ··when:6977 ··when:
6978 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
6979 ··-·'"audit"·in·ansible_facts.packages'6978 ··-·'"audit"·in·ansible_facts.packages'
 6979 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6980 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture6980 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
6981 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"6981 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
6982 ··tags:6982 ··tags:
6983 ··-·CJIS-5.4.1.16983 ··-·CJIS-5.4.1.1
6984 ··-·DISA-STIG-RHEL-07-0303706984 ··-·DISA-STIG-RHEL-07-030370
6985 ··-·NIST-800-171-3.1.76985 ··-·NIST-800-171-3.1.7
6986 ··-·NIST-800-53-AU-12(c)6986 ··-·NIST-800-53-AU-12(c)
Offset 7120, 16 lines modifiedOffset 7120, 16 lines modified
7120 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10007120 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
7121 ········-F·auid!=unset·-F·key=perm_mod7121 ········-F·auid!=unset·-F·key=perm_mod
7122 ······create:·true7122 ······create:·true
7123 ······mode:·o-rwx7123 ······mode:·o-rwx
7124 ······state:·present7124 ······state:·present
7125 ····when:·syscalls_found·|·length·==·07125 ····when:·syscalls_found·|·length·==·0
7126 ··when:7126 ··when:
7127 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
7128 ··-·'"audit"·in·ansible_facts.packages'7127 ··-·'"audit"·in·ansible_facts.packages'
 7128 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
7129 ··tags:7129 ··tags:
7130 ··-·CJIS-5.4.1.17130 ··-·CJIS-5.4.1.1
7131 ··-·DISA-STIG-RHEL-07-0303707131 ··-·DISA-STIG-RHEL-07-030370
7132 ··-·NIST-800-171-3.1.77132 ··-·NIST-800-171-3.1.7
7133 ··-·NIST-800-53-AU-12(c)7133 ··-·NIST-800-53-AU-12(c)
7134 ··-·NIST-800-53-AU-2(d)7134 ··-·NIST-800-53-AU-2(d)
7135 ··-·NIST-800-53-CM-6(a)7135 ··-·NIST-800-53-CM-6(a)
Offset 7266, 16 lines modifiedOffset 7266, 16 lines modified
7266 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10007266 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
7267 ········-F·auid!=unset·-F·key=perm_mod7267 ········-F·auid!=unset·-F·key=perm_mod
7268 ······create:·true7268 ······create:·true
7269 ······mode:·o-rwx7269 ······mode:·o-rwx
7270 ······state:·present7270 ······state:·present
Max diff block lines reached; 132165/136945 bytes (96.51%) of diff not shown.
406 KB
./usr/share/doc/ssg-nondebian/ssg-sl7-guide-standard.html
    
Offset 14490, 16 lines modifiedOffset 14490, 16 lines modified
00038990:·7369·6f6e·2048·6973·746f·7279·3c2f·6832··sion·History</h200038990:·7369·6f6e·2048·6973·746f·7279·3c2f·6832··sion·History</h2
000389a0:·3e3c·703e·4375·7272·656e·7420·7665·7273··><p>Current·vers000389a0:·3e3c·703e·4375·7272·656e·7420·7665·7273··><p>Current·vers
000389b0:·696f·6e3a·203c·7374·726f·6e67·3e30·2e31··ion:·<strong>0.1000389b0:·696f·6e3a·203c·7374·726f·6e67·3e30·2e31··ion:·<strong>0.1
000389c0:·2e36·353c·2f73·7472·6f6e·673e·3c2f·703e··.65</strong></p>000389c0:·2e36·353c·2f73·7472·6f6e·673e·3c2f·703e··.65</strong></p>
000389d0:·3c75·6c3e·3c6c·693e·3c73·7472·6f6e·673e··<ul><li><strong>000389d0:·3c75·6c3e·3c6c·693e·3c73·7472·6f6e·673e··<ul><li><strong>
000389e0:·6472·6166·743c·2f73·7472·6f6e·673e·0a20··draft</strong>.·000389e0:·6472·6166·743c·2f73·7472·6f6e·673e·0a20··draft</strong>.·
000389f0:·2020·2020·2020·2020·2020·2020·2020·2020··················000389f0:·2020·2020·2020·2020·2020·2020·2020·2020··················
00038a00:·2020·2028·6173·206f·6620·3230·3234·2d30·····(as·of·2024-000038a00:·2020·2028·6173·206f·6620·3230·3235·2d30·····(as·of·2025-0
00038a10:·312d·3134·290a·2020·2020·2020·2020·2020··1-14).··········00038a10:·322d·3135·290a·2020·2020·2020·2020·2020··2-15).··········
00038a20:·2020·2020·2020·3c2f·6c69·3e3c·2f75·6c3e········</li></ul>00038a20:·2020·2020·2020·3c2f·6c69·3e3c·2f75·6c3e········</li></ul>
00038a30:·3c2f·6469·763e·3c68·323e·5461·626c·6520··</div><h2>Table·00038a30:·3c2f·6469·763e·3c68·323e·5461·626c·6520··</div><h2>Table·
00038a40:·6f66·2043·6f6e·7465·6e74·733c·2f68·323e··of·Contents</h2>00038a40:·6f66·2043·6f6e·7465·6e74·733c·2f68·323e··of·Contents</h2>
00038a50:·3c6f·6c3e·3c6c·693e·3c61·2068·7265·663d··<ol><li><a·href=00038a50:·3c6f·6c3e·3c6c·693e·3c61·2068·7265·663d··<ol><li><a·href=
00038a60:·2223·7863·6364·665f·6f72·672e·7373·6770··"#xccdf_org.ssgp00038a60:·2223·7863·6364·665f·6f72·672e·7373·6770··"#xccdf_org.ssgp
00038a70:·726f·6a65·6374·2e63·6f6e·7465·6e74·5f67··roject.content_g00038a70:·726f·6a65·6374·2e63·6f6e·7465·6e74·5f67··roject.content_g
00038a80:·726f·7570·5f73·7973·7465·6d22·3e53·7973··roup_system">Sys00038a80:·726f·7570·5f73·7973·7465·6d22·3e53·7973··roup_system">Sys
Offset 23995, 23 lines modifiedOffset 23995, 23 lines modified
0005dba0:·7265·7175·6972·6564·0a20·202d·2072·6573··required.··-·res0005dba0:·7265·7175·6972·6564·0a20·202d·2072·6573··required.··-·res
0005dbb0:·7472·6963·745f·7374·7261·7465·6779·0a0a··trict_strategy..0005dbb0:·7472·6963·745f·7374·7261·7465·6779·0a0a··trict_strategy..
0005dbc0:·2d20·6e61·6d65·3a20·5365·7420·6172·6368··-·name:·Set·arch0005dbc0:·2d20·6e61·6d65·3a20·5365·7420·6172·6368··-·name:·Set·arch
0005dbd0:·6974·6563·7475·7265·2066·6f72·2061·7564··itecture·for·aud0005dbd0:·6974·6563·7475·7265·2066·6f72·2061·7564··itecture·for·aud
0005dbe0:·6974·2063·686d·6f64·2074·6173·6b73·0a20··it·chmod·tasks.·0005dbe0:·6974·2063·686d·6f64·2074·6173·6b73·0a20··it·chmod·tasks.·
0005dbf0:·2073·6574·5f66·6163·743a·0a20·2020·2061···set_fact:.····a0005dbf0:·2073·6574·5f66·6163·743a·0a20·2020·2061···set_fact:.····a
0005dc00:·7564·6974·5f61·7263·683a·2062·3634·0a20··udit_arch:·b64.·0005dc00:·7564·6974·5f61·7263·683a·2062·3634·0a20··udit_arch:·b64.·
0005dc10:·2077·6865·6e3a·0a20·202d·2061·6e73·6962···when:.··-·ansib0005dc10:·2077·6865·6e3a·0a20·202d·2027·2261·7564···when:.··-·'"aud
0005dc20:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio 
0005dc30:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·[" 
0005dc40:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",· 
0005dc50:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma 
0005dc60:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"] 
0005dc70:·0a20·202d·2027·2261·7564·6974·2220·696e··.··-·'"audit"·in 
0005dc80:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
0005dc90:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans0005dc20:·6974·2220·696e·2061·6e73·6962·6c65·5f66··it"·in·ansible_f
 0005dc30:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
 0005dc40:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu
 0005dc50:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n
 0005dc60:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",
 0005dc70:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"
 0005dc80:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con
 0005dc90:·7461·696e·6572·225d·0a20·202d·2061·6e73··tainer"].··-·ans
0005dca0:·6962·6c65·5f61·7263·6869·7465·6374·7572··ible_architectur0005dca0:·6962·6c65·5f61·7263·6869·7465·6374·7572··ible_architectur
0005dcb0:·6520·3d3d·2022·6161·7263·6836·3422·206f··e·==·"aarch64"·o0005dcb0:·6520·3d3d·2022·6161·7263·6836·3422·206f··e·==·"aarch64"·o
0005dcc0:·7220·616e·7369·626c·655f·6172·6368·6974··r·ansible_archit0005dcc0:·7220·616e·7369·626c·655f·6172·6368·6974··r·ansible_archit
0005dcd0:·6563·7475·7265·203d·3d20·2270·7063·3634··ecture·==·"ppc640005dcd0:·6563·7475·7265·203d·3d20·2270·7063·3634··ecture·==·"ppc64
0005dce0:·2220·6f72·2061·6e73·6962·6c65·5f61·7263··"·or·ansible_arc0005dce0:·2220·6f72·2061·6e73·6962·6c65·5f61·7263··"·or·ansible_arc
0005dcf0:·6869·7465·6374·7572·650a·2020·2020·3d3d··hitecture.····==0005dcf0:·6869·7465·6374·7572·650a·2020·2020·3d3d··hitecture.····==
0005dd00:·2022·7070·6336·346c·6522·206f·7220·616e···"ppc64le"·or·an0005dd00:·2022·7070·6336·346c·6522·206f·7220·616e···"ppc64le"·or·an
Offset 24318, 23 lines modifiedOffset 24318, 23 lines modified
0005efd0:·202d·4620·6b65·793d·7065·726d·5f6d·6f64···-F·key=perm_mod0005efd0:·202d·4620·6b65·793d·7065·726d·5f6d·6f64···-F·key=perm_mod
0005efe0:·0a20·2020·2020·2063·7265·6174·653a·2074··.······create:·t0005efe0:·0a20·2020·2020·2063·7265·6174·653a·2074··.······create:·t
0005eff0:·7275·650a·2020·2020·2020·6d6f·6465·3a20··rue.······mode:·0005eff0:·7275·650a·2020·2020·2020·6d6f·6465·3a20··rue.······mode:·
0005f000:·6f2d·7277·780a·2020·2020·2020·7374·6174··o-rwx.······stat0005f000:·6f2d·7277·780a·2020·2020·2020·7374·6174··o-rwx.······stat
0005f010:·653a·2070·7265·7365·6e74·0a20·2020·2077··e:·present.····w0005f010:·653a·2070·7265·7365·6e74·0a20·2020·2077··e:·present.····w
0005f020:·6865·6e3a·2073·7973·6361·6c6c·735f·666f··hen:·syscalls_fo0005f020:·6865·6e3a·2073·7973·6361·6c6c·735f·666f··hen:·syscalls_fo
0005f030:·756e·6420·7c20·6c65·6e67·7468·203d·3d20··und·|·length·==·0005f030:·756e·6420·7c20·6c65·6e67·7468·203d·3d20··und·|·length·==·
0005f040:·300a·2020·7768·656e·3a0a·2020·2d20·616e··0.··when:.··-·an0005f040:·300a·2020·7768·656e·3a0a·2020·2d20·2722··0.··when:.··-·'"
0005f050:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza 
0005f060:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in 
0005f070:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc 
0005f080:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po 
0005f090:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe 
0005f0a0:·7222·5d0a·2020·2d20·2722·6175·6469·7422··r"].··-·'"audit" 
0005f0b0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
0005f0c0:·732e·7061·636b·6167·6573·270a·2020·7461··s.packages'.··ta0005f050:·6175·6469·7422·2069·6e20·616e·7369·626c··audit"·in·ansibl
 0005f060:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
 0005f070:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
 0005f080:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
 0005f090:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
 0005f0a0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
 0005f0b0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
 0005f0c0:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta
0005f0d0:·6773·3a0a·2020·2d20·434a·4953·2d35·2e34··gs:.··-·CJIS-5.40005f0d0:·6773·3a0a·2020·2d20·434a·4953·2d35·2e34··gs:.··-·CJIS-5.4
0005f0e0:·2e31·2e31·0a20·202d·2044·4953·412d·5354··.1.1.··-·DISA-ST0005f0e0:·2e31·2e31·0a20·202d·2044·4953·412d·5354··.1.1.··-·DISA-ST
0005f0f0:·4947·2d52·4845·4c2d·3037·2d30·3330·3431··IG-RHEL-07-030410005f0f0:·4947·2d52·4845·4c2d·3037·2d30·3330·3431··IG-RHEL-07-03041
0005f100:·300a·2020·2d20·4e49·5354·2d38·3030·2d31··0.··-·NIST-800-10005f100:·300a·2020·2d20·4e49·5354·2d38·3030·2d31··0.··-·NIST-800-1
0005f110:·3731·2d33·2e31·2e37·0a20·202d·204e·4953··71-3.1.7.··-·NIS0005f110:·3731·2d33·2e31·2e37·0a20·202d·204e·4953··71-3.1.7.··-·NIS
0005f120:·542d·3830·302d·3533·2d41·552d·3132·2863··T-800-53-AU-12(c0005f120:·542d·3830·302d·3533·2d41·552d·3132·2863··T-800-53-AU-12(c
0005f130:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-50005f130:·290a·2020·2d20·4e49·5354·2d38·3030·2d35··).··-·NIST-800-5
Offset 24630, 23 lines modifiedOffset 24630, 23 lines modified
00060350:·793d·7065·726d·5f6d·6f64·0a20·2020·2020··y=perm_mod.·····00060350:·793d·7065·726d·5f6d·6f64·0a20·2020·2020··y=perm_mod.·····
00060360:·2063·7265·6174·653a·2074·7275·650a·2020···create:·true.··00060360:·2063·7265·6174·653a·2074·7275·650a·2020···create:·true.··
00060370:·2020·2020·6d6f·6465·3a20·6f2d·7277·780a······mode:·o-rwx.00060370:·2020·2020·6d6f·6465·3a20·6f2d·7277·780a······mode:·o-rwx.
00060380:·2020·2020·2020·7374·6174·653a·2070·7265········state:·pre00060380:·2020·2020·2020·7374·6174·653a·2070·7265········state:·pre
00060390:·7365·6e74·0a20·2020·2077·6865·6e3a·2073··sent.····when:·s00060390:·7365·6e74·0a20·2020·2077·6865·6e3a·2073··sent.····when:·s
000603a0:·7973·6361·6c6c·735f·666f·756e·6420·7c20··yscalls_found·|·000603a0:·7973·6361·6c6c·735f·666f·756e·6420·7c20··yscalls_found·|·
000603b0:·6c65·6e67·7468·203d·3d20·300a·2020·7768··length·==·0.··wh000603b0:·6c65·6e67·7468·203d·3d20·300a·2020·7768··length·==·0.··wh
000603c0:·656e·3a0a·2020·2d20·616e·7369·626c·655f··en:.··-·ansible_ 
000603d0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t 
000603e0:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc 
000603f0:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op 
00060400:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman", 
00060410:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].·· 
00060420:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an 
00060430:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack000603c0:·656e·3a0a·2020·2d20·2722·6175·6469·7422··en:.··-·'"audit"
 000603d0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 000603e0:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·
 000603f0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
 00060400:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
 00060410:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
 00060420:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
 00060430:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
00060440:·6167·6573·270a·2020·2d20·6175·6469·745f··ages'.··-·audit_00060440:·6e65·7222·5d0a·2020·2d20·6175·6469·745f··ner"].··-·audit_
00060450:·6172·6368·203d·3d20·2262·3634·220a·2020··arch·==·"b64".··00060450:·6172·6368·203d·3d20·2262·3634·220a·2020··arch·==·"b64".··
00060460:·7461·6773·3a0a·2020·2d20·434a·4953·2d35··tags:.··-·CJIS-500060460:·7461·6773·3a0a·2020·2d20·434a·4953·2d35··tags:.··-·CJIS-5
00060470:·2e34·2e31·2e31·0a20·202d·2044·4953·412d··.4.1.1.··-·DISA-00060470:·2e34·2e31·2e31·0a20·202d·2044·4953·412d··.4.1.1.··-·DISA-
00060480:·5354·4947·2d52·4845·4c2d·3037·2d30·3330··STIG-RHEL-07-03000060480:·5354·4947·2d52·4845·4c2d·3037·2d30·3330··STIG-RHEL-07-030
00060490:·3431·300a·2020·2d20·4e49·5354·2d38·3030··410.··-·NIST-80000060490:·3431·300a·2020·2d20·4e49·5354·2d38·3030··410.··-·NIST-800
000604a0:·2d31·3731·2d33·2e31·2e37·0a20·202d·204e··-171-3.1.7.··-·N000604a0:·2d31·3731·2d33·2e31·2e37·0a20·202d·204e··-171-3.1.7.··-·N
000604b0:·4953·542d·3830·302d·3533·2d41·552d·3132··IST-800-53-AU-12000604b0:·4953·542d·3830·302d·3533·2d41·552d·3132··IST-800-53-AU-12
Offset 24680, 20 lines modifiedOffset 24680, 20 lines modified
00060670:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c00060670:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
00060680:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse00060680:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
00060690:·2220·6964·3d22·6964·6d31·3731·3337·223e··"·id="idm17137">00060690:·2220·6964·3d22·6964·6d31·3731·3337·223e··"·id="idm17137">
000606a0:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem000606a0:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem
000606b0:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl000606b0:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl
000606c0:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c000606c0:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c
000606d0:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms000606d0:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms
 000606e0:·0a69·6620·7270·6d20·2d2d·7175·6965·7420··.if·rpm·--quiet·
 000606f0:·2d71·2061·7564·6974·2026·616d·703b·2661··-q·audit·&amp;&a
000606e0:·0a69·6620·5b20·2120·2d66·202f·2e64·6f63··.if·[·!·-f·/.doc00060700:·6d70·3b20·5b20·2120·2d66·202f·2e64·6f63··mp;·[·!·-f·/.doc
000606f0:·6b65·7265·6e76·205d·2026·616d·703b·2661··kerenv·]·&amp;&a00060710:·6b65·7265·6e76·205d·2026·616d·703b·2661··kerenv·]·&amp;&a
00060700:·6d70·3b20·5b20·2120·2d66·202f·7275·6e2f··mp;·[·!·-f·/run/00060720:·6d70·3b20·5b20·2120·2d66·202f·7275·6e2f··mp;·[·!·-f·/run/
00060710:·2e63·6f6e·7461·696e·6572·656e·7620·5d20··.containerenv·]·00060730:·2e63·6f6e·7461·696e·6572·656e·7620·5d3b··.containerenv·];
00060720:·2661·6d70·3b26·616d·703b·2072·706d·202d··&amp;&amp;·rpm·- 
00060730:·2d71·7569·6574·202d·7120·6175·6469·743b··-quiet·-q·audit; 
00060740:·2074·6865·6e0a·0a23·2046·6972·7374·2070···then..#·First·p00060740:·2074·6865·6e0a·0a23·2046·6972·7374·2070···then..#·First·p
00060750:·6572·666f·726d·2074·6865·2072·656d·6564··erform·the·remed00060750:·6572·666f·726d·2074·6865·2072·656d·6564··erform·the·remed
Max diff block lines reached; 303911/313425 bytes (96.96%) of diff not shown.
100 KB
html2text {}
    
Offset 68, 15 lines modifiedOffset 68, 15 lines modified
68 ····*·cpe:/o:redhat:enterprise_linux:7::computenode68 ····*·cpe:/o:redhat:enterprise_linux:7::computenode
69 ····*·cpe:/o:redhat:enterprise_linux:7::server69 ····*·cpe:/o:redhat:enterprise_linux:7::server
70 ····*·cpe:/o:redhat:enterprise_linux:7::workstation70 ····*·cpe:/o:redhat:enterprise_linux:7::workstation
71 ····*·cpe:/o:redhat:enterprise_linux:771 ····*·cpe:/o:redhat:enterprise_linux:7
72 ····*·cpe:/o:scientificlinux:scientificlinux:772 ····*·cpe:/o:scientificlinux:scientificlinux:7
73 *****·Revision·History·*****73 *****·Revision·History·*****
74 Current·version:·0.1.6574 Current·version:·0.1.65
75 ····*·draft·(as·of·2024-01-14)75 ····*·draft·(as·of·2025-02-15)
76 *****·Table·of·Contents·*****76 *****·Table·of·Contents·*****
77 ···1.·System_Settings77 ···1.·System_Settings
78 ·········1.·Installing_and_Maintaining_Software78 ·········1.·Installing_and_Maintaining_Software
79 ·········2.·Account_and_Access_Control79 ·········2.·Account_and_Access_Control
80 ·········3.·System_Accounting_with_auditd80 ·········3.·System_Accounting_with_auditd
81 ·········4.·Configure_Syslog81 ·········4.·Configure_Syslog
82 ·········5.·File_Permissions_and_Masks82 ·········5.·File_Permissions_and_Masks
Offset 1107, 16 lines modifiedOffset 1107, 16 lines modified
1107 ··-·reboot_required1107 ··-·reboot_required
1108 ··-·restrict_strategy1108 ··-·restrict_strategy
  
1109 -·name:·Set·architecture·for·audit·chmod·tasks1109 -·name:·Set·architecture·for·audit·chmod·tasks
1110 ··set_fact:1110 ··set_fact:
1111 ····audit_arch:·b641111 ····audit_arch:·b64
1112 ··when:1112 ··when:
1113 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1114 ··-·'"audit"·in·ansible_facts.packages'1113 ··-·'"audit"·in·ansible_facts.packages'
 1114 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1115 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture1115 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
1116 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"1116 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
1117 ··tags:1117 ··tags:
1118 ··-·CJIS-5.4.1.11118 ··-·CJIS-5.4.1.1
1119 ··-·DISA-STIG-RHEL-07-0304101119 ··-·DISA-STIG-RHEL-07-030410
1120 ··-·NIST-800-171-3.1.71120 ··-·NIST-800-171-3.1.7
1121 ··-·NIST-800-53-AU-12(c)1121 ··-·NIST-800-53-AU-12(c)
Offset 1253, 16 lines modifiedOffset 1253, 16 lines modified
1253 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10001253 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
1254 ········-F·auid!=unset·-F·key=perm_mod1254 ········-F·auid!=unset·-F·key=perm_mod
1255 ······create:·true1255 ······create:·true
1256 ······mode:·o-rwx1256 ······mode:·o-rwx
1257 ······state:·present1257 ······state:·present
1258 ····when:·syscalls_found·|·length·==·01258 ····when:·syscalls_found·|·length·==·0
1259 ··when:1259 ··when:
1260 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1261 ··-·'"audit"·in·ansible_facts.packages'1260 ··-·'"audit"·in·ansible_facts.packages'
 1261 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1262 ··tags:1262 ··tags:
1263 ··-·CJIS-5.4.1.11263 ··-·CJIS-5.4.1.1
1264 ··-·DISA-STIG-RHEL-07-0304101264 ··-·DISA-STIG-RHEL-07-030410
1265 ··-·NIST-800-171-3.1.71265 ··-·NIST-800-171-3.1.7
1266 ··-·NIST-800-53-AU-12(c)1266 ··-·NIST-800-53-AU-12(c)
1267 ··-·NIST-800-53-AU-2(d)1267 ··-·NIST-800-53-AU-2(d)
1268 ··-·NIST-800-53-CM-6(a)1268 ··-·NIST-800-53-CM-6(a)
Offset 1397, 16 lines modifiedOffset 1397, 16 lines modified
1397 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10001397 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
1398 ········-F·auid!=unset·-F·key=perm_mod1398 ········-F·auid!=unset·-F·key=perm_mod
1399 ······create:·true1399 ······create:·true
1400 ······mode:·o-rwx1400 ······mode:·o-rwx
1401 ······state:·present1401 ······state:·present
1402 ····when:·syscalls_found·|·length·==·01402 ····when:·syscalls_found·|·length·==·0
1403 ··when:1403 ··when:
1404 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1405 ··-·'"audit"·in·ansible_facts.packages'1404 ··-·'"audit"·in·ansible_facts.packages'
 1405 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1406 ··-·audit_arch·==·"b64"1406 ··-·audit_arch·==·"b64"
1407 ··tags:1407 ··tags:
1408 ··-·CJIS-5.4.1.11408 ··-·CJIS-5.4.1.1
1409 ··-·DISA-STIG-RHEL-07-0304101409 ··-·DISA-STIG-RHEL-07-030410
1410 ··-·NIST-800-171-3.1.71410 ··-·NIST-800-171-3.1.7
1411 ··-·NIST-800-53-AU-12(c)1411 ··-·NIST-800-53-AU-12(c)
1412 ··-·NIST-800-53-AU-2(d)1412 ··-·NIST-800-53-AU-2(d)
Offset 1416, 15 lines modifiedOffset 1416, 15 lines modified
1416 ··-·low_complexity1416 ··-·low_complexity
1417 ··-·low_disruption1417 ··-·low_disruption
1418 ··-·medium_severity1418 ··-·medium_severity
1419 ··-·reboot_required1419 ··-·reboot_required
1420 ··-·restrict_strategy1420 ··-·restrict_strategy
1421 Remediation_Shell_script_⇲1421 Remediation_Shell_script_⇲
1422 #·Remediation·is·applicable·only·in·certain·platforms1422 #·Remediation·is·applicable·only·in·certain·platforms
1423 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then1423 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then
  
1424 #·First·perform·the·remediation·of·the·syscall·rule1424 #·First·perform·the·remediation·of·the·syscall·rule
1425 #·Retrieve·hardware·architecture·of·the·underlying·system1425 #·Retrieve·hardware·architecture·of·the·underlying·system
1426 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")1426 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
1427 for·ARCH·in·"${RULE_ARCHS[@]}"1427 for·ARCH·in·"${RULE_ARCHS[@]}"
1428 do1428 do
Offset 1785, 16 lines modifiedOffset 1785, 16 lines modified
1785 ··-·reboot_required1785 ··-·reboot_required
1786 ··-·restrict_strategy1786 ··-·restrict_strategy
  
1787 -·name:·Set·architecture·for·audit·chown·tasks1787 -·name:·Set·architecture·for·audit·chown·tasks
1788 ··set_fact:1788 ··set_fact:
1789 ····audit_arch:·b641789 ····audit_arch:·b64
1790 ··when:1790 ··when:
1791 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1792 ··-·'"audit"·in·ansible_facts.packages'1791 ··-·'"audit"·in·ansible_facts.packages'
 1792 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1793 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture1793 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
1794 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"1794 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
1795 ··tags:1795 ··tags:
1796 ··-·CJIS-5.4.1.11796 ··-·CJIS-5.4.1.1
1797 ··-·DISA-STIG-RHEL-07-0303701797 ··-·DISA-STIG-RHEL-07-030370
1798 ··-·NIST-800-171-3.1.71798 ··-·NIST-800-171-3.1.7
1799 ··-·NIST-800-53-AU-12(c)1799 ··-·NIST-800-53-AU-12(c)
Offset 1933, 16 lines modifiedOffset 1933, 16 lines modified
1933 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10001933 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
1934 ········-F·auid!=unset·-F·key=perm_mod1934 ········-F·auid!=unset·-F·key=perm_mod
1935 ······create:·true1935 ······create:·true
1936 ······mode:·o-rwx1936 ······mode:·o-rwx
1937 ······state:·present1937 ······state:·present
1938 ····when:·syscalls_found·|·length·==·01938 ····when:·syscalls_found·|·length·==·0
1939 ··when:1939 ··when:
1940 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1941 ··-·'"audit"·in·ansible_facts.packages'1940 ··-·'"audit"·in·ansible_facts.packages'
 1941 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1942 ··tags:1942 ··tags:
1943 ··-·CJIS-5.4.1.11943 ··-·CJIS-5.4.1.1
1944 ··-·DISA-STIG-RHEL-07-0303701944 ··-·DISA-STIG-RHEL-07-030370
1945 ··-·NIST-800-171-3.1.71945 ··-·NIST-800-171-3.1.7
1946 ··-·NIST-800-53-AU-12(c)1946 ··-·NIST-800-53-AU-12(c)
1947 ··-·NIST-800-53-AU-2(d)1947 ··-·NIST-800-53-AU-2(d)
1948 ··-·NIST-800-53-CM-6(a)1948 ··-·NIST-800-53-CM-6(a)
Offset 2079, 16 lines modifiedOffset 2079, 16 lines modified
2079 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10002079 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
2080 ········-F·auid!=unset·-F·key=perm_mod2080 ········-F·auid!=unset·-F·key=perm_mod
2081 ······create:·true2081 ······create:·true
2082 ······mode:·o-rwx2082 ······mode:·o-rwx
2083 ······state:·present2083 ······state:·present
Max diff block lines reached; 97603/102379 bytes (95.33%) of diff not shown.
6.91 KB
./usr/share/doc/ssg-nondebian/ssg-sle12-guide-anssi_bp28_enhanced.html
    
Offset 14343, 15 lines modifiedOffset 14343, 15 lines modified
00038060:·3c2f·6832·3e3c·703e·4375·7272·656e·7420··</h2><p>Current·00038060:·3c2f·6832·3e3c·703e·4375·7272·656e·7420··</h2><p>Current·
00038070:·7665·7273·696f·6e3a·203c·7374·726f·6e67··version:·<strong00038070:·7665·7273·696f·6e3a·203c·7374·726f·6e67··version:·<strong
00038080:·3e30·2e31·2e36·353c·2f73·7472·6f6e·673e··>0.1.65</strong>00038080:·3e30·2e31·2e36·353c·2f73·7472·6f6e·673e··>0.1.65</strong>
00038090:·3c2f·703e·3c75·6c3e·3c6c·693e·3c73·7472··</p><ul><li><str00038090:·3c2f·703e·3c75·6c3e·3c6c·693e·3c73·7472··</p><ul><li><str
000380a0:·6f6e·673e·6472·6166·743c·2f73·7472·6f6e··ong>draft</stron000380a0:·6f6e·673e·6472·6166·743c·2f73·7472·6f6e··ong>draft</stron
000380b0:·673e·0a20·2020·2020·2020·2020·2020·2020··g>.·············000380b0:·673e·0a20·2020·2020·2020·2020·2020·2020··g>.·············
000380c0:·2020·2020·2020·2028·6173·206f·6620·3230·········(as·of·20000380c0:·2020·2020·2020·2028·6173·206f·6620·3230·········(as·of·20
000380d0:·3234·2d30·312d·3134·290a·2020·2020·2020··24-01-14).······000380d0:·3235·2d30·322d·3135·290a·2020·2020·2020··25-02-15).······
000380e0:·2020·2020·2020·2020·2020·3c2f·6c69·3e3c············</li><000380e0:·2020·2020·2020·2020·2020·3c2f·6c69·3e3c············</li><
000380f0:·2f75·6c3e·3c2f·6469·763e·3c68·323e·5461··/ul></div><h2>Ta000380f0:·2f75·6c3e·3c2f·6469·763e·3c68·323e·5461··/ul></div><h2>Ta
00038100:·626c·6520·6f66·2043·6f6e·7465·6e74·733c··ble·of·Contents<00038100:·626c·6520·6f66·2043·6f6e·7465·6e74·733c··ble·of·Contents<
00038110:·2f68·323e·3c6f·6c3e·3c6c·693e·3c61·2068··/h2><ol><li><a·h00038110:·2f68·323e·3c6f·6c3e·3c6c·693e·3c61·2068··/h2><ol><li><a·h
00038120:·7265·663d·2223·7863·6364·665f·6f72·672e··ref="#xccdf_org.00038120:·7265·663d·2223·7863·6364·665f·6f72·672e··ref="#xccdf_org.
00038130:·7373·6770·726f·6a65·6374·2e63·6f6e·7465··ssgproject.conte00038130:·7373·6770·726f·6a65·6374·2e63·6f6e·7465··ssgproject.conte
00038140:·6e74·5f67·726f·7570·5f73·7973·7465·6d22··nt_group_system"00038140:·6e74·5f67·726f·7570·5f73·7973·7465·6d22··nt_group_system"
Offset 47084, 22 lines modifiedOffset 47084, 22 lines modified
000b7eb0:·6567·6564·0a20·2020·2020·2063·7265·6174··eged.······creat000b7eb0:·6567·6564·0a20·2020·2020·2063·7265·6174··eged.······creat
000b7ec0:·653a·2074·7275·650a·2020·2020·2020·6d6f··e:·true.······mo000b7ec0:·653a·2074·7275·650a·2020·2020·2020·6d6f··e:·true.······mo
000b7ed0:·6465·3a20·6f2d·7277·780a·2020·2020·2020··de:·o-rwx.······000b7ed0:·6465·3a20·6f2d·7277·780a·2020·2020·2020··de:·o-rwx.······
000b7ee0:·7374·6174·653a·2070·7265·7365·6e74·0a20··state:·present.·000b7ee0:·7374·6174·653a·2070·7265·7365·6e74·0a20··state:·present.·
000b7ef0:·2020·2077·6865·6e3a·2073·7973·6361·6c6c·····when:·syscall000b7ef0:·2020·2077·6865·6e3a·2073·7973·6361·6c6c·····when:·syscall
000b7f00:·735f·666f·756e·6420·7c20·6c65·6e67·7468··s_found·|·length000b7f00:·735f·666f·756e·6420·7c20·6c65·6e67·7468··s_found·|·length
000b7f10:·203d·3d20·300a·2020·7768·656e·3a0a·2020···==·0.··when:.··000b7f10:·203d·3d20·300a·2020·7768·656e·3a0a·2020···==·0.··when:.··
000b7f20:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an 
000b7f30:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack 
000b7f40:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl 
000b7f50:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization 
000b7f60:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d 
000b7f70:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·" 
000b7f80:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman 
000b7f90:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].000b7f20:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
 000b7f30:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
 000b7f40:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
 000b7f50:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
 000b7f60:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
 000b7f70:·6169·6e65·7222·5d0a·2020·2d20·2722·6175··ainer"].··-·'"au
 000b7f80:·6469·7422·2069·6e20·616e·7369·626c·655f··dit"·in·ansible_
 000b7f90:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.
000b7fa0:·2020·7461·6773·3a0a·2020·2d20·4343·452d····tags:.··-·CCE-000b7fa0:·2020·7461·6773·3a0a·2020·2d20·4343·452d····tags:.··-·CCE-
000b7fb0:·3833·3134·342d·360a·2020·2d20·4449·5341··83144-6.··-·DISA000b7fb0:·3833·3134·342d·360a·2020·2d20·4449·5341··83144-6.··-·DISA
000b7fc0:·2d53·5449·472d·534c·4553·2d31·322d·3032··-STIG-SLES-12-02000b7fc0:·2d53·5449·472d·534c·4553·2d31·322d·3032··-STIG-SLES-12-02
000b7fd0:·3032·3630·0a20·202d·204e·4953·542d·3830··0260.··-·NIST-80000b7fd0:·3032·3630·0a20·202d·204e·4953·542d·3830··0260.··-·NIST-80
000b7fe0:·302d·3137·312d·332e·312e·370a·2020·2d20··0-171-3.1.7.··-·000b7fe0:·302d·3137·312d·332e·312e·370a·2020·2d20··0-171-3.1.7.··-·
000b7ff0:·4e49·5354·2d38·3030·2d35·332d·4143·2d36··NIST-800-53-AC-6000b7ff0:·4e49·5354·2d38·3030·2d35·332d·4143·2d36··NIST-800-53-AC-6
000b8000:·2839·290a·2020·2d20·4e49·5354·2d38·3030··(9).··-·NIST-800000b8000:·2839·290a·2020·2d20·4e49·5354·2d38·3030··(9).··-·NIST-800
Offset 47132, 21 lines modifiedOffset 47132, 21 lines modified
000b81b0:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa000b81b0:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa
000b81c0:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col000b81c0:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col
000b81d0:·6c61·7073·6522·2069·643d·2269·646d·3234··lapse"·id="idm24000b81d0:·6c61·7073·6522·2069·643d·2269·646d·3234··lapse"·id="idm24
000b81e0:·3335·3422·3e3c·7072·653e·3c63·6f64·653e··354"><pre><code>000b81e0:·3335·3422·3e3c·7072·653e·3c63·6f64·653e··354"><pre><code>
000b81f0:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is000b81f0:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is
000b8200:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only000b8200:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only
000b8210:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat000b8210:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat
000b8220:·666f·726d·730a·6966·2072·706d·202d·2d71··forms.if·rpm·--q000b8220:·666f·726d·730a·6966·205b·2021·202d·6620··forms.if·[·!·-f·
000b8230:·7569·6574·202d·7120·6175·6469·7420·2661··uiet·-q·audit·&a000b8230:·2f2e·646f·636b·6572·656e·7620·5d20·2661··/.dockerenv·]·&a
000b8240:·6d70·3b26·616d·703b·205b·2021·202d·6620··mp;&amp;·[·!·-f·000b8240:·6d70·3b26·616d·703b·205b·2021·202d·6620··mp;&amp;·[·!·-f·
000b8250:·2f2e·646f·636b·6572·656e·7620·5d20·2661··/.dockerenv·]·&a 
000b8260:·6d70·3b26·616d·703b·205b·2021·202d·6620··mp;&amp;·[·!·-f· 
000b8270:·2f72·756e·2f2e·636f·6e74·6169·6e65·7265··/run/.containere000b8250:·2f72·756e·2f2e·636f·6e74·6169·6e65·7265··/run/.containere
 000b8260:·6e76·205d·2026·616d·703b·2661·6d70·3b20··nv·]·&amp;&amp;·
 000b8270:·7270·6d20·2d2d·7175·6965·7420·2d71·2061··rpm·--quiet·-q·a
000b8280:·6e76·205d·3b20·7468·656e·0a0a·4143·5449··nv·];·then..ACTI000b8280:·7564·6974·3b20·7468·656e·0a0a·4143·5449··udit;·then..ACTI
000b8290:·4f4e·5f41·5243·485f·4649·4c54·4552·533d··ON_ARCH_FILTERS=000b8290:·4f4e·5f41·5243·485f·4649·4c54·4552·533d··ON_ARCH_FILTERS=
000b82a0:·222d·6120·616c·7761·7973·2c65·7869·7422··"-a·always,exit"000b82a0:·222d·6120·616c·7761·7973·2c65·7869·7422··"-a·always,exit"
000b82b0:·0a4f·5448·4552·5f46·494c·5445·5253·3d22··.OTHER_FILTERS="000b82b0:·0a4f·5448·4552·5f46·494c·5445·5253·3d22··.OTHER_FILTERS="
000b82c0:·2d46·2070·6174·683d·2f75·7372·2f62·696e··-F·path=/usr/bin000b82c0:·2d46·2070·6174·683d·2f75·7372·2f62·696e··-F·path=/usr/bin
000b82d0:·2f73·7564·6f20·2d46·2070·6572·6d3d·7822··/sudo·-F·perm=x"000b82d0:·2f73·7564·6f20·2d46·2070·6572·6d3d·7822··/sudo·-F·perm=x"
000b82e0:·0a41·5549·445f·4649·4c54·4552·533d·222d··.AUID_FILTERS="-000b82e0:·0a41·5549·445f·4649·4c54·4552·533d·222d··.AUID_FILTERS="-
000b82f0:·4620·6175·6964·2667·743b·3d31·3030·3020··F·auid&gt;=1000·000b82f0:·4620·6175·6964·2667·743b·3d31·3030·3020··F·auid&gt;=1000·
1.78 KB
html2text {}
    
Offset 49, 15 lines modifiedOffset 49, 15 lines modified
49 Profile·Title·ANSSI-BP-028·(enhanced)49 Profile·Title·ANSSI-BP-028·(enhanced)
50 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced50 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced
51 ***·CPE·Platforms·***51 ***·CPE·Platforms·***
52 ····*·cpe:/o:suse:linux_enterprise_desktop:1252 ····*·cpe:/o:suse:linux_enterprise_desktop:12
53 ····*·cpe:/o:suse:linux_enterprise_server:1253 ····*·cpe:/o:suse:linux_enterprise_server:12
54 *****·Revision·History·*****54 *****·Revision·History·*****
55 Current·version:·0.1.6555 Current·version:·0.1.65
56 ····*·draft·(as·of·2024-01-14)56 ····*·draft·(as·of·2025-02-15)
57 *****·Table·of·Contents·*****57 *****·Table·of·Contents·*****
58 ···1.·System_Settings58 ···1.·System_Settings
59 ·········1.·Installing_and_Maintaining_Software59 ·········1.·Installing_and_Maintaining_Software
60 ·········2.·Account_and_Access_Control60 ·········2.·Account_and_Access_Control
61 ·········3.·System_Accounting_with_auditd61 ·········3.·System_Accounting_with_auditd
62 ·········4.·GRUB2_bootloader_configuration62 ·········4.·GRUB2_bootloader_configuration
63 ·········5.·Configure_Syslog63 ·········5.·Configure_Syslog
Offset 6552, 16 lines modifiedOffset 6552, 16 lines modified
6552 ······line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x6552 ······line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x
6553 ········-F·auid>=1000·-F·auid!=unset·-F·key=privileged6553 ········-F·auid>=1000·-F·auid!=unset·-F·key=privileged
6554 ······create:·true6554 ······create:·true
6555 ······mode:·o-rwx6555 ······mode:·o-rwx
6556 ······state:·present6556 ······state:·present
6557 ····when:·syscalls_found·|·length·==·06557 ····when:·syscalls_found·|·length·==·0
6558 ··when:6558 ··when:
6559 ··-·'"audit"·in·ansible_facts.packages' 
6560 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]6559 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 6560 ··-·'"audit"·in·ansible_facts.packages'
6561 ··tags:6561 ··tags:
6562 ··-·CCE-83144-66562 ··-·CCE-83144-6
6563 ··-·DISA-STIG-SLES-12-0202606563 ··-·DISA-STIG-SLES-12-020260
6564 ··-·NIST-800-171-3.1.76564 ··-·NIST-800-171-3.1.7
6565 ··-·NIST-800-53-AC-6(9)6565 ··-·NIST-800-53-AC-6(9)
6566 ··-·NIST-800-53-AU-12(c)6566 ··-·NIST-800-53-AU-12(c)
6567 ··-·NIST-800-53-AU-2(d)6567 ··-·NIST-800-53-AU-2(d)
Offset 6570, 15 lines modifiedOffset 6570, 15 lines modified
6570 ··-·low_complexity6570 ··-·low_complexity
6571 ··-·low_disruption6571 ··-·low_disruption
6572 ··-·medium_severity6572 ··-·medium_severity
6573 ··-·no_reboot_needed6573 ··-·no_reboot_needed
6574 ··-·restrict_strategy6574 ··-·restrict_strategy
6575 Remediation_Shell_script_⇲6575 Remediation_Shell_script_⇲
6576 #·Remediation·is·applicable·only·in·certain·platforms6576 #·Remediation·is·applicable·only·in·certain·platforms
6577 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then6577 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
6578 ACTION_ARCH_FILTERS="-a·always,exit"6578 ACTION_ARCH_FILTERS="-a·always,exit"
6579 OTHER_FILTERS="-F·path=/usr/bin/sudo·-F·perm=x"6579 OTHER_FILTERS="-F·path=/usr/bin/sudo·-F·perm=x"
6580 AUID_FILTERS="-F·auid>=1000·-F·auid!=unset"6580 AUID_FILTERS="-F·auid>=1000·-F·auid!=unset"
6581 SYSCALL=""6581 SYSCALL=""
6582 KEY="privileged"6582 KEY="privileged"
6583 SYSCALL_GROUPING=""6583 SYSCALL_GROUPING=""
6.9 KB
./usr/share/doc/ssg-nondebian/ssg-sle12-guide-anssi_bp28_high.html
    
Offset 14342, 15 lines modifiedOffset 14342, 15 lines modified
00038050:·3c2f·6832·3e3c·703e·4375·7272·656e·7420··</h2><p>Current·00038050:·3c2f·6832·3e3c·703e·4375·7272·656e·7420··</h2><p>Current·
00038060:·7665·7273·696f·6e3a·203c·7374·726f·6e67··version:·<strong00038060:·7665·7273·696f·6e3a·203c·7374·726f·6e67··version:·<strong
00038070:·3e30·2e31·2e36·353c·2f73·7472·6f6e·673e··>0.1.65</strong>00038070:·3e30·2e31·2e36·353c·2f73·7472·6f6e·673e··>0.1.65</strong>
00038080:·3c2f·703e·3c75·6c3e·3c6c·693e·3c73·7472··</p><ul><li><str00038080:·3c2f·703e·3c75·6c3e·3c6c·693e·3c73·7472··</p><ul><li><str
00038090:·6f6e·673e·6472·6166·743c·2f73·7472·6f6e··ong>draft</stron00038090:·6f6e·673e·6472·6166·743c·2f73·7472·6f6e··ong>draft</stron
000380a0:·673e·0a20·2020·2020·2020·2020·2020·2020··g>.·············000380a0:·673e·0a20·2020·2020·2020·2020·2020·2020··g>.·············
000380b0:·2020·2020·2020·2028·6173·206f·6620·3230·········(as·of·20000380b0:·2020·2020·2020·2028·6173·206f·6620·3230·········(as·of·20
000380c0:·3234·2d30·312d·3134·290a·2020·2020·2020··24-01-14).······000380c0:·3235·2d30·322d·3135·290a·2020·2020·2020··25-02-15).······
000380d0:·2020·2020·2020·2020·2020·3c2f·6c69·3e3c············</li><000380d0:·2020·2020·2020·2020·2020·3c2f·6c69·3e3c············</li><
000380e0:·2f75·6c3e·3c2f·6469·763e·3c68·323e·5461··/ul></div><h2>Ta000380e0:·2f75·6c3e·3c2f·6469·763e·3c68·323e·5461··/ul></div><h2>Ta
000380f0:·626c·6520·6f66·2043·6f6e·7465·6e74·733c··ble·of·Contents<000380f0:·626c·6520·6f66·2043·6f6e·7465·6e74·733c··ble·of·Contents<
00038100:·2f68·323e·3c6f·6c3e·3c6c·693e·3c61·2068··/h2><ol><li><a·h00038100:·2f68·323e·3c6f·6c3e·3c6c·693e·3c61·2068··/h2><ol><li><a·h
00038110:·7265·663d·2223·7863·6364·665f·6f72·672e··ref="#xccdf_org.00038110:·7265·663d·2223·7863·6364·665f·6f72·672e··ref="#xccdf_org.
00038120:·7373·6770·726f·6a65·6374·2e63·6f6e·7465··ssgproject.conte00038120:·7373·6770·726f·6a65·6374·2e63·6f6e·7465··ssgproject.conte
00038130:·6e74·5f67·726f·7570·5f73·7973·7465·6d22··nt_group_system"00038130:·6e74·5f67·726f·7570·5f73·7973·7465·6d22··nt_group_system"
Offset 49495, 22 lines modifiedOffset 49495, 22 lines modified
000c1560:·6567·6564·0a20·2020·2020·2063·7265·6174··eged.······creat000c1560:·6567·6564·0a20·2020·2020·2063·7265·6174··eged.······creat
000c1570:·653a·2074·7275·650a·2020·2020·2020·6d6f··e:·true.······mo000c1570:·653a·2074·7275·650a·2020·2020·2020·6d6f··e:·true.······mo
000c1580:·6465·3a20·6f2d·7277·780a·2020·2020·2020··de:·o-rwx.······000c1580:·6465·3a20·6f2d·7277·780a·2020·2020·2020··de:·o-rwx.······
000c1590:·7374·6174·653a·2070·7265·7365·6e74·0a20··state:·present.·000c1590:·7374·6174·653a·2070·7265·7365·6e74·0a20··state:·present.·
000c15a0:·2020·2077·6865·6e3a·2073·7973·6361·6c6c·····when:·syscall000c15a0:·2020·2077·6865·6e3a·2073·7973·6361·6c6c·····when:·syscall
000c15b0:·735f·666f·756e·6420·7c20·6c65·6e67·7468··s_found·|·length000c15b0:·735f·666f·756e·6420·7c20·6c65·6e67·7468··s_found·|·length
000c15c0:·203d·3d20·300a·2020·7768·656e·3a0a·2020···==·0.··when:.··000c15c0:·203d·3d20·300a·2020·7768·656e·3a0a·2020···==·0.··when:.··
000c15d0:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an 
000c15e0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack 
000c15f0:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl 
000c1600:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization 
000c1610:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d 
000c1620:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·" 
000c1630:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman 
000c1640:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].000c15d0:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
 000c15e0:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
 000c15f0:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
 000c1600:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
 000c1610:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
 000c1620:·6169·6e65·7222·5d0a·2020·2d20·2722·6175··ainer"].··-·'"au
 000c1630:·6469·7422·2069·6e20·616e·7369·626c·655f··dit"·in·ansible_
 000c1640:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.
000c1650:·2020·7461·6773·3a0a·2020·2d20·4343·452d····tags:.··-·CCE-000c1650:·2020·7461·6773·3a0a·2020·2d20·4343·452d····tags:.··-·CCE-
000c1660:·3833·3134·342d·360a·2020·2d20·4449·5341··83144-6.··-·DISA000c1660:·3833·3134·342d·360a·2020·2d20·4449·5341··83144-6.··-·DISA
000c1670:·2d53·5449·472d·534c·4553·2d31·322d·3032··-STIG-SLES-12-02000c1670:·2d53·5449·472d·534c·4553·2d31·322d·3032··-STIG-SLES-12-02
000c1680:·3032·3630·0a20·202d·204e·4953·542d·3830··0260.··-·NIST-80000c1680:·3032·3630·0a20·202d·204e·4953·542d·3830··0260.··-·NIST-80
000c1690:·302d·3137·312d·332e·312e·370a·2020·2d20··0-171-3.1.7.··-·000c1690:·302d·3137·312d·332e·312e·370a·2020·2d20··0-171-3.1.7.··-·
000c16a0:·4e49·5354·2d38·3030·2d35·332d·4143·2d36··NIST-800-53-AC-6000c16a0:·4e49·5354·2d38·3030·2d35·332d·4143·2d36··NIST-800-53-AC-6
000c16b0:·2839·290a·2020·2d20·4e49·5354·2d38·3030··(9).··-·NIST-800000c16b0:·2839·290a·2020·2d20·4e49·5354·2d38·3030··(9).··-·NIST-800
Offset 49543, 21 lines modifiedOffset 49543, 21 lines modified
000c1860:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa000c1860:·723e·3c64·6976·2063·6c61·7373·3d22·7061··r><div·class="pa
000c1870:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col000c1870:·6e65·6c2d·636f·6c6c·6170·7365·2063·6f6c··nel-collapse·col
000c1880:·6c61·7073·6522·2069·643d·2269·646d·3234··lapse"·id="idm24000c1880:·6c61·7073·6522·2069·643d·2269·646d·3234··lapse"·id="idm24
000c1890:·3335·3422·3e3c·7072·653e·3c63·6f64·653e··354"><pre><code>000c1890:·3335·3422·3e3c·7072·653e·3c63·6f64·653e··354"><pre><code>
000c18a0:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is000c18a0:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is
000c18b0:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only000c18b0:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only
000c18c0:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat000c18c0:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat
000c18d0:·666f·726d·730a·6966·2072·706d·202d·2d71··forms.if·rpm·--q000c18d0:·666f·726d·730a·6966·205b·2021·202d·6620··forms.if·[·!·-f·
000c18e0:·7569·6574·202d·7120·6175·6469·7420·2661··uiet·-q·audit·&a000c18e0:·2f2e·646f·636b·6572·656e·7620·5d20·2661··/.dockerenv·]·&a
000c18f0:·6d70·3b26·616d·703b·205b·2021·202d·6620··mp;&amp;·[·!·-f·000c18f0:·6d70·3b26·616d·703b·205b·2021·202d·6620··mp;&amp;·[·!·-f·
000c1900:·2f2e·646f·636b·6572·656e·7620·5d20·2661··/.dockerenv·]·&a 
000c1910:·6d70·3b26·616d·703b·205b·2021·202d·6620··mp;&amp;·[·!·-f· 
000c1920:·2f72·756e·2f2e·636f·6e74·6169·6e65·7265··/run/.containere000c1900:·2f72·756e·2f2e·636f·6e74·6169·6e65·7265··/run/.containere
 000c1910:·6e76·205d·2026·616d·703b·2661·6d70·3b20··nv·]·&amp;&amp;·
 000c1920:·7270·6d20·2d2d·7175·6965·7420·2d71·2061··rpm·--quiet·-q·a
000c1930:·6e76·205d·3b20·7468·656e·0a0a·4143·5449··nv·];·then..ACTI000c1930:·7564·6974·3b20·7468·656e·0a0a·4143·5449··udit;·then..ACTI
000c1940:·4f4e·5f41·5243·485f·4649·4c54·4552·533d··ON_ARCH_FILTERS=000c1940:·4f4e·5f41·5243·485f·4649·4c54·4552·533d··ON_ARCH_FILTERS=
000c1950:·222d·6120·616c·7761·7973·2c65·7869·7422··"-a·always,exit"000c1950:·222d·6120·616c·7761·7973·2c65·7869·7422··"-a·always,exit"
000c1960:·0a4f·5448·4552·5f46·494c·5445·5253·3d22··.OTHER_FILTERS="000c1960:·0a4f·5448·4552·5f46·494c·5445·5253·3d22··.OTHER_FILTERS="
000c1970:·2d46·2070·6174·683d·2f75·7372·2f62·696e··-F·path=/usr/bin000c1970:·2d46·2070·6174·683d·2f75·7372·2f62·696e··-F·path=/usr/bin
000c1980:·2f73·7564·6f20·2d46·2070·6572·6d3d·7822··/sudo·-F·perm=x"000c1980:·2f73·7564·6f20·2d46·2070·6572·6d3d·7822··/sudo·-F·perm=x"
000c1990:·0a41·5549·445f·4649·4c54·4552·533d·222d··.AUID_FILTERS="-000c1990:·0a41·5549·445f·4649·4c54·4552·533d·222d··.AUID_FILTERS="-
000c19a0:·4620·6175·6964·2667·743b·3d31·3030·3020··F·auid&gt;=1000·000c19a0:·4620·6175·6964·2667·743b·3d31·3030·3020··F·auid&gt;=1000·
1.77 KB
html2text {}
    
Offset 49, 15 lines modifiedOffset 49, 15 lines modified
49 Profile·Title·ANSSI-BP-028·(high)49 Profile·Title·ANSSI-BP-028·(high)
50 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_high50 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_high
51 ***·CPE·Platforms·***51 ***·CPE·Platforms·***
52 ····*·cpe:/o:suse:linux_enterprise_desktop:1252 ····*·cpe:/o:suse:linux_enterprise_desktop:12
53 ····*·cpe:/o:suse:linux_enterprise_server:1253 ····*·cpe:/o:suse:linux_enterprise_server:12
54 *****·Revision·History·*****54 *****·Revision·History·*****
55 Current·version:·0.1.6555 Current·version:·0.1.65
56 ····*·draft·(as·of·2024-01-14)56 ····*·draft·(as·of·2025-02-15)
57 *****·Table·of·Contents·*****57 *****·Table·of·Contents·*****
58 ···1.·System_Settings58 ···1.·System_Settings
59 ·········1.·Installing_and_Maintaining_Software59 ·········1.·Installing_and_Maintaining_Software
60 ·········2.·Account_and_Access_Control60 ·········2.·Account_and_Access_Control
61 ·········3.·System_Accounting_with_auditd61 ·········3.·System_Accounting_with_auditd
62 ·········4.·GRUB2_bootloader_configuration62 ·········4.·GRUB2_bootloader_configuration
63 ·········5.·Configure_Syslog63 ·········5.·Configure_Syslog
Offset 7029, 16 lines modifiedOffset 7029, 16 lines modified
7029 ······line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x7029 ······line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x
7030 ········-F·auid>=1000·-F·auid!=unset·-F·key=privileged7030 ········-F·auid>=1000·-F·auid!=unset·-F·key=privileged
7031 ······create:·true7031 ······create:·true
7032 ······mode:·o-rwx7032 ······mode:·o-rwx
7033 ······state:·present7033 ······state:·present
7034 ····when:·syscalls_found·|·length·==·07034 ····when:·syscalls_found·|·length·==·0
7035 ··when:7035 ··when:
7036 ··-·'"audit"·in·ansible_facts.packages' 
7037 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]7036 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 7037 ··-·'"audit"·in·ansible_facts.packages'
7038 ··tags:7038 ··tags:
7039 ··-·CCE-83144-67039 ··-·CCE-83144-6
7040 ··-·DISA-STIG-SLES-12-0202607040 ··-·DISA-STIG-SLES-12-020260
7041 ··-·NIST-800-171-3.1.77041 ··-·NIST-800-171-3.1.7
7042 ··-·NIST-800-53-AC-6(9)7042 ··-·NIST-800-53-AC-6(9)
7043 ··-·NIST-800-53-AU-12(c)7043 ··-·NIST-800-53-AU-12(c)
7044 ··-·NIST-800-53-AU-2(d)7044 ··-·NIST-800-53-AU-2(d)
Offset 7047, 15 lines modifiedOffset 7047, 15 lines modified
7047 ··-·low_complexity7047 ··-·low_complexity
7048 ··-·low_disruption7048 ··-·low_disruption
7049 ··-·medium_severity7049 ··-·medium_severity
7050 ··-·no_reboot_needed7050 ··-·no_reboot_needed
7051 ··-·restrict_strategy7051 ··-·restrict_strategy
7052 Remediation_Shell_script_⇲7052 Remediation_Shell_script_⇲
7053 #·Remediation·is·applicable·only·in·certain·platforms7053 #·Remediation·is·applicable·only·in·certain·platforms
7054 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then7054 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
7055 ACTION_ARCH_FILTERS="-a·always,exit"7055 ACTION_ARCH_FILTERS="-a·always,exit"
7056 OTHER_FILTERS="-F·path=/usr/bin/sudo·-F·perm=x"7056 OTHER_FILTERS="-F·path=/usr/bin/sudo·-F·perm=x"
7057 AUID_FILTERS="-F·auid>=1000·-F·auid!=unset"7057 AUID_FILTERS="-F·auid>=1000·-F·auid!=unset"
7058 SYSCALL=""7058 SYSCALL=""
7059 KEY="privileged"7059 KEY="privileged"
7060 SYSCALL_GROUPING=""7060 SYSCALL_GROUPING=""
7.14 KB
./usr/share/doc/ssg-nondebian/ssg-sle12-guide-anssi_bp28_intermediary.html
    
Offset 14344, 15 lines modifiedOffset 14344, 15 lines modified
00038070:·3c2f·6832·3e3c·703e·4375·7272·656e·7420··</h2><p>Current·00038070:·3c2f·6832·3e3c·703e·4375·7272·656e·7420··</h2><p>Current·
00038080:·7665·7273·696f·6e3a·203c·7374·726f·6e67··version:·<strong00038080:·7665·7273·696f·6e3a·203c·7374·726f·6e67··version:·<strong
00038090:·3e30·2e31·2e36·353c·2f73·7472·6f6e·673e··>0.1.65</strong>00038090:·3e30·2e31·2e36·353c·2f73·7472·6f6e·673e··>0.1.65</strong>
000380a0:·3c2f·703e·3c75·6c3e·3c6c·693e·3c73·7472··</p><ul><li><str000380a0:·3c2f·703e·3c75·6c3e·3c6c·693e·3c73·7472··</p><ul><li><str
000380b0:·6f6e·673e·6472·6166·743c·2f73·7472·6f6e··ong>draft</stron000380b0:·6f6e·673e·6472·6166·743c·2f73·7472·6f6e··ong>draft</stron
000380c0:·673e·0a20·2020·2020·2020·2020·2020·2020··g>.·············000380c0:·673e·0a20·2020·2020·2020·2020·2020·2020··g>.·············
000380d0:·2020·2020·2020·2028·6173·206f·6620·3230·········(as·of·20000380d0:·2020·2020·2020·2028·6173·206f·6620·3230·········(as·of·20
000380e0:·3234·2d30·312d·3134·290a·2020·2020·2020··24-01-14).······000380e0:·3235·2d30·322d·3135·290a·2020·2020·2020··25-02-15).······
000380f0:·2020·2020·2020·2020·2020·3c2f·6c69·3e3c············</li><000380f0:·2020·2020·2020·2020·2020·3c2f·6c69·3e3c············</li><
00038100:·2f75·6c3e·3c2f·6469·763e·3c68·323e·5461··/ul></div><h2>Ta00038100:·2f75·6c3e·3c2f·6469·763e·3c68·323e·5461··/ul></div><h2>Ta
00038110:·626c·6520·6f66·2043·6f6e·7465·6e74·733c··ble·of·Contents<00038110:·626c·6520·6f66·2043·6f6e·7465·6e74·733c··ble·of·Contents<
00038120:·2f68·323e·3c6f·6c3e·3c6c·693e·3c61·2068··/h2><ol><li><a·h00038120:·2f68·323e·3c6f·6c3e·3c6c·693e·3c61·2068··/h2><ol><li><a·h
00038130:·7265·663d·2223·7863·6364·665f·6f72·672e··ref="#xccdf_org.00038130:·7265·663d·2223·7863·6364·665f·6f72·672e··ref="#xccdf_org.
00038140:·7373·6770·726f·6a65·6374·2e63·6f6e·7465··ssgproject.conte00038140:·7373·6770·726f·6a65·6374·2e63·6f6e·7465··ssgproject.conte
00038150:·6e74·5f67·726f·7570·5f73·7973·7465·6d22··nt_group_system"00038150:·6e74·5f67·726f·7570·5f73·7973·7465·6d22··nt_group_system"
Offset 44502, 23 lines modifiedOffset 44502, 23 lines modified
000add50:·6976·696c·6567·6564·0a20·2020·2020·2063··ivileged.······c000add50:·6976·696c·6567·6564·0a20·2020·2020·2063··ivileged.······c
000add60:·7265·6174·653a·2074·7275·650a·2020·2020··reate:·true.····000add60:·7265·6174·653a·2074·7275·650a·2020·2020··reate:·true.····
000add70:·2020·6d6f·6465·3a20·6f2d·7277·780a·2020····mode:·o-rwx.··000add70:·2020·6d6f·6465·3a20·6f2d·7277·780a·2020····mode:·o-rwx.··
000add80:·2020·2020·7374·6174·653a·2070·7265·7365······state:·prese000add80:·2020·2020·7374·6174·653a·2070·7265·7365······state:·prese
000add90:·6e74·0a20·2020·2077·6865·6e3a·2073·7973··nt.····when:·sys000add90:·6e74·0a20·2020·2077·6865·6e3a·2073·7973··nt.····when:·sys
000adda0:·6361·6c6c·735f·666f·756e·6420·7c20·6c65··calls_found·|·le000adda0:·6361·6c6c·735f·666f·756e·6420·7c20·6c65··calls_found·|·le
000addb0:·6e67·7468·203d·3d20·300a·2020·7768·656e··ngth·==·0.··when000addb0:·6e67·7468·203d·3d20·300a·2020·7768·656e··ngth·==·0.··when
000addc0:·3a0a·2020·2d20·2722·6175·6469·7422·2069··:.··-·'"audit"·i 
000addd0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
000adde0:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an 
000addf0:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza 
000ade00:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in 
000ade10:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc 
000ade20:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po 
000ade30:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe000addc0:·3a0a·2020·2d20·616e·7369·626c·655f·7669··:.··-·ansible_vi
 000addd0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
 000adde0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
 000addf0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
 000ade00:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
 000ade10:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·
 000ade20:·2722·6175·6469·7422·2069·6e20·616e·7369··'"audit"·in·ansi
 000ade30:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
000ade40:·7222·5d0a·2020·7461·6773·3a0a·2020·2d20··r"].··tags:.··-·000ade40:·6573·270a·2020·7461·6773·3a0a·2020·2d20··es'.··tags:.··-·
000ade50:·4343·452d·3833·3134·342d·360a·2020·2d20··CCE-83144-6.··-·000ade50:·4343·452d·3833·3134·342d·360a·2020·2d20··CCE-83144-6.··-·
000ade60:·4449·5341·2d53·5449·472d·534c·4553·2d31··DISA-STIG-SLES-1000ade60:·4449·5341·2d53·5449·472d·534c·4553·2d31··DISA-STIG-SLES-1
000ade70:·322d·3032·3032·3630·0a20·202d·204e·4953··2-020260.··-·NIS000ade70:·322d·3032·3032·3630·0a20·202d·204e·4953··2-020260.··-·NIS
000ade80:·542d·3830·302d·3137·312d·332e·312e·370a··T-800-171-3.1.7.000ade80:·542d·3830·302d·3137·312d·332e·312e·370a··T-800-171-3.1.7.
000ade90:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-000ade90:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-
000adea0:·4143·2d36·2839·290a·2020·2d20·4e49·5354··AC-6(9).··-·NIST000adea0:·4143·2d36·2839·290a·2020·2d20·4e49·5354··AC-6(9).··-·NIST
000adeb0:·2d38·3030·2d35·332d·4155·2d31·3228·6329··-800-53-AU-12(c)000adeb0:·2d38·3030·2d35·332d·4155·2d31·3228·6329··-800-53-AU-12(c)
Offset 44550, 21 lines modifiedOffset 44550, 21 lines modified
000ae050:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class000ae050:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
000ae060:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse000ae060:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
000ae070:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i000ae070:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
000ae080:·646d·3234·3335·3422·3e3c·7072·653e·3c63··dm24354"><pre><c000ae080:·646d·3234·3335·3422·3e3c·7072·653e·3c63··dm24354"><pre><c
000ae090:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio000ae090:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio
000ae0a0:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·000ae0a0:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·
000ae0b0:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·000ae0b0:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·
000ae0c0:·706c·6174·666f·726d·730a·6966·2072·706d··platforms.if·rpm000ae0c0:·706c·6174·666f·726d·730a·6966·205b·2021··platforms.if·[·!
000ae0d0:·202d·2d71·7569·6574·202d·7120·6175·6469···--quiet·-q·audi 
000ae0e0:·7420·2661·6d70·3b26·616d·703b·205b·2021··t·&amp;&amp;·[·! 
000ae0f0:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·000ae0d0:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·
000ae100:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!000ae0e0:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!
000ae110:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai000ae0f0:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai
000ae120:·6e65·7265·6e76·205d·3b20·7468·656e·0a0a··nerenv·];·then..000ae100:·6e65·7265·6e76·205d·2026·616d·703b·2661··nerenv·]·&amp;&a
 000ae110:·6d70·3b20·7270·6d20·2d2d·7175·6965·7420··mp;·rpm·--quiet·
 000ae120:·2d71·2061·7564·6974·3b20·7468·656e·0a0a··-q·audit;·then..
000ae130:·4143·5449·4f4e·5f41·5243·485f·4649·4c54··ACTION_ARCH_FILT000ae130:·4143·5449·4f4e·5f41·5243·485f·4649·4c54··ACTION_ARCH_FILT
000ae140:·4552·533d·222d·6120·616c·7761·7973·2c65··ERS="-a·always,e000ae140:·4552·533d·222d·6120·616c·7761·7973·2c65··ERS="-a·always,e
000ae150:·7869·7422·0a4f·5448·4552·5f46·494c·5445··xit".OTHER_FILTE000ae150:·7869·7422·0a4f·5448·4552·5f46·494c·5445··xit".OTHER_FILTE
000ae160:·5253·3d22·2d46·2070·6174·683d·2f75·7372··RS="-F·path=/usr000ae160:·5253·3d22·2d46·2070·6174·683d·2f75·7372··RS="-F·path=/usr
000ae170:·2f62·696e·2f73·7564·6f20·2d46·2070·6572··/bin/sudo·-F·per000ae170:·2f62·696e·2f73·7564·6f20·2d46·2070·6572··/bin/sudo·-F·per
000ae180:·6d3d·7822·0a41·5549·445f·4649·4c54·4552··m=x".AUID_FILTER000ae180:·6d3d·7822·0a41·5549·445f·4649·4c54·4552··m=x".AUID_FILTER
000ae190:·533d·222d·4620·6175·6964·2667·743b·3d31··S="-F·auid&gt;=1000ae190:·533d·222d·4620·6175·6964·2667·743b·3d31··S="-F·auid&gt;=1
1.79 KB
html2text {}
    
Offset 49, 15 lines modifiedOffset 49, 15 lines modified
49 Profile·Title·ANSSI-BP-028·(intermediary)49 Profile·Title·ANSSI-BP-028·(intermediary)
50 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary50 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary
51 ***·CPE·Platforms·***51 ***·CPE·Platforms·***
52 ····*·cpe:/o:suse:linux_enterprise_desktop:1252 ····*·cpe:/o:suse:linux_enterprise_desktop:12
53 ····*·cpe:/o:suse:linux_enterprise_server:1253 ····*·cpe:/o:suse:linux_enterprise_server:12
54 *****·Revision·History·*****54 *****·Revision·History·*****
55 Current·version:·0.1.6555 Current·version:·0.1.65
56 ····*·draft·(as·of·2024-01-14)56 ····*·draft·(as·of·2025-02-15)
57 *****·Table·of·Contents·*****57 *****·Table·of·Contents·*****
58 ···1.·System_Settings58 ···1.·System_Settings
59 ·········1.·Installing_and_Maintaining_Software59 ·········1.·Installing_and_Maintaining_Software
60 ·········2.·Account_and_Access_Control60 ·········2.·Account_and_Access_Control
61 ·········3.·System_Accounting_with_auditd61 ·········3.·System_Accounting_with_auditd
62 ·········4.·Configure_Syslog62 ·········4.·Configure_Syslog
63 ·········5.·Network_Configuration_and_Firewalls63 ·········5.·Network_Configuration_and_Firewalls
Offset 6019, 16 lines modifiedOffset 6019, 16 lines modified
6019 ······line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x6019 ······line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x
6020 ········-F·auid>=1000·-F·auid!=unset·-F·key=privileged6020 ········-F·auid>=1000·-F·auid!=unset·-F·key=privileged
6021 ······create:·true6021 ······create:·true
6022 ······mode:·o-rwx6022 ······mode:·o-rwx
6023 ······state:·present6023 ······state:·present
6024 ····when:·syscalls_found·|·length·==·06024 ····when:·syscalls_found·|·length·==·0
6025 ··when:6025 ··when:
6026 ··-·'"audit"·in·ansible_facts.packages' 
6027 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]6026 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 6027 ··-·'"audit"·in·ansible_facts.packages'
6028 ··tags:6028 ··tags:
6029 ··-·CCE-83144-66029 ··-·CCE-83144-6
6030 ··-·DISA-STIG-SLES-12-0202606030 ··-·DISA-STIG-SLES-12-020260
6031 ··-·NIST-800-171-3.1.76031 ··-·NIST-800-171-3.1.7
6032 ··-·NIST-800-53-AC-6(9)6032 ··-·NIST-800-53-AC-6(9)
6033 ··-·NIST-800-53-AU-12(c)6033 ··-·NIST-800-53-AU-12(c)
6034 ··-·NIST-800-53-AU-2(d)6034 ··-·NIST-800-53-AU-2(d)
Offset 6037, 15 lines modifiedOffset 6037, 15 lines modified
6037 ··-·low_complexity6037 ··-·low_complexity
6038 ··-·low_disruption6038 ··-·low_disruption
6039 ··-·medium_severity6039 ··-·medium_severity
6040 ··-·no_reboot_needed6040 ··-·no_reboot_needed
6041 ··-·restrict_strategy6041 ··-·restrict_strategy
6042 Remediation_Shell_script_⇲6042 Remediation_Shell_script_⇲
6043 #·Remediation·is·applicable·only·in·certain·platforms6043 #·Remediation·is·applicable·only·in·certain·platforms
6044 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then6044 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
6045 ACTION_ARCH_FILTERS="-a·always,exit"6045 ACTION_ARCH_FILTERS="-a·always,exit"
6046 OTHER_FILTERS="-F·path=/usr/bin/sudo·-F·perm=x"6046 OTHER_FILTERS="-F·path=/usr/bin/sudo·-F·perm=x"
6047 AUID_FILTERS="-F·auid>=1000·-F·auid!=unset"6047 AUID_FILTERS="-F·auid>=1000·-F·auid!=unset"
6048 SYSCALL=""6048 SYSCALL=""
6049 KEY="privileged"6049 KEY="privileged"
6050 SYSCALL_GROUPING=""6050 SYSCALL_GROUPING=""
1.98 KB
./usr/share/doc/ssg-nondebian/ssg-sle12-guide-anssi_bp28_minimal.html
    
Offset 14342, 16 lines modifiedOffset 14342, 16 lines modified
00038050:·7369·6f6e·2048·6973·746f·7279·3c2f·6832··sion·History</h200038050:·7369·6f6e·2048·6973·746f·7279·3c2f·6832··sion·History</h2
00038060:·3e3c·703e·4375·7272·656e·7420·7665·7273··><p>Current·vers00038060:·3e3c·703e·4375·7272·656e·7420·7665·7273··><p>Current·vers
00038070:·696f·6e3a·203c·7374·726f·6e67·3e30·2e31··ion:·<strong>0.100038070:·696f·6e3a·203c·7374·726f·6e67·3e30·2e31··ion:·<strong>0.1
00038080:·2e36·353c·2f73·7472·6f6e·673e·3c2f·703e··.65</strong></p>00038080:·2e36·353c·2f73·7472·6f6e·673e·3c2f·703e··.65</strong></p>
00038090:·3c75·6c3e·3c6c·693e·3c73·7472·6f6e·673e··<ul><li><strong>00038090:·3c75·6c3e·3c6c·693e·3c73·7472·6f6e·673e··<ul><li><strong>
000380a0:·6472·6166·743c·2f73·7472·6f6e·673e·0a20··draft</strong>.·000380a0:·6472·6166·743c·2f73·7472·6f6e·673e·0a20··draft</strong>.·
000380b0:·2020·2020·2020·2020·2020·2020·2020·2020··················000380b0:·2020·2020·2020·2020·2020·2020·2020·2020··················
000380c0:·2020·2028·6173·206f·6620·3230·3234·2d30·····(as·of·2024-0000380c0:·2020·2028·6173·206f·6620·3230·3235·2d30·····(as·of·2025-0
000380d0:·312d·3134·290a·2020·2020·2020·2020·2020··1-14).··········000380d0:·322d·3135·290a·2020·2020·2020·2020·2020··2-15).··········
000380e0:·2020·2020·2020·3c2f·6c69·3e3c·2f75·6c3e········</li></ul>000380e0:·2020·2020·2020·3c2f·6c69·3e3c·2f75·6c3e········</li></ul>
000380f0:·3c2f·6469·763e·3c68·323e·5461·626c·6520··</div><h2>Table·000380f0:·3c2f·6469·763e·3c68·323e·5461·626c·6520··</div><h2>Table·
00038100:·6f66·2043·6f6e·7465·6e74·733c·2f68·323e··of·Contents</h2>00038100:·6f66·2043·6f6e·7465·6e74·733c·2f68·323e··of·Contents</h2>
00038110:·3c6f·6c3e·3c6c·693e·3c61·2068·7265·663d··<ol><li><a·href=00038110:·3c6f·6c3e·3c6c·693e·3c61·2068·7265·663d··<ol><li><a·href=
00038120:·2223·7863·6364·665f·6f72·672e·7373·6770··"#xccdf_org.ssgp00038120:·2223·7863·6364·665f·6f72·672e·7373·6770··"#xccdf_org.ssgp
00038130:·726f·6a65·6374·2e63·6f6e·7465·6e74·5f67··roject.content_g00038130:·726f·6a65·6374·2e63·6f6e·7465·6e74·5f67··roject.content_g
00038140:·726f·7570·5f73·7973·7465·6d22·3e53·7973··roup_system">Sys00038140:·726f·7570·5f73·7973·7465·6d22·3e53·7973··roup_system">Sys
617 B
html2text {}
    
Offset 49, 15 lines modifiedOffset 49, 15 lines modified
49 Profile·Title·ANSSI-BP-028·(minimal)49 Profile·Title·ANSSI-BP-028·(minimal)
50 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_minimal50 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_minimal
51 ***·CPE·Platforms·***51 ***·CPE·Platforms·***
52 ····*·cpe:/o:suse:linux_enterprise_desktop:1252 ····*·cpe:/o:suse:linux_enterprise_desktop:12
53 ····*·cpe:/o:suse:linux_enterprise_server:1253 ····*·cpe:/o:suse:linux_enterprise_server:12
54 *****·Revision·History·*****54 *****·Revision·History·*****
55 Current·version:·0.1.6555 Current·version:·0.1.65
56 ····*·draft·(as·of·2024-01-14)56 ····*·draft·(as·of·2025-02-15)
57 *****·Table·of·Contents·*****57 *****·Table·of·Contents·*****
58 ···1.·System_Settings58 ···1.·System_Settings
59 ·········1.·Installing_and_Maintaining_Software59 ·········1.·Installing_and_Maintaining_Software
60 ·········2.·Account_and_Access_Control60 ·········2.·Account_and_Access_Control
61 ·········3.·Configure_Syslog61 ·········3.·Configure_Syslog
62 ·········4.·File_Permissions_and_Masks62 ·········4.·File_Permissions_and_Masks
63 ···2.·Services63 ···2.·Services
812 KB
./usr/share/doc/ssg-nondebian/ssg-sle12-guide-cis.html
    
Offset 14311, 16 lines modifiedOffset 14311, 16 lines modified
00037e60:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p00037e60:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p
00037e70:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version00037e70:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version
00037e80:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.6500037e80:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.65
00037e90:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul00037e90:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul
00037ea0:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra00037ea0:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra
00037eb0:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····00037eb0:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····
00037ec0:·2020·2020·2020·2020·2020·2020·2020·2020··················00037ec0:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037ed0:·2861·7320·6f66·2032·3032·342d·3031·2d31··(as·of·2024-01-100037ed0:·2861·7320·6f66·2032·3032·352d·3032·2d31··(as·of·2025-02-1
00037ee0:·3429·0a20·2020·2020·2020·2020·2020·2020··4).·············00037ee0:·3529·0a20·2020·2020·2020·2020·2020·2020··5).·············
00037ef0:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d00037ef0:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d
00037f00:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·00037f00:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·
00037f10:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol00037f10:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol
00037f20:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x00037f20:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x
00037f30:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj00037f30:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj
00037f40:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou00037f40:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou
00037f50:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System00037f50:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System
Offset 46236, 23 lines modifiedOffset 46236, 23 lines modified
000b49b0:·7569·7265·640a·2020·2d20·7265·7374·7269··uired.··-·restri000b49b0:·7569·7265·640a·2020·2d20·7265·7374·7269··uired.··-·restri
000b49c0:·6374·5f73·7472·6174·6567·790a·0a2d·206e··ct_strategy..-·n000b49c0:·6374·5f73·7472·6174·6567·790a·0a2d·206e··ct_strategy..-·n
000b49d0:·616d·653a·2053·6574·2061·7263·6869·7465··ame:·Set·archite000b49d0:·616d·653a·2053·6574·2061·7263·6869·7465··ame:·Set·archite
000b49e0:·6374·7572·6520·666f·7220·6175·6469·7420··cture·for·audit·000b49e0:·6374·7572·6520·666f·7220·6175·6469·7420··cture·for·audit·
000b49f0:·6368·6d6f·6420·7461·736b·730a·2020·7365··chmod·tasks.··se000b49f0:·6368·6d6f·6420·7461·736b·730a·2020·7365··chmod·tasks.··se
000b4a00:·745f·6661·6374·3a0a·2020·2020·6175·6469··t_fact:.····audi000b4a00:·745f·6661·6374·3a0a·2020·2020·6175·6469··t_fact:.····audi
000b4a10:·745f·6172·6368·3a20·6236·340a·2020·7768··t_arch:·b64.··wh000b4a10:·745f·6172·6368·3a20·6236·340a·2020·7768··t_arch:·b64.··wh
000b4a20:·656e·3a0a·2020·2d20·2722·6175·6469·7422··en:.··-·'"audit" 
000b4a30:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
000b4a40:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-· 
000b4a50:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali 
000b4a60:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not· 
000b4a70:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l 
000b4a80:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·" 
000b4a90:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai000b4a20:·656e·3a0a·2020·2d20·616e·7369·626c·655f··en:.··-·ansible_
 000b4a30:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
 000b4a40:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
 000b4a50:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
 000b4a60:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
 000b4a70:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
 000b4a80:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an
 000b4a90:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
000b4aa0:·6e65·7222·5d0a·2020·2d20·616e·7369·626c··ner"].··-·ansibl000b4aa0:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl
000b4ab0:·655f·6172·6368·6974·6563·7475·7265·203d··e_architecture·=000b4ab0:·655f·6172·6368·6974·6563·7475·7265·203d··e_architecture·=
000b4ac0:·3d20·2261·6172·6368·3634·2220·6f72·2061··=·"aarch64"·or·a000b4ac0:·3d20·2261·6172·6368·3634·2220·6f72·2061··=·"aarch64"·or·a
000b4ad0:·6e73·6962·6c65·5f61·7263·6869·7465·6374··nsible_architect000b4ad0:·6e73·6962·6c65·5f61·7263·6869·7465·6374··nsible_architect
000b4ae0:·7572·6520·3d3d·2022·7070·6336·3422·206f··ure·==·"ppc64"·o000b4ae0:·7572·6520·3d3d·2022·7070·6336·3422·206f··ure·==·"ppc64"·o
000b4af0:·7220·616e·7369·626c·655f·6172·6368·6974··r·ansible_archit000b4af0:·7220·616e·7369·626c·655f·6172·6368·6974··r·ansible_archit
000b4b00:·6563·7475·7265·0a20·2020·203d·3d20·2270··ecture.····==·"p000b4b00:·6563·7475·7265·0a20·2020·203d·3d20·2270··ecture.····==·"p
000b4b10:·7063·3634·6c65·2220·6f72·2061·6e73·6962··pc64le"·or·ansib000b4b10:·7063·3634·6c65·2220·6f72·2061·6e73·6962··pc64le"·or·ansib
Offset 46560, 23 lines modifiedOffset 46560, 23 lines modified
000b5df0:·206b·6579·3d70·6572·6d5f·6d6f·640a·2020···key=perm_mod.··000b5df0:·206b·6579·3d70·6572·6d5f·6d6f·640a·2020···key=perm_mod.··
000b5e00:·2020·2020·6372·6561·7465·3a20·7472·7565······create:·true000b5e00:·2020·2020·6372·6561·7465·3a20·7472·7565······create:·true
000b5e10:·0a20·2020·2020·206d·6f64·653a·206f·2d72··.······mode:·o-r000b5e10:·0a20·2020·2020·206d·6f64·653a·206f·2d72··.······mode:·o-r
000b5e20:·7778·0a20·2020·2020·2073·7461·7465·3a20··wx.······state:·000b5e20:·7778·0a20·2020·2020·2073·7461·7465·3a20··wx.······state:·
000b5e30:·7072·6573·656e·740a·2020·2020·7768·656e··present.····when000b5e30:·7072·6573·656e·740a·2020·2020·7768·656e··present.····when
000b5e40:·3a20·7379·7363·616c·6c73·5f66·6f75·6e64··:·syscalls_found000b5e40:·3a20·7379·7363·616c·6c73·5f66·6f75·6e64··:·syscalls_found
000b5e50:·207c·206c·656e·6774·6820·3d3d·2030·0a20···|·length·==·0.·000b5e50:·207c·206c·656e·6774·6820·3d3d·2030·0a20···|·length·==·0.·
000b5e60:·2077·6865·6e3a·0a20·202d·2027·2261·7564···when:.··-·'"aud000b5e60:·2077·6865·6e3a·0a20·202d·2061·6e73·6962···when:.··-·ansib
000b5e70:·6974·2220·696e·2061·6e73·6962·6c65·5f66··it"·in·ansible_f 
000b5e80:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.· 
000b5e90:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu 
000b5ea0:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n 
000b5eb0:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker", 
000b5ec0:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz" 
000b5ed0:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con 
000b5ee0:·7461·696e·6572·225d·0a20·2074·6167·733a··tainer"].··tags:000b5e70:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio
 000b5e80:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["
 000b5e90:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·
 000b5ea0:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma
 000b5eb0:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]
 000b5ec0:·0a20·202d·2027·2261·7564·6974·2220·696e··.··-·'"audit"·in
 000b5ed0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p
 000b5ee0:·6163·6b61·6765·7327·0a20·2074·6167·733a··ackages'.··tags:
000b5ef0:·0a20·202d·2043·4345·2d38·3331·3036·2d35··.··-·CCE-83106-5000b5ef0:·0a20·202d·2043·4345·2d38·3331·3036·2d35··.··-·CCE-83106-5
000b5f00:·0a20·202d·2043·4a49·532d·352e·342e·312e··.··-·CJIS-5.4.1.000b5f00:·0a20·202d·2043·4a49·532d·352e·342e·312e··.··-·CJIS-5.4.1.
000b5f10:·310a·2020·2d20·4449·5341·2d53·5449·472d··1.··-·DISA-STIG-000b5f10:·310a·2020·2d20·4449·5341·2d53·5449·472d··1.··-·DISA-STIG-
000b5f20:·534c·4553·2d31·322d·3032·3034·3630·0a20··SLES-12-020460.·000b5f20:·534c·4553·2d31·322d·3032·3034·3630·0a20··SLES-12-020460.·
000b5f30:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-000b5f30:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-
000b5f40:·332e·312e·370a·2020·2d20·4e49·5354·2d38··3.1.7.··-·NIST-8000b5f40:·332e·312e·370a·2020·2d20·4e49·5354·2d38··3.1.7.··-·NIST-8
000b5f50:·3030·2d35·332d·4155·2d31·3228·6329·0a20··00-53-AU-12(c).·000b5f50:·3030·2d35·332d·4155·2d31·3228·6329·0a20··00-53-AU-12(c).·
Offset 46873, 23 lines modifiedOffset 46873, 23 lines modified
000b7180:·6572·6d5f·6d6f·640a·2020·2020·2020·6372··erm_mod.······cr000b7180:·6572·6d5f·6d6f·640a·2020·2020·2020·6372··erm_mod.······cr
000b7190:·6561·7465·3a20·7472·7565·0a20·2020·2020··eate:·true.·····000b7190:·6561·7465·3a20·7472·7565·0a20·2020·2020··eate:·true.·····
000b71a0:·206d·6f64·653a·206f·2d72·7778·0a20·2020···mode:·o-rwx.···000b71a0:·206d·6f64·653a·206f·2d72·7778·0a20·2020···mode:·o-rwx.···
000b71b0:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen000b71b0:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen
000b71c0:·740a·2020·2020·7768·656e·3a20·7379·7363··t.····when:·sysc000b71c0:·740a·2020·2020·7768·656e·3a20·7379·7363··t.····when:·sysc
000b71d0:·616c·6c73·5f66·6f75·6e64·207c·206c·656e··alls_found·|·len000b71d0:·616c·6c73·5f66·6f75·6e64·207c·206c·656e··alls_found·|·len
000b71e0:·6774·6820·3d3d·2030·0a20·2077·6865·6e3a··gth·==·0.··when:000b71e0:·6774·6820·3d3d·2030·0a20·2077·6865·6e3a··gth·==·0.··when:
000b71f0:·0a20·202d·2027·2261·7564·6974·2220·696e··.··-·'"audit"·in 
000b7200:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
000b7210:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans 
000b7220:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat 
000b7230:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in· 
000b7240:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc" 
000b7250:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod 
000b7260:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container000b71f0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
 000b7200:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
 000b7210:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
 000b7220:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
 000b7230:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
 000b7240:·6f6e·7461·696e·6572·225d·0a20·202d·2027··ontainer"].··-·'
 000b7250:·2261·7564·6974·2220·696e·2061·6e73·6962··"audit"·in·ansib
 000b7260:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
000b7270:·225d·0a20·202d·2061·7564·6974·5f61·7263··"].··-·audit_arc000b7270:·7327·0a20·202d·2061·7564·6974·5f61·7263··s'.··-·audit_arc
000b7280:·6820·3d3d·2022·6236·3422·0a20·2074·6167··h·==·"b64".··tag000b7280:·6820·3d3d·2022·6236·3422·0a20·2074·6167··h·==·"b64".··tag
000b7290:·733a·0a20·202d·2043·4345·2d38·3331·3036··s:.··-·CCE-83106000b7290:·733a·0a20·202d·2043·4345·2d38·3331·3036··s:.··-·CCE-83106
000b72a0:·2d35·0a20·202d·2043·4a49·532d·352e·342e··-5.··-·CJIS-5.4.000b72a0:·2d35·0a20·202d·2043·4a49·532d·352e·342e··-5.··-·CJIS-5.4.
000b72b0:·312e·310a·2020·2d20·4449·5341·2d53·5449··1.1.··-·DISA-STI000b72b0:·312e·310a·2020·2d20·4449·5341·2d53·5449··1.1.··-·DISA-STI
000b72c0:·472d·534c·4553·2d31·322d·3032·3034·3630··G-SLES-12-020460000b72c0:·472d·534c·4553·2d31·322d·3032·3034·3630··G-SLES-12-020460
000b72d0:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17000b72d0:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17
000b72e0:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST000b72e0:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST
Offset 46924, 20 lines modifiedOffset 46924, 20 lines modified
000b74b0:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll000b74b0:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
000b74c0:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i000b74c0:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i
000b74d0:·643d·2269·646d·3136·3830·3622·3e3c·7072··d="idm16806"><pr000b74d0:·643d·2269·646d·3136·3830·3622·3e3c·7072··d="idm16806"><pr
000b74e0:·653e·3c63·6f64·653e·2320·5265·6d65·6469··e><code>#·Remedi000b74e0:·653e·3c63·6f64·653e·2320·5265·6d65·6469··e><code>#·Remedi
000b74f0:·6174·696f·6e20·6973·2061·7070·6c69·6361··ation·is·applica000b74f0:·6174·696f·6e20·6973·2061·7070·6c69·6361··ation·is·applica
000b7500:·626c·6520·6f6e·6c79·2069·6e20·6365·7274··ble·only·in·cert000b7500:·626c·6520·6f6e·6c79·2069·6e20·6365·7274··ble·only·in·cert
000b7510:·6169·6e20·706c·6174·666f·726d·730a·6966··ain·platforms.if000b7510:·6169·6e20·706c·6174·666f·726d·730a·6966··ain·platforms.if
000b7520:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q· 
000b7530:·6175·6469·7420·2661·6d70·3b26·616d·703b··audit·&amp;&amp; 
000b7540:·205b·2021·202d·6620·2f2e·646f·636b·6572···[·!·-f·/.docker000b7520:·205b·2021·202d·6620·2f2e·646f·636b·6572···[·!·-f·/.docker
000b7550:·656e·7620·5d20·2661·6d70·3b26·616d·703b··env·]·&amp;&amp;000b7530:·656e·7620·5d20·2661·6d70·3b26·616d·703b··env·]·&amp;&amp;
000b7560:·205b·2021·202d·6620·2f72·756e·2f2e·636f···[·!·-f·/run/.co000b7540:·205b·2021·202d·6620·2f72·756e·2f2e·636f···[·!·-f·/run/.co
000b7570:·6e74·6169·6e65·7265·6e76·205d·3b20·7468··ntainerenv·];·th000b7550:·6e74·6169·6e65·7265·6e76·205d·2026·616d··ntainerenv·]·&am
 000b7560:·703b·2661·6d70·3b20·7270·6d20·2d2d·7175··p;&amp;·rpm·--qu
 000b7570:·6965·7420·2d71·2061·7564·6974·3b20·7468··iet·-q·audit;·th
000b7580:·656e·0a0a·2320·4669·7273·7420·7065·7266··en..#·First·perf000b7580:·656e·0a0a·2320·4669·7273·7420·7065·7266··en..#·First·perf
000b7590:·6f72·6d20·7468·6520·7265·6d65·6469·6174··orm·the·remediat000b7590:·6f72·6d20·7468·6520·7265·6d65·6469·6174··orm·the·remediat
Max diff block lines reached; 635403/644917 bytes (98.52%) of diff not shown.
182 KB
html2text {}
    
Offset 42, 15 lines modifiedOffset 42, 15 lines modified
42 Profile·Title·CIS·SUSE·Linux·Enterprise·12·Benchmark·for·Level·2·-·Server42 Profile·Title·CIS·SUSE·Linux·Enterprise·12·Benchmark·for·Level·2·-·Server
43 Profile·ID····xccdf_org.ssgproject.content_profile_cis43 Profile·ID····xccdf_org.ssgproject.content_profile_cis
44 ***·CPE·Platforms·***44 ***·CPE·Platforms·***
45 ····*·cpe:/o:suse:linux_enterprise_desktop:1245 ····*·cpe:/o:suse:linux_enterprise_desktop:12
46 ····*·cpe:/o:suse:linux_enterprise_server:1246 ····*·cpe:/o:suse:linux_enterprise_server:12
47 *****·Revision·History·*****47 *****·Revision·History·*****
48 Current·version:·0.1.6548 Current·version:·0.1.65
49 ····*·draft·(as·of·2024-01-14)49 ····*·draft·(as·of·2025-02-15)
50 *****·Table·of·Contents·*****50 *****·Table·of·Contents·*****
51 ···1.·System_Settings51 ···1.·System_Settings
52 ·········1.·Installing_and_Maintaining_Software52 ·········1.·Installing_and_Maintaining_Software
53 ·········2.·Account_and_Access_Control53 ·········2.·Account_and_Access_Control
54 ·········3.·System_Accounting_with_auditd54 ·········3.·System_Accounting_with_auditd
55 ·········4.·AppArmor55 ·········4.·AppArmor
56 ·········5.·GRUB2_bootloader_configuration56 ·········5.·GRUB2_bootloader_configuration
Offset 5174, 16 lines modifiedOffset 5174, 16 lines modified
5174 ··-·reboot_required5174 ··-·reboot_required
5175 ··-·restrict_strategy5175 ··-·restrict_strategy
  
5176 -·name:·Set·architecture·for·audit·chmod·tasks5176 -·name:·Set·architecture·for·audit·chmod·tasks
5177 ··set_fact:5177 ··set_fact:
5178 ····audit_arch:·b645178 ····audit_arch:·b64
5179 ··when:5179 ··when:
5180 ··-·'"audit"·in·ansible_facts.packages' 
5181 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5180 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5181 ··-·'"audit"·in·ansible_facts.packages'
5182 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture5182 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
5183 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"5183 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
5184 ··tags:5184 ··tags:
5185 ··-·CCE-83106-55185 ··-·CCE-83106-5
5186 ··-·CJIS-5.4.1.15186 ··-·CJIS-5.4.1.1
5187 ··-·DISA-STIG-SLES-12-0204605187 ··-·DISA-STIG-SLES-12-020460
5188 ··-·NIST-800-171-3.1.75188 ··-·NIST-800-171-3.1.7
Offset 5321, 16 lines modifiedOffset 5321, 16 lines modified
5321 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10005321 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
5322 ········-F·auid!=unset·-F·key=perm_mod5322 ········-F·auid!=unset·-F·key=perm_mod
5323 ······create:·true5323 ······create:·true
5324 ······mode:·o-rwx5324 ······mode:·o-rwx
5325 ······state:·present5325 ······state:·present
5326 ····when:·syscalls_found·|·length·==·05326 ····when:·syscalls_found·|·length·==·0
5327 ··when:5327 ··when:
5328 ··-·'"audit"·in·ansible_facts.packages' 
5329 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5328 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5329 ··-·'"audit"·in·ansible_facts.packages'
5330 ··tags:5330 ··tags:
5331 ··-·CCE-83106-55331 ··-·CCE-83106-5
5332 ··-·CJIS-5.4.1.15332 ··-·CJIS-5.4.1.1
5333 ··-·DISA-STIG-SLES-12-0204605333 ··-·DISA-STIG-SLES-12-020460
5334 ··-·NIST-800-171-3.1.75334 ··-·NIST-800-171-3.1.7
5335 ··-·NIST-800-53-AU-12(c)5335 ··-·NIST-800-53-AU-12(c)
5336 ··-·NIST-800-53-AU-2(d)5336 ··-·NIST-800-53-AU-2(d)
Offset 5466, 16 lines modifiedOffset 5466, 16 lines modified
5466 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10005466 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
5467 ········-F·auid!=unset·-F·key=perm_mod5467 ········-F·auid!=unset·-F·key=perm_mod
5468 ······create:·true5468 ······create:·true
5469 ······mode:·o-rwx5469 ······mode:·o-rwx
5470 ······state:·present5470 ······state:·present
5471 ····when:·syscalls_found·|·length·==·05471 ····when:·syscalls_found·|·length·==·0
5472 ··when:5472 ··when:
5473 ··-·'"audit"·in·ansible_facts.packages' 
5474 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5473 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5474 ··-·'"audit"·in·ansible_facts.packages'
5475 ··-·audit_arch·==·"b64"5475 ··-·audit_arch·==·"b64"
5476 ··tags:5476 ··tags:
5477 ··-·CCE-83106-55477 ··-·CCE-83106-5
5478 ··-·CJIS-5.4.1.15478 ··-·CJIS-5.4.1.1
5479 ··-·DISA-STIG-SLES-12-0204605479 ··-·DISA-STIG-SLES-12-020460
5480 ··-·NIST-800-171-3.1.75480 ··-·NIST-800-171-3.1.7
5481 ··-·NIST-800-53-AU-12(c)5481 ··-·NIST-800-53-AU-12(c)
Offset 5486, 15 lines modifiedOffset 5486, 15 lines modified
5486 ··-·low_complexity5486 ··-·low_complexity
5487 ··-·low_disruption5487 ··-·low_disruption
5488 ··-·medium_severity5488 ··-·medium_severity
5489 ··-·reboot_required5489 ··-·reboot_required
5490 ··-·restrict_strategy5490 ··-·restrict_strategy
5491 Remediation_Shell_script_⇲5491 Remediation_Shell_script_⇲
5492 #·Remediation·is·applicable·only·in·certain·platforms5492 #·Remediation·is·applicable·only·in·certain·platforms
5493 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then5493 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
5494 #·First·perform·the·remediation·of·the·syscall·rule5494 #·First·perform·the·remediation·of·the·syscall·rule
5495 #·Retrieve·hardware·architecture·of·the·underlying·system5495 #·Retrieve·hardware·architecture·of·the·underlying·system
5496 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")5496 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
5497 for·ARCH·in·"${RULE_ARCHS[@]}"5497 for·ARCH·in·"${RULE_ARCHS[@]}"
5498 do5498 do
Offset 5888, 16 lines modifiedOffset 5888, 16 lines modified
5888 ··-·reboot_required5888 ··-·reboot_required
5889 ··-·restrict_strategy5889 ··-·restrict_strategy
  
5890 -·name:·Set·architecture·for·audit·chown·tasks5890 -·name:·Set·architecture·for·audit·chown·tasks
5891 ··set_fact:5891 ··set_fact:
5892 ····audit_arch:·b645892 ····audit_arch:·b64
5893 ··when:5893 ··when:
5894 ··-·'"audit"·in·ansible_facts.packages' 
5895 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5894 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5895 ··-·'"audit"·in·ansible_facts.packages'
5896 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture5896 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
5897 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"5897 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
5898 ··tags:5898 ··tags:
5899 ··-·CCE-83137-05899 ··-·CCE-83137-0
5900 ··-·CJIS-5.4.1.15900 ··-·CJIS-5.4.1.1
5901 ··-·DISA-STIG-SLES-12-0204205901 ··-·DISA-STIG-SLES-12-020420
5902 ··-·NIST-800-171-3.1.75902 ··-·NIST-800-171-3.1.7
Offset 6037, 16 lines modifiedOffset 6037, 16 lines modified
6037 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10006037 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
6038 ········-F·auid!=unset·-F·key=perm_mod6038 ········-F·auid!=unset·-F·key=perm_mod
6039 ······create:·true6039 ······create:·true
6040 ······mode:·o-rwx6040 ······mode:·o-rwx
6041 ······state:·present6041 ······state:·present
6042 ····when:·syscalls_found·|·length·==·06042 ····when:·syscalls_found·|·length·==·0
6043 ··when:6043 ··when:
6044 ··-·'"audit"·in·ansible_facts.packages' 
6045 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]6044 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 6045 ··-·'"audit"·in·ansible_facts.packages'
6046 ··tags:6046 ··tags:
6047 ··-·CCE-83137-06047 ··-·CCE-83137-0
6048 ··-·CJIS-5.4.1.16048 ··-·CJIS-5.4.1.1
6049 ··-·DISA-STIG-SLES-12-0204206049 ··-·DISA-STIG-SLES-12-020420
6050 ··-·NIST-800-171-3.1.76050 ··-·NIST-800-171-3.1.7
6051 ··-·NIST-800-53-AU-12(c)6051 ··-·NIST-800-53-AU-12(c)
6052 ··-·NIST-800-53-AU-2(d)6052 ··-·NIST-800-53-AU-2(d)
Offset 6184, 16 lines modifiedOffset 6184, 16 lines modified
6184 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10006184 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
6185 ········-F·auid!=unset·-F·key=perm_mod6185 ········-F·auid!=unset·-F·key=perm_mod
6186 ······create:·true6186 ······create:·true
6187 ······mode:·o-rwx6187 ······mode:·o-rwx
6188 ······state:·present6188 ······state:·present
Max diff block lines reached; 182042/186527 bytes (97.60%) of diff not shown.
23.8 KB
./usr/share/doc/ssg-nondebian/ssg-sle12-guide-cis_server_l1.html
    
Offset 14312, 15 lines modifiedOffset 14312, 15 lines modified
00037e70:·6f72·793c·2f68·323e·3c70·3e43·7572·7265··ory</h2><p>Curre00037e70:·6f72·793c·2f68·323e·3c70·3e43·7572·7265··ory</h2><p>Curre
00037e80:·6e74·2076·6572·7369·6f6e·3a20·3c73·7472··nt·version:·<str00037e80:·6e74·2076·6572·7369·6f6e·3a20·3c73·7472··nt·version:·<str
00037e90:·6f6e·673e·302e·312e·3635·3c2f·7374·726f··ong>0.1.65</stro00037e90:·6f6e·673e·302e·312e·3635·3c2f·7374·726f··ong>0.1.65</stro
00037ea0:·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c··ng></p><ul><li><00037ea0:·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c··ng></p><ul><li><
00037eb0:·7374·726f·6e67·3e64·7261·6674·3c2f·7374··strong>draft</st00037eb0:·7374·726f·6e67·3e64·7261·6674·3c2f·7374··strong>draft</st
00037ec0:·726f·6e67·3e0a·2020·2020·2020·2020·2020··rong>.··········00037ec0:·726f·6e67·3e0a·2020·2020·2020·2020·2020··rong>.··········
00037ed0:·2020·2020·2020·2020·2020·2861·7320·6f66············(as·of00037ed0:·2020·2020·2020·2020·2020·2861·7320·6f66············(as·of
00037ee0:·2032·3032·342d·3031·2d31·3429·0a20·2020···2024-01-14).···00037ee0:·2032·3032·352d·3032·2d31·3529·0a20·2020···2025-02-15).···
00037ef0:·2020·2020·2020·2020·2020·2020·203c·2f6c···············</l00037ef0:·2020·2020·2020·2020·2020·2020·203c·2f6c···············</l
00037f00:·693e·3c2f·756c·3e3c·2f64·6976·3e3c·6832··i></ul></div><h200037f00:·693e·3c2f·756c·3e3c·2f64·6976·3e3c·6832··i></ul></div><h2
00037f10:·3e54·6162·6c65·206f·6620·436f·6e74·656e··>Table·of·Conten00037f10:·3e54·6162·6c65·206f·6620·436f·6e74·656e··>Table·of·Conten
00037f20:·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c··ts</h2><ol><li><00037f20:·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c··ts</h2><ol><li><
00037f30:·6120·6872·6566·3d22·2378·6363·6466·5f6f··a·href="#xccdf_o00037f30:·6120·6872·6566·3d22·2378·6363·6466·5f6f··a·href="#xccdf_o
00037f40:·7267·2e73·7367·7072·6f6a·6563·742e·636f··rg.ssgproject.co00037f40:·7267·2e73·7367·7072·6f6a·6563·742e·636f··rg.ssgproject.co
00037f50:·6e74·656e·745f·6772·6f75·705f·7379·7374··ntent_group_syst00037f50:·6e74·656e·745f·6772·6f75·705f·7379·7374··ntent_group_syst
Offset 43993, 22 lines modifiedOffset 43993, 22 lines modified
000abd80:·6e61·6d65·3a20·5465·7374·2066·6f72·2065··name:·Test·for·e000abd80:·6e61·6d65·3a20·5465·7374·2066·6f72·2065··name:·Test·for·e
000abd90:·7869·7374·656e·6365·202f·626f·6f74·2f67··xistence·/boot/g000abd90:·7869·7374·656e·6365·202f·626f·6f74·2f67··xistence·/boot/g
000abda0:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··000abda0:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··
000abdb0:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:·000abdb0:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:·
000abdc0:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub000abdc0:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
000abdd0:·2e63·6667·0a20·2072·6567·6973·7465·723a··.cfg.··register:000abdd0:·2e63·6667·0a20·2072·6567·6973·7465·723a··.cfg.··register:
000abde0:·2066·696c·655f·6578·6973·7473·0a20·2077···file_exists.··w000abde0:·2066·696c·655f·6578·6973·7473·0a20·2077···file_exists.··w
000abdf0:·6865·6e3a·0a20·202d·2027·222f·626f·6f74··hen:.··-·'"/boot000abdf0:·6865·6e3a·0a20·202d·2027·2267·7275·6232··hen:.··-·'"grub2
000abe00:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans 
000abe10:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma 
000abe20:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou 
000abe30:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··- 
000abe40:·2027·2267·7275·6232·2220·696e·2061·6e73···'"grub2"·in·ans 
000abe50:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa000abe00:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
 000abe10:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-
 000abe20:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no
 000abe30:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou
 000abe40:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib
 000abe50:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l
000abe60:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible000abe60:·6973·7427·0a20·202d·2061·6e73·6962·6c65··ist'.··-·ansible
000abe70:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_000abe70:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
000abe80:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do000abe80:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
000abe90:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o000abe90:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
000abea0:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"000abea0:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
000abeb0:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·000abeb0:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
000abec0:·2074·6167·733a·0a20·202d·2043·4345·2d39···tags:.··-·CCE-9000abec0:·2074·6167·733a·0a20·202d·2043·4345·2d39···tags:.··-·CCE-9
000abed0:·3136·3233·2d39·0a20·202d·2043·4a49·532d··1623-9.··-·CJIS-000abed0:·3136·3233·2d39·0a20·202d·2043·4a49·532d··1623-9.··-·CJIS-
Offset 44030, 21 lines modifiedOffset 44030, 21 lines modified
000abfd0:·456e·7375·7265·2067·726f·7570·206f·776e··Ensure·group·own000abfd0:·456e·7375·7265·2067·726f·7570·206f·776e··Ensure·group·own
000abfe0:·6572·2030·206f·6e20·2f62·6f6f·742f·6772··er·0·on·/boot/gr000abfe0:·6572·2030·206f·6e20·2f62·6f6f·742f·6772··er·0·on·/boot/gr
000abff0:·7562·322f·6772·7562·2e63·6667·0a20·2066··ub2/grub.cfg.··f000abff0:·7562·322f·6772·7562·2e63·6667·0a20·2066··ub2/grub.cfg.··f
000ac000:·696c·653a·0a20·2020·2070·6174·683a·202f··ile:.····path:·/000ac000:·696c·653a·0a20·2020·2070·6174·683a·202f··ile:.····path:·/
000ac010:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.000ac010:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
000ac020:·6366·670a·2020·2020·6772·6f75·703a·2027··cfg.····group:·'000ac020:·6366·670a·2020·2020·6772·6f75·703a·2027··cfg.····group:·'
000ac030:·3027·0a20·2077·6865·6e3a·0a20·202d·2027··0'.··when:.··-·'000ac030:·3027·0a20·2077·6865·6e3a·0a20·202d·2027··0'.··when:.··-·'
000ac040:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not· 
000ac050:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount 
000ac060:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut 
000ac070:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis 
000ac080:·7427·0a20·202d·2027·2267·7275·6232·2220··t'.··-·'"grub2"· 
000ac090:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
000ac0a0:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a000ac040:·2267·7275·6232·2220·696e·2061·6e73·6962··"grub2"·in·ansib
 000ac050:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
 000ac060:·7327·0a20·202d·2027·222f·626f·6f74·2f65··s'.··-·'"/boot/e
 000ac070:·6669·2220·6e6f·7420·696e·2061·6e73·6962··fi"·not·in·ansib
 000ac080:·6c65·5f6d·6f75·6e74·7320·7c20·6d61·7028··le_mounts·|·map(
 000ac090:·6174·7472·6962·7574·653d·226d·6f75·6e74··attribute="mount
 000ac0a0:·2229·207c·206c·6973·7427·0a20·202d·2061··")·|·list'.··-·a
000ac0b0:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz000ac0b0:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
000ac0c0:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i000ac0c0:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
000ac0d0:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx000ac0d0:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
000ac0e0:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p000ac0e0:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
000ac0f0:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain000ac0f0:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
000ac100:·6572·225d·0a20·202d·2066·696c·655f·6578··er"].··-·file_ex000ac100:·6572·225d·0a20·202d·2066·696c·655f·6578··er"].··-·file_ex
000ac110:·6973·7473·2e73·7461·7420·6973·2064·6566··ists.stat·is·def000ac110:·6973·7473·2e73·7461·7420·6973·2064·6566··ists.stat·is·def
Offset 44096, 18 lines modifiedOffset 44096, 18 lines modified
000ac3f0:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td000ac3f0:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td
000ac400:·3e63·6f6e·6669·6775·7265·3c2f·7464·3e3c··>configure</td><000ac400:·3e63·6f6e·6669·6775·7265·3c2f·7464·3e3c··>configure</td><
000ac410:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre000ac410:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre
000ac420:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia000ac420:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia
000ac430:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab000ac430:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab
000ac440:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa000ac440:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa
000ac450:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·000ac450:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·
 000ac460:·7270·6d20·2d2d·7175·6965·7420·2d71·2067··rpm·--quiet·-q·g
 000ac470:·7275·6232·2026·616d·703b·2661·6d70·3b20··rub2·&amp;&amp;·
000ac460:·5b20·2120·2d66·202f·7379·732f·6669·726d··[·!·-f·/sys/firm000ac480:·5b20·2120·2d66·202f·7379·732f·6669·726d··[·!·-f·/sys/firm
000ac470:·7761·7265·2f65·6669·205d·2026·616d·703b··ware/efi·]·&amp;000ac490:·7761·7265·2f65·6669·205d·2026·616d·703b··ware/efi·]·&amp;
000ac480:·2661·6d70·3b20·7270·6d20·2d2d·7175·6965··&amp;·rpm·--quie 
000ac490:·7420·2d71·2067·7275·6232·2026·616d·703b··t·-q·grub2·&amp; 
000ac4a0:·2661·6d70·3b20·7b20·5b20·2120·2d66·202f··&amp;·{·[·!·-f·/000ac4a0:·2661·6d70·3b20·7b20·5b20·2120·2d66·202f··&amp;·{·[·!·-f·/
000ac4b0:·2e64·6f63·6b65·7265·6e76·205d·2026·616d··.dockerenv·]·&am000ac4b0:·2e64·6f63·6b65·7265·6e76·205d·2026·616d··.dockerenv·]·&am
000ac4c0:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/000ac4c0:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/
000ac4d0:·7275·6e2f·2e63·6f6e·7461·696e·6572·656e··run/.containeren000ac4d0:·7275·6e2f·2e63·6f6e·7461·696e·6572·656e··run/.containeren
000ac4e0:·7620·5d3b·207d·3b20·7468·656e·0a0a·6368··v·];·};·then..ch000ac4e0:·7620·5d3b·207d·3b20·7468·656e·0a0a·6368··v·];·};·then..ch
000ac4f0:·6772·7020·3020·2f62·6f6f·742f·6772·7562··grp·0·/boot/grub000ac4f0:·6772·7020·3020·2f62·6f6f·742f·6772·7562··grp·0·/boot/grub
000ac500:·322f·6772·7562·2e63·6667·0a0a·656c·7365··2/grub.cfg..else000ac500:·322f·6772·7562·2e63·6667·0a0a·656c·7365··2/grub.cfg..else
Offset 44605, 21 lines modifiedOffset 44605, 21 lines modified
000ae3c0:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc000ae3c0:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc
000ae3d0:·6520·2f62·6f6f·742f·6772·7562·322f·6772··e·/boot/grub2/gr000ae3d0:·6520·2f62·6f6f·742f·6772·7562·322f·6772··e·/boot/grub2/gr
000ae3e0:·7562·2e63·6667·0a20·2073·7461·743a·0a20··ub.cfg.··stat:.·000ae3e0:·7562·2e63·6667·0a20·2073·7461·743a·0a20··ub.cfg.··stat:.·
000ae3f0:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g000ae3f0:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g
000ae400:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··000ae400:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··
000ae410:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e000ae410:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e
000ae420:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··000ae420:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··
000ae430:·2d20·2722·2f62·6f6f·742f·6566·6922·206e··-·'"/boot/efi"·n 
000ae440:·6f74·2069·6e20·616e·7369·626c·655f·6d6f··ot·in·ansible_mo 
000ae450:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri 
000ae460:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|· 
000ae470:·6c69·7374·270a·2020·2d20·2722·6772·7562··list'.··-·'"grub 
000ae480:·3222·2069·6e20·616e·7369·626c·655f·6661··2"·in·ansible_fa 
000ae490:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··000ae430:·2d20·2722·6772·7562·3222·2069·6e20·616e··-·'"grub2"·in·an
 000ae440:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
 000ae450:·6167·6573·270a·2020·2d20·2722·2f62·6f6f··ages'.··-·'"/boo
 000ae460:·742f·6566·6922·206e·6f74·2069·6e20·616e··t/efi"·not·in·an
 000ae470:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m
 000ae480:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo
 000ae490:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.··
000ae4a0:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua000ae4a0:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
000ae4b0:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no000ae4b0:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
000ae4c0:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·000ae4c0:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
000ae4d0:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",000ae4d0:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
000ae4e0:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont000ae4e0:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
000ae4f0:·6169·6e65·7222·5d0a·2020·7461·6773·3a0a··ainer"].··tags:.000ae4f0:·6169·6e65·7222·5d0a·2020·7461·6773·3a0a··ainer"].··tags:.
000ae500:·2020·2d20·4343·452d·3931·3632·342d·370a····-·CCE-91624-7.000ae500:·2020·2d20·4343·452d·3931·3632·342d·370a····-·CCE-91624-7.
Offset 44640, 22 lines modifiedOffset 44640, 22 lines modified
000ae5f0:·6f6f·745f·6e65·6564·6564·0a0a·2d20·6e61··oot_needed..-·na000ae5f0:·6f6f·745f·6e65·6564·6564·0a0a·2d20·6e61··oot_needed..-·na
000ae600:·6d65·3a20·456e·7375·7265·206f·776e·6572··me:·Ensure·owner000ae600:·6d65·3a20·456e·7375·7265·206f·776e·6572··me:·Ensure·owner
000ae610:·2030·206f·6e20·2f62·6f6f·742f·6772·7562···0·on·/boot/grub000ae610:·2030·206f·6e20·2f62·6f6f·742f·6772·7562···0·on·/boot/grub
000ae620:·322f·6772·7562·2e63·6667·0a20·2066·696c··2/grub.cfg.··fil000ae620:·322f·6772·7562·2e63·6667·0a20·2066·696c··2/grub.cfg.··fil
000ae630:·653a·0a20·2020·2070·6174·683a·202f·626f··e:.····path:·/bo000ae630:·653a·0a20·2020·2070·6174·683a·202f·626f··e:.····path:·/bo
000ae640:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf000ae640:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
Max diff block lines reached; 9143/18338 bytes (49.86%) of diff not shown.
5.73 KB
html2text {}
    
Offset 42, 15 lines modifiedOffset 42, 15 lines modified
42 Profile·Title·CIS·SUSE·Linux·Enterprise·12·Benchmark·for·Level·1·-·Server42 Profile·Title·CIS·SUSE·Linux·Enterprise·12·Benchmark·for·Level·1·-·Server
43 Profile·ID····xccdf_org.ssgproject.content_profile_cis_server_l143 Profile·ID····xccdf_org.ssgproject.content_profile_cis_server_l1
44 ***·CPE·Platforms·***44 ***·CPE·Platforms·***
45 ····*·cpe:/o:suse:linux_enterprise_desktop:1245 ····*·cpe:/o:suse:linux_enterprise_desktop:12
46 ····*·cpe:/o:suse:linux_enterprise_server:1246 ····*·cpe:/o:suse:linux_enterprise_server:12
47 *****·Revision·History·*****47 *****·Revision·History·*****
48 Current·version:·0.1.6548 Current·version:·0.1.65
49 ····*·draft·(as·of·2024-01-14)49 ····*·draft·(as·of·2025-02-15)
50 *****·Table·of·Contents·*****50 *****·Table·of·Contents·*****
51 ···1.·System_Settings51 ···1.·System_Settings
52 ·········1.·Installing_and_Maintaining_Software52 ·········1.·Installing_and_Maintaining_Software
53 ·········2.·Account_and_Access_Control53 ·········2.·Account_and_Access_Control
54 ·········3.·AppArmor54 ·········3.·AppArmor
55 ·········4.·GRUB2_bootloader_configuration55 ·········4.·GRUB2_bootloader_configuration
56 ·········5.·Configure_Syslog56 ·········5.·Configure_Syslog
Offset 5057, 16 lines modifiedOffset 5057, 16 lines modified
5057 ··-·no_reboot_needed5057 ··-·no_reboot_needed
  
5058 -·name:·Test·for·existence·/boot/grub2/grub.cfg5058 -·name:·Test·for·existence·/boot/grub2/grub.cfg
5059 ··stat:5059 ··stat:
5060 ····path:·/boot/grub2/grub.cfg5060 ····path:·/boot/grub2/grub.cfg
5061 ··register:·file_exists5061 ··register:·file_exists
5062 ··when:5062 ··when:
5063 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5064 ··-·'"grub2"·in·ansible_facts.packages'5063 ··-·'"grub2"·in·ansible_facts.packages'
 5064 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5065 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5065 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5066 ··tags:5066 ··tags:
5067 ··-·CCE-91623-95067 ··-·CCE-91623-9
5068 ··-·CJIS-5.5.2.25068 ··-·CJIS-5.5.2.2
5069 ··-·NIST-800-171-3.4.55069 ··-·NIST-800-171-3.4.5
5070 ··-·NIST-800-53-AC-6(1)5070 ··-·NIST-800-53-AC-6(1)
5071 ··-·NIST-800-53-CM-6(a)5071 ··-·NIST-800-53-CM-6(a)
Offset 5079, 16 lines modifiedOffset 5079, 16 lines modified
5079 ··-·no_reboot_needed5079 ··-·no_reboot_needed
  
5080 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg5080 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
5081 ··file:5081 ··file:
5082 ····path:·/boot/grub2/grub.cfg5082 ····path:·/boot/grub2/grub.cfg
5083 ····group:·'0'5083 ····group:·'0'
5084 ··when:5084 ··when:
5085 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5086 ··-·'"grub2"·in·ansible_facts.packages'5085 ··-·'"grub2"·in·ansible_facts.packages'
 5086 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5087 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5087 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5088 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists5088 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
5089 ··tags:5089 ··tags:
5090 ··-·CCE-91623-95090 ··-·CCE-91623-9
5091 ··-·CJIS-5.5.2.25091 ··-·CJIS-5.5.2.2
5092 ··-·NIST-800-171-3.4.55092 ··-·NIST-800-171-3.4.5
5093 ··-·NIST-800-53-AC-6(1)5093 ··-·NIST-800-53-AC-6(1)
Offset 5101, 15 lines modifiedOffset 5101, 15 lines modified
5101 ··-·medium_severity5101 ··-·medium_severity
5102 ··-·no_reboot_needed5102 ··-·no_reboot_needed
5103 Remediation_Shell_script_⇲5103 Remediation_Shell_script_⇲
5104 Complexity:·low5104 Complexity:·low
5105 Disruption:·low5105 Disruption:·low
5106 Strategy:···configure5106 Strategy:···configure
5107 #·Remediation·is·applicable·only·in·certain·platforms5107 #·Remediation·is·applicable·only·in·certain·platforms
5108 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];5108 if·rpm·--quiet·-q·grub2·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];
5109 };·then5109 };·then
  
5110 chgrp·0·/boot/grub2/grub.cfg5110 chgrp·0·/boot/grub2/grub.cfg
  
5111 else5111 else
5112 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'5112 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
5113 fi5113 fi
Offset 5150, 16 lines modifiedOffset 5150, 16 lines modified
5150 ··-·no_reboot_needed5150 ··-·no_reboot_needed
  
5151 -·name:·Test·for·existence·/boot/grub2/grub.cfg5151 -·name:·Test·for·existence·/boot/grub2/grub.cfg
5152 ··stat:5152 ··stat:
5153 ····path:·/boot/grub2/grub.cfg5153 ····path:·/boot/grub2/grub.cfg
5154 ··register:·file_exists5154 ··register:·file_exists
5155 ··when:5155 ··when:
5156 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5157 ··-·'"grub2"·in·ansible_facts.packages'5156 ··-·'"grub2"·in·ansible_facts.packages'
 5157 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5158 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5158 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5159 ··tags:5159 ··tags:
5160 ··-·CCE-91624-75160 ··-·CCE-91624-7
5161 ··-·CJIS-5.5.2.25161 ··-·CJIS-5.5.2.2
5162 ··-·NIST-800-171-3.4.55162 ··-·NIST-800-171-3.4.5
5163 ··-·NIST-800-53-AC-6(1)5163 ··-·NIST-800-53-AC-6(1)
5164 ··-·NIST-800-53-CM-6(a)5164 ··-·NIST-800-53-CM-6(a)
Offset 5172, 16 lines modifiedOffset 5172, 16 lines modified
5172 ··-·no_reboot_needed5172 ··-·no_reboot_needed
  
5173 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg5173 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
5174 ··file:5174 ··file:
5175 ····path:·/boot/grub2/grub.cfg5175 ····path:·/boot/grub2/grub.cfg
5176 ····owner:·'0'5176 ····owner:·'0'
5177 ··when:5177 ··when:
5178 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5179 ··-·'"grub2"·in·ansible_facts.packages'5178 ··-·'"grub2"·in·ansible_facts.packages'
 5179 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5180 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5180 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5181 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists5181 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
5182 ··tags:5182 ··tags:
5183 ··-·CCE-91624-75183 ··-·CCE-91624-7
5184 ··-·CJIS-5.5.2.25184 ··-·CJIS-5.5.2.2
5185 ··-·NIST-800-171-3.4.55185 ··-·NIST-800-171-3.4.5
5186 ··-·NIST-800-53-AC-6(1)5186 ··-·NIST-800-53-AC-6(1)
Offset 5194, 15 lines modifiedOffset 5194, 15 lines modified
5194 ··-·medium_severity5194 ··-·medium_severity
5195 ··-·no_reboot_needed5195 ··-·no_reboot_needed
5196 Remediation_Shell_script_⇲5196 Remediation_Shell_script_⇲
5197 Complexity:·low5197 Complexity:·low
5198 Disruption:·low5198 Disruption:·low
5199 Strategy:···configure5199 Strategy:···configure
5200 #·Remediation·is·applicable·only·in·certain·platforms5200 #·Remediation·is·applicable·only·in·certain·platforms
5201 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];5201 if·rpm·--quiet·-q·grub2·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];
5202 };·then5202 };·then
  
5203 chown·0·/boot/grub2/grub.cfg5203 chown·0·/boot/grub2/grub.cfg
  
5204 else5204 else
5205 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'5205 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
5206 fi5206 fi
Offset 5239, 16 lines modifiedOffset 5239, 16 lines modified
5239 ··-·no_reboot_needed5239 ··-·no_reboot_needed
  
5240 -·name:·Test·for·existence·/boot/grub2/grub.cfg5240 -·name:·Test·for·existence·/boot/grub2/grub.cfg
5241 ··stat:5241 ··stat:
5242 ····path:·/boot/grub2/grub.cfg5242 ····path:·/boot/grub2/grub.cfg
5243 ··register:·file_exists5243 ··register:·file_exists
5244 ··when:5244 ··when:
Max diff block lines reached; 1495/5846 bytes (25.57%) of diff not shown.
23.4 KB
./usr/share/doc/ssg-nondebian/ssg-sle12-guide-cis_workstation_l1.html
    
Offset 14313, 15 lines modifiedOffset 14313, 15 lines modified
00037e80:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C00037e80:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C
00037e90:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·00037e90:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·
00037ea0:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</00037ea0:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</
00037eb0:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><00037eb0:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><
00037ec0:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft00037ec0:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft
00037ed0:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······00037ed0:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······
00037ee0:·2020·2020·2020·2020·2020·2020·2020·2861················(a00037ee0:·2020·2020·2020·2020·2020·2020·2020·2861················(a
00037ef0:·7320·6f66·2032·3032·342d·3031·2d31·3429··s·of·2024-01-14)00037ef0:·7320·6f66·2032·3032·352d·3032·2d31·3529··s·of·2025-02-15)
00037f00:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············00037f00:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············
00037f10:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div00037f10:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div
00037f20:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co00037f20:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co
00037f30:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><00037f30:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><
00037f40:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc00037f40:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc
00037f50:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec00037f50:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec
00037f60:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_00037f60:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_
Offset 43984, 22 lines modifiedOffset 43984, 22 lines modified
000abcf0:·0a0a·2d20·6e61·6d65·3a20·5465·7374·2066··..-·name:·Test·f000abcf0:·0a0a·2d20·6e61·6d65·3a20·5465·7374·2066··..-·name:·Test·f
000abd00:·6f72·2065·7869·7374·656e·6365·202f·626f··or·existence·/bo000abd00:·6f72·2065·7869·7374·656e·6365·202f·626f··or·existence·/bo
000abd10:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf000abd10:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
000abd20:·670a·2020·7374·6174·3a0a·2020·2020·7061··g.··stat:.····pa000abd20:·670a·2020·7374·6174·3a0a·2020·2020·7061··g.··stat:.····pa
000abd30:·7468·3a20·2f62·6f6f·742f·6772·7562·322f··th:·/boot/grub2/000abd30:·7468·3a20·2f62·6f6f·742f·6772·7562·322f··th:·/boot/grub2/
000abd40:·6772·7562·2e63·6667·0a20·2072·6567·6973··grub.cfg.··regis000abd40:·6772·7562·2e63·6667·0a20·2072·6567·6973··grub.cfg.··regis
000abd50:·7465·723a·2066·696c·655f·6578·6973·7473··ter:·file_exists000abd50:·7465·723a·2066·696c·655f·6578·6973·7473··ter:·file_exists
000abd60:·0a20·2077·6865·6e3a·0a20·202d·2027·222f··.··when:.··-·'"/000abd60:·0a20·2077·6865·6e3a·0a20·202d·2027·2267··.··when:.··-·'"g
000abd70:·626f·6f74·2f65·6669·2220·6e6f·7420·696e··boot/efi"·not·in 
000abd80:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts· 
000abd90:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute= 
000abda0:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list' 
000abdb0:·0a20·202d·2027·2267·7275·6232·2220·696e··.··-·'"grub2"·in 
000abdc0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
000abdd0:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans000abd70:·7275·6232·2220·696e·2061·6e73·6962·6c65··rub2"·in·ansible
 000abd80:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 000abd90:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi
 000abda0:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible
 000abdb0:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at
 000abdc0:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount")
 000abdd0:·207c·206c·6973·7427·0a20·202d·2061·6e73···|·list'.··-·ans
000abde0:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat000abde0:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
000abdf0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·000abdf0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
000abe00:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"000abe00:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
000abe10:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod000abe10:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
000abe20:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container000abe20:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
000abe30:·225d·0a20·2074·6167·733a·0a20·202d·2043··"].··tags:.··-·C000abe30:·225d·0a20·2074·6167·733a·0a20·202d·2043··"].··tags:.··-·C
000abe40:·4345·2d39·3136·3233·2d39·0a20·202d·2043··CE-91623-9.··-·C000abe40:·4345·2d39·3136·3233·2d39·0a20·202d·2043··CE-91623-9.··-·C
Offset 44021, 21 lines modifiedOffset 44021, 21 lines modified
000abf40:·6d65·3a20·456e·7375·7265·2067·726f·7570··me:·Ensure·group000abf40:·6d65·3a20·456e·7375·7265·2067·726f·7570··me:·Ensure·group
000abf50:·206f·776e·6572·2030·206f·6e20·2f62·6f6f···owner·0·on·/boo000abf50:·206f·776e·6572·2030·206f·6e20·2f62·6f6f···owner·0·on·/boo
000abf60:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg000abf60:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg
000abf70:·0a20·2066·696c·653a·0a20·2020·2070·6174··.··file:.····pat000abf70:·0a20·2066·696c·653a·0a20·2020·2070·6174··.··file:.····pat
000abf80:·683a·202f·626f·6f74·2f67·7275·6232·2f67··h:·/boot/grub2/g000abf80:·683a·202f·626f·6f74·2f67·7275·6232·2f67··h:·/boot/grub2/g
000abf90:·7275·622e·6366·670a·2020·2020·6772·6f75··rub.cfg.····grou000abf90:·7275·622e·6366·670a·2020·2020·6772·6f75··rub.cfg.····grou
000abfa0:·703a·2027·3027·0a20·2077·6865·6e3a·0a20··p:·'0'.··when:.·000abfa0:·703a·2027·3027·0a20·2077·6865·6e3a·0a20··p:·'0'.··when:.·
000abfb0:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"· 
000abfc0:·6e6f·7420·696e·2061·6e73·6962·6c65·5f6d··not·in·ansible_m 
000abfd0:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr 
000abfe0:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·| 
000abff0:·206c·6973·7427·0a20·202d·2027·2267·7275···list'.··-·'"gru 
000ac000:·6232·2220·696e·2061·6e73·6962·6c65·5f66··b2"·in·ansible_f 
000ac010:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·000abfb0:·202d·2027·2267·7275·6232·2220·696e·2061···-·'"grub2"·in·a
 000abfc0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
 000abfd0:·6b61·6765·7327·0a20·202d·2027·222f·626f··kages'.··-·'"/bo
 000abfe0:·6f74·2f65·6669·2220·6e6f·7420·696e·2061··ot/efi"·not·in·a
 000abff0:·6e73·6962·6c65·5f6d·6f75·6e74·7320·7c20··nsible_mounts·|·
 000ac000:·6d61·7028·6174·7472·6962·7574·653d·226d··map(attribute="m
 000ac010:·6f75·6e74·2229·207c·206c·6973·7427·0a20··ount")·|·list'.·
000ac020:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu000ac020:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu
000ac030:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n000ac030:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n
000ac040:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",000ac040:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",
000ac050:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"000ac050:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"
000ac060:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con000ac060:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con
000ac070:·7461·696e·6572·225d·0a20·202d·2066·696c··tainer"].··-·fil000ac070:·7461·696e·6572·225d·0a20·202d·2066·696c··tainer"].··-·fil
000ac080:·655f·6578·6973·7473·2e73·7461·7420·6973··e_exists.stat·is000ac080:·655f·6578·6973·7473·2e73·7461·7420·6973··e_exists.stat·is
Offset 44087, 18 lines modifiedOffset 44087, 18 lines modified
000ac360:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th000ac360:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th
000ac370:·3e3c·7464·3e63·6f6e·6669·6775·7265·3c2f··><td>configure</000ac370:·3e3c·7464·3e63·6f6e·6669·6775·7265·3c2f··><td>configure</
000ac380:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>000ac380:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>
000ac390:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem000ac390:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem
000ac3a0:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl000ac3a0:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl
000ac3b0:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c000ac3b0:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c
000ac3c0:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms000ac3c0:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms
 000ac3d0:·0a69·6620·7270·6d20·2d2d·7175·6965·7420··.if·rpm·--quiet·
 000ac3e0:·2d71·2067·7275·6232·2026·616d·703b·2661··-q·grub2·&amp;&a
000ac3d0:·0a69·6620·5b20·2120·2d66·202f·7379·732f··.if·[·!·-f·/sys/000ac3f0:·6d70·3b20·5b20·2120·2d66·202f·7379·732f··mp;·[·!·-f·/sys/
000ac3e0:·6669·726d·7761·7265·2f65·6669·205d·2026··firmware/efi·]·&000ac400:·6669·726d·7761·7265·2f65·6669·205d·2026··firmware/efi·]·&
000ac3f0:·616d·703b·2661·6d70·3b20·7270·6d20·2d2d··amp;&amp;·rpm·-- 
000ac400:·7175·6965·7420·2d71·2067·7275·6232·2026··quiet·-q·grub2·& 
000ac410:·616d·703b·2661·6d70·3b20·7b20·5b20·2120··amp;&amp;·{·[·!·000ac410:·616d·703b·2661·6d70·3b20·7b20·5b20·2120··amp;&amp;·{·[·!·
000ac420:·2d66·202f·2e64·6f63·6b65·7265·6e76·205d··-f·/.dockerenv·]000ac420:·2d66·202f·2e64·6f63·6b65·7265·6e76·205d··-f·/.dockerenv·]
000ac430:·2026·616d·703b·2661·6d70·3b20·5b20·2120···&amp;&amp;·[·!·000ac430:·2026·616d·703b·2661·6d70·3b20·5b20·2120···&amp;&amp;·[·!·
000ac440:·2d66·202f·7275·6e2f·2e63·6f6e·7461·696e··-f·/run/.contain000ac440:·2d66·202f·7275·6e2f·2e63·6f6e·7461·696e··-f·/run/.contain
000ac450:·6572·656e·7620·5d3b·207d·3b20·7468·656e··erenv·];·};·then000ac450:·6572·656e·7620·5d3b·207d·3b20·7468·656e··erenv·];·};·then
000ac460:·0a0a·6368·6772·7020·3020·2f62·6f6f·742f··..chgrp·0·/boot/000ac460:·0a0a·6368·6772·7020·3020·2f62·6f6f·742f··..chgrp·0·/boot/
000ac470:·6772·7562·322f·6772·7562·2e63·6667·0a0a··grub2/grub.cfg..000ac470:·6772·7562·322f·6772·7562·2e63·6667·0a0a··grub2/grub.cfg..
Offset 44596, 21 lines modifiedOffset 44596, 21 lines modified
000ae330:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis000ae330:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis
000ae340:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub000ae340:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub
000ae350:·322f·6772·7562·2e63·6667·0a20·2073·7461··2/grub.cfg.··sta000ae350:·322f·6772·7562·2e63·6667·0a20·2073·7461··2/grub.cfg.··sta
000ae360:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo000ae360:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo
000ae370:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf000ae370:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
000ae380:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi000ae380:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi
000ae390:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when000ae390:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when
000ae3a0:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef 
000ae3b0:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl 
000ae3c0:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a 
000ae3d0:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount" 
000ae3e0:·2920·7c20·6c69·7374·270a·2020·2d20·2722··)·|·list'.··-·'" 
000ae3f0:·6772·7562·3222·2069·6e20·616e·7369·626c··grub2"·in·ansibl 
000ae400:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages000ae3a0:·3a0a·2020·2d20·2722·6772·7562·3222·2069··:.··-·'"grub2"·i
 000ae3b0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
 000ae3c0:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'"
 000ae3d0:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i
 000ae3e0:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts
 000ae3f0:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute
 000ae400:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list
000ae410:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi000ae410:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
000ae420:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ000ae420:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
000ae430:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke000ae430:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
000ae440:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open000ae440:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
000ae450:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"000ae450:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
000ae460:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta000ae460:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta
000ae470:·6773·3a0a·2020·2d20·4343·452d·3931·3632··gs:.··-·CCE-9162000ae470:·6773·3a0a·2020·2d20·4343·452d·3931·3632··gs:.··-·CCE-9162
Offset 44632, 21 lines modifiedOffset 44632, 21 lines modified
000ae570:·2d20·6e61·6d65·3a20·456e·7375·7265·206f··-·name:·Ensure·o000ae570:·2d20·6e61·6d65·3a20·456e·7375·7265·206f··-·name:·Ensure·o
000ae580:·776e·6572·2030·206f·6e20·2f62·6f6f·742f··wner·0·on·/boot/000ae580:·776e·6572·2030·206f·6e20·2f62·6f6f·742f··wner·0·on·/boot/
000ae590:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·000ae590:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·
000ae5a0:·2066·696c·653a·0a20·2020·2070·6174·683a···file:.····path:000ae5a0:·2066·696c·653a·0a20·2020·2070·6174·683a···file:.····path:
000ae5b0:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru000ae5b0:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
Max diff block lines reached; 8798/17924 bytes (49.09%) of diff not shown.
5.74 KB
html2text {}
    
Offset 42, 15 lines modifiedOffset 42, 15 lines modified
42 Profile·Title·CIS·SUSE·Linux·Enterprise·12·Benchmark·for·Level·1·-·Workstation42 Profile·Title·CIS·SUSE·Linux·Enterprise·12·Benchmark·for·Level·1·-·Workstation
43 Profile·ID····xccdf_org.ssgproject.content_profile_cis_workstation_l143 Profile·ID····xccdf_org.ssgproject.content_profile_cis_workstation_l1
44 ***·CPE·Platforms·***44 ***·CPE·Platforms·***
45 ····*·cpe:/o:suse:linux_enterprise_desktop:1245 ····*·cpe:/o:suse:linux_enterprise_desktop:12
46 ····*·cpe:/o:suse:linux_enterprise_server:1246 ····*·cpe:/o:suse:linux_enterprise_server:12
47 *****·Revision·History·*****47 *****·Revision·History·*****
48 Current·version:·0.1.6548 Current·version:·0.1.65
49 ····*·draft·(as·of·2024-01-14)49 ····*·draft·(as·of·2025-02-15)
50 *****·Table·of·Contents·*****50 *****·Table·of·Contents·*****
51 ···1.·System_Settings51 ···1.·System_Settings
52 ·········1.·Installing_and_Maintaining_Software52 ·········1.·Installing_and_Maintaining_Software
53 ·········2.·Account_and_Access_Control53 ·········2.·Account_and_Access_Control
54 ·········3.·AppArmor54 ·········3.·AppArmor
55 ·········4.·GRUB2_bootloader_configuration55 ·········4.·GRUB2_bootloader_configuration
56 ·········5.·Configure_Syslog56 ·········5.·Configure_Syslog
Offset 5055, 16 lines modifiedOffset 5055, 16 lines modified
5055 ··-·no_reboot_needed5055 ··-·no_reboot_needed
  
5056 -·name:·Test·for·existence·/boot/grub2/grub.cfg5056 -·name:·Test·for·existence·/boot/grub2/grub.cfg
5057 ··stat:5057 ··stat:
5058 ····path:·/boot/grub2/grub.cfg5058 ····path:·/boot/grub2/grub.cfg
5059 ··register:·file_exists5059 ··register:·file_exists
5060 ··when:5060 ··when:
5061 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5062 ··-·'"grub2"·in·ansible_facts.packages'5061 ··-·'"grub2"·in·ansible_facts.packages'
 5062 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5063 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5063 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5064 ··tags:5064 ··tags:
5065 ··-·CCE-91623-95065 ··-·CCE-91623-9
5066 ··-·CJIS-5.5.2.25066 ··-·CJIS-5.5.2.2
5067 ··-·NIST-800-171-3.4.55067 ··-·NIST-800-171-3.4.5
5068 ··-·NIST-800-53-AC-6(1)5068 ··-·NIST-800-53-AC-6(1)
5069 ··-·NIST-800-53-CM-6(a)5069 ··-·NIST-800-53-CM-6(a)
Offset 5077, 16 lines modifiedOffset 5077, 16 lines modified
5077 ··-·no_reboot_needed5077 ··-·no_reboot_needed
  
5078 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg5078 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
5079 ··file:5079 ··file:
5080 ····path:·/boot/grub2/grub.cfg5080 ····path:·/boot/grub2/grub.cfg
5081 ····group:·'0'5081 ····group:·'0'
5082 ··when:5082 ··when:
5083 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5084 ··-·'"grub2"·in·ansible_facts.packages'5083 ··-·'"grub2"·in·ansible_facts.packages'
 5084 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5085 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5085 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5086 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists5086 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
5087 ··tags:5087 ··tags:
5088 ··-·CCE-91623-95088 ··-·CCE-91623-9
5089 ··-·CJIS-5.5.2.25089 ··-·CJIS-5.5.2.2
5090 ··-·NIST-800-171-3.4.55090 ··-·NIST-800-171-3.4.5
5091 ··-·NIST-800-53-AC-6(1)5091 ··-·NIST-800-53-AC-6(1)
Offset 5099, 15 lines modifiedOffset 5099, 15 lines modified
5099 ··-·medium_severity5099 ··-·medium_severity
5100 ··-·no_reboot_needed5100 ··-·no_reboot_needed
5101 Remediation_Shell_script_⇲5101 Remediation_Shell_script_⇲
5102 Complexity:·low5102 Complexity:·low
5103 Disruption:·low5103 Disruption:·low
5104 Strategy:···configure5104 Strategy:···configure
5105 #·Remediation·is·applicable·only·in·certain·platforms5105 #·Remediation·is·applicable·only·in·certain·platforms
5106 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];5106 if·rpm·--quiet·-q·grub2·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];
5107 };·then5107 };·then
  
5108 chgrp·0·/boot/grub2/grub.cfg5108 chgrp·0·/boot/grub2/grub.cfg
  
5109 else5109 else
5110 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'5110 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
5111 fi5111 fi
Offset 5148, 16 lines modifiedOffset 5148, 16 lines modified
5148 ··-·no_reboot_needed5148 ··-·no_reboot_needed
  
5149 -·name:·Test·for·existence·/boot/grub2/grub.cfg5149 -·name:·Test·for·existence·/boot/grub2/grub.cfg
5150 ··stat:5150 ··stat:
5151 ····path:·/boot/grub2/grub.cfg5151 ····path:·/boot/grub2/grub.cfg
5152 ··register:·file_exists5152 ··register:·file_exists
5153 ··when:5153 ··when:
5154 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5155 ··-·'"grub2"·in·ansible_facts.packages'5154 ··-·'"grub2"·in·ansible_facts.packages'
 5155 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5156 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5156 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5157 ··tags:5157 ··tags:
5158 ··-·CCE-91624-75158 ··-·CCE-91624-7
5159 ··-·CJIS-5.5.2.25159 ··-·CJIS-5.5.2.2
5160 ··-·NIST-800-171-3.4.55160 ··-·NIST-800-171-3.4.5
5161 ··-·NIST-800-53-AC-6(1)5161 ··-·NIST-800-53-AC-6(1)
5162 ··-·NIST-800-53-CM-6(a)5162 ··-·NIST-800-53-CM-6(a)
Offset 5170, 16 lines modifiedOffset 5170, 16 lines modified
5170 ··-·no_reboot_needed5170 ··-·no_reboot_needed
  
5171 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg5171 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
5172 ··file:5172 ··file:
5173 ····path:·/boot/grub2/grub.cfg5173 ····path:·/boot/grub2/grub.cfg
5174 ····owner:·'0'5174 ····owner:·'0'
5175 ··when:5175 ··when:
5176 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5177 ··-·'"grub2"·in·ansible_facts.packages'5176 ··-·'"grub2"·in·ansible_facts.packages'
 5177 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5178 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5178 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5179 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists5179 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
5180 ··tags:5180 ··tags:
5181 ··-·CCE-91624-75181 ··-·CCE-91624-7
5182 ··-·CJIS-5.5.2.25182 ··-·CJIS-5.5.2.2
5183 ··-·NIST-800-171-3.4.55183 ··-·NIST-800-171-3.4.5
5184 ··-·NIST-800-53-AC-6(1)5184 ··-·NIST-800-53-AC-6(1)
Offset 5192, 15 lines modifiedOffset 5192, 15 lines modified
5192 ··-·medium_severity5192 ··-·medium_severity
5193 ··-·no_reboot_needed5193 ··-·no_reboot_needed
5194 Remediation_Shell_script_⇲5194 Remediation_Shell_script_⇲
5195 Complexity:·low5195 Complexity:·low
5196 Disruption:·low5196 Disruption:·low
5197 Strategy:···configure5197 Strategy:···configure
5198 #·Remediation·is·applicable·only·in·certain·platforms5198 #·Remediation·is·applicable·only·in·certain·platforms
5199 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];5199 if·rpm·--quiet·-q·grub2·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];
5200 };·then5200 };·then
  
5201 chown·0·/boot/grub2/grub.cfg5201 chown·0·/boot/grub2/grub.cfg
  
5202 else5202 else
5203 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'5203 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
5204 fi5204 fi
Offset 5237, 16 lines modifiedOffset 5237, 16 lines modified
5237 ··-·no_reboot_needed5237 ··-·no_reboot_needed
  
5238 -·name:·Test·for·existence·/boot/grub2/grub.cfg5238 -·name:·Test·for·existence·/boot/grub2/grub.cfg
5239 ··stat:5239 ··stat:
5240 ····path:·/boot/grub2/grub.cfg5240 ····path:·/boot/grub2/grub.cfg
5241 ··register:·file_exists5241 ··register:·file_exists
5242 ··when:5242 ··when:
Max diff block lines reached; 1495/5856 bytes (25.53%) of diff not shown.
811 KB
./usr/share/doc/ssg-nondebian/ssg-sle12-guide-cis_workstation_l2.html
    
Offset 14313, 15 lines modifiedOffset 14313, 15 lines modified
00037e80:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v00037e80:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v
00037e90:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>00037e90:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>
00037ea0:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><00037ea0:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><
00037eb0:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro00037eb0:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro
00037ec0:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong00037ec0:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong
00037ed0:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············00037ed0:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············
00037ee0:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·20200037ee0:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·202
00037ef0:·342d·3031·2d31·3429·0a20·2020·2020·2020··4-01-14).·······00037ef0:·352d·3032·2d31·3529·0a20·2020·2020·2020··5-02-15).·······
00037f00:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></00037f00:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></
00037f10:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab00037f10:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab
00037f20:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</00037f20:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</
00037f30:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr00037f30:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr
00037f40:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s00037f40:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s
00037f50:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten00037f50:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten
00037f60:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">00037f60:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">
Offset 46232, 23 lines modifiedOffset 46232, 23 lines modified
000b4970:·6571·7569·7265·640a·2020·2d20·7265·7374··equired.··-·rest000b4970:·6571·7569·7265·640a·2020·2d20·7265·7374··equired.··-·rest
000b4980:·7269·6374·5f73·7472·6174·6567·790a·0a2d··rict_strategy..-000b4980:·7269·6374·5f73·7472·6174·6567·790a·0a2d··rict_strategy..-
000b4990:·206e·616d·653a·2053·6574·2061·7263·6869···name:·Set·archi000b4990:·206e·616d·653a·2053·6574·2061·7263·6869···name:·Set·archi
000b49a0:·7465·6374·7572·6520·666f·7220·6175·6469··tecture·for·audi000b49a0:·7465·6374·7572·6520·666f·7220·6175·6469··tecture·for·audi
000b49b0:·7420·6368·6d6f·6420·7461·736b·730a·2020··t·chmod·tasks.··000b49b0:·7420·6368·6d6f·6420·7461·736b·730a·2020··t·chmod·tasks.··
000b49c0:·7365·745f·6661·6374·3a0a·2020·2020·6175··set_fact:.····au000b49c0:·7365·745f·6661·6374·3a0a·2020·2020·6175··set_fact:.····au
000b49d0:·6469·745f·6172·6368·3a20·6236·340a·2020··dit_arch:·b64.··000b49d0:·6469·745f·6172·6368·3a20·6236·340a·2020··dit_arch:·b64.··
000b49e0:·7768·656e·3a0a·2020·2d20·2722·6175·6469··when:.··-·'"audi000b49e0:·7768·656e·3a0a·2020·2d20·616e·7369·626c··when:.··-·ansibl
000b49f0:·7422·2069·6e20·616e·7369·626c·655f·6661··t"·in·ansible_fa 
000b4a00:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.·· 
000b4a10:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua 
000b4a20:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no 
000b4a30:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",· 
000b4a40:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz", 
000b4a50:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont000b49f0:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
 000b4a00:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
 000b4a10:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
 000b4a20:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
 000b4a30:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].
 000b4a40:·2020·2d20·2722·6175·6469·7422·2069·6e20····-·'"audit"·in·
 000b4a50:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
000b4a60:·6169·6e65·7222·5d0a·2020·2d20·616e·7369··ainer"].··-·ansi000b4a60:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi
000b4a70:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture000b4a70:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture
000b4a80:·203d·3d20·2261·6172·6368·3634·2220·6f72···==·"aarch64"·or000b4a80:·203d·3d20·2261·6172·6368·3634·2220·6f72···==·"aarch64"·or
000b4a90:·2061·6e73·6962·6c65·5f61·7263·6869·7465···ansible_archite000b4a90:·2061·6e73·6962·6c65·5f61·7263·6869·7465···ansible_archite
000b4aa0:·6374·7572·6520·3d3d·2022·7070·6336·3422··cture·==·"ppc64"000b4aa0:·6374·7572·6520·3d3d·2022·7070·6336·3422··cture·==·"ppc64"
000b4ab0:·206f·7220·616e·7369·626c·655f·6172·6368···or·ansible_arch000b4ab0:·206f·7220·616e·7369·626c·655f·6172·6368···or·ansible_arch
000b4ac0:·6974·6563·7475·7265·0a20·2020·203d·3d20··itecture.····==·000b4ac0:·6974·6563·7475·7265·0a20·2020·203d·3d20··itecture.····==·
000b4ad0:·2270·7063·3634·6c65·2220·6f72·2061·6e73··"ppc64le"·or·ans000b4ad0:·2270·7063·3634·6c65·2220·6f72·2061·6e73··"ppc64le"·or·ans
Offset 46556, 23 lines modifiedOffset 46556, 23 lines modified
000b5db0:·2d46·206b·6579·3d70·6572·6d5f·6d6f·640a··-F·key=perm_mod.000b5db0:·2d46·206b·6579·3d70·6572·6d5f·6d6f·640a··-F·key=perm_mod.
000b5dc0:·2020·2020·2020·6372·6561·7465·3a20·7472········create:·tr000b5dc0:·2020·2020·2020·6372·6561·7465·3a20·7472········create:·tr
000b5dd0:·7565·0a20·2020·2020·206d·6f64·653a·206f··ue.······mode:·o000b5dd0:·7565·0a20·2020·2020·206d·6f64·653a·206f··ue.······mode:·o
000b5de0:·2d72·7778·0a20·2020·2020·2073·7461·7465··-rwx.······state000b5de0:·2d72·7778·0a20·2020·2020·2073·7461·7465··-rwx.······state
000b5df0:·3a20·7072·6573·656e·740a·2020·2020·7768··:·present.····wh000b5df0:·3a20·7072·6573·656e·740a·2020·2020·7768··:·present.····wh
000b5e00:·656e·3a20·7379·7363·616c·6c73·5f66·6f75··en:·syscalls_fou000b5e00:·656e·3a20·7379·7363·616c·6c73·5f66·6f75··en:·syscalls_fou
000b5e10:·6e64·207c·206c·656e·6774·6820·3d3d·2030··nd·|·length·==·0000b5e10:·6e64·207c·206c·656e·6774·6820·3d3d·2030··nd·|·length·==·0
000b5e20:·0a20·2077·6865·6e3a·0a20·202d·2027·2261··.··when:.··-·'"a000b5e20:·0a20·2077·6865·6e3a·0a20·202d·2061·6e73··.··when:.··-·ans
000b5e30:·7564·6974·2220·696e·2061·6e73·6962·6c65··udit"·in·ansible 
000b5e40:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages' 
000b5e50:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir 
000b5e60:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type 
000b5e70:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker 
000b5e80:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv 
000b5e90:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c 
000b5ea0:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag000b5e30:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
 000b5e40:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
 000b5e50:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
 000b5e60:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
 000b5e70:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
 000b5e80:·225d·0a20·202d·2027·2261·7564·6974·2220··"].··-·'"audit"·
 000b5e90:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 000b5ea0:·2e70·6163·6b61·6765·7327·0a20·2074·6167··.packages'.··tag
000b5eb0:·733a·0a20·202d·2043·4345·2d38·3331·3036··s:.··-·CCE-83106000b5eb0:·733a·0a20·202d·2043·4345·2d38·3331·3036··s:.··-·CCE-83106
000b5ec0:·2d35·0a20·202d·2043·4a49·532d·352e·342e··-5.··-·CJIS-5.4.000b5ec0:·2d35·0a20·202d·2043·4a49·532d·352e·342e··-5.··-·CJIS-5.4.
000b5ed0:·312e·310a·2020·2d20·4449·5341·2d53·5449··1.1.··-·DISA-STI000b5ed0:·312e·310a·2020·2d20·4449·5341·2d53·5449··1.1.··-·DISA-STI
000b5ee0:·472d·534c·4553·2d31·322d·3032·3034·3630··G-SLES-12-020460000b5ee0:·472d·534c·4553·2d31·322d·3032·3034·3630··G-SLES-12-020460
000b5ef0:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17000b5ef0:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17
000b5f00:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST000b5f00:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST
000b5f10:·2d38·3030·2d35·332d·4155·2d31·3228·6329··-800-53-AU-12(c)000b5f10:·2d38·3030·2d35·332d·4155·2d31·3228·6329··-800-53-AU-12(c)
Offset 46869, 23 lines modifiedOffset 46869, 23 lines modified
000b7140:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······000b7140:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······
000b7150:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···000b7150:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···
000b7160:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·000b7160:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·
000b7170:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres000b7170:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres
000b7180:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy000b7180:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy
000b7190:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l000b7190:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l
000b71a0:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe000b71a0:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe
000b71b0:·6e3a·0a20·202d·2027·2261·7564·6974·2220··n:.··-·'"audit"· 
000b71c0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
000b71d0:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a 
000b71e0:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz 
000b71f0:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i 
000b7200:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx 
000b7210:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p 
000b7220:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain000b71b0:·6e3a·0a20·202d·2061·6e73·6962·6c65·5f76··n:.··-·ansible_v
 000b71c0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
 000b71d0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
 000b71e0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
 000b71f0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
 000b7200:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··-
 000b7210:·2027·2261·7564·6974·2220·696e·2061·6e73···'"audit"·in·ans
 000b7220:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
000b7230:·6572·225d·0a20·202d·2061·7564·6974·5f61··er"].··-·audit_a000b7230:·6765·7327·0a20·202d·2061·7564·6974·5f61··ges'.··-·audit_a
000b7240:·7263·6820·3d3d·2022·6236·3422·0a20·2074··rch·==·"b64".··t000b7240:·7263·6820·3d3d·2022·6236·3422·0a20·2074··rch·==·"b64".··t
000b7250:·6167·733a·0a20·202d·2043·4345·2d38·3331··ags:.··-·CCE-831000b7250:·6167·733a·0a20·202d·2043·4345·2d38·3331··ags:.··-·CCE-831
000b7260:·3036·2d35·0a20·202d·2043·4a49·532d·352e··06-5.··-·CJIS-5.000b7260:·3036·2d35·0a20·202d·2043·4a49·532d·352e··06-5.··-·CJIS-5.
000b7270:·342e·312e·310a·2020·2d20·4449·5341·2d53··4.1.1.··-·DISA-S000b7270:·342e·312e·310a·2020·2d20·4449·5341·2d53··4.1.1.··-·DISA-S
000b7280:·5449·472d·534c·4553·2d31·322d·3032·3034··TIG-SLES-12-0204000b7280:·5449·472d·534c·4553·2d31·322d·3032·3034··TIG-SLES-12-0204
000b7290:·3630·0a20·202d·204e·4953·542d·3830·302d··60.··-·NIST-800-000b7290:·3630·0a20·202d·204e·4953·542d·3830·302d··60.··-·NIST-800-
000b72a0:·3137·312d·332e·312e·370a·2020·2d20·4e49··171-3.1.7.··-·NI000b72a0:·3137·312d·332e·312e·370a·2020·2d20·4e49··171-3.1.7.··-·NI
Offset 46920, 20 lines modifiedOffset 46920, 20 lines modified
000b7470:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co000b7470:·2063·6c61·7373·3d22·7061·6e65·6c2d·636f···class="panel-co
000b7480:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"000b7480:·6c6c·6170·7365·2063·6f6c·6c61·7073·6522··llapse·collapse"
000b7490:·2069·643d·2269·646d·3136·3830·3622·3e3c···id="idm16806"><000b7490:·2069·643d·2269·646d·3136·3830·3622·3e3c···id="idm16806"><
000b74a0:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme000b74a0:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme
000b74b0:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli000b74b0:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli
000b74c0:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce000b74c0:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce
000b74d0:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.000b74d0:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.
000b74e0:·6966·2072·706d·202d·2d71·7569·6574·202d··if·rpm·--quiet·- 
000b74f0:·7120·6175·6469·7420·2661·6d70·3b26·616d··q·audit·&amp;&am 
000b7500:·703b·205b·2021·202d·6620·2f2e·646f·636b··p;·[·!·-f·/.dock000b74e0:·6966·205b·2021·202d·6620·2f2e·646f·636b··if·[·!·-f·/.dock
000b7510:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am000b74f0:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am
000b7520:·703b·205b·2021·202d·6620·2f72·756e·2f2e··p;·[·!·-f·/run/.000b7500:·703b·205b·2021·202d·6620·2f72·756e·2f2e··p;·[·!·-f·/run/.
000b7530:·636f·6e74·6169·6e65·7265·6e76·205d·3b20··containerenv·];·000b7510:·636f·6e74·6169·6e65·7265·6e76·205d·2026··containerenv·]·&
 000b7520:·616d·703b·2661·6d70·3b20·7270·6d20·2d2d··amp;&amp;·rpm·--
 000b7530:·7175·6965·7420·2d71·2061·7564·6974·3b20··quiet·-q·audit;·
000b7540:·7468·656e·0a0a·2320·4669·7273·7420·7065··then..#·First·pe000b7540:·7468·656e·0a0a·2320·4669·7273·7420·7065··then..#·First·pe
000b7550:·7266·6f72·6d20·7468·6520·7265·6d65·6469··rform·the·remedi000b7550:·7266·6f72·6d20·7468·6520·7265·6d65·6469··rform·the·remedi
000b7560:·6174·696f·6e20·6f66·2074·6865·2073·7973··ation·of·the·sys000b7560:·6174·696f·6e20·6f66·2074·6865·2073·7973··ation·of·the·sys
000b7570:·6361·6c6c·2072·756c·650a·2320·5265·7472··call·rule.#·Retr000b7570:·6361·6c6c·2072·756c·650a·2320·5265·7472··call·rule.#·Retr
Max diff block lines reached; 633816/643330 bytes (98.52%) of diff not shown.
182 KB
html2text {}
    
Offset 42, 15 lines modifiedOffset 42, 15 lines modified
42 Profile·Title·CIS·SUSE·Linux·Enterprise·12·Benchmark·Level·2·-·Workstation42 Profile·Title·CIS·SUSE·Linux·Enterprise·12·Benchmark·Level·2·-·Workstation
43 Profile·ID····xccdf_org.ssgproject.content_profile_cis_workstation_l243 Profile·ID····xccdf_org.ssgproject.content_profile_cis_workstation_l2
44 ***·CPE·Platforms·***44 ***·CPE·Platforms·***
45 ····*·cpe:/o:suse:linux_enterprise_desktop:1245 ····*·cpe:/o:suse:linux_enterprise_desktop:12
46 ····*·cpe:/o:suse:linux_enterprise_server:1246 ····*·cpe:/o:suse:linux_enterprise_server:12
47 *****·Revision·History·*****47 *****·Revision·History·*****
48 Current·version:·0.1.6548 Current·version:·0.1.65
49 ····*·draft·(as·of·2024-01-14)49 ····*·draft·(as·of·2025-02-15)
50 *****·Table·of·Contents·*****50 *****·Table·of·Contents·*****
51 ···1.·System_Settings51 ···1.·System_Settings
52 ·········1.·Installing_and_Maintaining_Software52 ·········1.·Installing_and_Maintaining_Software
53 ·········2.·Account_and_Access_Control53 ·········2.·Account_and_Access_Control
54 ·········3.·System_Accounting_with_auditd54 ·········3.·System_Accounting_with_auditd
55 ·········4.·AppArmor55 ·········4.·AppArmor
56 ·········5.·GRUB2_bootloader_configuration56 ·········5.·GRUB2_bootloader_configuration
Offset 5173, 16 lines modifiedOffset 5173, 16 lines modified
5173 ··-·reboot_required5173 ··-·reboot_required
5174 ··-·restrict_strategy5174 ··-·restrict_strategy
  
5175 -·name:·Set·architecture·for·audit·chmod·tasks5175 -·name:·Set·architecture·for·audit·chmod·tasks
5176 ··set_fact:5176 ··set_fact:
5177 ····audit_arch:·b645177 ····audit_arch:·b64
5178 ··when:5178 ··when:
5179 ··-·'"audit"·in·ansible_facts.packages' 
5180 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5179 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5180 ··-·'"audit"·in·ansible_facts.packages'
5181 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture5181 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
5182 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"5182 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
5183 ··tags:5183 ··tags:
5184 ··-·CCE-83106-55184 ··-·CCE-83106-5
5185 ··-·CJIS-5.4.1.15185 ··-·CJIS-5.4.1.1
5186 ··-·DISA-STIG-SLES-12-0204605186 ··-·DISA-STIG-SLES-12-020460
5187 ··-·NIST-800-171-3.1.75187 ··-·NIST-800-171-3.1.7
Offset 5320, 16 lines modifiedOffset 5320, 16 lines modified
5320 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10005320 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
5321 ········-F·auid!=unset·-F·key=perm_mod5321 ········-F·auid!=unset·-F·key=perm_mod
5322 ······create:·true5322 ······create:·true
5323 ······mode:·o-rwx5323 ······mode:·o-rwx
5324 ······state:·present5324 ······state:·present
5325 ····when:·syscalls_found·|·length·==·05325 ····when:·syscalls_found·|·length·==·0
5326 ··when:5326 ··when:
5327 ··-·'"audit"·in·ansible_facts.packages' 
5328 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5327 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5328 ··-·'"audit"·in·ansible_facts.packages'
5329 ··tags:5329 ··tags:
5330 ··-·CCE-83106-55330 ··-·CCE-83106-5
5331 ··-·CJIS-5.4.1.15331 ··-·CJIS-5.4.1.1
5332 ··-·DISA-STIG-SLES-12-0204605332 ··-·DISA-STIG-SLES-12-020460
5333 ··-·NIST-800-171-3.1.75333 ··-·NIST-800-171-3.1.7
5334 ··-·NIST-800-53-AU-12(c)5334 ··-·NIST-800-53-AU-12(c)
5335 ··-·NIST-800-53-AU-2(d)5335 ··-·NIST-800-53-AU-2(d)
Offset 5465, 16 lines modifiedOffset 5465, 16 lines modified
5465 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10005465 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
5466 ········-F·auid!=unset·-F·key=perm_mod5466 ········-F·auid!=unset·-F·key=perm_mod
5467 ······create:·true5467 ······create:·true
5468 ······mode:·o-rwx5468 ······mode:·o-rwx
5469 ······state:·present5469 ······state:·present
5470 ····when:·syscalls_found·|·length·==·05470 ····when:·syscalls_found·|·length·==·0
5471 ··when:5471 ··when:
5472 ··-·'"audit"·in·ansible_facts.packages' 
5473 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5472 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5473 ··-·'"audit"·in·ansible_facts.packages'
5474 ··-·audit_arch·==·"b64"5474 ··-·audit_arch·==·"b64"
5475 ··tags:5475 ··tags:
5476 ··-·CCE-83106-55476 ··-·CCE-83106-5
5477 ··-·CJIS-5.4.1.15477 ··-·CJIS-5.4.1.1
5478 ··-·DISA-STIG-SLES-12-0204605478 ··-·DISA-STIG-SLES-12-020460
5479 ··-·NIST-800-171-3.1.75479 ··-·NIST-800-171-3.1.7
5480 ··-·NIST-800-53-AU-12(c)5480 ··-·NIST-800-53-AU-12(c)
Offset 5485, 15 lines modifiedOffset 5485, 15 lines modified
5485 ··-·low_complexity5485 ··-·low_complexity
5486 ··-·low_disruption5486 ··-·low_disruption
5487 ··-·medium_severity5487 ··-·medium_severity
5488 ··-·reboot_required5488 ··-·reboot_required
5489 ··-·restrict_strategy5489 ··-·restrict_strategy
5490 Remediation_Shell_script_⇲5490 Remediation_Shell_script_⇲
5491 #·Remediation·is·applicable·only·in·certain·platforms5491 #·Remediation·is·applicable·only·in·certain·platforms
5492 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then5492 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
5493 #·First·perform·the·remediation·of·the·syscall·rule5493 #·First·perform·the·remediation·of·the·syscall·rule
5494 #·Retrieve·hardware·architecture·of·the·underlying·system5494 #·Retrieve·hardware·architecture·of·the·underlying·system
5495 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")5495 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
5496 for·ARCH·in·"${RULE_ARCHS[@]}"5496 for·ARCH·in·"${RULE_ARCHS[@]}"
5497 do5497 do
Offset 5887, 16 lines modifiedOffset 5887, 16 lines modified
5887 ··-·reboot_required5887 ··-·reboot_required
5888 ··-·restrict_strategy5888 ··-·restrict_strategy
  
5889 -·name:·Set·architecture·for·audit·chown·tasks5889 -·name:·Set·architecture·for·audit·chown·tasks
5890 ··set_fact:5890 ··set_fact:
5891 ····audit_arch:·b645891 ····audit_arch:·b64
5892 ··when:5892 ··when:
5893 ··-·'"audit"·in·ansible_facts.packages' 
5894 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5893 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5894 ··-·'"audit"·in·ansible_facts.packages'
5895 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture5895 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
5896 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"5896 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
5897 ··tags:5897 ··tags:
5898 ··-·CCE-83137-05898 ··-·CCE-83137-0
5899 ··-·CJIS-5.4.1.15899 ··-·CJIS-5.4.1.1
5900 ··-·DISA-STIG-SLES-12-0204205900 ··-·DISA-STIG-SLES-12-020420
5901 ··-·NIST-800-171-3.1.75901 ··-·NIST-800-171-3.1.7
Offset 6036, 16 lines modifiedOffset 6036, 16 lines modified
6036 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10006036 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
6037 ········-F·auid!=unset·-F·key=perm_mod6037 ········-F·auid!=unset·-F·key=perm_mod
6038 ······create:·true6038 ······create:·true
6039 ······mode:·o-rwx6039 ······mode:·o-rwx
6040 ······state:·present6040 ······state:·present
6041 ····when:·syscalls_found·|·length·==·06041 ····when:·syscalls_found·|·length·==·0
6042 ··when:6042 ··when:
6043 ··-·'"audit"·in·ansible_facts.packages' 
6044 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]6043 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 6044 ··-·'"audit"·in·ansible_facts.packages'
6045 ··tags:6045 ··tags:
6046 ··-·CCE-83137-06046 ··-·CCE-83137-0
6047 ··-·CJIS-5.4.1.16047 ··-·CJIS-5.4.1.1
6048 ··-·DISA-STIG-SLES-12-0204206048 ··-·DISA-STIG-SLES-12-020420
6049 ··-·NIST-800-171-3.1.76049 ··-·NIST-800-171-3.1.7
6050 ··-·NIST-800-53-AU-12(c)6050 ··-·NIST-800-53-AU-12(c)
6051 ··-·NIST-800-53-AU-2(d)6051 ··-·NIST-800-53-AU-2(d)
Offset 6183, 16 lines modifiedOffset 6183, 16 lines modified
6183 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10006183 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
6184 ········-F·auid!=unset·-F·key=perm_mod6184 ········-F·auid!=unset·-F·key=perm_mod
6185 ······create:·true6185 ······create:·true
6186 ······mode:·o-rwx6186 ······mode:·o-rwx
6187 ······state:·present6187 ······state:·present
Max diff block lines reached; 182042/186543 bytes (97.59%) of diff not shown.
923 KB
./usr/share/doc/ssg-nondebian/ssg-sle12-guide-pci-dss-4.html
    
Offset 14297, 15 lines modifiedOffset 14297, 15 lines modified
00037d80:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v00037d80:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v
00037d90:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>00037d90:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>
00037da0:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><00037da0:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><
00037db0:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro00037db0:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro
00037dc0:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong00037dc0:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong
00037dd0:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············00037dd0:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············
00037de0:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·20200037de0:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·202
00037df0:·342d·3031·2d31·3429·0a20·2020·2020·2020··4-01-14).·······00037df0:·352d·3032·2d31·3529·0a20·2020·2020·2020··5-02-15).·······
00037e00:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></00037e00:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></
00037e10:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab00037e10:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab
00037e20:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</00037e20:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</
00037e30:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr00037e30:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr
00037e40:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s00037e40:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s
00037e50:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten00037e50:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten
00037e60:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">00037e60:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">
Offset 50123, 23 lines modifiedOffset 50123, 23 lines modified
000c3ca0:·7265·640a·2020·2d20·7265·7374·7269·6374··red.··-·restrict000c3ca0:·7265·640a·2020·2d20·7265·7374·7269·6374··red.··-·restrict
000c3cb0:·5f73·7472·6174·6567·790a·0a2d·206e·616d··_strategy..-·nam000c3cb0:·5f73·7472·6174·6567·790a·0a2d·206e·616d··_strategy..-·nam
000c3cc0:·653a·2053·6574·2061·7263·6869·7465·6374··e:·Set·architect000c3cc0:·653a·2053·6574·2061·7263·6869·7465·6374··e:·Set·architect
000c3cd0:·7572·6520·666f·7220·6175·6469·7420·6368··ure·for·audit·ch000c3cd0:·7572·6520·666f·7220·6175·6469·7420·6368··ure·for·audit·ch
000c3ce0:·6d6f·6420·7461·736b·730a·2020·7365·745f··mod·tasks.··set_000c3ce0:·6d6f·6420·7461·736b·730a·2020·7365·745f··mod·tasks.··set_
000c3cf0:·6661·6374·3a0a·2020·2020·6175·6469·745f··fact:.····audit_000c3cf0:·6661·6374·3a0a·2020·2020·6175·6469·745f··fact:.····audit_
000c3d00:·6172·6368·3a20·6236·340a·2020·7768·656e··arch:·b64.··when000c3d00:·6172·6368·3a20·6236·340a·2020·7768·656e··arch:·b64.··when
000c3d10:·3a0a·2020·2d20·2722·6175·6469·7422·2069··:.··-·'"audit"·i 
000c3d20:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
000c3d30:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an 
000c3d40:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza 
000c3d50:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in 
000c3d60:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc 
000c3d70:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po 
000c3d80:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe000c3d10:·3a0a·2020·2d20·616e·7369·626c·655f·7669··:.··-·ansible_vi
 000c3d20:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
 000c3d30:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
 000c3d40:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
 000c3d50:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
 000c3d60:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·
 000c3d70:·2722·6175·6469·7422·2069·6e20·616e·7369··'"audit"·in·ansi
 000c3d80:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
000c3d90:·7222·5d0a·2020·2d20·616e·7369·626c·655f··r"].··-·ansible_000c3d90:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_
000c3da0:·6172·6368·6974·6563·7475·7265·203d·3d20··architecture·==·000c3da0:·6172·6368·6974·6563·7475·7265·203d·3d20··architecture·==·
000c3db0:·2261·6172·6368·3634·2220·6f72·2061·6e73··"aarch64"·or·ans000c3db0:·2261·6172·6368·3634·2220·6f72·2061·6e73··"aarch64"·or·ans
000c3dc0:·6962·6c65·5f61·7263·6869·7465·6374·7572··ible_architectur000c3dc0:·6962·6c65·5f61·7263·6869·7465·6374·7572··ible_architectur
000c3dd0:·6520·3d3d·2022·7070·6336·3422·206f·7220··e·==·"ppc64"·or·000c3dd0:·6520·3d3d·2022·7070·6336·3422·206f·7220··e·==·"ppc64"·or·
000c3de0:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec000c3de0:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec
000c3df0:·7475·7265·0a20·2020·203d·3d20·2270·7063··ture.····==·"ppc000c3df0:·7475·7265·0a20·2020·203d·3d20·2270·7063··ture.····==·"ppc
000c3e00:·3634·6c65·2220·6f72·2061·6e73·6962·6c65··64le"·or·ansible000c3e00:·3634·6c65·2220·6f72·2061·6e73·6962·6c65··64le"·or·ansible
Offset 50447, 23 lines modifiedOffset 50447, 23 lines modified
000c50e0:·6579·3d70·6572·6d5f·6d6f·640a·2020·2020··ey=perm_mod.····000c50e0:·6579·3d70·6572·6d5f·6d6f·640a·2020·2020··ey=perm_mod.····
000c50f0:·2020·6372·6561·7465·3a20·7472·7565·0a20····create:·true.·000c50f0:·2020·6372·6561·7465·3a20·7472·7565·0a20····create:·true.·
000c5100:·2020·2020·206d·6f64·653a·206f·2d72·7778·······mode:·o-rwx000c5100:·2020·2020·206d·6f64·653a·206f·2d72·7778·······mode:·o-rwx
000c5110:·0a20·2020·2020·2073·7461·7465·3a20·7072··.······state:·pr000c5110:·0a20·2020·2020·2073·7461·7465·3a20·7072··.······state:·pr
000c5120:·6573·656e·740a·2020·2020·7768·656e·3a20··esent.····when:·000c5120:·6573·656e·740a·2020·2020·7768·656e·3a20··esent.····when:·
000c5130:·7379·7363·616c·6c73·5f66·6f75·6e64·207c··syscalls_found·|000c5130:·7379·7363·616c·6c73·5f66·6f75·6e64·207c··syscalls_found·|
000c5140:·206c·656e·6774·6820·3d3d·2030·0a20·2077···length·==·0.··w000c5140:·206c·656e·6774·6820·3d3d·2030·0a20·2077···length·==·0.··w
000c5150:·6865·6e3a·0a20·202d·2027·2261·7564·6974··hen:.··-·'"audit000c5150:·6865·6e3a·0a20·202d·2061·6e73·6962·6c65··hen:.··-·ansible
000c5160:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
000c5170:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··- 
000c5180:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual 
000c5190:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not 
000c51a0:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·" 
000c51b0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",· 
000c51c0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta000c5160:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
 000c5170:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
 000c5180:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
 000c5190:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
 000c51a0:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
 000c51b0:·202d·2027·2261·7564·6974·2220·696e·2061···-·'"audit"·in·a
 000c51c0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
000c51d0:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·000c51d0:·6b61·6765·7327·0a20·2074·6167·733a·0a20··kages'.··tags:.·
000c51e0:·202d·2043·4345·2d38·3331·3036·2d35·0a20···-·CCE-83106-5.·000c51e0:·202d·2043·4345·2d38·3331·3036·2d35·0a20···-·CCE-83106-5.·
000c51f0:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.000c51f0:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.
000c5200:·2020·2d20·4449·5341·2d53·5449·472d·534c····-·DISA-STIG-SL000c5200:·2020·2d20·4449·5341·2d53·5449·472d·534c····-·DISA-STIG-SL
000c5210:·4553·2d31·322d·3032·3034·3630·0a20·202d··ES-12-020460.··-000c5210:·4553·2d31·322d·3032·3034·3630·0a20·202d··ES-12-020460.··-
000c5220:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.000c5220:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.
000c5230:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-800000c5230:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-800
000c5240:·2d35·332d·4155·2d31·3228·6329·0a20·202d··-53-AU-12(c).··-000c5240:·2d35·332d·4155·2d31·3228·6329·0a20·202d··-53-AU-12(c).··-
Offset 50760, 22 lines modifiedOffset 50760, 22 lines modified
000c6470:·6d5f·6d6f·640a·2020·2020·2020·6372·6561··m_mod.······crea000c6470:·6d5f·6d6f·640a·2020·2020·2020·6372·6561··m_mod.······crea
000c6480:·7465·3a20·7472·7565·0a20·2020·2020·206d··te:·true.······m000c6480:·7465·3a20·7472·7565·0a20·2020·2020·206d··te:·true.······m
000c6490:·6f64·653a·206f·2d72·7778·0a20·2020·2020··ode:·o-rwx.·····000c6490:·6f64·653a·206f·2d72·7778·0a20·2020·2020··ode:·o-rwx.·····
000c64a0:·2073·7461·7465·3a20·7072·6573·656e·740a···state:·present.000c64a0:·2073·7461·7465·3a20·7072·6573·656e·740a···state:·present.
000c64b0:·2020·2020·7768·656e·3a20·7379·7363·616c······when:·syscal000c64b0:·2020·2020·7768·656e·3a20·7379·7363·616c······when:·syscal
000c64c0:·6c73·5f66·6f75·6e64·207c·206c·656e·6774··ls_found·|·lengt000c64c0:·6c73·5f66·6f75·6e64·207c·206c·656e·6774··ls_found·|·lengt
000c64d0:·6820·3d3d·2030·0a20·2077·6865·6e3a·0a20··h·==·0.··when:.·000c64d0:·6820·3d3d·2030·0a20·2077·6865·6e3a·0a20··h·==·0.··when:.·
000c64e0:·202d·2027·2261·7564·6974·2220·696e·2061···-·'"audit"·in·a 
000c64f0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac 
000c6500:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib 
000c6510:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio 
000c6520:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·[" 
000c6530:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",· 
000c6540:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma 
000c6550:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]000c64e0:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu
 000c64f0:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n
 000c6500:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",
 000c6510:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"
 000c6520:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con
 000c6530:·7461·696e·6572·225d·0a20·202d·2027·2261··tainer"].··-·'"a
 000c6540:·7564·6974·2220·696e·2061·6e73·6962·6c65··udit"·in·ansible
 000c6550:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
000c6560:·0a20·202d·2061·7564·6974·5f61·7263·6820··.··-·audit_arch·000c6560:·0a20·202d·2061·7564·6974·5f61·7263·6820··.··-·audit_arch·
000c6570:·3d3d·2022·6236·3422·0a20·2074·6167·733a··==·"b64".··tags:000c6570:·3d3d·2022·6236·3422·0a20·2074·6167·733a··==·"b64".··tags:
000c6580:·0a20·202d·2043·4345·2d38·3331·3036·2d35··.··-·CCE-83106-5000c6580:·0a20·202d·2043·4345·2d38·3331·3036·2d35··.··-·CCE-83106-5
000c6590:·0a20·202d·2043·4a49·532d·352e·342e·312e··.··-·CJIS-5.4.1.000c6590:·0a20·202d·2043·4a49·532d·352e·342e·312e··.··-·CJIS-5.4.1.
000c65a0:·310a·2020·2d20·4449·5341·2d53·5449·472d··1.··-·DISA-STIG-000c65a0:·310a·2020·2d20·4449·5341·2d53·5449·472d··1.··-·DISA-STIG-
000c65b0:·534c·4553·2d31·322d·3032·3034·3630·0a20··SLES-12-020460.·000c65b0:·534c·4553·2d31·322d·3032·3034·3630·0a20··SLES-12-020460.·
000c65c0:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-000c65c0:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-
Offset 50810, 21 lines modifiedOffset 50810, 21 lines modified
000c6790:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla000c6790:·3c2f·613e·3c62·723e·3c64·6976·2063·6c61··</a><br><div·cla
000c67a0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap000c67a0:·7373·3d22·7061·6e65·6c2d·636f·6c6c·6170··ss="panel-collap
000c67b0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=000c67b0:·7365·2063·6f6c·6c61·7073·6522·2069·643d··se·collapse"·id=
000c67c0:·2269·646d·3136·3830·3622·3e3c·7072·653e··"idm16806"><pre>000c67c0:·2269·646d·3136·3830·3622·3e3c·7072·653e··"idm16806"><pre>
000c67d0:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat000c67d0:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat
000c67e0:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl000c67e0:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl
000c67f0:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai000c67f0:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai
000c6800:·6e20·706c·6174·666f·726d·730a·6966·2072··n·platforms.if·r000c6800:·6e20·706c·6174·666f·726d·730a·6966·205b··n·platforms.if·[
000c6810:·706d·202d·2d71·7569·6574·202d·7120·6175··pm·--quiet·-q·au 
000c6820:·6469·7420·2661·6d70·3b26·616d·703b·205b··dit·&amp;&amp;·[ 
000c6830:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren000c6810:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren
000c6840:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[000c6820:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[
000c6850:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont000c6830:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont
000c6860:·6169·6e65·7265·6e76·205d·3b20·7468·656e··ainerenv·];·then000c6840:·6169·6e65·7265·6e76·205d·2026·616d·703b··ainerenv·]·&amp;
 000c6850:·2661·6d70·3b20·7270·6d20·2d2d·7175·6965··&amp;·rpm·--quie
 000c6860:·7420·2d71·2061·7564·6974·3b20·7468·656e··t·-q·audit;·then
000c6870:·0a0a·2320·4669·7273·7420·7065·7266·6f72··..#·First·perfor000c6870:·0a0a·2320·4669·7273·7420·7065·7266·6f72··..#·First·perfor
000c6880:·6d20·7468·6520·7265·6d65·6469·6174·696f··m·the·remediatio000c6880:·6d20·7468·6520·7265·6d65·6469·6174·696f··m·the·remediatio
000c6890:·6e20·6f66·2074·6865·2073·7973·6361·6c6c··n·of·the·syscall000c6890:·6e20·6f66·2074·6865·2073·7973·6361·6c6c··n·of·the·syscall
000c68a0:·2072·756c·650a·2320·5265·7472·6965·7665···rule.#·Retrieve000c68a0:·2072·756c·650a·2320·5265·7472·6965·7665···rule.#·Retrieve
Max diff block lines reached; 721680/731194 bytes (98.70%) of diff not shown.
209 KB
html2text {}
    
Offset 37, 15 lines modifiedOffset 37, 15 lines modified
37 Profile·Title·PCI-DSS·v4·Control·Baseline·for·SUSE·Linux·enterprise·1237 Profile·Title·PCI-DSS·v4·Control·Baseline·for·SUSE·Linux·enterprise·12
38 Profile·ID····xccdf_org.ssgproject.content_profile_pci-dss-438 Profile·ID····xccdf_org.ssgproject.content_profile_pci-dss-4
39 ***·CPE·Platforms·***39 ***·CPE·Platforms·***
40 ····*·cpe:/o:suse:linux_enterprise_desktop:1240 ····*·cpe:/o:suse:linux_enterprise_desktop:12
41 ····*·cpe:/o:suse:linux_enterprise_server:1241 ····*·cpe:/o:suse:linux_enterprise_server:12
42 *****·Revision·History·*****42 *****·Revision·History·*****
43 Current·version:·0.1.6543 Current·version:·0.1.65
44 ····*·draft·(as·of·2024-01-14)44 ····*·draft·(as·of·2025-02-15)
45 *****·Table·of·Contents·*****45 *****·Table·of·Contents·*****
46 ···1.·System_Settings46 ···1.·System_Settings
47 ·········1.·Installing_and_Maintaining_Software47 ·········1.·Installing_and_Maintaining_Software
48 ·········2.·Account_and_Access_Control48 ·········2.·Account_and_Access_Control
49 ·········3.·System_Accounting_with_auditd49 ·········3.·System_Accounting_with_auditd
50 ·········4.·GRUB2_bootloader_configuration50 ·········4.·GRUB2_bootloader_configuration
51 ·········5.·Configure_Syslog51 ·········5.·Configure_Syslog
Offset 6512, 16 lines modifiedOffset 6512, 16 lines modified
6512 ··-·reboot_required6512 ··-·reboot_required
6513 ··-·restrict_strategy6513 ··-·restrict_strategy
  
6514 -·name:·Set·architecture·for·audit·chmod·tasks6514 -·name:·Set·architecture·for·audit·chmod·tasks
6515 ··set_fact:6515 ··set_fact:
6516 ····audit_arch:·b646516 ····audit_arch:·b64
6517 ··when:6517 ··when:
6518 ··-·'"audit"·in·ansible_facts.packages' 
6519 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]6518 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 6519 ··-·'"audit"·in·ansible_facts.packages'
6520 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture6520 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
6521 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"6521 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
6522 ··tags:6522 ··tags:
6523 ··-·CCE-83106-56523 ··-·CCE-83106-5
6524 ··-·CJIS-5.4.1.16524 ··-·CJIS-5.4.1.1
6525 ··-·DISA-STIG-SLES-12-0204606525 ··-·DISA-STIG-SLES-12-020460
6526 ··-·NIST-800-171-3.1.76526 ··-·NIST-800-171-3.1.7
Offset 6659, 16 lines modifiedOffset 6659, 16 lines modified
6659 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10006659 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
6660 ········-F·auid!=unset·-F·key=perm_mod6660 ········-F·auid!=unset·-F·key=perm_mod
6661 ······create:·true6661 ······create:·true
6662 ······mode:·o-rwx6662 ······mode:·o-rwx
6663 ······state:·present6663 ······state:·present
6664 ····when:·syscalls_found·|·length·==·06664 ····when:·syscalls_found·|·length·==·0
6665 ··when:6665 ··when:
6666 ··-·'"audit"·in·ansible_facts.packages' 
6667 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]6666 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 6667 ··-·'"audit"·in·ansible_facts.packages'
6668 ··tags:6668 ··tags:
6669 ··-·CCE-83106-56669 ··-·CCE-83106-5
6670 ··-·CJIS-5.4.1.16670 ··-·CJIS-5.4.1.1
6671 ··-·DISA-STIG-SLES-12-0204606671 ··-·DISA-STIG-SLES-12-020460
6672 ··-·NIST-800-171-3.1.76672 ··-·NIST-800-171-3.1.7
6673 ··-·NIST-800-53-AU-12(c)6673 ··-·NIST-800-53-AU-12(c)
6674 ··-·NIST-800-53-AU-2(d)6674 ··-·NIST-800-53-AU-2(d)
Offset 6804, 16 lines modifiedOffset 6804, 16 lines modified
6804 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10006804 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
6805 ········-F·auid!=unset·-F·key=perm_mod6805 ········-F·auid!=unset·-F·key=perm_mod
6806 ······create:·true6806 ······create:·true
6807 ······mode:·o-rwx6807 ······mode:·o-rwx
6808 ······state:·present6808 ······state:·present
6809 ····when:·syscalls_found·|·length·==·06809 ····when:·syscalls_found·|·length·==·0
6810 ··when:6810 ··when:
6811 ··-·'"audit"·in·ansible_facts.packages' 
6812 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]6811 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 6812 ··-·'"audit"·in·ansible_facts.packages'
6813 ··-·audit_arch·==·"b64"6813 ··-·audit_arch·==·"b64"
6814 ··tags:6814 ··tags:
6815 ··-·CCE-83106-56815 ··-·CCE-83106-5
6816 ··-·CJIS-5.4.1.16816 ··-·CJIS-5.4.1.1
6817 ··-·DISA-STIG-SLES-12-0204606817 ··-·DISA-STIG-SLES-12-020460
6818 ··-·NIST-800-171-3.1.76818 ··-·NIST-800-171-3.1.7
6819 ··-·NIST-800-53-AU-12(c)6819 ··-·NIST-800-53-AU-12(c)
Offset 6824, 15 lines modifiedOffset 6824, 15 lines modified
6824 ··-·low_complexity6824 ··-·low_complexity
6825 ··-·low_disruption6825 ··-·low_disruption
6826 ··-·medium_severity6826 ··-·medium_severity
6827 ··-·reboot_required6827 ··-·reboot_required
6828 ··-·restrict_strategy6828 ··-·restrict_strategy
6829 Remediation_Shell_script_⇲6829 Remediation_Shell_script_⇲
6830 #·Remediation·is·applicable·only·in·certain·platforms6830 #·Remediation·is·applicable·only·in·certain·platforms
6831 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then6831 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
6832 #·First·perform·the·remediation·of·the·syscall·rule6832 #·First·perform·the·remediation·of·the·syscall·rule
6833 #·Retrieve·hardware·architecture·of·the·underlying·system6833 #·Retrieve·hardware·architecture·of·the·underlying·system
6834 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")6834 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
6835 for·ARCH·in·"${RULE_ARCHS[@]}"6835 for·ARCH·in·"${RULE_ARCHS[@]}"
6836 do6836 do
Offset 7223, 16 lines modifiedOffset 7223, 16 lines modified
7223 ··-·reboot_required7223 ··-·reboot_required
7224 ··-·restrict_strategy7224 ··-·restrict_strategy
  
7225 -·name:·Set·architecture·for·audit·chown·tasks7225 -·name:·Set·architecture·for·audit·chown·tasks
7226 ··set_fact:7226 ··set_fact:
7227 ····audit_arch:·b647227 ····audit_arch:·b64
7228 ··when:7228 ··when:
7229 ··-·'"audit"·in·ansible_facts.packages' 
7230 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]7229 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 7230 ··-·'"audit"·in·ansible_facts.packages'
7231 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture7231 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
7232 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"7232 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
7233 ··tags:7233 ··tags:
7234 ··-·CCE-83137-07234 ··-·CCE-83137-0
7235 ··-·CJIS-5.4.1.17235 ··-·CJIS-5.4.1.1
7236 ··-·DISA-STIG-SLES-12-0204207236 ··-·DISA-STIG-SLES-12-020420
7237 ··-·NIST-800-171-3.1.77237 ··-·NIST-800-171-3.1.7
Offset 7372, 16 lines modifiedOffset 7372, 16 lines modified
7372 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10007372 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
7373 ········-F·auid!=unset·-F·key=perm_mod7373 ········-F·auid!=unset·-F·key=perm_mod
7374 ······create:·true7374 ······create:·true
7375 ······mode:·o-rwx7375 ······mode:·o-rwx
7376 ······state:·present7376 ······state:·present
7377 ····when:·syscalls_found·|·length·==·07377 ····when:·syscalls_found·|·length·==·0
7378 ··when:7378 ··when:
7379 ··-·'"audit"·in·ansible_facts.packages' 
7380 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]7379 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 7380 ··-·'"audit"·in·ansible_facts.packages'
7381 ··tags:7381 ··tags:
7382 ··-·CCE-83137-07382 ··-·CCE-83137-0
7383 ··-·CJIS-5.4.1.17383 ··-·CJIS-5.4.1.1
7384 ··-·DISA-STIG-SLES-12-0204207384 ··-·DISA-STIG-SLES-12-020420
7385 ··-·NIST-800-171-3.1.77385 ··-·NIST-800-171-3.1.7
7386 ··-·NIST-800-53-AU-12(c)7386 ··-·NIST-800-53-AU-12(c)
7387 ··-·NIST-800-53-AU-2(d)7387 ··-·NIST-800-53-AU-2(d)
Offset 7519, 16 lines modifiedOffset 7519, 16 lines modified
7519 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10007519 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
7520 ········-F·auid!=unset·-F·key=perm_mod7520 ········-F·auid!=unset·-F·key=perm_mod
7521 ······create:·true7521 ······create:·true
7522 ······mode:·o-rwx7522 ······mode:·o-rwx
7523 ······state:·present7523 ······state:·present
Max diff block lines reached; 209156/213652 bytes (97.90%) of diff not shown.
926 KB
./usr/share/doc/ssg-nondebian/ssg-sle12-guide-pci-dss.html
    
Offset 14297, 16 lines modifiedOffset 14297, 16 lines modified
00037d80:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p00037d80:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p
00037d90:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version00037d90:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version
00037da0:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.6500037da0:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.65
00037db0:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul00037db0:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul
00037dc0:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra00037dc0:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra
00037dd0:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····00037dd0:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····
00037de0:·2020·2020·2020·2020·2020·2020·2020·2020··················00037de0:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037df0:·2861·7320·6f66·2032·3032·342d·3031·2d31··(as·of·2024-01-100037df0:·2861·7320·6f66·2032·3032·352d·3032·2d31··(as·of·2025-02-1
00037e00:·3429·0a20·2020·2020·2020·2020·2020·2020··4).·············00037e00:·3529·0a20·2020·2020·2020·2020·2020·2020··5).·············
00037e10:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d00037e10:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d
00037e20:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·00037e20:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·
00037e30:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol00037e30:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol
00037e40:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x00037e40:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x
00037e50:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj00037e50:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj
00037e60:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou00037e60:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou
00037e70:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System00037e70:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System
Offset 49504, 23 lines modifiedOffset 49504, 23 lines modified
000c15f0:·6f6f·745f·7265·7175·6972·6564·0a20·202d··oot_required.··-000c15f0:·6f6f·745f·7265·7175·6972·6564·0a20·202d··oot_required.··-
000c1600:·2072·6573·7472·6963·745f·7374·7261·7465···restrict_strate000c1600:·2072·6573·7472·6963·745f·7374·7261·7465···restrict_strate
000c1610:·6779·0a0a·2d20·6e61·6d65·3a20·5365·7420··gy..-·name:·Set·000c1610:·6779·0a0a·2d20·6e61·6d65·3a20·5365·7420··gy..-·name:·Set·
000c1620:·6172·6368·6974·6563·7475·7265·2066·6f72··architecture·for000c1620:·6172·6368·6974·6563·7475·7265·2066·6f72··architecture·for
000c1630:·2061·7564·6974·2063·686d·6f64·2074·6173···audit·chmod·tas000c1630:·2061·7564·6974·2063·686d·6f64·2074·6173···audit·chmod·tas
000c1640:·6b73·0a20·2073·6574·5f66·6163·743a·0a20··ks.··set_fact:.·000c1640:·6b73·0a20·2073·6574·5f66·6163·743a·0a20··ks.··set_fact:.·
000c1650:·2020·2061·7564·6974·5f61·7263·683a·2062·····audit_arch:·b000c1650:·2020·2061·7564·6974·5f61·7263·683a·2062·····audit_arch:·b
000c1660:·3634·0a20·2077·6865·6e3a·0a20·202d·2027··64.··when:.··-·'000c1660:·3634·0a20·2077·6865·6e3a·0a20·202d·2061··64.··when:.··-·a
000c1670:·2261·7564·6974·2220·696e·2061·6e73·6962··"audit"·in·ansib 
000c1680:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package 
000c1690:·7327·0a20·202d·2061·6e73·6962·6c65·5f76··s'.··-·ansible_v 
000c16a0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty 
000c16b0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock 
000c16c0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope 
000c16d0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",· 
000c16e0:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··-000c1670:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
 000c1680:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
 000c1690:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
 000c16a0:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
 000c16b0:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
 000c16c0:·6572·225d·0a20·202d·2027·2261·7564·6974··er"].··-·'"audit
 000c16d0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
 000c16e0:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-
000c16f0:·2061·6e73·6962·6c65·5f61·7263·6869·7465···ansible_archite000c16f0:·2061·6e73·6962·6c65·5f61·7263·6869·7465···ansible_archite
000c1700:·6374·7572·6520·3d3d·2022·6161·7263·6836··cture·==·"aarch6000c1700:·6374·7572·6520·3d3d·2022·6161·7263·6836··cture·==·"aarch6
000c1710:·3422·206f·7220·616e·7369·626c·655f·6172··4"·or·ansible_ar000c1710:·3422·206f·7220·616e·7369·626c·655f·6172··4"·or·ansible_ar
000c1720:·6368·6974·6563·7475·7265·203d·3d20·2270··chitecture·==·"p000c1720:·6368·6974·6563·7475·7265·203d·3d20·2270··chitecture·==·"p
000c1730:·7063·3634·2220·6f72·2061·6e73·6962·6c65··pc64"·or·ansible000c1730:·7063·3634·2220·6f72·2061·6e73·6962·6c65··pc64"·or·ansible
000c1740:·5f61·7263·6869·7465·6374·7572·650a·2020··_architecture.··000c1740:·5f61·7263·6869·7465·6374·7572·650a·2020··_architecture.··
000c1750:·2020·3d3d·2022·7070·6336·346c·6522·206f····==·"ppc64le"·o000c1750:·2020·3d3d·2022·7070·6336·346c·6522·206f····==·"ppc64le"·o
Offset 49829, 22 lines modifiedOffset 49829, 22 lines modified
000c2a40:·5f6d·6f64·0a20·2020·2020·2063·7265·6174··_mod.······creat000c2a40:·5f6d·6f64·0a20·2020·2020·2063·7265·6174··_mod.······creat
000c2a50:·653a·2074·7275·650a·2020·2020·2020·6d6f··e:·true.······mo000c2a50:·653a·2074·7275·650a·2020·2020·2020·6d6f··e:·true.······mo
000c2a60:·6465·3a20·6f2d·7277·780a·2020·2020·2020··de:·o-rwx.······000c2a60:·6465·3a20·6f2d·7277·780a·2020·2020·2020··de:·o-rwx.······
000c2a70:·7374·6174·653a·2070·7265·7365·6e74·0a20··state:·present.·000c2a70:·7374·6174·653a·2070·7265·7365·6e74·0a20··state:·present.·
000c2a80:·2020·2077·6865·6e3a·2073·7973·6361·6c6c·····when:·syscall000c2a80:·2020·2077·6865·6e3a·2073·7973·6361·6c6c·····when:·syscall
000c2a90:·735f·666f·756e·6420·7c20·6c65·6e67·7468··s_found·|·length000c2a90:·735f·666f·756e·6420·7c20·6c65·6e67·7468··s_found·|·length
000c2aa0:·203d·3d20·300a·2020·7768·656e·3a0a·2020···==·0.··when:.··000c2aa0:·203d·3d20·300a·2020·7768·656e·3a0a·2020···==·0.··when:.··
000c2ab0:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an 
000c2ac0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack 
000c2ad0:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl 
000c2ae0:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization 
000c2af0:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d 
000c2b00:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·" 
000c2b10:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman 
000c2b20:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].000c2ab0:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
 000c2ac0:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
 000c2ad0:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
 000c2ae0:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
 000c2af0:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
 000c2b00:·6169·6e65·7222·5d0a·2020·2d20·2722·6175··ainer"].··-·'"au
 000c2b10:·6469·7422·2069·6e20·616e·7369·626c·655f··dit"·in·ansible_
 000c2b20:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.
000c2b30:·2020·7461·6773·3a0a·2020·2d20·4343·452d····tags:.··-·CCE-000c2b30:·2020·7461·6773·3a0a·2020·2d20·4343·452d····tags:.··-·CCE-
000c2b40:·3833·3130·362d·350a·2020·2d20·434a·4953··83106-5.··-·CJIS000c2b40:·3833·3130·362d·350a·2020·2d20·434a·4953··83106-5.··-·CJIS
000c2b50:·2d35·2e34·2e31·2e31·0a20·202d·2044·4953··-5.4.1.1.··-·DIS000c2b50:·2d35·2e34·2e31·2e31·0a20·202d·2044·4953··-5.4.1.1.··-·DIS
000c2b60:·412d·5354·4947·2d53·4c45·532d·3132·2d30··A-STIG-SLES-12-0000c2b60:·412d·5354·4947·2d53·4c45·532d·3132·2d30··A-STIG-SLES-12-0
000c2b70:·3230·3436·300a·2020·2d20·4e49·5354·2d38··20460.··-·NIST-8000c2b70:·3230·3436·300a·2020·2d20·4e49·5354·2d38··20460.··-·NIST-8
000c2b80:·3030·2d31·3731·2d33·2e31·2e37·0a20·202d··00-171-3.1.7.··-000c2b80:·3030·2d31·3731·2d33·2e31·2e37·0a20·202d··00-171-3.1.7.··-
000c2b90:·204e·4953·542d·3830·302d·3533·2d41·552d···NIST-800-53-AU-000c2b90:·204e·4953·542d·3830·302d·3533·2d41·552d···NIST-800-53-AU-
Offset 50141, 23 lines modifiedOffset 50141, 23 lines modified
000c3dc0:·4620·6b65·793d·7065·726d·5f6d·6f64·0a20··F·key=perm_mod.·000c3dc0:·4620·6b65·793d·7065·726d·5f6d·6f64·0a20··F·key=perm_mod.·
000c3dd0:·2020·2020·2063·7265·6174·653a·2074·7275·······create:·tru000c3dd0:·2020·2020·2063·7265·6174·653a·2074·7275·······create:·tru
000c3de0:·650a·2020·2020·2020·6d6f·6465·3a20·6f2d··e.······mode:·o-000c3de0:·650a·2020·2020·2020·6d6f·6465·3a20·6f2d··e.······mode:·o-
000c3df0:·7277·780a·2020·2020·2020·7374·6174·653a··rwx.······state:000c3df0:·7277·780a·2020·2020·2020·7374·6174·653a··rwx.······state:
000c3e00:·2070·7265·7365·6e74·0a20·2020·2077·6865···present.····whe000c3e00:·2070·7265·7365·6e74·0a20·2020·2077·6865···present.····whe
000c3e10:·6e3a·2073·7973·6361·6c6c·735f·666f·756e··n:·syscalls_foun000c3e10:·6e3a·2073·7973·6361·6c6c·735f·666f·756e··n:·syscalls_foun
000c3e20:·6420·7c20·6c65·6e67·7468·203d·3d20·300a··d·|·length·==·0.000c3e20:·6420·7c20·6c65·6e67·7468·203d·3d20·300a··d·|·length·==·0.
000c3e30:·2020·7768·656e·3a0a·2020·2d20·2722·6175····when:.··-·'"au000c3e30:·2020·7768·656e·3a0a·2020·2d20·616e·7369····when:.··-·ansi
000c3e40:·6469·7422·2069·6e20·616e·7369·626c·655f··dit"·in·ansible_ 
000c3e50:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'. 
000c3e60:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt 
000c3e70:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type· 
000c3e80:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker" 
000c3e90:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz 
000c3ea0:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co 
000c3eb0:·6e74·6169·6e65·7222·5d0a·2020·2d20·6175··ntainer"].··-·au000c3e40:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
 000c3e50:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
 000c3e60:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
 000c3e70:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
 000c3e80:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
 000c3e90:·5d0a·2020·2d20·2722·6175·6469·7422·2069··].··-·'"audit"·i
 000c3ea0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
 000c3eb0:·7061·636b·6167·6573·270a·2020·2d20·6175··packages'.··-·au
000c3ec0:·6469·745f·6172·6368·203d·3d20·2262·3634··dit_arch·==·"b64000c3ec0:·6469·745f·6172·6368·203d·3d20·2262·3634··dit_arch·==·"b64
000c3ed0:·220a·2020·7461·6773·3a0a·2020·2d20·4343··".··tags:.··-·CC000c3ed0:·220a·2020·7461·6773·3a0a·2020·2d20·4343··".··tags:.··-·CC
000c3ee0:·452d·3833·3130·362d·350a·2020·2d20·434a··E-83106-5.··-·CJ000c3ee0:·452d·3833·3130·362d·350a·2020·2d20·434a··E-83106-5.··-·CJ
000c3ef0:·4953·2d35·2e34·2e31·2e31·0a20·202d·2044··IS-5.4.1.1.··-·D000c3ef0:·4953·2d35·2e34·2e31·2e31·0a20·202d·2044··IS-5.4.1.1.··-·D
000c3f00:·4953·412d·5354·4947·2d53·4c45·532d·3132··ISA-STIG-SLES-12000c3f00:·4953·412d·5354·4947·2d53·4c45·532d·3132··ISA-STIG-SLES-12
000c3f10:·2d30·3230·3436·300a·2020·2d20·4e49·5354··-020460.··-·NIST000c3f10:·2d30·3230·3436·300a·2020·2d20·4e49·5354··-020460.··-·NIST
000c3f20:·2d38·3030·2d31·3731·2d33·2e31·2e37·0a20··-800-171-3.1.7.·000c3f20:·2d38·3030·2d31·3731·2d33·2e31·2e37·0a20··-800-171-3.1.7.·
Offset 50192, 21 lines modifiedOffset 50192, 21 lines modified
000c40f0:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan000c40f0:·3e3c·6469·7620·636c·6173·733d·2270·616e··><div·class="pan
000c4100:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll000c4100:·656c·2d63·6f6c·6c61·7073·6520·636f·6c6c··el-collapse·coll
000c4110:·6170·7365·2220·6964·3d22·6964·6d31·3638··apse"·id="idm168000c4110:·6170·7365·2220·6964·3d22·6964·6d31·3638··apse"·id="idm168
000c4120:·3036·223e·3c70·7265·3e3c·636f·6465·3e23··06"><pre><code>#000c4120:·3036·223e·3c70·7265·3e3c·636f·6465·3e23··06"><pre><code>#
000c4130:·2052·656d·6564·6961·7469·6f6e·2069·7320···Remediation·is·000c4130:·2052·656d·6564·6961·7469·6f6e·2069·7320···Remediation·is·
000c4140:·6170·706c·6963·6162·6c65·206f·6e6c·7920··applicable·only·000c4140:·6170·706c·6963·6162·6c65·206f·6e6c·7920··applicable·only·
000c4150:·696e·2063·6572·7461·696e·2070·6c61·7466··in·certain·platf000c4150:·696e·2063·6572·7461·696e·2070·6c61·7466··in·certain·platf
000c4160:·6f72·6d73·0a69·6620·7270·6d20·2d2d·7175··orms.if·rpm·--qu000c4160:·6f72·6d73·0a69·6620·5b20·2120·2d66·202f··orms.if·[·!·-f·/
000c4170:·6965·7420·2d71·2061·7564·6974·2026·616d··iet·-q·audit·&am000c4170:·2e64·6f63·6b65·7265·6e76·205d·2026·616d··.dockerenv·]·&am
000c4180:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/000c4180:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/
000c4190:·2e64·6f63·6b65·7265·6e76·205d·2026·616d··.dockerenv·]·&am 
000c41a0:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/ 
000c41b0:·7275·6e2f·2e63·6f6e·7461·696e·6572·656e··run/.containeren000c4190:·7275·6e2f·2e63·6f6e·7461·696e·6572·656e··run/.containeren
 000c41a0:·7620·5d20·2661·6d70·3b26·616d·703b·2072··v·]·&amp;&amp;·r
 000c41b0:·706d·202d·2d71·7569·6574·202d·7120·6175··pm·--quiet·-q·au
000c41c0:·7620·5d3b·2074·6865·6e0a·0a23·2046·6972··v·];·then..#·Fir000c41c0:·6469·743b·2074·6865·6e0a·0a23·2046·6972··dit;·then..#·Fir
000c41d0:·7374·2070·6572·666f·726d·2074·6865·2072··st·perform·the·r000c41d0:·7374·2070·6572·666f·726d·2074·6865·2072··st·perform·the·r
000c41e0:·656d·6564·6961·7469·6f6e·206f·6620·7468··emediation·of·th000c41e0:·656d·6564·6961·7469·6f6e·206f·6620·7468··emediation·of·th
Max diff block lines reached; 725126/734571 bytes (98.71%) of diff not shown.
209 KB
html2text {}
    
Offset 38, 15 lines modifiedOffset 38, 15 lines modified
38 Profile·Title·PCI-DSS·v3.2.1·Control·Baseline·for·SUSE·Linux·enterprise·1238 Profile·Title·PCI-DSS·v3.2.1·Control·Baseline·for·SUSE·Linux·enterprise·12
39 Profile·ID····xccdf_org.ssgproject.content_profile_pci-dss39 Profile·ID····xccdf_org.ssgproject.content_profile_pci-dss
40 ***·CPE·Platforms·***40 ***·CPE·Platforms·***
41 ····*·cpe:/o:suse:linux_enterprise_desktop:1241 ····*·cpe:/o:suse:linux_enterprise_desktop:12
42 ····*·cpe:/o:suse:linux_enterprise_server:1242 ····*·cpe:/o:suse:linux_enterprise_server:12
43 *****·Revision·History·*****43 *****·Revision·History·*****
44 Current·version:·0.1.6544 Current·version:·0.1.65
45 ····*·draft·(as·of·2024-01-14)45 ····*·draft·(as·of·2025-02-15)
46 *****·Table·of·Contents·*****46 *****·Table·of·Contents·*****
47 ···1.·System_Settings47 ···1.·System_Settings
48 ·········1.·Installing_and_Maintaining_Software48 ·········1.·Installing_and_Maintaining_Software
49 ·········2.·Account_and_Access_Control49 ·········2.·Account_and_Access_Control
50 ·········3.·System_Accounting_with_auditd50 ·········3.·System_Accounting_with_auditd
51 ·········4.·GRUB2_bootloader_configuration51 ·········4.·GRUB2_bootloader_configuration
52 ·········5.·Configure_Syslog52 ·········5.·Configure_Syslog
Offset 6472, 16 lines modifiedOffset 6472, 16 lines modified
6472 ··-·reboot_required6472 ··-·reboot_required
6473 ··-·restrict_strategy6473 ··-·restrict_strategy
  
6474 -·name:·Set·architecture·for·audit·chmod·tasks6474 -·name:·Set·architecture·for·audit·chmod·tasks
6475 ··set_fact:6475 ··set_fact:
6476 ····audit_arch:·b646476 ····audit_arch:·b64
6477 ··when:6477 ··when:
6478 ··-·'"audit"·in·ansible_facts.packages' 
6479 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]6478 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 6479 ··-·'"audit"·in·ansible_facts.packages'
6480 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture6480 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
6481 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"6481 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
6482 ··tags:6482 ··tags:
6483 ··-·CCE-83106-56483 ··-·CCE-83106-5
6484 ··-·CJIS-5.4.1.16484 ··-·CJIS-5.4.1.1
6485 ··-·DISA-STIG-SLES-12-0204606485 ··-·DISA-STIG-SLES-12-020460
6486 ··-·NIST-800-171-3.1.76486 ··-·NIST-800-171-3.1.7
Offset 6619, 16 lines modifiedOffset 6619, 16 lines modified
6619 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10006619 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
6620 ········-F·auid!=unset·-F·key=perm_mod6620 ········-F·auid!=unset·-F·key=perm_mod
6621 ······create:·true6621 ······create:·true
6622 ······mode:·o-rwx6622 ······mode:·o-rwx
6623 ······state:·present6623 ······state:·present
6624 ····when:·syscalls_found·|·length·==·06624 ····when:·syscalls_found·|·length·==·0
6625 ··when:6625 ··when:
6626 ··-·'"audit"·in·ansible_facts.packages' 
6627 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]6626 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 6627 ··-·'"audit"·in·ansible_facts.packages'
6628 ··tags:6628 ··tags:
6629 ··-·CCE-83106-56629 ··-·CCE-83106-5
6630 ··-·CJIS-5.4.1.16630 ··-·CJIS-5.4.1.1
6631 ··-·DISA-STIG-SLES-12-0204606631 ··-·DISA-STIG-SLES-12-020460
6632 ··-·NIST-800-171-3.1.76632 ··-·NIST-800-171-3.1.7
6633 ··-·NIST-800-53-AU-12(c)6633 ··-·NIST-800-53-AU-12(c)
6634 ··-·NIST-800-53-AU-2(d)6634 ··-·NIST-800-53-AU-2(d)
Offset 6764, 16 lines modifiedOffset 6764, 16 lines modified
6764 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10006764 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
6765 ········-F·auid!=unset·-F·key=perm_mod6765 ········-F·auid!=unset·-F·key=perm_mod
6766 ······create:·true6766 ······create:·true
6767 ······mode:·o-rwx6767 ······mode:·o-rwx
6768 ······state:·present6768 ······state:·present
6769 ····when:·syscalls_found·|·length·==·06769 ····when:·syscalls_found·|·length·==·0
6770 ··when:6770 ··when:
6771 ··-·'"audit"·in·ansible_facts.packages' 
6772 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]6771 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 6772 ··-·'"audit"·in·ansible_facts.packages'
6773 ··-·audit_arch·==·"b64"6773 ··-·audit_arch·==·"b64"
6774 ··tags:6774 ··tags:
6775 ··-·CCE-83106-56775 ··-·CCE-83106-5
6776 ··-·CJIS-5.4.1.16776 ··-·CJIS-5.4.1.1
6777 ··-·DISA-STIG-SLES-12-0204606777 ··-·DISA-STIG-SLES-12-020460
6778 ··-·NIST-800-171-3.1.76778 ··-·NIST-800-171-3.1.7
6779 ··-·NIST-800-53-AU-12(c)6779 ··-·NIST-800-53-AU-12(c)
Offset 6784, 15 lines modifiedOffset 6784, 15 lines modified
6784 ··-·low_complexity6784 ··-·low_complexity
6785 ··-·low_disruption6785 ··-·low_disruption
6786 ··-·medium_severity6786 ··-·medium_severity
6787 ··-·reboot_required6787 ··-·reboot_required
6788 ··-·restrict_strategy6788 ··-·restrict_strategy
6789 Remediation_Shell_script_⇲6789 Remediation_Shell_script_⇲
6790 #·Remediation·is·applicable·only·in·certain·platforms6790 #·Remediation·is·applicable·only·in·certain·platforms
6791 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then6791 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
6792 #·First·perform·the·remediation·of·the·syscall·rule6792 #·First·perform·the·remediation·of·the·syscall·rule
6793 #·Retrieve·hardware·architecture·of·the·underlying·system6793 #·Retrieve·hardware·architecture·of·the·underlying·system
6794 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")6794 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
6795 for·ARCH·in·"${RULE_ARCHS[@]}"6795 for·ARCH·in·"${RULE_ARCHS[@]}"
6796 do6796 do
Offset 7183, 16 lines modifiedOffset 7183, 16 lines modified
7183 ··-·reboot_required7183 ··-·reboot_required
7184 ··-·restrict_strategy7184 ··-·restrict_strategy
  
7185 -·name:·Set·architecture·for·audit·chown·tasks7185 -·name:·Set·architecture·for·audit·chown·tasks
7186 ··set_fact:7186 ··set_fact:
7187 ····audit_arch:·b647187 ····audit_arch:·b64
7188 ··when:7188 ··when:
7189 ··-·'"audit"·in·ansible_facts.packages' 
7190 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]7189 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 7190 ··-·'"audit"·in·ansible_facts.packages'
7191 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture7191 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
7192 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"7192 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
7193 ··tags:7193 ··tags:
7194 ··-·CCE-83137-07194 ··-·CCE-83137-0
7195 ··-·CJIS-5.4.1.17195 ··-·CJIS-5.4.1.1
7196 ··-·DISA-STIG-SLES-12-0204207196 ··-·DISA-STIG-SLES-12-020420
7197 ··-·NIST-800-171-3.1.77197 ··-·NIST-800-171-3.1.7
Offset 7332, 16 lines modifiedOffset 7332, 16 lines modified
7332 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10007332 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
7333 ········-F·auid!=unset·-F·key=perm_mod7333 ········-F·auid!=unset·-F·key=perm_mod
7334 ······create:·true7334 ······create:·true
7335 ······mode:·o-rwx7335 ······mode:·o-rwx
7336 ······state:·present7336 ······state:·present
7337 ····when:·syscalls_found·|·length·==·07337 ····when:·syscalls_found·|·length·==·0
7338 ··when:7338 ··when:
7339 ··-·'"audit"·in·ansible_facts.packages' 
7340 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]7339 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 7340 ··-·'"audit"·in·ansible_facts.packages'
7341 ··tags:7341 ··tags:
7342 ··-·CCE-83137-07342 ··-·CCE-83137-0
7343 ··-·CJIS-5.4.1.17343 ··-·CJIS-5.4.1.1
7344 ··-·DISA-STIG-SLES-12-0204207344 ··-·DISA-STIG-SLES-12-020420
7345 ··-·NIST-800-171-3.1.77345 ··-·NIST-800-171-3.1.7
7346 ··-·NIST-800-53-AU-12(c)7346 ··-·NIST-800-53-AU-12(c)
7347 ··-·NIST-800-53-AU-2(d)7347 ··-·NIST-800-53-AU-2(d)
Offset 7479, 16 lines modifiedOffset 7479, 16 lines modified
7479 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10007479 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
7480 ········-F·auid!=unset·-F·key=perm_mod7480 ········-F·auid!=unset·-F·key=perm_mod
7481 ······create:·true7481 ······create:·true
7482 ······mode:·o-rwx7482 ······mode:·o-rwx
7483 ······state:·present7483 ······state:·present
Max diff block lines reached; 209156/213654 bytes (97.89%) of diff not shown.
1.91 KB
./usr/share/doc/ssg-nondebian/ssg-sle12-guide-standard.html
    
Offset 14304, 15 lines modifiedOffset 14304, 15 lines modified
00037df0:·7374·6f72·793c·2f68·323e·3c70·3e43·7572··story</h2><p>Cur00037df0:·7374·6f72·793c·2f68·323e·3c70·3e43·7572··story</h2><p>Cur
00037e00:·7265·6e74·2076·6572·7369·6f6e·3a20·3c73··rent·version:·<s00037e00:·7265·6e74·2076·6572·7369·6f6e·3a20·3c73··rent·version:·<s
00037e10:·7472·6f6e·673e·302e·312e·3635·3c2f·7374··trong>0.1.65</st00037e10:·7472·6f6e·673e·302e·312e·3635·3c2f·7374··trong>0.1.65</st
00037e20:·726f·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69··rong></p><ul><li00037e20:·726f·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69··rong></p><ul><li
00037e30:·3e3c·7374·726f·6e67·3e64·7261·6674·3c2f··><strong>draft</00037e30:·3e3c·7374·726f·6e67·3e64·7261·6674·3c2f··><strong>draft</
00037e40:·7374·726f·6e67·3e0a·2020·2020·2020·2020··strong>.········00037e40:·7374·726f·6e67·3e0a·2020·2020·2020·2020··strong>.········
00037e50:·2020·2020·2020·2020·2020·2020·2861·7320··············(as·00037e50:·2020·2020·2020·2020·2020·2020·2861·7320··············(as·
00037e60:·6f66·2032·3032·342d·3031·2d31·3429·0a20··of·2024-01-14).·00037e60:·6f66·2032·3032·352d·3032·2d31·3529·0a20··of·2025-02-15).·
00037e70:·2020·2020·2020·2020·2020·2020·2020·203c·················<00037e70:·2020·2020·2020·2020·2020·2020·2020·203c·················<
00037e80:·2f6c·693e·3c2f·756c·3e3c·2f64·6976·3e3c··/li></ul></div><00037e80:·2f6c·693e·3c2f·756c·3e3c·2f64·6976·3e3c··/li></ul></div><
00037e90:·6832·3e54·6162·6c65·206f·6620·436f·6e74··h2>Table·of·Cont00037e90:·6832·3e54·6162·6c65·206f·6620·436f·6e74··h2>Table·of·Cont
00037ea0:·656e·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69··ents</h2><ol><li00037ea0:·656e·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69··ents</h2><ol><li
00037eb0:·3e3c·6120·6872·6566·3d22·2378·6363·6466··><a·href="#xccdf00037eb0:·3e3c·6120·6872·6566·3d22·2378·6363·6466··><a·href="#xccdf
00037ec0:·5f6f·7267·2e73·7367·7072·6f6a·6563·742e··_org.ssgproject.00037ec0:·5f6f·7267·2e73·7367·7072·6f6a·6563·742e··_org.ssgproject.
00037ed0:·636f·6e74·656e·745f·6772·6f75·705f·7379··content_group_sy00037ed0:·636f·6e74·656e·745f·6772·6f75·705f·7379··content_group_sy
707 B
html2text {}
    
Offset 40, 15 lines modifiedOffset 40, 15 lines modified
40 Profile·Title·Standard·System·Security·Profile·for·SUSE·Linux·Enterprise·1240 Profile·Title·Standard·System·Security·Profile·for·SUSE·Linux·Enterprise·12
41 Profile·ID····xccdf_org.ssgproject.content_profile_standard41 Profile·ID····xccdf_org.ssgproject.content_profile_standard
42 ***·CPE·Platforms·***42 ***·CPE·Platforms·***
43 ····*·cpe:/o:suse:linux_enterprise_desktop:1243 ····*·cpe:/o:suse:linux_enterprise_desktop:12
44 ····*·cpe:/o:suse:linux_enterprise_server:1244 ····*·cpe:/o:suse:linux_enterprise_server:12
45 *****·Revision·History·*****45 *****·Revision·History·*****
46 Current·version:·0.1.6546 Current·version:·0.1.65
47 ····*·draft·(as·of·2024-01-14)47 ····*·draft·(as·of·2025-02-15)
48 *****·Table·of·Contents·*****48 *****·Table·of·Contents·*****
49 ···1.·System_Settings49 ···1.·System_Settings
50 ·········1.·File_Permissions_and_Masks50 ·········1.·File_Permissions_and_Masks
51 *****·Checklist·*****51 *****·Checklist·*****
52 Group  ·Guide·to·the·Secure·Configuration·of·SUSE·Linux·Enterprise·12·  Group52 Group  ·Guide·to·the·Secure·Configuration·of·SUSE·Linux·Enterprise·12·  Group
53 contains·4·groups·and·3·rules53 contains·4·groups·and·3·rules
54 Group  ·System·Settings·  Group·contains·3·groups·and·3·rules54 Group  ·System·Settings·  Group·contains·3·groups·and·3·rules
733 KB
./usr/share/doc/ssg-nondebian/ssg-sle12-guide-stig.html
    
Offset 14297, 15 lines modifiedOffset 14297, 15 lines modified
00037d80:·3c2f·6832·3e3c·703e·4375·7272·656e·7420··</h2><p>Current·00037d80:·3c2f·6832·3e3c·703e·4375·7272·656e·7420··</h2><p>Current·
00037d90:·7665·7273·696f·6e3a·203c·7374·726f·6e67··version:·<strong00037d90:·7665·7273·696f·6e3a·203c·7374·726f·6e67··version:·<strong
00037da0:·3e30·2e31·2e36·353c·2f73·7472·6f6e·673e··>0.1.65</strong>00037da0:·3e30·2e31·2e36·353c·2f73·7472·6f6e·673e··>0.1.65</strong>
00037db0:·3c2f·703e·3c75·6c3e·3c6c·693e·3c73·7472··</p><ul><li><str00037db0:·3c2f·703e·3c75·6c3e·3c6c·693e·3c73·7472··</p><ul><li><str
00037dc0:·6f6e·673e·6472·6166·743c·2f73·7472·6f6e··ong>draft</stron00037dc0:·6f6e·673e·6472·6166·743c·2f73·7472·6f6e··ong>draft</stron
00037dd0:·673e·0a20·2020·2020·2020·2020·2020·2020··g>.·············00037dd0:·673e·0a20·2020·2020·2020·2020·2020·2020··g>.·············
00037de0:·2020·2020·2020·2028·6173·206f·6620·3230·········(as·of·2000037de0:·2020·2020·2020·2028·6173·206f·6620·3230·········(as·of·20
00037df0:·3234·2d30·312d·3134·290a·2020·2020·2020··24-01-14).······00037df0:·3235·2d30·322d·3135·290a·2020·2020·2020··25-02-15).······
00037e00:·2020·2020·2020·2020·2020·3c2f·6c69·3e3c············</li><00037e00:·2020·2020·2020·2020·2020·3c2f·6c69·3e3c············</li><
00037e10:·2f75·6c3e·3c2f·6469·763e·3c68·323e·5461··/ul></div><h2>Ta00037e10:·2f75·6c3e·3c2f·6469·763e·3c68·323e·5461··/ul></div><h2>Ta
00037e20:·626c·6520·6f66·2043·6f6e·7465·6e74·733c··ble·of·Contents<00037e20:·626c·6520·6f66·2043·6f6e·7465·6e74·733c··ble·of·Contents<
00037e30:·2f68·323e·3c6f·6c3e·3c6c·693e·3c61·2068··/h2><ol><li><a·h00037e30:·2f68·323e·3c6f·6c3e·3c6c·693e·3c61·2068··/h2><ol><li><a·h
00037e40:·7265·663d·2223·7863·6364·665f·6f72·672e··ref="#xccdf_org.00037e40:·7265·663d·2223·7863·6364·665f·6f72·672e··ref="#xccdf_org.
00037e50:·7373·6770·726f·6a65·6374·2e63·6f6e·7465··ssgproject.conte00037e50:·7373·6770·726f·6a65·6374·2e63·6f6e·7465··ssgproject.conte
00037e60:·6e74·5f67·726f·7570·5f73·7973·7465·6d22··nt_group_system"00037e60:·6e74·5f67·726f·7570·5f73·7973·7465·6d22··nt_group_system"
Offset 65164, 23 lines modifiedOffset 65164, 23 lines modified
000fe8b0:·745f·7265·7175·6972·6564·0a20·202d·2072··t_required.··-·r000fe8b0:·745f·7265·7175·6972·6564·0a20·202d·2072··t_required.··-·r
000fe8c0:·6573·7472·6963·745f·7374·7261·7465·6779··estrict_strategy000fe8c0:·6573·7472·6963·745f·7374·7261·7465·6779··estrict_strategy
000fe8d0:·0a0a·2d20·6e61·6d65·3a20·5365·7420·6172··..-·name:·Set·ar000fe8d0:·0a0a·2d20·6e61·6d65·3a20·5365·7420·6172··..-·name:·Set·ar
000fe8e0:·6368·6974·6563·7475·7265·2066·6f72·2061··chitecture·for·a000fe8e0:·6368·6974·6563·7475·7265·2066·6f72·2061··chitecture·for·a
000fe8f0:·7564·6974·2063·686d·6f64·2074·6173·6b73··udit·chmod·tasks000fe8f0:·7564·6974·2063·686d·6f64·2074·6173·6b73··udit·chmod·tasks
000fe900:·0a20·2073·6574·5f66·6163·743a·0a20·2020··.··set_fact:.···000fe900:·0a20·2073·6574·5f66·6163·743a·0a20·2020··.··set_fact:.···
000fe910:·2061·7564·6974·5f61·7263·683a·2062·3634···audit_arch:·b64000fe910:·2061·7564·6974·5f61·7263·683a·2062·3634···audit_arch:·b64
000fe920:·0a20·2077·6865·6e3a·0a20·202d·2027·2261··.··when:.··-·'"a000fe920:·0a20·2077·6865·6e3a·0a20·202d·2061·6e73··.··when:.··-·ans
000fe930:·7564·6974·2220·696e·2061·6e73·6962·6c65··udit"·in·ansible 
000fe940:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages' 
000fe950:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir 
000fe960:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type 
000fe970:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker 
000fe980:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv 
000fe990:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c 
000fe9a0:·6f6e·7461·696e·6572·225d·0a20·202d·2061··ontainer"].··-·a000fe930:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
 000fe940:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
 000fe950:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
 000fe960:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
 000fe970:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
 000fe980:·225d·0a20·202d·2027·2261·7564·6974·2220··"].··-·'"audit"·
 000fe990:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 000fe9a0:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a
000fe9b0:·6e73·6962·6c65·5f61·7263·6869·7465·6374··nsible_architect000fe9b0:·6e73·6962·6c65·5f61·7263·6869·7465·6374··nsible_architect
000fe9c0:·7572·6520·3d3d·2022·6161·7263·6836·3422··ure·==·"aarch64"000fe9c0:·7572·6520·3d3d·2022·6161·7263·6836·3422··ure·==·"aarch64"
000fe9d0:·206f·7220·616e·7369·626c·655f·6172·6368···or·ansible_arch000fe9d0:·206f·7220·616e·7369·626c·655f·6172·6368···or·ansible_arch
000fe9e0:·6974·6563·7475·7265·203d·3d20·2270·7063··itecture·==·"ppc000fe9e0:·6974·6563·7475·7265·203d·3d20·2270·7063··itecture·==·"ppc
000fe9f0:·3634·2220·6f72·2061·6e73·6962·6c65·5f61··64"·or·ansible_a000fe9f0:·3634·2220·6f72·2061·6e73·6962·6c65·5f61··64"·or·ansible_a
000fea00:·7263·6869·7465·6374·7572·650a·2020·2020··rchitecture.····000fea00:·7263·6869·7465·6374·7572·650a·2020·2020··rchitecture.····
000fea10:·3d3d·2022·7070·6336·346c·6522·206f·7220··==·"ppc64le"·or·000fea10:·3d3d·2022·7070·6336·346c·6522·206f·7220··==·"ppc64le"·or·
Offset 65489, 22 lines modifiedOffset 65489, 22 lines modified
000ffd00:·6f64·0a20·2020·2020·2063·7265·6174·653a··od.······create:000ffd00:·6f64·0a20·2020·2020·2063·7265·6174·653a··od.······create:
000ffd10:·2074·7275·650a·2020·2020·2020·6d6f·6465···true.······mode000ffd10:·2074·7275·650a·2020·2020·2020·6d6f·6465···true.······mode
000ffd20:·3a20·6f2d·7277·780a·2020·2020·2020·7374··:·o-rwx.······st000ffd20:·3a20·6f2d·7277·780a·2020·2020·2020·7374··:·o-rwx.······st
000ffd30:·6174·653a·2070·7265·7365·6e74·0a20·2020··ate:·present.···000ffd30:·6174·653a·2070·7265·7365·6e74·0a20·2020··ate:·present.···
000ffd40:·2077·6865·6e3a·2073·7973·6361·6c6c·735f···when:·syscalls_000ffd40:·2077·6865·6e3a·2073·7973·6361·6c6c·735f···when:·syscalls_
000ffd50:·666f·756e·6420·7c20·6c65·6e67·7468·203d··found·|·length·=000ffd50:·666f·756e·6420·7c20·6c65·6e67·7468·203d··found·|·length·=
000ffd60:·3d20·300a·2020·7768·656e·3a0a·2020·2d20··=·0.··when:.··-·000ffd60:·3d20·300a·2020·7768·656e·3a0a·2020·2d20··=·0.··when:.··-·
000ffd70:·2722·6175·6469·7422·2069·6e20·616e·7369··'"audit"·in·ansi 
000ffd80:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag 
000ffd90:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_ 
000ffda0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t 
000ffdb0:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc 
000ffdc0:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op 
000ffdd0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman", 
000ffde0:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··000ffd70:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
 000ffd80:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
 000ffd90:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
 000ffda0:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
 000ffdb0:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
 000ffdc0:·6e65·7222·5d0a·2020·2d20·2722·6175·6469··ner"].··-·'"audi
 000ffdd0:·7422·2069·6e20·616e·7369·626c·655f·6661··t"·in·ansible_fa
 000ffde0:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
000ffdf0:·7461·6773·3a0a·2020·2d20·4343·452d·3833··tags:.··-·CCE-83000ffdf0:·7461·6773·3a0a·2020·2d20·4343·452d·3833··tags:.··-·CCE-83
000ffe00:·3130·362d·350a·2020·2d20·434a·4953·2d35··106-5.··-·CJIS-5000ffe00:·3130·362d·350a·2020·2d20·434a·4953·2d35··106-5.··-·CJIS-5
000ffe10:·2e34·2e31·2e31·0a20·202d·2044·4953·412d··.4.1.1.··-·DISA-000ffe10:·2e34·2e31·2e31·0a20·202d·2044·4953·412d··.4.1.1.··-·DISA-
000ffe20:·5354·4947·2d53·4c45·532d·3132·2d30·3230··STIG-SLES-12-020000ffe20:·5354·4947·2d53·4c45·532d·3132·2d30·3230··STIG-SLES-12-020
000ffe30:·3436·300a·2020·2d20·4e49·5354·2d38·3030··460.··-·NIST-800000ffe30:·3436·300a·2020·2d20·4e49·5354·2d38·3030··460.··-·NIST-800
000ffe40:·2d31·3731·2d33·2e31·2e37·0a20·202d·204e··-171-3.1.7.··-·N000ffe40:·2d31·3731·2d33·2e31·2e37·0a20·202d·204e··-171-3.1.7.··-·N
000ffe50:·4953·542d·3830·302d·3533·2d41·552d·3132··IST-800-53-AU-12000ffe50:·4953·542d·3830·302d·3533·2d41·552d·3132··IST-800-53-AU-12
Offset 65801, 23 lines modifiedOffset 65801, 23 lines modified
00101080:·6b65·793d·7065·726d·5f6d·6f64·0a20·2020··key=perm_mod.···00101080:·6b65·793d·7065·726d·5f6d·6f64·0a20·2020··key=perm_mod.···
00101090:·2020·2063·7265·6174·653a·2074·7275·650a·····create:·true.00101090:·2020·2063·7265·6174·653a·2074·7275·650a·····create:·true.
001010a0:·2020·2020·2020·6d6f·6465·3a20·6f2d·7277········mode:·o-rw001010a0:·2020·2020·2020·6d6f·6465·3a20·6f2d·7277········mode:·o-rw
001010b0:·780a·2020·2020·2020·7374·6174·653a·2070··x.······state:·p001010b0:·780a·2020·2020·2020·7374·6174·653a·2070··x.······state:·p
001010c0:·7265·7365·6e74·0a20·2020·2077·6865·6e3a··resent.····when:001010c0:·7265·7365·6e74·0a20·2020·2077·6865·6e3a··resent.····when:
001010d0:·2073·7973·6361·6c6c·735f·666f·756e·6420···syscalls_found·001010d0:·2073·7973·6361·6c6c·735f·666f·756e·6420···syscalls_found·
001010e0:·7c20·6c65·6e67·7468·203d·3d20·300a·2020··|·length·==·0.··001010e0:·7c20·6c65·6e67·7468·203d·3d20·300a·2020··|·length·==·0.··
001010f0:·7768·656e·3a0a·2020·2d20·2722·6175·6469··when:.··-·'"audi001010f0:·7768·656e·3a0a·2020·2d20·616e·7369·626c··when:.··-·ansibl
00101100:·7422·2069·6e20·616e·7369·626c·655f·6661··t"·in·ansible_fa 
00101110:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.·· 
00101120:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua 
00101130:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no 
00101140:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",· 
00101150:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz", 
00101160:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont00101100:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
 00101110:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
 00101120:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
 00101130:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
 00101140:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].
 00101150:·2020·2d20·2722·6175·6469·7422·2069·6e20····-·'"audit"·in·
 00101160:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
00101170:·6169·6e65·7222·5d0a·2020·2d20·6175·6469··ainer"].··-·audi00101170:·636b·6167·6573·270a·2020·2d20·6175·6469··ckages'.··-·audi
00101180:·745f·6172·6368·203d·3d20·2262·3634·220a··t_arch·==·"b64".00101180:·745f·6172·6368·203d·3d20·2262·3634·220a··t_arch·==·"b64".
00101190:·2020·7461·6773·3a0a·2020·2d20·4343·452d····tags:.··-·CCE-00101190:·2020·7461·6773·3a0a·2020·2d20·4343·452d····tags:.··-·CCE-
001011a0:·3833·3130·362d·350a·2020·2d20·434a·4953··83106-5.··-·CJIS001011a0:·3833·3130·362d·350a·2020·2d20·434a·4953··83106-5.··-·CJIS
001011b0:·2d35·2e34·2e31·2e31·0a20·202d·2044·4953··-5.4.1.1.··-·DIS001011b0:·2d35·2e34·2e31·2e31·0a20·202d·2044·4953··-5.4.1.1.··-·DIS
001011c0:·412d·5354·4947·2d53·4c45·532d·3132·2d30··A-STIG-SLES-12-0001011c0:·412d·5354·4947·2d53·4c45·532d·3132·2d30··A-STIG-SLES-12-0
001011d0:·3230·3436·300a·2020·2d20·4e49·5354·2d38··20460.··-·NIST-8001011d0:·3230·3436·300a·2020·2d20·4e49·5354·2d38··20460.··-·NIST-8
001011e0:·3030·2d31·3731·2d33·2e31·2e37·0a20·202d··00-171-3.1.7.··-001011e0:·3030·2d31·3731·2d33·2e31·2e37·0a20·202d··00-171-3.1.7.··-
Offset 65852, 21 lines modifiedOffset 65852, 21 lines modified
001013b0:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel001013b0:·6469·7620·636c·6173·733d·2270·616e·656c··div·class="panel
001013c0:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap001013c0:·2d63·6f6c·6c61·7073·6520·636f·6c6c·6170··-collapse·collap
001013d0:·7365·2220·6964·3d22·6964·6d31·3638·3036··se"·id="idm16806001013d0:·7365·2220·6964·3d22·6964·6d31·3638·3036··se"·id="idm16806
001013e0:·223e·3c70·7265·3e3c·636f·6465·3e23·2052··"><pre><code>#·R001013e0:·223e·3c70·7265·3e3c·636f·6465·3e23·2052··"><pre><code>#·R
001013f0:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap001013f0:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap
00101400:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in00101400:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in
00101410:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor00101410:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor
00101420:·6d73·0a69·6620·7270·6d20·2d2d·7175·6965··ms.if·rpm·--quie 
00101430:·7420·2d71·2061·7564·6974·2026·616d·703b··t·-q·audit·&amp; 
00101440:·2661·6d70·3b20·5b20·2120·2d66·202f·2e64··&amp;·[·!·-f·/.d00101420:·6d73·0a69·6620·5b20·2120·2d66·202f·2e64··ms.if·[·!·-f·/.d
00101450:·6f63·6b65·7265·6e76·205d·2026·616d·703b··ockerenv·]·&amp;00101430:·6f63·6b65·7265·6e76·205d·2026·616d·703b··ockerenv·]·&amp;
00101460:·2661·6d70·3b20·5b20·2120·2d66·202f·7275··&amp;·[·!·-f·/ru00101440:·2661·6d70·3b20·5b20·2120·2d66·202f·7275··&amp;·[·!·-f·/ru
00101470:·6e2f·2e63·6f6e·7461·696e·6572·656e·7620··n/.containerenv·00101450:·6e2f·2e63·6f6e·7461·696e·6572·656e·7620··n/.containerenv·
 00101460:·5d20·2661·6d70·3b26·616d·703b·2072·706d··]·&amp;&amp;·rpm
 00101470:·202d·2d71·7569·6574·202d·7120·6175·6469···--quiet·-q·audi
00101480:·5d3b·2074·6865·6e0a·0a23·2046·6972·7374··];·then..#·First00101480:·743b·2074·6865·6e0a·0a23·2046·6972·7374··t;·then..#·First
00101490:·2070·6572·666f·726d·2074·6865·2072·656d···perform·the·rem00101490:·2070·6572·666f·726d·2074·6865·2072·656d···perform·the·rem
001014a0:·6564·6961·7469·6f6e·206f·6620·7468·6520··ediation·of·the·001014a0:·6564·6961·7469·6f6e·206f·6620·7468·6520··ediation·of·the·
001014b0:·7379·7363·616c·6c20·7275·6c65·0a23·2052··syscall·rule.#·R001014b0:·7379·7363·616c·6c20·7275·6c65·0a23·2052··syscall·rule.#·R
001014c0:·6574·7269·6576·6520·6861·7264·7761·7265··etrieve·hardware001014c0:·6574·7269·6576·6520·6861·7264·7761·7265··etrieve·hardware
Max diff block lines reached; 571805/581319 bytes (98.36%) of diff not shown.
165 KB
html2text {}
    
Offset 38, 15 lines modifiedOffset 38, 15 lines modified
38 Profile·Title·DISA·STIG·for·SUSE·Linux·Enterprise·1238 Profile·Title·DISA·STIG·for·SUSE·Linux·Enterprise·12
39 Profile·ID····xccdf_org.ssgproject.content_profile_stig39 Profile·ID····xccdf_org.ssgproject.content_profile_stig
40 ***·CPE·Platforms·***40 ***·CPE·Platforms·***
41 ····*·cpe:/o:suse:linux_enterprise_desktop:1241 ····*·cpe:/o:suse:linux_enterprise_desktop:12
42 ····*·cpe:/o:suse:linux_enterprise_server:1242 ····*·cpe:/o:suse:linux_enterprise_server:12
43 *****·Revision·History·*****43 *****·Revision·History·*****
44 Current·version:·0.1.6544 Current·version:·0.1.65
45 ····*·draft·(as·of·2024-01-14)45 ····*·draft·(as·of·2025-02-15)
46 *****·Table·of·Contents·*****46 *****·Table·of·Contents·*****
47 ···1.·System_Settings47 ···1.·System_Settings
48 ·········1.·Installing_and_Maintaining_Software48 ·········1.·Installing_and_Maintaining_Software
49 ·········2.·Account_and_Access_Control49 ·········2.·Account_and_Access_Control
50 ·········3.·System_Accounting_with_auditd50 ·········3.·System_Accounting_with_auditd
51 ·········4.·AppArmor51 ·········4.·AppArmor
52 ·········5.·GRUB2_bootloader_configuration52 ·········5.·GRUB2_bootloader_configuration
Offset 10145, 16 lines modifiedOffset 10145, 16 lines modified
10145 ··-·reboot_required10145 ··-·reboot_required
10146 ··-·restrict_strategy10146 ··-·restrict_strategy
  
10147 -·name:·Set·architecture·for·audit·chmod·tasks10147 -·name:·Set·architecture·for·audit·chmod·tasks
10148 ··set_fact:10148 ··set_fact:
10149 ····audit_arch:·b6410149 ····audit_arch:·b64
10150 ··when:10150 ··when:
10151 ··-·'"audit"·in·ansible_facts.packages' 
10152 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]10151 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 10152 ··-·'"audit"·in·ansible_facts.packages'
10153 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture10153 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
10154 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"10154 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
10155 ··tags:10155 ··tags:
10156 ··-·CCE-83106-510156 ··-·CCE-83106-5
10157 ··-·CJIS-5.4.1.110157 ··-·CJIS-5.4.1.1
10158 ··-·DISA-STIG-SLES-12-02046010158 ··-·DISA-STIG-SLES-12-020460
10159 ··-·NIST-800-171-3.1.710159 ··-·NIST-800-171-3.1.7
Offset 10292, 16 lines modifiedOffset 10292, 16 lines modified
10292 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100010292 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
10293 ········-F·auid!=unset·-F·key=perm_mod10293 ········-F·auid!=unset·-F·key=perm_mod
10294 ······create:·true10294 ······create:·true
10295 ······mode:·o-rwx10295 ······mode:·o-rwx
10296 ······state:·present10296 ······state:·present
10297 ····when:·syscalls_found·|·length·==·010297 ····when:·syscalls_found·|·length·==·0
10298 ··when:10298 ··when:
10299 ··-·'"audit"·in·ansible_facts.packages' 
10300 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]10299 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 10300 ··-·'"audit"·in·ansible_facts.packages'
10301 ··tags:10301 ··tags:
10302 ··-·CCE-83106-510302 ··-·CCE-83106-5
10303 ··-·CJIS-5.4.1.110303 ··-·CJIS-5.4.1.1
10304 ··-·DISA-STIG-SLES-12-02046010304 ··-·DISA-STIG-SLES-12-020460
10305 ··-·NIST-800-171-3.1.710305 ··-·NIST-800-171-3.1.7
10306 ··-·NIST-800-53-AU-12(c)10306 ··-·NIST-800-53-AU-12(c)
10307 ··-·NIST-800-53-AU-2(d)10307 ··-·NIST-800-53-AU-2(d)
Offset 10437, 16 lines modifiedOffset 10437, 16 lines modified
10437 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100010437 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
10438 ········-F·auid!=unset·-F·key=perm_mod10438 ········-F·auid!=unset·-F·key=perm_mod
10439 ······create:·true10439 ······create:·true
10440 ······mode:·o-rwx10440 ······mode:·o-rwx
10441 ······state:·present10441 ······state:·present
10442 ····when:·syscalls_found·|·length·==·010442 ····when:·syscalls_found·|·length·==·0
10443 ··when:10443 ··when:
10444 ··-·'"audit"·in·ansible_facts.packages' 
10445 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]10444 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 10445 ··-·'"audit"·in·ansible_facts.packages'
10446 ··-·audit_arch·==·"b64"10446 ··-·audit_arch·==·"b64"
10447 ··tags:10447 ··tags:
10448 ··-·CCE-83106-510448 ··-·CCE-83106-5
10449 ··-·CJIS-5.4.1.110449 ··-·CJIS-5.4.1.1
10450 ··-·DISA-STIG-SLES-12-02046010450 ··-·DISA-STIG-SLES-12-020460
10451 ··-·NIST-800-171-3.1.710451 ··-·NIST-800-171-3.1.7
10452 ··-·NIST-800-53-AU-12(c)10452 ··-·NIST-800-53-AU-12(c)
Offset 10457, 15 lines modifiedOffset 10457, 15 lines modified
10457 ··-·low_complexity10457 ··-·low_complexity
10458 ··-·low_disruption10458 ··-·low_disruption
10459 ··-·medium_severity10459 ··-·medium_severity
10460 ··-·reboot_required10460 ··-·reboot_required
10461 ··-·restrict_strategy10461 ··-·restrict_strategy
10462 Remediation_Shell_script_⇲10462 Remediation_Shell_script_⇲
10463 #·Remediation·is·applicable·only·in·certain·platforms10463 #·Remediation·is·applicable·only·in·certain·platforms
10464 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then10464 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
10465 #·First·perform·the·remediation·of·the·syscall·rule10465 #·First·perform·the·remediation·of·the·syscall·rule
10466 #·Retrieve·hardware·architecture·of·the·underlying·system10466 #·Retrieve·hardware·architecture·of·the·underlying·system
10467 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")10467 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
10468 for·ARCH·in·"${RULE_ARCHS[@]}"10468 for·ARCH·in·"${RULE_ARCHS[@]}"
10469 do10469 do
Offset 10859, 16 lines modifiedOffset 10859, 16 lines modified
10859 ··-·reboot_required10859 ··-·reboot_required
10860 ··-·restrict_strategy10860 ··-·restrict_strategy
  
10861 -·name:·Set·architecture·for·audit·chown·tasks10861 -·name:·Set·architecture·for·audit·chown·tasks
10862 ··set_fact:10862 ··set_fact:
10863 ····audit_arch:·b6410863 ····audit_arch:·b64
10864 ··when:10864 ··when:
10865 ··-·'"audit"·in·ansible_facts.packages' 
10866 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]10865 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 10866 ··-·'"audit"·in·ansible_facts.packages'
10867 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture10867 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
10868 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"10868 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
10869 ··tags:10869 ··tags:
10870 ··-·CCE-83137-010870 ··-·CCE-83137-0
10871 ··-·CJIS-5.4.1.110871 ··-·CJIS-5.4.1.1
10872 ··-·DISA-STIG-SLES-12-02042010872 ··-·DISA-STIG-SLES-12-020420
10873 ··-·NIST-800-171-3.1.710873 ··-·NIST-800-171-3.1.7
Offset 11008, 16 lines modifiedOffset 11008, 16 lines modified
11008 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100011008 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
11009 ········-F·auid!=unset·-F·key=perm_mod11009 ········-F·auid!=unset·-F·key=perm_mod
11010 ······create:·true11010 ······create:·true
11011 ······mode:·o-rwx11011 ······mode:·o-rwx
11012 ······state:·present11012 ······state:·present
11013 ····when:·syscalls_found·|·length·==·011013 ····when:·syscalls_found·|·length·==·0
11014 ··when:11014 ··when:
11015 ··-·'"audit"·in·ansible_facts.packages' 
11016 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]11015 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 11016 ··-·'"audit"·in·ansible_facts.packages'
11017 ··tags:11017 ··tags:
11018 ··-·CCE-83137-011018 ··-·CCE-83137-0
11019 ··-·CJIS-5.4.1.111019 ··-·CJIS-5.4.1.1
11020 ··-·DISA-STIG-SLES-12-02042011020 ··-·DISA-STIG-SLES-12-020420
11021 ··-·NIST-800-171-3.1.711021 ··-·NIST-800-171-3.1.7
11022 ··-·NIST-800-53-AU-12(c)11022 ··-·NIST-800-53-AU-12(c)
11023 ··-·NIST-800-53-AU-2(d)11023 ··-·NIST-800-53-AU-2(d)
Offset 11155, 16 lines modifiedOffset 11155, 16 lines modified
11155 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100011155 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
11156 ········-F·auid!=unset·-F·key=perm_mod11156 ········-F·auid!=unset·-F·key=perm_mod
11157 ······create:·true11157 ······create:·true
11158 ······mode:·o-rwx11158 ······mode:·o-rwx
11159 ······state:·present11159 ······state:·present
Max diff block lines reached; 164283/168762 bytes (97.35%) of diff not shown.
1.88 KB
./usr/share/doc/ssg-nondebian/ssg-sle15-guide-anssi_bp28_enhanced.html
    
Offset 14343, 15 lines modifiedOffset 14343, 15 lines modified
00038060:·3c2f·6832·3e3c·703e·4375·7272·656e·7420··</h2><p>Current·00038060:·3c2f·6832·3e3c·703e·4375·7272·656e·7420··</h2><p>Current·
00038070:·7665·7273·696f·6e3a·203c·7374·726f·6e67··version:·<strong00038070:·7665·7273·696f·6e3a·203c·7374·726f·6e67··version:·<strong
00038080:·3e30·2e31·2e36·353c·2f73·7472·6f6e·673e··>0.1.65</strong>00038080:·3e30·2e31·2e36·353c·2f73·7472·6f6e·673e··>0.1.65</strong>
00038090:·3c2f·703e·3c75·6c3e·3c6c·693e·3c73·7472··</p><ul><li><str00038090:·3c2f·703e·3c75·6c3e·3c6c·693e·3c73·7472··</p><ul><li><str
000380a0:·6f6e·673e·6472·6166·743c·2f73·7472·6f6e··ong>draft</stron000380a0:·6f6e·673e·6472·6166·743c·2f73·7472·6f6e··ong>draft</stron
000380b0:·673e·0a20·2020·2020·2020·2020·2020·2020··g>.·············000380b0:·673e·0a20·2020·2020·2020·2020·2020·2020··g>.·············
000380c0:·2020·2020·2020·2028·6173·206f·6620·3230·········(as·of·20000380c0:·2020·2020·2020·2028·6173·206f·6620·3230·········(as·of·20
000380d0:·3234·2d30·312d·3134·290a·2020·2020·2020··24-01-14).······000380d0:·3235·2d30·322d·3135·290a·2020·2020·2020··25-02-15).······
000380e0:·2020·2020·2020·2020·2020·3c2f·6c69·3e3c············</li><000380e0:·2020·2020·2020·2020·2020·3c2f·6c69·3e3c············</li><
000380f0:·2f75·6c3e·3c2f·6469·763e·3c68·323e·5461··/ul></div><h2>Ta000380f0:·2f75·6c3e·3c2f·6469·763e·3c68·323e·5461··/ul></div><h2>Ta
00038100:·626c·6520·6f66·2043·6f6e·7465·6e74·733c··ble·of·Contents<00038100:·626c·6520·6f66·2043·6f6e·7465·6e74·733c··ble·of·Contents<
00038110:·2f68·323e·3c6f·6c3e·3c6c·693e·3c61·2068··/h2><ol><li><a·h00038110:·2f68·323e·3c6f·6c3e·3c6c·693e·3c61·2068··/h2><ol><li><a·h
00038120:·7265·663d·2223·7863·6364·665f·6f72·672e··ref="#xccdf_org.00038120:·7265·663d·2223·7863·6364·665f·6f72·672e··ref="#xccdf_org.
00038130:·7373·6770·726f·6a65·6374·2e63·6f6e·7465··ssgproject.conte00038130:·7373·6770·726f·6a65·6374·2e63·6f6e·7465··ssgproject.conte
00038140:·6e74·5f67·726f·7570·5f73·7973·7465·6d22··nt_group_system"00038140:·6e74·5f67·726f·7570·5f73·7973·7465·6d22··nt_group_system"
650 B
html2text {}
    
Offset 49, 15 lines modifiedOffset 49, 15 lines modified
49 Profile·Title·ANSSI-BP-028·(enhanced)49 Profile·Title·ANSSI-BP-028·(enhanced)
50 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced50 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced
51 ***·CPE·Platforms·***51 ***·CPE·Platforms·***
52 ····*·cpe:/o:suse:linux_enterprise_desktop:1552 ····*·cpe:/o:suse:linux_enterprise_desktop:15
53 ····*·cpe:/o:suse:linux_enterprise_server:1553 ····*·cpe:/o:suse:linux_enterprise_server:15
54 *****·Revision·History·*****54 *****·Revision·History·*****
55 Current·version:·0.1.6555 Current·version:·0.1.65
56 ····*·draft·(as·of·2024-01-14)56 ····*·draft·(as·of·2025-02-15)
57 *****·Table·of·Contents·*****57 *****·Table·of·Contents·*****
58 ···1.·System_Settings58 ···1.·System_Settings
59 ·········1.·Installing_and_Maintaining_Software59 ·········1.·Installing_and_Maintaining_Software
60 ·········2.·Account_and_Access_Control60 ·········2.·Account_and_Access_Control
61 ·········3.·System_Accounting_with_auditd61 ·········3.·System_Accounting_with_auditd
62 ·········4.·GRUB2_bootloader_configuration62 ·········4.·GRUB2_bootloader_configuration
63 ·········5.·Configure_Syslog63 ·········5.·Configure_Syslog
1.86 KB
./usr/share/doc/ssg-nondebian/ssg-sle15-guide-anssi_bp28_high.html
    
Offset 14342, 15 lines modifiedOffset 14342, 15 lines modified
00038050:·3c2f·6832·3e3c·703e·4375·7272·656e·7420··</h2><p>Current·00038050:·3c2f·6832·3e3c·703e·4375·7272·656e·7420··</h2><p>Current·
00038060:·7665·7273·696f·6e3a·203c·7374·726f·6e67··version:·<strong00038060:·7665·7273·696f·6e3a·203c·7374·726f·6e67··version:·<strong
00038070:·3e30·2e31·2e36·353c·2f73·7472·6f6e·673e··>0.1.65</strong>00038070:·3e30·2e31·2e36·353c·2f73·7472·6f6e·673e··>0.1.65</strong>
00038080:·3c2f·703e·3c75·6c3e·3c6c·693e·3c73·7472··</p><ul><li><str00038080:·3c2f·703e·3c75·6c3e·3c6c·693e·3c73·7472··</p><ul><li><str
00038090:·6f6e·673e·6472·6166·743c·2f73·7472·6f6e··ong>draft</stron00038090:·6f6e·673e·6472·6166·743c·2f73·7472·6f6e··ong>draft</stron
000380a0:·673e·0a20·2020·2020·2020·2020·2020·2020··g>.·············000380a0:·673e·0a20·2020·2020·2020·2020·2020·2020··g>.·············
000380b0:·2020·2020·2020·2028·6173·206f·6620·3230·········(as·of·20000380b0:·2020·2020·2020·2028·6173·206f·6620·3230·········(as·of·20
000380c0:·3234·2d30·312d·3134·290a·2020·2020·2020··24-01-14).······000380c0:·3235·2d30·322d·3135·290a·2020·2020·2020··25-02-15).······
000380d0:·2020·2020·2020·2020·2020·3c2f·6c69·3e3c············</li><000380d0:·2020·2020·2020·2020·2020·3c2f·6c69·3e3c············</li><
000380e0:·2f75·6c3e·3c2f·6469·763e·3c68·323e·5461··/ul></div><h2>Ta000380e0:·2f75·6c3e·3c2f·6469·763e·3c68·323e·5461··/ul></div><h2>Ta
000380f0:·626c·6520·6f66·2043·6f6e·7465·6e74·733c··ble·of·Contents<000380f0:·626c·6520·6f66·2043·6f6e·7465·6e74·733c··ble·of·Contents<
00038100:·2f68·323e·3c6f·6c3e·3c6c·693e·3c61·2068··/h2><ol><li><a·h00038100:·2f68·323e·3c6f·6c3e·3c6c·693e·3c61·2068··/h2><ol><li><a·h
00038110:·7265·663d·2223·7863·6364·665f·6f72·672e··ref="#xccdf_org.00038110:·7265·663d·2223·7863·6364·665f·6f72·672e··ref="#xccdf_org.
00038120:·7373·6770·726f·6a65·6374·2e63·6f6e·7465··ssgproject.conte00038120:·7373·6770·726f·6a65·6374·2e63·6f6e·7465··ssgproject.conte
00038130:·6e74·5f67·726f·7570·5f73·7973·7465·6d22··nt_group_system"00038130:·6e74·5f67·726f·7570·5f73·7973·7465·6d22··nt_group_system"
642 B
html2text {}
    
Offset 49, 15 lines modifiedOffset 49, 15 lines modified
49 Profile·Title·ANSSI-BP-028·(high)49 Profile·Title·ANSSI-BP-028·(high)
50 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_high50 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_high
51 ***·CPE·Platforms·***51 ***·CPE·Platforms·***
52 ····*·cpe:/o:suse:linux_enterprise_desktop:1552 ····*·cpe:/o:suse:linux_enterprise_desktop:15
53 ····*·cpe:/o:suse:linux_enterprise_server:1553 ····*·cpe:/o:suse:linux_enterprise_server:15
54 *****·Revision·History·*****54 *****·Revision·History·*****
55 Current·version:·0.1.6555 Current·version:·0.1.65
56 ····*·draft·(as·of·2024-01-14)56 ····*·draft·(as·of·2025-02-15)
57 *****·Table·of·Contents·*****57 *****·Table·of·Contents·*****
58 ···1.·System_Settings58 ···1.·System_Settings
59 ·········1.·Installing_and_Maintaining_Software59 ·········1.·Installing_and_Maintaining_Software
60 ·········2.·Account_and_Access_Control60 ·········2.·Account_and_Access_Control
61 ·········3.·System_Accounting_with_auditd61 ·········3.·System_Accounting_with_auditd
62 ·········4.·GRUB2_bootloader_configuration62 ·········4.·GRUB2_bootloader_configuration
63 ·········5.·Configure_Syslog63 ·········5.·Configure_Syslog
1.9 KB
./usr/share/doc/ssg-nondebian/ssg-sle15-guide-anssi_bp28_intermediary.html
    
Offset 14344, 15 lines modifiedOffset 14344, 15 lines modified
00038070:·3c2f·6832·3e3c·703e·4375·7272·656e·7420··</h2><p>Current·00038070:·3c2f·6832·3e3c·703e·4375·7272·656e·7420··</h2><p>Current·
00038080:·7665·7273·696f·6e3a·203c·7374·726f·6e67··version:·<strong00038080:·7665·7273·696f·6e3a·203c·7374·726f·6e67··version:·<strong
00038090:·3e30·2e31·2e36·353c·2f73·7472·6f6e·673e··>0.1.65</strong>00038090:·3e30·2e31·2e36·353c·2f73·7472·6f6e·673e··>0.1.65</strong>
000380a0:·3c2f·703e·3c75·6c3e·3c6c·693e·3c73·7472··</p><ul><li><str000380a0:·3c2f·703e·3c75·6c3e·3c6c·693e·3c73·7472··</p><ul><li><str
000380b0:·6f6e·673e·6472·6166·743c·2f73·7472·6f6e··ong>draft</stron000380b0:·6f6e·673e·6472·6166·743c·2f73·7472·6f6e··ong>draft</stron
000380c0:·673e·0a20·2020·2020·2020·2020·2020·2020··g>.·············000380c0:·673e·0a20·2020·2020·2020·2020·2020·2020··g>.·············
000380d0:·2020·2020·2020·2028·6173·206f·6620·3230·········(as·of·20000380d0:·2020·2020·2020·2028·6173·206f·6620·3230·········(as·of·20
000380e0:·3234·2d30·312d·3134·290a·2020·2020·2020··24-01-14).······000380e0:·3235·2d30·322d·3135·290a·2020·2020·2020··25-02-15).······
000380f0:·2020·2020·2020·2020·2020·3c2f·6c69·3e3c············</li><000380f0:·2020·2020·2020·2020·2020·3c2f·6c69·3e3c············</li><
00038100:·2f75·6c3e·3c2f·6469·763e·3c68·323e·5461··/ul></div><h2>Ta00038100:·2f75·6c3e·3c2f·6469·763e·3c68·323e·5461··/ul></div><h2>Ta
00038110:·626c·6520·6f66·2043·6f6e·7465·6e74·733c··ble·of·Contents<00038110:·626c·6520·6f66·2043·6f6e·7465·6e74·733c··ble·of·Contents<
00038120:·2f68·323e·3c6f·6c3e·3c6c·693e·3c61·2068··/h2><ol><li><a·h00038120:·2f68·323e·3c6f·6c3e·3c6c·693e·3c61·2068··/h2><ol><li><a·h
00038130:·7265·663d·2223·7863·6364·665f·6f72·672e··ref="#xccdf_org.00038130:·7265·663d·2223·7863·6364·665f·6f72·672e··ref="#xccdf_org.
00038140:·7373·6770·726f·6a65·6374·2e63·6f6e·7465··ssgproject.conte00038140:·7373·6770·726f·6a65·6374·2e63·6f6e·7465··ssgproject.conte
00038150:·6e74·5f67·726f·7570·5f73·7973·7465·6d22··nt_group_system"00038150:·6e74·5f67·726f·7570·5f73·7973·7465·6d22··nt_group_system"
663 B
html2text {}
    
Offset 49, 15 lines modifiedOffset 49, 15 lines modified
49 Profile·Title·ANSSI-BP-028·(intermediary)49 Profile·Title·ANSSI-BP-028·(intermediary)
50 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary50 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary
51 ***·CPE·Platforms·***51 ***·CPE·Platforms·***
52 ····*·cpe:/o:suse:linux_enterprise_desktop:1552 ····*·cpe:/o:suse:linux_enterprise_desktop:15
53 ····*·cpe:/o:suse:linux_enterprise_server:1553 ····*·cpe:/o:suse:linux_enterprise_server:15
54 *****·Revision·History·*****54 *****·Revision·History·*****
55 Current·version:·0.1.6555 Current·version:·0.1.65
56 ····*·draft·(as·of·2024-01-14)56 ····*·draft·(as·of·2025-02-15)
57 *****·Table·of·Contents·*****57 *****·Table·of·Contents·*****
58 ···1.·System_Settings58 ···1.·System_Settings
59 ·········1.·Installing_and_Maintaining_Software59 ·········1.·Installing_and_Maintaining_Software
60 ·········2.·Account_and_Access_Control60 ·········2.·Account_and_Access_Control
61 ·········3.·System_Accounting_with_auditd61 ·········3.·System_Accounting_with_auditd
62 ·········4.·Configure_Syslog62 ·········4.·Configure_Syslog
63 ·········5.·Network_Configuration_and_Firewalls63 ·········5.·Network_Configuration_and_Firewalls
1.98 KB
./usr/share/doc/ssg-nondebian/ssg-sle15-guide-anssi_bp28_minimal.html
    
Offset 14342, 16 lines modifiedOffset 14342, 16 lines modified
00038050:·7369·6f6e·2048·6973·746f·7279·3c2f·6832··sion·History</h200038050:·7369·6f6e·2048·6973·746f·7279·3c2f·6832··sion·History</h2
00038060:·3e3c·703e·4375·7272·656e·7420·7665·7273··><p>Current·vers00038060:·3e3c·703e·4375·7272·656e·7420·7665·7273··><p>Current·vers
00038070:·696f·6e3a·203c·7374·726f·6e67·3e30·2e31··ion:·<strong>0.100038070:·696f·6e3a·203c·7374·726f·6e67·3e30·2e31··ion:·<strong>0.1
00038080:·2e36·353c·2f73·7472·6f6e·673e·3c2f·703e··.65</strong></p>00038080:·2e36·353c·2f73·7472·6f6e·673e·3c2f·703e··.65</strong></p>
00038090:·3c75·6c3e·3c6c·693e·3c73·7472·6f6e·673e··<ul><li><strong>00038090:·3c75·6c3e·3c6c·693e·3c73·7472·6f6e·673e··<ul><li><strong>
000380a0:·6472·6166·743c·2f73·7472·6f6e·673e·0a20··draft</strong>.·000380a0:·6472·6166·743c·2f73·7472·6f6e·673e·0a20··draft</strong>.·
000380b0:·2020·2020·2020·2020·2020·2020·2020·2020··················000380b0:·2020·2020·2020·2020·2020·2020·2020·2020··················
000380c0:·2020·2028·6173·206f·6620·3230·3234·2d30·····(as·of·2024-0000380c0:·2020·2028·6173·206f·6620·3230·3235·2d30·····(as·of·2025-0
000380d0:·312d·3134·290a·2020·2020·2020·2020·2020··1-14).··········000380d0:·322d·3135·290a·2020·2020·2020·2020·2020··2-15).··········
000380e0:·2020·2020·2020·3c2f·6c69·3e3c·2f75·6c3e········</li></ul>000380e0:·2020·2020·2020·3c2f·6c69·3e3c·2f75·6c3e········</li></ul>
000380f0:·3c2f·6469·763e·3c68·323e·5461·626c·6520··</div><h2>Table·000380f0:·3c2f·6469·763e·3c68·323e·5461·626c·6520··</div><h2>Table·
00038100:·6f66·2043·6f6e·7465·6e74·733c·2f68·323e··of·Contents</h2>00038100:·6f66·2043·6f6e·7465·6e74·733c·2f68·323e··of·Contents</h2>
00038110:·3c6f·6c3e·3c6c·693e·3c61·2068·7265·663d··<ol><li><a·href=00038110:·3c6f·6c3e·3c6c·693e·3c61·2068·7265·663d··<ol><li><a·href=
00038120:·2223·7863·6364·665f·6f72·672e·7373·6770··"#xccdf_org.ssgp00038120:·2223·7863·6364·665f·6f72·672e·7373·6770··"#xccdf_org.ssgp
00038130:·726f·6a65·6374·2e63·6f6e·7465·6e74·5f67··roject.content_g00038130:·726f·6a65·6374·2e63·6f6e·7465·6e74·5f67··roject.content_g
00038140:·726f·7570·5f73·7973·7465·6d22·3e53·7973··roup_system">Sys00038140:·726f·7570·5f73·7973·7465·6d22·3e53·7973··roup_system">Sys
617 B
html2text {}
    
Offset 49, 15 lines modifiedOffset 49, 15 lines modified
49 Profile·Title·ANSSI-BP-028·(minimal)49 Profile·Title·ANSSI-BP-028·(minimal)
50 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_minimal50 Profile·ID····xccdf_org.ssgproject.content_profile_anssi_bp28_minimal
51 ***·CPE·Platforms·***51 ***·CPE·Platforms·***
52 ····*·cpe:/o:suse:linux_enterprise_desktop:1552 ····*·cpe:/o:suse:linux_enterprise_desktop:15
53 ····*·cpe:/o:suse:linux_enterprise_server:1553 ····*·cpe:/o:suse:linux_enterprise_server:15
54 *****·Revision·History·*****54 *****·Revision·History·*****
55 Current·version:·0.1.6555 Current·version:·0.1.65
56 ····*·draft·(as·of·2024-01-14)56 ····*·draft·(as·of·2025-02-15)
57 *****·Table·of·Contents·*****57 *****·Table·of·Contents·*****
58 ···1.·System_Settings58 ···1.·System_Settings
59 ·········1.·Installing_and_Maintaining_Software59 ·········1.·Installing_and_Maintaining_Software
60 ·········2.·Account_and_Access_Control60 ·········2.·Account_and_Access_Control
61 ·········3.·Configure_Syslog61 ·········3.·Configure_Syslog
62 ·········4.·File_Permissions_and_Masks62 ·········4.·File_Permissions_and_Masks
63 ···2.·Services63 ···2.·Services
23.6 KB
./usr/share/doc/ssg-nondebian/ssg-sle15-guide-cis.html
    
Offset 14311, 16 lines modifiedOffset 14311, 16 lines modified
00037e60:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p00037e60:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p
00037e70:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version00037e70:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version
00037e80:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.6500037e80:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.65
00037e90:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul00037e90:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul
00037ea0:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra00037ea0:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra
00037eb0:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····00037eb0:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····
00037ec0:·2020·2020·2020·2020·2020·2020·2020·2020··················00037ec0:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037ed0:·2861·7320·6f66·2032·3032·342d·3031·2d31··(as·of·2024-01-100037ed0:·2861·7320·6f66·2032·3032·352d·3032·2d31··(as·of·2025-02-1
00037ee0:·3429·0a20·2020·2020·2020·2020·2020·2020··4).·············00037ee0:·3529·0a20·2020·2020·2020·2020·2020·2020··5).·············
00037ef0:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d00037ef0:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d
00037f00:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·00037f00:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·
00037f10:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol00037f10:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol
00037f20:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x00037f20:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x
00037f30:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj00037f30:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj
00037f40:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou00037f40:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou
00037f50:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System00037f50:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System
Offset 167903, 22 lines modifiedOffset 167903, 22 lines modified
0028fde0:·0a0a·2d20·6e61·6d65·3a20·5465·7374·2066··..-·name:·Test·f0028fde0:·0a0a·2d20·6e61·6d65·3a20·5465·7374·2066··..-·name:·Test·f
0028fdf0:·6f72·2065·7869·7374·656e·6365·202f·626f··or·existence·/bo0028fdf0:·6f72·2065·7869·7374·656e·6365·202f·626f··or·existence·/bo
0028fe00:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf0028fe00:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
0028fe10:·670a·2020·7374·6174·3a0a·2020·2020·7061··g.··stat:.····pa0028fe10:·670a·2020·7374·6174·3a0a·2020·2020·7061··g.··stat:.····pa
0028fe20:·7468·3a20·2f62·6f6f·742f·6772·7562·322f··th:·/boot/grub2/0028fe20:·7468·3a20·2f62·6f6f·742f·6772·7562·322f··th:·/boot/grub2/
0028fe30:·6772·7562·2e63·6667·0a20·2072·6567·6973··grub.cfg.··regis0028fe30:·6772·7562·2e63·6667·0a20·2072·6567·6973··grub.cfg.··regis
0028fe40:·7465·723a·2066·696c·655f·6578·6973·7473··ter:·file_exists0028fe40:·7465·723a·2066·696c·655f·6578·6973·7473··ter:·file_exists
0028fe50:·0a20·2077·6865·6e3a·0a20·202d·2027·2267··.··when:.··-·'"g0028fe50:·0a20·2077·6865·6e3a·0a20·202d·2027·222f··.··when:.··-·'"/
0028fe60:·7275·6232·2220·696e·2061·6e73·6962·6c65··rub2"·in·ansible 
0028fe70:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages' 
0028fe80:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi 
0028fe90:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible 
0028fea0:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at 
0028feb0:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount") 
0028fec0:·207c·206c·6973·7427·0a20·202d·2061·6e73···|·list'.··-·ans0028fe60:·626f·6f74·2f65·6669·2220·6e6f·7420·696e··boot/efi"·not·in
 0028fe70:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts·
 0028fe80:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute=
 0028fe90:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list'
 0028fea0:·0a20·202d·2027·2267·7275·6232·2220·696e··.··-·'"grub2"·in
 0028feb0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p
 0028fec0:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans
0028fed0:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat0028fed0:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
0028fee0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·0028fee0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
0028fef0:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"0028fef0:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
0028ff00:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod0028ff00:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
0028ff10:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container0028ff10:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
0028ff20:·225d·0a20·2074·6167·733a·0a20·202d·2043··"].··tags:.··-·C0028ff20:·225d·0a20·2074·6167·733a·0a20·202d·2043··"].··tags:.··-·C
0028ff30:·4345·2d38·3538·3439·2d38·0a20·202d·2043··CE-85849-8.··-·C0028ff30:·4345·2d38·3538·3439·2d38·0a20·202d·2043··CE-85849-8.··-·C
Offset 167940, 21 lines modifiedOffset 167940, 21 lines modified
00290030:·6d65·3a20·456e·7375·7265·2067·726f·7570··me:·Ensure·group00290030:·6d65·3a20·456e·7375·7265·2067·726f·7570··me:·Ensure·group
00290040:·206f·776e·6572·2030·206f·6e20·2f62·6f6f···owner·0·on·/boo00290040:·206f·776e·6572·2030·206f·6e20·2f62·6f6f···owner·0·on·/boo
00290050:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg00290050:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg
00290060:·0a20·2066·696c·653a·0a20·2020·2070·6174··.··file:.····pat00290060:·0a20·2066·696c·653a·0a20·2020·2070·6174··.··file:.····pat
00290070:·683a·202f·626f·6f74·2f67·7275·6232·2f67··h:·/boot/grub2/g00290070:·683a·202f·626f·6f74·2f67·7275·6232·2f67··h:·/boot/grub2/g
00290080:·7275·622e·6366·670a·2020·2020·6772·6f75··rub.cfg.····grou00290080:·7275·622e·6366·670a·2020·2020·6772·6f75··rub.cfg.····grou
00290090:·703a·2027·3027·0a20·2077·6865·6e3a·0a20··p:·'0'.··when:.·00290090:·703a·2027·3027·0a20·2077·6865·6e3a·0a20··p:·'0'.··when:.·
002900a0:·202d·2027·2267·7275·6232·2220·696e·2061···-·'"grub2"·in·a 
002900b0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac 
002900c0:·6b61·6765·7327·0a20·202d·2027·222f·626f··kages'.··-·'"/bo 
002900d0:·6f74·2f65·6669·2220·6e6f·7420·696e·2061··ot/efi"·not·in·a 
002900e0:·6e73·6962·6c65·5f6d·6f75·6e74·7320·7c20··nsible_mounts·|· 
002900f0:·6d61·7028·6174·7472·6962·7574·653d·226d··map(attribute="m 
00290100:·6f75·6e74·2229·207c·206c·6973·7427·0a20··ount")·|·list'.·002900a0:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"·
 002900b0:·6e6f·7420·696e·2061·6e73·6962·6c65·5f6d··not·in·ansible_m
 002900c0:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr
 002900d0:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·|
 002900e0:·206c·6973·7427·0a20·202d·2027·2267·7275···list'.··-·'"gru
 002900f0:·6232·2220·696e·2061·6e73·6962·6c65·5f66··b2"·in·ansible_f
 00290100:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
00290110:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu00290110:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu
00290120:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n00290120:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n
00290130:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",00290130:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",
00290140:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"00290140:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"
00290150:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con00290150:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con
00290160:·7461·696e·6572·225d·0a20·202d·2066·696c··tainer"].··-·fil00290160:·7461·696e·6572·225d·0a20·202d·2066·696c··tainer"].··-·fil
00290170:·655f·6578·6973·7473·2e73·7461·7420·6973··e_exists.stat·is00290170:·655f·6578·6973·7473·2e73·7461·7420·6973··e_exists.stat·is
Offset 168006, 18 lines modifiedOffset 168006, 18 lines modified
00290450:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th00290450:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th
00290460:·3e3c·7464·3e63·6f6e·6669·6775·7265·3c2f··><td>configure</00290460:·3e3c·7464·3e63·6f6e·6669·6775·7265·3c2f··><td>configure</
00290470:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>00290470:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>
00290480:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem00290480:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem
00290490:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl00290490:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl
002904a0:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c002904a0:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c
002904b0:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms002904b0:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms
002904c0:·0a69·6620·7270·6d20·2d2d·7175·6965·7420··.if·rpm·--quiet· 
002904d0:·2d71·2067·7275·6232·2026·616d·703b·2661··-q·grub2·&amp;&a 
002904e0:·6d70·3b20·5b20·2120·2d66·202f·7379·732f··mp;·[·!·-f·/sys/002904c0:·0a69·6620·5b20·2120·2d66·202f·7379·732f··.if·[·!·-f·/sys/
002904f0:·6669·726d·7761·7265·2f65·6669·205d·2026··firmware/efi·]·&002904d0:·6669·726d·7761·7265·2f65·6669·205d·2026··firmware/efi·]·&
 002904e0:·616d·703b·2661·6d70·3b20·7270·6d20·2d2d··amp;&amp;·rpm·--
 002904f0:·7175·6965·7420·2d71·2067·7275·6232·2026··quiet·-q·grub2·&
00290500:·616d·703b·2661·6d70·3b20·7b20·5b20·2120··amp;&amp;·{·[·!·00290500:·616d·703b·2661·6d70·3b20·7b20·5b20·2120··amp;&amp;·{·[·!·
00290510:·2d66·202f·2e64·6f63·6b65·7265·6e76·205d··-f·/.dockerenv·]00290510:·2d66·202f·2e64·6f63·6b65·7265·6e76·205d··-f·/.dockerenv·]
00290520:·2026·616d·703b·2661·6d70·3b20·5b20·2120···&amp;&amp;·[·!·00290520:·2026·616d·703b·2661·6d70·3b20·5b20·2120···&amp;&amp;·[·!·
00290530:·2d66·202f·7275·6e2f·2e63·6f6e·7461·696e··-f·/run/.contain00290530:·2d66·202f·7275·6e2f·2e63·6f6e·7461·696e··-f·/run/.contain
00290540:·6572·656e·7620·5d3b·207d·3b20·7468·656e··erenv·];·};·then00290540:·6572·656e·7620·5d3b·207d·3b20·7468·656e··erenv·];·};·then
00290550:·0a0a·6368·6772·7020·3020·2f62·6f6f·742f··..chgrp·0·/boot/00290550:·0a0a·6368·6772·7020·3020·2f62·6f6f·742f··..chgrp·0·/boot/
00290560:·6772·7562·322f·6772·7562·2e63·6667·0a0a··grub2/grub.cfg..00290560:·6772·7562·322f·6772·7562·2e63·6667·0a0a··grub2/grub.cfg..
Offset 168515, 21 lines modifiedOffset 168515, 21 lines modified
00292420:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis00292420:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis
00292430:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub00292430:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub
00292440:·322f·6772·7562·2e63·6667·0a20·2073·7461··2/grub.cfg.··sta00292440:·322f·6772·7562·2e63·6667·0a20·2073·7461··2/grub.cfg.··sta
00292450:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo00292450:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo
00292460:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf00292460:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
00292470:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi00292470:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi
00292480:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when00292480:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when
00292490:·3a0a·2020·2d20·2722·6772·7562·3222·2069··:.··-·'"grub2"·i 
002924a0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
002924b0:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'" 
002924c0:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i 
002924d0:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts 
002924e0:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute 
002924f0:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list00292490:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef
 002924a0:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl
 002924b0:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a
 002924c0:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount"
 002924d0:·2920·7c20·6c69·7374·270a·2020·2d20·2722··)·|·list'.··-·'"
 002924e0:·6772·7562·3222·2069·6e20·616e·7369·626c··grub2"·in·ansibl
 002924f0:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
00292500:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi00292500:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
00292510:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ00292510:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
00292520:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke00292520:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
00292530:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open00292530:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
00292540:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"00292540:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
00292550:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta00292550:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta
00292560:·6773·3a0a·2020·2d20·4343·452d·3835·3834··gs:.··-·CCE-858400292560:·6773·3a0a·2020·2d20·4343·452d·3835·3834··gs:.··-·CCE-8584
Offset 168551, 21 lines modifiedOffset 168551, 21 lines modified
00292660:·2d20·6e61·6d65·3a20·456e·7375·7265·206f··-·name:·Ensure·o00292660:·2d20·6e61·6d65·3a20·456e·7375·7265·206f··-·name:·Ensure·o
00292670:·776e·6572·2030·206f·6e20·2f62·6f6f·742f··wner·0·on·/boot/00292670:·776e·6572·2030·206f·6e20·2f62·6f6f·742f··wner·0·on·/boot/
00292680:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·00292680:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·
00292690:·2066·696c·653a·0a20·2020·2070·6174·683a···file:.····path:00292690:·2066·696c·653a·0a20·2020·2070·6174·683a···file:.····path:
Max diff block lines reached; 9151/18356 bytes (49.85%) of diff not shown.
5.54 KB
html2text {}
    
Offset 42, 15 lines modifiedOffset 42, 15 lines modified
42 Profile·Title·CIS·SUSE·Linux·Enterprise·15·Benchmark·for·Level·2·-·Server42 Profile·Title·CIS·SUSE·Linux·Enterprise·15·Benchmark·for·Level·2·-·Server
43 Profile·ID····xccdf_org.ssgproject.content_profile_cis43 Profile·ID····xccdf_org.ssgproject.content_profile_cis
44 ***·CPE·Platforms·***44 ***·CPE·Platforms·***
45 ····*·cpe:/o:suse:linux_enterprise_desktop:1545 ····*·cpe:/o:suse:linux_enterprise_desktop:15
46 ····*·cpe:/o:suse:linux_enterprise_server:1546 ····*·cpe:/o:suse:linux_enterprise_server:15
47 *****·Revision·History·*****47 *****·Revision·History·*****
48 Current·version:·0.1.6548 Current·version:·0.1.65
49 ····*·draft·(as·of·2024-01-14)49 ····*·draft·(as·of·2025-02-15)
50 *****·Table·of·Contents·*****50 *****·Table·of·Contents·*****
51 ···1.·System_Settings51 ···1.·System_Settings
52 ·········1.·Installing_and_Maintaining_Software52 ·········1.·Installing_and_Maintaining_Software
53 ·········2.·Account_and_Access_Control53 ·········2.·Account_and_Access_Control
54 ·········3.·System_Accounting_with_auditd54 ·········3.·System_Accounting_with_auditd
55 ·········4.·AppArmor55 ·········4.·AppArmor
56 ·········5.·GRUB2_bootloader_configuration56 ·········5.·GRUB2_bootloader_configuration
Offset 38061, 16 lines modifiedOffset 38061, 16 lines modified
38061 ··-·no_reboot_needed38061 ··-·no_reboot_needed
  
38062 -·name:·Test·for·existence·/boot/grub2/grub.cfg38062 -·name:·Test·for·existence·/boot/grub2/grub.cfg
38063 ··stat:38063 ··stat:
38064 ····path:·/boot/grub2/grub.cfg38064 ····path:·/boot/grub2/grub.cfg
38065 ··register:·file_exists38065 ··register:·file_exists
38066 ··when:38066 ··when:
38067 ··-·'"grub2"·in·ansible_facts.packages' 
38068 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'38067 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 38068 ··-·'"grub2"·in·ansible_facts.packages'
38069 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]38069 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
38070 ··tags:38070 ··tags:
38071 ··-·CCE-85849-838071 ··-·CCE-85849-8
38072 ··-·CJIS-5.5.2.238072 ··-·CJIS-5.5.2.2
38073 ··-·NIST-800-171-3.4.538073 ··-·NIST-800-171-3.4.5
38074 ··-·NIST-800-53-AC-6(1)38074 ··-·NIST-800-53-AC-6(1)
38075 ··-·NIST-800-53-CM-6(a)38075 ··-·NIST-800-53-CM-6(a)
Offset 38083, 16 lines modifiedOffset 38083, 16 lines modified
38083 ··-·no_reboot_needed38083 ··-·no_reboot_needed
  
38084 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg38084 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
38085 ··file:38085 ··file:
38086 ····path:·/boot/grub2/grub.cfg38086 ····path:·/boot/grub2/grub.cfg
38087 ····group:·'0'38087 ····group:·'0'
38088 ··when:38088 ··when:
38089 ··-·'"grub2"·in·ansible_facts.packages' 
38090 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'38089 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 38090 ··-·'"grub2"·in·ansible_facts.packages'
38091 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]38091 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
38092 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists38092 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
38093 ··tags:38093 ··tags:
38094 ··-·CCE-85849-838094 ··-·CCE-85849-8
38095 ··-·CJIS-5.5.2.238095 ··-·CJIS-5.5.2.2
38096 ··-·NIST-800-171-3.4.538096 ··-·NIST-800-171-3.4.5
38097 ··-·NIST-800-53-AC-6(1)38097 ··-·NIST-800-53-AC-6(1)
Offset 38105, 15 lines modifiedOffset 38105, 15 lines modified
38105 ··-·medium_severity38105 ··-·medium_severity
38106 ··-·no_reboot_needed38106 ··-·no_reboot_needed
38107 Remediation_Shell_script_⇲38107 Remediation_Shell_script_⇲
38108 Complexity:·low38108 Complexity:·low
38109 Disruption:·low38109 Disruption:·low
38110 Strategy:···configure38110 Strategy:···configure
38111 #·Remediation·is·applicable·only·in·certain·platforms38111 #·Remediation·is·applicable·only·in·certain·platforms
38112 if·rpm·--quiet·-q·grub2·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];38112 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];
38113 };·then38113 };·then
  
38114 chgrp·0·/boot/grub2/grub.cfg38114 chgrp·0·/boot/grub2/grub.cfg
  
38115 else38115 else
38116 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'38116 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
38117 fi38117 fi
Offset 38154, 16 lines modifiedOffset 38154, 16 lines modified
38154 ··-·no_reboot_needed38154 ··-·no_reboot_needed
  
38155 -·name:·Test·for·existence·/boot/grub2/grub.cfg38155 -·name:·Test·for·existence·/boot/grub2/grub.cfg
38156 ··stat:38156 ··stat:
38157 ····path:·/boot/grub2/grub.cfg38157 ····path:·/boot/grub2/grub.cfg
38158 ··register:·file_exists38158 ··register:·file_exists
38159 ··when:38159 ··when:
38160 ··-·'"grub2"·in·ansible_facts.packages' 
38161 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'38160 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 38161 ··-·'"grub2"·in·ansible_facts.packages'
38162 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]38162 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
38163 ··tags:38163 ··tags:
38164 ··-·CCE-85848-038164 ··-·CCE-85848-0
38165 ··-·CJIS-5.5.2.238165 ··-·CJIS-5.5.2.2
38166 ··-·NIST-800-171-3.4.538166 ··-·NIST-800-171-3.4.5
38167 ··-·NIST-800-53-AC-6(1)38167 ··-·NIST-800-53-AC-6(1)
38168 ··-·NIST-800-53-CM-6(a)38168 ··-·NIST-800-53-CM-6(a)
Offset 38176, 16 lines modifiedOffset 38176, 16 lines modified
38176 ··-·no_reboot_needed38176 ··-·no_reboot_needed
  
38177 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg38177 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
38178 ··file:38178 ··file:
38179 ····path:·/boot/grub2/grub.cfg38179 ····path:·/boot/grub2/grub.cfg
38180 ····owner:·'0'38180 ····owner:·'0'
38181 ··when:38181 ··when:
38182 ··-·'"grub2"·in·ansible_facts.packages' 
38183 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'38182 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 38183 ··-·'"grub2"·in·ansible_facts.packages'
38184 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]38184 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
38185 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists38185 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
38186 ··tags:38186 ··tags:
38187 ··-·CCE-85848-038187 ··-·CCE-85848-0
38188 ··-·CJIS-5.5.2.238188 ··-·CJIS-5.5.2.2
38189 ··-·NIST-800-171-3.4.538189 ··-·NIST-800-171-3.4.5
38190 ··-·NIST-800-53-AC-6(1)38190 ··-·NIST-800-53-AC-6(1)
Offset 38198, 15 lines modifiedOffset 38198, 15 lines modified
38198 ··-·medium_severity38198 ··-·medium_severity
38199 ··-·no_reboot_needed38199 ··-·no_reboot_needed
38200 Remediation_Shell_script_⇲38200 Remediation_Shell_script_⇲
38201 Complexity:·low38201 Complexity:·low
38202 Disruption:·low38202 Disruption:·low
38203 Strategy:···configure38203 Strategy:···configure
38204 #·Remediation·is·applicable·only·in·certain·platforms38204 #·Remediation·is·applicable·only·in·certain·platforms
38205 if·rpm·--quiet·-q·grub2·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];38205 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];
38206 };·then38206 };·then
  
38207 chown·0·/boot/grub2/grub.cfg38207 chown·0·/boot/grub2/grub.cfg
  
38208 else38208 else
38209 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'38209 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
38210 fi38210 fi
Offset 38245, 16 lines modifiedOffset 38245, 16 lines modified
38245 ··-·no_reboot_needed38245 ··-·no_reboot_needed
  
38246 -·name:·Test·for·existence·/boot/grub2/grub.cfg38246 -·name:·Test·for·existence·/boot/grub2/grub.cfg
38247 ··stat:38247 ··stat:
38248 ····path:·/boot/grub2/grub.cfg38248 ····path:·/boot/grub2/grub.cfg
38249 ··register:·file_exists38249 ··register:·file_exists
38250 ··when:38250 ··when:
Max diff block lines reached; 1413/5653 bytes (25.00%) of diff not shown.
23.3 KB
./usr/share/doc/ssg-nondebian/ssg-sle15-guide-cis_server_l1.html
    
Offset 14312, 15 lines modifiedOffset 14312, 15 lines modified
00037e70:·6f72·793c·2f68·323e·3c70·3e43·7572·7265··ory</h2><p>Curre00037e70:·6f72·793c·2f68·323e·3c70·3e43·7572·7265··ory</h2><p>Curre
00037e80:·6e74·2076·6572·7369·6f6e·3a20·3c73·7472··nt·version:·<str00037e80:·6e74·2076·6572·7369·6f6e·3a20·3c73·7472··nt·version:·<str
00037e90:·6f6e·673e·302e·312e·3635·3c2f·7374·726f··ong>0.1.65</stro00037e90:·6f6e·673e·302e·312e·3635·3c2f·7374·726f··ong>0.1.65</stro
00037ea0:·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c··ng></p><ul><li><00037ea0:·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c··ng></p><ul><li><
00037eb0:·7374·726f·6e67·3e64·7261·6674·3c2f·7374··strong>draft</st00037eb0:·7374·726f·6e67·3e64·7261·6674·3c2f·7374··strong>draft</st
00037ec0:·726f·6e67·3e0a·2020·2020·2020·2020·2020··rong>.··········00037ec0:·726f·6e67·3e0a·2020·2020·2020·2020·2020··rong>.··········
00037ed0:·2020·2020·2020·2020·2020·2861·7320·6f66············(as·of00037ed0:·2020·2020·2020·2020·2020·2861·7320·6f66············(as·of
00037ee0:·2032·3032·342d·3031·2d31·3429·0a20·2020···2024-01-14).···00037ee0:·2032·3032·352d·3032·2d31·3529·0a20·2020···2025-02-15).···
00037ef0:·2020·2020·2020·2020·2020·2020·203c·2f6c···············</l00037ef0:·2020·2020·2020·2020·2020·2020·203c·2f6c···············</l
00037f00:·693e·3c2f·756c·3e3c·2f64·6976·3e3c·6832··i></ul></div><h200037f00:·693e·3c2f·756c·3e3c·2f64·6976·3e3c·6832··i></ul></div><h2
00037f10:·3e54·6162·6c65·206f·6620·436f·6e74·656e··>Table·of·Conten00037f10:·3e54·6162·6c65·206f·6620·436f·6e74·656e··>Table·of·Conten
00037f20:·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c··ts</h2><ol><li><00037f20:·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c··ts</h2><ol><li><
00037f30:·6120·6872·6566·3d22·2378·6363·6466·5f6f··a·href="#xccdf_o00037f30:·6120·6872·6566·3d22·2378·6363·6466·5f6f··a·href="#xccdf_o
00037f40:·7267·2e73·7367·7072·6f6a·6563·742e·636f··rg.ssgproject.co00037f40:·7267·2e73·7367·7072·6f6a·6563·742e·636f··rg.ssgproject.co
00037f50:·6e74·656e·745f·6772·6f75·705f·7379·7374··ntent_group_syst00037f50:·6e74·656e·745f·6772·6f75·705f·7379·7374··ntent_group_syst
Offset 47494, 22 lines modifiedOffset 47494, 22 lines modified
000b9850:·0a2d·206e·616d·653a·2054·6573·7420·666f··.-·name:·Test·fo000b9850:·0a2d·206e·616d·653a·2054·6573·7420·666f··.-·name:·Test·fo
000b9860:·7220·6578·6973·7465·6e63·6520·2f62·6f6f··r·existence·/boo000b9860:·7220·6578·6973·7465·6e63·6520·2f62·6f6f··r·existence·/boo
000b9870:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg000b9870:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg
000b9880:·0a20·2073·7461·743a·0a20·2020·2070·6174··.··stat:.····pat000b9880:·0a20·2073·7461·743a·0a20·2020·2070·6174··.··stat:.····pat
000b9890:·683a·202f·626f·6f74·2f67·7275·6232·2f67··h:·/boot/grub2/g000b9890:·683a·202f·626f·6f74·2f67·7275·6232·2f67··h:·/boot/grub2/g
000b98a0:·7275·622e·6366·670a·2020·7265·6769·7374··rub.cfg.··regist000b98a0:·7275·622e·6366·670a·2020·7265·6769·7374··rub.cfg.··regist
000b98b0:·6572·3a20·6669·6c65·5f65·7869·7374·730a··er:·file_exists.000b98b0:·6572·3a20·6669·6c65·5f65·7869·7374·730a··er:·file_exists.
000b98c0:·2020·7768·656e·3a0a·2020·2d20·2722·6772····when:.··-·'"gr000b98c0:·2020·7768·656e·3a0a·2020·2d20·2722·2f62····when:.··-·'"/b
000b98d0:·7562·3222·2069·6e20·616e·7369·626c·655f··ub2"·in·ansible_ 
000b98e0:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'. 
000b98f0:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi" 
000b9900:·206e·6f74·2069·6e20·616e·7369·626c·655f···not·in·ansible_ 
000b9910:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att 
000b9920:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")·000b98d0:·6f6f·742f·6566·6922·206e·6f74·2069·6e20··oot/efi"·not·in·
 000b98e0:·616e·7369·626c·655f·6d6f·756e·7473·207c··ansible_mounts·|
 000b98f0:·206d·6170·2861·7474·7269·6275·7465·3d22···map(attribute="
 000b9900:·6d6f·756e·7422·2920·7c20·6c69·7374·270a··mount")·|·list'.
 000b9910:·2020·2d20·2722·6772·7562·3222·2069·6e20····-·'"grub2"·in·
 000b9920:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
000b9930:·7c20·6c69·7374·270a·2020·2d20·616e·7369··|·list'.··-·ansi000b9930:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi
000b9940:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati000b9940:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
000b9950:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[000b9950:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
000b9960:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",000b9960:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
000b9970:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm000b9970:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
000b9980:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"000b9980:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
000b9990:·5d0a·2020·7461·6773·3a0a·2020·2d20·4343··].··tags:.··-·CC000b9990:·5d0a·2020·7461·6773·3a0a·2020·2d20·4343··].··tags:.··-·CC
000b99a0:·452d·3835·3834·392d·380a·2020·2d20·434a··E-85849-8.··-·CJ000b99a0:·452d·3835·3834·392d·380a·2020·2d20·434a··E-85849-8.··-·CJ
Offset 47531, 21 lines modifiedOffset 47531, 21 lines modified
000b9aa0:·653a·2045·6e73·7572·6520·6772·6f75·7020··e:·Ensure·group·000b9aa0:·653a·2045·6e73·7572·6520·6772·6f75·7020··e:·Ensure·group·
000b9ab0:·6f77·6e65·7220·3020·6f6e·202f·626f·6f74··owner·0·on·/boot000b9ab0:·6f77·6e65·7220·3020·6f6e·202f·626f·6f74··owner·0·on·/boot
000b9ac0:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.000b9ac0:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.
000b9ad0:·2020·6669·6c65·3a0a·2020·2020·7061·7468····file:.····path000b9ad0:·2020·6669·6c65·3a0a·2020·2020·7061·7468····file:.····path
000b9ae0:·3a20·2f62·6f6f·742f·6772·7562·322f·6772··:·/boot/grub2/gr000b9ae0:·3a20·2f62·6f6f·742f·6772·7562·322f·6772··:·/boot/grub2/gr
000b9af0:·7562·2e63·6667·0a20·2020·2067·726f·7570··ub.cfg.····group000b9af0:·7562·2e63·6667·0a20·2020·2067·726f·7570··ub.cfg.····group
000b9b00:·3a20·2730·270a·2020·7768·656e·3a0a·2020··:·'0'.··when:.··000b9b00:·3a20·2730·270a·2020·7768·656e·3a0a·2020··:·'0'.··when:.··
000b9b10:·2d20·2722·6772·7562·3222·2069·6e20·616e··-·'"grub2"·in·an 
000b9b20:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack 
000b9b30:·6167·6573·270a·2020·2d20·2722·2f62·6f6f··ages'.··-·'"/boo 
000b9b40:·742f·6566·6922·206e·6f74·2069·6e20·616e··t/efi"·not·in·an 
000b9b50:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m 
000b9b60:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo 
000b9b70:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.··000b9b10:·2d20·2722·2f62·6f6f·742f·6566·6922·206e··-·'"/boot/efi"·n
 000b9b20:·6f74·2069·6e20·616e·7369·626c·655f·6d6f··ot·in·ansible_mo
 000b9b30:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri
 000b9b40:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|·
 000b9b50:·6c69·7374·270a·2020·2d20·2722·6772·7562··list'.··-·'"grub
 000b9b60:·3222·2069·6e20·616e·7369·626c·655f·6661··2"·in·ansible_fa
 000b9b70:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
000b9b80:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua000b9b80:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
000b9b90:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no000b9b90:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
000b9ba0:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·000b9ba0:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
000b9bb0:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",000b9bb0:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
000b9bc0:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont000b9bc0:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
000b9bd0:·6169·6e65·7222·5d0a·2020·2d20·6669·6c65··ainer"].··-·file000b9bd0:·6169·6e65·7222·5d0a·2020·2d20·6669·6c65··ainer"].··-·file
000b9be0:·5f65·7869·7374·732e·7374·6174·2069·7320··_exists.stat·is·000b9be0:·5f65·7869·7374·732e·7374·6174·2069·7320··_exists.stat·is·
Offset 47597, 18 lines modifiedOffset 47597, 18 lines modified
000b9ec0:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>000b9ec0:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>
000b9ed0:·3c74·643e·636f·6e66·6967·7572·653c·2f74··<td>configure</t000b9ed0:·3c74·643e·636f·6e66·6967·7572·653c·2f74··<td>configure</t
000b9ee0:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table><000b9ee0:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table><
000b9ef0:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme000b9ef0:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme
000b9f00:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli000b9f00:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli
000b9f10:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce000b9f10:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce
000b9f20:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.000b9f20:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.
000b9f30:·6966·2072·706d·202d·2d71·7569·6574·202d··if·rpm·--quiet·- 
000b9f40:·7120·6772·7562·3220·2661·6d70·3b26·616d··q·grub2·&amp;&am 
000b9f50:·703b·205b·2021·202d·6620·2f73·7973·2f66··p;·[·!·-f·/sys/f000b9f30:·6966·205b·2021·202d·6620·2f73·7973·2f66··if·[·!·-f·/sys/f
000b9f60:·6972·6d77·6172·652f·6566·6920·5d20·2661··irmware/efi·]·&a000b9f40:·6972·6d77·6172·652f·6566·6920·5d20·2661··irmware/efi·]·&a
 000b9f50:·6d70·3b26·616d·703b·2072·706d·202d·2d71··mp;&amp;·rpm·--q
 000b9f60:·7569·6574·202d·7120·6772·7562·3220·2661··uiet·-q·grub2·&a
000b9f70:·6d70·3b26·616d·703b·207b·205b·2021·202d··mp;&amp;·{·[·!·-000b9f70:·6d70·3b26·616d·703b·207b·205b·2021·202d··mp;&amp;·{·[·!·-
000b9f80:·6620·2f2e·646f·636b·6572·656e·7620·5d20··f·/.dockerenv·]·000b9f80:·6620·2f2e·646f·636b·6572·656e·7620·5d20··f·/.dockerenv·]·
000b9f90:·2661·6d70·3b26·616d·703b·205b·2021·202d··&amp;&amp;·[·!·-000b9f90:·2661·6d70·3b26·616d·703b·205b·2021·202d··&amp;&amp;·[·!·-
000b9fa0:·6620·2f72·756e·2f2e·636f·6e74·6169·6e65··f·/run/.containe000b9fa0:·6620·2f72·756e·2f2e·636f·6e74·6169·6e65··f·/run/.containe
000b9fb0:·7265·6e76·205d·3b20·7d3b·2074·6865·6e0a··renv·];·};·then.000b9fb0:·7265·6e76·205d·3b20·7d3b·2074·6865·6e0a··renv·];·};·then.
000b9fc0:·0a63·6867·7270·2030·202f·626f·6f74·2f67··.chgrp·0·/boot/g000b9fc0:·0a63·6867·7270·2030·202f·626f·6f74·2f67··.chgrp·0·/boot/g
000b9fd0:·7275·6232·2f67·7275·622e·6366·670a·0a65··rub2/grub.cfg..e000b9fd0:·7275·6232·2f67·7275·622e·6366·670a·0a65··rub2/grub.cfg..e
Offset 48106, 21 lines modifiedOffset 48106, 21 lines modified
000bbe90:·3a20·5465·7374·2066·6f72·2065·7869·7374··:·Test·for·exist000bbe90:·3a20·5465·7374·2066·6f72·2065·7869·7374··:·Test·for·exist
000bbea0:·656e·6365·202f·626f·6f74·2f67·7275·6232··ence·/boot/grub2000bbea0:·656e·6365·202f·626f·6f74·2f67·7275·6232··ence·/boot/grub2
000bbeb0:·2f67·7275·622e·6366·670a·2020·7374·6174··/grub.cfg.··stat000bbeb0:·2f67·7275·622e·6366·670a·2020·7374·6174··/grub.cfg.··stat
000bbec0:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo000bbec0:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo
000bbed0:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg000bbed0:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg
000bbee0:·0a20·2072·6567·6973·7465·723a·2066·696c··.··register:·fil000bbee0:·0a20·2072·6567·6973·7465·723a·2066·696c··.··register:·fil
000bbef0:·655f·6578·6973·7473·0a20·2077·6865·6e3a··e_exists.··when:000bbef0:·655f·6578·6973·7473·0a20·2077·6865·6e3a··e_exists.··when:
000bbf00:·0a20·202d·2027·2267·7275·6232·2220·696e··.··-·'"grub2"·in 
000bbf10:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
000bbf20:·6163·6b61·6765·7327·0a20·202d·2027·222f··ackages'.··-·'"/ 
000bbf30:·626f·6f74·2f65·6669·2220·6e6f·7420·696e··boot/efi"·not·in 
000bbf40:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts· 
000bbf50:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute= 
000bbf60:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list'000bbf00:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi
 000bbf10:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible
 000bbf20:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at
 000bbf30:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount")
 000bbf40:·207c·206c·6973·7427·0a20·202d·2027·2267···|·list'.··-·'"g
 000bbf50:·7275·6232·2220·696e·2061·6e73·6962·6c65··rub2"·in·ansible
 000bbf60:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
000bbf70:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir000bbf70:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
000bbf80:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type000bbf80:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
000bbf90:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker000bbf90:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
000bbfa0:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv000bbfa0:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
000bbfb0:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c000bbfb0:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
000bbfc0:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag000bbfc0:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag
000bbfd0:·733a·0a20·202d·2043·4345·2d38·3538·3438··s:.··-·CCE-85848000bbfd0:·733a·0a20·202d·2043·4345·2d38·3538·3438··s:.··-·CCE-85848
Offset 48142, 21 lines modifiedOffset 48142, 21 lines modified
000bc0d0:·206e·616d·653a·2045·6e73·7572·6520·6f77···name:·Ensure·ow000bc0d0:·206e·616d·653a·2045·6e73·7572·6520·6f77···name:·Ensure·ow
000bc0e0:·6e65·7220·3020·6f6e·202f·626f·6f74·2f67··ner·0·on·/boot/g000bc0e0:·6e65·7220·3020·6f6e·202f·626f·6f74·2f67··ner·0·on·/boot/g
000bc0f0:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··000bc0f0:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··
000bc100:·6669·6c65·3a0a·2020·2020·7061·7468·3a20··file:.····path:·000bc100:·6669·6c65·3a0a·2020·2020·7061·7468·3a20··file:.····path:·
000bc110:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub000bc110:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
000bc120:·2e63·6667·0a20·2020·206f·776e·6572·3a20··.cfg.····owner:·000bc120:·2e63·6667·0a20·2020·206f·776e·6572·3a20··.cfg.····owner:·
Max diff block lines reached; 8867/18062 bytes (49.09%) of diff not shown.
5.52 KB
html2text {}
    
Offset 42, 15 lines modifiedOffset 42, 15 lines modified
42 Profile·Title·CIS·SUSE·Linux·Enterprise·15·Benchmark·for·Level·1·-·Server42 Profile·Title·CIS·SUSE·Linux·Enterprise·15·Benchmark·for·Level·1·-·Server
43 Profile·ID····xccdf_org.ssgproject.content_profile_cis_server_l143 Profile·ID····xccdf_org.ssgproject.content_profile_cis_server_l1
44 ***·CPE·Platforms·***44 ***·CPE·Platforms·***
45 ····*·cpe:/o:suse:linux_enterprise_desktop:1545 ····*·cpe:/o:suse:linux_enterprise_desktop:15
46 ····*·cpe:/o:suse:linux_enterprise_server:1546 ····*·cpe:/o:suse:linux_enterprise_server:15
47 *****·Revision·History·*****47 *****·Revision·History·*****
48 Current·version:·0.1.6548 Current·version:·0.1.65
49 ····*·draft·(as·of·2024-01-14)49 ····*·draft·(as·of·2025-02-15)
50 *****·Table·of·Contents·*****50 *****·Table·of·Contents·*****
51 ···1.·System_Settings51 ···1.·System_Settings
52 ·········1.·Installing_and_Maintaining_Software52 ·········1.·Installing_and_Maintaining_Software
53 ·········2.·Account_and_Access_Control53 ·········2.·Account_and_Access_Control
54 ·········3.·AppArmor54 ·········3.·AppArmor
55 ·········4.·GRUB2_bootloader_configuration55 ·········4.·GRUB2_bootloader_configuration
56 ·········5.·Configure_Syslog56 ·········5.·Configure_Syslog
Offset 5503, 16 lines modifiedOffset 5503, 16 lines modified
5503 ··-·no_reboot_needed5503 ··-·no_reboot_needed
  
5504 -·name:·Test·for·existence·/boot/grub2/grub.cfg5504 -·name:·Test·for·existence·/boot/grub2/grub.cfg
5505 ··stat:5505 ··stat:
5506 ····path:·/boot/grub2/grub.cfg5506 ····path:·/boot/grub2/grub.cfg
5507 ··register:·file_exists5507 ··register:·file_exists
5508 ··when:5508 ··when:
5509 ··-·'"grub2"·in·ansible_facts.packages' 
5510 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'5509 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 5510 ··-·'"grub2"·in·ansible_facts.packages'
5511 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5511 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5512 ··tags:5512 ··tags:
5513 ··-·CCE-85849-85513 ··-·CCE-85849-8
5514 ··-·CJIS-5.5.2.25514 ··-·CJIS-5.5.2.2
5515 ··-·NIST-800-171-3.4.55515 ··-·NIST-800-171-3.4.5
5516 ··-·NIST-800-53-AC-6(1)5516 ··-·NIST-800-53-AC-6(1)
5517 ··-·NIST-800-53-CM-6(a)5517 ··-·NIST-800-53-CM-6(a)
Offset 5525, 16 lines modifiedOffset 5525, 16 lines modified
5525 ··-·no_reboot_needed5525 ··-·no_reboot_needed
  
5526 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg5526 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
5527 ··file:5527 ··file:
5528 ····path:·/boot/grub2/grub.cfg5528 ····path:·/boot/grub2/grub.cfg
5529 ····group:·'0'5529 ····group:·'0'
5530 ··when:5530 ··when:
5531 ··-·'"grub2"·in·ansible_facts.packages' 
5532 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'5531 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 5532 ··-·'"grub2"·in·ansible_facts.packages'
5533 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5533 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5534 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists5534 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
5535 ··tags:5535 ··tags:
5536 ··-·CCE-85849-85536 ··-·CCE-85849-8
5537 ··-·CJIS-5.5.2.25537 ··-·CJIS-5.5.2.2
5538 ··-·NIST-800-171-3.4.55538 ··-·NIST-800-171-3.4.5
5539 ··-·NIST-800-53-AC-6(1)5539 ··-·NIST-800-53-AC-6(1)
Offset 5547, 15 lines modifiedOffset 5547, 15 lines modified
5547 ··-·medium_severity5547 ··-·medium_severity
5548 ··-·no_reboot_needed5548 ··-·no_reboot_needed
5549 Remediation_Shell_script_⇲5549 Remediation_Shell_script_⇲
5550 Complexity:·low5550 Complexity:·low
5551 Disruption:·low5551 Disruption:·low
5552 Strategy:···configure5552 Strategy:···configure
5553 #·Remediation·is·applicable·only·in·certain·platforms5553 #·Remediation·is·applicable·only·in·certain·platforms
5554 if·rpm·--quiet·-q·grub2·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];5554 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];
5555 };·then5555 };·then
  
5556 chgrp·0·/boot/grub2/grub.cfg5556 chgrp·0·/boot/grub2/grub.cfg
  
5557 else5557 else
5558 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'5558 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
5559 fi5559 fi
Offset 5596, 16 lines modifiedOffset 5596, 16 lines modified
5596 ··-·no_reboot_needed5596 ··-·no_reboot_needed
  
5597 -·name:·Test·for·existence·/boot/grub2/grub.cfg5597 -·name:·Test·for·existence·/boot/grub2/grub.cfg
5598 ··stat:5598 ··stat:
5599 ····path:·/boot/grub2/grub.cfg5599 ····path:·/boot/grub2/grub.cfg
5600 ··register:·file_exists5600 ··register:·file_exists
5601 ··when:5601 ··when:
5602 ··-·'"grub2"·in·ansible_facts.packages' 
5603 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'5602 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 5603 ··-·'"grub2"·in·ansible_facts.packages'
5604 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5604 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5605 ··tags:5605 ··tags:
5606 ··-·CCE-85848-05606 ··-·CCE-85848-0
5607 ··-·CJIS-5.5.2.25607 ··-·CJIS-5.5.2.2
5608 ··-·NIST-800-171-3.4.55608 ··-·NIST-800-171-3.4.5
5609 ··-·NIST-800-53-AC-6(1)5609 ··-·NIST-800-53-AC-6(1)
5610 ··-·NIST-800-53-CM-6(a)5610 ··-·NIST-800-53-CM-6(a)
Offset 5618, 16 lines modifiedOffset 5618, 16 lines modified
5618 ··-·no_reboot_needed5618 ··-·no_reboot_needed
  
5619 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg5619 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
5620 ··file:5620 ··file:
5621 ····path:·/boot/grub2/grub.cfg5621 ····path:·/boot/grub2/grub.cfg
5622 ····owner:·'0'5622 ····owner:·'0'
5623 ··when:5623 ··when:
5624 ··-·'"grub2"·in·ansible_facts.packages' 
5625 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'5624 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 5625 ··-·'"grub2"·in·ansible_facts.packages'
5626 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5626 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5627 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists5627 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
5628 ··tags:5628 ··tags:
5629 ··-·CCE-85848-05629 ··-·CCE-85848-0
5630 ··-·CJIS-5.5.2.25630 ··-·CJIS-5.5.2.2
5631 ··-·NIST-800-171-3.4.55631 ··-·NIST-800-171-3.4.5
5632 ··-·NIST-800-53-AC-6(1)5632 ··-·NIST-800-53-AC-6(1)
Offset 5640, 15 lines modifiedOffset 5640, 15 lines modified
5640 ··-·medium_severity5640 ··-·medium_severity
5641 ··-·no_reboot_needed5641 ··-·no_reboot_needed
5642 Remediation_Shell_script_⇲5642 Remediation_Shell_script_⇲
5643 Complexity:·low5643 Complexity:·low
5644 Disruption:·low5644 Disruption:·low
5645 Strategy:···configure5645 Strategy:···configure
5646 #·Remediation·is·applicable·only·in·certain·platforms5646 #·Remediation·is·applicable·only·in·certain·platforms
5647 if·rpm·--quiet·-q·grub2·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];5647 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];
5648 };·then5648 };·then
  
5649 chown·0·/boot/grub2/grub.cfg5649 chown·0·/boot/grub2/grub.cfg
  
5650 else5650 else
5651 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'5651 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
5652 fi5652 fi
Offset 5687, 16 lines modifiedOffset 5687, 16 lines modified
5687 ··-·no_reboot_needed5687 ··-·no_reboot_needed
  
5688 -·name:·Test·for·existence·/boot/grub2/grub.cfg5688 -·name:·Test·for·existence·/boot/grub2/grub.cfg
5689 ··stat:5689 ··stat:
5690 ····path:·/boot/grub2/grub.cfg5690 ····path:·/boot/grub2/grub.cfg
5691 ··register:·file_exists5691 ··register:·file_exists
5692 ··when:5692 ··when:
Max diff block lines reached; 1409/5632 bytes (25.02%) of diff not shown.
23.4 KB
./usr/share/doc/ssg-nondebian/ssg-sle15-guide-cis_workstation_l1.html
    
Offset 14313, 15 lines modifiedOffset 14313, 15 lines modified
00037e80:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C00037e80:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C
00037e90:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·00037e90:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·
00037ea0:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</00037ea0:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</
00037eb0:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><00037eb0:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><
00037ec0:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft00037ec0:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft
00037ed0:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······00037ed0:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······
00037ee0:·2020·2020·2020·2020·2020·2020·2020·2861················(a00037ee0:·2020·2020·2020·2020·2020·2020·2020·2861················(a
00037ef0:·7320·6f66·2032·3032·342d·3031·2d31·3429··s·of·2024-01-14)00037ef0:·7320·6f66·2032·3032·352d·3032·2d31·3529··s·of·2025-02-15)
00037f00:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············00037f00:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············
00037f10:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div00037f10:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div
00037f20:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co00037f20:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co
00037f30:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><00037f30:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><
00037f40:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc00037f40:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc
00037f50:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec00037f50:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec
00037f60:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_00037f60:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_
Offset 47486, 21 lines modifiedOffset 47486, 21 lines modified
000b97d0:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·000b97d0:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·
000b97e0:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub000b97e0:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
000b97f0:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···000b97f0:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···
000b9800:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru000b9800:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru
000b9810:·6232·2f67·7275·622e·6366·670a·2020·7265··b2/grub.cfg.··re000b9810:·6232·2f67·7275·622e·6366·670a·2020·7265··b2/grub.cfg.··re
000b9820:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi000b9820:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi
000b9830:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·000b9830:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·
000b9840:·2722·6772·7562·3222·2069·6e20·616e·7369··'"grub2"·in·ansi 
000b9850:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag 
000b9860:·6573·270a·2020·2d20·2722·2f62·6f6f·742f··es'.··-·'"/boot/ 
000b9870:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi 
000b9880:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map 
000b9890:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun 
000b98a0:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-·000b9840:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not
 000b9850:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun
 000b9860:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu
 000b9870:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li
 000b9880:·7374·270a·2020·2d20·2722·6772·7562·3222··st'.··-·'"grub2"
 000b9890:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 000b98a0:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·
000b98b0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali000b98b0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
000b98c0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·000b98c0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
000b98d0:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l000b98d0:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
000b98e0:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"000b98e0:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
000b98f0:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai000b98f0:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
000b9900:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··000b9900:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··
000b9910:·2d20·4343·452d·3835·3834·392d·380a·2020··-·CCE-85849-8.··000b9910:·2d20·4343·452d·3835·3834·392d·380a·2020··-·CCE-85849-8.··
Offset 47522, 21 lines modifiedOffset 47522, 21 lines modified
000b9a10:·206e·616d·653a·2045·6e73·7572·6520·6772···name:·Ensure·gr000b9a10:·206e·616d·653a·2045·6e73·7572·6520·6772···name:·Ensure·gr
000b9a20:·6f75·7020·6f77·6e65·7220·3020·6f6e·202f··oup·owner·0·on·/000b9a20:·6f75·7020·6f77·6e65·7220·3020·6f6e·202f··oup·owner·0·on·/
000b9a30:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.000b9a30:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
000b9a40:·6366·670a·2020·6669·6c65·3a0a·2020·2020··cfg.··file:.····000b9a40:·6366·670a·2020·6669·6c65·3a0a·2020·2020··cfg.··file:.····
000b9a50:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub000b9a50:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub
000b9a60:·322f·6772·7562·2e63·6667·0a20·2020·2067··2/grub.cfg.····g000b9a60:·322f·6772·7562·2e63·6667·0a20·2020·2067··2/grub.cfg.····g
000b9a70:·726f·7570·3a20·2730·270a·2020·7768·656e··roup:·'0'.··when000b9a70:·726f·7570·3a20·2730·270a·2020·7768·656e··roup:·'0'.··when
000b9a80:·3a0a·2020·2d20·2722·6772·7562·3222·2069··:.··-·'"grub2"·i 
000b9a90:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
000b9aa0:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'" 
000b9ab0:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i 
000b9ac0:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts 
000b9ad0:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute 
000b9ae0:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list000b9a80:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef
 000b9a90:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl
 000b9aa0:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a
 000b9ab0:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount"
 000b9ac0:·2920·7c20·6c69·7374·270a·2020·2d20·2722··)·|·list'.··-·'"
 000b9ad0:·6772·7562·3222·2069·6e20·616e·7369·626c··grub2"·in·ansibl
 000b9ae0:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
000b9af0:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi000b9af0:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
000b9b00:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ000b9b00:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
000b9b10:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke000b9b10:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
000b9b20:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open000b9b20:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
000b9b30:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"000b9b30:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
000b9b40:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·000b9b40:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·
000b9b50:·6669·6c65·5f65·7869·7374·732e·7374·6174··file_exists.stat000b9b50:·6669·6c65·5f65·7869·7374·732e·7374·6174··file_exists.stat
Offset 47588, 19 lines modifiedOffset 47588, 19 lines modified
000b9e30:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<000b9e30:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<
000b9e40:·2f74·683e·3c74·643e·636f·6e66·6967·7572··/th><td>configur000b9e40:·2f74·683e·3c74·643e·636f·6e66·6967·7572··/th><td>configur
000b9e50:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab000b9e50:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab
000b9e60:·6c65·3e3c·7072·653e·3c63·6f64·653e·2320··le><pre><code>#·000b9e60:·6c65·3e3c·7072·653e·3c63·6f64·653e·2320··le><pre><code>#·
000b9e70:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a000b9e70:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a
000b9e80:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i000b9e80:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i
000b9e90:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo000b9e90:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo
000b9ea0:·726d·730a·6966·2072·706d·202d·2d71·7569··rms.if·rpm·--qui 
000b9eb0:·6574·202d·7120·6772·7562·3220·2661·6d70··et·-q·grub2·&amp 
000b9ec0:·3b26·616d·703b·205b·2021·202d·6620·2f73··;&amp;·[·!·-f·/s000b9ea0:·726d·730a·6966·205b·2021·202d·6620·2f73··rms.if·[·!·-f·/s
000b9ed0:·7973·2f66·6972·6d77·6172·652f·6566·6920··ys/firmware/efi·000b9eb0:·7973·2f66·6972·6d77·6172·652f·6566·6920··ys/firmware/efi·
 000b9ec0:·5d20·2661·6d70·3b26·616d·703b·2072·706d··]·&amp;&amp;·rpm
 000b9ed0:·202d·2d71·7569·6574·202d·7120·6772·7562···--quiet·-q·grub
000b9ee0:·5d20·2661·6d70·3b26·616d·703b·207b·205b··]·&amp;&amp;·{·[000b9ee0:·3220·2661·6d70·3b26·616d·703b·207b·205b··2·&amp;&amp;·{·[
000b9ef0:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren000b9ef0:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren
000b9f00:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[000b9f00:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[
000b9f10:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont000b9f10:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont
000b9f20:·6169·6e65·7265·6e76·205d·3b20·7d3b·2074··ainerenv·];·};·t000b9f20:·6169·6e65·7265·6e76·205d·3b20·7d3b·2074··ainerenv·];·};·t
000b9f30:·6865·6e0a·0a63·6867·7270·2030·202f·626f··hen..chgrp·0·/bo000b9f30:·6865·6e0a·0a63·6867·7270·2030·202f·626f··hen..chgrp·0·/bo
000b9f40:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf000b9f40:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
000b9f50:·670a·0a65·6c73·650a·2020·2020·2667·743b··g..else.····&gt;000b9f50:·670a·0a65·6c73·650a·2020·2020·2667·743b··g..else.····&gt;
Offset 48097, 22 lines modifiedOffset 48097, 22 lines modified
000bbe00:·6e61·6d65·3a20·5465·7374·2066·6f72·2065··name:·Test·for·e000bbe00:·6e61·6d65·3a20·5465·7374·2066·6f72·2065··name:·Test·for·e
000bbe10:·7869·7374·656e·6365·202f·626f·6f74·2f67··xistence·/boot/g000bbe10:·7869·7374·656e·6365·202f·626f·6f74·2f67··xistence·/boot/g
000bbe20:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··000bbe20:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··
000bbe30:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:·000bbe30:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:·
000bbe40:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub000bbe40:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
000bbe50:·2e63·6667·0a20·2072·6567·6973·7465·723a··.cfg.··register:000bbe50:·2e63·6667·0a20·2072·6567·6973·7465·723a··.cfg.··register:
000bbe60:·2066·696c·655f·6578·6973·7473·0a20·2077···file_exists.··w000bbe60:·2066·696c·655f·6578·6973·7473·0a20·2077···file_exists.··w
000bbe70:·6865·6e3a·0a20·202d·2027·2267·7275·6232··hen:.··-·'"grub2000bbe70:·6865·6e3a·0a20·202d·2027·222f·626f·6f74··hen:.··-·'"/boot
000bbe80:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
000bbe90:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··- 
000bbea0:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no 
000bbeb0:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou 
000bbec0:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib 
000bbed0:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l000bbe80:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans
 000bbe90:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma
 000bbea0:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou
 000bbeb0:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··-
 000bbec0:·2027·2267·7275·6232·2220·696e·2061·6e73···'"grub2"·in·ans
 000bbed0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
000bbee0:·6973·7427·0a20·202d·2061·6e73·6962·6c65··ist'.··-·ansible000bbee0:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible
000bbef0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_000bbef0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
000bbf00:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do000bbf00:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
000bbf10:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o000bbf10:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
000bbf20:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"000bbf20:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
000bbf30:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·000bbf30:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
000bbf40:·2074·6167·733a·0a20·202d·2043·4345·2d38···tags:.··-·CCE-8000bbf40:·2074·6167·733a·0a20·202d·2043·4345·2d38···tags:.··-·CCE-8
000bbf50:·3538·3438·2d30·0a20·202d·2043·4a49·532d··5848-0.··-·CJIS-000bbf50:·3538·3438·2d30·0a20·202d·2043·4a49·532d··5848-0.··-·CJIS-
Offset 48133, 21 lines modifiedOffset 48133, 21 lines modified
000bc040:·640a·0a2d·206e·616d·653a·2045·6e73·7572··d..-·name:·Ensur000bc040:·640a·0a2d·206e·616d·653a·2045·6e73·7572··d..-·name:·Ensur
000bc050:·6520·6f77·6e65·7220·3020·6f6e·202f·626f··e·owner·0·on·/bo000bc050:·6520·6f77·6e65·7220·3020·6f6e·202f·626f··e·owner·0·on·/bo
000bc060:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf000bc060:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
000bc070:·670a·2020·6669·6c65·3a0a·2020·2020·7061··g.··file:.····pa000bc070:·670a·2020·6669·6c65·3a0a·2020·2020·7061··g.··file:.····pa
000bc080:·7468·3a20·2f62·6f6f·742f·6772·7562·322f··th:·/boot/grub2/000bc080:·7468·3a20·2f62·6f6f·742f·6772·7562·322f··th:·/boot/grub2/
Max diff block lines reached; 8936/18200 bytes (49.10%) of diff not shown.
5.53 KB
html2text {}
    
Offset 42, 15 lines modifiedOffset 42, 15 lines modified
42 Profile·Title·CIS·SUSE·Linux·Enterprise·15·Benchmark·for·Level·1·-·Workstation42 Profile·Title·CIS·SUSE·Linux·Enterprise·15·Benchmark·for·Level·1·-·Workstation
43 Profile·ID····xccdf_org.ssgproject.content_profile_cis_workstation_l143 Profile·ID····xccdf_org.ssgproject.content_profile_cis_workstation_l1
44 ***·CPE·Platforms·***44 ***·CPE·Platforms·***
45 ····*·cpe:/o:suse:linux_enterprise_desktop:1545 ····*·cpe:/o:suse:linux_enterprise_desktop:15
46 ····*·cpe:/o:suse:linux_enterprise_server:1546 ····*·cpe:/o:suse:linux_enterprise_server:15
47 *****·Revision·History·*****47 *****·Revision·History·*****
48 Current·version:·0.1.6548 Current·version:·0.1.65
49 ····*·draft·(as·of·2024-01-14)49 ····*·draft·(as·of·2025-02-15)
50 *****·Table·of·Contents·*****50 *****·Table·of·Contents·*****
51 ···1.·System_Settings51 ···1.·System_Settings
52 ·········1.·Installing_and_Maintaining_Software52 ·········1.·Installing_and_Maintaining_Software
53 ·········2.·Account_and_Access_Control53 ·········2.·Account_and_Access_Control
54 ·········3.·AppArmor54 ·········3.·AppArmor
55 ·········4.·GRUB2_bootloader_configuration55 ·········4.·GRUB2_bootloader_configuration
56 ·········5.·Configure_Syslog56 ·········5.·Configure_Syslog
Offset 5501, 16 lines modifiedOffset 5501, 16 lines modified
5501 ··-·no_reboot_needed5501 ··-·no_reboot_needed
  
5502 -·name:·Test·for·existence·/boot/grub2/grub.cfg5502 -·name:·Test·for·existence·/boot/grub2/grub.cfg
5503 ··stat:5503 ··stat:
5504 ····path:·/boot/grub2/grub.cfg5504 ····path:·/boot/grub2/grub.cfg
5505 ··register:·file_exists5505 ··register:·file_exists
5506 ··when:5506 ··when:
5507 ··-·'"grub2"·in·ansible_facts.packages' 
5508 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'5507 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 5508 ··-·'"grub2"·in·ansible_facts.packages'
5509 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5509 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5510 ··tags:5510 ··tags:
5511 ··-·CCE-85849-85511 ··-·CCE-85849-8
5512 ··-·CJIS-5.5.2.25512 ··-·CJIS-5.5.2.2
5513 ··-·NIST-800-171-3.4.55513 ··-·NIST-800-171-3.4.5
5514 ··-·NIST-800-53-AC-6(1)5514 ··-·NIST-800-53-AC-6(1)
5515 ··-·NIST-800-53-CM-6(a)5515 ··-·NIST-800-53-CM-6(a)
Offset 5523, 16 lines modifiedOffset 5523, 16 lines modified
5523 ··-·no_reboot_needed5523 ··-·no_reboot_needed
  
5524 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg5524 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
5525 ··file:5525 ··file:
5526 ····path:·/boot/grub2/grub.cfg5526 ····path:·/boot/grub2/grub.cfg
5527 ····group:·'0'5527 ····group:·'0'
5528 ··when:5528 ··when:
5529 ··-·'"grub2"·in·ansible_facts.packages' 
5530 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'5529 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 5530 ··-·'"grub2"·in·ansible_facts.packages'
5531 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5531 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5532 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists5532 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
5533 ··tags:5533 ··tags:
5534 ··-·CCE-85849-85534 ··-·CCE-85849-8
5535 ··-·CJIS-5.5.2.25535 ··-·CJIS-5.5.2.2
5536 ··-·NIST-800-171-3.4.55536 ··-·NIST-800-171-3.4.5
5537 ··-·NIST-800-53-AC-6(1)5537 ··-·NIST-800-53-AC-6(1)
Offset 5545, 15 lines modifiedOffset 5545, 15 lines modified
5545 ··-·medium_severity5545 ··-·medium_severity
5546 ··-·no_reboot_needed5546 ··-·no_reboot_needed
5547 Remediation_Shell_script_⇲5547 Remediation_Shell_script_⇲
5548 Complexity:·low5548 Complexity:·low
5549 Disruption:·low5549 Disruption:·low
5550 Strategy:···configure5550 Strategy:···configure
5551 #·Remediation·is·applicable·only·in·certain·platforms5551 #·Remediation·is·applicable·only·in·certain·platforms
5552 if·rpm·--quiet·-q·grub2·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];5552 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];
5553 };·then5553 };·then
  
5554 chgrp·0·/boot/grub2/grub.cfg5554 chgrp·0·/boot/grub2/grub.cfg
  
5555 else5555 else
5556 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'5556 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
5557 fi5557 fi
Offset 5594, 16 lines modifiedOffset 5594, 16 lines modified
5594 ··-·no_reboot_needed5594 ··-·no_reboot_needed
  
5595 -·name:·Test·for·existence·/boot/grub2/grub.cfg5595 -·name:·Test·for·existence·/boot/grub2/grub.cfg
5596 ··stat:5596 ··stat:
5597 ····path:·/boot/grub2/grub.cfg5597 ····path:·/boot/grub2/grub.cfg
5598 ··register:·file_exists5598 ··register:·file_exists
5599 ··when:5599 ··when:
5600 ··-·'"grub2"·in·ansible_facts.packages' 
5601 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'5600 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 5601 ··-·'"grub2"·in·ansible_facts.packages'
5602 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5602 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5603 ··tags:5603 ··tags:
5604 ··-·CCE-85848-05604 ··-·CCE-85848-0
5605 ··-·CJIS-5.5.2.25605 ··-·CJIS-5.5.2.2
5606 ··-·NIST-800-171-3.4.55606 ··-·NIST-800-171-3.4.5
5607 ··-·NIST-800-53-AC-6(1)5607 ··-·NIST-800-53-AC-6(1)
5608 ··-·NIST-800-53-CM-6(a)5608 ··-·NIST-800-53-CM-6(a)
Offset 5616, 16 lines modifiedOffset 5616, 16 lines modified
5616 ··-·no_reboot_needed5616 ··-·no_reboot_needed
  
5617 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg5617 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
5618 ··file:5618 ··file:
5619 ····path:·/boot/grub2/grub.cfg5619 ····path:·/boot/grub2/grub.cfg
5620 ····owner:·'0'5620 ····owner:·'0'
5621 ··when:5621 ··when:
5622 ··-·'"grub2"·in·ansible_facts.packages' 
5623 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'5622 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 5623 ··-·'"grub2"·in·ansible_facts.packages'
5624 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5624 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5625 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists5625 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
5626 ··tags:5626 ··tags:
5627 ··-·CCE-85848-05627 ··-·CCE-85848-0
5628 ··-·CJIS-5.5.2.25628 ··-·CJIS-5.5.2.2
5629 ··-·NIST-800-171-3.4.55629 ··-·NIST-800-171-3.4.5
5630 ··-·NIST-800-53-AC-6(1)5630 ··-·NIST-800-53-AC-6(1)
Offset 5638, 15 lines modifiedOffset 5638, 15 lines modified
5638 ··-·medium_severity5638 ··-·medium_severity
5639 ··-·no_reboot_needed5639 ··-·no_reboot_needed
5640 Remediation_Shell_script_⇲5640 Remediation_Shell_script_⇲
5641 Complexity:·low5641 Complexity:·low
5642 Disruption:·low5642 Disruption:·low
5643 Strategy:···configure5643 Strategy:···configure
5644 #·Remediation·is·applicable·only·in·certain·platforms5644 #·Remediation·is·applicable·only·in·certain·platforms
5645 if·rpm·--quiet·-q·grub2·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];5645 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];
5646 };·then5646 };·then
  
5647 chown·0·/boot/grub2/grub.cfg5647 chown·0·/boot/grub2/grub.cfg
  
5648 else5648 else
5649 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'5649 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
5650 fi5650 fi
Offset 5685, 16 lines modifiedOffset 5685, 16 lines modified
5685 ··-·no_reboot_needed5685 ··-·no_reboot_needed
  
5686 -·name:·Test·for·existence·/boot/grub2/grub.cfg5686 -·name:·Test·for·existence·/boot/grub2/grub.cfg
5687 ··stat:5687 ··stat:
5688 ····path:·/boot/grub2/grub.cfg5688 ····path:·/boot/grub2/grub.cfg
5689 ··register:·file_exists5689 ··register:·file_exists
5690 ··when:5690 ··when:
Max diff block lines reached; 1409/5642 bytes (24.97%) of diff not shown.
23.5 KB
./usr/share/doc/ssg-nondebian/ssg-sle15-guide-cis_workstation_l2.html
    
Offset 14313, 15 lines modifiedOffset 14313, 15 lines modified
00037e80:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v00037e80:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v
00037e90:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>00037e90:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>
00037ea0:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><00037ea0:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><
00037eb0:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro00037eb0:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro
00037ec0:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong00037ec0:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong
00037ed0:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············00037ed0:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············
00037ee0:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·20200037ee0:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·202
00037ef0:·342d·3031·2d31·3429·0a20·2020·2020·2020··4-01-14).·······00037ef0:·352d·3032·2d31·3529·0a20·2020·2020·2020··5-02-15).·······
00037f00:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></00037f00:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></
00037f10:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab00037f10:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab
00037f20:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</00037f20:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</
00037f30:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr00037f30:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr
00037f40:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s00037f40:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s
00037f50:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten00037f50:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten
00037f60:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">00037f60:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">
Offset 167900, 21 lines modifiedOffset 167900, 21 lines modified
0028fdb0:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·0028fdb0:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·
0028fdc0:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub0028fdc0:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
0028fdd0:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···0028fdd0:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···
0028fde0:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru0028fde0:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru
0028fdf0:·6232·2f67·7275·622e·6366·670a·2020·7265··b2/grub.cfg.··re0028fdf0:·6232·2f67·7275·622e·6366·670a·2020·7265··b2/grub.cfg.··re
0028fe00:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi0028fe00:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi
0028fe10:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·0028fe10:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·
0028fe20:·2722·6772·7562·3222·2069·6e20·616e·7369··'"grub2"·in·ansi 
0028fe30:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag 
0028fe40:·6573·270a·2020·2d20·2722·2f62·6f6f·742f··es'.··-·'"/boot/ 
0028fe50:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi 
0028fe60:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map 
0028fe70:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun 
0028fe80:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-·0028fe20:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not
 0028fe30:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun
 0028fe40:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu
 0028fe50:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li
 0028fe60:·7374·270a·2020·2d20·2722·6772·7562·3222··st'.··-·'"grub2"
 0028fe70:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 0028fe80:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·
0028fe90:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali0028fe90:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
0028fea0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·0028fea0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
0028feb0:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l0028feb0:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
0028fec0:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"0028fec0:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
0028fed0:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai0028fed0:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
0028fee0:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··0028fee0:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··
0028fef0:·2d20·4343·452d·3835·3834·392d·380a·2020··-·CCE-85849-8.··0028fef0:·2d20·4343·452d·3835·3834·392d·380a·2020··-·CCE-85849-8.··
Offset 167936, 21 lines modifiedOffset 167936, 21 lines modified
0028fff0:·206e·616d·653a·2045·6e73·7572·6520·6772···name:·Ensure·gr0028fff0:·206e·616d·653a·2045·6e73·7572·6520·6772···name:·Ensure·gr
00290000:·6f75·7020·6f77·6e65·7220·3020·6f6e·202f··oup·owner·0·on·/00290000:·6f75·7020·6f77·6e65·7220·3020·6f6e·202f··oup·owner·0·on·/
00290010:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.00290010:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
00290020:·6366·670a·2020·6669·6c65·3a0a·2020·2020··cfg.··file:.····00290020:·6366·670a·2020·6669·6c65·3a0a·2020·2020··cfg.··file:.····
00290030:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub00290030:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub
00290040:·322f·6772·7562·2e63·6667·0a20·2020·2067··2/grub.cfg.····g00290040:·322f·6772·7562·2e63·6667·0a20·2020·2067··2/grub.cfg.····g
00290050:·726f·7570·3a20·2730·270a·2020·7768·656e··roup:·'0'.··when00290050:·726f·7570·3a20·2730·270a·2020·7768·656e··roup:·'0'.··when
00290060:·3a0a·2020·2d20·2722·6772·7562·3222·2069··:.··-·'"grub2"·i 
00290070:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
00290080:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'" 
00290090:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i 
002900a0:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts 
002900b0:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute 
002900c0:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list00290060:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef
 00290070:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl
 00290080:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a
 00290090:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount"
 002900a0:·2920·7c20·6c69·7374·270a·2020·2d20·2722··)·|·list'.··-·'"
 002900b0:·6772·7562·3222·2069·6e20·616e·7369·626c··grub2"·in·ansibl
 002900c0:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
002900d0:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi002900d0:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
002900e0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ002900e0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
002900f0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke002900f0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
00290100:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open00290100:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
00290110:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"00290110:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
00290120:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·00290120:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·
00290130:·6669·6c65·5f65·7869·7374·732e·7374·6174··file_exists.stat00290130:·6669·6c65·5f65·7869·7374·732e·7374·6174··file_exists.stat
Offset 168002, 19 lines modifiedOffset 168002, 19 lines modified
00290410:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<00290410:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<
00290420:·2f74·683e·3c74·643e·636f·6e66·6967·7572··/th><td>configur00290420:·2f74·683e·3c74·643e·636f·6e66·6967·7572··/th><td>configur
00290430:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab00290430:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab
00290440:·6c65·3e3c·7072·653e·3c63·6f64·653e·2320··le><pre><code>#·00290440:·6c65·3e3c·7072·653e·3c63·6f64·653e·2320··le><pre><code>#·
00290450:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a00290450:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a
00290460:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i00290460:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i
00290470:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo00290470:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo
00290480:·726d·730a·6966·2072·706d·202d·2d71·7569··rms.if·rpm·--qui 
00290490:·6574·202d·7120·6772·7562·3220·2661·6d70··et·-q·grub2·&amp 
002904a0:·3b26·616d·703b·205b·2021·202d·6620·2f73··;&amp;·[·!·-f·/s00290480:·726d·730a·6966·205b·2021·202d·6620·2f73··rms.if·[·!·-f·/s
002904b0:·7973·2f66·6972·6d77·6172·652f·6566·6920··ys/firmware/efi·00290490:·7973·2f66·6972·6d77·6172·652f·6566·6920··ys/firmware/efi·
 002904a0:·5d20·2661·6d70·3b26·616d·703b·2072·706d··]·&amp;&amp;·rpm
 002904b0:·202d·2d71·7569·6574·202d·7120·6772·7562···--quiet·-q·grub
002904c0:·5d20·2661·6d70·3b26·616d·703b·207b·205b··]·&amp;&amp;·{·[002904c0:·3220·2661·6d70·3b26·616d·703b·207b·205b··2·&amp;&amp;·{·[
002904d0:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren002904d0:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren
002904e0:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[002904e0:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[
002904f0:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont002904f0:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont
00290500:·6169·6e65·7265·6e76·205d·3b20·7d3b·2074··ainerenv·];·};·t00290500:·6169·6e65·7265·6e76·205d·3b20·7d3b·2074··ainerenv·];·};·t
00290510:·6865·6e0a·0a63·6867·7270·2030·202f·626f··hen..chgrp·0·/bo00290510:·6865·6e0a·0a63·6867·7270·2030·202f·626f··hen..chgrp·0·/bo
00290520:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf00290520:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
00290530:·670a·0a65·6c73·650a·2020·2020·2667·743b··g..else.····&gt;00290530:·670a·0a65·6c73·650a·2020·2020·2667·743b··g..else.····&gt;
Offset 168511, 22 lines modifiedOffset 168511, 22 lines modified
002923e0:·6e61·6d65·3a20·5465·7374·2066·6f72·2065··name:·Test·for·e002923e0:·6e61·6d65·3a20·5465·7374·2066·6f72·2065··name:·Test·for·e
002923f0:·7869·7374·656e·6365·202f·626f·6f74·2f67··xistence·/boot/g002923f0:·7869·7374·656e·6365·202f·626f·6f74·2f67··xistence·/boot/g
00292400:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··00292400:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··
00292410:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:·00292410:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:·
00292420:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub00292420:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
00292430:·2e63·6667·0a20·2072·6567·6973·7465·723a··.cfg.··register:00292430:·2e63·6667·0a20·2072·6567·6973·7465·723a··.cfg.··register:
00292440:·2066·696c·655f·6578·6973·7473·0a20·2077···file_exists.··w00292440:·2066·696c·655f·6578·6973·7473·0a20·2077···file_exists.··w
00292450:·6865·6e3a·0a20·202d·2027·2267·7275·6232··hen:.··-·'"grub200292450:·6865·6e3a·0a20·202d·2027·222f·626f·6f74··hen:.··-·'"/boot
00292460:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
00292470:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··- 
00292480:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no 
00292490:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou 
002924a0:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib 
002924b0:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l00292460:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans
 00292470:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma
 00292480:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou
 00292490:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··-
 002924a0:·2027·2267·7275·6232·2220·696e·2061·6e73···'"grub2"·in·ans
 002924b0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
002924c0:·6973·7427·0a20·202d·2061·6e73·6962·6c65··ist'.··-·ansible002924c0:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible
002924d0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_002924d0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
002924e0:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do002924e0:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
002924f0:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o002924f0:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
00292500:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"00292500:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
00292510:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·00292510:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
00292520:·2074·6167·733a·0a20·202d·2043·4345·2d38···tags:.··-·CCE-800292520:·2074·6167·733a·0a20·202d·2043·4345·2d38···tags:.··-·CCE-8
00292530:·3538·3438·2d30·0a20·202d·2043·4a49·532d··5848-0.··-·CJIS-00292530:·3538·3438·2d30·0a20·202d·2043·4a49·532d··5848-0.··-·CJIS-
Offset 168547, 21 lines modifiedOffset 168547, 21 lines modified
00292620:·640a·0a2d·206e·616d·653a·2045·6e73·7572··d..-·name:·Ensur00292620:·640a·0a2d·206e·616d·653a·2045·6e73·7572··d..-·name:·Ensur
00292630:·6520·6f77·6e65·7220·3020·6f6e·202f·626f··e·owner·0·on·/bo00292630:·6520·6f77·6e65·7220·3020·6f6e·202f·626f··e·owner·0·on·/bo
00292640:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf00292640:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
00292650:·670a·2020·6669·6c65·3a0a·2020·2020·7061··g.··file:.····pa00292650:·670a·2020·6669·6c65·3a0a·2020·2020·7061··g.··file:.····pa
00292660:·7468·3a20·2f62·6f6f·742f·6772·7562·322f··th:·/boot/grub2/00292660:·7468·3a20·2f62·6f6f·742f·6772·7562·322f··th:·/boot/grub2/
Max diff block lines reached; 8944/18218 bytes (49.09%) of diff not shown.
5.56 KB
html2text {}
    
Offset 42, 15 lines modifiedOffset 42, 15 lines modified
42 Profile·Title·CIS·SUSE·Linux·Enterprise·15·Benchmark·Level·2·-·Workstation42 Profile·Title·CIS·SUSE·Linux·Enterprise·15·Benchmark·Level·2·-·Workstation
43 Profile·ID····xccdf_org.ssgproject.content_profile_cis_workstation_l243 Profile·ID····xccdf_org.ssgproject.content_profile_cis_workstation_l2
44 ***·CPE·Platforms·***44 ***·CPE·Platforms·***
45 ····*·cpe:/o:suse:linux_enterprise_desktop:1545 ····*·cpe:/o:suse:linux_enterprise_desktop:15
46 ····*·cpe:/o:suse:linux_enterprise_server:1546 ····*·cpe:/o:suse:linux_enterprise_server:15
47 *****·Revision·History·*****47 *****·Revision·History·*****
48 Current·version:·0.1.6548 Current·version:·0.1.65
49 ····*·draft·(as·of·2024-01-14)49 ····*·draft·(as·of·2025-02-15)
50 *****·Table·of·Contents·*****50 *****·Table·of·Contents·*****
51 ···1.·System_Settings51 ···1.·System_Settings
52 ·········1.·Installing_and_Maintaining_Software52 ·········1.·Installing_and_Maintaining_Software
53 ·········2.·Account_and_Access_Control53 ·········2.·Account_and_Access_Control
54 ·········3.·System_Accounting_with_auditd54 ·········3.·System_Accounting_with_auditd
55 ·········4.·AppArmor55 ·········4.·AppArmor
56 ·········5.·GRUB2_bootloader_configuration56 ·········5.·GRUB2_bootloader_configuration
Offset 38060, 16 lines modifiedOffset 38060, 16 lines modified
38060 ··-·no_reboot_needed38060 ··-·no_reboot_needed
  
38061 -·name:·Test·for·existence·/boot/grub2/grub.cfg38061 -·name:·Test·for·existence·/boot/grub2/grub.cfg
38062 ··stat:38062 ··stat:
38063 ····path:·/boot/grub2/grub.cfg38063 ····path:·/boot/grub2/grub.cfg
38064 ··register:·file_exists38064 ··register:·file_exists
38065 ··when:38065 ··when:
38066 ··-·'"grub2"·in·ansible_facts.packages' 
38067 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'38066 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 38067 ··-·'"grub2"·in·ansible_facts.packages'
38068 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]38068 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
38069 ··tags:38069 ··tags:
38070 ··-·CCE-85849-838070 ··-·CCE-85849-8
38071 ··-·CJIS-5.5.2.238071 ··-·CJIS-5.5.2.2
38072 ··-·NIST-800-171-3.4.538072 ··-·NIST-800-171-3.4.5
38073 ··-·NIST-800-53-AC-6(1)38073 ··-·NIST-800-53-AC-6(1)
38074 ··-·NIST-800-53-CM-6(a)38074 ··-·NIST-800-53-CM-6(a)
Offset 38082, 16 lines modifiedOffset 38082, 16 lines modified
38082 ··-·no_reboot_needed38082 ··-·no_reboot_needed
  
38083 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg38083 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
38084 ··file:38084 ··file:
38085 ····path:·/boot/grub2/grub.cfg38085 ····path:·/boot/grub2/grub.cfg
38086 ····group:·'0'38086 ····group:·'0'
38087 ··when:38087 ··when:
38088 ··-·'"grub2"·in·ansible_facts.packages' 
38089 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'38088 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 38089 ··-·'"grub2"·in·ansible_facts.packages'
38090 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]38090 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
38091 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists38091 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
38092 ··tags:38092 ··tags:
38093 ··-·CCE-85849-838093 ··-·CCE-85849-8
38094 ··-·CJIS-5.5.2.238094 ··-·CJIS-5.5.2.2
38095 ··-·NIST-800-171-3.4.538095 ··-·NIST-800-171-3.4.5
38096 ··-·NIST-800-53-AC-6(1)38096 ··-·NIST-800-53-AC-6(1)
Offset 38104, 15 lines modifiedOffset 38104, 15 lines modified
38104 ··-·medium_severity38104 ··-·medium_severity
38105 ··-·no_reboot_needed38105 ··-·no_reboot_needed
38106 Remediation_Shell_script_⇲38106 Remediation_Shell_script_⇲
38107 Complexity:·low38107 Complexity:·low
38108 Disruption:·low38108 Disruption:·low
38109 Strategy:···configure38109 Strategy:···configure
38110 #·Remediation·is·applicable·only·in·certain·platforms38110 #·Remediation·is·applicable·only·in·certain·platforms
38111 if·rpm·--quiet·-q·grub2·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];38111 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];
38112 };·then38112 };·then
  
38113 chgrp·0·/boot/grub2/grub.cfg38113 chgrp·0·/boot/grub2/grub.cfg
  
38114 else38114 else
38115 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'38115 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
38116 fi38116 fi
Offset 38153, 16 lines modifiedOffset 38153, 16 lines modified
38153 ··-·no_reboot_needed38153 ··-·no_reboot_needed
  
38154 -·name:·Test·for·existence·/boot/grub2/grub.cfg38154 -·name:·Test·for·existence·/boot/grub2/grub.cfg
38155 ··stat:38155 ··stat:
38156 ····path:·/boot/grub2/grub.cfg38156 ····path:·/boot/grub2/grub.cfg
38157 ··register:·file_exists38157 ··register:·file_exists
38158 ··when:38158 ··when:
38159 ··-·'"grub2"·in·ansible_facts.packages' 
38160 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'38159 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 38160 ··-·'"grub2"·in·ansible_facts.packages'
38161 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]38161 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
38162 ··tags:38162 ··tags:
38163 ··-·CCE-85848-038163 ··-·CCE-85848-0
38164 ··-·CJIS-5.5.2.238164 ··-·CJIS-5.5.2.2
38165 ··-·NIST-800-171-3.4.538165 ··-·NIST-800-171-3.4.5
38166 ··-·NIST-800-53-AC-6(1)38166 ··-·NIST-800-53-AC-6(1)
38167 ··-·NIST-800-53-CM-6(a)38167 ··-·NIST-800-53-CM-6(a)
Offset 38175, 16 lines modifiedOffset 38175, 16 lines modified
38175 ··-·no_reboot_needed38175 ··-·no_reboot_needed
  
38176 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg38176 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
38177 ··file:38177 ··file:
38178 ····path:·/boot/grub2/grub.cfg38178 ····path:·/boot/grub2/grub.cfg
38179 ····owner:·'0'38179 ····owner:·'0'
38180 ··when:38180 ··when:
38181 ··-·'"grub2"·in·ansible_facts.packages' 
38182 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'38181 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 38182 ··-·'"grub2"·in·ansible_facts.packages'
38183 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]38183 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
38184 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists38184 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
38185 ··tags:38185 ··tags:
38186 ··-·CCE-85848-038186 ··-·CCE-85848-0
38187 ··-·CJIS-5.5.2.238187 ··-·CJIS-5.5.2.2
38188 ··-·NIST-800-171-3.4.538188 ··-·NIST-800-171-3.4.5
38189 ··-·NIST-800-53-AC-6(1)38189 ··-·NIST-800-53-AC-6(1)
Offset 38197, 15 lines modifiedOffset 38197, 15 lines modified
38197 ··-·medium_severity38197 ··-·medium_severity
38198 ··-·no_reboot_needed38198 ··-·no_reboot_needed
38199 Remediation_Shell_script_⇲38199 Remediation_Shell_script_⇲
38200 Complexity:·low38200 Complexity:·low
38201 Disruption:·low38201 Disruption:·low
38202 Strategy:···configure38202 Strategy:···configure
38203 #·Remediation·is·applicable·only·in·certain·platforms38203 #·Remediation·is·applicable·only·in·certain·platforms
38204 if·rpm·--quiet·-q·grub2·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];38204 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];
38205 };·then38205 };·then
  
38206 chown·0·/boot/grub2/grub.cfg38206 chown·0·/boot/grub2/grub.cfg
  
38207 else38207 else
38208 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'38208 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
38209 fi38209 fi
Offset 38244, 16 lines modifiedOffset 38244, 16 lines modified
38244 ··-·no_reboot_needed38244 ··-·no_reboot_needed
  
38245 -·name:·Test·for·existence·/boot/grub2/grub.cfg38245 -·name:·Test·for·existence·/boot/grub2/grub.cfg
38246 ··stat:38246 ··stat:
38247 ····path:·/boot/grub2/grub.cfg38247 ····path:·/boot/grub2/grub.cfg
38248 ··register:·file_exists38248 ··register:·file_exists
38249 ··when:38249 ··when:
Max diff block lines reached; 1413/5669 bytes (24.93%) of diff not shown.
23.2 KB
./usr/share/doc/ssg-nondebian/ssg-sle15-guide-hipaa.html
    
Offset 14324, 15 lines modifiedOffset 14324, 15 lines modified
00037f30:·6f72·793c·2f68·323e·3c70·3e43·7572·7265··ory</h2><p>Curre00037f30:·6f72·793c·2f68·323e·3c70·3e43·7572·7265··ory</h2><p>Curre
00037f40:·6e74·2076·6572·7369·6f6e·3a20·3c73·7472··nt·version:·<str00037f40:·6e74·2076·6572·7369·6f6e·3a20·3c73·7472··nt·version:·<str
00037f50:·6f6e·673e·302e·312e·3635·3c2f·7374·726f··ong>0.1.65</stro00037f50:·6f6e·673e·302e·312e·3635·3c2f·7374·726f··ong>0.1.65</stro
00037f60:·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c··ng></p><ul><li><00037f60:·6e67·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c··ng></p><ul><li><
00037f70:·7374·726f·6e67·3e64·7261·6674·3c2f·7374··strong>draft</st00037f70:·7374·726f·6e67·3e64·7261·6674·3c2f·7374··strong>draft</st
00037f80:·726f·6e67·3e0a·2020·2020·2020·2020·2020··rong>.··········00037f80:·726f·6e67·3e0a·2020·2020·2020·2020·2020··rong>.··········
00037f90:·2020·2020·2020·2020·2020·2861·7320·6f66············(as·of00037f90:·2020·2020·2020·2020·2020·2861·7320·6f66············(as·of
00037fa0:·2032·3032·342d·3031·2d31·3429·0a20·2020···2024-01-14).···00037fa0:·2032·3032·352d·3032·2d31·3529·0a20·2020···2025-02-15).···
00037fb0:·2020·2020·2020·2020·2020·2020·203c·2f6c···············</l00037fb0:·2020·2020·2020·2020·2020·2020·203c·2f6c···············</l
00037fc0:·693e·3c2f·756c·3e3c·2f64·6976·3e3c·6832··i></ul></div><h200037fc0:·693e·3c2f·756c·3e3c·2f64·6976·3e3c·6832··i></ul></div><h2
00037fd0:·3e54·6162·6c65·206f·6620·436f·6e74·656e··>Table·of·Conten00037fd0:·3e54·6162·6c65·206f·6620·436f·6e74·656e··>Table·of·Conten
00037fe0:·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c··ts</h2><ol><li><00037fe0:·7473·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c··ts</h2><ol><li><
00037ff0:·6120·6872·6566·3d22·2378·6363·6466·5f6f··a·href="#xccdf_o00037ff0:·6120·6872·6566·3d22·2378·6363·6466·5f6f··a·href="#xccdf_o
00038000:·7267·2e73·7367·7072·6f6a·6563·742e·636f··rg.ssgproject.co00038000:·7267·2e73·7367·7072·6f6a·6563·742e·636f··rg.ssgproject.co
00038010:·6e74·656e·745f·6772·6f75·705f·7379·7374··ntent_group_syst00038010:·6e74·656e·745f·6772·6f75·705f·7379·7374··ntent_group_syst
Offset 194045, 21 lines modifiedOffset 194045, 21 lines modified
002f5fc0:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis002f5fc0:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis
002f5fd0:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub002f5fd0:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub
002f5fe0:·322f·6772·7562·2e63·6667·0a20·2073·7461··2/grub.cfg.··sta002f5fe0:·322f·6772·7562·2e63·6667·0a20·2073·7461··2/grub.cfg.··sta
002f5ff0:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo002f5ff0:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo
002f6000:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf002f6000:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
002f6010:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi002f6010:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi
002f6020:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when002f6020:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when
002f6030:·3a0a·2020·2d20·2722·6772·7562·3222·2069··:.··-·'"grub2"·i 
002f6040:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
002f6050:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'" 
002f6060:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i 
002f6070:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts 
002f6080:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute 
002f6090:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list002f6030:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef
 002f6040:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl
 002f6050:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a
 002f6060:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount"
 002f6070:·2920·7c20·6c69·7374·270a·2020·2d20·2722··)·|·list'.··-·'"
 002f6080:·6772·7562·3222·2069·6e20·616e·7369·626c··grub2"·in·ansibl
 002f6090:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
002f60a0:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi002f60a0:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
002f60b0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ002f60b0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
002f60c0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke002f60c0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
002f60d0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open002f60d0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
002f60e0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"002f60e0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
002f60f0:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta002f60f0:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta
002f6100:·6773·3a0a·2020·2d20·4343·452d·3835·3834··gs:.··-·CCE-8584002f6100:·6773·3a0a·2020·2d20·4343·452d·3835·3834··gs:.··-·CCE-8584
Offset 194081, 22 lines modifiedOffset 194081, 22 lines modified
002f6200:·6465·640a·0a2d·206e·616d·653a·2045·6e73··ded..-·name:·Ens002f6200:·6465·640a·0a2d·206e·616d·653a·2045·6e73··ded..-·name:·Ens
002f6210:·7572·6520·6772·6f75·7020·6f77·6e65·7220··ure·group·owner·002f6210:·7572·6520·6772·6f75·7020·6f77·6e65·7220··ure·group·owner·
002f6220:·3020·6f6e·202f·626f·6f74·2f67·7275·6232··0·on·/boot/grub2002f6220:·3020·6f6e·202f·626f·6f74·2f67·7275·6232··0·on·/boot/grub2
002f6230:·2f67·7275·622e·6366·670a·2020·6669·6c65··/grub.cfg.··file002f6230:·2f67·7275·622e·6366·670a·2020·6669·6c65··/grub.cfg.··file
002f6240:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo002f6240:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo
002f6250:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg002f6250:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg
002f6260:·0a20·2020·2067·726f·7570·3a20·2730·270a··.····group:·'0'.002f6260:·0a20·2020·2067·726f·7570·3a20·2730·270a··.····group:·'0'.
002f6270:·2020·7768·656e·3a0a·2020·2d20·2722·6772····when:.··-·'"gr002f6270:·2020·7768·656e·3a0a·2020·2d20·2722·2f62····when:.··-·'"/b
002f6280:·7562·3222·2069·6e20·616e·7369·626c·655f··ub2"·in·ansible_ 
002f6290:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'. 
002f62a0:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi" 
002f62b0:·206e·6f74·2069·6e20·616e·7369·626c·655f···not·in·ansible_ 
002f62c0:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att 
002f62d0:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")·002f6280:·6f6f·742f·6566·6922·206e·6f74·2069·6e20··oot/efi"·not·in·
 002f6290:·616e·7369·626c·655f·6d6f·756e·7473·207c··ansible_mounts·|
 002f62a0:·206d·6170·2861·7474·7269·6275·7465·3d22···map(attribute="
 002f62b0:·6d6f·756e·7422·2920·7c20·6c69·7374·270a··mount")·|·list'.
 002f62c0:·2020·2d20·2722·6772·7562·3222·2069·6e20····-·'"grub2"·in·
 002f62d0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
002f62e0:·7c20·6c69·7374·270a·2020·2d20·616e·7369··|·list'.··-·ansi002f62e0:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi
002f62f0:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati002f62f0:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
002f6300:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[002f6300:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
002f6310:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",002f6310:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
002f6320:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm002f6320:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
002f6330:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"002f6330:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
002f6340:·5d0a·2020·2d20·6669·6c65·5f65·7869·7374··].··-·file_exist002f6340:·5d0a·2020·2d20·6669·6c65·5f65·7869·7374··].··-·file_exist
002f6350:·732e·7374·6174·2069·7320·6465·6669·6e65··s.stat·is·define002f6350:·732e·7374·6174·2069·7320·6465·6669·6e65··s.stat·is·define
Offset 194147, 19 lines modifiedOffset 194147, 19 lines modified
002f6620:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra002f6620:·2f74·723e·3c74·723e·3c74·683e·5374·7261··/tr><tr><th>Stra
002f6630:·7465·6779·3a3c·2f74·683e·3c74·643e·636f··tegy:</th><td>co002f6630:·7465·6779·3a3c·2f74·683e·3c74·643e·636f··tegy:</th><td>co
002f6640:·6e66·6967·7572·653c·2f74·643e·3c2f·7472··nfigure</td></tr002f6640:·6e66·6967·7572·653c·2f74·643e·3c2f·7472··nfigure</td></tr
002f6650:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c002f6650:·3e3c·2f74·6162·6c65·3e3c·7072·653e·3c63··></table><pre><c
002f6660:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio002f6660:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio
002f6670:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·002f6670:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·
002f6680:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·002f6680:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·
002f6690:·706c·6174·666f·726d·730a·6966·2072·706d··platforms.if·rpm002f6690:·706c·6174·666f·726d·730a·6966·205b·2021··platforms.if·[·!
002f66a0:·202d·2d71·7569·6574·202d·7120·6772·7562···--quiet·-q·grub 
002f66b0:·3220·2661·6d70·3b26·616d·703b·205b·2021··2·&amp;&amp;·[·! 
002f66c0:·202d·6620·2f73·7973·2f66·6972·6d77·6172···-f·/sys/firmwar002f66a0:·202d·6620·2f73·7973·2f66·6972·6d77·6172···-f·/sys/firmwar
002f66d0:·652f·6566·6920·5d20·2661·6d70·3b26·616d··e/efi·]·&amp;&am002f66b0:·652f·6566·6920·5d20·2661·6d70·3b26·616d··e/efi·]·&amp;&am
 002f66c0:·703b·2072·706d·202d·2d71·7569·6574·202d··p;·rpm·--quiet·-
 002f66d0:·7120·6772·7562·3220·2661·6d70·3b26·616d··q·grub2·&amp;&am
002f66e0:·703b·207b·205b·2021·202d·6620·2f2e·646f··p;·{·[·!·-f·/.do002f66e0:·703b·207b·205b·2021·202d·6620·2f2e·646f··p;·{·[·!·-f·/.do
002f66f0:·636b·6572·656e·7620·5d20·2661·6d70·3b26··ckerenv·]·&amp;&002f66f0:·636b·6572·656e·7620·5d20·2661·6d70·3b26··ckerenv·]·&amp;&
002f6700:·616d·703b·205b·2021·202d·6620·2f72·756e··amp;·[·!·-f·/run002f6700:·616d·703b·205b·2021·202d·6620·2f72·756e··amp;·[·!·-f·/run
002f6710:·2f2e·636f·6e74·6169·6e65·7265·6e76·205d··/.containerenv·]002f6710:·2f2e·636f·6e74·6169·6e65·7265·6e76·205d··/.containerenv·]
002f6720:·3b20·7d3b·2074·6865·6e0a·0a63·6867·7270··;·};·then..chgrp002f6720:·3b20·7d3b·2074·6865·6e0a·0a63·6867·7270··;·};·then..chgrp
002f6730:·2030·202f·626f·6f74·2f67·7275·6232·2f67···0·/boot/grub2/g002f6730:·2030·202f·626f·6f74·2f67·7275·6232·2f67···0·/boot/grub2/g
002f6740:·7275·622e·6366·670a·0a65·6c73·650a·2020··rub.cfg..else.··002f6740:·7275·622e·6366·670a·0a65·6c73·650a·2020··rub.cfg..else.··
Offset 194657, 21 lines modifiedOffset 194657, 21 lines modified
002f8600:·2066·6f72·2065·7869·7374·656e·6365·202f···for·existence·/002f8600:·2066·6f72·2065·7869·7374·656e·6365·202f···for·existence·/
002f8610:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.002f8610:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
002f8620:·6366·670a·2020·7374·6174·3a0a·2020·2020··cfg.··stat:.····002f8620:·6366·670a·2020·7374·6174·3a0a·2020·2020··cfg.··stat:.····
002f8630:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub002f8630:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub
002f8640:·322f·6772·7562·2e63·6667·0a20·2072·6567··2/grub.cfg.··reg002f8640:·322f·6772·7562·2e63·6667·0a20·2072·6567··2/grub.cfg.··reg
002f8650:·6973·7465·723a·2066·696c·655f·6578·6973··ister:·file_exis002f8650:·6973·7465·723a·2066·696c·655f·6578·6973··ister:·file_exis
002f8660:·7473·0a20·2077·6865·6e3a·0a20·202d·2027··ts.··when:.··-·'002f8660:·7473·0a20·2077·6865·6e3a·0a20·202d·2027··ts.··when:.··-·'
002f8670:·2267·7275·6232·2220·696e·2061·6e73·6962··"grub2"·in·ansib 
002f8680:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package 
002f8690:·7327·0a20·202d·2027·222f·626f·6f74·2f65··s'.··-·'"/boot/e 
002f86a0:·6669·2220·6e6f·7420·696e·2061·6e73·6962··fi"·not·in·ansib 
002f86b0:·6c65·5f6d·6f75·6e74·7320·7c20·6d61·7028··le_mounts·|·map( 
002f86c0:·6174·7472·6962·7574·653d·226d·6f75·6e74··attribute="mount 
002f86d0:·2229·207c·206c·6973·7427·0a20·202d·2061··")·|·list'.··-·a002f8670:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not·
 002f8680:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount
 002f8690:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut
 002f86a0:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis
 002f86b0:·7427·0a20·202d·2027·2267·7275·6232·2220··t'.··-·'"grub2"·
 002f86c0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 002f86d0:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a
002f86e0:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz002f86e0:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
002f86f0:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i002f86f0:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
002f8700:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx002f8700:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
002f8710:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p002f8710:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
002f8720:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain002f8720:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
002f8730:·6572·225d·0a20·2074·6167·733a·0a20·202d··er"].··tags:.··-002f8730:·6572·225d·0a20·2074·6167·733a·0a20·202d··er"].··tags:.··-
002f8740:·2043·4345·2d38·3538·3438·2d30·0a20·202d···CCE-85848-0.··-002f8740:·2043·4345·2d38·3538·3438·2d30·0a20·202d···CCE-85848-0.··-
Offset 194692, 22 lines modifiedOffset 194692, 22 lines modified
002f8830:·5f6e·6565·6465·640a·0a2d·206e·616d·653a··_needed..-·name:002f8830:·5f6e·6565·6465·640a·0a2d·206e·616d·653a··_needed..-·name:
002f8840:·2045·6e73·7572·6520·6f77·6e65·7220·3020···Ensure·owner·0·002f8840:·2045·6e73·7572·6520·6f77·6e65·7220·3020···Ensure·owner·0·
002f8850:·6f6e·202f·626f·6f74·2f67·7275·6232·2f67··on·/boot/grub2/g002f8850:·6f6e·202f·626f·6f74·2f67·7275·6232·2f67··on·/boot/grub2/g
002f8860:·7275·622e·6366·670a·2020·6669·6c65·3a0a··rub.cfg.··file:.002f8860:·7275·622e·6366·670a·2020·6669·6c65·3a0a··rub.cfg.··file:.
002f8870:·2020·2020·7061·7468·3a20·2f62·6f6f·742f······path:·/boot/002f8870:·2020·2020·7061·7468·3a20·2f62·6f6f·742f······path:·/boot/
Max diff block lines reached; 8668/17942 bytes (48.31%) of diff not shown.
5.58 KB
html2text {}
    
Offset 45, 15 lines modifiedOffset 45, 15 lines modified
45 Profile·Title·Health·Insurance·Portability·and·Accountability·Act·(HIPAA)45 Profile·Title·Health·Insurance·Portability·and·Accountability·Act·(HIPAA)
46 Profile·ID····xccdf_org.ssgproject.content_profile_hipaa46 Profile·ID····xccdf_org.ssgproject.content_profile_hipaa
47 ***·CPE·Platforms·***47 ***·CPE·Platforms·***
48 ····*·cpe:/o:suse:linux_enterprise_desktop:1548 ····*·cpe:/o:suse:linux_enterprise_desktop:15
49 ····*·cpe:/o:suse:linux_enterprise_server:1549 ····*·cpe:/o:suse:linux_enterprise_server:15
50 *****·Revision·History·*****50 *****·Revision·History·*****
51 Current·version:·0.1.6551 Current·version:·0.1.65
52 ····*·draft·(as·of·2024-01-14)52 ····*·draft·(as·of·2025-02-15)
53 *****·Table·of·Contents·*****53 *****·Table·of·Contents·*****
54 ···1.·System_Settings54 ···1.·System_Settings
55 ·········1.·Installing_and_Maintaining_Software55 ·········1.·Installing_and_Maintaining_Software
56 ·········2.·Account_and_Access_Control56 ·········2.·Account_and_Access_Control
57 ·········3.·System_Accounting_with_auditd57 ·········3.·System_Accounting_with_auditd
58 ·········4.·GRUB2_bootloader_configuration58 ·········4.·GRUB2_bootloader_configuration
59 ·········5.·Configure_Syslog59 ·········5.·Configure_Syslog
Offset 47501, 16 lines modifiedOffset 47501, 16 lines modified
47501 ··-·no_reboot_needed47501 ··-·no_reboot_needed
  
47502 -·name:·Test·for·existence·/boot/grub2/grub.cfg47502 -·name:·Test·for·existence·/boot/grub2/grub.cfg
47503 ··stat:47503 ··stat:
47504 ····path:·/boot/grub2/grub.cfg47504 ····path:·/boot/grub2/grub.cfg
47505 ··register:·file_exists47505 ··register:·file_exists
47506 ··when:47506 ··when:
47507 ··-·'"grub2"·in·ansible_facts.packages' 
47508 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'47507 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 47508 ··-·'"grub2"·in·ansible_facts.packages'
47509 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]47509 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
47510 ··tags:47510 ··tags:
47511 ··-·CCE-85849-847511 ··-·CCE-85849-8
47512 ··-·CJIS-5.5.2.247512 ··-·CJIS-5.5.2.2
47513 ··-·NIST-800-171-3.4.547513 ··-·NIST-800-171-3.4.5
47514 ··-·NIST-800-53-AC-6(1)47514 ··-·NIST-800-53-AC-6(1)
47515 ··-·NIST-800-53-CM-6(a)47515 ··-·NIST-800-53-CM-6(a)
Offset 47523, 16 lines modifiedOffset 47523, 16 lines modified
47523 ··-·no_reboot_needed47523 ··-·no_reboot_needed
  
47524 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg47524 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
47525 ··file:47525 ··file:
47526 ····path:·/boot/grub2/grub.cfg47526 ····path:·/boot/grub2/grub.cfg
47527 ····group:·'0'47527 ····group:·'0'
47528 ··when:47528 ··when:
47529 ··-·'"grub2"·in·ansible_facts.packages' 
47530 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'47529 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 47530 ··-·'"grub2"·in·ansible_facts.packages'
47531 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]47531 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
47532 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists47532 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
47533 ··tags:47533 ··tags:
47534 ··-·CCE-85849-847534 ··-·CCE-85849-8
47535 ··-·CJIS-5.5.2.247535 ··-·CJIS-5.5.2.2
47536 ··-·NIST-800-171-3.4.547536 ··-·NIST-800-171-3.4.5
47537 ··-·NIST-800-53-AC-6(1)47537 ··-·NIST-800-53-AC-6(1)
Offset 47545, 15 lines modifiedOffset 47545, 15 lines modified
47545 ··-·medium_severity47545 ··-·medium_severity
47546 ··-·no_reboot_needed47546 ··-·no_reboot_needed
47547 Remediation_Shell_script_⇲47547 Remediation_Shell_script_⇲
47548 Complexity:·low47548 Complexity:·low
47549 Disruption:·low47549 Disruption:·low
47550 Strategy:···configure47550 Strategy:···configure
47551 #·Remediation·is·applicable·only·in·certain·platforms47551 #·Remediation·is·applicable·only·in·certain·platforms
47552 if·rpm·--quiet·-q·grub2·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};47552 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};
47553 then47553 then
  
47554 chgrp·0·/boot/grub2/grub.cfg47554 chgrp·0·/boot/grub2/grub.cfg
  
47555 else47555 else
47556 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'47556 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
47557 fi47557 fi
Offset 47593, 16 lines modifiedOffset 47593, 16 lines modified
47593 ··-·no_reboot_needed47593 ··-·no_reboot_needed
  
47594 -·name:·Test·for·existence·/boot/grub2/grub.cfg47594 -·name:·Test·for·existence·/boot/grub2/grub.cfg
47595 ··stat:47595 ··stat:
47596 ····path:·/boot/grub2/grub.cfg47596 ····path:·/boot/grub2/grub.cfg
47597 ··register:·file_exists47597 ··register:·file_exists
47598 ··when:47598 ··when:
47599 ··-·'"grub2"·in·ansible_facts.packages' 
47600 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'47599 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 47600 ··-·'"grub2"·in·ansible_facts.packages'
47601 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]47601 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
47602 ··tags:47602 ··tags:
47603 ··-·CCE-85848-047603 ··-·CCE-85848-0
47604 ··-·CJIS-5.5.2.247604 ··-·CJIS-5.5.2.2
47605 ··-·NIST-800-171-3.4.547605 ··-·NIST-800-171-3.4.5
47606 ··-·NIST-800-53-AC-6(1)47606 ··-·NIST-800-53-AC-6(1)
47607 ··-·NIST-800-53-CM-6(a)47607 ··-·NIST-800-53-CM-6(a)
Offset 47615, 16 lines modifiedOffset 47615, 16 lines modified
47615 ··-·no_reboot_needed47615 ··-·no_reboot_needed
  
47616 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg47616 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
47617 ··file:47617 ··file:
47618 ····path:·/boot/grub2/grub.cfg47618 ····path:·/boot/grub2/grub.cfg
47619 ····owner:·'0'47619 ····owner:·'0'
47620 ··when:47620 ··when:
47621 ··-·'"grub2"·in·ansible_facts.packages' 
47622 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'47621 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 47622 ··-·'"grub2"·in·ansible_facts.packages'
47623 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]47623 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
47624 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists47624 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
47625 ··tags:47625 ··tags:
47626 ··-·CCE-85848-047626 ··-·CCE-85848-0
47627 ··-·CJIS-5.5.2.247627 ··-·CJIS-5.5.2.2
47628 ··-·NIST-800-171-3.4.547628 ··-·NIST-800-171-3.4.5
47629 ··-·NIST-800-53-AC-6(1)47629 ··-·NIST-800-53-AC-6(1)
Offset 47637, 15 lines modifiedOffset 47637, 15 lines modified
47637 ··-·medium_severity47637 ··-·medium_severity
47638 ··-·no_reboot_needed47638 ··-·no_reboot_needed
47639 Remediation_Shell_script_⇲47639 Remediation_Shell_script_⇲
47640 Complexity:·low47640 Complexity:·low
47641 Disruption:·low47641 Disruption:·low
47642 Strategy:···configure47642 Strategy:···configure
47643 #·Remediation·is·applicable·only·in·certain·platforms47643 #·Remediation·is·applicable·only·in·certain·platforms
47644 if·rpm·--quiet·-q·grub2·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};47644 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};
47645 then47645 then
  
47646 chown·0·/boot/grub2/grub.cfg47646 chown·0·/boot/grub2/grub.cfg
  
47647 else47647 else
47648 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'47648 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
47649 fi47649 fi
Offset 47683, 16 lines modifiedOffset 47683, 16 lines modified
47683 ··-·no_reboot_needed47683 ··-·no_reboot_needed
  
47684 -·name:·Test·for·existence·/boot/grub2/grub.cfg47684 -·name:·Test·for·existence·/boot/grub2/grub.cfg
47685 ··stat:47685 ··stat:
47686 ····path:·/boot/grub2/grub.cfg47686 ····path:·/boot/grub2/grub.cfg
47687 ··register:·file_exists47687 ··register:·file_exists
47688 ··when:47688 ··when:
Max diff block lines reached; 1435/5691 bytes (25.22%) of diff not shown.
16.1 KB
./usr/share/doc/ssg-nondebian/ssg-sle15-guide-pci-dss-4.html
    
Offset 14297, 15 lines modifiedOffset 14297, 15 lines modified
00037d80:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v00037d80:·2f68·323e·3c70·3e43·7572·7265·6e74·2076··/h2><p>Current·v
00037d90:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>00037d90:·6572·7369·6f6e·3a20·3c73·7472·6f6e·673e··ersion:·<strong>
00037da0:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><00037da0:·302e·312e·3635·3c2f·7374·726f·6e67·3e3c··0.1.65</strong><
00037db0:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro00037db0:·2f70·3e3c·756c·3e3c·6c69·3e3c·7374·726f··/p><ul><li><stro
00037dc0:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong00037dc0:·6e67·3e64·7261·6674·3c2f·7374·726f·6e67··ng>draft</strong
00037dd0:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············00037dd0:·3e0a·2020·2020·2020·2020·2020·2020·2020··>.··············
00037de0:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·20200037de0:·2020·2020·2020·2861·7320·6f66·2032·3032········(as·of·202
00037df0:·342d·3031·2d31·3429·0a20·2020·2020·2020··4-01-14).·······00037df0:·352d·3032·2d31·3529·0a20·2020·2020·2020··5-02-15).·······
00037e00:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></00037e00:·2020·2020·2020·2020·203c·2f6c·693e·3c2f···········</li></
00037e10:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab00037e10:·756c·3e3c·2f64·6976·3e3c·6832·3e54·6162··ul></div><h2>Tab
00037e20:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</00037e20:·6c65·206f·6620·436f·6e74·656e·7473·3c2f··le·of·Contents</
00037e30:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr00037e30:·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120·6872··h2><ol><li><a·hr
00037e40:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s00037e40:·6566·3d22·2378·6363·6466·5f6f·7267·2e73··ef="#xccdf_org.s
00037e50:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten00037e50:·7367·7072·6f6a·6563·742e·636f·6e74·656e··sgproject.conten
00037e60:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">00037e60:·745f·6772·6f75·705f·7379·7374·656d·223e··t_group_system">
Offset 231035, 21 lines modifiedOffset 231035, 21 lines modified
003867a0:·2066·6f72·2065·7869·7374·656e·6365·202f···for·existence·/003867a0:·2066·6f72·2065·7869·7374·656e·6365·202f···for·existence·/
003867b0:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.003867b0:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
003867c0:·6366·670a·2020·7374·6174·3a0a·2020·2020··cfg.··stat:.····003867c0:·6366·670a·2020·7374·6174·3a0a·2020·2020··cfg.··stat:.····
003867d0:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub003867d0:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub
003867e0:·322f·6772·7562·2e63·6667·0a20·2072·6567··2/grub.cfg.··reg003867e0:·322f·6772·7562·2e63·6667·0a20·2072·6567··2/grub.cfg.··reg
003867f0:·6973·7465·723a·2066·696c·655f·6578·6973··ister:·file_exis003867f0:·6973·7465·723a·2066·696c·655f·6578·6973··ister:·file_exis
00386800:·7473·0a20·2077·6865·6e3a·0a20·202d·2027··ts.··when:.··-·'00386800:·7473·0a20·2077·6865·6e3a·0a20·202d·2027··ts.··when:.··-·'
00386810:·2267·7275·6232·2220·696e·2061·6e73·6962··"grub2"·in·ansib 
00386820:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package 
00386830:·7327·0a20·202d·2027·222f·626f·6f74·2f65··s'.··-·'"/boot/e 
00386840:·6669·2220·6e6f·7420·696e·2061·6e73·6962··fi"·not·in·ansib 
00386850:·6c65·5f6d·6f75·6e74·7320·7c20·6d61·7028··le_mounts·|·map( 
00386860:·6174·7472·6962·7574·653d·226d·6f75·6e74··attribute="mount 
00386870:·2229·207c·206c·6973·7427·0a20·202d·2061··")·|·list'.··-·a00386810:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not·
 00386820:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount
 00386830:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut
 00386840:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis
 00386850:·7427·0a20·202d·2027·2267·7275·6232·2220··t'.··-·'"grub2"·
 00386860:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 00386870:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a
00386880:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz00386880:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
00386890:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i00386890:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
003868a0:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx003868a0:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
003868b0:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p003868b0:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
003868c0:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain003868c0:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
003868d0:·6572·225d·0a20·2074·6167·733a·0a20·202d··er"].··tags:.··-003868d0:·6572·225d·0a20·2074·6167·733a·0a20·202d··er"].··tags:.··-
003868e0:·2043·4345·2d38·3538·3439·2d38·0a20·202d···CCE-85849-8.··-003868e0:·2043·4345·2d38·3538·3439·2d38·0a20·202d···CCE-85849-8.··-
Offset 231071, 21 lines modifiedOffset 231071, 21 lines modified
003869e0:·6e61·6d65·3a20·456e·7375·7265·2067·726f··name:·Ensure·gro003869e0:·6e61·6d65·3a20·456e·7375·7265·2067·726f··name:·Ensure·gro
003869f0:·7570·206f·776e·6572·2030·206f·6e20·2f62··up·owner·0·on·/b003869f0:·7570·206f·776e·6572·2030·206f·6e20·2f62··up·owner·0·on·/b
00386a00:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c00386a00:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c
00386a10:·6667·0a20·2066·696c·653a·0a20·2020·2070··fg.··file:.····p00386a10:·6667·0a20·2066·696c·653a·0a20·2020·2070··fg.··file:.····p
00386a20:·6174·683a·202f·626f·6f74·2f67·7275·6232··ath:·/boot/grub200386a20:·6174·683a·202f·626f·6f74·2f67·7275·6232··ath:·/boot/grub2
00386a30:·2f67·7275·622e·6366·670a·2020·2020·6772··/grub.cfg.····gr00386a30:·2f67·7275·622e·6366·670a·2020·2020·6772··/grub.cfg.····gr
00386a40:·6f75·703a·2027·3027·0a20·2077·6865·6e3a··oup:·'0'.··when:00386a40:·6f75·703a·2027·3027·0a20·2077·6865·6e3a··oup:·'0'.··when:
00386a50:·0a20·202d·2027·2267·7275·6232·2220·696e··.··-·'"grub2"·in 
00386a60:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
00386a70:·6163·6b61·6765·7327·0a20·202d·2027·222f··ackages'.··-·'"/ 
00386a80:·626f·6f74·2f65·6669·2220·6e6f·7420·696e··boot/efi"·not·in 
00386a90:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts· 
00386aa0:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute= 
00386ab0:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list'00386a50:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi
 00386a60:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible
 00386a70:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at
 00386a80:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount")
 00386a90:·207c·206c·6973·7427·0a20·202d·2027·2267···|·list'.··-·'"g
 00386aa0:·7275·6232·2220·696e·2061·6e73·6962·6c65··rub2"·in·ansible
 00386ab0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
00386ac0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir00386ac0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
00386ad0:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type00386ad0:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
00386ae0:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker00386ae0:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
00386af0:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv00386af0:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
00386b00:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c00386b00:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
00386b10:·6f6e·7461·696e·6572·225d·0a20·202d·2066··ontainer"].··-·f00386b10:·6f6e·7461·696e·6572·225d·0a20·202d·2066··ontainer"].··-·f
00386b20:·696c·655f·6578·6973·7473·2e73·7461·7420··ile_exists.stat·00386b20:·696c·655f·6578·6973·7473·2e73·7461·7420··ile_exists.stat·
Offset 231137, 18 lines modifiedOffset 231137, 18 lines modified
00386e00:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</00386e00:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</
00386e10:·7468·3e3c·7464·3e63·6f6e·6669·6775·7265··th><td>configure00386e10:·7468·3e3c·7464·3e63·6f6e·6669·6775·7265··th><td>configure
00386e20:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl00386e20:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl
00386e30:·653e·3c70·7265·3e3c·636f·6465·3e23·2052··e><pre><code>#·R00386e30:·653e·3c70·7265·3e3c·636f·6465·3e23·2052··e><pre><code>#·R
00386e40:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap00386e40:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap
00386e50:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in00386e50:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in
00386e60:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor00386e60:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor
00386e70:·6d73·0a69·6620·7270·6d20·2d2d·7175·6965··ms.if·rpm·--quie 
00386e80:·7420·2d71·2067·7275·6232·2026·616d·703b··t·-q·grub2·&amp; 
00386e90:·2661·6d70·3b20·5b20·2120·2d66·202f·7379··&amp;·[·!·-f·/sy00386e70:·6d73·0a69·6620·5b20·2120·2d66·202f·7379··ms.if·[·!·-f·/sy
00386ea0:·732f·6669·726d·7761·7265·2f65·6669·205d··s/firmware/efi·]00386e80:·732f·6669·726d·7761·7265·2f65·6669·205d··s/firmware/efi·]
 00386e90:·2026·616d·703b·2661·6d70·3b20·7270·6d20···&amp;&amp;·rpm·
 00386ea0:·2d2d·7175·6965·7420·2d71·2067·7275·6232··--quiet·-q·grub2
00386eb0:·2026·616d·703b·2661·6d70·3b20·7b20·5b20···&amp;&amp;·{·[·00386eb0:·2026·616d·703b·2661·6d70·3b20·7b20·5b20···&amp;&amp;·{·[·
00386ec0:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv00386ec0:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv
00386ed0:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·00386ed0:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·
00386ee0:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta00386ee0:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta
00386ef0:·696e·6572·656e·7620·5d3b·207d·3b20·7468··inerenv·];·};·th00386ef0:·696e·6572·656e·7620·5d3b·207d·3b20·7468··inerenv·];·};·th
00386f00:·656e·0a0a·6368·6772·7020·3020·2f62·6f6f··en..chgrp·0·/boo00386f00:·656e·0a0a·6368·6772·7020·3020·2f62·6f6f··en..chgrp·0·/boo
00386f10:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg00386f10:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg
Offset 231646, 22 lines modifiedOffset 231646, 22 lines modified
00388dd0:·616d·653a·2054·6573·7420·666f·7220·6578··ame:·Test·for·ex00388dd0:·616d·653a·2054·6573·7420·666f·7220·6578··ame:·Test·for·ex
00388de0:·6973·7465·6e63·6520·2f62·6f6f·742f·6772··istence·/boot/gr00388de0:·6973·7465·6e63·6520·2f62·6f6f·742f·6772··istence·/boot/gr
00388df0:·7562·322f·6772·7562·2e63·6667·0a20·2073··ub2/grub.cfg.··s00388df0:·7562·322f·6772·7562·2e63·6667·0a20·2073··ub2/grub.cfg.··s
00388e00:·7461·743a·0a20·2020·2070·6174·683a·202f··tat:.····path:·/00388e00:·7461·743a·0a20·2020·2070·6174·683a·202f··tat:.····path:·/
00388e10:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.00388e10:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
00388e20:·6366·670a·2020·7265·6769·7374·6572·3a20··cfg.··register:·00388e20:·6366·670a·2020·7265·6769·7374·6572·3a20··cfg.··register:·
00388e30:·6669·6c65·5f65·7869·7374·730a·2020·7768··file_exists.··wh00388e30:·6669·6c65·5f65·7869·7374·730a·2020·7768··file_exists.··wh
00388e40:·656e·3a0a·2020·2d20·2722·6772·7562·3222··en:.··-·'"grub2"00388e40:·656e·3a0a·2020·2d20·2722·2f62·6f6f·742f··en:.··-·'"/boot/
00388e50:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
00388e60:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-· 
00388e70:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not 
00388e80:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun 
00388e90:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu 
00388ea0:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li00388e50:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi
 00388e60:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map
 00388e70:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun
 00388e80:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-·
 00388e90:·2722·6772·7562·3222·2069·6e20·616e·7369··'"grub2"·in·ansi
 00388ea0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
00388eb0:·7374·270a·2020·2d20·616e·7369·626c·655f··st'.··-·ansible_00388eb0:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_
00388ec0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t00388ec0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
00388ed0:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc00388ed0:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
00388ee0:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op00388ee0:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
00388ef0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",00388ef0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
00388f00:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··00388f00:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
00388f10:·7461·6773·3a0a·2020·2d20·4343·452d·3835··tags:.··-·CCE-8500388f10:·7461·6773·3a0a·2020·2d20·4343·452d·3835··tags:.··-·CCE-85
00388f20:·3834·382d·300a·2020·2d20·434a·4953·2d35··848-0.··-·CJIS-500388f20:·3834·382d·300a·2020·2d20·434a·4953·2d35··848-0.··-·CJIS-5
Offset 231682, 21 lines modifiedOffset 231682, 21 lines modified
00389010:·0a0a·2d20·6e61·6d65·3a20·456e·7375·7265··..-·name:·Ensure00389010:·0a0a·2d20·6e61·6d65·3a20·456e·7375·7265··..-·name:·Ensure
00389020:·206f·776e·6572·2030·206f·6e20·2f62·6f6f···owner·0·on·/boo00389020:·206f·776e·6572·2030·206f·6e20·2f62·6f6f···owner·0·on·/boo
00389030:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg00389030:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg
00389040:·0a20·2066·696c·653a·0a20·2020·2070·6174··.··file:.····pat00389040:·0a20·2066·696c·653a·0a20·2020·2070·6174··.··file:.····pat
00389050:·683a·202f·626f·6f74·2f67·7275·6232·2f67··h:·/boot/grub2/g00389050:·683a·202f·626f·6f74·2f67·7275·6232·2f67··h:·/boot/grub2/g
00389060:·7275·622e·6366·670a·2020·2020·6f77·6e65··rub.cfg.····owne00389060:·7275·622e·6366·670a·2020·2020·6f77·6e65··rub.cfg.····owne
Max diff block lines reached; 3133/12338 bytes (25.39%) of diff not shown.
3.9 KB
html2text {}
    
Offset 37, 15 lines modifiedOffset 37, 15 lines modified
37 Profile·Title·PCI-DSS·v4·Control·Baseline·for·SUSE·Linux·enterprise·1537 Profile·Title·PCI-DSS·v4·Control·Baseline·for·SUSE·Linux·enterprise·15
38 Profile·ID····xccdf_org.ssgproject.content_profile_pci-dss-438 Profile·ID····xccdf_org.ssgproject.content_profile_pci-dss-4
39 ***·CPE·Platforms·***39 ***·CPE·Platforms·***
40 ····*·cpe:/o:suse:linux_enterprise_desktop:1540 ····*·cpe:/o:suse:linux_enterprise_desktop:15
41 ····*·cpe:/o:suse:linux_enterprise_server:1541 ····*·cpe:/o:suse:linux_enterprise_server:15
42 *****·Revision·History·*****42 *****·Revision·History·*****
43 Current·version:·0.1.6543 Current·version:·0.1.65
44 ····*·draft·(as·of·2024-01-14)44 ····*·draft·(as·of·2025-02-15)
45 *****·Table·of·Contents·*****45 *****·Table·of·Contents·*****
46 ···1.·System_Settings46 ···1.·System_Settings
47 ·········1.·Installing_and_Maintaining_Software47 ·········1.·Installing_and_Maintaining_Software
48 ·········2.·Account_and_Access_Control48 ·········2.·Account_and_Access_Control
49 ·········3.·System_Accounting_with_auditd49 ·········3.·System_Accounting_with_auditd
50 ·········4.·GRUB2_bootloader_configuration50 ·········4.·GRUB2_bootloader_configuration
51 ·········5.·Configure_Syslog51 ·········5.·Configure_Syslog
Offset 54978, 16 lines modifiedOffset 54978, 16 lines modified
54978 ··-·no_reboot_needed54978 ··-·no_reboot_needed
  
54979 -·name:·Test·for·existence·/boot/grub2/grub.cfg54979 -·name:·Test·for·existence·/boot/grub2/grub.cfg
54980 ··stat:54980 ··stat:
54981 ····path:·/boot/grub2/grub.cfg54981 ····path:·/boot/grub2/grub.cfg
54982 ··register:·file_exists54982 ··register:·file_exists
54983 ··when:54983 ··when:
54984 ··-·'"grub2"·in·ansible_facts.packages' 
54985 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'54984 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 54985 ··-·'"grub2"·in·ansible_facts.packages'
54986 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]54986 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
54987 ··tags:54987 ··tags:
54988 ··-·CCE-85849-854988 ··-·CCE-85849-8
54989 ··-·CJIS-5.5.2.254989 ··-·CJIS-5.5.2.2
54990 ··-·NIST-800-171-3.4.554990 ··-·NIST-800-171-3.4.5
54991 ··-·NIST-800-53-AC-6(1)54991 ··-·NIST-800-53-AC-6(1)
54992 ··-·NIST-800-53-CM-6(a)54992 ··-·NIST-800-53-CM-6(a)
Offset 55000, 16 lines modifiedOffset 55000, 16 lines modified
55000 ··-·no_reboot_needed55000 ··-·no_reboot_needed
  
55001 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg55001 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
55002 ··file:55002 ··file:
55003 ····path:·/boot/grub2/grub.cfg55003 ····path:·/boot/grub2/grub.cfg
55004 ····group:·'0'55004 ····group:·'0'
55005 ··when:55005 ··when:
55006 ··-·'"grub2"·in·ansible_facts.packages' 
55007 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'55006 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 55007 ··-·'"grub2"·in·ansible_facts.packages'
55008 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]55008 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
55009 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists55009 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
55010 ··tags:55010 ··tags:
55011 ··-·CCE-85849-855011 ··-·CCE-85849-8
55012 ··-·CJIS-5.5.2.255012 ··-·CJIS-5.5.2.2
55013 ··-·NIST-800-171-3.4.555013 ··-·NIST-800-171-3.4.5
55014 ··-·NIST-800-53-AC-6(1)55014 ··-·NIST-800-53-AC-6(1)
Offset 55022, 15 lines modifiedOffset 55022, 15 lines modified
55022 ··-·medium_severity55022 ··-·medium_severity
55023 ··-·no_reboot_needed55023 ··-·no_reboot_needed
55024 Remediation_Shell_script_⇲55024 Remediation_Shell_script_⇲
55025 Complexity:·low55025 Complexity:·low
55026 Disruption:·low55026 Disruption:·low
55027 Strategy:···configure55027 Strategy:···configure
55028 #·Remediation·is·applicable·only·in·certain·platforms55028 #·Remediation·is·applicable·only·in·certain·platforms
55029 if·rpm·--quiet·-q·grub2·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};55029 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};
55030 then55030 then
  
55031 chgrp·0·/boot/grub2/grub.cfg55031 chgrp·0·/boot/grub2/grub.cfg
  
55032 else55032 else
55033 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'55033 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
55034 fi55034 fi
Offset 55070, 16 lines modifiedOffset 55070, 16 lines modified
55070 ··-·no_reboot_needed55070 ··-·no_reboot_needed
  
55071 -·name:·Test·for·existence·/boot/grub2/grub.cfg55071 -·name:·Test·for·existence·/boot/grub2/grub.cfg
55072 ··stat:55072 ··stat:
55073 ····path:·/boot/grub2/grub.cfg55073 ····path:·/boot/grub2/grub.cfg
55074 ··register:·file_exists55074 ··register:·file_exists
55075 ··when:55075 ··when:
55076 ··-·'"grub2"·in·ansible_facts.packages' 
55077 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'55076 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 55077 ··-·'"grub2"·in·ansible_facts.packages'
55078 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]55078 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
55079 ··tags:55079 ··tags:
55080 ··-·CCE-85848-055080 ··-·CCE-85848-0
55081 ··-·CJIS-5.5.2.255081 ··-·CJIS-5.5.2.2
55082 ··-·NIST-800-171-3.4.555082 ··-·NIST-800-171-3.4.5
55083 ··-·NIST-800-53-AC-6(1)55083 ··-·NIST-800-53-AC-6(1)
55084 ··-·NIST-800-53-CM-6(a)55084 ··-·NIST-800-53-CM-6(a)
Offset 55092, 16 lines modifiedOffset 55092, 16 lines modified
55092 ··-·no_reboot_needed55092 ··-·no_reboot_needed
  
55093 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg55093 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
55094 ··file:55094 ··file:
55095 ····path:·/boot/grub2/grub.cfg55095 ····path:·/boot/grub2/grub.cfg
55096 ····owner:·'0'55096 ····owner:·'0'
55097 ··when:55097 ··when:
55098 ··-·'"grub2"·in·ansible_facts.packages' 
55099 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'55098 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 55099 ··-·'"grub2"·in·ansible_facts.packages'
55100 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]55100 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
55101 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists55101 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
55102 ··tags:55102 ··tags:
55103 ··-·CCE-85848-055103 ··-·CCE-85848-0
55104 ··-·CJIS-5.5.2.255104 ··-·CJIS-5.5.2.2
55105 ··-·NIST-800-171-3.4.555105 ··-·NIST-800-171-3.4.5
55106 ··-·NIST-800-53-AC-6(1)55106 ··-·NIST-800-53-AC-6(1)
Offset 55114, 15 lines modifiedOffset 55114, 15 lines modified
55114 ··-·medium_severity55114 ··-·medium_severity
55115 ··-·no_reboot_needed55115 ··-·no_reboot_needed
55116 Remediation_Shell_script_⇲55116 Remediation_Shell_script_⇲
55117 Complexity:·low55117 Complexity:·low
55118 Disruption:·low55118 Disruption:·low
55119 Strategy:···configure55119 Strategy:···configure
55120 #·Remediation·is·applicable·only·in·certain·platforms55120 #·Remediation·is·applicable·only·in·certain·platforms
55121 if·rpm·--quiet·-q·grub2·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};55121 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};
55122 then55122 then
  
55123 chown·0·/boot/grub2/grub.cfg55123 chown·0·/boot/grub2/grub.cfg
  
55124 else55124 else
55125 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'55125 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
55126 fi55126 fi
16.5 KB
./usr/share/doc/ssg-nondebian/ssg-sle15-guide-pci-dss.html
    
Offset 14297, 16 lines modifiedOffset 14297, 16 lines modified
00037d80:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p00037d80:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p
00037d90:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version00037d90:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version
00037da0:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.6500037da0:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.65
00037db0:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul00037db0:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul
00037dc0:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra00037dc0:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra
00037dd0:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····00037dd0:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····
00037de0:·2020·2020·2020·2020·2020·2020·2020·2020··················00037de0:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037df0:·2861·7320·6f66·2032·3032·342d·3031·2d31··(as·of·2024-01-100037df0:·2861·7320·6f66·2032·3032·352d·3032·2d31··(as·of·2025-02-1
00037e00:·3429·0a20·2020·2020·2020·2020·2020·2020··4).·············00037e00:·3529·0a20·2020·2020·2020·2020·2020·2020··5).·············
00037e10:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d00037e10:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d
00037e20:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·00037e20:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·
00037e30:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol00037e30:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol
00037e40:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x00037e40:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x
00037e50:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj00037e50:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj
00037e60:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou00037e60:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou
00037e70:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System00037e70:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System
Offset 217990, 22 lines modifiedOffset 217990, 22 lines modified
00353850:·616d·653a·2054·6573·7420·666f·7220·6578··ame:·Test·for·ex00353850:·616d·653a·2054·6573·7420·666f·7220·6578··ame:·Test·for·ex
00353860:·6973·7465·6e63·6520·2f62·6f6f·742f·6772··istence·/boot/gr00353860:·6973·7465·6e63·6520·2f62·6f6f·742f·6772··istence·/boot/gr
00353870:·7562·322f·6772·7562·2e63·6667·0a20·2073··ub2/grub.cfg.··s00353870:·7562·322f·6772·7562·2e63·6667·0a20·2073··ub2/grub.cfg.··s
00353880:·7461·743a·0a20·2020·2070·6174·683a·202f··tat:.····path:·/00353880:·7461·743a·0a20·2020·2070·6174·683a·202f··tat:.····path:·/
00353890:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.00353890:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
003538a0:·6366·670a·2020·7265·6769·7374·6572·3a20··cfg.··register:·003538a0:·6366·670a·2020·7265·6769·7374·6572·3a20··cfg.··register:·
003538b0:·6669·6c65·5f65·7869·7374·730a·2020·7768··file_exists.··wh003538b0:·6669·6c65·5f65·7869·7374·730a·2020·7768··file_exists.··wh
003538c0:·656e·3a0a·2020·2d20·2722·6772·7562·3222··en:.··-·'"grub2"003538c0:·656e·3a0a·2020·2d20·2722·2f62·6f6f·742f··en:.··-·'"/boot/
003538d0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
003538e0:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-· 
003538f0:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not 
00353900:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun 
00353910:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu 
00353920:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li003538d0:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi
 003538e0:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map
 003538f0:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun
 00353900:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-·
 00353910:·2722·6772·7562·3222·2069·6e20·616e·7369··'"grub2"·in·ansi
 00353920:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
00353930:·7374·270a·2020·2d20·616e·7369·626c·655f··st'.··-·ansible_00353930:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_
00353940:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t00353940:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
00353950:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc00353950:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
00353960:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op00353960:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
00353970:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",00353970:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
00353980:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··00353980:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
00353990:·7461·6773·3a0a·2020·2d20·4343·452d·3835··tags:.··-·CCE-8500353990:·7461·6773·3a0a·2020·2d20·4343·452d·3835··tags:.··-·CCE-85
003539a0:·3834·392d·380a·2020·2d20·434a·4953·2d35··849-8.··-·CJIS-5003539a0:·3834·392d·380a·2020·2d20·434a·4953·2d35··849-8.··-·CJIS-5
Offset 218027, 21 lines modifiedOffset 218027, 21 lines modified
00353aa0:·6e73·7572·6520·6772·6f75·7020·6f77·6e65··nsure·group·owne00353aa0:·6e73·7572·6520·6772·6f75·7020·6f77·6e65··nsure·group·owne
00353ab0:·7220·3020·6f6e·202f·626f·6f74·2f67·7275··r·0·on·/boot/gru00353ab0:·7220·3020·6f6e·202f·626f·6f74·2f67·7275··r·0·on·/boot/gru
00353ac0:·6232·2f67·7275·622e·6366·670a·2020·6669··b2/grub.cfg.··fi00353ac0:·6232·2f67·7275·622e·6366·670a·2020·6669··b2/grub.cfg.··fi
00353ad0:·6c65·3a0a·2020·2020·7061·7468·3a20·2f62··le:.····path:·/b00353ad0:·6c65·3a0a·2020·2020·7061·7468·3a20·2f62··le:.····path:·/b
00353ae0:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c00353ae0:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c
00353af0:·6667·0a20·2020·2067·726f·7570·3a20·2730··fg.····group:·'000353af0:·6667·0a20·2020·2067·726f·7570·3a20·2730··fg.····group:·'0
00353b00:·270a·2020·7768·656e·3a0a·2020·2d20·2722··'.··when:.··-·'"00353b00:·270a·2020·7768·656e·3a0a·2020·2d20·2722··'.··when:.··-·'"
00353b10:·6772·7562·3222·2069·6e20·616e·7369·626c··grub2"·in·ansibl 
00353b20:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages 
00353b30:·270a·2020·2d20·2722·2f62·6f6f·742f·6566··'.··-·'"/boot/ef 
00353b40:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl 
00353b50:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a 
00353b60:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount" 
00353b70:·2920·7c20·6c69·7374·270a·2020·2d20·616e··)·|·list'.··-·an00353b10:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i
 00353b20:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts
 00353b30:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute
 00353b40:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list
 00353b50:·270a·2020·2d20·2722·6772·7562·3222·2069··'.··-·'"grub2"·i
 00353b60:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
 00353b70:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an
00353b80:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza00353b80:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
00353b90:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in00353b90:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
00353ba0:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc00353ba0:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
00353bb0:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po00353bb0:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
00353bc0:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe00353bc0:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
00353bd0:·7222·5d0a·2020·2d20·6669·6c65·5f65·7869··r"].··-·file_exi00353bd0:·7222·5d0a·2020·2d20·6669·6c65·5f65·7869··r"].··-·file_exi
00353be0:·7374·732e·7374·6174·2069·7320·6465·6669··sts.stat·is·defi00353be0:·7374·732e·7374·6174·2069·7320·6465·6669··sts.stat·is·defi
Offset 218092, 19 lines modifiedOffset 218092, 19 lines modified
00353eb0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St00353eb0:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St
00353ec0:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>00353ec0:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>
00353ed0:·636f·6e66·6967·7572·653c·2f74·643e·3c2f··configure</td></00353ed0:·636f·6e66·6967·7572·653c·2f74·643e·3c2f··configure</td></
00353ee0:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>00353ee0:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>
00353ef0:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat00353ef0:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat
00353f00:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl00353f00:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl
00353f10:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai00353f10:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai
00353f20:·6e20·706c·6174·666f·726d·730a·6966·2072··n·platforms.if·r00353f20:·6e20·706c·6174·666f·726d·730a·6966·205b··n·platforms.if·[
00353f30:·706d·202d·2d71·7569·6574·202d·7120·6772··pm·--quiet·-q·gr 
00353f40:·7562·3220·2661·6d70·3b26·616d·703b·205b··ub2·&amp;&amp;·[ 
00353f50:·2021·202d·6620·2f73·7973·2f66·6972·6d77···!·-f·/sys/firmw00353f30:·2021·202d·6620·2f73·7973·2f66·6972·6d77···!·-f·/sys/firmw
00353f60:·6172·652f·6566·6920·5d20·2661·6d70·3b26··are/efi·]·&amp;&00353f40:·6172·652f·6566·6920·5d20·2661·6d70·3b26··are/efi·]·&amp;&
 00353f50:·616d·703b·2072·706d·202d·2d71·7569·6574··amp;·rpm·--quiet
 00353f60:·202d·7120·6772·7562·3220·2661·6d70·3b26···-q·grub2·&amp;&
00353f70:·616d·703b·207b·205b·2021·202d·6620·2f2e··amp;·{·[·!·-f·/.00353f70:·616d·703b·207b·205b·2021·202d·6620·2f2e··amp;·{·[·!·-f·/.
00353f80:·646f·636b·6572·656e·7620·5d20·2661·6d70··dockerenv·]·&amp00353f80:·646f·636b·6572·656e·7620·5d20·2661·6d70··dockerenv·]·&amp
00353f90:·3b26·616d·703b·205b·2021·202d·6620·2f72··;&amp;·[·!·-f·/r00353f90:·3b26·616d·703b·205b·2021·202d·6620·2f72··;&amp;·[·!·-f·/r
00353fa0:·756e·2f2e·636f·6e74·6169·6e65·7265·6e76··un/.containerenv00353fa0:·756e·2f2e·636f·6e74·6169·6e65·7265·6e76··un/.containerenv
00353fb0:·205d·3b20·7d3b·2074·6865·6e0a·0a63·6867···];·};·then..chg00353fb0:·205d·3b20·7d3b·2074·6865·6e0a·0a63·6867···];·};·then..chg
00353fc0:·7270·2030·202f·626f·6f74·2f67·7275·6232··rp·0·/boot/grub200353fc0:·7270·2030·202f·626f·6f74·2f67·7275·6232··rp·0·/boot/grub2
00353fd0:·2f67·7275·622e·6366·670a·0a65·6c73·650a··/grub.cfg..else.00353fd0:·2f67·7275·622e·6366·670a·0a65·6c73·650a··/grub.cfg..else.
Offset 218602, 21 lines modifiedOffset 218602, 21 lines modified
00355e90:·7374·2066·6f72·2065·7869·7374·656e·6365··st·for·existence00355e90:·7374·2066·6f72·2065·7869·7374·656e·6365··st·for·existence
00355ea0:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru00355ea0:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
00355eb0:·622e·6366·670a·2020·7374·6174·3a0a·2020··b.cfg.··stat:.··00355eb0:·622e·6366·670a·2020·7374·6174·3a0a·2020··b.cfg.··stat:.··
00355ec0:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr00355ec0:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr
00355ed0:·7562·322f·6772·7562·2e63·6667·0a20·2072··ub2/grub.cfg.··r00355ed0:·7562·322f·6772·7562·2e63·6667·0a20·2072··ub2/grub.cfg.··r
00355ee0:·6567·6973·7465·723a·2066·696c·655f·6578··egister:·file_ex00355ee0:·6567·6973·7465·723a·2066·696c·655f·6578··egister:·file_ex
00355ef0:·6973·7473·0a20·2077·6865·6e3a·0a20·202d··ists.··when:.··-00355ef0:·6973·7473·0a20·2077·6865·6e3a·0a20·202d··ists.··when:.··-
00355f00:·2027·2267·7275·6232·2220·696e·2061·6e73···'"grub2"·in·ans 
00355f10:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa 
00355f20:·6765·7327·0a20·202d·2027·222f·626f·6f74··ges'.··-·'"/boot 
00355f30:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans 
00355f40:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma 
00355f50:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou 
00355f60:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··-00355f00:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no
 00355f10:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou
 00355f20:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib
 00355f30:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l
 00355f40:·6973·7427·0a20·202d·2027·2267·7275·6232··ist'.··-·'"grub2
 00355f50:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
 00355f60:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-
00355f70:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual00355f70:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
00355f80:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not00355f80:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
00355f90:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"00355f90:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
00355fa0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·00355fa0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
00355fb0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta00355fb0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
00355fc0:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·00355fc0:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·
00355fd0:·202d·2043·4345·2d38·3538·3438·2d30·0a20···-·CCE-85848-0.·00355fd0:·202d·2043·4345·2d38·3538·3438·2d30·0a20···-·CCE-85848-0.·
Offset 218637, 22 lines modifiedOffset 218637, 22 lines modified
003560c0:·6f74·5f6e·6565·6465·640a·0a2d·206e·616d··ot_needed..-·nam003560c0:·6f74·5f6e·6565·6465·640a·0a2d·206e·616d··ot_needed..-·nam
003560d0:·653a·2045·6e73·7572·6520·6f77·6e65·7220··e:·Ensure·owner·003560d0:·653a·2045·6e73·7572·6520·6f77·6e65·7220··e:·Ensure·owner·
003560e0:·3020·6f6e·202f·626f·6f74·2f67·7275·6232··0·on·/boot/grub2003560e0:·3020·6f6e·202f·626f·6f74·2f67·7275·6232··0·on·/boot/grub2
003560f0:·2f67·7275·622e·6366·670a·2020·6669·6c65··/grub.cfg.··file003560f0:·2f67·7275·622e·6366·670a·2020·6669·6c65··/grub.cfg.··file
Max diff block lines reached; 3409/12752 bytes (26.73%) of diff not shown.
3.9 KB
html2text {}
    
Offset 38, 15 lines modifiedOffset 38, 15 lines modified
38 Profile·Title·PCI-DSS·v3.2.1·Control·Baseline·for·SUSE·Linux·enterprise·1538 Profile·Title·PCI-DSS·v3.2.1·Control·Baseline·for·SUSE·Linux·enterprise·15
39 Profile·ID····xccdf_org.ssgproject.content_profile_pci-dss39 Profile·ID····xccdf_org.ssgproject.content_profile_pci-dss
40 ***·CPE·Platforms·***40 ***·CPE·Platforms·***
41 ····*·cpe:/o:suse:linux_enterprise_desktop:1541 ····*·cpe:/o:suse:linux_enterprise_desktop:15
42 ····*·cpe:/o:suse:linux_enterprise_server:1542 ····*·cpe:/o:suse:linux_enterprise_server:15
43 *****·Revision·History·*****43 *****·Revision·History·*****
44 Current·version:·0.1.6544 Current·version:·0.1.65
45 ····*·draft·(as·of·2024-01-14)45 ····*·draft·(as·of·2025-02-15)
46 *****·Table·of·Contents·*****46 *****·Table·of·Contents·*****
47 ···1.·System_Settings47 ···1.·System_Settings
48 ·········1.·Installing_and_Maintaining_Software48 ·········1.·Installing_and_Maintaining_Software
49 ·········2.·Account_and_Access_Control49 ·········2.·Account_and_Access_Control
50 ·········3.·System_Accounting_with_auditd50 ·········3.·System_Accounting_with_auditd
51 ·········4.·GRUB2_bootloader_configuration51 ·········4.·GRUB2_bootloader_configuration
52 ·········5.·Configure_Syslog52 ·········5.·Configure_Syslog
Offset 52526, 16 lines modifiedOffset 52526, 16 lines modified
52526 ··-·no_reboot_needed52526 ··-·no_reboot_needed
  
52527 -·name:·Test·for·existence·/boot/grub2/grub.cfg52527 -·name:·Test·for·existence·/boot/grub2/grub.cfg
52528 ··stat:52528 ··stat:
52529 ····path:·/boot/grub2/grub.cfg52529 ····path:·/boot/grub2/grub.cfg
52530 ··register:·file_exists52530 ··register:·file_exists
52531 ··when:52531 ··when:
52532 ··-·'"grub2"·in·ansible_facts.packages' 
52533 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'52532 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 52533 ··-·'"grub2"·in·ansible_facts.packages'
52534 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]52534 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
52535 ··tags:52535 ··tags:
52536 ··-·CCE-85849-852536 ··-·CCE-85849-8
52537 ··-·CJIS-5.5.2.252537 ··-·CJIS-5.5.2.2
52538 ··-·NIST-800-171-3.4.552538 ··-·NIST-800-171-3.4.5
52539 ··-·NIST-800-53-AC-6(1)52539 ··-·NIST-800-53-AC-6(1)
52540 ··-·NIST-800-53-CM-6(a)52540 ··-·NIST-800-53-CM-6(a)
Offset 52548, 16 lines modifiedOffset 52548, 16 lines modified
52548 ··-·no_reboot_needed52548 ··-·no_reboot_needed
  
52549 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg52549 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
52550 ··file:52550 ··file:
52551 ····path:·/boot/grub2/grub.cfg52551 ····path:·/boot/grub2/grub.cfg
52552 ····group:·'0'52552 ····group:·'0'
52553 ··when:52553 ··when:
52554 ··-·'"grub2"·in·ansible_facts.packages' 
52555 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'52554 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 52555 ··-·'"grub2"·in·ansible_facts.packages'
52556 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]52556 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
52557 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists52557 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
52558 ··tags:52558 ··tags:
52559 ··-·CCE-85849-852559 ··-·CCE-85849-8
52560 ··-·CJIS-5.5.2.252560 ··-·CJIS-5.5.2.2
52561 ··-·NIST-800-171-3.4.552561 ··-·NIST-800-171-3.4.5
52562 ··-·NIST-800-53-AC-6(1)52562 ··-·NIST-800-53-AC-6(1)
Offset 52570, 15 lines modifiedOffset 52570, 15 lines modified
52570 ··-·medium_severity52570 ··-·medium_severity
52571 ··-·no_reboot_needed52571 ··-·no_reboot_needed
52572 Remediation_Shell_script_⇲52572 Remediation_Shell_script_⇲
52573 Complexity:·low52573 Complexity:·low
52574 Disruption:·low52574 Disruption:·low
52575 Strategy:···configure52575 Strategy:···configure
52576 #·Remediation·is·applicable·only·in·certain·platforms52576 #·Remediation·is·applicable·only·in·certain·platforms
52577 if·rpm·--quiet·-q·grub2·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};52577 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};
52578 then52578 then
  
52579 chgrp·0·/boot/grub2/grub.cfg52579 chgrp·0·/boot/grub2/grub.cfg
  
52580 else52580 else
52581 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'52581 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
52582 fi52582 fi
Offset 52618, 16 lines modifiedOffset 52618, 16 lines modified
52618 ··-·no_reboot_needed52618 ··-·no_reboot_needed
  
52619 -·name:·Test·for·existence·/boot/grub2/grub.cfg52619 -·name:·Test·for·existence·/boot/grub2/grub.cfg
52620 ··stat:52620 ··stat:
52621 ····path:·/boot/grub2/grub.cfg52621 ····path:·/boot/grub2/grub.cfg
52622 ··register:·file_exists52622 ··register:·file_exists
52623 ··when:52623 ··when:
52624 ··-·'"grub2"·in·ansible_facts.packages' 
52625 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'52624 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 52625 ··-·'"grub2"·in·ansible_facts.packages'
52626 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]52626 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
52627 ··tags:52627 ··tags:
52628 ··-·CCE-85848-052628 ··-·CCE-85848-0
52629 ··-·CJIS-5.5.2.252629 ··-·CJIS-5.5.2.2
52630 ··-·NIST-800-171-3.4.552630 ··-·NIST-800-171-3.4.5
52631 ··-·NIST-800-53-AC-6(1)52631 ··-·NIST-800-53-AC-6(1)
52632 ··-·NIST-800-53-CM-6(a)52632 ··-·NIST-800-53-CM-6(a)
Offset 52640, 16 lines modifiedOffset 52640, 16 lines modified
52640 ··-·no_reboot_needed52640 ··-·no_reboot_needed
  
52641 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg52641 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
52642 ··file:52642 ··file:
52643 ····path:·/boot/grub2/grub.cfg52643 ····path:·/boot/grub2/grub.cfg
52644 ····owner:·'0'52644 ····owner:·'0'
52645 ··when:52645 ··when:
52646 ··-·'"grub2"·in·ansible_facts.packages' 
52647 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'52646 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 52647 ··-·'"grub2"·in·ansible_facts.packages'
52648 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]52648 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
52649 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists52649 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
52650 ··tags:52650 ··tags:
52651 ··-·CCE-85848-052651 ··-·CCE-85848-0
52652 ··-·CJIS-5.5.2.252652 ··-·CJIS-5.5.2.2
52653 ··-·NIST-800-171-3.4.552653 ··-·NIST-800-171-3.4.5
52654 ··-·NIST-800-53-AC-6(1)52654 ··-·NIST-800-53-AC-6(1)
Offset 52662, 15 lines modifiedOffset 52662, 15 lines modified
52662 ··-·medium_severity52662 ··-·medium_severity
52663 ··-·no_reboot_needed52663 ··-·no_reboot_needed
52664 Remediation_Shell_script_⇲52664 Remediation_Shell_script_⇲
52665 Complexity:·low52665 Complexity:·low
52666 Disruption:·low52666 Disruption:·low
52667 Strategy:···configure52667 Strategy:···configure
52668 #·Remediation·is·applicable·only·in·certain·platforms52668 #·Remediation·is·applicable·only·in·certain·platforms
52669 if·rpm·--quiet·-q·grub2·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};52669 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};
52670 then52670 then
  
52671 chown·0·/boot/grub2/grub.cfg52671 chown·0·/boot/grub2/grub.cfg
  
52672 else52672 else
52673 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'52673 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
52674 fi52674 fi
2.02 KB
./usr/share/doc/ssg-nondebian/ssg-sle15-guide-pcs-hardening-sap.html
    
Offset 14313, 16 lines modifiedOffset 14313, 16 lines modified
00037e80:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p00037e80:·6e20·4869·7374·6f72·793c·2f68·323e·3c70··n·History</h2><p
00037e90:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version00037e90:·3e43·7572·7265·6e74·2076·6572·7369·6f6e··>Current·version
00037ea0:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.6500037ea0:·3a20·3c73·7472·6f6e·673e·302e·312e·3635··:·<strong>0.1.65
00037eb0:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul00037eb0:·3c2f·7374·726f·6e67·3e3c·2f70·3e3c·756c··</strong></p><ul
00037ec0:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra00037ec0:·3e3c·6c69·3e3c·7374·726f·6e67·3e64·7261··><li><strong>dra
00037ed0:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····00037ed0:·6674·3c2f·7374·726f·6e67·3e0a·2020·2020··ft</strong>.····
00037ee0:·2020·2020·2020·2020·2020·2020·2020·2020··················00037ee0:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037ef0:·2861·7320·6f66·2032·3032·342d·3031·2d31··(as·of·2024-01-100037ef0:·2861·7320·6f66·2032·3032·352d·3032·2d31··(as·of·2025-02-1
00037f00:·3429·0a20·2020·2020·2020·2020·2020·2020··4).·············00037f00:·3529·0a20·2020·2020·2020·2020·2020·2020··5).·············
00037f10:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d00037f10:·2020·203c·2f6c·693e·3c2f·756c·3e3c·2f64·····</li></ul></d
00037f20:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·00037f20:·6976·3e3c·6832·3e54·6162·6c65·206f·6620··iv><h2>Table·of·
00037f30:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol00037f30:·436f·6e74·656e·7473·3c2f·6832·3e3c·6f6c··Contents</h2><ol
00037f40:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x00037f40:·3e3c·6c69·3e3c·6120·6872·6566·3d22·2378··><li><a·href="#x
00037f50:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj00037f50:·6363·6466·5f6f·7267·2e73·7367·7072·6f6a··ccdf_org.ssgproj
00037f60:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou00037f60:·6563·742e·636f·6e74·656e·745f·6772·6f75··ect.content_grou
00037f70:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System00037f70:·705f·7379·7374·656d·223e·5379·7374·656d··p_system">System
660 B
html2text {}
    
Offset 42, 15 lines modifiedOffset 42, 15 lines modified
42 ··············(SLES)·for·SAP·Applications·1542 ··············(SLES)·for·SAP·Applications·15
43 Profile·ID····xccdf_org.ssgproject.content_profile_pcs-hardening-sap43 Profile·ID····xccdf_org.ssgproject.content_profile_pcs-hardening-sap
44 ***·CPE·Platforms·***44 ***·CPE·Platforms·***
45 ····*·cpe:/o:suse:linux_enterprise_desktop:1545 ····*·cpe:/o:suse:linux_enterprise_desktop:15
46 ····*·cpe:/o:suse:linux_enterprise_server:1546 ····*·cpe:/o:suse:linux_enterprise_server:15
47 *****·Revision·History·*****47 *****·Revision·History·*****
48 Current·version:·0.1.6548 Current·version:·0.1.65
49 ····*·draft·(as·of·2024-01-14)49 ····*·draft·(as·of·2025-02-15)
50 *****·Table·of·Contents·*****50 *****·Table·of·Contents·*****
51 ···1.·System_Settings51 ···1.·System_Settings
52 ·········1.·Installing_and_Maintaining_Software52 ·········1.·Installing_and_Maintaining_Software
53 ·········2.·Account_and_Access_Control53 ·········2.·Account_and_Access_Control
54 ·········3.·System_Accounting_with_auditd54 ·········3.·System_Accounting_with_auditd
55 ·········4.·Configure_Syslog55 ·········4.·Configure_Syslog
56 ·········5.·Network_Configuration_and_Firewalls56 ·········5.·Network_Configuration_and_Firewalls
1.89 KB
./usr/share/doc/ssg-nondebian/ssg-sle15-guide-pcs-hardening.html
    
Offset 14300, 15 lines modifiedOffset 14300, 15 lines modified
00037db0:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C00037db0:·4869·7374·6f72·793c·2f68·323e·3c70·3e43··History</h2><p>C
00037dc0:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·00037dc0:·7572·7265·6e74·2076·6572·7369·6f6e·3a20··urrent·version:·
00037dd0:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</00037dd0:·3c73·7472·6f6e·673e·302e·312e·3635·3c2f··<strong>0.1.65</
00037de0:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><00037de0:·7374·726f·6e67·3e3c·2f70·3e3c·756c·3e3c··strong></p><ul><
00037df0:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft00037df0:·6c69·3e3c·7374·726f·6e67·3e64·7261·6674··li><strong>draft
00037e00:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······00037e00:·3c2f·7374·726f·6e67·3e0a·2020·2020·2020··</strong>.······
00037e10:·2020·2020·2020·2020·2020·2020·2020·2861················(a00037e10:·2020·2020·2020·2020·2020·2020·2020·2861················(a
00037e20:·7320·6f66·2032·3032·342d·3031·2d31·3429··s·of·2024-01-14)00037e20:·7320·6f66·2032·3032·352d·3032·2d31·3529··s·of·2025-02-15)
00037e30:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············00037e30:·0a20·2020·2020·2020·2020·2020·2020·2020··.···············
00037e40:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div00037e40:·203c·2f6c·693e·3c2f·756c·3e3c·2f64·6976···</li></ul></div
00037e50:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co00037e50:·3e3c·6832·3e54·6162·6c65·206f·6620·436f··><h2>Table·of·Co
00037e60:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><00037e60:·6e74·656e·7473·3c2f·6832·3e3c·6f6c·3e3c··ntents</h2><ol><
00037e70:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc00037e70:·6c69·3e3c·6120·6872·6566·3d22·2378·6363··li><a·href="#xcc
00037e80:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec00037e80:·6466·5f6f·7267·2e73·7367·7072·6f6a·6563··df_org.ssgprojec
00037e90:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_00037e90:·742e·636f·6e74·656e·745f·6772·6f75·705f··t.content_group_
677 B
html2text {}
    
Offset 38, 15 lines modifiedOffset 38, 15 lines modified
38 Profile·Title·Public·Cloud·Hardening·for·SUSE·Linux·Enterprise·1538 Profile·Title·Public·Cloud·Hardening·for·SUSE·Linux·Enterprise·15
39 Profile·ID····xccdf_org.ssgproject.content_profile_pcs-hardening39 Profile·ID····xccdf_org.ssgproject.content_profile_pcs-hardening
40 ***·CPE·Platforms·***40 ***·CPE·Platforms·***
41 ····*·cpe:/o:suse:linux_enterprise_desktop:1541 ····*·cpe:/o:suse:linux_enterprise_desktop:15
42 ····*·cpe:/o:suse:linux_enterprise_server:1542 ····*·cpe:/o:suse:linux_enterprise_server:15
43 *****·Revision·History·*****43 *****·Revision·History·*****
44 Current·version:·0.1.6544 Current·version:·0.1.65
45 ····*·draft·(as·of·2024-01-14)45 ····*·draft·(as·of·2025-02-15)
46 *****·Table·of·Contents·*****46 *****·Table·of·Contents·*****
47 ···1.·System_Settings47 ···1.·System_Settings
48 ·········1.·Installing_and_Maintaining_Software48 ·········1.·Installing_and_Maintaining_Software
49 ·········2.·Account_and_Access_Control49 ·········2.·Account_and_Access_Control
50 ·········3.·System_Accounting_with_auditd50 ·········3.·System_Accounting_with_auditd
51 ·········4.·Configure_Syslog51 ·········4.·Configure_Syslog
52 ·········5.·Network_Configuration_and_Firewalls52 ·········5.·Network_Configuration_and_Firewalls
2.02 KB
./usr/share/doc/ssg-nondebian/ssg-sle15-guide-standard.html
    
Offset 14306, 16 lines modifiedOffset 14306, 16 lines modified
00037e10:·696f·6e20·4869·7374·6f72·793c·2f68·323e··ion·History</h2>00037e10:·696f·6e20·4869·7374·6f72·793c·2f68·323e··ion·History</h2>
00037e20:·3c70·3e43·7572·7265·6e74·2076·6572·7369··<p>Current·versi00037e20:·3c70·3e43·7572·7265·6e74·2076·6572·7369··<p>Current·versi
00037e30:·6f6e·3a20·3c73·7472·6f6e·673e·302e·312e··on:·<strong>0.1.00037e30:·6f6e·3a20·3c73·7472·6f6e·673e·302e·312e··on:·<strong>0.1.
00037e40:·3635·3c2f·7374·726f·6e67·3e3c·2f70·3e3c··65</strong></p><00037e40:·3635·3c2f·7374·726f·6e67·3e3c·2f70·3e3c··65</strong></p><
00037e50:·756c·3e3c·6c69·3e3c·7374·726f·6e67·3e64··ul><li><strong>d00037e50:·756c·3e3c·6c69·3e3c·7374·726f·6e67·3e64··ul><li><strong>d
00037e60:·7261·6674·3c2f·7374·726f·6e67·3e0a·2020··raft</strong>.··00037e60:·7261·6674·3c2f·7374·726f·6e67·3e0a·2020··raft</strong>.··
00037e70:·2020·2020·2020·2020·2020·2020·2020·2020··················00037e70:·2020·2020·2020·2020·2020·2020·2020·2020··················
00037e80:·2020·2861·7320·6f66·2032·3032·342d·3031····(as·of·2024-0100037e80:·2020·2861·7320·6f66·2032·3032·352d·3032····(as·of·2025-02
00037e90:·2d31·3429·0a20·2020·2020·2020·2020·2020··-14).···········00037e90:·2d31·3529·0a20·2020·2020·2020·2020·2020··-15).···········
00037ea0:·2020·2020·203c·2f6c·693e·3c2f·756c·3e3c·······</li></ul><00037ea0:·2020·2020·203c·2f6c·693e·3c2f·756c·3e3c·······</li></ul><
00037eb0:·2f64·6976·3e3c·6832·3e54·6162·6c65·206f··/div><h2>Table·o00037eb0:·2f64·6976·3e3c·6832·3e54·6162·6c65·206f··/div><h2>Table·o
00037ec0:·6620·436f·6e74·656e·7473·3c2f·6832·3e3c··f·Contents</h2><00037ec0:·6620·436f·6e74·656e·7473·3c2f·6832·3e3c··f·Contents</h2><
00037ed0:·6f6c·3e3c·6c69·3e3c·6120·6872·6566·3d22··ol><li><a·href="00037ed0:·6f6c·3e3c·6c69·3e3c·6120·6872·6566·3d22··ol><li><a·href="
00037ee0:·2378·6363·6466·5f6f·7267·2e73·7367·7072··#xccdf_org.ssgpr00037ee0:·2378·6363·6466·5f6f·7267·2e73·7367·7072··#xccdf_org.ssgpr
00037ef0:·6f6a·6563·742e·636f·6e74·656e·745f·6772··oject.content_gr00037ef0:·6f6a·6563·742e·636f·6e74·656e·745f·6772··oject.content_gr
00037f00:·6f75·705f·7379·7374·656d·223e·5379·7374··oup_system">Syst00037f00:·6f75·705f·7379·7374·656d·223e·5379·7374··oup_system">Syst
682 B
html2text {}
    
Offset 41, 15 lines modifiedOffset 41, 15 lines modified
41 Profile·Title·Standard·System·Security·Profile·for·SUSE·Linux·Enterprise·1541 Profile·Title·Standard·System·Security·Profile·for·SUSE·Linux·Enterprise·15
42 Profile·ID····xccdf_org.ssgproject.content_profile_standard42 Profile·ID····xccdf_org.ssgproject.content_profile_standard
43 ***·CPE·Platforms·***43 ***·CPE·Platforms·***
44 ····*·cpe:/o:suse:linux_enterprise_desktop:1544 ····*·cpe:/o:suse:linux_enterprise_desktop:15
45 ····*·cpe:/o:suse:linux_enterprise_server:1545 ····*·cpe:/o:suse:linux_enterprise_server:15
46 *****·Revision·History·*****46 *****·Revision·History·*****
47 Current·version:·0.1.6547 Current·version:·0.1.65
48 ····*·draft·(as·of·2024-01-14)48 ····*·draft·(as·of·2025-02-15)
49 *****·Table·of·Contents·*****49 *****·Table·of·Contents·*****
50 ···1.·System_Settings50 ···1.·System_Settings
51 ·········1.·Installing_and_Maintaining_Software51 ·········1.·Installing_and_Maintaining_Software
52 ·········2.·Account_and_Access_Control52 ·········2.·Account_and_Access_Control
53 ·········3.·System_Accounting_with_auditd53 ·········3.·System_Accounting_with_auditd
54 ·········4.·Configure_Syslog54 ·········4.·Configure_Syslog
55 ·········5.·Network_Configuration_and_Firewalls55 ·········5.·Network_Configuration_and_Firewalls
1.84 KB
./usr/share/doc/ssg-nondebian/ssg-sle15-guide-stig.html
    
Offset 14297, 15 lines modifiedOffset 14297, 15 lines modified
00037d80:·3c2f·6832·3e3c·703e·4375·7272·656e·7420··</h2><p>Current·00037d80:·3c2f·6832·3e3c·703e·4375·7272·656e·7420··</h2><p>Current·
00037d90:·7665·7273·696f·6e3a·203c·7374·726f·6e67··version:·<strong00037d90:·7665·7273·696f·6e3a·203c·7374·726f·6e67··version:·<strong
00037da0:·3e30·2e31·2e36·353c·2f73·7472·6f6e·673e··>0.1.65</strong>00037da0:·3e30·2e31·2e36·353c·2f73·7472·6f6e·673e··>0.1.65</strong>
00037db0:·3c2f·703e·3c75·6c3e·3c6c·693e·3c73·7472··</p><ul><li><str00037db0:·3c2f·703e·3c75·6c3e·3c6c·693e·3c73·7472··</p><ul><li><str
00037dc0:·6f6e·673e·6472·6166·743c·2f73·7472·6f6e··ong>draft</stron00037dc0:·6f6e·673e·6472·6166·743c·2f73·7472·6f6e··ong>draft</stron
00037dd0:·673e·0a20·2020·2020·2020·2020·2020·2020··g>.·············00037dd0:·673e·0a20·2020·2020·2020·2020·2020·2020··g>.·············
00037de0:·2020·2020·2020·2028·6173·206f·6620·3230·········(as·of·2000037de0:·2020·2020·2020·2028·6173·206f·6620·3230·········(as·of·20
00037df0:·3234·2d30·312d·3134·290a·2020·2020·2020··24-01-14).······00037df0:·3235·2d30·322d·3135·290a·2020·2020·2020··25-02-15).······
00037e00:·2020·2020·2020·2020·2020·3c2f·6c69·3e3c············</li><00037e00:·2020·2020·2020·2020·2020·3c2f·6c69·3e3c············</li><
00037e10:·2f75·6c3e·3c2f·6469·763e·3c68·323e·5461··/ul></div><h2>Ta00037e10:·2f75·6c3e·3c2f·6469·763e·3c68·323e·5461··/ul></div><h2>Ta
00037e20:·626c·6520·6f66·2043·6f6e·7465·6e74·733c··ble·of·Contents<00037e20:·626c·6520·6f66·2043·6f6e·7465·6e74·733c··ble·of·Contents<
00037e30:·2f68·323e·3c6f·6c3e·3c6c·693e·3c61·2068··/h2><ol><li><a·h00037e30:·2f68·323e·3c6f·6c3e·3c6c·693e·3c61·2068··/h2><ol><li><a·h
00037e40:·7265·663d·2223·7863·6364·665f·6f72·672e··ref="#xccdf_org.00037e40:·7265·663d·2223·7863·6364·665f·6f72·672e··ref="#xccdf_org.
00037e50:·7373·6770·726f·6a65·6374·2e63·6f6e·7465··ssgproject.conte00037e50:·7373·6770·726f·6a65·6374·2e63·6f6e·7465··ssgproject.conte
00037e60:·6e74·5f67·726f·7570·5f73·7973·7465·6d22··nt_group_system"00037e60:·6e74·5f67·726f·7570·5f73·7973·7465·6d22··nt_group_system"
642 B
html2text {}
    
Offset 38, 15 lines modifiedOffset 38, 15 lines modified
38 Profile·Title·DISA·STIG·for·SUSE·Linux·Enterprise·1538 Profile·Title·DISA·STIG·for·SUSE·Linux·Enterprise·15
39 Profile·ID····xccdf_org.ssgproject.content_profile_stig39 Profile·ID····xccdf_org.ssgproject.content_profile_stig
40 ***·CPE·Platforms·***40 ***·CPE·Platforms·***
41 ····*·cpe:/o:suse:linux_enterprise_desktop:1541 ····*·cpe:/o:suse:linux_enterprise_desktop:15
42 ····*·cpe:/o:suse:linux_enterprise_server:1542 ····*·cpe:/o:suse:linux_enterprise_server:15
43 *****·Revision·History·*****43 *****·Revision·History·*****
44 Current·version:·0.1.6544 Current·version:·0.1.65
45 ····*·draft·(as·of·2024-01-14)45 ····*·draft·(as·of·2025-02-15)
46 *****·Table·of·Contents·*****46 *****·Table·of·Contents·*****
47 ···1.·System_Settings47 ···1.·System_Settings
48 ·········1.·Installing_and_Maintaining_Software48 ·········1.·Installing_and_Maintaining_Software
49 ·········2.·Account_and_Access_Control49 ·········2.·Account_and_Access_Control
50 ·········3.·System_Accounting_with_auditd50 ·········3.·System_Accounting_with_auditd
51 ·········4.·AppArmor51 ·········4.·AppArmor
52 ·········5.·GRUB2_bootloader_configuration52 ·········5.·GRUB2_bootloader_configuration
1.83 KB
./usr/share/doc/ssg-nondebian/ssg-uos20-guide-standard.html
    
Offset 14290, 15 lines modifiedOffset 14290, 15 lines modified
00037d10:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current00037d10:·793c·2f68·323e·3c70·3e43·7572·7265·6e74··y</h2><p>Current
00037d20:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron00037d20:·2076·6572·7369·6f6e·3a20·3c73·7472·6f6e···version:·<stron
00037d30:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong00037d30:·673e·302e·312e·3635·3c2f·7374·726f·6e67··g>0.1.65</strong
00037d40:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st00037d40:·3e3c·2f70·3e3c·756c·3e3c·6c69·3e3c·7374··></p><ul><li><st
00037d50:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro00037d50:·726f·6e67·3e64·7261·6674·3c2f·7374·726f··rong>draft</stro
00037d60:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············00037d60:·6e67·3e0a·2020·2020·2020·2020·2020·2020··ng>.············
00037d70:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·200037d70:·2020·2020·2020·2020·2861·7320·6f66·2032··········(as·of·2
00037d80:·3032·342d·3031·2d31·3429·0a20·2020·2020··024-01-14).·····00037d80:·3032·352d·3032·2d31·3529·0a20·2020·2020··025-02-15).·····
00037d90:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>00037d90:·2020·2020·2020·2020·2020·203c·2f6c·693e·············</li>
00037da0:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T00037da0:·3c2f·756c·3e3c·2f64·6976·3e3c·6832·3e54··</ul></div><h2>T
00037db0:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents00037db0:·6162·6c65·206f·6620·436f·6e74·656e·7473··able·of·Contents
00037dc0:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·00037dc0:·3c2f·6832·3e3c·6f6c·3e3c·6c69·3e3c·6120··</h2><ol><li><a·
00037dd0:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org00037dd0:·6872·6566·3d22·2378·6363·6466·5f6f·7267··href="#xccdf_org
00037de0:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont00037de0:·2e73·7367·7072·6f6a·6563·742e·636f·6e74··.ssgproject.cont
00037df0:·656e·745f·6772·6f75·705f·7379·7374·656d··ent_group_system00037df0:·656e·745f·6772·6f75·705f·7379·7374·656d··ent_group_system
625 B
html2text {}
    
Offset 39, 15 lines modifiedOffset 39, 15 lines modified
39 *****·Profile·Information·*****39 *****·Profile·Information·*****
40 Profile·Title·Standard·System·Security·Profile·for·UnionTech·OS·Server·2040 Profile·Title·Standard·System·Security·Profile·for·UnionTech·OS·Server·20
41 Profile·ID····xccdf_org.ssgproject.content_profile_standard41 Profile·ID····xccdf_org.ssgproject.content_profile_standard
42 ***·CPE·Platforms·***42 ***·CPE·Platforms·***
43 ····*·cpe:/o:uos:uniontech_os_server:2043 ····*·cpe:/o:uos:uniontech_os_server:20
44 *****·Revision·History·*****44 *****·Revision·History·*****
45 Current·version:·0.1.6545 Current·version:·0.1.65
46 ····*·draft·(as·of·2024-01-14)46 ····*·draft·(as·of·2025-02-15)
47 *****·Table·of·Contents·*****47 *****·Table·of·Contents·*****
48 ···1.·System_Settings48 ···1.·System_Settings
49 ·········1.·Installing_and_Maintaining_Software49 ·········1.·Installing_and_Maintaining_Software
50 ·········2.·System_Accounting_with_auditd50 ·········2.·System_Accounting_with_auditd
51 ·········3.·File_Permissions_and_Masks51 ·········3.·File_Permissions_and_Masks
52 ···2.·Services52 ···2.·Services
53 ·········1.·Base_Services53 ·········1.·Base_Services
9.93 KB
./usr/share/doc/ssg-nondebian/table-ol7-nistrefs-stig.html
    
Offset 7647, 18 lines modifiedOffset 7647, 18 lines modified
0001dde0:·7061·7373·776f·7264·7320·6865·6c70·7320··passwords·helps·0001dde0:·7061·7373·776f·7264·7320·6865·6c70·7320··passwords·helps·
0001ddf0:·656e·7375·7265·2074·6861·7420·6120·636f··ensure·that·a·co0001ddf0:·656e·7375·7265·2074·6861·7420·6120·636f··ensure·that·a·co
0001de00:·6d70·726f·6d69·7365·6420·7061·7373·776f··mpromised·passwo0001de00:·6d70·726f·6d69·7365·6420·7061·7373·776f··mpromised·passwo
0001de10:·7264·2069·7320·6e6f·7420·7265·2d75·7365··rd·is·not·re-use0001de10:·7264·2069·7320·6e6f·7420·7265·2d75·7365··rd·is·not·re-use
0001de20:·6420·6279·2061·2075·7365·722e·0a20·203c··d·by·a·user..··<0001de20:·6420·6279·2061·2075·7365·722e·0a20·203c··d·by·a·user..··<
0001de30:·2f74·643e·0a20·203c·7464·3e76·6172·5f70··/td>.··<td>var_p0001de30:·2f74·643e·0a20·203c·7464·3e76·6172·5f70··/td>.··<td>var_p
0001de40:·6173·7377·6f72·645f·7061·6d5f·7265·6d65··assword_pam_reme0001de40:·6173·7377·6f72·645f·7061·6d5f·7265·6d65··assword_pam_reme
0001de50:·6d62·6572·3d35·3c62·722f·3e76·6172·5f70··mber=5<br/>var_p 
0001de60:·6173·7377·6f72·645f·7061·6d5f·7265·6d65··assword_pam_reme 
0001de70:·6d62·6572·5f63·6f6e·7472·6f6c·5f66·6c61··mber_control_fla0001de50:·6d62·6572·5f63·6f6e·7472·6f6c·5f66·6c61··mber_control_fla
0001de80:·673d·7265·7175·6972·6564·3c2f·7464·3e0a··g=required</td>.0001de60:·673d·7265·7175·6972·6564·3c62·722f·3e76··g=required<br/>v
 0001de70:·6172·5f70·6173·7377·6f72·645f·7061·6d5f··ar_password_pam_
 0001de80:·7265·6d65·6d62·6572·3d35·3c2f·7464·3e0a··remember=5</td>.
0001de90:·3c2f·7472·3e0a·3c74·723e·0a20·203c·7464··</tr>.<tr>.··<td0001de90:·3c2f·7472·3e0a·3c74·723e·0a20·203c·7464··</tr>.<tr>.··<td
0001dea0:·3e49·412d·3528·6629·3c62·722f·3e49·412d··>IA-5(f)<br/>IA-0001dea0:·3e49·412d·3528·6629·3c62·722f·3e49·412d··>IA-5(f)<br/>IA-
0001deb0:·3528·3129·2865·293c·2f74·643e·0a20·203c··5(1)(e)</td>.··<0001deb0:·3528·3129·2865·293c·2f74·643e·0a20·203c··5(1)(e)</td>.··<
0001dec0:·7464·3e4e·2f41·3c2f·7464·3e0a·2020·3c74··td>N/A</td>.··<t0001dec0:·7464·3e4e·2f41·3c2f·7464·3e0a·2020·3c74··td>N/A</td>.··<t
0001ded0:·643e·4c69·6d69·7420·5061·7373·776f·7264··d>Limit·Password0001ded0:·643e·4c69·6d69·7420·5061·7373·776f·7264··d>Limit·Password
0001dee0:·2052·6575·7365·3a20·7379·7374·656d·2d61···Reuse:·system-a0001dee0:·2052·6575·7365·3a20·7379·7374·656d·2d61···Reuse:·system-a
0001def0:·7574·683c·2f74·643e·0a20·203c·7464·2078··uth</td>.··<td·x0001def0:·7574·683c·2f74·643e·0a20·203c·7464·2078··uth</td>.··<td·x
Offset 7703, 19 lines modifiedOffset 7703, 19 lines modified
0001e160:·7265·7669·6f75·7320·7061·7373·776f·7264··revious·password0001e160:·7265·7669·6f75·7320·7061·7373·776f·7264··revious·password
0001e170:·7320·6865·6c70·7320·656e·7375·7265·2074··s·helps·ensure·t0001e170:·7320·6865·6c70·7320·656e·7375·7265·2074··s·helps·ensure·t
0001e180:·6861·7420·6120·636f·6d70·726f·6d69·7365··hat·a·compromise0001e180:·6861·7420·6120·636f·6d70·726f·6d69·7365··hat·a·compromise
0001e190:·6420·7061·7373·776f·7264·2069·7320·6e6f··d·password·is·no0001e190:·6420·7061·7373·776f·7264·2069·7320·6e6f··d·password·is·no
0001e1a0:·7420·7265·2d75·7365·6420·6279·2061·2075··t·re-used·by·a·u0001e1a0:·7420·7265·2d75·7365·6420·6279·2061·2075··t·re-used·by·a·u
0001e1b0:·7365·722e·0a20·203c·2f74·643e·0a20·203c··ser..··</td>.··<0001e1b0:·7365·722e·0a20·203c·2f74·643e·0a20·203c··ser..··</td>.··<
0001e1c0:·7464·3e76·6172·5f70·6173·7377·6f72·645f··td>var_password_0001e1c0:·7464·3e76·6172·5f70·6173·7377·6f72·645f··td>var_password_
0001e1d0:·7061·6d5f·7265·6d65·6d62·6572·3d35·3c62··pam_remember=5<b 
0001e1e0:·722f·3e76·6172·5f70·6173·7377·6f72·645f··r/>var_password_ 
0001e1f0:·7061·6d5f·7265·6d65·6d62·6572·5f63·6f6e··pam_remember_con0001e1d0:·7061·6d5f·7265·6d65·6d62·6572·5f63·6f6e··pam_remember_con
0001e200:·7472·6f6c·5f66·6c61·673d·7265·7175·6972··trol_flag=requir0001e1e0:·7472·6f6c·5f66·6c61·673d·7265·7175·6972··trol_flag=requir
 0001e1f0:·6564·3c62·722f·3e76·6172·5f70·6173·7377··ed<br/>var_passw
 0001e200:·6f72·645f·7061·6d5f·7265·6d65·6d62·6572··ord_pam_remember
0001e210:·6564·3c2f·7464·3e0a·3c2f·7472·3e0a·3c74··ed</td>.</tr>.<t0001e210:·3d35·3c2f·7464·3e0a·3c2f·7472·3e0a·3c74··=5</td>.</tr>.<t
0001e220:·723e·0a20·203c·7464·3e49·412d·3528·6329··r>.··<td>IA-5(c)0001e220:·723e·0a20·203c·7464·3e49·412d·3528·6329··r>.··<td>IA-5(c)
0001e230:·3c62·722f·3e49·412d·3528·3129·2861·293c··<br/>IA-5(1)(a)<0001e230:·3c62·722f·3e49·412d·3528·3129·2861·293c··<br/>IA-5(1)(a)<
0001e240:·6272·2f3e·434d·2d36·2861·293c·6272·2f3e··br/>CM-6(a)<br/>0001e240:·6272·2f3e·434d·2d36·2861·293c·6272·2f3e··br/>CM-6(a)<br/>
0001e250:·4941·2d35·2834·293c·2f74·643e·0a20·203c··IA-5(4)</td>.··<0001e250:·4941·2d35·2834·293c·2f74·643e·0a20·203c··IA-5(4)</td>.··<
0001e260:·7464·3e4e·2f41·3c2f·7464·3e0a·2020·3c74··td>N/A</td>.··<t0001e260:·7464·3e4e·2f41·3c2f·7464·3e0a·2020·3c74··td>N/A</td>.··<t
0001e270:·643e·456e·7375·7265·2050·414d·2045·6e66··d>Ensure·PAM·Enf0001e270:·643e·456e·7375·7265·2050·414d·2045·6e66··d>Ensure·PAM·Enf
0001e280:·6f72·6365·7320·5061·7373·776f·7264·2052··orces·Password·R0001e280:·6f72·6365·7320·5061·7373·776f·7264·2052··orces·Password·R
Offset 8528, 18 lines modifiedOffset 8528, 18 lines modified
000214f0:·2075·7365·2074·6865·2069·6e66·6f72·6d61···use·the·informa000214f0:·2075·7365·2074·6865·2069·6e66·6f72·6d61···use·the·informa
00021500:·7469·6f6e·2074·6f20·706f·7465·6e74·6961··tion·to·potentia00021500:·7469·6f6e·2074·6f20·706f·7465·6e74·6961··tion·to·potentia
00021510:·6c6c·7920·636f·6d70·726f·6d69·7365·2074··lly·compromise·t00021510:·6c6c·7920·636f·6d70·726f·6d69·7365·2074··lly·compromise·t
00021520:·6865·2069·6e74·6567·7269·7479·206f·6620··he·integrity·of·00021520:·6865·2069·6e74·6567·7269·7479·206f·6620··he·integrity·of·
00021530:·7468·6520·7379·7374·656d·2061·6e64·0a6e··the·system·and.n00021530:·7468·6520·7379·7374·656d·2061·6e64·0a6e··the·system·and.n
00021540:·6574·776f·726b·2873·292e·0a20·203c·2f74··etwork(s)..··</t00021540:·6574·776f·726b·2873·292e·0a20·203c·2f74··etwork(s)..··</t
00021550:·643e·0a20·203c·7464·3e76·6172·5f73·6e6d··d>.··<td>var_snm00021550:·643e·0a20·203c·7464·3e76·6172·5f73·6e6d··d>.··<td>var_snm
00021560:·7064·5f72·6f5f·7374·7269·6e67·3d63·6861··pd_ro_string=cha00021560:·7064·5f72·775f·7374·7269·6e67·3d63·6861··pd_rw_string=cha
00021570:·6e67·656d·6572·6f3c·6272·2f3e·7661·725f··ngemero<br/>var_00021570:·6e67·656d·6572·773c·6272·2f3e·7661·725f··ngemerw<br/>var_
00021580:·736e·6d70·645f·7277·5f73·7472·696e·673d··snmpd_rw_string=00021580:·736e·6d70·645f·726f·5f73·7472·696e·673d··snmpd_ro_string=
00021590:·6368·616e·6765·6d65·7277·3c2f·7464·3e0a··changemerw</td>.00021590:·6368·616e·6765·6d65·726f·3c2f·7464·3e0a··changemero</td>.
000215a0:·3c2f·7472·3e0a·3c74·723e·0a20·203c·7464··</tr>.<tr>.··<td000215a0:·3c2f·7472·3e0a·3c74·723e·0a20·203c·7464··</tr>.<tr>.··<td
000215b0:·3e43·4d2d·3528·3129·3c62·722f·3e41·552d··>CM-5(1)<br/>AU-000215b0:·3e43·4d2d·3528·3129·3c62·722f·3e41·552d··>CM-5(1)<br/>AU-
000215c0:·3728·6129·3c62·722f·3e41·552d·3728·6229··7(a)<br/>AU-7(b)000215c0:·3728·6129·3c62·722f·3e41·552d·3728·6229··7(a)<br/>AU-7(b)
000215d0:·3c62·722f·3e41·552d·3828·6229·3c62·722f··<br/>AU-8(b)<br/000215d0:·3c62·722f·3e41·552d·3828·6229·3c62·722f··<br/>AU-8(b)<br/
000215e0:·3e41·552d·3132·2833·293c·6272·2f3e·4143··>AU-12(3)<br/>AC000215e0:·3e41·552d·3132·2833·293c·6272·2f3e·4143··>AU-12(3)<br/>AC
000215f0:·2d36·2839·293c·2f74·643e·0a20·203c·7464··-6(9)</td>.··<td000215f0:·2d36·2839·293c·2f74·643e·0a20·203c·7464··-6(9)</td>.··<td
00021600:·3e4e·2f41·3c2f·7464·3e0a·2020·3c74·643e··>N/A</td>.··<td>00021600:·3e4e·2f41·3c2f·7464·3e0a·2020·3c74·643e··>N/A</td>.··<td>
5.17 KB
html2text {}
    
Offset 1666, 30 lines modifiedOffset 1666, 30 lines modified
1666 ··············································································search·space.1666 ··············································································search·space.
1667 ··································Do·not·allow·users·to·reuse·recent1667 ··································Do·not·allow·users·to·reuse·recent
1668 ··································passwords.·This·can·be·accomplished·by1668 ··································passwords.·This·can·be·accomplished·by
1669 ··································using·the·remember·option·for·the1669 ··································using·the·remember·option·for·the
1670 ··································pam_pwhistory·PAM·module.1670 ··································pam_pwhistory·PAM·module.
  
1671 IA-5(f)···························In·the·file·/etc/pam.d/password-auth,·make1671 IA-5(f)···························In·the·file·/etc/pam.d/password-auth,·make
1672 IA-5(1)·N/·Limit·Password·Reuse:··sure·the·parameter·remember·is·present·and··Preventing·re-use·of·previous·passwords·helps·ensure·that·a····var_password_pam_remember=51672 IA-5(1)·N/·Limit·Password·Reuse:··sure·the·parameter·remember·is·present·and··Preventing·re-use·of·previous·passwords·helps·ensure·that·a····var_password_pam_remember_control_flag=required
1673 (e)·····A··password-auth··········it·has·a·value·equal·to·or·greater·than·5.··compromised·password·is·not·re-used·by·a·user.·················var_password_pam_remember_control_flag=required1673 (e)·····A··password-auth··········it·has·a·value·equal·to·or·greater·than·5.··compromised·password·is·not·re-used·by·a·user.·················var_password_pam_remember=5
1674 ··································For·example:1674 ··································For·example:
1675 ··································password·control_flag·pam_pwhistory.so1675 ··································password·control_flag·pam_pwhistory.so
1676 ··································...existing_options...·remember=51676 ··································...existing_options...·remember=5
1677 ··································use_authtok1677 ··································use_authtok
1678 ··································control_flag·should·be·one·of·the·next1678 ··································control_flag·should·be·one·of·the·next
1679 ··································values:·required1679 ··································values:·required
1680 ··································Do·not·allow·users·to·reuse·recent1680 ··································Do·not·allow·users·to·reuse·recent
1681 ··································passwords.·This·can·be·accomplished·by1681 ··································passwords.·This·can·be·accomplished·by
1682 ··································using·the·remember·option·for·the1682 ··································using·the·remember·option·for·the
1683 ··································pam_pwhistory·PAM·module.1683 ··································pam_pwhistory·PAM·module.
  
1684 IA-5(f)···························In·the·file·/etc/pam.d/system-auth,·make1684 IA-5(f)···························In·the·file·/etc/pam.d/system-auth,·make
1685 IA-5(1)·N/·Limit·Password·Reuse:··sure·the·parameter·remember·is·present·and··Preventing·re-use·of·previous·passwords·helps·ensure·that·a····var_password_pam_remember=51685 IA-5(1)·N/·Limit·Password·Reuse:··sure·the·parameter·remember·is·present·and··Preventing·re-use·of·previous·passwords·helps·ensure·that·a····var_password_pam_remember_control_flag=required
1686 (e)·····A··system-auth············it·has·a·value·equal·to·or·greater·than·5···compromised·password·is·not·re-used·by·a·user.·················var_password_pam_remember_control_flag=required1686 (e)·····A··system-auth············it·has·a·value·equal·to·or·greater·than·5···compromised·password·is·not·re-used·by·a·user.·················var_password_pam_remember=5
1687 ··································For·example:1687 ··································For·example:
1688 ··································password·control_flag·pam_pwhistory.so1688 ··································password·control_flag·pam_pwhistory.so
1689 ··································...existing_options...·remember=51689 ··································...existing_options...·remember=5
1690 ··································use_authtok1690 ··································use_authtok
1691 ··································control_flag·should·be·one·of·the·next1691 ··································control_flag·should·be·one·of·the·next
1692 ··································values:·required1692 ··································values:·required
1693 ··································The·pam_pwquality·module's·ucredit=·········Use·of·a·complex·password·helps·to·increase·the·time·and1693 ··································The·pam_pwquality·module's·ucredit=·········Use·of·a·complex·password·helps·to·increase·the·time·and
Offset 1837, 16 lines modifiedOffset 1837, 16 lines modified
1837 ··································This·will·help·ensure·when·local·users······configuration·option·ensures·the·use·of·a·strong·hashing1837 ··································This·will·help·ensure·when·local·users······configuration·option·ensures·the·use·of·a·strong·hashing
1838 ··································change·their·passwords,·hashes·for·the·new··algorithm·that·makes·password·cracking·attacks·more·difficult.1838 ··································change·their·passwords,·hashes·for·the·new··algorithm·that·makes·password·cracking·attacks·more·difficult.
1839 ··································passwords·will·be·generated·using·the·SHA-1839 ··································passwords·will·be·generated·using·the·SHA-
1840 ··································512·algorithm.·This·is·the·default.1840 ··································512·algorithm.·This·is·the·default.
1841 ··································Edit·/etc/snmp/snmpd.conf,·remove·or·change1841 ··································Edit·/etc/snmp/snmpd.conf,·remove·or·change
1842 ··································the·default·community·strings·of·public·and·Whether·active·or·not,·default·simple·network·management1842 ··································the·default·community·strings·of·public·and·Whether·active·or·not,·default·simple·network·management
1843 ··································private.·This·profile·configures·new·read-··protocol·(SNMP)·community·strings·must·be·changed·to·maintain1843 ··································private.·This·profile·configures·new·read-··protocol·(SNMP)·community·strings·must·be·changed·to·maintain
1844 IA-5(e)·N/·Ensure·Default·SNMP····only·community·string·to·changemero·and·····security.·If·the·service·is·running·with·the·default···········var_snmpd_ro_string=changemero1844 IA-5(e)·N/·Ensure·Default·SNMP····only·community·string·to·changemero·and·····security.·If·the·service·is·running·with·the·default···········var_snmpd_rw_string=changemerw
1845 ········A··Password·Is·Not·Used···read-write·community·string·to·changemerw.··authenticators,·then·anyone·can·gather·data·about·the·system···var_snmpd_rw_string=changemerw1845 ········A··Password·Is·Not·Used···read-write·community·string·to·changemerw.··authenticators,·then·anyone·can·gather·data·about·the·system···var_snmpd_ro_string=changemero
1846 ··································Once·the·default·community·strings·have·····and·the·network·and·use·the·information·to·potentially1846 ··································Once·the·default·community·strings·have·····and·the·network·and·use·the·information·to·potentially
1847 ··································been·changed,·restart·the·SNMP·service:·····compromise·the·integrity·of·the·system·and·network(s).1847 ··································been·changed,·restart·the·SNMP·service:·····compromise·the·integrity·of·the·system·and·network(s).
1848 ··································$·sudo·service·snmpd·restart1848 ··································$·sudo·service·snmpd·restart
1849 ··································Verify·the·system·generates·an·audit·record1849 ··································Verify·the·system·generates·an·audit·record
1850 ··································when·privileged·functions·are·executed.·If1850 ··································when·privileged·functions·are·executed.·If
1851 ··································audit·is·using·the·"auditctl"·tool·to·load1851 ··································audit·is·using·the·"auditctl"·tool·to·load
1852 ··································the·rules,·run·the·following·command:1852 ··································the·rules,·run·the·following·command:
7.07 KB
./usr/share/doc/ssg-nondebian/table-ol8-nistrefs-ospp.html
    
Offset 4058, 15 lines modifiedOffset 4058, 15 lines modified
4058 <tt>RekeyLimit</tt>.4058 <tt>RekeyLimit</tt>.
4059 ··</td>4059 ··</td>
4060 ··<td·xml:lang="en-US">4060 ··<td·xml:lang="en-US">
4061 By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling4061 By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling
4062 time-based·limit,·effects·of·potential·attacks·against4062 time-based·limit,·effects·of·potential·attacks·against
4063 encryption·keys·are·limited.4063 encryption·keys·are·limited.
4064 ··</td>4064 ··</td>
4065 ··<td>var_ssh_client_rekey_limit_size=1G<br/>var_ssh_client_rekey_limit_time=1hour</td>4065 ··<td>var_ssh_client_rekey_limit_time=1hour<br/>var_ssh_client_rekey_limit_size=1G</td>
4066 </tr>4066 </tr>
4067 <tr>4067 <tr>
4068 ··<td></td>4068 ··<td></td>
4069 ··<td>N/A</td>4069 ··<td>N/A</td>
4070 ··<td>SSH·client·uses·strong·entropy·to·seed·(for·CSH·like·shells)</td>4070 ··<td>SSH·client·uses·strong·entropy·to·seed·(for·CSH·like·shells)</td>
4071 ··<td·xml:lang="en-US">4071 ··<td·xml:lang="en-US">
4072 To·set·up·SSH·client·to·use·entropy·from·a·high-quality·source,·make·sure4072 To·set·up·SSH·client·to·use·entropy·from·a·high-quality·source,·make·sure
Offset 4121, 15 lines modifiedOffset 4121, 15 lines modified
4121 <pre>RekeyLimit·<tt>1G</tt>·<tt>1hour</tt></pre>4121 <pre>RekeyLimit·<tt>1G</tt>·<tt>1hour</tt></pre>
4122 ··</td>4122 ··</td>
4123 ··<td·xml:lang="en-US">4123 ··<td·xml:lang="en-US">
4124 By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling4124 By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling
4125 time-based·limit,·effects·of·potential·attacks·against4125 time-based·limit,·effects·of·potential·attacks·against
4126 encryption·keys·are·limited.4126 encryption·keys·are·limited.
4127 ··</td>4127 ··</td>
4128 ··<td>var_rekey_limit_size=1G<br/>var_rekey_limit_time=1hour</td>4128 ··<td>var_rekey_limit_time=1hour<br/>var_rekey_limit_size=1G</td>
4129 </tr>4129 </tr>
4130 <tr>4130 <tr>
4131 ··<td></td>4131 ··<td></td>
4132 ··<td>N/A</td>4132 ··<td>N/A</td>
4133 ··<td>SSH·server·uses·strong·entropy·to·seed</td>4133 ··<td>SSH·server·uses·strong·entropy·to·seed</td>
4134 ··<td·xml:lang="en-US">4134 ··<td·xml:lang="en-US">
4135 To·set·up·SSH·server·to·use·entropy·from·a·high-quality·source,·edit·the·<tt>/etc/sysconfig/sshd</tt>·file.4135 To·set·up·SSH·server·to·use·entropy·from·a·high-quality·source,·edit·the·<tt>/etc/sysconfig/sshd</tt>·file.
5.72 KB
html2text {}
    
Offset 1878, 16 lines modifiedOffset 1878, 16 lines modified
1878 ·····N/·certificate·for··/etc/rsyslog.conf,·for·example·with·the·following·command:·······························start·with1878 ·····N/·certificate·for··/etc/rsyslog.conf,·for·example·with·the·following·command:·······························start·with
1879 ·····A··rsyslog·remote···echo·'global(DefaultNetstreamDriverCAFile="/etc/pki/tls/cert.pem")'·>>·/etc/rsyslog.conf·error:·ca·certificate·is·not·set,·cannot·continue1879 ·····A··rsyslog·remote···echo·'global(DefaultNetstreamDriverCAFile="/etc/pki/tls/cert.pem")'·>>·/etc/rsyslog.conf·error:·ca·certificate·is·not·set,·cannot·continue
1880 ········logging··········Replace·the·/etc/pki/tls/cert.pem·in·the·above·command·with·the·path·to·the·file·with·CA1880 ········logging··········Replace·the·/etc/pki/tls/cert.pem·in·the·above·command·with·the·path·to·the·file·with·CA
1881 ·························certificate·generated·for·the·purpose·of·remote·logging.1881 ·························certificate·generated·for·the·purpose·of·remote·logging.
1882 ·························The·RekeyLimit·parameter·specifies·how·often·the·session·key·is·renegotiated,·both·in1882 ·························The·RekeyLimit·parameter·specifies·how·often·the·session·key·is·renegotiated,·both·in
1883 ·························terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.·To·decrease·the1883 ·························terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.·To·decrease·the
1884 ········Configure········default·limits,·put·line·RekeyLimit·1G·1hour·to·file·/etc/ssh/ssh_config.d/02-rekey-·····By·decreasing·the·limit·based·on·the·amount·of·data·and1884 ········Configure········default·limits,·put·line·RekeyLimit·1G·1hour·to·file·/etc/ssh/ssh_config.d/02-rekey-·····By·decreasing·the·limit·based·on·the·amount·of·data·and
1885 ·····N/·session··········limit.conf.·Make·sure·that·there·is·no·other·RekeyLimit·configuration·preceding·the······enabling·time-based·limit,·effects·of·potential·attacks········var_ssh_client_rekey_limit_size=1G1885 ·····N/·session··········limit.conf.·Make·sure·that·there·is·no·other·RekeyLimit·configuration·preceding·the······enabling·time-based·limit,·effects·of·potential·attacks········var_ssh_client_rekey_limit_time=1hour
1886 ·····A··renegotiation····include·directive·in·the·main·config·file·/etc/ssh/ssh_config.·Check·also·other·files·in·against·encryption·keys·are·limited.···························var_ssh_client_rekey_limit_time=1hour1886 ·····A··renegotiation····include·directive·in·the·main·config·file·/etc/ssh/ssh_config.·Check·also·other·files·in·against·encryption·keys·are·limited.···························var_ssh_client_rekey_limit_size=1G
1887 ········for·SSH·client···/etc/ssh/ssh_config.d·directory.·Files·are·processed·according·to·lexicographical·order1887 ········for·SSH·client···/etc/ssh/ssh_config.d·directory.·Files·are·processed·according·to·lexicographical·order
1888 ·························of·file·names.·Make·sure·that·there·is·no·file·processed·before·02-rekey-limit.conf1888 ·························of·file·names.·Make·sure·that·there·is·no·file·processed·before·02-rekey-limit.conf
1889 ·························containing·definition·of·RekeyLimit.1889 ·························containing·definition·of·RekeyLimit.
1890 ·························To·set·up·SSH·client·to·use·entropy·from·a·high-quality·source,·make·sure·that·the·······Some·SSH·implementations·use·the·openssl·library·for·entropy,1890 ·························To·set·up·SSH·client·to·use·entropy·from·a·high-quality·source,·make·sure·that·the·······Some·SSH·implementations·use·the·openssl·library·for·entropy,
1891 ········SSH·client·uses··appropriate·shell·environment·variable·is·configured.·The·SSH_USE_STRONG_RNG·environment·which·by·default,·doesn't·use·high-entropy·sources.·Randomness1891 ········SSH·client·uses··appropriate·shell·environment·variable·is·configured.·The·SSH_USE_STRONG_RNG·environment·which·by·default,·doesn't·use·high-entropy·sources.·Randomness
1892 ·····N/·strong·entropy···variable·determines·how·many·bytes·of·entropy·to·use.·Make·sure·that·the·file·/etc/······is·needed·to·generate·considerably·more·secure·data-encryption1892 ·····N/·strong·entropy···variable·determines·how·many·bytes·of·entropy·to·use.·Make·sure·that·the·file·/etc/······is·needed·to·generate·considerably·more·secure·data-encryption
1893 ·····A··to·seed·(for·CSH·profile.d/cc-ssh-strong-rng.csh·contains·line············································keys.·Plaintext·padding,·initialization·vectors·in·encryption1893 ·····A··to·seed·(for·CSH·profile.d/cc-ssh-strong-rng.csh·contains·line············································keys.·Plaintext·padding,·initialization·vectors·in·encryption
Offset 1898, 16 lines modifiedOffset 1898, 16 lines modified
1898 ········SSH·client·uses··appropriate·shell·environment·variable·is·configured.·The·SSH_USE_STRONG_RNG·environment·which·by·default,·doesn't·use·high-entropy·sources.·Randomness1898 ········SSH·client·uses··appropriate·shell·environment·variable·is·configured.·The·SSH_USE_STRONG_RNG·environment·which·by·default,·doesn't·use·high-entropy·sources.·Randomness
1899 ·····N/·strong·entropy···variable·determines·how·many·bytes·of·entropy·to·use.·Make·sure·that·the·file·/etc/······is·needed·to·generate·considerably·more·secure·data-encryption1899 ·····N/·strong·entropy···variable·determines·how·many·bytes·of·entropy·to·use.·Make·sure·that·the·file·/etc/······is·needed·to·generate·considerably·more·secure·data-encryption
1900 ·····A··to·seed·(Bash-···profile.d/cc-ssh-strong-rng.sh·contains·line·············································keys.·Plaintext·padding,·initialization·vectors·in·encryption1900 ·····A··to·seed·(Bash-···profile.d/cc-ssh-strong-rng.sh·contains·line·············································keys.·Plaintext·padding,·initialization·vectors·in·encryption
1901 ········like·shells)·····export·SSH_USE_STRONG_RNG=32·····························································algorithms,·and·high-quality·entropy·eliminates·the1901 ········like·shells)·····export·SSH_USE_STRONG_RNG=32·····························································algorithms,·and·high-quality·entropy·eliminates·the
1902 ·························.························································································possibility·that·the·output·of·the·random·number·generator1902 ·························.························································································possibility·that·the·output·of·the·random·number·generator
1903 ··················································································································used·by·SSH·would·be·known·to·potential·attackers.1903 ··················································································································used·by·SSH·would·be·known·to·potential·attackers.
1904 ·························The·RekeyLimit·parameter·specifies·how·often·the·session·key·of·the·is·renegotiated,1904 ·························The·RekeyLimit·parameter·specifies·how·often·the·session·key·of·the·is·renegotiated,
1905 ·····N/·Force·frequent···both·in·terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.············By·decreasing·the·limit·based·on·the·amount·of·data·and········var_rekey_limit_size=1G1905 ·····N/·Force·frequent···both·in·terms·of·amount·of·data·that·may·be·transmitted·and·the·time·elapsed.············By·decreasing·the·limit·based·on·the·amount·of·data·and········var_rekey_limit_time=1hour
1906 ·····A··session·key······To·decrease·the·default·limits,·add·or·correct·the·following·line·in·/etc/ssh/···········enabling·time-based·limit,·effects·of·potential·attacks········var_rekey_limit_time=1hour1906 ·····A··session·key······To·decrease·the·default·limits,·add·or·correct·the·following·line·in·/etc/ssh/···········enabling·time-based·limit,·effects·of·potential·attacks········var_rekey_limit_size=1G
1907 ········renegotiation····sshd_config:·············································································against·encryption·keys·are·limited.1907 ········renegotiation····sshd_config:·············································································against·encryption·keys·are·limited.
1908 ·························RekeyLimit·1G·1hour1908 ·························RekeyLimit·1G·1hour
1909 ··················································································································SSH·implementation·in·Oracle·Linux·8·uses·the·openssl·library,1909 ··················································································································SSH·implementation·in·Oracle·Linux·8·uses·the·openssl·library,
1910 ·························To·set·up·SSH·server·to·use·entropy·from·a·high-quality·source,·edit·the·/etc/sysconfig/·which·doesn't·use·high-entropy·sources·by·default.·Randomness1910 ·························To·set·up·SSH·server·to·use·entropy·from·a·high-quality·source,·edit·the·/etc/sysconfig/·which·doesn't·use·high-entropy·sources·by·default.·Randomness
1911 ·····N/·SSH·server·uses··sshd·file.·The·SSH_USE_STRONG_RNG·configuration·value·determines·how·many·bytes·of·······is·needed·to·generate·data-encryption·keys,·and·as·plaintext1911 ·····N/·SSH·server·uses··sshd·file.·The·SSH_USE_STRONG_RNG·configuration·value·determines·how·many·bytes·of·······is·needed·to·generate·data-encryption·keys,·and·as·plaintext
1912 ·····A··strong·entropy···entropy·to·use,·so·make·sure·that·the·file·contains·line·································padding·and·initialization·vectors·in·encryption·algorithms,1912 ·····A··strong·entropy···entropy·to·use,·so·make·sure·that·the·file·contains·line·································padding·and·initialization·vectors·in·encryption·algorithms,
1913 ········to·seed··········SSH_USE_STRONG_RNG=32····································································and·high-quality·entropy·elliminates·the·possibility·that·the1913 ········to·seed··········SSH_USE_STRONG_RNG=32····································································and·high-quality·entropy·elliminates·the·possibility·that·the
10.4 KB
./usr/share/doc/ssg-nondebian/table-ol8-nistrefs-stig.html
    
Offset 7986, 18 lines modifiedOffset 7986, 18 lines modified
0001f310:·7573·2070·6173·7377·6f72·6473·2068·656c··us·passwords·hel0001f310:·7573·2070·6173·7377·6f72·6473·2068·656c··us·passwords·hel
0001f320:·7073·2065·6e73·7572·6520·7468·6174·2061··ps·ensure·that·a0001f320:·7073·2065·6e73·7572·6520·7468·6174·2061··ps·ensure·that·a
0001f330:·2063·6f6d·7072·6f6d·6973·6564·2070·6173···compromised·pas0001f330:·2063·6f6d·7072·6f6d·6973·6564·2070·6173···compromised·pas
0001f340:·7377·6f72·6420·6973·206e·6f74·2072·652d··sword·is·not·re-0001f340:·7377·6f72·6420·6973·206e·6f74·2072·652d··sword·is·not·re-
0001f350:·7573·6564·2062·7920·6120·7573·6572·2e0a··used·by·a·user..0001f350:·7573·6564·2062·7920·6120·7573·6572·2e0a··used·by·a·user..
0001f360:·2020·3c2f·7464·3e0a·2020·3c74·643e·7661····</td>.··<td>va0001f360:·2020·3c2f·7464·3e0a·2020·3c74·643e·7661····</td>.··<td>va
0001f370:·725f·7061·7373·776f·7264·5f70·616d·5f72··r_password_pam_r0001f370:·725f·7061·7373·776f·7264·5f70·616d·5f72··r_password_pam_r
0001f380:·656d·656d·6265·723d·353c·6272·2f3e·7661··emember=5<br/>va 
0001f390:·725f·7061·7373·776f·7264·5f70·616d·5f72··r_password_pam_r 
0001f3a0:·656d·656d·6265·725f·636f·6e74·726f·6c5f··emember_control_0001f380:·656d·656d·6265·725f·636f·6e74·726f·6c5f··emember_control_
0001f3b0:·666c·6167·3d6f·6c38·3c2f·7464·3e0a·3c2f··flag=ol8</td>.</0001f390:·666c·6167·3d6f·6c38·3c62·722f·3e76·6172··flag=ol8<br/>var
 0001f3a0:·5f70·6173·7377·6f72·645f·7061·6d5f·7265··_password_pam_re
 0001f3b0:·6d65·6d62·6572·3d35·3c2f·7464·3e0a·3c2f··member=5</td>.</
0001f3c0:·7472·3e0a·3c74·723e·0a20·203c·7464·3e49··tr>.<tr>.··<td>I0001f3c0:·7472·3e0a·3c74·723e·0a20·203c·7464·3e49··tr>.<tr>.··<td>I
0001f3d0:·412d·3528·6629·3c62·722f·3e49·412d·3528··A-5(f)<br/>IA-5(0001f3d0:·412d·3528·6629·3c62·722f·3e49·412d·3528··A-5(f)<br/>IA-5(
0001f3e0:·3129·2865·293c·2f74·643e·0a20·203c·7464··1)(e)</td>.··<td0001f3e0:·3129·2865·293c·2f74·643e·0a20·203c·7464··1)(e)</td>.··<td
0001f3f0:·3e4e·2f41·3c2f·7464·3e0a·2020·3c74·643e··>N/A</td>.··<td>0001f3f0:·3e4e·2f41·3c2f·7464·3e0a·2020·3c74·643e··>N/A</td>.··<td>
0001f400:·4c69·6d69·7420·5061·7373·776f·7264·2052··Limit·Password·R0001f400:·4c69·6d69·7420·5061·7373·776f·7264·2052··Limit·Password·R
0001f410:·6575·7365·3a20·7379·7374·656d·2d61·7574··euse:·system-aut0001f410:·6575·7365·3a20·7379·7374·656d·2d61·7574··euse:·system-aut
0001f420:·683c·2f74·643e·0a20·203c·7464·2078·6d6c··h</td>.··<td·xml0001f420:·683c·2f74·643e·0a20·203c·7464·2078·6d6c··h</td>.··<td·xml
Offset 8042, 18 lines modifiedOffset 8042, 18 lines modified
0001f690:·2070·6173·7377·6f72·6473·2068·656c·7073···passwords·helps0001f690:·2070·6173·7377·6f72·6473·2068·656c·7073···passwords·helps
0001f6a0:·2065·6e73·7572·6520·7468·6174·2061·2063···ensure·that·a·c0001f6a0:·2065·6e73·7572·6520·7468·6174·2061·2063···ensure·that·a·c
0001f6b0:·6f6d·7072·6f6d·6973·6564·2070·6173·7377··ompromised·passw0001f6b0:·6f6d·7072·6f6d·6973·6564·2070·6173·7377··ompromised·passw
0001f6c0:·6f72·6420·6973·206e·6f74·2072·652d·7573··ord·is·not·re-us0001f6c0:·6f72·6420·6973·206e·6f74·2072·652d·7573··ord·is·not·re-us
0001f6d0:·6564·2062·7920·6120·7573·6572·2e0a·2020··ed·by·a·user..··0001f6d0:·6564·2062·7920·6120·7573·6572·2e0a·2020··ed·by·a·user..··
0001f6e0:·3c2f·7464·3e0a·2020·3c74·643e·7661·725f··</td>.··<td>var_0001f6e0:·3c2f·7464·3e0a·2020·3c74·643e·7661·725f··</td>.··<td>var_
0001f6f0:·7061·7373·776f·7264·5f70·616d·5f72·656d··password_pam_rem0001f6f0:·7061·7373·776f·7264·5f70·616d·5f72·656d··password_pam_rem
0001f700:·656d·6265·723d·353c·6272·2f3e·7661·725f··ember=5<br/>var_ 
0001f710:·7061·7373·776f·7264·5f70·616d·5f72·656d··password_pam_rem 
0001f720:·656d·6265·725f·636f·6e74·726f·6c5f·666c··ember_control_fl0001f700:·656d·6265·725f·636f·6e74·726f·6c5f·666c··ember_control_fl
 0001f710:·6167·3d6f·6c38·3c62·722f·3e76·6172·5f70··ag=ol8<br/>var_p
 0001f720:·6173·7377·6f72·645f·7061·6d5f·7265·6d65··assword_pam_reme
0001f730:·6167·3d6f·6c38·3c2f·7464·3e0a·3c2f·7472··ag=ol8</td>.</tr0001f730:·6d62·6572·3d35·3c2f·7464·3e0a·3c2f·7472··mber=5</td>.</tr
0001f740:·3e0a·3c74·723e·0a20·203c·7464·3e49·412d··>.<tr>.··<td>IA-0001f740:·3e0a·3c74·723e·0a20·203c·7464·3e49·412d··>.<tr>.··<td>IA-
0001f750:·3528·6329·3c62·722f·3e49·412d·3528·3129··5(c)<br/>IA-5(1)0001f750:·3528·6329·3c62·722f·3e49·412d·3528·3129··5(c)<br/>IA-5(1)
0001f760:·2861·293c·6272·2f3e·434d·2d36·2861·293c··(a)<br/>CM-6(a)<0001f760:·2861·293c·6272·2f3e·434d·2d36·2861·293c··(a)<br/>CM-6(a)<
0001f770:·6272·2f3e·4941·2d35·2834·293c·2f74·643e··br/>IA-5(4)</td>0001f770:·6272·2f3e·4941·2d35·2834·293c·2f74·643e··br/>IA-5(4)</td>
0001f780:·0a20·203c·7464·3e4e·2f41·3c2f·7464·3e0a··.··<td>N/A</td>.0001f780:·0a20·203c·7464·3e4e·2f41·3c2f·7464·3e0a··.··<td>N/A</td>.
0001f790:·2020·3c74·643e·456e·7375·7265·2050·414d····<td>Ensure·PAM0001f790:·2020·3c74·643e·456e·7375·7265·2050·414d····<td>Ensure·PAM
0001f7a0:·2045·6e66·6f72·6365·7320·5061·7373·776f···Enforces·Passwo0001f7a0:·2045·6e66·6f72·6365·7320·5061·7373·776f···Enforces·Passwo
Offset 24025, 17 lines modifiedOffset 24025, 17 lines modified
0005dd80:·6c69·6e67·0a74·696d·652d·6261·7365·6420··ling.time-based·0005dd80:·6c69·6e67·0a74·696d·652d·6261·7365·6420··ling.time-based·
0005dd90:·6c69·6d69·742c·2065·6666·6563·7473·206f··limit,·effects·o0005dd90:·6c69·6d69·742c·2065·6666·6563·7473·206f··limit,·effects·o
0005dda0:·6620·706f·7465·6e74·6961·6c20·6174·7461··f·potential·atta0005dda0:·6620·706f·7465·6e74·6961·6c20·6174·7461··f·potential·atta
0005ddb0:·636b·7320·6167·6169·6e73·740a·656e·6372··cks·against.encr0005ddb0:·636b·7320·6167·6169·6e73·740a·656e·6372··cks·against.encr
0005ddc0:·7970·7469·6f6e·206b·6579·7320·6172·6520··yption·keys·are·0005ddc0:·7970·7469·6f6e·206b·6579·7320·6172·6520··yption·keys·are·
0005ddd0:·6c69·6d69·7465·642e·0a20·203c·2f74·643e··limited..··</td>0005ddd0:·6c69·6d69·7465·642e·0a20·203c·2f74·643e··limited..··</td>
0005dde0:·0a20·203c·7464·3e76·6172·5f72·656b·6579··.··<td>var_rekey0005dde0:·0a20·203c·7464·3e76·6172·5f72·656b·6579··.··<td>var_rekey
0005ddf0:·5f6c·696d·6974·5f73·697a·653d·3147·3c62··_limit_size=1G<b0005ddf0:·5f6c·696d·6974·5f74·696d·653d·3168·6f75··_limit_time=1hou
0005de00:·722f·3e76·6172·5f72·656b·6579·5f6c·696d··r/>var_rekey_lim 
0005de10:·6974·5f74·696d·653d·3168·6f75·723c·2f74··it_time=1hour</t0005de00:·723c·6272·2f3e·7661·725f·7265·6b65·795f··r<br/>var_rekey_
 0005de10:·6c69·6d69·745f·7369·7a65·3d31·473c·2f74··limit_size=1G</t
0005de20:·643e·0a3c·2f74·723e·0a3c·7472·3e0a·2020··d>.</tr>.<tr>.··0005de20:·643e·0a3c·2f74·723e·0a3c·7472·3e0a·2020··d>.</tr>.<tr>.··
0005de30:·3c74·643e·3c2f·7464·3e0a·2020·3c74·643e··<td></td>.··<td>0005de30:·3c74·643e·3c2f·7464·3e0a·2020·3c74·643e··<td></td>.··<td>
0005de40:·4e2f·413c·2f74·643e·0a20·203c·7464·3e53··N/A</td>.··<td>S0005de40:·4e2f·413c·2f74·643e·0a20·203c·7464·3e53··N/A</td>.··<td>S
0005de50:·5348·2073·6572·7665·7220·7573·6573·2073··SH·server·uses·s0005de50:·5348·2073·6572·7665·7220·7573·6573·2073··SH·server·uses·s
0005de60:·7472·6f6e·6720·656e·7472·6f70·7920·746f··trong·entropy·to0005de60:·7472·6f6e·6720·656e·7472·6f70·7920·746f··trong·entropy·to
0005de70:·2073·6565·643c·2f74·643e·0a20·203c·7464···seed</td>.··<td0005de70:·2073·6565·643c·2f74·643e·0a20·203c·7464···seed</td>.··<td
0005de80:·2078·6d6c·3a6c·616e·673d·2265·6e2d·5553···xml:lang="en-US0005de80:·2078·6d6c·3a6c·616e·673d·2265·6e2d·5553···xml:lang="en-US
5.91 KB
html2text {}
    
Offset 1510, 26 lines modifiedOffset 1510, 26 lines modified
1510 ·································pwquality.conf·to·equal·1·to·require·use·of·a·special·is·compromised.·Requiring·a·minimum·number·of·special·characters·makes1510 ·································pwquality.conf·to·equal·1·to·require·use·of·a·special·is·compromised.·Requiring·a·minimum·number·of·special·characters·makes
1511 ·································character·in·passwords.·······························password·guessing·attacks·more·difficult·by·ensuring·a·larger·search1511 ·································character·in·passwords.·······························password·guessing·attacks·more·difficult·by·ensuring·a·larger·search
1512 ·······················································································space.1512 ·······················································································space.
1513 ·································Do·not·allow·users·to·reuse·recent·passwords.·This1513 ·································Do·not·allow·users·to·reuse·recent·passwords.·This
1514 ·································can·be·accomplished·by·using·the·remember·option·for1514 ·································can·be·accomplished·by·using·the·remember·option·for
1515 ·································the·pam_pwhistory·PAM·module.1515 ·································the·pam_pwhistory·PAM·module.
1516 IA-5(f)1516 IA-5(f)
1517 IA-5(1)·N/·Limit·Password·Reuse:·In·the·file·/etc/pam.d/password-auth,·make·sure·the···Preventing·re-use·of·previous·passwords·helps·ensure·that·a·compromised····var_password_pam_remember=51517 IA-5(1)·N/·Limit·Password·Reuse:·In·the·file·/etc/pam.d/password-auth,·make·sure·the···Preventing·re-use·of·previous·passwords·helps·ensure·that·a·compromised····var_password_pam_remember_control_flag=ol8
1518 (e)·····A··password-auth·········parameter·remember·is·present·and·it·has·a·value······password·is·not·re-used·by·a·user.·········································var_password_pam_remember_control_flag=ol81518 (e)·····A··password-auth·········parameter·remember·is·present·and·it·has·a·value······password·is·not·re-used·by·a·user.·········································var_password_pam_remember=5
1519 ·································equal·to·or·greater·than·5.·For·example:1519 ·································equal·to·or·greater·than·5.·For·example:
1520 ·································password·control_flag·pam_pwhistory.so1520 ·································password·control_flag·pam_pwhistory.so
1521 ·································...existing_options...·remember=5·use_authtok1521 ·································...existing_options...·remember=5·use_authtok
1522 ·································control_flag·should·be·one·of·the·next·values:·ol81522 ·································control_flag·should·be·one·of·the·next·values:·ol8
1523 ·································Do·not·allow·users·to·reuse·recent·passwords.·This1523 ·································Do·not·allow·users·to·reuse·recent·passwords.·This
1524 ·································can·be·accomplished·by·using·the·remember·option·for1524 ·································can·be·accomplished·by·using·the·remember·option·for
1525 ·································the·pam_pwhistory·PAM·module.1525 ·································the·pam_pwhistory·PAM·module.
1526 IA-5(f)1526 IA-5(f)
1527 IA-5(1)·N/·Limit·Password·Reuse:·In·the·file·/etc/pam.d/system-auth,·make·sure·the·····Preventing·re-use·of·previous·passwords·helps·ensure·that·a·compromised····var_password_pam_remember=51527 IA-5(1)·N/·Limit·Password·Reuse:·In·the·file·/etc/pam.d/system-auth,·make·sure·the·····Preventing·re-use·of·previous·passwords·helps·ensure·that·a·compromised····var_password_pam_remember_control_flag=ol8
1528 (e)·····A··system-auth···········parameter·remember·is·present·and·it·has·a·value······password·is·not·re-used·by·a·user.·········································var_password_pam_remember_control_flag=ol81528 (e)·····A··system-auth···········parameter·remember·is·present·and·it·has·a·value······password·is·not·re-used·by·a·user.·········································var_password_pam_remember=5
1529 ·································equal·to·or·greater·than·5·For·example:1529 ·································equal·to·or·greater·than·5·For·example:
1530 ·································password·control_flag·pam_pwhistory.so1530 ·································password·control_flag·pam_pwhistory.so
1531 ·································...existing_options...·remember=5·use_authtok1531 ·································...existing_options...·remember=5·use_authtok
1532 ·································control_flag·should·be·one·of·the·next·values:·ol81532 ·································control_flag·should·be·one·of·the·next·values:·ol8
1533 ·································The·pam_pwquality·module's·ucredit=·parameter·········Use·of·a·complex·password·helps·to·increase·the·time·and·resources1533 ·································The·pam_pwquality·module's·ucredit=·parameter·········Use·of·a·complex·password·helps·to·increase·the·time·and·resources
1534 ·································controls·requirements·for·usage·of·uppercase·letters··required·to·compromise·the·password.·Password·complexity,·or·strength,·is1534 ·································controls·requirements·for·usage·of·uppercase·letters··required·to·compromise·the·password.·Password·complexity,·or·strength,·is
1535 IA-5(c)····Ensure·PAM·Enforces···in·a·password.·When·set·to·a·negative·number,·any·····a·measure·of·the·effectiveness·of·a·password·in·resisting·attempts·at1535 IA-5(c)····Ensure·PAM·Enforces···in·a·password.·When·set·to·a·negative·number,·any·····a·measure·of·the·effectiveness·of·a·password·in·resisting·attempts·at
Offset 4230, 16 lines modifiedOffset 4230, 16 lines modified
4230 ········N/·Rounds·in·/etc/·······SHA_CRYPT_MIN_ROUNDS·5000·····························Passwords·that·are·encrypted·with·a·weak·algorithm·are·no·more·protected4230 ········N/·Rounds·in·/etc/·······SHA_CRYPT_MIN_ROUNDS·5000·····························Passwords·that·are·encrypted·with·a·weak·algorithm·are·no·more·protected
4231 ········A··login.defs············SHA_CRYPT_MAX_ROUNDS·5000·····························than·if·they·are·kept·in·plain·text.4231 ········A··login.defs············SHA_CRYPT_MAX_ROUNDS·5000·····························than·if·they·are·kept·in·plain·text.
4232 ·································Notice·that·if·neither·are·set,·they·already·have·the4232 ·································Notice·that·if·neither·are·set,·they·already·have·the
4233 ·································default·value·of·5000.·If·either·is·set,·they·must····Using·more·hashing·rounds·makes·password·cracking·attacks·more·difficult.4233 ·································default·value·of·5000.·If·either·is·set,·they·must····Using·more·hashing·rounds·makes·password·cracking·attacks·more·difficult.
4234 ·································have·the·minimum·value·of·5000.4234 ·································have·the·minimum·value·of·5000.
4235 ·································The·RekeyLimit·parameter·specifies·how·often·the4235 ·································The·RekeyLimit·parameter·specifies·how·often·the
4236 ·································session·key·of·the·is·renegotiated,·both·in·terms·of4236 ·································session·key·of·the·is·renegotiated,·both·in·terms·of
4237 ········N/·Force·frequent········amount·of·data·that·may·be·transmitted·and·the·time···By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling·time-·····var_rekey_limit_size=1G4237 ········N/·Force·frequent········amount·of·data·that·may·be·transmitted·and·the·time···By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling·time-·····var_rekey_limit_time=1hour
4238 ········A··session·key···········elapsed.··············································based·limit,·effects·of·potential·attacks·against·encryption·keys·are······var_rekey_limit_time=1hour4238 ········A··session·key···········elapsed.··············································based·limit,·effects·of·potential·attacks·against·encryption·keys·are······var_rekey_limit_size=1G
4239 ···········renegotiation·········To·decrease·the·default·limits,·add·or·correct·the····limited.4239 ···········renegotiation·········To·decrease·the·default·limits,·add·or·correct·the····limited.
4240 ·································following·line·in·/etc/ssh/sshd_config:4240 ·································following·line·in·/etc/ssh/sshd_config:
4241 ·································RekeyLimit·1G·1hour4241 ·································RekeyLimit·1G·1hour
4242 ·································To·set·up·SSH·server·to·use·entropy·from·a·high-······SSH·implementation·in·Oracle·Linux·8·uses·the·openssl·library,·which4242 ·································To·set·up·SSH·server·to·use·entropy·from·a·high-······SSH·implementation·in·Oracle·Linux·8·uses·the·openssl·library,·which
4243 ···········SSH·server·uses·······quality·source,·edit·the·/etc/sysconfig/sshd·file.····doesn't·use·high-entropy·sources·by·default.·Randomness·is·needed·to4243 ···········SSH·server·uses·······quality·source,·edit·the·/etc/sysconfig/sshd·file.····doesn't·use·high-entropy·sources·by·default.·Randomness·is·needed·to
4244 ········N/·strong·entropy·to·····The·SSH_USE_STRONG_RNG·configuration·value·determines·generate·data-encryption·keys,·and·as·plaintext·padding·and·initialization4244 ········N/·strong·entropy·to·····The·SSH_USE_STRONG_RNG·configuration·value·determines·generate·data-encryption·keys,·and·as·plaintext·padding·and·initialization
4245 ········A··seed··················how·many·bytes·of·entropy·to·use,·so·make·sure·that···vectors·in·encryption·algorithms,·and·high-quality·entropy·elliminates·the4245 ········A··seed··················how·many·bytes·of·entropy·to·use,·so·make·sure·that···vectors·in·encryption·algorithms,·and·high-quality·entropy·elliminates·the
10.1 KB
./usr/share/doc/ssg-nondebian/table-rhel7-nistrefs-stig.html
    
Offset 7676, 19 lines modifiedOffset 7676, 19 lines modified
0001dfb0:·2070·7265·7669·6f75·7320·7061·7373·776f···previous·passwo0001dfb0:·2070·7265·7669·6f75·7320·7061·7373·776f···previous·passwo
0001dfc0:·7264·7320·6865·6c70·7320·656e·7375·7265··rds·helps·ensure0001dfc0:·7264·7320·6865·6c70·7320·656e·7375·7265··rds·helps·ensure
0001dfd0:·2074·6861·7420·6120·636f·6d70·726f·6d69···that·a·compromi0001dfd0:·2074·6861·7420·6120·636f·6d70·726f·6d69···that·a·compromi
0001dfe0:·7365·6420·7061·7373·776f·7264·2069·7320··sed·password·is·0001dfe0:·7365·6420·7061·7373·776f·7264·2069·7320··sed·password·is·
0001dff0:·6e6f·7420·7265·2d75·7365·6420·6279·2061··not·re-used·by·a0001dff0:·6e6f·7420·7265·2d75·7365·6420·6279·2061··not·re-used·by·a
0001e000:·2075·7365·722e·0a20·203c·2f74·643e·0a20···user..··</td>.·0001e000:·2075·7365·722e·0a20·203c·2f74·643e·0a20···user..··</td>.·
0001e010:·203c·7464·3e76·6172·5f70·6173·7377·6f72···<td>var_passwor0001e010:·203c·7464·3e76·6172·5f70·6173·7377·6f72···<td>var_passwor
0001e020:·645f·7061·6d5f·7265·6d65·6d62·6572·3d35··d_pam_remember=5 
0001e030:·3c62·722f·3e76·6172·5f70·6173·7377·6f72··<br/>var_passwor 
0001e040:·645f·7061·6d5f·7265·6d65·6d62·6572·5f63··d_pam_remember_c0001e020:·645f·7061·6d5f·7265·6d65·6d62·6572·5f63··d_pam_remember_c
0001e050:·6f6e·7472·6f6c·5f66·6c61·673d·7265·7175··ontrol_flag=requ0001e030:·6f6e·7472·6f6c·5f66·6c61·673d·7265·7175··ontrol_flag=requ
 0001e040:·6973·6974·653c·6272·2f3e·7661·725f·7061··isite<br/>var_pa
 0001e050:·7373·776f·7264·5f70·616d·5f72·656d·656d··ssword_pam_remem
0001e060:·6973·6974·653c·2f74·643e·0a3c·2f74·723e··isite</td>.</tr>0001e060:·6265·723d·353c·2f74·643e·0a3c·2f74·723e··ber=5</td>.</tr>
0001e070:·0a3c·7472·3e0a·2020·3c74·643e·4941·2d35··.<tr>.··<td>IA-50001e070:·0a3c·7472·3e0a·2020·3c74·643e·4941·2d35··.<tr>.··<td>IA-5
0001e080:·2866·293c·6272·2f3e·4941·2d35·2831·2928··(f)<br/>IA-5(1)(0001e080:·2866·293c·6272·2f3e·4941·2d35·2831·2928··(f)<br/>IA-5(1)(
0001e090:·6529·3c2f·7464·3e0a·2020·3c74·643e·4343··e)</td>.··<td>CC0001e090:·6529·3c2f·7464·3e0a·2020·3c74·643e·4343··e)</td>.··<td>CC
0001e0a0:·452d·3833·3437·392d·363c·2f74·643e·0a20··E-83479-6</td>.·0001e0a0:·452d·3833·3437·392d·363c·2f74·643e·0a20··E-83479-6</td>.·
0001e0b0:·203c·7464·3e4c·696d·6974·2050·6173·7377···<td>Limit·Passw0001e0b0:·203c·7464·3e4c·696d·6974·2050·6173·7377···<td>Limit·Passw
0001e0c0:·6f72·6420·5265·7573·653a·2073·7973·7465··ord·Reuse:·syste0001e0c0:·6f72·6420·5265·7573·653a·2073·7973·7465··ord·Reuse:·syste
0001e0d0:·6d2d·6175·7468·3c2f·7464·3e0a·2020·3c74··m-auth</td>.··<t0001e0d0:·6d2d·6175·7468·3c2f·7464·3e0a·2020·3c74··m-auth</td>.··<t
Offset 7734, 18 lines modifiedOffset 7734, 18 lines modified
0001e350:·776f·7264·7320·6865·6c70·7320·656e·7375··words·helps·ensu0001e350:·776f·7264·7320·6865·6c70·7320·656e·7375··words·helps·ensu
0001e360:·7265·2074·6861·7420·6120·636f·6d70·726f··re·that·a·compro0001e360:·7265·2074·6861·7420·6120·636f·6d70·726f··re·that·a·compro
0001e370:·6d69·7365·6420·7061·7373·776f·7264·2069··mised·password·i0001e370:·6d69·7365·6420·7061·7373·776f·7264·2069··mised·password·i
0001e380:·7320·6e6f·7420·7265·2d75·7365·6420·6279··s·not·re-used·by0001e380:·7320·6e6f·7420·7265·2d75·7365·6420·6279··s·not·re-used·by
0001e390:·2061·2075·7365·722e·0a20·203c·2f74·643e···a·user..··</td>0001e390:·2061·2075·7365·722e·0a20·203c·2f74·643e···a·user..··</td>
0001e3a0:·0a20·203c·7464·3e76·6172·5f70·6173·7377··.··<td>var_passw0001e3a0:·0a20·203c·7464·3e76·6172·5f70·6173·7377··.··<td>var_passw
0001e3b0:·6f72·645f·7061·6d5f·7265·6d65·6d62·6572··ord_pam_remember0001e3b0:·6f72·645f·7061·6d5f·7265·6d65·6d62·6572··ord_pam_remember
0001e3c0:·3d35·3c62·722f·3e76·6172·5f70·6173·7377··=5<br/>var_passw 
0001e3d0:·6f72·645f·7061·6d5f·7265·6d65·6d62·6572··ord_pam_remember 
0001e3e0:·5f63·6f6e·7472·6f6c·5f66·6c61·673d·7265··_control_flag=re0001e3c0:·5f63·6f6e·7472·6f6c·5f66·6c61·673d·7265··_control_flag=re
0001e3f0:·7175·6973·6974·653c·2f74·643e·0a3c·2f74··quisite</td>.</t0001e3d0:·7175·6973·6974·653c·6272·2f3e·7661·725f··quisite<br/>var_
 0001e3e0:·7061·7373·776f·7264·5f70·616d·5f72·656d··password_pam_rem
 0001e3f0:·656d·6265·723d·353c·2f74·643e·0a3c·2f74··ember=5</td>.</t
0001e400:·723e·0a3c·7472·3e0a·2020·3c74·643e·4941··r>.<tr>.··<td>IA0001e400:·723e·0a3c·7472·3e0a·2020·3c74·643e·4941··r>.<tr>.··<td>IA
0001e410:·2d35·2863·293c·6272·2f3e·4941·2d35·2831··-5(c)<br/>IA-5(10001e410:·2d35·2863·293c·6272·2f3e·4941·2d35·2831··-5(c)<br/>IA-5(1
0001e420:·2928·6129·3c62·722f·3e43·4d2d·3628·6129··)(a)<br/>CM-6(a)0001e420:·2928·6129·3c62·722f·3e43·4d2d·3628·6129··)(a)<br/>CM-6(a)
0001e430:·3c62·722f·3e49·412d·3528·3429·3c2f·7464··<br/>IA-5(4)</td0001e430:·3c62·722f·3e49·412d·3528·3429·3c2f·7464··<br/>IA-5(4)</td
0001e440:·3e0a·2020·3c74·643e·4343·452d·3237·3230··>.··<td>CCE-27200001e440:·3e0a·2020·3c74·643e·4343·452d·3237·3230··>.··<td>CCE-2720
0001e450:·302d·353c·2f74·643e·0a20·203c·7464·3e45··0-5</td>.··<td>E0001e450:·302d·353c·2f74·643e·0a20·203c·7464·3e45··0-5</td>.··<td>E
0001e460:·6e73·7572·6520·5041·4d20·456e·666f·7263··nsure·PAM·Enforc0001e460:·6e73·7572·6520·5041·4d20·456e·666f·7263··nsure·PAM·Enforc
Offset 8578, 18 lines modifiedOffset 8578, 18 lines modified
00021810:·7573·6520·7468·6520·696e·666f·726d·6174··use·the·informat00021810:·7573·6520·7468·6520·696e·666f·726d·6174··use·the·informat
00021820:·696f·6e20·746f·2070·6f74·656e·7469·616c··ion·to·potential00021820:·696f·6e20·746f·2070·6f74·656e·7469·616c··ion·to·potential
00021830:·6c79·2063·6f6d·7072·6f6d·6973·6520·7468··ly·compromise·th00021830:·6c79·2063·6f6d·7072·6f6d·6973·6520·7468··ly·compromise·th
00021840:·6520·696e·7465·6772·6974·7920·6f66·2074··e·integrity·of·t00021840:·6520·696e·7465·6772·6974·7920·6f66·2074··e·integrity·of·t
00021850:·6865·2073·7973·7465·6d20·616e·640a·6e65··he·system·and.ne00021850:·6865·2073·7973·7465·6d20·616e·640a·6e65··he·system·and.ne
00021860:·7477·6f72·6b28·7329·2e0a·2020·3c2f·7464··twork(s)..··</td00021860:·7477·6f72·6b28·7329·2e0a·2020·3c2f·7464··twork(s)..··</td
00021870:·3e0a·2020·3c74·643e·7661·725f·736e·6d70··>.··<td>var_snmp00021870:·3e0a·2020·3c74·643e·7661·725f·736e·6d70··>.··<td>var_snmp
00021880:·645f·726f·5f73·7472·696e·673d·6368·616e··d_ro_string=chan00021880:·645f·7277·5f73·7472·696e·673d·6368·616e··d_rw_string=chan
00021890:·6765·6d65·726f·3c62·722f·3e76·6172·5f73··gemero<br/>var_s00021890:·6765·6d65·7277·3c62·722f·3e76·6172·5f73··gemerw<br/>var_s
000218a0:·6e6d·7064·5f72·775f·7374·7269·6e67·3d63··nmpd_rw_string=c000218a0:·6e6d·7064·5f72·6f5f·7374·7269·6e67·3d63··nmpd_ro_string=c
000218b0:·6861·6e67·656d·6572·773c·2f74·643e·0a3c··hangemerw</td>.<000218b0:·6861·6e67·656d·6572·6f3c·2f74·643e·0a3c··hangemero</td>.<
000218c0:·2f74·723e·0a3c·7472·3e0a·2020·3c74·643e··/tr>.<tr>.··<td>000218c0:·2f74·723e·0a3c·7472·3e0a·2020·3c74·643e··/tr>.<tr>.··<td>
000218d0:·434d·2d35·2831·293c·6272·2f3e·4155·2d37··CM-5(1)<br/>AU-7000218d0:·434d·2d35·2831·293c·6272·2f3e·4155·2d37··CM-5(1)<br/>AU-7
000218e0:·2861·293c·6272·2f3e·4155·2d37·2862·293c··(a)<br/>AU-7(b)<000218e0:·2861·293c·6272·2f3e·4155·2d37·2862·293c··(a)<br/>AU-7(b)<
000218f0:·6272·2f3e·4155·2d38·2862·293c·6272·2f3e··br/>AU-8(b)<br/>000218f0:·6272·2f3e·4155·2d38·2862·293c·6272·2f3e··br/>AU-8(b)<br/>
00021900:·4155·2d31·3228·3329·3c62·722f·3e41·432d··AU-12(3)<br/>AC-00021900:·4155·2d31·3228·3329·3c62·722f·3e41·432d··AU-12(3)<br/>AC-
00021910:·3628·3929·3c2f·7464·3e0a·2020·3c74·643e··6(9)</td>.··<td>00021910:·3628·3929·3c2f·7464·3e0a·2020·3c74·643e··6(9)</td>.··<td>
00021920:·4343·452d·3833·3535·352d·333c·2f74·643e··CCE-83555-3</td>00021920:·4343·452d·3833·3535·352d·333c·2f74·643e··CCE-83555-3</td>
5.37 KB
html2text {}
    
Offset 1669, 30 lines modifiedOffset 1669, 30 lines modified
1669 ··················································································search·space.1669 ··················································································search·space.
1670 ······································Do·not·allow·users·to·reuse·recent1670 ······································Do·not·allow·users·to·reuse·recent
1671 ······································passwords.·This·can·be·accomplished·by1671 ······································passwords.·This·can·be·accomplished·by
1672 ······································using·the·remember·option·for·the1672 ······································using·the·remember·option·for·the
1673 ······································pam_pwhistory·PAM·module.1673 ······································pam_pwhistory·PAM·module.
  
1674 IA-5(f)·CCE-··························In·the·file·/etc/pam.d/password-auth,·make1674 IA-5(f)·CCE-··························In·the·file·/etc/pam.d/password-auth,·make
1675 IA-5(1)·83476-·Limit·Password·Reuse:··sure·the·parameter·remember·is·present·and··Preventing·re-use·of·previous·passwords·helps·ensure·that·a····var_password_pam_remember=51675 IA-5(1)·83476-·Limit·Password·Reuse:··sure·the·parameter·remember·is·present·and··Preventing·re-use·of·previous·passwords·helps·ensure·that·a····var_password_pam_remember_control_flag=requisite
1676 (e)·····2······password-auth··········it·has·a·value·equal·to·or·greater·than·5.··compromised·password·is·not·re-used·by·a·user.·················var_password_pam_remember_control_flag=requisite1676 (e)·····2······password-auth··········it·has·a·value·equal·to·or·greater·than·5.··compromised·password·is·not·re-used·by·a·user.·················var_password_pam_remember=5
1677 ······································For·example:1677 ······································For·example:
1678 ······································password·control_flag·pam_pwhistory.so1678 ······································password·control_flag·pam_pwhistory.so
1679 ······································...existing_options...·remember=51679 ······································...existing_options...·remember=5
1680 ······································use_authtok1680 ······································use_authtok
1681 ······································control_flag·should·be·one·of·the·next1681 ······································control_flag·should·be·one·of·the·next
1682 ······································values:·requisite1682 ······································values:·requisite
1683 ······································Do·not·allow·users·to·reuse·recent1683 ······································Do·not·allow·users·to·reuse·recent
1684 ······································passwords.·This·can·be·accomplished·by1684 ······································passwords.·This·can·be·accomplished·by
1685 ······································using·the·remember·option·for·the1685 ······································using·the·remember·option·for·the
1686 ······································pam_pwhistory·PAM·module.1686 ······································pam_pwhistory·PAM·module.
  
1687 IA-5(f)·CCE-··························In·the·file·/etc/pam.d/system-auth,·make1687 IA-5(f)·CCE-··························In·the·file·/etc/pam.d/system-auth,·make
1688 IA-5(1)·83479-·Limit·Password·Reuse:··sure·the·parameter·remember·is·present·and··Preventing·re-use·of·previous·passwords·helps·ensure·that·a····var_password_pam_remember=51688 IA-5(1)·83479-·Limit·Password·Reuse:··sure·the·parameter·remember·is·present·and··Preventing·re-use·of·previous·passwords·helps·ensure·that·a····var_password_pam_remember_control_flag=requisite
1689 (e)·····6······system-auth············it·has·a·value·equal·to·or·greater·than·5···compromised·password·is·not·re-used·by·a·user.·················var_password_pam_remember_control_flag=requisite1689 (e)·····6······system-auth············it·has·a·value·equal·to·or·greater·than·5···compromised·password·is·not·re-used·by·a·user.·················var_password_pam_remember=5
1690 ······································For·example:1690 ······································For·example:
1691 ······································password·control_flag·pam_pwhistory.so1691 ······································password·control_flag·pam_pwhistory.so
1692 ······································...existing_options...·remember=51692 ······································...existing_options...·remember=5
1693 ······································use_authtok1693 ······································use_authtok
1694 ······································control_flag·should·be·one·of·the·next1694 ······································control_flag·should·be·one·of·the·next
1695 ······································values:·requisite1695 ······································values:·requisite
1696 ······································The·pam_pwquality·module's·ucredit=·········Use·of·a·complex·password·helps·to·increase·the·time·and1696 ······································The·pam_pwquality·module's·ucredit=·········Use·of·a·complex·password·helps·to·increase·the·time·and
Offset 1839, 16 lines modifiedOffset 1839, 16 lines modified
1839 ······································This·will·help·ensure·when·local·users······configuration·option·ensures·the·use·of·a·strong·hashing1839 ······································This·will·help·ensure·when·local·users······configuration·option·ensures·the·use·of·a·strong·hashing
1840 ······································change·their·passwords,·hashes·for·the·new··algorithm·that·makes·password·cracking·attacks·more·difficult.1840 ······································change·their·passwords,·hashes·for·the·new··algorithm·that·makes·password·cracking·attacks·more·difficult.
1841 ······································passwords·will·be·generated·using·the·SHA-1841 ······································passwords·will·be·generated·using·the·SHA-
1842 ······································512·algorithm.·This·is·the·default.1842 ······································512·algorithm.·This·is·the·default.
1843 ······································Edit·/etc/snmp/snmpd.conf,·remove·or·change1843 ······································Edit·/etc/snmp/snmpd.conf,·remove·or·change
1844 ······································the·default·community·strings·of·public·and·Whether·active·or·not,·default·simple·network·management1844 ······································the·default·community·strings·of·public·and·Whether·active·or·not,·default·simple·network·management
1845 ········CCE-··························private.·This·profile·configures·new·read-··protocol·(SNMP)·community·strings·must·be·changed·to·maintain1845 ········CCE-··························private.·This·profile·configures·new·read-··protocol·(SNMP)·community·strings·must·be·changed·to·maintain
1846 IA-5(e)·27386-·Ensure·Default·SNMP····only·community·string·to·changemero·and·····security.·If·the·service·is·running·with·the·default···········var_snmpd_ro_string=changemero1846 IA-5(e)·27386-·Ensure·Default·SNMP····only·community·string·to·changemero·and·····security.·If·the·service·is·running·with·the·default···········var_snmpd_rw_string=changemerw
1847 ········2······Password·Is·Not·Used···read-write·community·string·to·changemerw.··authenticators,·then·anyone·can·gather·data·about·the·system···var_snmpd_rw_string=changemerw1847 ········2······Password·Is·Not·Used···read-write·community·string·to·changemerw.··authenticators,·then·anyone·can·gather·data·about·the·system···var_snmpd_ro_string=changemero
1848 ······································Once·the·default·community·strings·have·····and·the·network·and·use·the·information·to·potentially1848 ······································Once·the·default·community·strings·have·····and·the·network·and·use·the·information·to·potentially
1849 ······································been·changed,·restart·the·SNMP·service:·····compromise·the·integrity·of·the·system·and·network(s).1849 ······································been·changed,·restart·the·SNMP·service:·····compromise·the·integrity·of·the·system·and·network(s).
1850 ······································$·sudo·service·snmpd·restart1850 ······································$·sudo·service·snmpd·restart
1851 ······································Verify·the·system·generates·an·audit·record1851 ······································Verify·the·system·generates·an·audit·record
1852 ······································when·privileged·functions·are·executed.·If1852 ······································when·privileged·functions·are·executed.·If
1853 ······································audit·is·using·the·"auditctl"·tool·to·load1853 ······································audit·is·using·the·"auditctl"·tool·to·load
1854 ······································the·rules,·run·the·following·command:1854 ······································the·rules,·run·the·following·command:
10.7 KB
./usr/share/doc/ssg-nondebian/table-rhel8-nistrefs-stig.html
    
Offset 7842, 18 lines modifiedOffset 7842, 18 lines modified
0001ea10:·2070·6173·7377·6f72·6473·2068·656c·7073···passwords·helps0001ea10:·2070·6173·7377·6f72·6473·2068·656c·7073···passwords·helps
0001ea20:·2065·6e73·7572·6520·7468·6174·2061·2063···ensure·that·a·c0001ea20:·2065·6e73·7572·6520·7468·6174·2061·2063···ensure·that·a·c
0001ea30:·6f6d·7072·6f6d·6973·6564·2070·6173·7377··ompromised·passw0001ea30:·6f6d·7072·6f6d·6973·6564·2070·6173·7377··ompromised·passw
0001ea40:·6f72·6420·6973·206e·6f74·2072·652d·7573··ord·is·not·re-us0001ea40:·6f72·6420·6973·206e·6f74·2072·652d·7573··ord·is·not·re-us
0001ea50:·6564·2062·7920·6120·7573·6572·2e0a·2020··ed·by·a·user..··0001ea50:·6564·2062·7920·6120·7573·6572·2e0a·2020··ed·by·a·user..··
0001ea60:·3c2f·7464·3e0a·2020·3c74·643e·7661·725f··</td>.··<td>var_0001ea60:·3c2f·7464·3e0a·2020·3c74·643e·7661·725f··</td>.··<td>var_
0001ea70:·7061·7373·776f·7264·5f70·616d·5f72·656d··password_pam_rem0001ea70:·7061·7373·776f·7264·5f70·616d·5f72·656d··password_pam_rem
 0001ea80:·656d·6265·723d·353c·6272·2f3e·7661·725f··ember=5<br/>var_
 0001ea90:·7061·7373·776f·7264·5f70·616d·5f72·656d··password_pam_rem
0001ea80:·656d·6265·725f·636f·6e74·726f·6c5f·666c··ember_control_fl0001eaa0:·656d·6265·725f·636f·6e74·726f·6c5f·666c··ember_control_fl
0001ea90:·6167·3d72·6571·7569·7265·643c·6272·2f3e··ag=required<br/>0001eab0:·6167·3d72·6571·7569·7265·643c·2f74·643e··ag=required</td>
0001eaa0:·7661·725f·7061·7373·776f·7264·5f70·616d··var_password_pam 
0001eab0:·5f72·656d·656d·6265·723d·353c·2f74·643e··_remember=5</td> 
0001eac0:·0a3c·2f74·723e·0a3c·7472·3e0a·2020·3c74··.</tr>.<tr>.··<t0001eac0:·0a3c·2f74·723e·0a3c·7472·3e0a·2020·3c74··.</tr>.<tr>.··<t
0001ead0:·643e·4941·2d35·2866·293c·6272·2f3e·4941··d>IA-5(f)<br/>IA0001ead0:·643e·4941·2d35·2866·293c·6272·2f3e·4941··d>IA-5(f)<br/>IA
0001eae0:·2d35·2831·2928·6529·3c2f·7464·3e0a·2020··-5(1)(e)</td>.··0001eae0:·2d35·2831·2928·6529·3c2f·7464·3e0a·2020··-5(1)(e)</td>.··
0001eaf0:·3c74·643e·4343·452d·3833·3438·302d·343c··<td>CCE-83480-4<0001eaf0:·3c74·643e·4343·452d·3833·3438·302d·343c··<td>CCE-83480-4<
0001eb00:·2f74·643e·0a20·203c·7464·3e4c·696d·6974··/td>.··<td>Limit0001eb00:·2f74·643e·0a20·203c·7464·3e4c·696d·6974··/td>.··<td>Limit
0001eb10:·2050·6173·7377·6f72·6420·5265·7573·653a···Password·Reuse:0001eb10:·2050·6173·7377·6f72·6420·5265·7573·653a···Password·Reuse:
0001eb20:·2073·7973·7465·6d2d·6175·7468·3c2f·7464···system-auth</td0001eb20:·2073·7973·7465·6d2d·6175·7468·3c2f·7464···system-auth</td
Offset 7899, 18 lines modifiedOffset 7899, 18 lines modified
0001eda0:·2070·6173·7377·6f72·6473·2068·656c·7073···passwords·helps0001eda0:·2070·6173·7377·6f72·6473·2068·656c·7073···passwords·helps
0001edb0:·2065·6e73·7572·6520·7468·6174·2061·2063···ensure·that·a·c0001edb0:·2065·6e73·7572·6520·7468·6174·2061·2063···ensure·that·a·c
0001edc0:·6f6d·7072·6f6d·6973·6564·2070·6173·7377··ompromised·passw0001edc0:·6f6d·7072·6f6d·6973·6564·2070·6173·7377··ompromised·passw
0001edd0:·6f72·6420·6973·206e·6f74·2072·652d·7573··ord·is·not·re-us0001edd0:·6f72·6420·6973·206e·6f74·2072·652d·7573··ord·is·not·re-us
0001ede0:·6564·2062·7920·6120·7573·6572·2e0a·2020··ed·by·a·user..··0001ede0:·6564·2062·7920·6120·7573·6572·2e0a·2020··ed·by·a·user..··
0001edf0:·3c2f·7464·3e0a·2020·3c74·643e·7661·725f··</td>.··<td>var_0001edf0:·3c2f·7464·3e0a·2020·3c74·643e·7661·725f··</td>.··<td>var_
0001ee00:·7061·7373·776f·7264·5f70·616d·5f72·656d··password_pam_rem0001ee00:·7061·7373·776f·7264·5f70·616d·5f72·656d··password_pam_rem
 0001ee10:·656d·6265·723d·353c·6272·2f3e·7661·725f··ember=5<br/>var_
 0001ee20:·7061·7373·776f·7264·5f70·616d·5f72·656d··password_pam_rem
0001ee10:·656d·6265·725f·636f·6e74·726f·6c5f·666c··ember_control_fl0001ee30:·656d·6265·725f·636f·6e74·726f·6c5f·666c··ember_control_fl
0001ee20:·6167·3d72·6571·7569·7265·643c·6272·2f3e··ag=required<br/>0001ee40:·6167·3d72·6571·7569·7265·643c·2f74·643e··ag=required</td>
0001ee30:·7661·725f·7061·7373·776f·7264·5f70·616d··var_password_pam 
0001ee40:·5f72·656d·656d·6265·723d·353c·2f74·643e··_remember=5</td> 
0001ee50:·0a3c·2f74·723e·0a3c·7472·3e0a·2020·3c74··.</tr>.<tr>.··<t0001ee50:·0a3c·2f74·723e·0a3c·7472·3e0a·2020·3c74··.</tr>.<tr>.··<t
0001ee60:·643e·4941·2d35·2863·293c·6272·2f3e·4941··d>IA-5(c)<br/>IA0001ee60:·643e·4941·2d35·2863·293c·6272·2f3e·4941··d>IA-5(c)<br/>IA
0001ee70:·2d35·2831·2928·6129·3c62·722f·3e43·4d2d··-5(1)(a)<br/>CM-0001ee70:·2d35·2831·2928·6129·3c62·722f·3e43·4d2d··-5(1)(a)<br/>CM-
0001ee80:·3628·6129·3c62·722f·3e49·412d·3528·3429··6(a)<br/>IA-5(4)0001ee80:·3628·6129·3c62·722f·3e49·412d·3528·3429··6(a)<br/>IA-5(4)
0001ee90:·3c2f·7464·3e0a·2020·3c74·643e·4343·452d··</td>.··<td>CCE-0001ee90:·3c2f·7464·3e0a·2020·3c74·643e·4343·452d··</td>.··<td>CCE-
0001eea0:·3830·3636·352d·333c·2f74·643e·0a20·203c··80665-3</td>.··<0001eea0:·3830·3636·352d·333c·2f74·643e·0a20·203c··80665-3</td>.··<
0001eeb0:·7464·3e45·6e73·7572·6520·5041·4d20·456e··td>Ensure·PAM·En0001eeb0:·7464·3e45·6e73·7572·6520·5041·4d20·456e··td>Ensure·PAM·En
Offset 23491, 18 lines modifiedOffset 23491, 18 lines modified
0005bc20:·656e·6162·6c69·6e67·0a74·696d·652d·6261··enabling.time-ba0005bc20:·656e·6162·6c69·6e67·0a74·696d·652d·6261··enabling.time-ba
0005bc30:·7365·6420·6c69·6d69·742c·2065·6666·6563··sed·limit,·effec0005bc30:·7365·6420·6c69·6d69·742c·2065·6666·6563··sed·limit,·effec
0005bc40:·7473·206f·6620·706f·7465·6e74·6961·6c20··ts·of·potential·0005bc40:·7473·206f·6620·706f·7465·6e74·6961·6c20··ts·of·potential·
0005bc50:·6174·7461·636b·7320·6167·6169·6e73·740a··attacks·against.0005bc50:·6174·7461·636b·7320·6167·6169·6e73·740a··attacks·against.
0005bc60:·656e·6372·7970·7469·6f6e·206b·6579·7320··encryption·keys·0005bc60:·656e·6372·7970·7469·6f6e·206b·6579·7320··encryption·keys·
0005bc70:·6172·6520·6c69·6d69·7465·642e·0a20·203c··are·limited..··<0005bc70:·6172·6520·6c69·6d69·7465·642e·0a20·203c··are·limited..··<
0005bc80:·2f74·643e·0a20·203c·7464·3e76·6172·5f72··/td>.··<td>var_r0005bc80:·2f74·643e·0a20·203c·7464·3e76·6172·5f72··/td>.··<td>var_r
0005bc90:·656b·6579·5f6c·696d·6974·5f73·697a·653d··ekey_limit_size=0005bc90:·656b·6579·5f6c·696d·6974·5f74·696d·653d··ekey_limit_time=
0005bca0:·3147·3c62·722f·3e76·6172·5f72·656b·6579··1G<br/>var_rekey 
0005bcb0:·5f6c·696d·6974·5f74·696d·653d·3168·6f75··_limit_time=1hou0005bca0:·3168·6f75·723c·6272·2f3e·7661·725f·7265··1hour<br/>var_re
 0005bcb0:·6b65·795f·6c69·6d69·745f·7369·7a65·3d31··key_limit_size=1
0005bcc0:·723c·2f74·643e·0a3c·2f74·723e·0a3c·7472··r</td>.</tr>.<tr0005bcc0:·473c·2f74·643e·0a3c·2f74·723e·0a3c·7472··G</td>.</tr>.<tr
0005bcd0:·3e0a·2020·3c74·643e·3c2f·7464·3e0a·2020··>.··<td></td>.··0005bcd0:·3e0a·2020·3c74·643e·3c2f·7464·3e0a·2020··>.··<td></td>.··
0005bce0:·3c74·643e·4343·452d·3832·3436·322d·333c··<td>CCE-82462-3<0005bce0:·3c74·643e·4343·452d·3832·3436·322d·333c··<td>CCE-82462-3<
0005bcf0:·2f74·643e·0a20·203c·7464·3e53·5348·2073··/td>.··<td>SSH·s0005bcf0:·2f74·643e·0a20·203c·7464·3e53·5348·2073··/td>.··<td>SSH·s
0005bd00:·6572·7665·7220·7573·6573·2073·7472·6f6e··erver·uses·stron0005bd00:·6572·7665·7220·7573·6573·2073·7472·6f6e··erver·uses·stron
0005bd10:·6720·656e·7472·6f70·7920·746f·2073·6565··g·entropy·to·see0005bd10:·6720·656e·7472·6f70·7920·746f·2073·6565··g·entropy·to·see
0005bd20:·643c·2f74·643e·0a20·203c·7464·2078·6d6c··d</td>.··<td·xml0005bd20:·643c·2f74·643e·0a20·203c·7464·2078·6d6c··d</td>.··<td·xml
0005bd30:·3a6c·616e·673d·2265·6e2d·5553·223e·0a54··:lang="en-US">.T0005bd30:·3a6c·616e·673d·2265·6e2d·5553·223e·0a54··:lang="en-US">.T
6.03 KB
html2text {}
    
Offset 1472, 27 lines modifiedOffset 1472, 27 lines modified
1472 ·····································pwquality.conf·to·equal·1·to·require·use·of·a·special·is·compromised.·Requiring·a·minimum·number·of·special·characters·makes1472 ·····································pwquality.conf·to·equal·1·to·require·use·of·a·special·is·compromised.·Requiring·a·minimum·number·of·special·characters·makes
1473 ·····································character·in·passwords.·······························password·guessing·attacks·more·difficult·by·ensuring·a·larger·search1473 ·····································character·in·passwords.·······························password·guessing·attacks·more·difficult·by·ensuring·a·larger·search
1474 ···························································································space.1474 ···························································································space.
1475 ·····································Do·not·allow·users·to·reuse·recent·passwords.·This1475 ·····································Do·not·allow·users·to·reuse·recent·passwords.·This
1476 ·····································can·be·accomplished·by·using·the·remember·option·for1476 ·····································can·be·accomplished·by·using·the·remember·option·for
1477 ·····································the·pam_pwhistory·PAM·module.1477 ·····································the·pam_pwhistory·PAM·module.
  
1478 IA-5(f)·CCE-···Limit·Password·Reuse:·In·the·file·/etc/pam.d/password-auth,·make·sure·the···Preventing·re-use·of·previous·passwords·helps·ensure·that·a·compromised····var_password_pam_remember_control_flag=required1478 IA-5(f)·CCE-···Limit·Password·Reuse:·In·the·file·/etc/pam.d/password-auth,·make·sure·the···Preventing·re-use·of·previous·passwords·helps·ensure·that·a·compromised····var_password_pam_remember=5
1479 IA-5(1)·83478-·password-auth·········parameter·remember·is·present·and·it·has·a·value······password·is·not·re-used·by·a·user.·········································var_password_pam_remember=51479 IA-5(1)·83478-·password-auth·········parameter·remember·is·present·and·it·has·a·value······password·is·not·re-used·by·a·user.·········································var_password_pam_remember_control_flag=required
1480 (e)·····8····························equal·to·or·greater·than·5.·For·example:1480 (e)·····8····························equal·to·or·greater·than·5.·For·example:
1481 ·····································password·control_flag·pam_pwhistory.so1481 ·····································password·control_flag·pam_pwhistory.so
1482 ·····································...existing_options...·remember=5·use_authtok1482 ·····································...existing_options...·remember=5·use_authtok
1483 ·····································control_flag·should·be·one·of·the·next·values:1483 ·····································control_flag·should·be·one·of·the·next·values:
1484 ·····································required1484 ·····································required
1485 ·····································Do·not·allow·users·to·reuse·recent·passwords.·This1485 ·····································Do·not·allow·users·to·reuse·recent·passwords.·This
1486 ·····································can·be·accomplished·by·using·the·remember·option·for1486 ·····································can·be·accomplished·by·using·the·remember·option·for
1487 ·····································the·pam_pwhistory·PAM·module.1487 ·····································the·pam_pwhistory·PAM·module.
  
1488 IA-5(f)·CCE-···Limit·Password·Reuse:·In·the·file·/etc/pam.d/system-auth,·make·sure·the·····Preventing·re-use·of·previous·passwords·helps·ensure·that·a·compromised····var_password_pam_remember_control_flag=required1488 IA-5(f)·CCE-···Limit·Password·Reuse:·In·the·file·/etc/pam.d/system-auth,·make·sure·the·····Preventing·re-use·of·previous·passwords·helps·ensure·that·a·compromised····var_password_pam_remember=5
1489 IA-5(1)·83480-·system-auth···········parameter·remember·is·present·and·it·has·a·value······password·is·not·re-used·by·a·user.·········································var_password_pam_remember=51489 IA-5(1)·83480-·system-auth···········parameter·remember·is·present·and·it·has·a·value······password·is·not·re-used·by·a·user.·········································var_password_pam_remember_control_flag=required
1490 (e)·····4····························equal·to·or·greater·than·5·For·example:1490 (e)·····4····························equal·to·or·greater·than·5·For·example:
1491 ·····································password·control_flag·pam_pwhistory.so1491 ·····································password·control_flag·pam_pwhistory.so
1492 ·····································...existing_options...·remember=5·use_authtok1492 ·····································...existing_options...·remember=5·use_authtok
1493 ·····································control_flag·should·be·one·of·the·next·values:1493 ·····································control_flag·should·be·one·of·the·next·values:
1494 ·····································required1494 ·····································required
1495 ·····································The·pam_pwquality·module's·ucredit=·parameter·········Use·of·a·complex·password·helps·to·increase·the·time·and·resources1495 ·····································The·pam_pwquality·module's·ucredit=·parameter·········Use·of·a·complex·password·helps·to·increase·the·time·and·resources
1496 ·····································controls·requirements·for·usage·of·uppercase·letters··required·to·compromise·the·password.·Password·complexity,·or·strength,·is1496 ·····································controls·requirements·for·usage·of·uppercase·letters··required·to·compromise·the·password.·Password·complexity,·or·strength,·is
Offset 4103, 16 lines modifiedOffset 4103, 16 lines modified
4103 ········89707-·Rounds·in·/etc/·······SHA_CRYPT_MIN_ROUNDS·5000·····························Passwords·that·are·encrypted·with·a·weak·algorithm·are·no·more·protected4103 ········89707-·Rounds·in·/etc/·······SHA_CRYPT_MIN_ROUNDS·5000·····························Passwords·that·are·encrypted·with·a·weak·algorithm·are·no·more·protected
4104 ········4······login.defs············SHA_CRYPT_MAX_ROUNDS·5000·····························than·if·they·are·kept·in·plain·text.4104 ········4······login.defs············SHA_CRYPT_MAX_ROUNDS·5000·····························than·if·they·are·kept·in·plain·text.
4105 ·····································Notice·that·if·neither·are·set,·they·already·have·the4105 ·····································Notice·that·if·neither·are·set,·they·already·have·the
4106 ·····································default·value·of·5000.·If·either·is·set,·they·must····Using·more·hashing·rounds·makes·password·cracking·attacks·more·difficult.4106 ·····································default·value·of·5000.·If·either·is·set,·they·must····Using·more·hashing·rounds·makes·password·cracking·attacks·more·difficult.
4107 ·····································have·the·minimum·value·of·5000.4107 ·····································have·the·minimum·value·of·5000.
4108 ·····································The·RekeyLimit·parameter·specifies·how·often·the4108 ·····································The·RekeyLimit·parameter·specifies·how·often·the
4109 ·····································session·key·of·the·is·renegotiated,·both·in·terms·of4109 ·····································session·key·of·the·is·renegotiated,·both·in·terms·of
4110 ········CCE-···Force·frequent········amount·of·data·that·may·be·transmitted·and·the·time···By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling·time-·····var_rekey_limit_size=1G4110 ········CCE-···Force·frequent········amount·of·data·that·may·be·transmitted·and·the·time···By·decreasing·the·limit·based·on·the·amount·of·data·and·enabling·time-·····var_rekey_limit_time=1hour
4111 ········82177-·session·key···········elapsed.··············································based·limit,·effects·of·potential·attacks·against·encryption·keys·are······var_rekey_limit_time=1hour4111 ········82177-·session·key···········elapsed.··············································based·limit,·effects·of·potential·attacks·against·encryption·keys·are······var_rekey_limit_size=1G
4112 ········7······renegotiation·········To·decrease·the·default·limits,·add·or·correct·the····limited.4112 ········7······renegotiation·········To·decrease·the·default·limits,·add·or·correct·the····limited.
4113 ·····································following·line·in·/etc/ssh/sshd_config:4113 ·····································following·line·in·/etc/ssh/sshd_config:
4114 ·····································RekeyLimit·1G·1hour4114 ·····································RekeyLimit·1G·1hour
4115 ·····································To·set·up·SSH·server·to·use·entropy·from·a·high-······SSH·implementation·in·Red·Hat·Enterprise·Linux·8·uses·the·openssl·library,4115 ·····································To·set·up·SSH·server·to·use·entropy·from·a·high-······SSH·implementation·in·Red·Hat·Enterprise·Linux·8·uses·the·openssl·library,
4116 ········CCE-···SSH·server·uses·······quality·source,·edit·the·/etc/sysconfig/sshd·file.····which·doesn't·use·high-entropy·sources·by·default.·Randomness·is·needed·to4116 ········CCE-···SSH·server·uses·······quality·source,·edit·the·/etc/sysconfig/sshd·file.····which·doesn't·use·high-entropy·sources·by·default.·Randomness·is·needed·to
4117 ········82462-·strong·entropy·to·····The·SSH_USE_STRONG_RNG·configuration·value·determines·generate·data-encryption·keys,·and·as·plaintext·padding·and·initialization4117 ········82462-·strong·entropy·to·····The·SSH_USE_STRONG_RNG·configuration·value·determines·generate·data-encryption·keys,·and·as·plaintext·padding·and·initialization
4118 ········3······seed··················how·many·bytes·of·entropy·to·use,·so·make·sure·that···vectors·in·encryption·algorithms,·and·high-quality·entropy·elliminates·the4118 ········3······seed··················how·many·bytes·of·entropy·to·use,·so·make·sure·that···vectors·in·encryption·algorithms,·and·high-quality·entropy·elliminates·the
3.92 KB
./usr/share/scap-security-guide/ansible/alinux2-playbook-cis.yml
Ordering differences only
    
Offset 2609, 16 lines modifiedOffset 2609, 16 lines modified
2609 ······-·no_reboot_needed2609 ······-·no_reboot_needed
  
2610 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg2610 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
2611 ······stat:2611 ······stat:
2612 ········path:·/boot/grub2/grub.cfg2612 ········path:·/boot/grub2/grub.cfg
2613 ······register:·file_exists2613 ······register:·file_exists
2614 ······when:2614 ······when:
2615 ······-·'"grub2-common"·in·ansible_facts.packages' 
2616 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'2615 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 2616 ······-·'"grub2-common"·in·ansible_facts.packages'
2617 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2617 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2618 ······tags:2618 ······tags:
2619 ······-·CJIS-5.5.2.22619 ······-·CJIS-5.5.2.2
2620 ······-·NIST-800-171-3.4.52620 ······-·NIST-800-171-3.4.5
2621 ······-·NIST-800-53-AC-6(1)2621 ······-·NIST-800-53-AC-6(1)
2622 ······-·NIST-800-53-CM-6(a)2622 ······-·NIST-800-53-CM-6(a)
2623 ······-·PCI-DSS-Req-7.12623 ······-·PCI-DSS-Req-7.1
Offset 2630, 16 lines modifiedOffset 2630, 16 lines modified
2630 ······-·no_reboot_needed2630 ······-·no_reboot_needed
  
2631 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg2631 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
2632 ······file:2632 ······file:
2633 ········path:·/boot/grub2/grub.cfg2633 ········path:·/boot/grub2/grub.cfg
2634 ········group:·'0'2634 ········group:·'0'
2635 ······when:2635 ······when:
2636 ······-·'"grub2-common"·in·ansible_facts.packages' 
2637 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'2636 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 2637 ······-·'"grub2-common"·in·ansible_facts.packages'
2638 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2638 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2639 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists2639 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
2640 ······tags:2640 ······tags:
2641 ······-·CJIS-5.5.2.22641 ······-·CJIS-5.5.2.2
2642 ······-·NIST-800-171-3.4.52642 ······-·NIST-800-171-3.4.5
2643 ······-·NIST-800-53-AC-6(1)2643 ······-·NIST-800-53-AC-6(1)
2644 ······-·NIST-800-53-CM-6(a)2644 ······-·NIST-800-53-CM-6(a)
Offset 2669, 16 lines modifiedOffset 2669, 16 lines modified
2669 ······-·no_reboot_needed2669 ······-·no_reboot_needed
  
2670 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg2670 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
2671 ······stat:2671 ······stat:
2672 ········path:·/boot/grub2/grub.cfg2672 ········path:·/boot/grub2/grub.cfg
2673 ······register:·file_exists2673 ······register:·file_exists
2674 ······when:2674 ······when:
2675 ······-·'"grub2-common"·in·ansible_facts.packages' 
2676 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'2675 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 2676 ······-·'"grub2-common"·in·ansible_facts.packages'
2677 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2677 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2678 ······tags:2678 ······tags:
2679 ······-·CJIS-5.5.2.22679 ······-·CJIS-5.5.2.2
2680 ······-·NIST-800-171-3.4.52680 ······-·NIST-800-171-3.4.5
2681 ······-·NIST-800-53-AC-6(1)2681 ······-·NIST-800-53-AC-6(1)
2682 ······-·NIST-800-53-CM-6(a)2682 ······-·NIST-800-53-CM-6(a)
2683 ······-·PCI-DSS-Req-7.12683 ······-·PCI-DSS-Req-7.1
Offset 2690, 16 lines modifiedOffset 2690, 16 lines modified
2690 ······-·no_reboot_needed2690 ······-·no_reboot_needed
  
2691 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg2691 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
2692 ······file:2692 ······file:
2693 ········path:·/boot/grub2/grub.cfg2693 ········path:·/boot/grub2/grub.cfg
2694 ········owner:·'0'2694 ········owner:·'0'
2695 ······when:2695 ······when:
2696 ······-·'"grub2-common"·in·ansible_facts.packages' 
2697 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'2696 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 2697 ······-·'"grub2-common"·in·ansible_facts.packages'
2698 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2698 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2699 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists2699 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
2700 ······tags:2700 ······tags:
2701 ······-·CJIS-5.5.2.22701 ······-·CJIS-5.5.2.2
2702 ······-·NIST-800-171-3.4.52702 ······-·NIST-800-171-3.4.5
2703 ······-·NIST-800-53-AC-6(1)2703 ······-·NIST-800-53-AC-6(1)
2704 ······-·NIST-800-53-CM-6(a)2704 ······-·NIST-800-53-CM-6(a)
Offset 2727, 16 lines modifiedOffset 2727, 16 lines modified
2727 ······-·no_reboot_needed2727 ······-·no_reboot_needed
  
2728 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg2728 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
2729 ······stat:2729 ······stat:
2730 ········path:·/boot/grub2/grub.cfg2730 ········path:·/boot/grub2/grub.cfg
2731 ······register:·file_exists2731 ······register:·file_exists
2732 ······when:2732 ······when:
2733 ······-·'"grub2-common"·in·ansible_facts.packages' 
2734 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'2733 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 2734 ······-·'"grub2-common"·in·ansible_facts.packages'
2735 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2735 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2736 ······tags:2736 ······tags:
2737 ······-·NIST-800-171-3.4.52737 ······-·NIST-800-171-3.4.5
2738 ······-·NIST-800-53-AC-6(1)2738 ······-·NIST-800-53-AC-6(1)
2739 ······-·NIST-800-53-CM-6(a)2739 ······-·NIST-800-53-CM-6(a)
2740 ······-·configure_strategy2740 ······-·configure_strategy
2741 ······-·file_permissions_grub2_cfg2741 ······-·file_permissions_grub2_cfg
Offset 2746, 16 lines modifiedOffset 2746, 16 lines modified
2746 ······-·no_reboot_needed2746 ······-·no_reboot_needed
  
2747 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg2747 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
2748 ······file:2748 ······file:
2749 ········path:·/boot/grub2/grub.cfg2749 ········path:·/boot/grub2/grub.cfg
2750 ········mode:·u-xs,g-xwrs,o-xwrt2750 ········mode:·u-xs,g-xwrs,o-xwrt
2751 ······when:2751 ······when:
2752 ······-·'"grub2-common"·in·ansible_facts.packages' 
2753 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'2752 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 2753 ······-·'"grub2-common"·in·ansible_facts.packages'
2754 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2754 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2755 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists2755 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
2756 ······tags:2756 ······tags:
2757 ······-·NIST-800-171-3.4.52757 ······-·NIST-800-171-3.4.5
2758 ······-·NIST-800-53-AC-6(1)2758 ······-·NIST-800-53-AC-6(1)
2759 ······-·NIST-800-53-CM-6(a)2759 ······-·NIST-800-53-CM-6(a)
2760 ······-·configure_strategy2760 ······-·configure_strategy
3.93 KB
./usr/share/scap-security-guide/ansible/alinux2-playbook-cis_l1.yml
Ordering differences only
    
Offset 1056, 16 lines modifiedOffset 1056, 16 lines modified
1056 ······-·no_reboot_needed1056 ······-·no_reboot_needed
  
1057 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg1057 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
1058 ······stat:1058 ······stat:
1059 ········path:·/boot/grub2/grub.cfg1059 ········path:·/boot/grub2/grub.cfg
1060 ······register:·file_exists1060 ······register:·file_exists
1061 ······when:1061 ······when:
1062 ······-·'"grub2-common"·in·ansible_facts.packages' 
1063 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'1062 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 1063 ······-·'"grub2-common"·in·ansible_facts.packages'
1064 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1064 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1065 ······tags:1065 ······tags:
1066 ······-·CJIS-5.5.2.21066 ······-·CJIS-5.5.2.2
1067 ······-·NIST-800-171-3.4.51067 ······-·NIST-800-171-3.4.5
1068 ······-·NIST-800-53-AC-6(1)1068 ······-·NIST-800-53-AC-6(1)
1069 ······-·NIST-800-53-CM-6(a)1069 ······-·NIST-800-53-CM-6(a)
1070 ······-·PCI-DSS-Req-7.11070 ······-·PCI-DSS-Req-7.1
Offset 1077, 16 lines modifiedOffset 1077, 16 lines modified
1077 ······-·no_reboot_needed1077 ······-·no_reboot_needed
  
1078 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg1078 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
1079 ······file:1079 ······file:
1080 ········path:·/boot/grub2/grub.cfg1080 ········path:·/boot/grub2/grub.cfg
1081 ········group:·'0'1081 ········group:·'0'
1082 ······when:1082 ······when:
1083 ······-·'"grub2-common"·in·ansible_facts.packages' 
1084 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'1083 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 1084 ······-·'"grub2-common"·in·ansible_facts.packages'
1085 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1085 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1086 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists1086 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
1087 ······tags:1087 ······tags:
1088 ······-·CJIS-5.5.2.21088 ······-·CJIS-5.5.2.2
1089 ······-·NIST-800-171-3.4.51089 ······-·NIST-800-171-3.4.5
1090 ······-·NIST-800-53-AC-6(1)1090 ······-·NIST-800-53-AC-6(1)
1091 ······-·NIST-800-53-CM-6(a)1091 ······-·NIST-800-53-CM-6(a)
Offset 1116, 16 lines modifiedOffset 1116, 16 lines modified
1116 ······-·no_reboot_needed1116 ······-·no_reboot_needed
  
1117 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg1117 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
1118 ······stat:1118 ······stat:
1119 ········path:·/boot/grub2/grub.cfg1119 ········path:·/boot/grub2/grub.cfg
1120 ······register:·file_exists1120 ······register:·file_exists
1121 ······when:1121 ······when:
1122 ······-·'"grub2-common"·in·ansible_facts.packages' 
1123 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'1122 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 1123 ······-·'"grub2-common"·in·ansible_facts.packages'
1124 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1124 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1125 ······tags:1125 ······tags:
1126 ······-·CJIS-5.5.2.21126 ······-·CJIS-5.5.2.2
1127 ······-·NIST-800-171-3.4.51127 ······-·NIST-800-171-3.4.5
1128 ······-·NIST-800-53-AC-6(1)1128 ······-·NIST-800-53-AC-6(1)
1129 ······-·NIST-800-53-CM-6(a)1129 ······-·NIST-800-53-CM-6(a)
1130 ······-·PCI-DSS-Req-7.11130 ······-·PCI-DSS-Req-7.1
Offset 1137, 16 lines modifiedOffset 1137, 16 lines modified
1137 ······-·no_reboot_needed1137 ······-·no_reboot_needed
  
1138 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg1138 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
1139 ······file:1139 ······file:
1140 ········path:·/boot/grub2/grub.cfg1140 ········path:·/boot/grub2/grub.cfg
1141 ········owner:·'0'1141 ········owner:·'0'
1142 ······when:1142 ······when:
1143 ······-·'"grub2-common"·in·ansible_facts.packages' 
1144 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'1143 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 1144 ······-·'"grub2-common"·in·ansible_facts.packages'
1145 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1145 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1146 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists1146 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
1147 ······tags:1147 ······tags:
1148 ······-·CJIS-5.5.2.21148 ······-·CJIS-5.5.2.2
1149 ······-·NIST-800-171-3.4.51149 ······-·NIST-800-171-3.4.5
1150 ······-·NIST-800-53-AC-6(1)1150 ······-·NIST-800-53-AC-6(1)
1151 ······-·NIST-800-53-CM-6(a)1151 ······-·NIST-800-53-CM-6(a)
Offset 1174, 16 lines modifiedOffset 1174, 16 lines modified
1174 ······-·no_reboot_needed1174 ······-·no_reboot_needed
  
1175 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg1175 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
1176 ······stat:1176 ······stat:
1177 ········path:·/boot/grub2/grub.cfg1177 ········path:·/boot/grub2/grub.cfg
1178 ······register:·file_exists1178 ······register:·file_exists
1179 ······when:1179 ······when:
1180 ······-·'"grub2-common"·in·ansible_facts.packages' 
1181 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'1180 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 1181 ······-·'"grub2-common"·in·ansible_facts.packages'
1182 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1182 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1183 ······tags:1183 ······tags:
1184 ······-·NIST-800-171-3.4.51184 ······-·NIST-800-171-3.4.5
1185 ······-·NIST-800-53-AC-6(1)1185 ······-·NIST-800-53-AC-6(1)
1186 ······-·NIST-800-53-CM-6(a)1186 ······-·NIST-800-53-CM-6(a)
1187 ······-·configure_strategy1187 ······-·configure_strategy
1188 ······-·file_permissions_grub2_cfg1188 ······-·file_permissions_grub2_cfg
Offset 1193, 16 lines modifiedOffset 1193, 16 lines modified
1193 ······-·no_reboot_needed1193 ······-·no_reboot_needed
  
1194 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg1194 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
1195 ······file:1195 ······file:
1196 ········path:·/boot/grub2/grub.cfg1196 ········path:·/boot/grub2/grub.cfg
1197 ········mode:·u-xs,g-xwrs,o-xwrt1197 ········mode:·u-xs,g-xwrs,o-xwrt
1198 ······when:1198 ······when:
1199 ······-·'"grub2-common"·in·ansible_facts.packages' 
1200 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'1199 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 1200 ······-·'"grub2-common"·in·ansible_facts.packages'
1201 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1201 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1202 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists1202 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
1203 ······tags:1203 ······tags:
1204 ······-·NIST-800-171-3.4.51204 ······-·NIST-800-171-3.4.5
1205 ······-·NIST-800-53-AC-6(1)1205 ······-·NIST-800-53-AC-6(1)
1206 ······-·NIST-800-53-CM-6(a)1206 ······-·NIST-800-53-CM-6(a)
1207 ······-·configure_strategy1207 ······-·configure_strategy
25.9 KB
./usr/share/scap-security-guide/ansible/alinux3-playbook-cis.yml
Ordering differences only
    
Offset 1115, 16 lines modifiedOffset 1115, 16 lines modified
  
1115 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension1115 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
1116 ······find:1116 ······find:
1117 ········paths:·/etc/audit/rules.d/1117 ········paths:·/etc/audit/rules.d/
1118 ········patterns:·'*.rules'1118 ········patterns:·'*.rules'
1119 ······register:·find_rules_d1119 ······register:·find_rules_d
1120 ······when:1120 ······when:
1121 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1122 ······-·'"audit"·in·ansible_facts.packages'1121 ······-·'"audit"·in·ansible_facts.packages'
 1122 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1123 ······tags:1123 ······tags:
1124 ······-·CJIS-5.4.1.11124 ······-·CJIS-5.4.1.1
1125 ······-·NIST-800-171-3.3.11125 ······-·NIST-800-171-3.3.1
1126 ······-·NIST-800-171-3.4.31126 ······-·NIST-800-171-3.4.3
1127 ······-·NIST-800-53-AC-6(9)1127 ······-·NIST-800-53-AC-6(9)
1128 ······-·NIST-800-53-CM-6(a)1128 ······-·NIST-800-53-CM-6(a)
1129 ······-·PCI-DSS-Req-10.5.21129 ······-·PCI-DSS-Req-10.5.2
Offset 1139, 16 lines modifiedOffset 1139, 16 lines modified
1139 ······lineinfile:1139 ······lineinfile:
1140 ········path:·'{{·item·}}'1140 ········path:·'{{·item·}}'
1141 ········regexp:·^\s*(?:-e)\s+.*$1141 ········regexp:·^\s*(?:-e)\s+.*$
1142 ········state:·absent1142 ········state:·absent
1143 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']1143 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
1144 ········}}'1144 ········}}'
1145 ······when:1145 ······when:
1146 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1147 ······-·'"audit"·in·ansible_facts.packages'1146 ······-·'"audit"·in·ansible_facts.packages'
 1147 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1148 ······tags:1148 ······tags:
1149 ······-·CJIS-5.4.1.11149 ······-·CJIS-5.4.1.1
1150 ······-·NIST-800-171-3.3.11150 ······-·NIST-800-171-3.3.1
1151 ······-·NIST-800-171-3.4.31151 ······-·NIST-800-171-3.4.3
1152 ······-·NIST-800-53-AC-6(9)1152 ······-·NIST-800-53-AC-6(9)
1153 ······-·NIST-800-53-CM-6(a)1153 ······-·NIST-800-53-CM-6(a)
1154 ······-·PCI-DSS-Req-10.5.21154 ······-·PCI-DSS-Req-10.5.2
Offset 1165, 16 lines modifiedOffset 1165, 16 lines modified
1165 ········create:·true1165 ········create:·true
1166 ········line:·-e·21166 ········line:·-e·2
1167 ········mode:·o-rwx1167 ········mode:·o-rwx
1168 ······loop:1168 ······loop:
1169 ······-·/etc/audit/audit.rules1169 ······-·/etc/audit/audit.rules
1170 ······-·/etc/audit/rules.d/immutable.rules1170 ······-·/etc/audit/rules.d/immutable.rules
1171 ······when:1171 ······when:
1172 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1173 ······-·'"audit"·in·ansible_facts.packages'1172 ······-·'"audit"·in·ansible_facts.packages'
 1173 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1174 ······tags:1174 ······tags:
1175 ······-·CJIS-5.4.1.11175 ······-·CJIS-5.4.1.1
1176 ······-·NIST-800-171-3.3.11176 ······-·NIST-800-171-3.3.1
1177 ······-·NIST-800-171-3.4.31177 ······-·NIST-800-171-3.4.3
1178 ······-·NIST-800-53-AC-6(9)1178 ······-·NIST-800-53-AC-6(9)
1179 ······-·NIST-800-53-CM-6(a)1179 ······-·NIST-800-53-CM-6(a)
1180 ······-·PCI-DSS-Req-10.5.21180 ······-·PCI-DSS-Req-10.5.2
Offset 1209, 16 lines modifiedOffset 1209, 16 lines modified
1209 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/1209 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
1210 ······find:1210 ······find:
1211 ········paths:·/etc/audit/rules.d1211 ········paths:·/etc/audit/rules.d
1212 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+1212 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
1213 ········patterns:·'*.rules'1213 ········patterns:·'*.rules'
1214 ······register:·find_existing_watch_rules_d1214 ······register:·find_existing_watch_rules_d
1215 ······when:1215 ······when:
1216 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1217 ······-·'"audit"·in·ansible_facts.packages'1216 ······-·'"audit"·in·ansible_facts.packages'
 1217 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1218 ······tags:1218 ······tags:
1219 ······-·CJIS-5.4.1.11219 ······-·CJIS-5.4.1.1
1220 ······-·NIST-800-171-3.1.71220 ······-·NIST-800-171-3.1.7
1221 ······-·NIST-800-53-AC-2(7)(b)1221 ······-·NIST-800-53-AC-2(7)(b)
1222 ······-·NIST-800-53-AC-6(9)1222 ······-·NIST-800-53-AC-6(9)
1223 ······-·NIST-800-53-AU-12(c)1223 ······-·NIST-800-53-AU-12(c)
1224 ······-·NIST-800-53-AU-2(d)1224 ······-·NIST-800-53-AU-2(d)
Offset 1235, 16 lines modifiedOffset 1235, 16 lines modified
1235 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions1235 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
1236 ······find:1236 ······find:
1237 ········paths:·/etc/audit/rules.d1237 ········paths:·/etc/audit/rules.d
1238 ········contains:·^.*(?:-F·key=|-k\s+)actions$1238 ········contains:·^.*(?:-F·key=|-k\s+)actions$
1239 ········patterns:·'*.rules'1239 ········patterns:·'*.rules'
1240 ······register:·find_watch_key1240 ······register:·find_watch_key
1241 ······when:1241 ······when:
1242 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1243 ······-·'"audit"·in·ansible_facts.packages'1242 ······-·'"audit"·in·ansible_facts.packages'
 1243 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1244 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched1244 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
1245 ········==·01245 ········==·0
1246 ······tags:1246 ······tags:
1247 ······-·CJIS-5.4.1.11247 ······-·CJIS-5.4.1.1
1248 ······-·NIST-800-171-3.1.71248 ······-·NIST-800-171-3.1.7
1249 ······-·NIST-800-53-AC-2(7)(b)1249 ······-·NIST-800-53-AC-2(7)(b)
1250 ······-·NIST-800-53-AC-6(9)1250 ······-·NIST-800-53-AC-6(9)
Offset 1261, 16 lines modifiedOffset 1261, 16 lines modified
1261 ······-·restrict_strategy1261 ······-·restrict_strategy
  
1262 ····-·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule1262 ····-·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule
1263 ······set_fact:1263 ······set_fact:
1264 ········all_files:1264 ········all_files:
1265 ········-·/etc/audit/rules.d/actions.rules1265 ········-·/etc/audit/rules.d/actions.rules
1266 ······when:1266 ······when:
1267 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1268 ······-·'"audit"·in·ansible_facts.packages'1267 ······-·'"audit"·in·ansible_facts.packages'
 1268 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1269 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched1269 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
1270 ········is·defined·and·find_existing_watch_rules_d.matched·==·01270 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1271 ······tags:1271 ······tags:
1272 ······-·CJIS-5.4.1.11272 ······-·CJIS-5.4.1.1
1273 ······-·NIST-800-171-3.1.71273 ······-·NIST-800-171-3.1.7
1274 ······-·NIST-800-53-AC-2(7)(b)1274 ······-·NIST-800-53-AC-2(7)(b)
1275 ······-·NIST-800-53-AC-6(9)1275 ······-·NIST-800-53-AC-6(9)
Offset 1287, 16 lines modifiedOffset 1287, 16 lines modified
1287 ······-·restrict_strategy1287 ······-·restrict_strategy
  
1288 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule1288 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
1289 ······set_fact:1289 ······set_fact:
1290 ········all_files:1290 ········all_files:
1291 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'1291 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
1292 ······when:1292 ······when:
1293 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1294 ······-·'"audit"·in·ansible_facts.packages'1293 ······-·'"audit"·in·ansible_facts.packages'
 1294 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1295 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched1295 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
1296 ········is·defined·and·find_existing_watch_rules_d.matched·==·01296 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1297 ······tags:1297 ······tags:
1298 ······-·CJIS-5.4.1.11298 ······-·CJIS-5.4.1.1
1299 ······-·NIST-800-171-3.1.71299 ······-·NIST-800-171-3.1.7
1300 ······-·NIST-800-53-AC-2(7)(b)1300 ······-·NIST-800-53-AC-2(7)(b)
1301 ······-·NIST-800-53-AC-6(9)1301 ······-·NIST-800-53-AC-6(9)
Offset 1315, 16 lines modifiedOffset 1315, 16 lines modified
1315 ····-·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/1315 ····-·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/
Max diff block lines reached; 21303/26333 bytes (80.90%) of diff not shown.
4.03 KB
./usr/share/scap-security-guide/ansible/alinux3-playbook-cis_l1.yml
Ordering differences only
    
Offset 1199, 16 lines modifiedOffset 1199, 16 lines modified
1199 ······-·no_reboot_needed1199 ······-·no_reboot_needed
  
1200 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg1200 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
1201 ······stat:1201 ······stat:
1202 ········path:·/boot/grub2/grub.cfg1202 ········path:·/boot/grub2/grub.cfg
1203 ······register:·file_exists1203 ······register:·file_exists
1204 ······when:1204 ······when:
1205 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
1206 ······-·'"grub2-common"·in·ansible_facts.packages'1205 ······-·'"grub2-common"·in·ansible_facts.packages'
 1206 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
1207 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1207 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1208 ······tags:1208 ······tags:
1209 ······-·CJIS-5.5.2.21209 ······-·CJIS-5.5.2.2
1210 ······-·NIST-800-171-3.4.51210 ······-·NIST-800-171-3.4.5
1211 ······-·NIST-800-53-AC-6(1)1211 ······-·NIST-800-53-AC-6(1)
1212 ······-·NIST-800-53-CM-6(a)1212 ······-·NIST-800-53-CM-6(a)
1213 ······-·PCI-DSS-Req-7.11213 ······-·PCI-DSS-Req-7.1
Offset 1220, 16 lines modifiedOffset 1220, 16 lines modified
1220 ······-·no_reboot_needed1220 ······-·no_reboot_needed
  
1221 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg1221 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
1222 ······file:1222 ······file:
1223 ········path:·/boot/grub2/grub.cfg1223 ········path:·/boot/grub2/grub.cfg
1224 ········group:·'0'1224 ········group:·'0'
1225 ······when:1225 ······when:
1226 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
1227 ······-·'"grub2-common"·in·ansible_facts.packages'1226 ······-·'"grub2-common"·in·ansible_facts.packages'
 1227 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
1228 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1228 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1229 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists1229 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
1230 ······tags:1230 ······tags:
1231 ······-·CJIS-5.5.2.21231 ······-·CJIS-5.5.2.2
1232 ······-·NIST-800-171-3.4.51232 ······-·NIST-800-171-3.4.5
1233 ······-·NIST-800-53-AC-6(1)1233 ······-·NIST-800-53-AC-6(1)
1234 ······-·NIST-800-53-CM-6(a)1234 ······-·NIST-800-53-CM-6(a)
Offset 1259, 16 lines modifiedOffset 1259, 16 lines modified
1259 ······-·no_reboot_needed1259 ······-·no_reboot_needed
  
1260 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg1260 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
1261 ······stat:1261 ······stat:
1262 ········path:·/boot/grub2/grub.cfg1262 ········path:·/boot/grub2/grub.cfg
1263 ······register:·file_exists1263 ······register:·file_exists
1264 ······when:1264 ······when:
1265 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
1266 ······-·'"grub2-common"·in·ansible_facts.packages'1265 ······-·'"grub2-common"·in·ansible_facts.packages'
 1266 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
1267 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1267 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1268 ······tags:1268 ······tags:
1269 ······-·CJIS-5.5.2.21269 ······-·CJIS-5.5.2.2
1270 ······-·NIST-800-171-3.4.51270 ······-·NIST-800-171-3.4.5
1271 ······-·NIST-800-53-AC-6(1)1271 ······-·NIST-800-53-AC-6(1)
1272 ······-·NIST-800-53-CM-6(a)1272 ······-·NIST-800-53-CM-6(a)
1273 ······-·PCI-DSS-Req-7.11273 ······-·PCI-DSS-Req-7.1
Offset 1280, 16 lines modifiedOffset 1280, 16 lines modified
1280 ······-·no_reboot_needed1280 ······-·no_reboot_needed
  
1281 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg1281 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
1282 ······file:1282 ······file:
1283 ········path:·/boot/grub2/grub.cfg1283 ········path:·/boot/grub2/grub.cfg
1284 ········owner:·'0'1284 ········owner:·'0'
1285 ······when:1285 ······when:
1286 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
1287 ······-·'"grub2-common"·in·ansible_facts.packages'1286 ······-·'"grub2-common"·in·ansible_facts.packages'
 1287 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
1288 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1288 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1289 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists1289 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
1290 ······tags:1290 ······tags:
1291 ······-·CJIS-5.5.2.21291 ······-·CJIS-5.5.2.2
1292 ······-·NIST-800-171-3.4.51292 ······-·NIST-800-171-3.4.5
1293 ······-·NIST-800-53-AC-6(1)1293 ······-·NIST-800-53-AC-6(1)
1294 ······-·NIST-800-53-CM-6(a)1294 ······-·NIST-800-53-CM-6(a)
Offset 1317, 16 lines modifiedOffset 1317, 16 lines modified
1317 ······-·no_reboot_needed1317 ······-·no_reboot_needed
  
1318 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg1318 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
1319 ······stat:1319 ······stat:
1320 ········path:·/boot/grub2/grub.cfg1320 ········path:·/boot/grub2/grub.cfg
1321 ······register:·file_exists1321 ······register:·file_exists
1322 ······when:1322 ······when:
1323 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
1324 ······-·'"grub2-common"·in·ansible_facts.packages'1323 ······-·'"grub2-common"·in·ansible_facts.packages'
 1324 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
1325 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1325 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1326 ······tags:1326 ······tags:
1327 ······-·NIST-800-171-3.4.51327 ······-·NIST-800-171-3.4.5
1328 ······-·NIST-800-53-AC-6(1)1328 ······-·NIST-800-53-AC-6(1)
1329 ······-·NIST-800-53-CM-6(a)1329 ······-·NIST-800-53-CM-6(a)
1330 ······-·configure_strategy1330 ······-·configure_strategy
1331 ······-·file_permissions_efi_grub2_cfg1331 ······-·file_permissions_efi_grub2_cfg
Offset 1336, 16 lines modifiedOffset 1336, 16 lines modified
1336 ······-·no_reboot_needed1336 ······-·no_reboot_needed
  
1337 ····-·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg1337 ····-·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
1338 ······file:1338 ······file:
1339 ········path:·/boot/grub2/grub.cfg1339 ········path:·/boot/grub2/grub.cfg
1340 ········mode:·u-s,g-xwrs,o-xwrt1340 ········mode:·u-s,g-xwrs,o-xwrt
1341 ······when:1341 ······when:
1342 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
1343 ······-·'"grub2-common"·in·ansible_facts.packages'1342 ······-·'"grub2-common"·in·ansible_facts.packages'
 1343 ······-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
1344 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1344 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1345 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists1345 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
1346 ······tags:1346 ······tags:
1347 ······-·NIST-800-171-3.4.51347 ······-·NIST-800-171-3.4.5
1348 ······-·NIST-800-53-AC-6(1)1348 ······-·NIST-800-53-AC-6(1)
1349 ······-·NIST-800-53-CM-6(a)1349 ······-·NIST-800-53-CM-6(a)
1350 ······-·configure_strategy1350 ······-·configure_strategy
3.93 KB
./usr/share/scap-security-guide/ansible/anolis8-playbook-standard.yml
Ordering differences only
    
Offset 1074, 16 lines modifiedOffset 1074, 16 lines modified
1074 ······-·no_reboot_needed1074 ······-·no_reboot_needed
  
1075 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg1075 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
1076 ······stat:1076 ······stat:
1077 ········path:·/boot/grub2/grub.cfg1077 ········path:·/boot/grub2/grub.cfg
1078 ······register:·file_exists1078 ······register:·file_exists
1079 ······when:1079 ······when:
1080 ······-·'"grub2-common"·in·ansible_facts.packages' 
1081 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'1080 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 1081 ······-·'"grub2-common"·in·ansible_facts.packages'
1082 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1082 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1083 ······tags:1083 ······tags:
1084 ······-·CJIS-5.5.2.21084 ······-·CJIS-5.5.2.2
1085 ······-·NIST-800-171-3.4.51085 ······-·NIST-800-171-3.4.5
1086 ······-·NIST-800-53-AC-6(1)1086 ······-·NIST-800-53-AC-6(1)
1087 ······-·NIST-800-53-CM-6(a)1087 ······-·NIST-800-53-CM-6(a)
1088 ······-·PCI-DSS-Req-7.11088 ······-·PCI-DSS-Req-7.1
Offset 1095, 16 lines modifiedOffset 1095, 16 lines modified
1095 ······-·no_reboot_needed1095 ······-·no_reboot_needed
  
1096 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg1096 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
1097 ······file:1097 ······file:
1098 ········path:·/boot/grub2/grub.cfg1098 ········path:·/boot/grub2/grub.cfg
1099 ········group:·'0'1099 ········group:·'0'
1100 ······when:1100 ······when:
1101 ······-·'"grub2-common"·in·ansible_facts.packages' 
1102 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'1101 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 1102 ······-·'"grub2-common"·in·ansible_facts.packages'
1103 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1103 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1104 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists1104 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
1105 ······tags:1105 ······tags:
1106 ······-·CJIS-5.5.2.21106 ······-·CJIS-5.5.2.2
1107 ······-·NIST-800-171-3.4.51107 ······-·NIST-800-171-3.4.5
1108 ······-·NIST-800-53-AC-6(1)1108 ······-·NIST-800-53-AC-6(1)
1109 ······-·NIST-800-53-CM-6(a)1109 ······-·NIST-800-53-CM-6(a)
Offset 1134, 16 lines modifiedOffset 1134, 16 lines modified
1134 ······-·no_reboot_needed1134 ······-·no_reboot_needed
  
1135 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg1135 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
1136 ······stat:1136 ······stat:
1137 ········path:·/boot/grub2/grub.cfg1137 ········path:·/boot/grub2/grub.cfg
1138 ······register:·file_exists1138 ······register:·file_exists
1139 ······when:1139 ······when:
1140 ······-·'"grub2-common"·in·ansible_facts.packages' 
1141 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'1140 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 1141 ······-·'"grub2-common"·in·ansible_facts.packages'
1142 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1142 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1143 ······tags:1143 ······tags:
1144 ······-·CJIS-5.5.2.21144 ······-·CJIS-5.5.2.2
1145 ······-·NIST-800-171-3.4.51145 ······-·NIST-800-171-3.4.5
1146 ······-·NIST-800-53-AC-6(1)1146 ······-·NIST-800-53-AC-6(1)
1147 ······-·NIST-800-53-CM-6(a)1147 ······-·NIST-800-53-CM-6(a)
1148 ······-·PCI-DSS-Req-7.11148 ······-·PCI-DSS-Req-7.1
Offset 1155, 16 lines modifiedOffset 1155, 16 lines modified
1155 ······-·no_reboot_needed1155 ······-·no_reboot_needed
  
1156 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg1156 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
1157 ······file:1157 ······file:
1158 ········path:·/boot/grub2/grub.cfg1158 ········path:·/boot/grub2/grub.cfg
1159 ········owner:·'0'1159 ········owner:·'0'
1160 ······when:1160 ······when:
1161 ······-·'"grub2-common"·in·ansible_facts.packages' 
1162 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'1161 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 1162 ······-·'"grub2-common"·in·ansible_facts.packages'
1163 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1163 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1164 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists1164 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
1165 ······tags:1165 ······tags:
1166 ······-·CJIS-5.5.2.21166 ······-·CJIS-5.5.2.2
1167 ······-·NIST-800-171-3.4.51167 ······-·NIST-800-171-3.4.5
1168 ······-·NIST-800-53-AC-6(1)1168 ······-·NIST-800-53-AC-6(1)
1169 ······-·NIST-800-53-CM-6(a)1169 ······-·NIST-800-53-CM-6(a)
Offset 1192, 16 lines modifiedOffset 1192, 16 lines modified
1192 ······-·no_reboot_needed1192 ······-·no_reboot_needed
  
1193 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg1193 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
1194 ······stat:1194 ······stat:
1195 ········path:·/boot/grub2/grub.cfg1195 ········path:·/boot/grub2/grub.cfg
1196 ······register:·file_exists1196 ······register:·file_exists
1197 ······when:1197 ······when:
1198 ······-·'"grub2-common"·in·ansible_facts.packages' 
1199 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'1198 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 1199 ······-·'"grub2-common"·in·ansible_facts.packages'
1200 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1200 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1201 ······tags:1201 ······tags:
1202 ······-·NIST-800-171-3.4.51202 ······-·NIST-800-171-3.4.5
1203 ······-·NIST-800-53-AC-6(1)1203 ······-·NIST-800-53-AC-6(1)
1204 ······-·NIST-800-53-CM-6(a)1204 ······-·NIST-800-53-CM-6(a)
1205 ······-·configure_strategy1205 ······-·configure_strategy
1206 ······-·file_permissions_grub2_cfg1206 ······-·file_permissions_grub2_cfg
Offset 1211, 16 lines modifiedOffset 1211, 16 lines modified
1211 ······-·no_reboot_needed1211 ······-·no_reboot_needed
  
1212 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg1212 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
1213 ······file:1213 ······file:
1214 ········path:·/boot/grub2/grub.cfg1214 ········path:·/boot/grub2/grub.cfg
1215 ········mode:·u-xs,g-xwrs,o-xwrt1215 ········mode:·u-xs,g-xwrs,o-xwrt
1216 ······when:1216 ······when:
1217 ······-·'"grub2-common"·in·ansible_facts.packages' 
1218 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'1217 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 1218 ······-·'"grub2-common"·in·ansible_facts.packages'
1219 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1219 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1220 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists1220 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
1221 ······tags:1221 ······tags:
1222 ······-·NIST-800-171-3.4.51222 ······-·NIST-800-171-3.4.5
1223 ······-·NIST-800-53-AC-6(1)1223 ······-·NIST-800-53-AC-6(1)
1224 ······-·NIST-800-53-CM-6(a)1224 ······-·NIST-800-53-CM-6(a)
1225 ······-·configure_strategy1225 ······-·configure_strategy
109 KB
./usr/share/scap-security-guide/ansible/centos7-playbook-pci-dss.yml
Ordering differences only
    
Offset 4494, 16 lines modifiedOffset 4494, 16 lines modified
  
4494 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension4494 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
4495 ······find:4495 ······find:
4496 ········paths:·/etc/audit/rules.d/4496 ········paths:·/etc/audit/rules.d/
4497 ········patterns:·'*.rules'4497 ········patterns:·'*.rules'
4498 ······register:·find_rules_d4498 ······register:·find_rules_d
4499 ······when:4499 ······when:
4500 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4501 ······-·'"audit"·in·ansible_facts.packages'4500 ······-·'"audit"·in·ansible_facts.packages'
 4501 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4502 ······tags:4502 ······tags:
4503 ······-·CJIS-5.4.1.14503 ······-·CJIS-5.4.1.1
4504 ······-·NIST-800-171-3.3.14504 ······-·NIST-800-171-3.3.1
4505 ······-·NIST-800-171-3.4.34505 ······-·NIST-800-171-3.4.3
4506 ······-·NIST-800-53-AC-6(9)4506 ······-·NIST-800-53-AC-6(9)
4507 ······-·NIST-800-53-CM-6(a)4507 ······-·NIST-800-53-CM-6(a)
4508 ······-·PCI-DSS-Req-10.5.24508 ······-·PCI-DSS-Req-10.5.2
Offset 4518, 16 lines modifiedOffset 4518, 16 lines modified
4518 ······lineinfile:4518 ······lineinfile:
4519 ········path:·'{{·item·}}'4519 ········path:·'{{·item·}}'
4520 ········regexp:·^\s*(?:-e)\s+.*$4520 ········regexp:·^\s*(?:-e)\s+.*$
4521 ········state:·absent4521 ········state:·absent
4522 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']4522 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
4523 ········}}'4523 ········}}'
4524 ······when:4524 ······when:
4525 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4526 ······-·'"audit"·in·ansible_facts.packages'4525 ······-·'"audit"·in·ansible_facts.packages'
 4526 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4527 ······tags:4527 ······tags:
4528 ······-·CJIS-5.4.1.14528 ······-·CJIS-5.4.1.1
4529 ······-·NIST-800-171-3.3.14529 ······-·NIST-800-171-3.3.1
4530 ······-·NIST-800-171-3.4.34530 ······-·NIST-800-171-3.4.3
4531 ······-·NIST-800-53-AC-6(9)4531 ······-·NIST-800-53-AC-6(9)
4532 ······-·NIST-800-53-CM-6(a)4532 ······-·NIST-800-53-CM-6(a)
4533 ······-·PCI-DSS-Req-10.5.24533 ······-·PCI-DSS-Req-10.5.2
Offset 4544, 16 lines modifiedOffset 4544, 16 lines modified
4544 ········create:·true4544 ········create:·true
4545 ········line:·-e·24545 ········line:·-e·2
4546 ········mode:·o-rwx4546 ········mode:·o-rwx
4547 ······loop:4547 ······loop:
4548 ······-·/etc/audit/audit.rules4548 ······-·/etc/audit/audit.rules
4549 ······-·/etc/audit/rules.d/immutable.rules4549 ······-·/etc/audit/rules.d/immutable.rules
4550 ······when:4550 ······when:
4551 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4552 ······-·'"audit"·in·ansible_facts.packages'4551 ······-·'"audit"·in·ansible_facts.packages'
 4552 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4553 ······tags:4553 ······tags:
4554 ······-·CJIS-5.4.1.14554 ······-·CJIS-5.4.1.1
4555 ······-·NIST-800-171-3.3.14555 ······-·NIST-800-171-3.3.1
4556 ······-·NIST-800-171-3.4.34556 ······-·NIST-800-171-3.4.3
4557 ······-·NIST-800-53-AC-6(9)4557 ······-·NIST-800-53-AC-6(9)
4558 ······-·NIST-800-53-CM-6(a)4558 ······-·NIST-800-53-CM-6(a)
4559 ······-·PCI-DSS-Req-10.5.24559 ······-·PCI-DSS-Req-10.5.2
Offset 4585, 16 lines modifiedOffset 4585, 16 lines modified
4585 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/4585 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
4586 ······find:4586 ······find:
4587 ········paths:·/etc/audit/rules.d4587 ········paths:·/etc/audit/rules.d
4588 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+4588 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
4589 ········patterns:·'*.rules'4589 ········patterns:·'*.rules'
4590 ······register:·find_existing_watch_rules_d4590 ······register:·find_existing_watch_rules_d
4591 ······when:4591 ······when:
4592 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4593 ······-·'"audit"·in·ansible_facts.packages'4592 ······-·'"audit"·in·ansible_facts.packages'
 4593 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4594 ······tags:4594 ······tags:
4595 ······-·CJIS-5.4.1.14595 ······-·CJIS-5.4.1.1
4596 ······-·NIST-800-171-3.1.84596 ······-·NIST-800-171-3.1.8
4597 ······-·NIST-800-53-AU-12(c)4597 ······-·NIST-800-53-AU-12(c)
4598 ······-·NIST-800-53-AU-2(d)4598 ······-·NIST-800-53-AU-2(d)
4599 ······-·NIST-800-53-CM-6(a)4599 ······-·NIST-800-53-CM-6(a)
4600 ······-·PCI-DSS-Req-10.5.54600 ······-·PCI-DSS-Req-10.5.5
Offset 4608, 16 lines modifiedOffset 4608, 16 lines modified
4608 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy4608 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
4609 ······find:4609 ······find:
4610 ········paths:·/etc/audit/rules.d4610 ········paths:·/etc/audit/rules.d
4611 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$4611 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
4612 ········patterns:·'*.rules'4612 ········patterns:·'*.rules'
4613 ······register:·find_watch_key4613 ······register:·find_watch_key
4614 ······when:4614 ······when:
4615 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4616 ······-·'"audit"·in·ansible_facts.packages'4615 ······-·'"audit"·in·ansible_facts.packages'
 4616 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4617 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched4617 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
4618 ········==·04618 ········==·0
4619 ······tags:4619 ······tags:
4620 ······-·CJIS-5.4.1.14620 ······-·CJIS-5.4.1.1
4621 ······-·NIST-800-171-3.1.84621 ······-·NIST-800-171-3.1.8
4622 ······-·NIST-800-53-AU-12(c)4622 ······-·NIST-800-53-AU-12(c)
4623 ······-·NIST-800-53-AU-2(d)4623 ······-·NIST-800-53-AU-2(d)
Offset 4631, 16 lines modifiedOffset 4631, 16 lines modified
4631 ······-·restrict_strategy4631 ······-·restrict_strategy
  
4632 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule4632 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
4633 ······set_fact:4633 ······set_fact:
4634 ········all_files:4634 ········all_files:
4635 ········-·/etc/audit/rules.d/MAC-policy.rules4635 ········-·/etc/audit/rules.d/MAC-policy.rules
4636 ······when:4636 ······when:
4637 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4638 ······-·'"audit"·in·ansible_facts.packages'4637 ······-·'"audit"·in·ansible_facts.packages'
 4638 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4639 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched4639 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
4640 ········is·defined·and·find_existing_watch_rules_d.matched·==·04640 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
4641 ······tags:4641 ······tags:
4642 ······-·CJIS-5.4.1.14642 ······-·CJIS-5.4.1.1
4643 ······-·NIST-800-171-3.1.84643 ······-·NIST-800-171-3.1.8
4644 ······-·NIST-800-53-AU-12(c)4644 ······-·NIST-800-53-AU-12(c)
4645 ······-·NIST-800-53-AU-2(d)4645 ······-·NIST-800-53-AU-2(d)
Offset 4654, 16 lines modifiedOffset 4654, 16 lines modified
4654 ······-·restrict_strategy4654 ······-·restrict_strategy
  
4655 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule4655 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
4656 ······set_fact:4656 ······set_fact:
4657 ········all_files:4657 ········all_files:
4658 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'4658 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
4659 ······when:4659 ······when:
4660 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4661 ······-·'"audit"·in·ansible_facts.packages'4660 ······-·'"audit"·in·ansible_facts.packages'
 4661 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4662 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched4662 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
4663 ········is·defined·and·find_existing_watch_rules_d.matched·==·04663 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
4664 ······tags:4664 ······tags:
4665 ······-·CJIS-5.4.1.14665 ······-·CJIS-5.4.1.1
4666 ······-·NIST-800-171-3.1.84666 ······-·NIST-800-171-3.1.8
4667 ······-·NIST-800-53-AU-12(c)4667 ······-·NIST-800-53-AU-12(c)
4668 ······-·NIST-800-53-AU-2(d)4668 ······-·NIST-800-53-AU-2(d)
Offset 4679, 16 lines modifiedOffset 4679, 16 lines modified
4679 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/4679 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
Max diff block lines reached; 106634/111669 bytes (95.49%) of diff not shown.
85.0 KB
./usr/share/scap-security-guide/ansible/centos7-playbook-standard.yml
Ordering differences only
    
Offset 644, 16 lines modifiedOffset 644, 16 lines modified
644 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/644 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
645 ······find:645 ······find:
646 ········paths:·/etc/audit/rules.d646 ········paths:·/etc/audit/rules.d
647 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+647 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
648 ········patterns:·'*.rules'648 ········patterns:·'*.rules'
649 ······register:·find_existing_watch_rules_d649 ······register:·find_existing_watch_rules_d
650 ······when:650 ······when:
651 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
652 ······-·'"audit"·in·ansible_facts.packages'651 ······-·'"audit"·in·ansible_facts.packages'
 652 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
653 ······tags:653 ······tags:
654 ······-·CJIS-5.4.1.1654 ······-·CJIS-5.4.1.1
655 ······-·NIST-800-171-3.1.8655 ······-·NIST-800-171-3.1.8
656 ······-·NIST-800-53-AU-12(c)656 ······-·NIST-800-53-AU-12(c)
657 ······-·NIST-800-53-AU-2(d)657 ······-·NIST-800-53-AU-2(d)
658 ······-·NIST-800-53-CM-6(a)658 ······-·NIST-800-53-CM-6(a)
659 ······-·PCI-DSS-Req-10.5.5659 ······-·PCI-DSS-Req-10.5.5
Offset 667, 16 lines modifiedOffset 667, 16 lines modified
667 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy667 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
668 ······find:668 ······find:
669 ········paths:·/etc/audit/rules.d669 ········paths:·/etc/audit/rules.d
670 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$670 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
671 ········patterns:·'*.rules'671 ········patterns:·'*.rules'
672 ······register:·find_watch_key672 ······register:·find_watch_key
673 ······when:673 ······when:
674 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
675 ······-·'"audit"·in·ansible_facts.packages'674 ······-·'"audit"·in·ansible_facts.packages'
 675 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
676 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched676 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
677 ········==·0677 ········==·0
678 ······tags:678 ······tags:
679 ······-·CJIS-5.4.1.1679 ······-·CJIS-5.4.1.1
680 ······-·NIST-800-171-3.1.8680 ······-·NIST-800-171-3.1.8
681 ······-·NIST-800-53-AU-12(c)681 ······-·NIST-800-53-AU-12(c)
682 ······-·NIST-800-53-AU-2(d)682 ······-·NIST-800-53-AU-2(d)
Offset 690, 16 lines modifiedOffset 690, 16 lines modified
690 ······-·restrict_strategy690 ······-·restrict_strategy
  
691 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule691 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
692 ······set_fact:692 ······set_fact:
693 ········all_files:693 ········all_files:
694 ········-·/etc/audit/rules.d/MAC-policy.rules694 ········-·/etc/audit/rules.d/MAC-policy.rules
695 ······when:695 ······when:
696 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
697 ······-·'"audit"·in·ansible_facts.packages'696 ······-·'"audit"·in·ansible_facts.packages'
 697 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
698 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched698 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
699 ········is·defined·and·find_existing_watch_rules_d.matched·==·0699 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
700 ······tags:700 ······tags:
701 ······-·CJIS-5.4.1.1701 ······-·CJIS-5.4.1.1
702 ······-·NIST-800-171-3.1.8702 ······-·NIST-800-171-3.1.8
703 ······-·NIST-800-53-AU-12(c)703 ······-·NIST-800-53-AU-12(c)
704 ······-·NIST-800-53-AU-2(d)704 ······-·NIST-800-53-AU-2(d)
Offset 713, 16 lines modifiedOffset 713, 16 lines modified
713 ······-·restrict_strategy713 ······-·restrict_strategy
  
714 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule714 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
715 ······set_fact:715 ······set_fact:
716 ········all_files:716 ········all_files:
717 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'717 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
718 ······when:718 ······when:
719 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
720 ······-·'"audit"·in·ansible_facts.packages'719 ······-·'"audit"·in·ansible_facts.packages'
 720 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
721 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched721 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
722 ········is·defined·and·find_existing_watch_rules_d.matched·==·0722 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
723 ······tags:723 ······tags:
724 ······-·CJIS-5.4.1.1724 ······-·CJIS-5.4.1.1
725 ······-·NIST-800-171-3.1.8725 ······-·NIST-800-171-3.1.8
726 ······-·NIST-800-53-AU-12(c)726 ······-·NIST-800-53-AU-12(c)
727 ······-·NIST-800-53-AU-2(d)727 ······-·NIST-800-53-AU-2(d)
Offset 738, 16 lines modifiedOffset 738, 16 lines modified
738 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/738 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
739 ······lineinfile:739 ······lineinfile:
740 ········path:·'{{·all_files[0]·}}'740 ········path:·'{{·all_files[0]·}}'
741 ········line:·-w·/etc/selinux/·-p·wa·-k·MAC-policy741 ········line:·-w·/etc/selinux/·-p·wa·-k·MAC-policy
742 ········create:·true742 ········create:·true
743 ········mode:·'0640'743 ········mode:·'0640'
744 ······when:744 ······when:
745 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
746 ······-·'"audit"·in·ansible_facts.packages'745 ······-·'"audit"·in·ansible_facts.packages'
 746 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
747 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched747 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
748 ········==·0748 ········==·0
749 ······tags:749 ······tags:
750 ······-·CJIS-5.4.1.1750 ······-·CJIS-5.4.1.1
751 ······-·NIST-800-171-3.1.8751 ······-·NIST-800-171-3.1.8
752 ······-·NIST-800-53-AU-12(c)752 ······-·NIST-800-53-AU-12(c)
753 ······-·NIST-800-53-AU-2(d)753 ······-·NIST-800-53-AU-2(d)
Offset 763, 16 lines modifiedOffset 763, 16 lines modified
763 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/audit.rules763 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/audit.rules
764 ······find:764 ······find:
765 ········paths:·/etc/audit/765 ········paths:·/etc/audit/
766 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+766 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
767 ········patterns:·audit.rules767 ········patterns:·audit.rules
768 ······register:·find_existing_watch_audit_rules768 ······register:·find_existing_watch_audit_rules
769 ······when:769 ······when:
770 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
771 ······-·'"audit"·in·ansible_facts.packages'770 ······-·'"audit"·in·ansible_facts.packages'
 771 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
772 ······tags:772 ······tags:
773 ······-·CJIS-5.4.1.1773 ······-·CJIS-5.4.1.1
774 ······-·NIST-800-171-3.1.8774 ······-·NIST-800-171-3.1.8
775 ······-·NIST-800-53-AU-12(c)775 ······-·NIST-800-53-AU-12(c)
776 ······-·NIST-800-53-AU-2(d)776 ······-·NIST-800-53-AU-2(d)
777 ······-·NIST-800-53-CM-6(a)777 ······-·NIST-800-53-CM-6(a)
778 ······-·PCI-DSS-Req-10.5.5778 ······-·PCI-DSS-Req-10.5.5
Offset 787, 16 lines modifiedOffset 787, 16 lines modified
787 ······lineinfile:787 ······lineinfile:
788 ········line:·-w·/etc/selinux/·-p·wa·-k·MAC-policy788 ········line:·-w·/etc/selinux/·-p·wa·-k·MAC-policy
789 ········state:·present789 ········state:·present
790 ········dest:·/etc/audit/audit.rules790 ········dest:·/etc/audit/audit.rules
791 ········create:·true791 ········create:·true
792 ········mode:·'0640'792 ········mode:·'0640'
793 ······when:793 ······when:
794 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
795 ······-·'"audit"·in·ansible_facts.packages'794 ······-·'"audit"·in·ansible_facts.packages'
 795 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
796 ······-·find_existing_watch_audit_rules.matched·is·defined·and·find_existing_watch_audit_rules.matched796 ······-·find_existing_watch_audit_rules.matched·is·defined·and·find_existing_watch_audit_rules.matched
797 ········==·0797 ········==·0
798 ······tags:798 ······tags:
799 ······-·CJIS-5.4.1.1799 ······-·CJIS-5.4.1.1
800 ······-·NIST-800-171-3.1.8800 ······-·NIST-800-171-3.1.8
801 ······-·NIST-800-53-AU-12(c)801 ······-·NIST-800-53-AU-12(c)
802 ······-·NIST-800-53-AU-2(d)802 ······-·NIST-800-53-AU-2(d)
Offset 829, 16 lines modifiedOffset 829, 16 lines modified
829 ······-·reboot_required829 ······-·reboot_required
Max diff block lines reached; 81679/86895 bytes (94.00%) of diff not shown.
866 B
./usr/share/scap-security-guide/ansible/centos8-playbook-anssi_bp28_enhanced.yml
Ordering differences only
    
Offset 5628, 16 lines modifiedOffset 5628, 16 lines modified
5628 ··········line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x5628 ··········line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x
5629 ············-F·auid>=1000·-F·auid!=unset·-F·key=privileged5629 ············-F·auid>=1000·-F·auid!=unset·-F·key=privileged
5630 ··········create:·true5630 ··········create:·true
5631 ··········mode:·o-rwx5631 ··········mode:·o-rwx
5632 ··········state:·present5632 ··········state:·present
5633 ········when:·syscalls_found·|·length·==·05633 ········when:·syscalls_found·|·length·==·0
5634 ······when:5634 ······when:
5635 ······-·'"audit"·in·ansible_facts.packages' 
5636 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5635 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5636 ······-·'"audit"·in·ansible_facts.packages'
5637 ······tags:5637 ······tags:
5638 ······-·DISA-STIG-RHEL-08-0305505638 ······-·DISA-STIG-RHEL-08-030550
5639 ······-·NIST-800-171-3.1.75639 ······-·NIST-800-171-3.1.7
5640 ······-·NIST-800-53-AC-6(9)5640 ······-·NIST-800-53-AC-6(9)
5641 ······-·NIST-800-53-AU-12(c)5641 ······-·NIST-800-53-AU-12(c)
5642 ······-·NIST-800-53-AU-2(d)5642 ······-·NIST-800-53-AU-2(d)
5643 ······-·NIST-800-53-CM-6(a)5643 ······-·NIST-800-53-CM-6(a)
858 B
./usr/share/scap-security-guide/ansible/centos8-playbook-anssi_bp28_high.yml
Ordering differences only
    
Offset 5775, 16 lines modifiedOffset 5775, 16 lines modified
5775 ··········line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x5775 ··········line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x
5776 ············-F·auid>=1000·-F·auid!=unset·-F·key=privileged5776 ············-F·auid>=1000·-F·auid!=unset·-F·key=privileged
5777 ··········create:·true5777 ··········create:·true
5778 ··········mode:·o-rwx5778 ··········mode:·o-rwx
5779 ··········state:·present5779 ··········state:·present
5780 ········when:·syscalls_found·|·length·==·05780 ········when:·syscalls_found·|·length·==·0
5781 ······when:5781 ······when:
5782 ······-·'"audit"·in·ansible_facts.packages' 
5783 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5782 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5783 ······-·'"audit"·in·ansible_facts.packages'
5784 ······tags:5784 ······tags:
5785 ······-·DISA-STIG-RHEL-08-0305505785 ······-·DISA-STIG-RHEL-08-030550
5786 ······-·NIST-800-171-3.1.75786 ······-·NIST-800-171-3.1.7
5787 ······-·NIST-800-53-AC-6(9)5787 ······-·NIST-800-53-AC-6(9)
5788 ······-·NIST-800-53-AU-12(c)5788 ······-·NIST-800-53-AU-12(c)
5789 ······-·NIST-800-53-AU-2(d)5789 ······-·NIST-800-53-AU-2(d)
5790 ······-·NIST-800-53-CM-6(a)5790 ······-·NIST-800-53-CM-6(a)
874 B
./usr/share/scap-security-guide/ansible/centos8-playbook-anssi_bp28_intermediary.yml
Ordering differences only
    
Offset 5352, 16 lines modifiedOffset 5352, 16 lines modified
5352 ··········line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x5352 ··········line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x
5353 ············-F·auid>=1000·-F·auid!=unset·-F·key=privileged5353 ············-F·auid>=1000·-F·auid!=unset·-F·key=privileged
5354 ··········create:·true5354 ··········create:·true
5355 ··········mode:·o-rwx5355 ··········mode:·o-rwx
5356 ··········state:·present5356 ··········state:·present
5357 ········when:·syscalls_found·|·length·==·05357 ········when:·syscalls_found·|·length·==·0
5358 ······when:5358 ······when:
5359 ······-·'"audit"·in·ansible_facts.packages' 
5360 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5359 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5360 ······-·'"audit"·in·ansible_facts.packages'
5361 ······tags:5361 ······tags:
5362 ······-·DISA-STIG-RHEL-08-0305505362 ······-·DISA-STIG-RHEL-08-030550
5363 ······-·NIST-800-171-3.1.75363 ······-·NIST-800-171-3.1.7
5364 ······-·NIST-800-53-AC-6(9)5364 ······-·NIST-800-53-AC-6(9)
5365 ······-·NIST-800-53-AU-12(c)5365 ······-·NIST-800-53-AU-12(c)
5366 ······-·NIST-800-53-AU-2(d)5366 ······-·NIST-800-53-AU-2(d)
5367 ······-·NIST-800-53-CM-6(a)5367 ······-·NIST-800-53-CM-6(a)
169 KB
./usr/share/scap-security-guide/ansible/centos8-playbook-cis.yml
Ordering differences only
    
Offset 5485, 16 lines modifiedOffset 5485, 16 lines modified
  
5485 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension5485 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
5486 ······find:5486 ······find:
5487 ········paths:·/etc/audit/rules.d/5487 ········paths:·/etc/audit/rules.d/
5488 ········patterns:·'*.rules'5488 ········patterns:·'*.rules'
5489 ······register:·find_rules_d5489 ······register:·find_rules_d
5490 ······when:5490 ······when:
5491 ······-·'"audit"·in·ansible_facts.packages' 
5492 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5491 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5492 ······-·'"audit"·in·ansible_facts.packages'
5493 ······tags:5493 ······tags:
5494 ······-·CJIS-5.4.1.15494 ······-·CJIS-5.4.1.1
5495 ······-·DISA-STIG-RHEL-08-0301215495 ······-·DISA-STIG-RHEL-08-030121
5496 ······-·NIST-800-171-3.3.15496 ······-·NIST-800-171-3.3.1
5497 ······-·NIST-800-171-3.4.35497 ······-·NIST-800-171-3.4.3
5498 ······-·NIST-800-53-AC-6(9)5498 ······-·NIST-800-53-AC-6(9)
5499 ······-·NIST-800-53-CM-6(a)5499 ······-·NIST-800-53-CM-6(a)
Offset 5510, 16 lines modifiedOffset 5510, 16 lines modified
5510 ······lineinfile:5510 ······lineinfile:
5511 ········path:·'{{·item·}}'5511 ········path:·'{{·item·}}'
5512 ········regexp:·^\s*(?:-e)\s+.*$5512 ········regexp:·^\s*(?:-e)\s+.*$
5513 ········state:·absent5513 ········state:·absent
5514 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']5514 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
5515 ········}}'5515 ········}}'
5516 ······when:5516 ······when:
5517 ······-·'"audit"·in·ansible_facts.packages' 
5518 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5517 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5518 ······-·'"audit"·in·ansible_facts.packages'
5519 ······tags:5519 ······tags:
5520 ······-·CJIS-5.4.1.15520 ······-·CJIS-5.4.1.1
5521 ······-·DISA-STIG-RHEL-08-0301215521 ······-·DISA-STIG-RHEL-08-030121
5522 ······-·NIST-800-171-3.3.15522 ······-·NIST-800-171-3.3.1
5523 ······-·NIST-800-171-3.4.35523 ······-·NIST-800-171-3.4.3
5524 ······-·NIST-800-53-AC-6(9)5524 ······-·NIST-800-53-AC-6(9)
5525 ······-·NIST-800-53-CM-6(a)5525 ······-·NIST-800-53-CM-6(a)
Offset 5537, 16 lines modifiedOffset 5537, 16 lines modified
5537 ········create:·true5537 ········create:·true
5538 ········line:·-e·25538 ········line:·-e·2
5539 ········mode:·o-rwx5539 ········mode:·o-rwx
5540 ······loop:5540 ······loop:
5541 ······-·/etc/audit/audit.rules5541 ······-·/etc/audit/audit.rules
5542 ······-·/etc/audit/rules.d/immutable.rules5542 ······-·/etc/audit/rules.d/immutable.rules
5543 ······when:5543 ······when:
5544 ······-·'"audit"·in·ansible_facts.packages' 
5545 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5544 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5545 ······-·'"audit"·in·ansible_facts.packages'
5546 ······tags:5546 ······tags:
5547 ······-·CJIS-5.4.1.15547 ······-·CJIS-5.4.1.1
5548 ······-·DISA-STIG-RHEL-08-0301215548 ······-·DISA-STIG-RHEL-08-030121
5549 ······-·NIST-800-171-3.3.15549 ······-·NIST-800-171-3.3.1
5550 ······-·NIST-800-171-3.4.35550 ······-·NIST-800-171-3.4.3
5551 ······-·NIST-800-53-AC-6(9)5551 ······-·NIST-800-53-AC-6(9)
5552 ······-·NIST-800-53-CM-6(a)5552 ······-·NIST-800-53-CM-6(a)
Offset 5579, 16 lines modifiedOffset 5579, 16 lines modified
5579 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/5579 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
5580 ······find:5580 ······find:
5581 ········paths:·/etc/audit/rules.d5581 ········paths:·/etc/audit/rules.d
5582 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+5582 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
5583 ········patterns:·'*.rules'5583 ········patterns:·'*.rules'
5584 ······register:·find_existing_watch_rules_d5584 ······register:·find_existing_watch_rules_d
5585 ······when:5585 ······when:
5586 ······-·'"audit"·in·ansible_facts.packages' 
5587 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5586 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5587 ······-·'"audit"·in·ansible_facts.packages'
5588 ······tags:5588 ······tags:
5589 ······-·CJIS-5.4.1.15589 ······-·CJIS-5.4.1.1
5590 ······-·NIST-800-171-3.1.85590 ······-·NIST-800-171-3.1.8
5591 ······-·NIST-800-53-AU-12(c)5591 ······-·NIST-800-53-AU-12(c)
5592 ······-·NIST-800-53-AU-2(d)5592 ······-·NIST-800-53-AU-2(d)
5593 ······-·NIST-800-53-CM-6(a)5593 ······-·NIST-800-53-CM-6(a)
5594 ······-·PCI-DSS-Req-10.5.55594 ······-·PCI-DSS-Req-10.5.5
Offset 5602, 16 lines modifiedOffset 5602, 16 lines modified
5602 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy5602 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
5603 ······find:5603 ······find:
5604 ········paths:·/etc/audit/rules.d5604 ········paths:·/etc/audit/rules.d
5605 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$5605 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
5606 ········patterns:·'*.rules'5606 ········patterns:·'*.rules'
5607 ······register:·find_watch_key5607 ······register:·find_watch_key
5608 ······when:5608 ······when:
5609 ······-·'"audit"·in·ansible_facts.packages' 
5610 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5609 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5610 ······-·'"audit"·in·ansible_facts.packages'
5611 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched5611 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
5612 ········==·05612 ········==·0
5613 ······tags:5613 ······tags:
5614 ······-·CJIS-5.4.1.15614 ······-·CJIS-5.4.1.1
5615 ······-·NIST-800-171-3.1.85615 ······-·NIST-800-171-3.1.8
5616 ······-·NIST-800-53-AU-12(c)5616 ······-·NIST-800-53-AU-12(c)
5617 ······-·NIST-800-53-AU-2(d)5617 ······-·NIST-800-53-AU-2(d)
Offset 5625, 16 lines modifiedOffset 5625, 16 lines modified
5625 ······-·restrict_strategy5625 ······-·restrict_strategy
  
5626 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule5626 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
5627 ······set_fact:5627 ······set_fact:
5628 ········all_files:5628 ········all_files:
5629 ········-·/etc/audit/rules.d/MAC-policy.rules5629 ········-·/etc/audit/rules.d/MAC-policy.rules
5630 ······when:5630 ······when:
5631 ······-·'"audit"·in·ansible_facts.packages' 
5632 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5631 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5632 ······-·'"audit"·in·ansible_facts.packages'
5633 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched5633 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
5634 ········is·defined·and·find_existing_watch_rules_d.matched·==·05634 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
5635 ······tags:5635 ······tags:
5636 ······-·CJIS-5.4.1.15636 ······-·CJIS-5.4.1.1
5637 ······-·NIST-800-171-3.1.85637 ······-·NIST-800-171-3.1.8
5638 ······-·NIST-800-53-AU-12(c)5638 ······-·NIST-800-53-AU-12(c)
5639 ······-·NIST-800-53-AU-2(d)5639 ······-·NIST-800-53-AU-2(d)
Offset 5648, 16 lines modifiedOffset 5648, 16 lines modified
5648 ······-·restrict_strategy5648 ······-·restrict_strategy
  
5649 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule5649 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
5650 ······set_fact:5650 ······set_fact:
5651 ········all_files:5651 ········all_files:
5652 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'5652 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
5653 ······when:5653 ······when:
5654 ······-·'"audit"·in·ansible_facts.packages' 
5655 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5654 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5655 ······-·'"audit"·in·ansible_facts.packages'
5656 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched5656 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
5657 ········is·defined·and·find_existing_watch_rules_d.matched·==·05657 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
5658 ······tags:5658 ······tags:
5659 ······-·CJIS-5.4.1.15659 ······-·CJIS-5.4.1.1
5660 ······-·NIST-800-171-3.1.85660 ······-·NIST-800-171-3.1.8
5661 ······-·NIST-800-53-AU-12(c)5661 ······-·NIST-800-53-AU-12(c)
5662 ······-·NIST-800-53-AU-2(d)5662 ······-·NIST-800-53-AU-2(d)
Offset 5673, 16 lines modifiedOffset 5673, 16 lines modified
5673 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/5673 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
Max diff block lines reached; 167898/172601 bytes (97.28%) of diff not shown.
15.4 KB
./usr/share/scap-security-guide/ansible/centos8-playbook-cis_server_l1.yml
Ordering differences only
    
Offset 5312, 16 lines modifiedOffset 5312, 16 lines modified
5312 ······-·no_reboot_needed5312 ······-·no_reboot_needed
  
5313 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg5313 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
5314 ······stat:5314 ······stat:
5315 ········path:·/boot/grub2/grub.cfg5315 ········path:·/boot/grub2/grub.cfg
5316 ······register:·file_exists5316 ······register:·file_exists
5317 ······when:5317 ······when:
5318 ······-·'"grub2-common"·in·ansible_facts.packages' 
5319 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'5318 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 5319 ······-·'"grub2-common"·in·ansible_facts.packages'
5320 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5320 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5321 ······tags:5321 ······tags:
5322 ······-·CJIS-5.5.2.25322 ······-·CJIS-5.5.2.2
5323 ······-·NIST-800-171-3.4.55323 ······-·NIST-800-171-3.4.5
5324 ······-·NIST-800-53-AC-6(1)5324 ······-·NIST-800-53-AC-6(1)
5325 ······-·NIST-800-53-CM-6(a)5325 ······-·NIST-800-53-CM-6(a)
5326 ······-·PCI-DSS-Req-7.15326 ······-·PCI-DSS-Req-7.1
Offset 5333, 16 lines modifiedOffset 5333, 16 lines modified
5333 ······-·no_reboot_needed5333 ······-·no_reboot_needed
  
5334 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg5334 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
5335 ······file:5335 ······file:
5336 ········path:·/boot/grub2/grub.cfg5336 ········path:·/boot/grub2/grub.cfg
5337 ········group:·'0'5337 ········group:·'0'
5338 ······when:5338 ······when:
5339 ······-·'"grub2-common"·in·ansible_facts.packages' 
5340 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'5339 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 5340 ······-·'"grub2-common"·in·ansible_facts.packages'
5341 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5341 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5342 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5342 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5343 ······tags:5343 ······tags:
5344 ······-·CJIS-5.5.2.25344 ······-·CJIS-5.5.2.2
5345 ······-·NIST-800-171-3.4.55345 ······-·NIST-800-171-3.4.5
5346 ······-·NIST-800-53-AC-6(1)5346 ······-·NIST-800-53-AC-6(1)
5347 ······-·NIST-800-53-CM-6(a)5347 ······-·NIST-800-53-CM-6(a)
Offset 5372, 16 lines modifiedOffset 5372, 16 lines modified
5372 ······-·no_reboot_needed5372 ······-·no_reboot_needed
  
5373 ····-·name:·Test·for·existence·/boot/grub2/user.cfg5373 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
5374 ······stat:5374 ······stat:
5375 ········path:·/boot/grub2/user.cfg5375 ········path:·/boot/grub2/user.cfg
5376 ······register:·file_exists5376 ······register:·file_exists
5377 ······when:5377 ······when:
5378 ······-·'"grub2-common"·in·ansible_facts.packages' 
5379 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'5378 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 5379 ······-·'"grub2-common"·in·ansible_facts.packages'
5380 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5380 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5381 ······tags:5381 ······tags:
5382 ······-·CJIS-5.5.2.25382 ······-·CJIS-5.5.2.2
5383 ······-·NIST-800-171-3.4.55383 ······-·NIST-800-171-3.4.5
5384 ······-·NIST-800-53-AC-6(1)5384 ······-·NIST-800-53-AC-6(1)
5385 ······-·NIST-800-53-CM-6(a)5385 ······-·NIST-800-53-CM-6(a)
5386 ······-·PCI-DSS-Req-7.15386 ······-·PCI-DSS-Req-7.1
Offset 5393, 16 lines modifiedOffset 5393, 16 lines modified
5393 ······-·no_reboot_needed5393 ······-·no_reboot_needed
  
5394 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg5394 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
5395 ······file:5395 ······file:
5396 ········path:·/boot/grub2/user.cfg5396 ········path:·/boot/grub2/user.cfg
5397 ········group:·'0'5397 ········group:·'0'
5398 ······when:5398 ······when:
5399 ······-·'"grub2-common"·in·ansible_facts.packages' 
5400 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'5399 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 5400 ······-·'"grub2-common"·in·ansible_facts.packages'
5401 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5401 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5402 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5402 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5403 ······tags:5403 ······tags:
5404 ······-·CJIS-5.5.2.25404 ······-·CJIS-5.5.2.2
5405 ······-·NIST-800-171-3.4.55405 ······-·NIST-800-171-3.4.5
5406 ······-·NIST-800-53-AC-6(1)5406 ······-·NIST-800-53-AC-6(1)
5407 ······-·NIST-800-53-CM-6(a)5407 ······-·NIST-800-53-CM-6(a)
Offset 5432, 16 lines modifiedOffset 5432, 16 lines modified
5432 ······-·no_reboot_needed5432 ······-·no_reboot_needed
  
5433 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg5433 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
5434 ······stat:5434 ······stat:
5435 ········path:·/boot/grub2/grub.cfg5435 ········path:·/boot/grub2/grub.cfg
5436 ······register:·file_exists5436 ······register:·file_exists
5437 ······when:5437 ······when:
5438 ······-·'"grub2-common"·in·ansible_facts.packages' 
5439 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'5438 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 5439 ······-·'"grub2-common"·in·ansible_facts.packages'
5440 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5440 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5441 ······tags:5441 ······tags:
5442 ······-·CJIS-5.5.2.25442 ······-·CJIS-5.5.2.2
5443 ······-·NIST-800-171-3.4.55443 ······-·NIST-800-171-3.4.5
5444 ······-·NIST-800-53-AC-6(1)5444 ······-·NIST-800-53-AC-6(1)
5445 ······-·NIST-800-53-CM-6(a)5445 ······-·NIST-800-53-CM-6(a)
5446 ······-·PCI-DSS-Req-7.15446 ······-·PCI-DSS-Req-7.1
Offset 5453, 16 lines modifiedOffset 5453, 16 lines modified
5453 ······-·no_reboot_needed5453 ······-·no_reboot_needed
  
5454 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg5454 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
5455 ······file:5455 ······file:
5456 ········path:·/boot/grub2/grub.cfg5456 ········path:·/boot/grub2/grub.cfg
5457 ········owner:·'0'5457 ········owner:·'0'
5458 ······when:5458 ······when:
5459 ······-·'"grub2-common"·in·ansible_facts.packages' 
5460 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'5459 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 5460 ······-·'"grub2-common"·in·ansible_facts.packages'
5461 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5461 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5462 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5462 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5463 ······tags:5463 ······tags:
5464 ······-·CJIS-5.5.2.25464 ······-·CJIS-5.5.2.2
5465 ······-·NIST-800-171-3.4.55465 ······-·NIST-800-171-3.4.5
5466 ······-·NIST-800-53-AC-6(1)5466 ······-·NIST-800-53-AC-6(1)
5467 ······-·NIST-800-53-CM-6(a)5467 ······-·NIST-800-53-CM-6(a)
Offset 5492, 16 lines modifiedOffset 5492, 16 lines modified
5492 ······-·no_reboot_needed5492 ······-·no_reboot_needed
  
5493 ····-·name:·Test·for·existence·/boot/grub2/user.cfg5493 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
5494 ······stat:5494 ······stat:
5495 ········path:·/boot/grub2/user.cfg5495 ········path:·/boot/grub2/user.cfg
5496 ······register:·file_exists5496 ······register:·file_exists
5497 ······when:5497 ······when:
5498 ······-·'"grub2-common"·in·ansible_facts.packages' 
5499 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'5498 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 5499 ······-·'"grub2-common"·in·ansible_facts.packages'
5500 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5500 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5501 ······tags:5501 ······tags:
5502 ······-·CJIS-5.5.2.25502 ······-·CJIS-5.5.2.2
5503 ······-·NIST-800-171-3.4.55503 ······-·NIST-800-171-3.4.5
5504 ······-·NIST-800-53-AC-6(1)5504 ······-·NIST-800-53-AC-6(1)
5505 ······-·NIST-800-53-CM-6(a)5505 ······-·NIST-800-53-CM-6(a)
5506 ······-·PCI-DSS-Req-7.15506 ······-·PCI-DSS-Req-7.1
Offset 5513, 16 lines modifiedOffset 5513, 16 lines modified
5513 ······-·no_reboot_needed5513 ······-·no_reboot_needed
Max diff block lines reached; 11144/15624 bytes (71.33%) of diff not shown.
15.4 KB
./usr/share/scap-security-guide/ansible/centos8-playbook-cis_workstation_l1.yml
Ordering differences only
    
Offset 5312, 16 lines modifiedOffset 5312, 16 lines modified
5312 ······-·no_reboot_needed5312 ······-·no_reboot_needed
  
5313 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg5313 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
5314 ······stat:5314 ······stat:
5315 ········path:·/boot/grub2/grub.cfg5315 ········path:·/boot/grub2/grub.cfg
5316 ······register:·file_exists5316 ······register:·file_exists
5317 ······when:5317 ······when:
5318 ······-·'"grub2-common"·in·ansible_facts.packages' 
5319 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'5318 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 5319 ······-·'"grub2-common"·in·ansible_facts.packages'
5320 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5320 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5321 ······tags:5321 ······tags:
5322 ······-·CJIS-5.5.2.25322 ······-·CJIS-5.5.2.2
5323 ······-·NIST-800-171-3.4.55323 ······-·NIST-800-171-3.4.5
5324 ······-·NIST-800-53-AC-6(1)5324 ······-·NIST-800-53-AC-6(1)
5325 ······-·NIST-800-53-CM-6(a)5325 ······-·NIST-800-53-CM-6(a)
5326 ······-·PCI-DSS-Req-7.15326 ······-·PCI-DSS-Req-7.1
Offset 5333, 16 lines modifiedOffset 5333, 16 lines modified
5333 ······-·no_reboot_needed5333 ······-·no_reboot_needed
  
5334 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg5334 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
5335 ······file:5335 ······file:
5336 ········path:·/boot/grub2/grub.cfg5336 ········path:·/boot/grub2/grub.cfg
5337 ········group:·'0'5337 ········group:·'0'
5338 ······when:5338 ······when:
5339 ······-·'"grub2-common"·in·ansible_facts.packages' 
5340 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'5339 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 5340 ······-·'"grub2-common"·in·ansible_facts.packages'
5341 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5341 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5342 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5342 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5343 ······tags:5343 ······tags:
5344 ······-·CJIS-5.5.2.25344 ······-·CJIS-5.5.2.2
5345 ······-·NIST-800-171-3.4.55345 ······-·NIST-800-171-3.4.5
5346 ······-·NIST-800-53-AC-6(1)5346 ······-·NIST-800-53-AC-6(1)
5347 ······-·NIST-800-53-CM-6(a)5347 ······-·NIST-800-53-CM-6(a)
Offset 5372, 16 lines modifiedOffset 5372, 16 lines modified
5372 ······-·no_reboot_needed5372 ······-·no_reboot_needed
  
5373 ····-·name:·Test·for·existence·/boot/grub2/user.cfg5373 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
5374 ······stat:5374 ······stat:
5375 ········path:·/boot/grub2/user.cfg5375 ········path:·/boot/grub2/user.cfg
5376 ······register:·file_exists5376 ······register:·file_exists
5377 ······when:5377 ······when:
5378 ······-·'"grub2-common"·in·ansible_facts.packages' 
5379 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'5378 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 5379 ······-·'"grub2-common"·in·ansible_facts.packages'
5380 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5380 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5381 ······tags:5381 ······tags:
5382 ······-·CJIS-5.5.2.25382 ······-·CJIS-5.5.2.2
5383 ······-·NIST-800-171-3.4.55383 ······-·NIST-800-171-3.4.5
5384 ······-·NIST-800-53-AC-6(1)5384 ······-·NIST-800-53-AC-6(1)
5385 ······-·NIST-800-53-CM-6(a)5385 ······-·NIST-800-53-CM-6(a)
5386 ······-·PCI-DSS-Req-7.15386 ······-·PCI-DSS-Req-7.1
Offset 5393, 16 lines modifiedOffset 5393, 16 lines modified
5393 ······-·no_reboot_needed5393 ······-·no_reboot_needed
  
5394 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg5394 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
5395 ······file:5395 ······file:
5396 ········path:·/boot/grub2/user.cfg5396 ········path:·/boot/grub2/user.cfg
5397 ········group:·'0'5397 ········group:·'0'
5398 ······when:5398 ······when:
5399 ······-·'"grub2-common"·in·ansible_facts.packages' 
5400 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'5399 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 5400 ······-·'"grub2-common"·in·ansible_facts.packages'
5401 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5401 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5402 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5402 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5403 ······tags:5403 ······tags:
5404 ······-·CJIS-5.5.2.25404 ······-·CJIS-5.5.2.2
5405 ······-·NIST-800-171-3.4.55405 ······-·NIST-800-171-3.4.5
5406 ······-·NIST-800-53-AC-6(1)5406 ······-·NIST-800-53-AC-6(1)
5407 ······-·NIST-800-53-CM-6(a)5407 ······-·NIST-800-53-CM-6(a)
Offset 5432, 16 lines modifiedOffset 5432, 16 lines modified
5432 ······-·no_reboot_needed5432 ······-·no_reboot_needed
  
5433 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg5433 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
5434 ······stat:5434 ······stat:
5435 ········path:·/boot/grub2/grub.cfg5435 ········path:·/boot/grub2/grub.cfg
5436 ······register:·file_exists5436 ······register:·file_exists
5437 ······when:5437 ······when:
5438 ······-·'"grub2-common"·in·ansible_facts.packages' 
5439 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'5438 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 5439 ······-·'"grub2-common"·in·ansible_facts.packages'
5440 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5440 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5441 ······tags:5441 ······tags:
5442 ······-·CJIS-5.5.2.25442 ······-·CJIS-5.5.2.2
5443 ······-·NIST-800-171-3.4.55443 ······-·NIST-800-171-3.4.5
5444 ······-·NIST-800-53-AC-6(1)5444 ······-·NIST-800-53-AC-6(1)
5445 ······-·NIST-800-53-CM-6(a)5445 ······-·NIST-800-53-CM-6(a)
5446 ······-·PCI-DSS-Req-7.15446 ······-·PCI-DSS-Req-7.1
Offset 5453, 16 lines modifiedOffset 5453, 16 lines modified
5453 ······-·no_reboot_needed5453 ······-·no_reboot_needed
  
5454 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg5454 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
5455 ······file:5455 ······file:
5456 ········path:·/boot/grub2/grub.cfg5456 ········path:·/boot/grub2/grub.cfg
5457 ········owner:·'0'5457 ········owner:·'0'
5458 ······when:5458 ······when:
5459 ······-·'"grub2-common"·in·ansible_facts.packages' 
5460 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'5459 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 5460 ······-·'"grub2-common"·in·ansible_facts.packages'
5461 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5461 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5462 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5462 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5463 ······tags:5463 ······tags:
5464 ······-·CJIS-5.5.2.25464 ······-·CJIS-5.5.2.2
5465 ······-·NIST-800-171-3.4.55465 ······-·NIST-800-171-3.4.5
5466 ······-·NIST-800-53-AC-6(1)5466 ······-·NIST-800-53-AC-6(1)
5467 ······-·NIST-800-53-CM-6(a)5467 ······-·NIST-800-53-CM-6(a)
Offset 5492, 16 lines modifiedOffset 5492, 16 lines modified
5492 ······-·no_reboot_needed5492 ······-·no_reboot_needed
  
5493 ····-·name:·Test·for·existence·/boot/grub2/user.cfg5493 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
5494 ······stat:5494 ······stat:
5495 ········path:·/boot/grub2/user.cfg5495 ········path:·/boot/grub2/user.cfg
5496 ······register:·file_exists5496 ······register:·file_exists
5497 ······when:5497 ······when:
5498 ······-·'"grub2-common"·in·ansible_facts.packages' 
5499 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'5498 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 5499 ······-·'"grub2-common"·in·ansible_facts.packages'
5500 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5500 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5501 ······tags:5501 ······tags:
5502 ······-·CJIS-5.5.2.25502 ······-·CJIS-5.5.2.2
5503 ······-·NIST-800-171-3.4.55503 ······-·NIST-800-171-3.4.5
5504 ······-·NIST-800-53-AC-6(1)5504 ······-·NIST-800-53-AC-6(1)
5505 ······-·NIST-800-53-CM-6(a)5505 ······-·NIST-800-53-CM-6(a)
5506 ······-·PCI-DSS-Req-7.15506 ······-·PCI-DSS-Req-7.1
Offset 5513, 16 lines modifiedOffset 5513, 16 lines modified
5513 ······-·no_reboot_needed5513 ······-·no_reboot_needed
Max diff block lines reached; 11144/15624 bytes (71.33%) of diff not shown.
169 KB
./usr/share/scap-security-guide/ansible/centos8-playbook-cis_workstation_l2.yml
Ordering differences only
    
Offset 5485, 16 lines modifiedOffset 5485, 16 lines modified
  
5485 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension5485 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
5486 ······find:5486 ······find:
5487 ········paths:·/etc/audit/rules.d/5487 ········paths:·/etc/audit/rules.d/
5488 ········patterns:·'*.rules'5488 ········patterns:·'*.rules'
5489 ······register:·find_rules_d5489 ······register:·find_rules_d
5490 ······when:5490 ······when:
5491 ······-·'"audit"·in·ansible_facts.packages' 
5492 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5491 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5492 ······-·'"audit"·in·ansible_facts.packages'
5493 ······tags:5493 ······tags:
5494 ······-·CJIS-5.4.1.15494 ······-·CJIS-5.4.1.1
5495 ······-·DISA-STIG-RHEL-08-0301215495 ······-·DISA-STIG-RHEL-08-030121
5496 ······-·NIST-800-171-3.3.15496 ······-·NIST-800-171-3.3.1
5497 ······-·NIST-800-171-3.4.35497 ······-·NIST-800-171-3.4.3
5498 ······-·NIST-800-53-AC-6(9)5498 ······-·NIST-800-53-AC-6(9)
5499 ······-·NIST-800-53-CM-6(a)5499 ······-·NIST-800-53-CM-6(a)
Offset 5510, 16 lines modifiedOffset 5510, 16 lines modified
5510 ······lineinfile:5510 ······lineinfile:
5511 ········path:·'{{·item·}}'5511 ········path:·'{{·item·}}'
5512 ········regexp:·^\s*(?:-e)\s+.*$5512 ········regexp:·^\s*(?:-e)\s+.*$
5513 ········state:·absent5513 ········state:·absent
5514 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']5514 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
5515 ········}}'5515 ········}}'
5516 ······when:5516 ······when:
5517 ······-·'"audit"·in·ansible_facts.packages' 
5518 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5517 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5518 ······-·'"audit"·in·ansible_facts.packages'
5519 ······tags:5519 ······tags:
5520 ······-·CJIS-5.4.1.15520 ······-·CJIS-5.4.1.1
5521 ······-·DISA-STIG-RHEL-08-0301215521 ······-·DISA-STIG-RHEL-08-030121
5522 ······-·NIST-800-171-3.3.15522 ······-·NIST-800-171-3.3.1
5523 ······-·NIST-800-171-3.4.35523 ······-·NIST-800-171-3.4.3
5524 ······-·NIST-800-53-AC-6(9)5524 ······-·NIST-800-53-AC-6(9)
5525 ······-·NIST-800-53-CM-6(a)5525 ······-·NIST-800-53-CM-6(a)
Offset 5537, 16 lines modifiedOffset 5537, 16 lines modified
5537 ········create:·true5537 ········create:·true
5538 ········line:·-e·25538 ········line:·-e·2
5539 ········mode:·o-rwx5539 ········mode:·o-rwx
5540 ······loop:5540 ······loop:
5541 ······-·/etc/audit/audit.rules5541 ······-·/etc/audit/audit.rules
5542 ······-·/etc/audit/rules.d/immutable.rules5542 ······-·/etc/audit/rules.d/immutable.rules
5543 ······when:5543 ······when:
5544 ······-·'"audit"·in·ansible_facts.packages' 
5545 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5544 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5545 ······-·'"audit"·in·ansible_facts.packages'
5546 ······tags:5546 ······tags:
5547 ······-·CJIS-5.4.1.15547 ······-·CJIS-5.4.1.1
5548 ······-·DISA-STIG-RHEL-08-0301215548 ······-·DISA-STIG-RHEL-08-030121
5549 ······-·NIST-800-171-3.3.15549 ······-·NIST-800-171-3.3.1
5550 ······-·NIST-800-171-3.4.35550 ······-·NIST-800-171-3.4.3
5551 ······-·NIST-800-53-AC-6(9)5551 ······-·NIST-800-53-AC-6(9)
5552 ······-·NIST-800-53-CM-6(a)5552 ······-·NIST-800-53-CM-6(a)
Offset 5579, 16 lines modifiedOffset 5579, 16 lines modified
5579 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/5579 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
5580 ······find:5580 ······find:
5581 ········paths:·/etc/audit/rules.d5581 ········paths:·/etc/audit/rules.d
5582 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+5582 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
5583 ········patterns:·'*.rules'5583 ········patterns:·'*.rules'
5584 ······register:·find_existing_watch_rules_d5584 ······register:·find_existing_watch_rules_d
5585 ······when:5585 ······when:
5586 ······-·'"audit"·in·ansible_facts.packages' 
5587 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5586 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5587 ······-·'"audit"·in·ansible_facts.packages'
5588 ······tags:5588 ······tags:
5589 ······-·CJIS-5.4.1.15589 ······-·CJIS-5.4.1.1
5590 ······-·NIST-800-171-3.1.85590 ······-·NIST-800-171-3.1.8
5591 ······-·NIST-800-53-AU-12(c)5591 ······-·NIST-800-53-AU-12(c)
5592 ······-·NIST-800-53-AU-2(d)5592 ······-·NIST-800-53-AU-2(d)
5593 ······-·NIST-800-53-CM-6(a)5593 ······-·NIST-800-53-CM-6(a)
5594 ······-·PCI-DSS-Req-10.5.55594 ······-·PCI-DSS-Req-10.5.5
Offset 5602, 16 lines modifiedOffset 5602, 16 lines modified
5602 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy5602 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
5603 ······find:5603 ······find:
5604 ········paths:·/etc/audit/rules.d5604 ········paths:·/etc/audit/rules.d
5605 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$5605 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
5606 ········patterns:·'*.rules'5606 ········patterns:·'*.rules'
5607 ······register:·find_watch_key5607 ······register:·find_watch_key
5608 ······when:5608 ······when:
5609 ······-·'"audit"·in·ansible_facts.packages' 
5610 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5609 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5610 ······-·'"audit"·in·ansible_facts.packages'
5611 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched5611 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
5612 ········==·05612 ········==·0
5613 ······tags:5613 ······tags:
5614 ······-·CJIS-5.4.1.15614 ······-·CJIS-5.4.1.1
5615 ······-·NIST-800-171-3.1.85615 ······-·NIST-800-171-3.1.8
5616 ······-·NIST-800-53-AU-12(c)5616 ······-·NIST-800-53-AU-12(c)
5617 ······-·NIST-800-53-AU-2(d)5617 ······-·NIST-800-53-AU-2(d)
Offset 5625, 16 lines modifiedOffset 5625, 16 lines modified
5625 ······-·restrict_strategy5625 ······-·restrict_strategy
  
5626 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule5626 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
5627 ······set_fact:5627 ······set_fact:
5628 ········all_files:5628 ········all_files:
5629 ········-·/etc/audit/rules.d/MAC-policy.rules5629 ········-·/etc/audit/rules.d/MAC-policy.rules
5630 ······when:5630 ······when:
5631 ······-·'"audit"·in·ansible_facts.packages' 
5632 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5631 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5632 ······-·'"audit"·in·ansible_facts.packages'
5633 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched5633 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
5634 ········is·defined·and·find_existing_watch_rules_d.matched·==·05634 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
5635 ······tags:5635 ······tags:
5636 ······-·CJIS-5.4.1.15636 ······-·CJIS-5.4.1.1
5637 ······-·NIST-800-171-3.1.85637 ······-·NIST-800-171-3.1.8
5638 ······-·NIST-800-53-AU-12(c)5638 ······-·NIST-800-53-AU-12(c)
5639 ······-·NIST-800-53-AU-2(d)5639 ······-·NIST-800-53-AU-2(d)
Offset 5648, 16 lines modifiedOffset 5648, 16 lines modified
5648 ······-·restrict_strategy5648 ······-·restrict_strategy
  
5649 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule5649 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
5650 ······set_fact:5650 ······set_fact:
5651 ········all_files:5651 ········all_files:
5652 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'5652 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
5653 ······when:5653 ······when:
5654 ······-·'"audit"·in·ansible_facts.packages' 
5655 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5654 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5655 ······-·'"audit"·in·ansible_facts.packages'
5656 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched5656 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
5657 ········is·defined·and·find_existing_watch_rules_d.matched·==·05657 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
5658 ······tags:5658 ······tags:
5659 ······-·CJIS-5.4.1.15659 ······-·CJIS-5.4.1.1
5660 ······-·NIST-800-171-3.1.85660 ······-·NIST-800-171-3.1.8
5661 ······-·NIST-800-53-AU-12(c)5661 ······-·NIST-800-53-AU-12(c)
5662 ······-·NIST-800-53-AU-2(d)5662 ······-·NIST-800-53-AU-2(d)
Offset 5673, 16 lines modifiedOffset 5673, 16 lines modified
5673 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/5673 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
Max diff block lines reached; 167898/172601 bytes (97.28%) of diff not shown.
101 KB
./usr/share/scap-security-guide/ansible/centos8-playbook-cjis.yml
Ordering differences only
    
Offset 2955, 16 lines modifiedOffset 2955, 16 lines modified
  
2955 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension2955 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
2956 ······find:2956 ······find:
2957 ········paths:·/etc/audit/rules.d/2957 ········paths:·/etc/audit/rules.d/
2958 ········patterns:·'*.rules'2958 ········patterns:·'*.rules'
2959 ······register:·find_rules_d2959 ······register:·find_rules_d
2960 ······when:2960 ······when:
2961 ······-·'"audit"·in·ansible_facts.packages' 
2962 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2961 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 2962 ······-·'"audit"·in·ansible_facts.packages'
2963 ······tags:2963 ······tags:
2964 ······-·CJIS-5.4.1.12964 ······-·CJIS-5.4.1.1
2965 ······-·DISA-STIG-RHEL-08-0301212965 ······-·DISA-STIG-RHEL-08-030121
2966 ······-·NIST-800-171-3.3.12966 ······-·NIST-800-171-3.3.1
2967 ······-·NIST-800-171-3.4.32967 ······-·NIST-800-171-3.4.3
2968 ······-·NIST-800-53-AC-6(9)2968 ······-·NIST-800-53-AC-6(9)
2969 ······-·NIST-800-53-CM-6(a)2969 ······-·NIST-800-53-CM-6(a)
Offset 2980, 16 lines modifiedOffset 2980, 16 lines modified
2980 ······lineinfile:2980 ······lineinfile:
2981 ········path:·'{{·item·}}'2981 ········path:·'{{·item·}}'
2982 ········regexp:·^\s*(?:-e)\s+.*$2982 ········regexp:·^\s*(?:-e)\s+.*$
2983 ········state:·absent2983 ········state:·absent
2984 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']2984 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
2985 ········}}'2985 ········}}'
2986 ······when:2986 ······when:
2987 ······-·'"audit"·in·ansible_facts.packages' 
2988 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2987 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 2988 ······-·'"audit"·in·ansible_facts.packages'
2989 ······tags:2989 ······tags:
2990 ······-·CJIS-5.4.1.12990 ······-·CJIS-5.4.1.1
2991 ······-·DISA-STIG-RHEL-08-0301212991 ······-·DISA-STIG-RHEL-08-030121
2992 ······-·NIST-800-171-3.3.12992 ······-·NIST-800-171-3.3.1
2993 ······-·NIST-800-171-3.4.32993 ······-·NIST-800-171-3.4.3
2994 ······-·NIST-800-53-AC-6(9)2994 ······-·NIST-800-53-AC-6(9)
2995 ······-·NIST-800-53-CM-6(a)2995 ······-·NIST-800-53-CM-6(a)
Offset 3007, 16 lines modifiedOffset 3007, 16 lines modified
3007 ········create:·true3007 ········create:·true
3008 ········line:·-e·23008 ········line:·-e·2
3009 ········mode:·o-rwx3009 ········mode:·o-rwx
3010 ······loop:3010 ······loop:
3011 ······-·/etc/audit/audit.rules3011 ······-·/etc/audit/audit.rules
3012 ······-·/etc/audit/rules.d/immutable.rules3012 ······-·/etc/audit/rules.d/immutable.rules
3013 ······when:3013 ······when:
3014 ······-·'"audit"·in·ansible_facts.packages' 
3015 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3014 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3015 ······-·'"audit"·in·ansible_facts.packages'
3016 ······tags:3016 ······tags:
3017 ······-·CJIS-5.4.1.13017 ······-·CJIS-5.4.1.1
3018 ······-·DISA-STIG-RHEL-08-0301213018 ······-·DISA-STIG-RHEL-08-030121
3019 ······-·NIST-800-171-3.3.13019 ······-·NIST-800-171-3.3.1
3020 ······-·NIST-800-171-3.4.33020 ······-·NIST-800-171-3.4.3
3021 ······-·NIST-800-53-AC-6(9)3021 ······-·NIST-800-53-AC-6(9)
3022 ······-·NIST-800-53-CM-6(a)3022 ······-·NIST-800-53-CM-6(a)
Offset 3049, 16 lines modifiedOffset 3049, 16 lines modified
3049 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/3049 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
3050 ······find:3050 ······find:
3051 ········paths:·/etc/audit/rules.d3051 ········paths:·/etc/audit/rules.d
3052 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+3052 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
3053 ········patterns:·'*.rules'3053 ········patterns:·'*.rules'
3054 ······register:·find_existing_watch_rules_d3054 ······register:·find_existing_watch_rules_d
3055 ······when:3055 ······when:
3056 ······-·'"audit"·in·ansible_facts.packages' 
3057 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3056 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3057 ······-·'"audit"·in·ansible_facts.packages'
3058 ······tags:3058 ······tags:
3059 ······-·CJIS-5.4.1.13059 ······-·CJIS-5.4.1.1
3060 ······-·NIST-800-171-3.1.83060 ······-·NIST-800-171-3.1.8
3061 ······-·NIST-800-53-AU-12(c)3061 ······-·NIST-800-53-AU-12(c)
3062 ······-·NIST-800-53-AU-2(d)3062 ······-·NIST-800-53-AU-2(d)
3063 ······-·NIST-800-53-CM-6(a)3063 ······-·NIST-800-53-CM-6(a)
3064 ······-·PCI-DSS-Req-10.5.53064 ······-·PCI-DSS-Req-10.5.5
Offset 3072, 16 lines modifiedOffset 3072, 16 lines modified
3072 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy3072 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
3073 ······find:3073 ······find:
3074 ········paths:·/etc/audit/rules.d3074 ········paths:·/etc/audit/rules.d
3075 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$3075 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
3076 ········patterns:·'*.rules'3076 ········patterns:·'*.rules'
3077 ······register:·find_watch_key3077 ······register:·find_watch_key
3078 ······when:3078 ······when:
3079 ······-·'"audit"·in·ansible_facts.packages' 
3080 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3079 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3080 ······-·'"audit"·in·ansible_facts.packages'
3081 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched3081 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
3082 ········==·03082 ········==·0
3083 ······tags:3083 ······tags:
3084 ······-·CJIS-5.4.1.13084 ······-·CJIS-5.4.1.1
3085 ······-·NIST-800-171-3.1.83085 ······-·NIST-800-171-3.1.8
3086 ······-·NIST-800-53-AU-12(c)3086 ······-·NIST-800-53-AU-12(c)
3087 ······-·NIST-800-53-AU-2(d)3087 ······-·NIST-800-53-AU-2(d)
Offset 3095, 16 lines modifiedOffset 3095, 16 lines modified
3095 ······-·restrict_strategy3095 ······-·restrict_strategy
  
3096 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule3096 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
3097 ······set_fact:3097 ······set_fact:
3098 ········all_files:3098 ········all_files:
3099 ········-·/etc/audit/rules.d/MAC-policy.rules3099 ········-·/etc/audit/rules.d/MAC-policy.rules
3100 ······when:3100 ······when:
3101 ······-·'"audit"·in·ansible_facts.packages' 
3102 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3101 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3102 ······-·'"audit"·in·ansible_facts.packages'
3103 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched3103 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
3104 ········is·defined·and·find_existing_watch_rules_d.matched·==·03104 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
3105 ······tags:3105 ······tags:
3106 ······-·CJIS-5.4.1.13106 ······-·CJIS-5.4.1.1
3107 ······-·NIST-800-171-3.1.83107 ······-·NIST-800-171-3.1.8
3108 ······-·NIST-800-53-AU-12(c)3108 ······-·NIST-800-53-AU-12(c)
3109 ······-·NIST-800-53-AU-2(d)3109 ······-·NIST-800-53-AU-2(d)
Offset 3118, 16 lines modifiedOffset 3118, 16 lines modified
3118 ······-·restrict_strategy3118 ······-·restrict_strategy
  
3119 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule3119 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
3120 ······set_fact:3120 ······set_fact:
3121 ········all_files:3121 ········all_files:
3122 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'3122 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
3123 ······when:3123 ······when:
3124 ······-·'"audit"·in·ansible_facts.packages' 
3125 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3124 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3125 ······-·'"audit"·in·ansible_facts.packages'
3126 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched3126 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
3127 ········is·defined·and·find_existing_watch_rules_d.matched·==·03127 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
3128 ······tags:3128 ······tags:
3129 ······-·CJIS-5.4.1.13129 ······-·CJIS-5.4.1.1
3130 ······-·NIST-800-171-3.1.83130 ······-·NIST-800-171-3.1.8
3131 ······-·NIST-800-53-AU-12(c)3131 ······-·NIST-800-53-AU-12(c)
3132 ······-·NIST-800-53-AU-2(d)3132 ······-·NIST-800-53-AU-2(d)
Offset 3143, 16 lines modifiedOffset 3143, 16 lines modified
3143 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/3143 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
Max diff block lines reached; 99073/103776 bytes (95.47%) of diff not shown.
3.57 KB
./usr/share/scap-security-guide/ansible/centos8-playbook-cui.yml
Ordering differences only
    
Offset 4838, 16 lines modifiedOffset 4838, 16 lines modified
4838 ······lineinfile:4838 ······lineinfile:
4839 ········dest:·/etc/audit/auditd.conf4839 ········dest:·/etc/audit/auditd.conf
4840 ········regexp:·^\s*flush\s*=\s*.*$4840 ········regexp:·^\s*flush\s*=\s*.*$
4841 ········line:·flush·=·{{·var_auditd_flush·}}4841 ········line:·flush·=·{{·var_auditd_flush·}}
4842 ········state:·present4842 ········state:·present
4843 ········create:·true4843 ········create:·true
4844 ······when:4844 ······when:
4845 ······-·'"audit"·in·ansible_facts.packages' 
4846 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4845 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4846 ······-·'"audit"·in·ansible_facts.packages'
4847 ······tags:4847 ······tags:
4848 ······-·NIST-800-171-3.3.14848 ······-·NIST-800-171-3.3.1
4849 ······-·NIST-800-53-AU-114849 ······-·NIST-800-53-AU-11
4850 ······-·NIST-800-53-CM-6(a)4850 ······-·NIST-800-53-CM-6(a)
4851 ······-·auditd_data_retention_flush4851 ······-·auditd_data_retention_flush
4852 ······-·low_complexity4852 ······-·low_complexity
4853 ······-·low_disruption4853 ······-·low_disruption
Offset 4893, 16 lines modifiedOffset 4893, 16 lines modified
4893 ········lineinfile:4893 ········lineinfile:
4894 ··········path:·/etc/audit/auditd.conf4894 ··········path:·/etc/audit/auditd.conf
4895 ··········create:·true4895 ··········create:·true
4896 ··········regexp:·(?i)^\s*freq\s*=\s*4896 ··········regexp:·(?i)^\s*freq\s*=\s*
4897 ··········line:·freq·=·504897 ··········line:·freq·=·50
4898 ··········state:·present4898 ··········state:·present
4899 ······when:4899 ······when:
4900 ······-·'"audit"·in·ansible_facts.packages' 
4901 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4900 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4901 ······-·'"audit"·in·ansible_facts.packages'
4902 ······tags:4902 ······tags:
4903 ······-·NIST-800-53-CM-64903 ······-·NIST-800-53-CM-6
4904 ······-·auditd_freq4904 ······-·auditd_freq
4905 ······-·low_complexity4905 ······-·low_complexity
4906 ······-·low_disruption4906 ······-·low_disruption
4907 ······-·medium_severity4907 ······-·medium_severity
4908 ······-·no_reboot_needed4908 ······-·no_reboot_needed
Offset 4947, 16 lines modifiedOffset 4947, 16 lines modified
4947 ········lineinfile:4947 ········lineinfile:
4948 ··········path:·/etc/audit/auditd.conf4948 ··········path:·/etc/audit/auditd.conf
4949 ··········create:·true4949 ··········create:·true
4950 ··········regexp:·(?i)^\s*local_events\s*=\s*4950 ··········regexp:·(?i)^\s*local_events\s*=\s*
4951 ··········line:·local_events·=·yes4951 ··········line:·local_events·=·yes
4952 ··········state:·present4952 ··········state:·present
4953 ······when:4953 ······when:
4954 ······-·'"audit"·in·ansible_facts.packages' 
4955 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4954 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4955 ······-·'"audit"·in·ansible_facts.packages'
4956 ······tags:4956 ······tags:
4957 ······-·DISA-STIG-RHEL-08-0300614957 ······-·DISA-STIG-RHEL-08-030061
4958 ······-·NIST-800-53-CM-64958 ······-·NIST-800-53-CM-6
4959 ······-·auditd_local_events4959 ······-·auditd_local_events
4960 ······-·low_complexity4960 ······-·low_complexity
4961 ······-·low_disruption4961 ······-·low_disruption
4962 ······-·medium_severity4962 ······-·medium_severity
Offset 5003, 16 lines modifiedOffset 5003, 16 lines modified
5003 ········lineinfile:5003 ········lineinfile:
5004 ··········path:·/etc/audit/auditd.conf5004 ··········path:·/etc/audit/auditd.conf
5005 ··········create:·true5005 ··········create:·true
5006 ··········regexp:·(?i)^\s*log_format\s*=\s*5006 ··········regexp:·(?i)^\s*log_format\s*=\s*
5007 ··········line:·log_format·=·ENRICHED5007 ··········line:·log_format·=·ENRICHED
5008 ··········state:·present5008 ··········state:·present
5009 ······when:5009 ······when:
5010 ······-·'"audit"·in·ansible_facts.packages' 
5011 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5010 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5011 ······-·'"audit"·in·ansible_facts.packages'
5012 ······tags:5012 ······tags:
5013 ······-·DISA-STIG-RHEL-08-0300635013 ······-·DISA-STIG-RHEL-08-030063
5014 ······-·NIST-800-53-AU-35014 ······-·NIST-800-53-AU-3
5015 ······-·NIST-800-53-CM-65015 ······-·NIST-800-53-CM-6
5016 ······-·auditd_log_format5016 ······-·auditd_log_format
5017 ······-·low_complexity5017 ······-·low_complexity
5018 ······-·low_disruption5018 ······-·low_disruption
Offset 5060, 16 lines modifiedOffset 5060, 16 lines modified
5060 ········lineinfile:5060 ········lineinfile:
5061 ··········path:·/etc/audit/auditd.conf5061 ··········path:·/etc/audit/auditd.conf
5062 ··········create:·true5062 ··········create:·true
5063 ··········regexp:·(?i)^\s*name_format\s*=\s*5063 ··········regexp:·(?i)^\s*name_format\s*=\s*
5064 ··········line:·name_format·=·hostname5064 ··········line:·name_format·=·hostname
5065 ··········state:·present5065 ··········state:·present
5066 ······when:5066 ······when:
5067 ······-·'"audit"·in·ansible_facts.packages' 
5068 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5067 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5068 ······-·'"audit"·in·ansible_facts.packages'
5069 ······tags:5069 ······tags:
5070 ······-·DISA-STIG-RHEL-08-0300625070 ······-·DISA-STIG-RHEL-08-030062
5071 ······-·NIST-800-53-AU-35071 ······-·NIST-800-53-AU-3
5072 ······-·NIST-800-53-CM-65072 ······-·NIST-800-53-CM-6
5073 ······-·auditd_name_format5073 ······-·auditd_name_format
5074 ······-·low_complexity5074 ······-·low_complexity
5075 ······-·low_disruption5075 ······-·low_disruption
Offset 5115, 16 lines modifiedOffset 5115, 16 lines modified
5115 ········lineinfile:5115 ········lineinfile:
5116 ··········path:·/etc/audit/auditd.conf5116 ··········path:·/etc/audit/auditd.conf
5117 ··········create:·true5117 ··········create:·true
5118 ··········regexp:·(?i)^\s*write_logs\s*=\s*5118 ··········regexp:·(?i)^\s*write_logs\s*=\s*
5119 ··········line:·write_logs·=·yes5119 ··········line:·write_logs·=·yes
5120 ··········state:·present5120 ··········state:·present
5121 ······when:5121 ······when:
5122 ······-·'"audit"·in·ansible_facts.packages' 
5123 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5122 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5123 ······-·'"audit"·in·ansible_facts.packages'
5124 ······tags:5124 ······tags:
5125 ······-·NIST-800-53-CM-65125 ······-·NIST-800-53-CM-6
5126 ······-·auditd_write_logs5126 ······-·auditd_write_logs
5127 ······-·low_complexity5127 ······-·low_complexity
5128 ······-·low_disruption5128 ······-·low_disruption
5129 ······-·medium_severity5129 ······-·medium_severity
5130 ······-·no_reboot_needed5130 ······-·no_reboot_needed
69.7 KB
./usr/share/scap-security-guide/ansible/centos8-playbook-e8.yml
Ordering differences only
    
Offset 1154, 16 lines modifiedOffset 1154, 16 lines modified
1154 ······-·no_reboot_needed1154 ······-·no_reboot_needed
1155 ······-·restrict_strategy1155 ······-·restrict_strategy
  
1156 ····-·name:·Set·architecture·for·audit·tasks1156 ····-·name:·Set·architecture·for·audit·tasks
1157 ······set_fact:1157 ······set_fact:
1158 ········audit_arch:·b641158 ········audit_arch:·b64
1159 ······when:1159 ······when:
1160 ······-·'"audit"·in·ansible_facts.packages' 
1161 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1160 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1161 ······-·'"audit"·in·ansible_facts.packages'
1162 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture1162 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
1163 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"1163 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
1164 ······tags:1164 ······tags:
1165 ······-·CJIS-5.4.1.11165 ······-·CJIS-5.4.1.1
1166 ······-·NIST-800-171-3.1.71166 ······-·NIST-800-171-3.1.7
1167 ······-·NIST-800-53-AC-6(9)1167 ······-·NIST-800-53-AC-6(9)
1168 ······-·NIST-800-53-AU-12(c)1168 ······-·NIST-800-53-AU-12(c)
Offset 1296, 16 lines modifiedOffset 1296, 16 lines modified
1296 ··········path:·'{{·audit_file·}}'1296 ··········path:·'{{·audit_file·}}'
1297 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_rules_networkconfig_modification1297 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_rules_networkconfig_modification
1298 ··········create:·true1298 ··········create:·true
1299 ··········mode:·o-rwx1299 ··········mode:·o-rwx
1300 ··········state:·present1300 ··········state:·present
1301 ········when:·syscalls_found·|·length·==·01301 ········when:·syscalls_found·|·length·==·0
1302 ······when:1302 ······when:
1303 ······-·'"audit"·in·ansible_facts.packages' 
1304 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1303 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1304 ······-·'"audit"·in·ansible_facts.packages'
1305 ······tags:1305 ······tags:
1306 ······-·CJIS-5.4.1.11306 ······-·CJIS-5.4.1.1
1307 ······-·NIST-800-171-3.1.71307 ······-·NIST-800-171-3.1.7
1308 ······-·NIST-800-53-AC-6(9)1308 ······-·NIST-800-53-AC-6(9)
1309 ······-·NIST-800-53-AU-12(c)1309 ······-·NIST-800-53-AU-12(c)
1310 ······-·NIST-800-53-AU-2(d)1310 ······-·NIST-800-53-AU-2(d)
1311 ······-·NIST-800-53-CM-6(a)1311 ······-·NIST-800-53-CM-6(a)
Offset 1436, 16 lines modifiedOffset 1436, 16 lines modified
1436 ··········path:·'{{·audit_file·}}'1436 ··········path:·'{{·audit_file·}}'
1437 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_rules_networkconfig_modification1437 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_rules_networkconfig_modification
1438 ··········create:·true1438 ··········create:·true
1439 ··········mode:·o-rwx1439 ··········mode:·o-rwx
1440 ··········state:·present1440 ··········state:·present
1441 ········when:·syscalls_found·|·length·==·01441 ········when:·syscalls_found·|·length·==·0
1442 ······when:1442 ······when:
1443 ······-·'"audit"·in·ansible_facts.packages' 
1444 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1443 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1444 ······-·'"audit"·in·ansible_facts.packages'
1445 ······-·audit_arch·==·"b64"1445 ······-·audit_arch·==·"b64"
1446 ······tags:1446 ······tags:
1447 ······-·CJIS-5.4.1.11447 ······-·CJIS-5.4.1.1
1448 ······-·NIST-800-171-3.1.71448 ······-·NIST-800-171-3.1.7
1449 ······-·NIST-800-53-AC-6(9)1449 ······-·NIST-800-53-AC-6(9)
1450 ······-·NIST-800-53-AU-12(c)1450 ······-·NIST-800-53-AU-12(c)
1451 ······-·NIST-800-53-AU-2(d)1451 ······-·NIST-800-53-AU-2(d)
Offset 1461, 16 lines modifiedOffset 1461, 16 lines modified
1461 ····-·name:·Check·if·watch·rule·for·/etc/issue·already·exists·in·/etc/audit/rules.d/1461 ····-·name:·Check·if·watch·rule·for·/etc/issue·already·exists·in·/etc/audit/rules.d/
1462 ······find:1462 ······find:
1463 ········paths:·/etc/audit/rules.d1463 ········paths:·/etc/audit/rules.d
1464 ········contains:·^\s*-w\s+/etc/issue\s+-p\s+wa(\s|$)+1464 ········contains:·^\s*-w\s+/etc/issue\s+-p\s+wa(\s|$)+
1465 ········patterns:·'*.rules'1465 ········patterns:·'*.rules'
1466 ······register:·find_existing_watch_rules_d1466 ······register:·find_existing_watch_rules_d
1467 ······when:1467 ······when:
1468 ······-·'"audit"·in·ansible_facts.packages' 
1469 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1468 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1469 ······-·'"audit"·in·ansible_facts.packages'
1470 ······tags:1470 ······tags:
1471 ······-·CJIS-5.4.1.11471 ······-·CJIS-5.4.1.1
1472 ······-·NIST-800-171-3.1.71472 ······-·NIST-800-171-3.1.7
1473 ······-·NIST-800-53-AC-6(9)1473 ······-·NIST-800-53-AC-6(9)
1474 ······-·NIST-800-53-AU-12(c)1474 ······-·NIST-800-53-AU-12(c)
1475 ······-·NIST-800-53-AU-2(d)1475 ······-·NIST-800-53-AU-2(d)
1476 ······-·NIST-800-53-CM-6(a)1476 ······-·NIST-800-53-CM-6(a)
Offset 1485, 16 lines modifiedOffset 1485, 16 lines modified
1485 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·audit_rules_networkconfig_modification1485 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·audit_rules_networkconfig_modification
1486 ······find:1486 ······find:
1487 ········paths:·/etc/audit/rules.d1487 ········paths:·/etc/audit/rules.d
1488 ········contains:·^.*(?:-F·key=|-k\s+)audit_rules_networkconfig_modification$1488 ········contains:·^.*(?:-F·key=|-k\s+)audit_rules_networkconfig_modification$
1489 ········patterns:·'*.rules'1489 ········patterns:·'*.rules'
1490 ······register:·find_watch_key1490 ······register:·find_watch_key
1491 ······when:1491 ······when:
1492 ······-·'"audit"·in·ansible_facts.packages' 
1493 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1492 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1493 ······-·'"audit"·in·ansible_facts.packages'
1494 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched1494 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
1495 ········==·01495 ········==·0
1496 ······tags:1496 ······tags:
1497 ······-·CJIS-5.4.1.11497 ······-·CJIS-5.4.1.1
1498 ······-·NIST-800-171-3.1.71498 ······-·NIST-800-171-3.1.7
1499 ······-·NIST-800-53-AC-6(9)1499 ······-·NIST-800-53-AC-6(9)
1500 ······-·NIST-800-53-AU-12(c)1500 ······-·NIST-800-53-AU-12(c)
Offset 1510, 16 lines modifiedOffset 1510, 16 lines modified
  
1510 ····-·name:·Use·/etc/audit/rules.d/audit_rules_networkconfig_modification.rules·as·the1510 ····-·name:·Use·/etc/audit/rules.d/audit_rules_networkconfig_modification.rules·as·the
1511 ········recipient·for·the·rule1511 ········recipient·for·the·rule
1512 ······set_fact:1512 ······set_fact:
1513 ········all_files:1513 ········all_files:
1514 ········-·/etc/audit/rules.d/audit_rules_networkconfig_modification.rules1514 ········-·/etc/audit/rules.d/audit_rules_networkconfig_modification.rules
1515 ······when:1515 ······when:
1516 ······-·'"audit"·in·ansible_facts.packages' 
1517 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1516 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1517 ······-·'"audit"·in·ansible_facts.packages'
1518 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched1518 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
1519 ········is·defined·and·find_existing_watch_rules_d.matched·==·01519 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1520 ······tags:1520 ······tags:
1521 ······-·CJIS-5.4.1.11521 ······-·CJIS-5.4.1.1
1522 ······-·NIST-800-171-3.1.71522 ······-·NIST-800-171-3.1.7
1523 ······-·NIST-800-53-AC-6(9)1523 ······-·NIST-800-53-AC-6(9)
1524 ······-·NIST-800-53-AU-12(c)1524 ······-·NIST-800-53-AU-12(c)
Offset 1534, 16 lines modifiedOffset 1534, 16 lines modified
1534 ······-·restrict_strategy1534 ······-·restrict_strategy
  
1535 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule1535 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
1536 ······set_fact:1536 ······set_fact:
1537 ········all_files:1537 ········all_files:
1538 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'1538 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
1539 ······when:1539 ······when:
1540 ······-·'"audit"·in·ansible_facts.packages' 
1541 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1540 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1541 ······-·'"audit"·in·ansible_facts.packages'
1542 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched1542 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
1543 ········is·defined·and·find_existing_watch_rules_d.matched·==·01543 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1544 ······tags:1544 ······tags:
1545 ······-·CJIS-5.4.1.11545 ······-·CJIS-5.4.1.1
1546 ······-·NIST-800-171-3.1.71546 ······-·NIST-800-171-3.1.7
1547 ······-·NIST-800-53-AC-6(9)1547 ······-·NIST-800-53-AC-6(9)
1548 ······-·NIST-800-53-AU-12(c)1548 ······-·NIST-800-53-AU-12(c)
Offset 1560, 16 lines modifiedOffset 1560, 16 lines modified
1560 ····-·name:·Add·watch·rule·for·/etc/issue·in·/etc/audit/rules.d/1560 ····-·name:·Add·watch·rule·for·/etc/issue·in·/etc/audit/rules.d/
Max diff block lines reached; 66166/71216 bytes (92.91%) of diff not shown.
181 KB
./usr/share/scap-security-guide/ansible/centos8-playbook-hipaa.yml
Ordering differences only
    
Offset 1358, 16 lines modifiedOffset 1358, 16 lines modified
  
1358 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension1358 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
1359 ······find:1359 ······find:
1360 ········paths:·/etc/audit/rules.d/1360 ········paths:·/etc/audit/rules.d/
1361 ········patterns:·'*.rules'1361 ········patterns:·'*.rules'
1362 ······register:·find_rules_d1362 ······register:·find_rules_d
1363 ······when:1363 ······when:
1364 ······-·'"audit"·in·ansible_facts.packages' 
1365 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1364 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1365 ······-·'"audit"·in·ansible_facts.packages'
1366 ······tags:1366 ······tags:
1367 ······-·CJIS-5.4.1.11367 ······-·CJIS-5.4.1.1
1368 ······-·DISA-STIG-RHEL-08-0301211368 ······-·DISA-STIG-RHEL-08-030121
1369 ······-·NIST-800-171-3.3.11369 ······-·NIST-800-171-3.3.1
1370 ······-·NIST-800-171-3.4.31370 ······-·NIST-800-171-3.4.3
1371 ······-·NIST-800-53-AC-6(9)1371 ······-·NIST-800-53-AC-6(9)
1372 ······-·NIST-800-53-CM-6(a)1372 ······-·NIST-800-53-CM-6(a)
Offset 1383, 16 lines modifiedOffset 1383, 16 lines modified
1383 ······lineinfile:1383 ······lineinfile:
1384 ········path:·'{{·item·}}'1384 ········path:·'{{·item·}}'
1385 ········regexp:·^\s*(?:-e)\s+.*$1385 ········regexp:·^\s*(?:-e)\s+.*$
1386 ········state:·absent1386 ········state:·absent
1387 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']1387 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
1388 ········}}'1388 ········}}'
1389 ······when:1389 ······when:
1390 ······-·'"audit"·in·ansible_facts.packages' 
1391 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1390 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1391 ······-·'"audit"·in·ansible_facts.packages'
1392 ······tags:1392 ······tags:
1393 ······-·CJIS-5.4.1.11393 ······-·CJIS-5.4.1.1
1394 ······-·DISA-STIG-RHEL-08-0301211394 ······-·DISA-STIG-RHEL-08-030121
1395 ······-·NIST-800-171-3.3.11395 ······-·NIST-800-171-3.3.1
1396 ······-·NIST-800-171-3.4.31396 ······-·NIST-800-171-3.4.3
1397 ······-·NIST-800-53-AC-6(9)1397 ······-·NIST-800-53-AC-6(9)
1398 ······-·NIST-800-53-CM-6(a)1398 ······-·NIST-800-53-CM-6(a)
Offset 1410, 16 lines modifiedOffset 1410, 16 lines modified
1410 ········create:·true1410 ········create:·true
1411 ········line:·-e·21411 ········line:·-e·2
1412 ········mode:·o-rwx1412 ········mode:·o-rwx
1413 ······loop:1413 ······loop:
1414 ······-·/etc/audit/audit.rules1414 ······-·/etc/audit/audit.rules
1415 ······-·/etc/audit/rules.d/immutable.rules1415 ······-·/etc/audit/rules.d/immutable.rules
1416 ······when:1416 ······when:
1417 ······-·'"audit"·in·ansible_facts.packages' 
1418 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1417 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1418 ······-·'"audit"·in·ansible_facts.packages'
1419 ······tags:1419 ······tags:
1420 ······-·CJIS-5.4.1.11420 ······-·CJIS-5.4.1.1
1421 ······-·DISA-STIG-RHEL-08-0301211421 ······-·DISA-STIG-RHEL-08-030121
1422 ······-·NIST-800-171-3.3.11422 ······-·NIST-800-171-3.3.1
1423 ······-·NIST-800-171-3.4.31423 ······-·NIST-800-171-3.4.3
1424 ······-·NIST-800-53-AC-6(9)1424 ······-·NIST-800-53-AC-6(9)
1425 ······-·NIST-800-53-CM-6(a)1425 ······-·NIST-800-53-CM-6(a)
Offset 1452, 16 lines modifiedOffset 1452, 16 lines modified
1452 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/1452 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
1453 ······find:1453 ······find:
1454 ········paths:·/etc/audit/rules.d1454 ········paths:·/etc/audit/rules.d
1455 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+1455 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
1456 ········patterns:·'*.rules'1456 ········patterns:·'*.rules'
1457 ······register:·find_existing_watch_rules_d1457 ······register:·find_existing_watch_rules_d
1458 ······when:1458 ······when:
1459 ······-·'"audit"·in·ansible_facts.packages' 
1460 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1459 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1460 ······-·'"audit"·in·ansible_facts.packages'
1461 ······tags:1461 ······tags:
1462 ······-·CJIS-5.4.1.11462 ······-·CJIS-5.4.1.1
1463 ······-·NIST-800-171-3.1.81463 ······-·NIST-800-171-3.1.8
1464 ······-·NIST-800-53-AU-12(c)1464 ······-·NIST-800-53-AU-12(c)
1465 ······-·NIST-800-53-AU-2(d)1465 ······-·NIST-800-53-AU-2(d)
1466 ······-·NIST-800-53-CM-6(a)1466 ······-·NIST-800-53-CM-6(a)
1467 ······-·PCI-DSS-Req-10.5.51467 ······-·PCI-DSS-Req-10.5.5
Offset 1475, 16 lines modifiedOffset 1475, 16 lines modified
1475 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy1475 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
1476 ······find:1476 ······find:
1477 ········paths:·/etc/audit/rules.d1477 ········paths:·/etc/audit/rules.d
1478 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$1478 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
1479 ········patterns:·'*.rules'1479 ········patterns:·'*.rules'
1480 ······register:·find_watch_key1480 ······register:·find_watch_key
1481 ······when:1481 ······when:
1482 ······-·'"audit"·in·ansible_facts.packages' 
1483 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1482 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1483 ······-·'"audit"·in·ansible_facts.packages'
1484 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched1484 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
1485 ········==·01485 ········==·0
1486 ······tags:1486 ······tags:
1487 ······-·CJIS-5.4.1.11487 ······-·CJIS-5.4.1.1
1488 ······-·NIST-800-171-3.1.81488 ······-·NIST-800-171-3.1.8
1489 ······-·NIST-800-53-AU-12(c)1489 ······-·NIST-800-53-AU-12(c)
1490 ······-·NIST-800-53-AU-2(d)1490 ······-·NIST-800-53-AU-2(d)
Offset 1498, 16 lines modifiedOffset 1498, 16 lines modified
1498 ······-·restrict_strategy1498 ······-·restrict_strategy
  
1499 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule1499 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
1500 ······set_fact:1500 ······set_fact:
1501 ········all_files:1501 ········all_files:
1502 ········-·/etc/audit/rules.d/MAC-policy.rules1502 ········-·/etc/audit/rules.d/MAC-policy.rules
1503 ······when:1503 ······when:
1504 ······-·'"audit"·in·ansible_facts.packages' 
1505 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1504 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1505 ······-·'"audit"·in·ansible_facts.packages'
1506 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched1506 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
1507 ········is·defined·and·find_existing_watch_rules_d.matched·==·01507 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1508 ······tags:1508 ······tags:
1509 ······-·CJIS-5.4.1.11509 ······-·CJIS-5.4.1.1
1510 ······-·NIST-800-171-3.1.81510 ······-·NIST-800-171-3.1.8
1511 ······-·NIST-800-53-AU-12(c)1511 ······-·NIST-800-53-AU-12(c)
1512 ······-·NIST-800-53-AU-2(d)1512 ······-·NIST-800-53-AU-2(d)
Offset 1521, 16 lines modifiedOffset 1521, 16 lines modified
1521 ······-·restrict_strategy1521 ······-·restrict_strategy
  
1522 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule1522 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
1523 ······set_fact:1523 ······set_fact:
1524 ········all_files:1524 ········all_files:
1525 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'1525 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
1526 ······when:1526 ······when:
1527 ······-·'"audit"·in·ansible_facts.packages' 
1528 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1527 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1528 ······-·'"audit"·in·ansible_facts.packages'
1529 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched1529 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
1530 ········is·defined·and·find_existing_watch_rules_d.matched·==·01530 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1531 ······tags:1531 ······tags:
1532 ······-·CJIS-5.4.1.11532 ······-·CJIS-5.4.1.1
1533 ······-·NIST-800-171-3.1.81533 ······-·NIST-800-171-3.1.8
1534 ······-·NIST-800-53-AU-12(c)1534 ······-·NIST-800-53-AU-12(c)
1535 ······-·NIST-800-53-AU-2(d)1535 ······-·NIST-800-53-AU-2(d)
Offset 1546, 16 lines modifiedOffset 1546, 16 lines modified
1546 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/1546 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
Max diff block lines reached; 180644/185347 bytes (97.46%) of diff not shown.
86.8 KB
./usr/share/scap-security-guide/ansible/centos8-playbook-ism_o.yml
Ordering differences only
    
Offset 4644, 16 lines modifiedOffset 4644, 16 lines modified
4644 ······-·no_reboot_needed4644 ······-·no_reboot_needed
4645 ······-·restrict_strategy4645 ······-·restrict_strategy
  
4646 ····-·name:·Set·architecture·for·audit·tasks4646 ····-·name:·Set·architecture·for·audit·tasks
4647 ······set_fact:4647 ······set_fact:
4648 ········audit_arch:·b644648 ········audit_arch:·b64
4649 ······when:4649 ······when:
4650 ······-·'"audit"·in·ansible_facts.packages' 
4651 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4650 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4651 ······-·'"audit"·in·ansible_facts.packages'
4652 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture4652 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
4653 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"4653 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
4654 ······tags:4654 ······tags:
4655 ······-·CJIS-5.4.1.14655 ······-·CJIS-5.4.1.1
4656 ······-·NIST-800-171-3.1.74656 ······-·NIST-800-171-3.1.7
4657 ······-·NIST-800-53-AC-6(9)4657 ······-·NIST-800-53-AC-6(9)
4658 ······-·NIST-800-53-AU-12(c)4658 ······-·NIST-800-53-AU-12(c)
Offset 4786, 16 lines modifiedOffset 4786, 16 lines modified
4786 ··········path:·'{{·audit_file·}}'4786 ··········path:·'{{·audit_file·}}'
4787 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_rules_networkconfig_modification4787 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_rules_networkconfig_modification
4788 ··········create:·true4788 ··········create:·true
4789 ··········mode:·o-rwx4789 ··········mode:·o-rwx
4790 ··········state:·present4790 ··········state:·present
4791 ········when:·syscalls_found·|·length·==·04791 ········when:·syscalls_found·|·length·==·0
4792 ······when:4792 ······when:
4793 ······-·'"audit"·in·ansible_facts.packages' 
4794 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4793 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4794 ······-·'"audit"·in·ansible_facts.packages'
4795 ······tags:4795 ······tags:
4796 ······-·CJIS-5.4.1.14796 ······-·CJIS-5.4.1.1
4797 ······-·NIST-800-171-3.1.74797 ······-·NIST-800-171-3.1.7
4798 ······-·NIST-800-53-AC-6(9)4798 ······-·NIST-800-53-AC-6(9)
4799 ······-·NIST-800-53-AU-12(c)4799 ······-·NIST-800-53-AU-12(c)
4800 ······-·NIST-800-53-AU-2(d)4800 ······-·NIST-800-53-AU-2(d)
4801 ······-·NIST-800-53-CM-6(a)4801 ······-·NIST-800-53-CM-6(a)
Offset 4926, 16 lines modifiedOffset 4926, 16 lines modified
4926 ··········path:·'{{·audit_file·}}'4926 ··········path:·'{{·audit_file·}}'
4927 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_rules_networkconfig_modification4927 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_rules_networkconfig_modification
4928 ··········create:·true4928 ··········create:·true
4929 ··········mode:·o-rwx4929 ··········mode:·o-rwx
4930 ··········state:·present4930 ··········state:·present
4931 ········when:·syscalls_found·|·length·==·04931 ········when:·syscalls_found·|·length·==·0
4932 ······when:4932 ······when:
4933 ······-·'"audit"·in·ansible_facts.packages' 
4934 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4933 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4934 ······-·'"audit"·in·ansible_facts.packages'
4935 ······-·audit_arch·==·"b64"4935 ······-·audit_arch·==·"b64"
4936 ······tags:4936 ······tags:
4937 ······-·CJIS-5.4.1.14937 ······-·CJIS-5.4.1.1
4938 ······-·NIST-800-171-3.1.74938 ······-·NIST-800-171-3.1.7
4939 ······-·NIST-800-53-AC-6(9)4939 ······-·NIST-800-53-AC-6(9)
4940 ······-·NIST-800-53-AU-12(c)4940 ······-·NIST-800-53-AU-12(c)
4941 ······-·NIST-800-53-AU-2(d)4941 ······-·NIST-800-53-AU-2(d)
Offset 4951, 16 lines modifiedOffset 4951, 16 lines modified
4951 ····-·name:·Check·if·watch·rule·for·/etc/issue·already·exists·in·/etc/audit/rules.d/4951 ····-·name:·Check·if·watch·rule·for·/etc/issue·already·exists·in·/etc/audit/rules.d/
4952 ······find:4952 ······find:
4953 ········paths:·/etc/audit/rules.d4953 ········paths:·/etc/audit/rules.d
4954 ········contains:·^\s*-w\s+/etc/issue\s+-p\s+wa(\s|$)+4954 ········contains:·^\s*-w\s+/etc/issue\s+-p\s+wa(\s|$)+
4955 ········patterns:·'*.rules'4955 ········patterns:·'*.rules'
4956 ······register:·find_existing_watch_rules_d4956 ······register:·find_existing_watch_rules_d
4957 ······when:4957 ······when:
4958 ······-·'"audit"·in·ansible_facts.packages' 
4959 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4958 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4959 ······-·'"audit"·in·ansible_facts.packages'
4960 ······tags:4960 ······tags:
4961 ······-·CJIS-5.4.1.14961 ······-·CJIS-5.4.1.1
4962 ······-·NIST-800-171-3.1.74962 ······-·NIST-800-171-3.1.7
4963 ······-·NIST-800-53-AC-6(9)4963 ······-·NIST-800-53-AC-6(9)
4964 ······-·NIST-800-53-AU-12(c)4964 ······-·NIST-800-53-AU-12(c)
4965 ······-·NIST-800-53-AU-2(d)4965 ······-·NIST-800-53-AU-2(d)
4966 ······-·NIST-800-53-CM-6(a)4966 ······-·NIST-800-53-CM-6(a)
Offset 4975, 16 lines modifiedOffset 4975, 16 lines modified
4975 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·audit_rules_networkconfig_modification4975 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·audit_rules_networkconfig_modification
4976 ······find:4976 ······find:
4977 ········paths:·/etc/audit/rules.d4977 ········paths:·/etc/audit/rules.d
4978 ········contains:·^.*(?:-F·key=|-k\s+)audit_rules_networkconfig_modification$4978 ········contains:·^.*(?:-F·key=|-k\s+)audit_rules_networkconfig_modification$
4979 ········patterns:·'*.rules'4979 ········patterns:·'*.rules'
4980 ······register:·find_watch_key4980 ······register:·find_watch_key
4981 ······when:4981 ······when:
4982 ······-·'"audit"·in·ansible_facts.packages' 
4983 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4982 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4983 ······-·'"audit"·in·ansible_facts.packages'
4984 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched4984 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
4985 ········==·04985 ········==·0
4986 ······tags:4986 ······tags:
4987 ······-·CJIS-5.4.1.14987 ······-·CJIS-5.4.1.1
4988 ······-·NIST-800-171-3.1.74988 ······-·NIST-800-171-3.1.7
4989 ······-·NIST-800-53-AC-6(9)4989 ······-·NIST-800-53-AC-6(9)
4990 ······-·NIST-800-53-AU-12(c)4990 ······-·NIST-800-53-AU-12(c)
Offset 5000, 16 lines modifiedOffset 5000, 16 lines modified
  
5000 ····-·name:·Use·/etc/audit/rules.d/audit_rules_networkconfig_modification.rules·as·the5000 ····-·name:·Use·/etc/audit/rules.d/audit_rules_networkconfig_modification.rules·as·the
5001 ········recipient·for·the·rule5001 ········recipient·for·the·rule
5002 ······set_fact:5002 ······set_fact:
5003 ········all_files:5003 ········all_files:
5004 ········-·/etc/audit/rules.d/audit_rules_networkconfig_modification.rules5004 ········-·/etc/audit/rules.d/audit_rules_networkconfig_modification.rules
5005 ······when:5005 ······when:
5006 ······-·'"audit"·in·ansible_facts.packages' 
5007 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5006 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5007 ······-·'"audit"·in·ansible_facts.packages'
5008 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched5008 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
5009 ········is·defined·and·find_existing_watch_rules_d.matched·==·05009 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
5010 ······tags:5010 ······tags:
5011 ······-·CJIS-5.4.1.15011 ······-·CJIS-5.4.1.1
5012 ······-·NIST-800-171-3.1.75012 ······-·NIST-800-171-3.1.7
5013 ······-·NIST-800-53-AC-6(9)5013 ······-·NIST-800-53-AC-6(9)
5014 ······-·NIST-800-53-AU-12(c)5014 ······-·NIST-800-53-AU-12(c)
Offset 5024, 16 lines modifiedOffset 5024, 16 lines modified
5024 ······-·restrict_strategy5024 ······-·restrict_strategy
  
5025 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule5025 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
5026 ······set_fact:5026 ······set_fact:
5027 ········all_files:5027 ········all_files:
5028 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'5028 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
5029 ······when:5029 ······when:
5030 ······-·'"audit"·in·ansible_facts.packages' 
5031 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5030 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5031 ······-·'"audit"·in·ansible_facts.packages'
5032 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched5032 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
5033 ········is·defined·and·find_existing_watch_rules_d.matched·==·05033 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
5034 ······tags:5034 ······tags:
5035 ······-·CJIS-5.4.1.15035 ······-·CJIS-5.4.1.1
5036 ······-·NIST-800-171-3.1.75036 ······-·NIST-800-171-3.1.7
5037 ······-·NIST-800-53-AC-6(9)5037 ······-·NIST-800-53-AC-6(9)
5038 ······-·NIST-800-53-AU-12(c)5038 ······-·NIST-800-53-AU-12(c)
Offset 5050, 16 lines modifiedOffset 5050, 16 lines modified
5050 ····-·name:·Add·watch·rule·for·/etc/issue·in·/etc/audit/rules.d/5050 ····-·name:·Add·watch·rule·for·/etc/issue·in·/etc/audit/rules.d/
Max diff block lines reached; 83630/88680 bytes (94.31%) of diff not shown.
3.57 KB
./usr/share/scap-security-guide/ansible/centos8-playbook-ospp.yml
Ordering differences only
    
Offset 4831, 16 lines modifiedOffset 4831, 16 lines modified
4831 ······lineinfile:4831 ······lineinfile:
4832 ········dest:·/etc/audit/auditd.conf4832 ········dest:·/etc/audit/auditd.conf
4833 ········regexp:·^\s*flush\s*=\s*.*$4833 ········regexp:·^\s*flush\s*=\s*.*$
4834 ········line:·flush·=·{{·var_auditd_flush·}}4834 ········line:·flush·=·{{·var_auditd_flush·}}
4835 ········state:·present4835 ········state:·present
4836 ········create:·true4836 ········create:·true
4837 ······when:4837 ······when:
4838 ······-·'"audit"·in·ansible_facts.packages' 
4839 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4838 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4839 ······-·'"audit"·in·ansible_facts.packages'
4840 ······tags:4840 ······tags:
4841 ······-·NIST-800-171-3.3.14841 ······-·NIST-800-171-3.3.1
4842 ······-·NIST-800-53-AU-114842 ······-·NIST-800-53-AU-11
4843 ······-·NIST-800-53-CM-6(a)4843 ······-·NIST-800-53-CM-6(a)
4844 ······-·auditd_data_retention_flush4844 ······-·auditd_data_retention_flush
4845 ······-·low_complexity4845 ······-·low_complexity
4846 ······-·low_disruption4846 ······-·low_disruption
Offset 4886, 16 lines modifiedOffset 4886, 16 lines modified
4886 ········lineinfile:4886 ········lineinfile:
4887 ··········path:·/etc/audit/auditd.conf4887 ··········path:·/etc/audit/auditd.conf
4888 ··········create:·true4888 ··········create:·true
4889 ··········regexp:·(?i)^\s*freq\s*=\s*4889 ··········regexp:·(?i)^\s*freq\s*=\s*
4890 ··········line:·freq·=·504890 ··········line:·freq·=·50
4891 ··········state:·present4891 ··········state:·present
4892 ······when:4892 ······when:
4893 ······-·'"audit"·in·ansible_facts.packages' 
4894 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4893 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4894 ······-·'"audit"·in·ansible_facts.packages'
4895 ······tags:4895 ······tags:
4896 ······-·NIST-800-53-CM-64896 ······-·NIST-800-53-CM-6
4897 ······-·auditd_freq4897 ······-·auditd_freq
4898 ······-·low_complexity4898 ······-·low_complexity
4899 ······-·low_disruption4899 ······-·low_disruption
4900 ······-·medium_severity4900 ······-·medium_severity
4901 ······-·no_reboot_needed4901 ······-·no_reboot_needed
Offset 4940, 16 lines modifiedOffset 4940, 16 lines modified
4940 ········lineinfile:4940 ········lineinfile:
4941 ··········path:·/etc/audit/auditd.conf4941 ··········path:·/etc/audit/auditd.conf
4942 ··········create:·true4942 ··········create:·true
4943 ··········regexp:·(?i)^\s*local_events\s*=\s*4943 ··········regexp:·(?i)^\s*local_events\s*=\s*
4944 ··········line:·local_events·=·yes4944 ··········line:·local_events·=·yes
4945 ··········state:·present4945 ··········state:·present
4946 ······when:4946 ······when:
4947 ······-·'"audit"·in·ansible_facts.packages' 
4948 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4947 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4948 ······-·'"audit"·in·ansible_facts.packages'
4949 ······tags:4949 ······tags:
4950 ······-·DISA-STIG-RHEL-08-0300614950 ······-·DISA-STIG-RHEL-08-030061
4951 ······-·NIST-800-53-CM-64951 ······-·NIST-800-53-CM-6
4952 ······-·auditd_local_events4952 ······-·auditd_local_events
4953 ······-·low_complexity4953 ······-·low_complexity
4954 ······-·low_disruption4954 ······-·low_disruption
4955 ······-·medium_severity4955 ······-·medium_severity
Offset 4996, 16 lines modifiedOffset 4996, 16 lines modified
4996 ········lineinfile:4996 ········lineinfile:
4997 ··········path:·/etc/audit/auditd.conf4997 ··········path:·/etc/audit/auditd.conf
4998 ··········create:·true4998 ··········create:·true
4999 ··········regexp:·(?i)^\s*log_format\s*=\s*4999 ··········regexp:·(?i)^\s*log_format\s*=\s*
5000 ··········line:·log_format·=·ENRICHED5000 ··········line:·log_format·=·ENRICHED
5001 ··········state:·present5001 ··········state:·present
5002 ······when:5002 ······when:
5003 ······-·'"audit"·in·ansible_facts.packages' 
5004 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5003 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5004 ······-·'"audit"·in·ansible_facts.packages'
5005 ······tags:5005 ······tags:
5006 ······-·DISA-STIG-RHEL-08-0300635006 ······-·DISA-STIG-RHEL-08-030063
5007 ······-·NIST-800-53-AU-35007 ······-·NIST-800-53-AU-3
5008 ······-·NIST-800-53-CM-65008 ······-·NIST-800-53-CM-6
5009 ······-·auditd_log_format5009 ······-·auditd_log_format
5010 ······-·low_complexity5010 ······-·low_complexity
5011 ······-·low_disruption5011 ······-·low_disruption
Offset 5053, 16 lines modifiedOffset 5053, 16 lines modified
5053 ········lineinfile:5053 ········lineinfile:
5054 ··········path:·/etc/audit/auditd.conf5054 ··········path:·/etc/audit/auditd.conf
5055 ··········create:·true5055 ··········create:·true
5056 ··········regexp:·(?i)^\s*name_format\s*=\s*5056 ··········regexp:·(?i)^\s*name_format\s*=\s*
5057 ··········line:·name_format·=·hostname5057 ··········line:·name_format·=·hostname
5058 ··········state:·present5058 ··········state:·present
5059 ······when:5059 ······when:
5060 ······-·'"audit"·in·ansible_facts.packages' 
5061 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5060 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5061 ······-·'"audit"·in·ansible_facts.packages'
5062 ······tags:5062 ······tags:
5063 ······-·DISA-STIG-RHEL-08-0300625063 ······-·DISA-STIG-RHEL-08-030062
5064 ······-·NIST-800-53-AU-35064 ······-·NIST-800-53-AU-3
5065 ······-·NIST-800-53-CM-65065 ······-·NIST-800-53-CM-6
5066 ······-·auditd_name_format5066 ······-·auditd_name_format
5067 ······-·low_complexity5067 ······-·low_complexity
5068 ······-·low_disruption5068 ······-·low_disruption
Offset 5108, 16 lines modifiedOffset 5108, 16 lines modified
5108 ········lineinfile:5108 ········lineinfile:
5109 ··········path:·/etc/audit/auditd.conf5109 ··········path:·/etc/audit/auditd.conf
5110 ··········create:·true5110 ··········create:·true
5111 ··········regexp:·(?i)^\s*write_logs\s*=\s*5111 ··········regexp:·(?i)^\s*write_logs\s*=\s*
5112 ··········line:·write_logs·=·yes5112 ··········line:·write_logs·=·yes
5113 ··········state:·present5113 ··········state:·present
5114 ······when:5114 ······when:
5115 ······-·'"audit"·in·ansible_facts.packages' 
5116 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5115 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5116 ······-·'"audit"·in·ansible_facts.packages'
5117 ······tags:5117 ······tags:
5118 ······-·NIST-800-53-CM-65118 ······-·NIST-800-53-CM-6
5119 ······-·auditd_write_logs5119 ······-·auditd_write_logs
5120 ······-·low_complexity5120 ······-·low_complexity
5121 ······-·low_disruption5121 ······-·low_disruption
5122 ······-·medium_severity5122 ······-·medium_severity
5123 ······-·no_reboot_needed5123 ······-·no_reboot_needed
160 KB
./usr/share/scap-security-guide/ansible/centos8-playbook-pci-dss.yml
Ordering differences only
    
Offset 5162, 16 lines modifiedOffset 5162, 16 lines modified
  
5162 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension5162 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
5163 ······find:5163 ······find:
5164 ········paths:·/etc/audit/rules.d/5164 ········paths:·/etc/audit/rules.d/
5165 ········patterns:·'*.rules'5165 ········patterns:·'*.rules'
5166 ······register:·find_rules_d5166 ······register:·find_rules_d
5167 ······when:5167 ······when:
5168 ······-·'"audit"·in·ansible_facts.packages' 
5169 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5168 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5169 ······-·'"audit"·in·ansible_facts.packages'
5170 ······tags:5170 ······tags:
5171 ······-·CJIS-5.4.1.15171 ······-·CJIS-5.4.1.1
5172 ······-·DISA-STIG-RHEL-08-0301215172 ······-·DISA-STIG-RHEL-08-030121
5173 ······-·NIST-800-171-3.3.15173 ······-·NIST-800-171-3.3.1
5174 ······-·NIST-800-171-3.4.35174 ······-·NIST-800-171-3.4.3
5175 ······-·NIST-800-53-AC-6(9)5175 ······-·NIST-800-53-AC-6(9)
5176 ······-·NIST-800-53-CM-6(a)5176 ······-·NIST-800-53-CM-6(a)
Offset 5187, 16 lines modifiedOffset 5187, 16 lines modified
5187 ······lineinfile:5187 ······lineinfile:
5188 ········path:·'{{·item·}}'5188 ········path:·'{{·item·}}'
5189 ········regexp:·^\s*(?:-e)\s+.*$5189 ········regexp:·^\s*(?:-e)\s+.*$
5190 ········state:·absent5190 ········state:·absent
5191 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']5191 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
5192 ········}}'5192 ········}}'
5193 ······when:5193 ······when:
5194 ······-·'"audit"·in·ansible_facts.packages' 
5195 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5194 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5195 ······-·'"audit"·in·ansible_facts.packages'
5196 ······tags:5196 ······tags:
5197 ······-·CJIS-5.4.1.15197 ······-·CJIS-5.4.1.1
5198 ······-·DISA-STIG-RHEL-08-0301215198 ······-·DISA-STIG-RHEL-08-030121
5199 ······-·NIST-800-171-3.3.15199 ······-·NIST-800-171-3.3.1
5200 ······-·NIST-800-171-3.4.35200 ······-·NIST-800-171-3.4.3
5201 ······-·NIST-800-53-AC-6(9)5201 ······-·NIST-800-53-AC-6(9)
5202 ······-·NIST-800-53-CM-6(a)5202 ······-·NIST-800-53-CM-6(a)
Offset 5214, 16 lines modifiedOffset 5214, 16 lines modified
5214 ········create:·true5214 ········create:·true
5215 ········line:·-e·25215 ········line:·-e·2
5216 ········mode:·o-rwx5216 ········mode:·o-rwx
5217 ······loop:5217 ······loop:
5218 ······-·/etc/audit/audit.rules5218 ······-·/etc/audit/audit.rules
5219 ······-·/etc/audit/rules.d/immutable.rules5219 ······-·/etc/audit/rules.d/immutable.rules
5220 ······when:5220 ······when:
5221 ······-·'"audit"·in·ansible_facts.packages' 
5222 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5221 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5222 ······-·'"audit"·in·ansible_facts.packages'
5223 ······tags:5223 ······tags:
5224 ······-·CJIS-5.4.1.15224 ······-·CJIS-5.4.1.1
5225 ······-·DISA-STIG-RHEL-08-0301215225 ······-·DISA-STIG-RHEL-08-030121
5226 ······-·NIST-800-171-3.3.15226 ······-·NIST-800-171-3.3.1
5227 ······-·NIST-800-171-3.4.35227 ······-·NIST-800-171-3.4.3
5228 ······-·NIST-800-53-AC-6(9)5228 ······-·NIST-800-53-AC-6(9)
5229 ······-·NIST-800-53-CM-6(a)5229 ······-·NIST-800-53-CM-6(a)
Offset 5256, 16 lines modifiedOffset 5256, 16 lines modified
5256 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/5256 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
5257 ······find:5257 ······find:
5258 ········paths:·/etc/audit/rules.d5258 ········paths:·/etc/audit/rules.d
5259 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+5259 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
5260 ········patterns:·'*.rules'5260 ········patterns:·'*.rules'
5261 ······register:·find_existing_watch_rules_d5261 ······register:·find_existing_watch_rules_d
5262 ······when:5262 ······when:
5263 ······-·'"audit"·in·ansible_facts.packages' 
5264 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5263 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5264 ······-·'"audit"·in·ansible_facts.packages'
5265 ······tags:5265 ······tags:
5266 ······-·CJIS-5.4.1.15266 ······-·CJIS-5.4.1.1
5267 ······-·NIST-800-171-3.1.85267 ······-·NIST-800-171-3.1.8
5268 ······-·NIST-800-53-AU-12(c)5268 ······-·NIST-800-53-AU-12(c)
5269 ······-·NIST-800-53-AU-2(d)5269 ······-·NIST-800-53-AU-2(d)
5270 ······-·NIST-800-53-CM-6(a)5270 ······-·NIST-800-53-CM-6(a)
5271 ······-·PCI-DSS-Req-10.5.55271 ······-·PCI-DSS-Req-10.5.5
Offset 5279, 16 lines modifiedOffset 5279, 16 lines modified
5279 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy5279 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
5280 ······find:5280 ······find:
5281 ········paths:·/etc/audit/rules.d5281 ········paths:·/etc/audit/rules.d
5282 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$5282 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
5283 ········patterns:·'*.rules'5283 ········patterns:·'*.rules'
5284 ······register:·find_watch_key5284 ······register:·find_watch_key
5285 ······when:5285 ······when:
5286 ······-·'"audit"·in·ansible_facts.packages' 
5287 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5286 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5287 ······-·'"audit"·in·ansible_facts.packages'
5288 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched5288 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
5289 ········==·05289 ········==·0
5290 ······tags:5290 ······tags:
5291 ······-·CJIS-5.4.1.15291 ······-·CJIS-5.4.1.1
5292 ······-·NIST-800-171-3.1.85292 ······-·NIST-800-171-3.1.8
5293 ······-·NIST-800-53-AU-12(c)5293 ······-·NIST-800-53-AU-12(c)
5294 ······-·NIST-800-53-AU-2(d)5294 ······-·NIST-800-53-AU-2(d)
Offset 5302, 16 lines modifiedOffset 5302, 16 lines modified
5302 ······-·restrict_strategy5302 ······-·restrict_strategy
  
5303 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule5303 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
5304 ······set_fact:5304 ······set_fact:
5305 ········all_files:5305 ········all_files:
5306 ········-·/etc/audit/rules.d/MAC-policy.rules5306 ········-·/etc/audit/rules.d/MAC-policy.rules
5307 ······when:5307 ······when:
5308 ······-·'"audit"·in·ansible_facts.packages' 
5309 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5308 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5309 ······-·'"audit"·in·ansible_facts.packages'
5310 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched5310 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
5311 ········is·defined·and·find_existing_watch_rules_d.matched·==·05311 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
5312 ······tags:5312 ······tags:
5313 ······-·CJIS-5.4.1.15313 ······-·CJIS-5.4.1.1
5314 ······-·NIST-800-171-3.1.85314 ······-·NIST-800-171-3.1.8
5315 ······-·NIST-800-53-AU-12(c)5315 ······-·NIST-800-53-AU-12(c)
5316 ······-·NIST-800-53-AU-2(d)5316 ······-·NIST-800-53-AU-2(d)
Offset 5325, 16 lines modifiedOffset 5325, 16 lines modified
5325 ······-·restrict_strategy5325 ······-·restrict_strategy
  
5326 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule5326 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
5327 ······set_fact:5327 ······set_fact:
5328 ········all_files:5328 ········all_files:
5329 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'5329 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
5330 ······when:5330 ······when:
5331 ······-·'"audit"·in·ansible_facts.packages' 
5332 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5331 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5332 ······-·'"audit"·in·ansible_facts.packages'
5333 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched5333 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
5334 ········is·defined·and·find_existing_watch_rules_d.matched·==·05334 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
5335 ······tags:5335 ······tags:
5336 ······-·CJIS-5.4.1.15336 ······-·CJIS-5.4.1.1
5337 ······-·NIST-800-171-3.1.85337 ······-·NIST-800-171-3.1.8
5338 ······-·NIST-800-53-AU-12(c)5338 ······-·NIST-800-53-AU-12(c)
5339 ······-·NIST-800-53-AU-2(d)5339 ······-·NIST-800-53-AU-2(d)
Offset 5350, 16 lines modifiedOffset 5350, 16 lines modified
5350 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/5350 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
Max diff block lines reached; 158724/163427 bytes (97.12%) of diff not shown.
3.93 KB
./usr/share/scap-security-guide/ansible/centos8-playbook-rht-ccp.yml
Ordering differences only
    
Offset 3210, 16 lines modifiedOffset 3210, 16 lines modified
3210 ······-·no_reboot_needed3210 ······-·no_reboot_needed
  
3211 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg3211 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
3212 ······stat:3212 ······stat:
3213 ········path:·/boot/grub2/grub.cfg3213 ········path:·/boot/grub2/grub.cfg
3214 ······register:·file_exists3214 ······register:·file_exists
3215 ······when:3215 ······when:
3216 ······-·'"grub2-common"·in·ansible_facts.packages' 
3217 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'3216 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 3217 ······-·'"grub2-common"·in·ansible_facts.packages'
3218 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3218 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3219 ······tags:3219 ······tags:
3220 ······-·CJIS-5.5.2.23220 ······-·CJIS-5.5.2.2
3221 ······-·NIST-800-171-3.4.53221 ······-·NIST-800-171-3.4.5
3222 ······-·NIST-800-53-AC-6(1)3222 ······-·NIST-800-53-AC-6(1)
3223 ······-·NIST-800-53-CM-6(a)3223 ······-·NIST-800-53-CM-6(a)
3224 ······-·PCI-DSS-Req-7.13224 ······-·PCI-DSS-Req-7.1
Offset 3231, 16 lines modifiedOffset 3231, 16 lines modified
3231 ······-·no_reboot_needed3231 ······-·no_reboot_needed
  
3232 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg3232 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
3233 ······file:3233 ······file:
3234 ········path:·/boot/grub2/grub.cfg3234 ········path:·/boot/grub2/grub.cfg
3235 ········group:·'0'3235 ········group:·'0'
3236 ······when:3236 ······when:
3237 ······-·'"grub2-common"·in·ansible_facts.packages' 
3238 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'3237 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 3238 ······-·'"grub2-common"·in·ansible_facts.packages'
3239 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3239 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3240 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists3240 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
3241 ······tags:3241 ······tags:
3242 ······-·CJIS-5.5.2.23242 ······-·CJIS-5.5.2.2
3243 ······-·NIST-800-171-3.4.53243 ······-·NIST-800-171-3.4.5
3244 ······-·NIST-800-53-AC-6(1)3244 ······-·NIST-800-53-AC-6(1)
3245 ······-·NIST-800-53-CM-6(a)3245 ······-·NIST-800-53-CM-6(a)
Offset 3270, 16 lines modifiedOffset 3270, 16 lines modified
3270 ······-·no_reboot_needed3270 ······-·no_reboot_needed
  
3271 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg3271 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
3272 ······stat:3272 ······stat:
3273 ········path:·/boot/grub2/grub.cfg3273 ········path:·/boot/grub2/grub.cfg
3274 ······register:·file_exists3274 ······register:·file_exists
3275 ······when:3275 ······when:
3276 ······-·'"grub2-common"·in·ansible_facts.packages' 
3277 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'3276 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 3277 ······-·'"grub2-common"·in·ansible_facts.packages'
3278 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3278 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3279 ······tags:3279 ······tags:
3280 ······-·CJIS-5.5.2.23280 ······-·CJIS-5.5.2.2
3281 ······-·NIST-800-171-3.4.53281 ······-·NIST-800-171-3.4.5
3282 ······-·NIST-800-53-AC-6(1)3282 ······-·NIST-800-53-AC-6(1)
3283 ······-·NIST-800-53-CM-6(a)3283 ······-·NIST-800-53-CM-6(a)
3284 ······-·PCI-DSS-Req-7.13284 ······-·PCI-DSS-Req-7.1
Offset 3291, 16 lines modifiedOffset 3291, 16 lines modified
3291 ······-·no_reboot_needed3291 ······-·no_reboot_needed
  
3292 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg3292 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
3293 ······file:3293 ······file:
3294 ········path:·/boot/grub2/grub.cfg3294 ········path:·/boot/grub2/grub.cfg
3295 ········owner:·'0'3295 ········owner:·'0'
3296 ······when:3296 ······when:
3297 ······-·'"grub2-common"·in·ansible_facts.packages' 
3298 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'3297 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 3298 ······-·'"grub2-common"·in·ansible_facts.packages'
3299 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3299 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3300 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists3300 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
3301 ······tags:3301 ······tags:
3302 ······-·CJIS-5.5.2.23302 ······-·CJIS-5.5.2.2
3303 ······-·NIST-800-171-3.4.53303 ······-·NIST-800-171-3.4.5
3304 ······-·NIST-800-53-AC-6(1)3304 ······-·NIST-800-53-AC-6(1)
3305 ······-·NIST-800-53-CM-6(a)3305 ······-·NIST-800-53-CM-6(a)
Offset 3328, 16 lines modifiedOffset 3328, 16 lines modified
3328 ······-·no_reboot_needed3328 ······-·no_reboot_needed
  
3329 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg3329 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
3330 ······stat:3330 ······stat:
3331 ········path:·/boot/grub2/grub.cfg3331 ········path:·/boot/grub2/grub.cfg
3332 ······register:·file_exists3332 ······register:·file_exists
3333 ······when:3333 ······when:
3334 ······-·'"grub2-common"·in·ansible_facts.packages' 
3335 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'3334 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 3335 ······-·'"grub2-common"·in·ansible_facts.packages'
3336 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3336 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3337 ······tags:3337 ······tags:
3338 ······-·NIST-800-171-3.4.53338 ······-·NIST-800-171-3.4.5
3339 ······-·NIST-800-53-AC-6(1)3339 ······-·NIST-800-53-AC-6(1)
3340 ······-·NIST-800-53-CM-6(a)3340 ······-·NIST-800-53-CM-6(a)
3341 ······-·configure_strategy3341 ······-·configure_strategy
3342 ······-·file_permissions_grub2_cfg3342 ······-·file_permissions_grub2_cfg
Offset 3347, 16 lines modifiedOffset 3347, 16 lines modified
3347 ······-·no_reboot_needed3347 ······-·no_reboot_needed
  
3348 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg3348 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
3349 ······file:3349 ······file:
3350 ········path:·/boot/grub2/grub.cfg3350 ········path:·/boot/grub2/grub.cfg
3351 ········mode:·u-xs,g-xwrs,o-xwrt3351 ········mode:·u-xs,g-xwrs,o-xwrt
3352 ······when:3352 ······when:
3353 ······-·'"grub2-common"·in·ansible_facts.packages' 
3354 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'3353 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 3354 ······-·'"grub2-common"·in·ansible_facts.packages'
3355 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3355 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3356 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists3356 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
3357 ······tags:3357 ······tags:
3358 ······-·NIST-800-171-3.4.53358 ······-·NIST-800-171-3.4.5
3359 ······-·NIST-800-53-AC-6(1)3359 ······-·NIST-800-53-AC-6(1)
3360 ······-·NIST-800-53-CM-6(a)3360 ······-·NIST-800-53-CM-6(a)
3361 ······-·configure_strategy3361 ······-·configure_strategy
78.9 KB
./usr/share/scap-security-guide/ansible/centos8-playbook-standard.yml
Ordering differences only
    
Offset 817, 16 lines modifiedOffset 817, 16 lines modified
817 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/817 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
818 ······find:818 ······find:
819 ········paths:·/etc/audit/rules.d819 ········paths:·/etc/audit/rules.d
820 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+820 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
821 ········patterns:·'*.rules'821 ········patterns:·'*.rules'
822 ······register:·find_existing_watch_rules_d822 ······register:·find_existing_watch_rules_d
823 ······when:823 ······when:
824 ······-·'"audit"·in·ansible_facts.packages' 
825 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]824 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 825 ······-·'"audit"·in·ansible_facts.packages'
826 ······tags:826 ······tags:
827 ······-·CJIS-5.4.1.1827 ······-·CJIS-5.4.1.1
828 ······-·NIST-800-171-3.1.8828 ······-·NIST-800-171-3.1.8
829 ······-·NIST-800-53-AU-12(c)829 ······-·NIST-800-53-AU-12(c)
830 ······-·NIST-800-53-AU-2(d)830 ······-·NIST-800-53-AU-2(d)
831 ······-·NIST-800-53-CM-6(a)831 ······-·NIST-800-53-CM-6(a)
832 ······-·PCI-DSS-Req-10.5.5832 ······-·PCI-DSS-Req-10.5.5
Offset 840, 16 lines modifiedOffset 840, 16 lines modified
840 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy840 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
841 ······find:841 ······find:
842 ········paths:·/etc/audit/rules.d842 ········paths:·/etc/audit/rules.d
843 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$843 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
844 ········patterns:·'*.rules'844 ········patterns:·'*.rules'
845 ······register:·find_watch_key845 ······register:·find_watch_key
846 ······when:846 ······when:
847 ······-·'"audit"·in·ansible_facts.packages' 
848 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]847 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 848 ······-·'"audit"·in·ansible_facts.packages'
849 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched849 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
850 ········==·0850 ········==·0
851 ······tags:851 ······tags:
852 ······-·CJIS-5.4.1.1852 ······-·CJIS-5.4.1.1
853 ······-·NIST-800-171-3.1.8853 ······-·NIST-800-171-3.1.8
854 ······-·NIST-800-53-AU-12(c)854 ······-·NIST-800-53-AU-12(c)
855 ······-·NIST-800-53-AU-2(d)855 ······-·NIST-800-53-AU-2(d)
Offset 863, 16 lines modifiedOffset 863, 16 lines modified
863 ······-·restrict_strategy863 ······-·restrict_strategy
  
864 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule864 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
865 ······set_fact:865 ······set_fact:
866 ········all_files:866 ········all_files:
867 ········-·/etc/audit/rules.d/MAC-policy.rules867 ········-·/etc/audit/rules.d/MAC-policy.rules
868 ······when:868 ······when:
869 ······-·'"audit"·in·ansible_facts.packages' 
870 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]869 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 870 ······-·'"audit"·in·ansible_facts.packages'
871 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched871 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
872 ········is·defined·and·find_existing_watch_rules_d.matched·==·0872 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
873 ······tags:873 ······tags:
874 ······-·CJIS-5.4.1.1874 ······-·CJIS-5.4.1.1
875 ······-·NIST-800-171-3.1.8875 ······-·NIST-800-171-3.1.8
876 ······-·NIST-800-53-AU-12(c)876 ······-·NIST-800-53-AU-12(c)
877 ······-·NIST-800-53-AU-2(d)877 ······-·NIST-800-53-AU-2(d)
Offset 886, 16 lines modifiedOffset 886, 16 lines modified
886 ······-·restrict_strategy886 ······-·restrict_strategy
  
887 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule887 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
888 ······set_fact:888 ······set_fact:
889 ········all_files:889 ········all_files:
890 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'890 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
891 ······when:891 ······when:
892 ······-·'"audit"·in·ansible_facts.packages' 
893 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]892 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 893 ······-·'"audit"·in·ansible_facts.packages'
894 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched894 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
895 ········is·defined·and·find_existing_watch_rules_d.matched·==·0895 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
896 ······tags:896 ······tags:
897 ······-·CJIS-5.4.1.1897 ······-·CJIS-5.4.1.1
898 ······-·NIST-800-171-3.1.8898 ······-·NIST-800-171-3.1.8
899 ······-·NIST-800-53-AU-12(c)899 ······-·NIST-800-53-AU-12(c)
900 ······-·NIST-800-53-AU-2(d)900 ······-·NIST-800-53-AU-2(d)
Offset 911, 16 lines modifiedOffset 911, 16 lines modified
911 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/911 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
912 ······lineinfile:912 ······lineinfile:
913 ········path:·'{{·all_files[0]·}}'913 ········path:·'{{·all_files[0]·}}'
914 ········line:·-w·/etc/selinux/·-p·wa·-k·MAC-policy914 ········line:·-w·/etc/selinux/·-p·wa·-k·MAC-policy
915 ········create:·true915 ········create:·true
916 ········mode:·'0640'916 ········mode:·'0640'
917 ······when:917 ······when:
918 ······-·'"audit"·in·ansible_facts.packages' 
919 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]918 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 919 ······-·'"audit"·in·ansible_facts.packages'
920 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched920 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
921 ········==·0921 ········==·0
922 ······tags:922 ······tags:
923 ······-·CJIS-5.4.1.1923 ······-·CJIS-5.4.1.1
924 ······-·NIST-800-171-3.1.8924 ······-·NIST-800-171-3.1.8
925 ······-·NIST-800-53-AU-12(c)925 ······-·NIST-800-53-AU-12(c)
926 ······-·NIST-800-53-AU-2(d)926 ······-·NIST-800-53-AU-2(d)
Offset 936, 16 lines modifiedOffset 936, 16 lines modified
936 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/audit.rules936 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/audit.rules
937 ······find:937 ······find:
938 ········paths:·/etc/audit/938 ········paths:·/etc/audit/
939 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+939 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
940 ········patterns:·audit.rules940 ········patterns:·audit.rules
941 ······register:·find_existing_watch_audit_rules941 ······register:·find_existing_watch_audit_rules
942 ······when:942 ······when:
943 ······-·'"audit"·in·ansible_facts.packages' 
944 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]943 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 944 ······-·'"audit"·in·ansible_facts.packages'
945 ······tags:945 ······tags:
946 ······-·CJIS-5.4.1.1946 ······-·CJIS-5.4.1.1
947 ······-·NIST-800-171-3.1.8947 ······-·NIST-800-171-3.1.8
948 ······-·NIST-800-53-AU-12(c)948 ······-·NIST-800-53-AU-12(c)
949 ······-·NIST-800-53-AU-2(d)949 ······-·NIST-800-53-AU-2(d)
950 ······-·NIST-800-53-CM-6(a)950 ······-·NIST-800-53-CM-6(a)
951 ······-·PCI-DSS-Req-10.5.5951 ······-·PCI-DSS-Req-10.5.5
Offset 960, 16 lines modifiedOffset 960, 16 lines modified
960 ······lineinfile:960 ······lineinfile:
961 ········line:·-w·/etc/selinux/·-p·wa·-k·MAC-policy961 ········line:·-w·/etc/selinux/·-p·wa·-k·MAC-policy
962 ········state:·present962 ········state:·present
963 ········dest:·/etc/audit/audit.rules963 ········dest:·/etc/audit/audit.rules
964 ········create:·true964 ········create:·true
965 ········mode:·'0640'965 ········mode:·'0640'
966 ······when:966 ······when:
967 ······-·'"audit"·in·ansible_facts.packages' 
968 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]967 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 968 ······-·'"audit"·in·ansible_facts.packages'
969 ······-·find_existing_watch_audit_rules.matched·is·defined·and·find_existing_watch_audit_rules.matched969 ······-·find_existing_watch_audit_rules.matched·is·defined·and·find_existing_watch_audit_rules.matched
970 ········==·0970 ········==·0
971 ······tags:971 ······tags:
972 ······-·CJIS-5.4.1.1972 ······-·CJIS-5.4.1.1
973 ······-·NIST-800-171-3.1.8973 ······-·NIST-800-171-3.1.8
974 ······-·NIST-800-53-AU-12(c)974 ······-·NIST-800-53-AU-12(c)
975 ······-·NIST-800-53-AU-2(d)975 ······-·NIST-800-53-AU-2(d)
Offset 1002, 16 lines modifiedOffset 1002, 16 lines modified
1002 ······-·reboot_required1002 ······-·reboot_required
Max diff block lines reached; 75801/80669 bytes (93.97%) of diff not shown.
131 KB
./usr/share/scap-security-guide/ansible/centos8-playbook-stig.yml
Ordering differences only
    
Offset 11479, 16 lines modifiedOffset 11479, 16 lines modified
  
11479 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension11479 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
11480 ······find:11480 ······find:
11481 ········paths:·/etc/audit/rules.d/11481 ········paths:·/etc/audit/rules.d/
11482 ········patterns:·'*.rules'11482 ········patterns:·'*.rules'
11483 ······register:·find_rules_d11483 ······register:·find_rules_d
11484 ······when:11484 ······when:
11485 ······-·'"audit"·in·ansible_facts.packages' 
11486 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]11485 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 11486 ······-·'"audit"·in·ansible_facts.packages'
11487 ······tags:11487 ······tags:
11488 ······-·CJIS-5.4.1.111488 ······-·CJIS-5.4.1.1
11489 ······-·DISA-STIG-RHEL-08-03012111489 ······-·DISA-STIG-RHEL-08-030121
11490 ······-·NIST-800-171-3.3.111490 ······-·NIST-800-171-3.3.1
11491 ······-·NIST-800-171-3.4.311491 ······-·NIST-800-171-3.4.3
11492 ······-·NIST-800-53-AC-6(9)11492 ······-·NIST-800-53-AC-6(9)
11493 ······-·NIST-800-53-CM-6(a)11493 ······-·NIST-800-53-CM-6(a)
Offset 11504, 16 lines modifiedOffset 11504, 16 lines modified
11504 ······lineinfile:11504 ······lineinfile:
11505 ········path:·'{{·item·}}'11505 ········path:·'{{·item·}}'
11506 ········regexp:·^\s*(?:-e)\s+.*$11506 ········regexp:·^\s*(?:-e)\s+.*$
11507 ········state:·absent11507 ········state:·absent
11508 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']11508 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
11509 ········}}'11509 ········}}'
11510 ······when:11510 ······when:
11511 ······-·'"audit"·in·ansible_facts.packages' 
11512 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]11511 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 11512 ······-·'"audit"·in·ansible_facts.packages'
11513 ······tags:11513 ······tags:
11514 ······-·CJIS-5.4.1.111514 ······-·CJIS-5.4.1.1
11515 ······-·DISA-STIG-RHEL-08-03012111515 ······-·DISA-STIG-RHEL-08-030121
11516 ······-·NIST-800-171-3.3.111516 ······-·NIST-800-171-3.3.1
11517 ······-·NIST-800-171-3.4.311517 ······-·NIST-800-171-3.4.3
11518 ······-·NIST-800-53-AC-6(9)11518 ······-·NIST-800-53-AC-6(9)
11519 ······-·NIST-800-53-CM-6(a)11519 ······-·NIST-800-53-CM-6(a)
Offset 11531, 16 lines modifiedOffset 11531, 16 lines modified
11531 ········create:·true11531 ········create:·true
11532 ········line:·-e·211532 ········line:·-e·2
11533 ········mode:·o-rwx11533 ········mode:·o-rwx
11534 ······loop:11534 ······loop:
11535 ······-·/etc/audit/audit.rules11535 ······-·/etc/audit/audit.rules
11536 ······-·/etc/audit/rules.d/immutable.rules11536 ······-·/etc/audit/rules.d/immutable.rules
11537 ······when:11537 ······when:
11538 ······-·'"audit"·in·ansible_facts.packages' 
11539 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]11538 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 11539 ······-·'"audit"·in·ansible_facts.packages'
11540 ······tags:11540 ······tags:
11541 ······-·CJIS-5.4.1.111541 ······-·CJIS-5.4.1.1
11542 ······-·DISA-STIG-RHEL-08-03012111542 ······-·DISA-STIG-RHEL-08-030121
11543 ······-·NIST-800-171-3.3.111543 ······-·NIST-800-171-3.3.1
11544 ······-·NIST-800-171-3.4.311544 ······-·NIST-800-171-3.4.3
11545 ······-·NIST-800-53-AC-6(9)11545 ······-·NIST-800-53-AC-6(9)
11546 ······-·NIST-800-53-CM-6(a)11546 ······-·NIST-800-53-CM-6(a)
Offset 11572, 16 lines modifiedOffset 11572, 16 lines modified
11572 ······-·reboot_required11572 ······-·reboot_required
11573 ······-·restrict_strategy11573 ······-·restrict_strategy
  
11574 ····-·name:·Set·architecture·for·audit·mount·tasks11574 ····-·name:·Set·architecture·for·audit·mount·tasks
11575 ······set_fact:11575 ······set_fact:
11576 ········audit_arch:·b6411576 ········audit_arch:·b64
11577 ······when:11577 ······when:
11578 ······-·'"audit"·in·ansible_facts.packages' 
11579 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]11578 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 11579 ······-·'"audit"·in·ansible_facts.packages'
11580 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture11580 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
11581 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"11581 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
11582 ······tags:11582 ······tags:
11583 ······-·CJIS-5.4.1.111583 ······-·CJIS-5.4.1.1
11584 ······-·DISA-STIG-RHEL-08-03030211584 ······-·DISA-STIG-RHEL-08-030302
11585 ······-·NIST-800-171-3.1.711585 ······-·NIST-800-171-3.1.7
11586 ······-·NIST-800-53-AC-6(9)11586 ······-·NIST-800-53-AC-6(9)
Offset 11713, 16 lines modifiedOffset 11713, 16 lines modified
11713 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100011713 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
11714 ············-F·auid!=unset·-F·key=perm_mod11714 ············-F·auid!=unset·-F·key=perm_mod
11715 ··········create:·true11715 ··········create:·true
11716 ··········mode:·o-rwx11716 ··········mode:·o-rwx
11717 ··········state:·present11717 ··········state:·present
11718 ········when:·syscalls_found·|·length·==·011718 ········when:·syscalls_found·|·length·==·0
11719 ······when:11719 ······when:
11720 ······-·'"audit"·in·ansible_facts.packages' 
11721 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]11720 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 11721 ······-·'"audit"·in·ansible_facts.packages'
11722 ······tags:11722 ······tags:
11723 ······-·CJIS-5.4.1.111723 ······-·CJIS-5.4.1.1
11724 ······-·DISA-STIG-RHEL-08-03030211724 ······-·DISA-STIG-RHEL-08-030302
11725 ······-·NIST-800-171-3.1.711725 ······-·NIST-800-171-3.1.7
11726 ······-·NIST-800-53-AC-6(9)11726 ······-·NIST-800-53-AC-6(9)
11727 ······-·NIST-800-53-AU-12(c)11727 ······-·NIST-800-53-AU-12(c)
11728 ······-·NIST-800-53-AU-2(d)11728 ······-·NIST-800-53-AU-2(d)
Offset 11852, 16 lines modifiedOffset 11852, 16 lines modified
11852 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100011852 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
11853 ············-F·auid!=unset·-F·key=perm_mod11853 ············-F·auid!=unset·-F·key=perm_mod
11854 ··········create:·true11854 ··········create:·true
11855 ··········mode:·o-rwx11855 ··········mode:·o-rwx
11856 ··········state:·present11856 ··········state:·present
11857 ········when:·syscalls_found·|·length·==·011857 ········when:·syscalls_found·|·length·==·0
11858 ······when:11858 ······when:
11859 ······-·'"audit"·in·ansible_facts.packages' 
11860 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]11859 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 11860 ······-·'"audit"·in·ansible_facts.packages'
11861 ······-·audit_arch·==·"b64"11861 ······-·audit_arch·==·"b64"
11862 ······tags:11862 ······tags:
11863 ······-·CJIS-5.4.1.111863 ······-·CJIS-5.4.1.1
11864 ······-·DISA-STIG-RHEL-08-03030211864 ······-·DISA-STIG-RHEL-08-030302
11865 ······-·NIST-800-171-3.1.711865 ······-·NIST-800-171-3.1.7
11866 ······-·NIST-800-53-AC-6(9)11866 ······-·NIST-800-53-AC-6(9)
11867 ······-·NIST-800-53-AU-12(c)11867 ······-·NIST-800-53-AU-12(c)
Offset 11891, 16 lines modifiedOffset 11891, 16 lines modified
11891 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/11891 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
11892 ······find:11892 ······find:
11893 ········paths:·/etc/audit/rules.d11893 ········paths:·/etc/audit/rules.d
11894 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+11894 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
11895 ········patterns:·'*.rules'11895 ········patterns:·'*.rules'
11896 ······register:·find_existing_watch_rules_d11896 ······register:·find_existing_watch_rules_d
11897 ······when:11897 ······when:
11898 ······-·'"audit"·in·ansible_facts.packages' 
11899 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]11898 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 11899 ······-·'"audit"·in·ansible_facts.packages'
11900 ······tags:11900 ······tags:
11901 ······-·DISA-STIG-RHEL-08-03017111901 ······-·DISA-STIG-RHEL-08-030171
11902 ······-·audit_rules_sudoers11902 ······-·audit_rules_sudoers
11903 ······-·low_complexity11903 ······-·low_complexity
11904 ······-·low_disruption11904 ······-·low_disruption
11905 ······-·medium_severity11905 ······-·medium_severity
11906 ······-·no_reboot_needed11906 ······-·no_reboot_needed
Offset 11909, 16 lines modifiedOffset 11909, 16 lines modified
11909 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions11909 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
Max diff block lines reached; 129677/134251 bytes (96.59%) of diff not shown.
131 KB
./usr/share/scap-security-guide/ansible/centos8-playbook-stig_gui.yml
Ordering differences only
    
Offset 11470, 16 lines modifiedOffset 11470, 16 lines modified
  
11470 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension11470 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
11471 ······find:11471 ······find:
11472 ········paths:·/etc/audit/rules.d/11472 ········paths:·/etc/audit/rules.d/
11473 ········patterns:·'*.rules'11473 ········patterns:·'*.rules'
11474 ······register:·find_rules_d11474 ······register:·find_rules_d
11475 ······when:11475 ······when:
11476 ······-·'"audit"·in·ansible_facts.packages' 
11477 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]11476 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 11477 ······-·'"audit"·in·ansible_facts.packages'
11478 ······tags:11478 ······tags:
11479 ······-·CJIS-5.4.1.111479 ······-·CJIS-5.4.1.1
11480 ······-·DISA-STIG-RHEL-08-03012111480 ······-·DISA-STIG-RHEL-08-030121
11481 ······-·NIST-800-171-3.3.111481 ······-·NIST-800-171-3.3.1
11482 ······-·NIST-800-171-3.4.311482 ······-·NIST-800-171-3.4.3
11483 ······-·NIST-800-53-AC-6(9)11483 ······-·NIST-800-53-AC-6(9)
11484 ······-·NIST-800-53-CM-6(a)11484 ······-·NIST-800-53-CM-6(a)
Offset 11495, 16 lines modifiedOffset 11495, 16 lines modified
11495 ······lineinfile:11495 ······lineinfile:
11496 ········path:·'{{·item·}}'11496 ········path:·'{{·item·}}'
11497 ········regexp:·^\s*(?:-e)\s+.*$11497 ········regexp:·^\s*(?:-e)\s+.*$
11498 ········state:·absent11498 ········state:·absent
11499 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']11499 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
11500 ········}}'11500 ········}}'
11501 ······when:11501 ······when:
11502 ······-·'"audit"·in·ansible_facts.packages' 
11503 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]11502 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 11503 ······-·'"audit"·in·ansible_facts.packages'
11504 ······tags:11504 ······tags:
11505 ······-·CJIS-5.4.1.111505 ······-·CJIS-5.4.1.1
11506 ······-·DISA-STIG-RHEL-08-03012111506 ······-·DISA-STIG-RHEL-08-030121
11507 ······-·NIST-800-171-3.3.111507 ······-·NIST-800-171-3.3.1
11508 ······-·NIST-800-171-3.4.311508 ······-·NIST-800-171-3.4.3
11509 ······-·NIST-800-53-AC-6(9)11509 ······-·NIST-800-53-AC-6(9)
11510 ······-·NIST-800-53-CM-6(a)11510 ······-·NIST-800-53-CM-6(a)
Offset 11522, 16 lines modifiedOffset 11522, 16 lines modified
11522 ········create:·true11522 ········create:·true
11523 ········line:·-e·211523 ········line:·-e·2
11524 ········mode:·o-rwx11524 ········mode:·o-rwx
11525 ······loop:11525 ······loop:
11526 ······-·/etc/audit/audit.rules11526 ······-·/etc/audit/audit.rules
11527 ······-·/etc/audit/rules.d/immutable.rules11527 ······-·/etc/audit/rules.d/immutable.rules
11528 ······when:11528 ······when:
11529 ······-·'"audit"·in·ansible_facts.packages' 
11530 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]11529 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 11530 ······-·'"audit"·in·ansible_facts.packages'
11531 ······tags:11531 ······tags:
11532 ······-·CJIS-5.4.1.111532 ······-·CJIS-5.4.1.1
11533 ······-·DISA-STIG-RHEL-08-03012111533 ······-·DISA-STIG-RHEL-08-030121
11534 ······-·NIST-800-171-3.3.111534 ······-·NIST-800-171-3.3.1
11535 ······-·NIST-800-171-3.4.311535 ······-·NIST-800-171-3.4.3
11536 ······-·NIST-800-53-AC-6(9)11536 ······-·NIST-800-53-AC-6(9)
11537 ······-·NIST-800-53-CM-6(a)11537 ······-·NIST-800-53-CM-6(a)
Offset 11563, 16 lines modifiedOffset 11563, 16 lines modified
11563 ······-·reboot_required11563 ······-·reboot_required
11564 ······-·restrict_strategy11564 ······-·restrict_strategy
  
11565 ····-·name:·Set·architecture·for·audit·mount·tasks11565 ····-·name:·Set·architecture·for·audit·mount·tasks
11566 ······set_fact:11566 ······set_fact:
11567 ········audit_arch:·b6411567 ········audit_arch:·b64
11568 ······when:11568 ······when:
11569 ······-·'"audit"·in·ansible_facts.packages' 
11570 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]11569 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 11570 ······-·'"audit"·in·ansible_facts.packages'
11571 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture11571 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
11572 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"11572 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
11573 ······tags:11573 ······tags:
11574 ······-·CJIS-5.4.1.111574 ······-·CJIS-5.4.1.1
11575 ······-·DISA-STIG-RHEL-08-03030211575 ······-·DISA-STIG-RHEL-08-030302
11576 ······-·NIST-800-171-3.1.711576 ······-·NIST-800-171-3.1.7
11577 ······-·NIST-800-53-AC-6(9)11577 ······-·NIST-800-53-AC-6(9)
Offset 11704, 16 lines modifiedOffset 11704, 16 lines modified
11704 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100011704 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
11705 ············-F·auid!=unset·-F·key=perm_mod11705 ············-F·auid!=unset·-F·key=perm_mod
11706 ··········create:·true11706 ··········create:·true
11707 ··········mode:·o-rwx11707 ··········mode:·o-rwx
11708 ··········state:·present11708 ··········state:·present
11709 ········when:·syscalls_found·|·length·==·011709 ········when:·syscalls_found·|·length·==·0
11710 ······when:11710 ······when:
11711 ······-·'"audit"·in·ansible_facts.packages' 
11712 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]11711 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 11712 ······-·'"audit"·in·ansible_facts.packages'
11713 ······tags:11713 ······tags:
11714 ······-·CJIS-5.4.1.111714 ······-·CJIS-5.4.1.1
11715 ······-·DISA-STIG-RHEL-08-03030211715 ······-·DISA-STIG-RHEL-08-030302
11716 ······-·NIST-800-171-3.1.711716 ······-·NIST-800-171-3.1.7
11717 ······-·NIST-800-53-AC-6(9)11717 ······-·NIST-800-53-AC-6(9)
11718 ······-·NIST-800-53-AU-12(c)11718 ······-·NIST-800-53-AU-12(c)
11719 ······-·NIST-800-53-AU-2(d)11719 ······-·NIST-800-53-AU-2(d)
Offset 11843, 16 lines modifiedOffset 11843, 16 lines modified
11843 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100011843 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
11844 ············-F·auid!=unset·-F·key=perm_mod11844 ············-F·auid!=unset·-F·key=perm_mod
11845 ··········create:·true11845 ··········create:·true
11846 ··········mode:·o-rwx11846 ··········mode:·o-rwx
11847 ··········state:·present11847 ··········state:·present
11848 ········when:·syscalls_found·|·length·==·011848 ········when:·syscalls_found·|·length·==·0
11849 ······when:11849 ······when:
11850 ······-·'"audit"·in·ansible_facts.packages' 
11851 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]11850 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 11851 ······-·'"audit"·in·ansible_facts.packages'
11852 ······-·audit_arch·==·"b64"11852 ······-·audit_arch·==·"b64"
11853 ······tags:11853 ······tags:
11854 ······-·CJIS-5.4.1.111854 ······-·CJIS-5.4.1.1
11855 ······-·DISA-STIG-RHEL-08-03030211855 ······-·DISA-STIG-RHEL-08-030302
11856 ······-·NIST-800-171-3.1.711856 ······-·NIST-800-171-3.1.7
11857 ······-·NIST-800-53-AC-6(9)11857 ······-·NIST-800-53-AC-6(9)
11858 ······-·NIST-800-53-AU-12(c)11858 ······-·NIST-800-53-AU-12(c)
Offset 11882, 16 lines modifiedOffset 11882, 16 lines modified
11882 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/11882 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
11883 ······find:11883 ······find:
11884 ········paths:·/etc/audit/rules.d11884 ········paths:·/etc/audit/rules.d
11885 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+11885 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
11886 ········patterns:·'*.rules'11886 ········patterns:·'*.rules'
11887 ······register:·find_existing_watch_rules_d11887 ······register:·find_existing_watch_rules_d
11888 ······when:11888 ······when:
11889 ······-·'"audit"·in·ansible_facts.packages' 
11890 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]11889 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 11890 ······-·'"audit"·in·ansible_facts.packages'
11891 ······tags:11891 ······tags:
11892 ······-·DISA-STIG-RHEL-08-03017111892 ······-·DISA-STIG-RHEL-08-030171
11893 ······-·audit_rules_sudoers11893 ······-·audit_rules_sudoers
11894 ······-·low_complexity11894 ······-·low_complexity
11895 ······-·low_disruption11895 ······-·low_disruption
11896 ······-·medium_severity11896 ······-·medium_severity
11897 ······-·no_reboot_needed11897 ······-·no_reboot_needed
Offset 11900, 16 lines modifiedOffset 11900, 16 lines modified
11900 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions11900 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
Max diff block lines reached; 129677/134251 bytes (96.59%) of diff not shown.
13.2 KB
./usr/share/scap-security-guide/ansible/cs9-playbook-cis.yml
Ordering differences only
    
Offset 21394, 16 lines modifiedOffset 21394, 16 lines modified
21394 ······-·no_reboot_needed21394 ······-·no_reboot_needed
  
21395 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg21395 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
21396 ······stat:21396 ······stat:
21397 ········path:·/boot/grub2/grub.cfg21397 ········path:·/boot/grub2/grub.cfg
21398 ······register:·file_exists21398 ······register:·file_exists
21399 ······when:21399 ······when:
21400 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21401 ······-·'"grub2-common"·in·ansible_facts.packages'21400 ······-·'"grub2-common"·in·ansible_facts.packages'
 21401 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21402 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21402 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21403 ······tags:21403 ······tags:
21404 ······-·CJIS-5.5.2.221404 ······-·CJIS-5.5.2.2
21405 ······-·NIST-800-171-3.4.521405 ······-·NIST-800-171-3.4.5
21406 ······-·NIST-800-53-AC-6(1)21406 ······-·NIST-800-53-AC-6(1)
21407 ······-·NIST-800-53-CM-6(a)21407 ······-·NIST-800-53-CM-6(a)
21408 ······-·PCI-DSS-Req-7.121408 ······-·PCI-DSS-Req-7.1
Offset 21415, 16 lines modifiedOffset 21415, 16 lines modified
21415 ······-·no_reboot_needed21415 ······-·no_reboot_needed
  
21416 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg21416 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
21417 ······file:21417 ······file:
21418 ········path:·/boot/grub2/grub.cfg21418 ········path:·/boot/grub2/grub.cfg
21419 ········group:·'0'21419 ········group:·'0'
21420 ······when:21420 ······when:
21421 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21422 ······-·'"grub2-common"·in·ansible_facts.packages'21421 ······-·'"grub2-common"·in·ansible_facts.packages'
 21422 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21423 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21423 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21424 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists21424 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
21425 ······tags:21425 ······tags:
21426 ······-·CJIS-5.5.2.221426 ······-·CJIS-5.5.2.2
21427 ······-·NIST-800-171-3.4.521427 ······-·NIST-800-171-3.4.5
21428 ······-·NIST-800-53-AC-6(1)21428 ······-·NIST-800-53-AC-6(1)
21429 ······-·NIST-800-53-CM-6(a)21429 ······-·NIST-800-53-CM-6(a)
Offset 21454, 16 lines modifiedOffset 21454, 16 lines modified
21454 ······-·no_reboot_needed21454 ······-·no_reboot_needed
  
21455 ····-·name:·Test·for·existence·/boot/grub2/user.cfg21455 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
21456 ······stat:21456 ······stat:
21457 ········path:·/boot/grub2/user.cfg21457 ········path:·/boot/grub2/user.cfg
21458 ······register:·file_exists21458 ······register:·file_exists
21459 ······when:21459 ······when:
21460 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21461 ······-·'"grub2-common"·in·ansible_facts.packages'21460 ······-·'"grub2-common"·in·ansible_facts.packages'
 21461 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21462 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21462 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21463 ······tags:21463 ······tags:
21464 ······-·CJIS-5.5.2.221464 ······-·CJIS-5.5.2.2
21465 ······-·NIST-800-171-3.4.521465 ······-·NIST-800-171-3.4.5
21466 ······-·NIST-800-53-AC-6(1)21466 ······-·NIST-800-53-AC-6(1)
21467 ······-·NIST-800-53-CM-6(a)21467 ······-·NIST-800-53-CM-6(a)
21468 ······-·PCI-DSS-Req-7.121468 ······-·PCI-DSS-Req-7.1
Offset 21475, 16 lines modifiedOffset 21475, 16 lines modified
21475 ······-·no_reboot_needed21475 ······-·no_reboot_needed
  
21476 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg21476 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
21477 ······file:21477 ······file:
21478 ········path:·/boot/grub2/user.cfg21478 ········path:·/boot/grub2/user.cfg
21479 ········group:·'0'21479 ········group:·'0'
21480 ······when:21480 ······when:
21481 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21482 ······-·'"grub2-common"·in·ansible_facts.packages'21481 ······-·'"grub2-common"·in·ansible_facts.packages'
 21482 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21483 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21483 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21484 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists21484 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
21485 ······tags:21485 ······tags:
21486 ······-·CJIS-5.5.2.221486 ······-·CJIS-5.5.2.2
21487 ······-·NIST-800-171-3.4.521487 ······-·NIST-800-171-3.4.5
21488 ······-·NIST-800-53-AC-6(1)21488 ······-·NIST-800-53-AC-6(1)
21489 ······-·NIST-800-53-CM-6(a)21489 ······-·NIST-800-53-CM-6(a)
Offset 21514, 16 lines modifiedOffset 21514, 16 lines modified
21514 ······-·no_reboot_needed21514 ······-·no_reboot_needed
  
21515 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg21515 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
21516 ······stat:21516 ······stat:
21517 ········path:·/boot/grub2/grub.cfg21517 ········path:·/boot/grub2/grub.cfg
21518 ······register:·file_exists21518 ······register:·file_exists
21519 ······when:21519 ······when:
21520 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21521 ······-·'"grub2-common"·in·ansible_facts.packages'21520 ······-·'"grub2-common"·in·ansible_facts.packages'
 21521 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21522 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21522 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21523 ······tags:21523 ······tags:
21524 ······-·CJIS-5.5.2.221524 ······-·CJIS-5.5.2.2
21525 ······-·NIST-800-171-3.4.521525 ······-·NIST-800-171-3.4.5
21526 ······-·NIST-800-53-AC-6(1)21526 ······-·NIST-800-53-AC-6(1)
21527 ······-·NIST-800-53-CM-6(a)21527 ······-·NIST-800-53-CM-6(a)
21528 ······-·PCI-DSS-Req-7.121528 ······-·PCI-DSS-Req-7.1
Offset 21535, 16 lines modifiedOffset 21535, 16 lines modified
21535 ······-·no_reboot_needed21535 ······-·no_reboot_needed
  
21536 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg21536 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
21537 ······file:21537 ······file:
21538 ········path:·/boot/grub2/grub.cfg21538 ········path:·/boot/grub2/grub.cfg
21539 ········owner:·'0'21539 ········owner:·'0'
21540 ······when:21540 ······when:
21541 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21542 ······-·'"grub2-common"·in·ansible_facts.packages'21541 ······-·'"grub2-common"·in·ansible_facts.packages'
 21542 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21543 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21543 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21544 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists21544 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
21545 ······tags:21545 ······tags:
21546 ······-·CJIS-5.5.2.221546 ······-·CJIS-5.5.2.2
21547 ······-·NIST-800-171-3.4.521547 ······-·NIST-800-171-3.4.5
21548 ······-·NIST-800-53-AC-6(1)21548 ······-·NIST-800-53-AC-6(1)
21549 ······-·NIST-800-53-CM-6(a)21549 ······-·NIST-800-53-CM-6(a)
Offset 21574, 16 lines modifiedOffset 21574, 16 lines modified
21574 ······-·no_reboot_needed21574 ······-·no_reboot_needed
  
21575 ····-·name:·Test·for·existence·/boot/grub2/user.cfg21575 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
21576 ······stat:21576 ······stat:
21577 ········path:·/boot/grub2/user.cfg21577 ········path:·/boot/grub2/user.cfg
21578 ······register:·file_exists21578 ······register:·file_exists
21579 ······when:21579 ······when:
21580 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21581 ······-·'"grub2-common"·in·ansible_facts.packages'21580 ······-·'"grub2-common"·in·ansible_facts.packages'
 21581 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21582 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21582 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21583 ······tags:21583 ······tags:
21584 ······-·CJIS-5.5.2.221584 ······-·CJIS-5.5.2.2
21585 ······-·NIST-800-171-3.4.521585 ······-·NIST-800-171-3.4.5
21586 ······-·NIST-800-53-AC-6(1)21586 ······-·NIST-800-53-AC-6(1)
21587 ······-·NIST-800-53-CM-6(a)21587 ······-·NIST-800-53-CM-6(a)
21588 ······-·PCI-DSS-Req-7.121588 ······-·PCI-DSS-Req-7.1
Offset 21595, 16 lines modifiedOffset 21595, 16 lines modified
21595 ······-·no_reboot_needed21595 ······-·no_reboot_needed
Max diff block lines reached; 8723/13394 bytes (65.13%) of diff not shown.
13.2 KB
./usr/share/scap-security-guide/ansible/cs9-playbook-cis_server_l1.yml
Ordering differences only
    
Offset 5057, 16 lines modifiedOffset 5057, 16 lines modified
5057 ······-·no_reboot_needed5057 ······-·no_reboot_needed
  
5058 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg5058 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
5059 ······stat:5059 ······stat:
5060 ········path:·/boot/grub2/grub.cfg5060 ········path:·/boot/grub2/grub.cfg
5061 ······register:·file_exists5061 ······register:·file_exists
5062 ······when:5062 ······when:
5063 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5064 ······-·'"grub2-common"·in·ansible_facts.packages'5063 ······-·'"grub2-common"·in·ansible_facts.packages'
 5064 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5065 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5065 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5066 ······tags:5066 ······tags:
5067 ······-·CJIS-5.5.2.25067 ······-·CJIS-5.5.2.2
5068 ······-·NIST-800-171-3.4.55068 ······-·NIST-800-171-3.4.5
5069 ······-·NIST-800-53-AC-6(1)5069 ······-·NIST-800-53-AC-6(1)
5070 ······-·NIST-800-53-CM-6(a)5070 ······-·NIST-800-53-CM-6(a)
5071 ······-·PCI-DSS-Req-7.15071 ······-·PCI-DSS-Req-7.1
Offset 5078, 16 lines modifiedOffset 5078, 16 lines modified
5078 ······-·no_reboot_needed5078 ······-·no_reboot_needed
  
5079 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg5079 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
5080 ······file:5080 ······file:
5081 ········path:·/boot/grub2/grub.cfg5081 ········path:·/boot/grub2/grub.cfg
5082 ········group:·'0'5082 ········group:·'0'
5083 ······when:5083 ······when:
5084 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5085 ······-·'"grub2-common"·in·ansible_facts.packages'5084 ······-·'"grub2-common"·in·ansible_facts.packages'
 5085 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5086 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5086 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5087 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5087 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5088 ······tags:5088 ······tags:
5089 ······-·CJIS-5.5.2.25089 ······-·CJIS-5.5.2.2
5090 ······-·NIST-800-171-3.4.55090 ······-·NIST-800-171-3.4.5
5091 ······-·NIST-800-53-AC-6(1)5091 ······-·NIST-800-53-AC-6(1)
5092 ······-·NIST-800-53-CM-6(a)5092 ······-·NIST-800-53-CM-6(a)
Offset 5117, 16 lines modifiedOffset 5117, 16 lines modified
5117 ······-·no_reboot_needed5117 ······-·no_reboot_needed
  
5118 ····-·name:·Test·for·existence·/boot/grub2/user.cfg5118 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
5119 ······stat:5119 ······stat:
5120 ········path:·/boot/grub2/user.cfg5120 ········path:·/boot/grub2/user.cfg
5121 ······register:·file_exists5121 ······register:·file_exists
5122 ······when:5122 ······when:
5123 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5124 ······-·'"grub2-common"·in·ansible_facts.packages'5123 ······-·'"grub2-common"·in·ansible_facts.packages'
 5124 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5125 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5125 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5126 ······tags:5126 ······tags:
5127 ······-·CJIS-5.5.2.25127 ······-·CJIS-5.5.2.2
5128 ······-·NIST-800-171-3.4.55128 ······-·NIST-800-171-3.4.5
5129 ······-·NIST-800-53-AC-6(1)5129 ······-·NIST-800-53-AC-6(1)
5130 ······-·NIST-800-53-CM-6(a)5130 ······-·NIST-800-53-CM-6(a)
5131 ······-·PCI-DSS-Req-7.15131 ······-·PCI-DSS-Req-7.1
Offset 5138, 16 lines modifiedOffset 5138, 16 lines modified
5138 ······-·no_reboot_needed5138 ······-·no_reboot_needed
  
5139 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg5139 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
5140 ······file:5140 ······file:
5141 ········path:·/boot/grub2/user.cfg5141 ········path:·/boot/grub2/user.cfg
5142 ········group:·'0'5142 ········group:·'0'
5143 ······when:5143 ······when:
5144 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5145 ······-·'"grub2-common"·in·ansible_facts.packages'5144 ······-·'"grub2-common"·in·ansible_facts.packages'
 5145 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5146 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5146 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5147 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5147 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5148 ······tags:5148 ······tags:
5149 ······-·CJIS-5.5.2.25149 ······-·CJIS-5.5.2.2
5150 ······-·NIST-800-171-3.4.55150 ······-·NIST-800-171-3.4.5
5151 ······-·NIST-800-53-AC-6(1)5151 ······-·NIST-800-53-AC-6(1)
5152 ······-·NIST-800-53-CM-6(a)5152 ······-·NIST-800-53-CM-6(a)
Offset 5177, 16 lines modifiedOffset 5177, 16 lines modified
5177 ······-·no_reboot_needed5177 ······-·no_reboot_needed
  
5178 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg5178 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
5179 ······stat:5179 ······stat:
5180 ········path:·/boot/grub2/grub.cfg5180 ········path:·/boot/grub2/grub.cfg
5181 ······register:·file_exists5181 ······register:·file_exists
5182 ······when:5182 ······when:
5183 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5184 ······-·'"grub2-common"·in·ansible_facts.packages'5183 ······-·'"grub2-common"·in·ansible_facts.packages'
 5184 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5185 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5185 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5186 ······tags:5186 ······tags:
5187 ······-·CJIS-5.5.2.25187 ······-·CJIS-5.5.2.2
5188 ······-·NIST-800-171-3.4.55188 ······-·NIST-800-171-3.4.5
5189 ······-·NIST-800-53-AC-6(1)5189 ······-·NIST-800-53-AC-6(1)
5190 ······-·NIST-800-53-CM-6(a)5190 ······-·NIST-800-53-CM-6(a)
5191 ······-·PCI-DSS-Req-7.15191 ······-·PCI-DSS-Req-7.1
Offset 5198, 16 lines modifiedOffset 5198, 16 lines modified
5198 ······-·no_reboot_needed5198 ······-·no_reboot_needed
  
5199 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg5199 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
5200 ······file:5200 ······file:
5201 ········path:·/boot/grub2/grub.cfg5201 ········path:·/boot/grub2/grub.cfg
5202 ········owner:·'0'5202 ········owner:·'0'
5203 ······when:5203 ······when:
5204 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5205 ······-·'"grub2-common"·in·ansible_facts.packages'5204 ······-·'"grub2-common"·in·ansible_facts.packages'
 5205 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5206 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5206 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5207 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5207 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5208 ······tags:5208 ······tags:
5209 ······-·CJIS-5.5.2.25209 ······-·CJIS-5.5.2.2
5210 ······-·NIST-800-171-3.4.55210 ······-·NIST-800-171-3.4.5
5211 ······-·NIST-800-53-AC-6(1)5211 ······-·NIST-800-53-AC-6(1)
5212 ······-·NIST-800-53-CM-6(a)5212 ······-·NIST-800-53-CM-6(a)
Offset 5237, 16 lines modifiedOffset 5237, 16 lines modified
5237 ······-·no_reboot_needed5237 ······-·no_reboot_needed
  
5238 ····-·name:·Test·for·existence·/boot/grub2/user.cfg5238 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
5239 ······stat:5239 ······stat:
5240 ········path:·/boot/grub2/user.cfg5240 ········path:·/boot/grub2/user.cfg
5241 ······register:·file_exists5241 ······register:·file_exists
5242 ······when:5242 ······when:
5243 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5244 ······-·'"grub2-common"·in·ansible_facts.packages'5243 ······-·'"grub2-common"·in·ansible_facts.packages'
 5244 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5245 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5245 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5246 ······tags:5246 ······tags:
5247 ······-·CJIS-5.5.2.25247 ······-·CJIS-5.5.2.2
5248 ······-·NIST-800-171-3.4.55248 ······-·NIST-800-171-3.4.5
5249 ······-·NIST-800-53-AC-6(1)5249 ······-·NIST-800-53-AC-6(1)
5250 ······-·NIST-800-53-CM-6(a)5250 ······-·NIST-800-53-CM-6(a)
5251 ······-·PCI-DSS-Req-7.15251 ······-·PCI-DSS-Req-7.1
Offset 5258, 16 lines modifiedOffset 5258, 16 lines modified
5258 ······-·no_reboot_needed5258 ······-·no_reboot_needed
Max diff block lines reached; 8699/13354 bytes (65.14%) of diff not shown.
13.2 KB
./usr/share/scap-security-guide/ansible/cs9-playbook-cis_workstation_l1.yml
Ordering differences only
    
Offset 5057, 16 lines modifiedOffset 5057, 16 lines modified
5057 ······-·no_reboot_needed5057 ······-·no_reboot_needed
  
5058 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg5058 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
5059 ······stat:5059 ······stat:
5060 ········path:·/boot/grub2/grub.cfg5060 ········path:·/boot/grub2/grub.cfg
5061 ······register:·file_exists5061 ······register:·file_exists
5062 ······when:5062 ······when:
5063 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5064 ······-·'"grub2-common"·in·ansible_facts.packages'5063 ······-·'"grub2-common"·in·ansible_facts.packages'
 5064 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5065 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5065 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5066 ······tags:5066 ······tags:
5067 ······-·CJIS-5.5.2.25067 ······-·CJIS-5.5.2.2
5068 ······-·NIST-800-171-3.4.55068 ······-·NIST-800-171-3.4.5
5069 ······-·NIST-800-53-AC-6(1)5069 ······-·NIST-800-53-AC-6(1)
5070 ······-·NIST-800-53-CM-6(a)5070 ······-·NIST-800-53-CM-6(a)
5071 ······-·PCI-DSS-Req-7.15071 ······-·PCI-DSS-Req-7.1
Offset 5078, 16 lines modifiedOffset 5078, 16 lines modified
5078 ······-·no_reboot_needed5078 ······-·no_reboot_needed
  
5079 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg5079 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
5080 ······file:5080 ······file:
5081 ········path:·/boot/grub2/grub.cfg5081 ········path:·/boot/grub2/grub.cfg
5082 ········group:·'0'5082 ········group:·'0'
5083 ······when:5083 ······when:
5084 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5085 ······-·'"grub2-common"·in·ansible_facts.packages'5084 ······-·'"grub2-common"·in·ansible_facts.packages'
 5085 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5086 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5086 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5087 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5087 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5088 ······tags:5088 ······tags:
5089 ······-·CJIS-5.5.2.25089 ······-·CJIS-5.5.2.2
5090 ······-·NIST-800-171-3.4.55090 ······-·NIST-800-171-3.4.5
5091 ······-·NIST-800-53-AC-6(1)5091 ······-·NIST-800-53-AC-6(1)
5092 ······-·NIST-800-53-CM-6(a)5092 ······-·NIST-800-53-CM-6(a)
Offset 5117, 16 lines modifiedOffset 5117, 16 lines modified
5117 ······-·no_reboot_needed5117 ······-·no_reboot_needed
  
5118 ····-·name:·Test·for·existence·/boot/grub2/user.cfg5118 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
5119 ······stat:5119 ······stat:
5120 ········path:·/boot/grub2/user.cfg5120 ········path:·/boot/grub2/user.cfg
5121 ······register:·file_exists5121 ······register:·file_exists
5122 ······when:5122 ······when:
5123 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5124 ······-·'"grub2-common"·in·ansible_facts.packages'5123 ······-·'"grub2-common"·in·ansible_facts.packages'
 5124 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5125 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5125 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5126 ······tags:5126 ······tags:
5127 ······-·CJIS-5.5.2.25127 ······-·CJIS-5.5.2.2
5128 ······-·NIST-800-171-3.4.55128 ······-·NIST-800-171-3.4.5
5129 ······-·NIST-800-53-AC-6(1)5129 ······-·NIST-800-53-AC-6(1)
5130 ······-·NIST-800-53-CM-6(a)5130 ······-·NIST-800-53-CM-6(a)
5131 ······-·PCI-DSS-Req-7.15131 ······-·PCI-DSS-Req-7.1
Offset 5138, 16 lines modifiedOffset 5138, 16 lines modified
5138 ······-·no_reboot_needed5138 ······-·no_reboot_needed
  
5139 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg5139 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
5140 ······file:5140 ······file:
5141 ········path:·/boot/grub2/user.cfg5141 ········path:·/boot/grub2/user.cfg
5142 ········group:·'0'5142 ········group:·'0'
5143 ······when:5143 ······when:
5144 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5145 ······-·'"grub2-common"·in·ansible_facts.packages'5144 ······-·'"grub2-common"·in·ansible_facts.packages'
 5145 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5146 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5146 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5147 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5147 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5148 ······tags:5148 ······tags:
5149 ······-·CJIS-5.5.2.25149 ······-·CJIS-5.5.2.2
5150 ······-·NIST-800-171-3.4.55150 ······-·NIST-800-171-3.4.5
5151 ······-·NIST-800-53-AC-6(1)5151 ······-·NIST-800-53-AC-6(1)
5152 ······-·NIST-800-53-CM-6(a)5152 ······-·NIST-800-53-CM-6(a)
Offset 5177, 16 lines modifiedOffset 5177, 16 lines modified
5177 ······-·no_reboot_needed5177 ······-·no_reboot_needed
  
5178 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg5178 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
5179 ······stat:5179 ······stat:
5180 ········path:·/boot/grub2/grub.cfg5180 ········path:·/boot/grub2/grub.cfg
5181 ······register:·file_exists5181 ······register:·file_exists
5182 ······when:5182 ······when:
5183 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5184 ······-·'"grub2-common"·in·ansible_facts.packages'5183 ······-·'"grub2-common"·in·ansible_facts.packages'
 5184 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5185 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5185 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5186 ······tags:5186 ······tags:
5187 ······-·CJIS-5.5.2.25187 ······-·CJIS-5.5.2.2
5188 ······-·NIST-800-171-3.4.55188 ······-·NIST-800-171-3.4.5
5189 ······-·NIST-800-53-AC-6(1)5189 ······-·NIST-800-53-AC-6(1)
5190 ······-·NIST-800-53-CM-6(a)5190 ······-·NIST-800-53-CM-6(a)
5191 ······-·PCI-DSS-Req-7.15191 ······-·PCI-DSS-Req-7.1
Offset 5198, 16 lines modifiedOffset 5198, 16 lines modified
5198 ······-·no_reboot_needed5198 ······-·no_reboot_needed
  
5199 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg5199 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
5200 ······file:5200 ······file:
5201 ········path:·/boot/grub2/grub.cfg5201 ········path:·/boot/grub2/grub.cfg
5202 ········owner:·'0'5202 ········owner:·'0'
5203 ······when:5203 ······when:
5204 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5205 ······-·'"grub2-common"·in·ansible_facts.packages'5204 ······-·'"grub2-common"·in·ansible_facts.packages'
 5205 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5206 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5206 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5207 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5207 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5208 ······tags:5208 ······tags:
5209 ······-·CJIS-5.5.2.25209 ······-·CJIS-5.5.2.2
5210 ······-·NIST-800-171-3.4.55210 ······-·NIST-800-171-3.4.5
5211 ······-·NIST-800-53-AC-6(1)5211 ······-·NIST-800-53-AC-6(1)
5212 ······-·NIST-800-53-CM-6(a)5212 ······-·NIST-800-53-CM-6(a)
Offset 5237, 16 lines modifiedOffset 5237, 16 lines modified
5237 ······-·no_reboot_needed5237 ······-·no_reboot_needed
  
5238 ····-·name:·Test·for·existence·/boot/grub2/user.cfg5238 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
5239 ······stat:5239 ······stat:
5240 ········path:·/boot/grub2/user.cfg5240 ········path:·/boot/grub2/user.cfg
5241 ······register:·file_exists5241 ······register:·file_exists
5242 ······when:5242 ······when:
5243 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5244 ······-·'"grub2-common"·in·ansible_facts.packages'5243 ······-·'"grub2-common"·in·ansible_facts.packages'
 5244 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5245 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5245 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5246 ······tags:5246 ······tags:
5247 ······-·CJIS-5.5.2.25247 ······-·CJIS-5.5.2.2
5248 ······-·NIST-800-171-3.4.55248 ······-·NIST-800-171-3.4.5
5249 ······-·NIST-800-53-AC-6(1)5249 ······-·NIST-800-53-AC-6(1)
5250 ······-·NIST-800-53-CM-6(a)5250 ······-·NIST-800-53-CM-6(a)
5251 ······-·PCI-DSS-Req-7.15251 ······-·PCI-DSS-Req-7.1
Offset 5258, 16 lines modifiedOffset 5258, 16 lines modified
5258 ······-·no_reboot_needed5258 ······-·no_reboot_needed
Max diff block lines reached; 8699/13354 bytes (65.14%) of diff not shown.
13.3 KB
./usr/share/scap-security-guide/ansible/cs9-playbook-cis_workstation_l2.yml
Ordering differences only
    
Offset 21394, 16 lines modifiedOffset 21394, 16 lines modified
21394 ······-·no_reboot_needed21394 ······-·no_reboot_needed
  
21395 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg21395 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
21396 ······stat:21396 ······stat:
21397 ········path:·/boot/grub2/grub.cfg21397 ········path:·/boot/grub2/grub.cfg
21398 ······register:·file_exists21398 ······register:·file_exists
21399 ······when:21399 ······when:
21400 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21401 ······-·'"grub2-common"·in·ansible_facts.packages'21400 ······-·'"grub2-common"·in·ansible_facts.packages'
 21401 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21402 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21402 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21403 ······tags:21403 ······tags:
21404 ······-·CJIS-5.5.2.221404 ······-·CJIS-5.5.2.2
21405 ······-·NIST-800-171-3.4.521405 ······-·NIST-800-171-3.4.5
21406 ······-·NIST-800-53-AC-6(1)21406 ······-·NIST-800-53-AC-6(1)
21407 ······-·NIST-800-53-CM-6(a)21407 ······-·NIST-800-53-CM-6(a)
21408 ······-·PCI-DSS-Req-7.121408 ······-·PCI-DSS-Req-7.1
Offset 21415, 16 lines modifiedOffset 21415, 16 lines modified
21415 ······-·no_reboot_needed21415 ······-·no_reboot_needed
  
21416 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg21416 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
21417 ······file:21417 ······file:
21418 ········path:·/boot/grub2/grub.cfg21418 ········path:·/boot/grub2/grub.cfg
21419 ········group:·'0'21419 ········group:·'0'
21420 ······when:21420 ······when:
21421 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21422 ······-·'"grub2-common"·in·ansible_facts.packages'21421 ······-·'"grub2-common"·in·ansible_facts.packages'
 21422 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21423 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21423 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21424 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists21424 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
21425 ······tags:21425 ······tags:
21426 ······-·CJIS-5.5.2.221426 ······-·CJIS-5.5.2.2
21427 ······-·NIST-800-171-3.4.521427 ······-·NIST-800-171-3.4.5
21428 ······-·NIST-800-53-AC-6(1)21428 ······-·NIST-800-53-AC-6(1)
21429 ······-·NIST-800-53-CM-6(a)21429 ······-·NIST-800-53-CM-6(a)
Offset 21454, 16 lines modifiedOffset 21454, 16 lines modified
21454 ······-·no_reboot_needed21454 ······-·no_reboot_needed
  
21455 ····-·name:·Test·for·existence·/boot/grub2/user.cfg21455 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
21456 ······stat:21456 ······stat:
21457 ········path:·/boot/grub2/user.cfg21457 ········path:·/boot/grub2/user.cfg
21458 ······register:·file_exists21458 ······register:·file_exists
21459 ······when:21459 ······when:
21460 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21461 ······-·'"grub2-common"·in·ansible_facts.packages'21460 ······-·'"grub2-common"·in·ansible_facts.packages'
 21461 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21462 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21462 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21463 ······tags:21463 ······tags:
21464 ······-·CJIS-5.5.2.221464 ······-·CJIS-5.5.2.2
21465 ······-·NIST-800-171-3.4.521465 ······-·NIST-800-171-3.4.5
21466 ······-·NIST-800-53-AC-6(1)21466 ······-·NIST-800-53-AC-6(1)
21467 ······-·NIST-800-53-CM-6(a)21467 ······-·NIST-800-53-CM-6(a)
21468 ······-·PCI-DSS-Req-7.121468 ······-·PCI-DSS-Req-7.1
Offset 21475, 16 lines modifiedOffset 21475, 16 lines modified
21475 ······-·no_reboot_needed21475 ······-·no_reboot_needed
  
21476 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg21476 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
21477 ······file:21477 ······file:
21478 ········path:·/boot/grub2/user.cfg21478 ········path:·/boot/grub2/user.cfg
21479 ········group:·'0'21479 ········group:·'0'
21480 ······when:21480 ······when:
21481 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21482 ······-·'"grub2-common"·in·ansible_facts.packages'21481 ······-·'"grub2-common"·in·ansible_facts.packages'
 21482 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21483 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21483 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21484 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists21484 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
21485 ······tags:21485 ······tags:
21486 ······-·CJIS-5.5.2.221486 ······-·CJIS-5.5.2.2
21487 ······-·NIST-800-171-3.4.521487 ······-·NIST-800-171-3.4.5
21488 ······-·NIST-800-53-AC-6(1)21488 ······-·NIST-800-53-AC-6(1)
21489 ······-·NIST-800-53-CM-6(a)21489 ······-·NIST-800-53-CM-6(a)
Offset 21514, 16 lines modifiedOffset 21514, 16 lines modified
21514 ······-·no_reboot_needed21514 ······-·no_reboot_needed
  
21515 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg21515 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
21516 ······stat:21516 ······stat:
21517 ········path:·/boot/grub2/grub.cfg21517 ········path:·/boot/grub2/grub.cfg
21518 ······register:·file_exists21518 ······register:·file_exists
21519 ······when:21519 ······when:
21520 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21521 ······-·'"grub2-common"·in·ansible_facts.packages'21520 ······-·'"grub2-common"·in·ansible_facts.packages'
 21521 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21522 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21522 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21523 ······tags:21523 ······tags:
21524 ······-·CJIS-5.5.2.221524 ······-·CJIS-5.5.2.2
21525 ······-·NIST-800-171-3.4.521525 ······-·NIST-800-171-3.4.5
21526 ······-·NIST-800-53-AC-6(1)21526 ······-·NIST-800-53-AC-6(1)
21527 ······-·NIST-800-53-CM-6(a)21527 ······-·NIST-800-53-CM-6(a)
21528 ······-·PCI-DSS-Req-7.121528 ······-·PCI-DSS-Req-7.1
Offset 21535, 16 lines modifiedOffset 21535, 16 lines modified
21535 ······-·no_reboot_needed21535 ······-·no_reboot_needed
  
21536 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg21536 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
21537 ······file:21537 ······file:
21538 ········path:·/boot/grub2/grub.cfg21538 ········path:·/boot/grub2/grub.cfg
21539 ········owner:·'0'21539 ········owner:·'0'
21540 ······when:21540 ······when:
21541 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21542 ······-·'"grub2-common"·in·ansible_facts.packages'21541 ······-·'"grub2-common"·in·ansible_facts.packages'
 21542 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21543 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21543 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21544 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists21544 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
21545 ······tags:21545 ······tags:
21546 ······-·CJIS-5.5.2.221546 ······-·CJIS-5.5.2.2
21547 ······-·NIST-800-171-3.4.521547 ······-·NIST-800-171-3.4.5
21548 ······-·NIST-800-53-AC-6(1)21548 ······-·NIST-800-53-AC-6(1)
21549 ······-·NIST-800-53-CM-6(a)21549 ······-·NIST-800-53-CM-6(a)
Offset 21574, 16 lines modifiedOffset 21574, 16 lines modified
21574 ······-·no_reboot_needed21574 ······-·no_reboot_needed
  
21575 ····-·name:·Test·for·existence·/boot/grub2/user.cfg21575 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
21576 ······stat:21576 ······stat:
21577 ········path:·/boot/grub2/user.cfg21577 ········path:·/boot/grub2/user.cfg
21578 ······register:·file_exists21578 ······register:·file_exists
21579 ······when:21579 ······when:
21580 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21581 ······-·'"grub2-common"·in·ansible_facts.packages'21580 ······-·'"grub2-common"·in·ansible_facts.packages'
 21581 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21582 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21582 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21583 ······tags:21583 ······tags:
21584 ······-·CJIS-5.5.2.221584 ······-·CJIS-5.5.2.2
21585 ······-·NIST-800-171-3.4.521585 ······-·NIST-800-171-3.4.5
21586 ······-·NIST-800-53-AC-6(1)21586 ······-·NIST-800-53-AC-6(1)
21587 ······-·NIST-800-53-CM-6(a)21587 ······-·NIST-800-53-CM-6(a)
21588 ······-·PCI-DSS-Req-7.121588 ······-·PCI-DSS-Req-7.1
Offset 21595, 16 lines modifiedOffset 21595, 16 lines modified
21595 ······-·no_reboot_needed21595 ······-·no_reboot_needed
Max diff block lines reached; 8723/13394 bytes (65.13%) of diff not shown.
2.73 KB
./usr/share/scap-security-guide/ansible/cs9-playbook-hipaa.yml
Ordering differences only
    
Offset 21916, 16 lines modifiedOffset 21916, 16 lines modified
21916 ······-·no_reboot_needed21916 ······-·no_reboot_needed
  
21917 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg21917 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
21918 ······stat:21918 ······stat:
21919 ········path:·/boot/grub2/grub.cfg21919 ········path:·/boot/grub2/grub.cfg
21920 ······register:·file_exists21920 ······register:·file_exists
21921 ······when:21921 ······when:
21922 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21923 ······-·'"grub2-common"·in·ansible_facts.packages'21922 ······-·'"grub2-common"·in·ansible_facts.packages'
 21923 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21924 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21924 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21925 ······tags:21925 ······tags:
21926 ······-·CJIS-5.5.2.221926 ······-·CJIS-5.5.2.2
21927 ······-·NIST-800-171-3.4.521927 ······-·NIST-800-171-3.4.5
21928 ······-·NIST-800-53-AC-6(1)21928 ······-·NIST-800-53-AC-6(1)
21929 ······-·NIST-800-53-CM-6(a)21929 ······-·NIST-800-53-CM-6(a)
21930 ······-·PCI-DSS-Req-7.121930 ······-·PCI-DSS-Req-7.1
Offset 21937, 16 lines modifiedOffset 21937, 16 lines modified
21937 ······-·no_reboot_needed21937 ······-·no_reboot_needed
  
21938 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg21938 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
21939 ······file:21939 ······file:
21940 ········path:·/boot/grub2/grub.cfg21940 ········path:·/boot/grub2/grub.cfg
21941 ········group:·'0'21941 ········group:·'0'
21942 ······when:21942 ······when:
21943 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21944 ······-·'"grub2-common"·in·ansible_facts.packages'21943 ······-·'"grub2-common"·in·ansible_facts.packages'
 21944 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21945 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21945 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21946 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists21946 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
21947 ······tags:21947 ······tags:
21948 ······-·CJIS-5.5.2.221948 ······-·CJIS-5.5.2.2
21949 ······-·NIST-800-171-3.4.521949 ······-·NIST-800-171-3.4.5
21950 ······-·NIST-800-53-AC-6(1)21950 ······-·NIST-800-53-AC-6(1)
21951 ······-·NIST-800-53-CM-6(a)21951 ······-·NIST-800-53-CM-6(a)
Offset 21976, 16 lines modifiedOffset 21976, 16 lines modified
21976 ······-·no_reboot_needed21976 ······-·no_reboot_needed
  
21977 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg21977 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
21978 ······stat:21978 ······stat:
21979 ········path:·/boot/grub2/grub.cfg21979 ········path:·/boot/grub2/grub.cfg
21980 ······register:·file_exists21980 ······register:·file_exists
21981 ······when:21981 ······when:
21982 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21983 ······-·'"grub2-common"·in·ansible_facts.packages'21982 ······-·'"grub2-common"·in·ansible_facts.packages'
 21983 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21984 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21984 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21985 ······tags:21985 ······tags:
21986 ······-·CJIS-5.5.2.221986 ······-·CJIS-5.5.2.2
21987 ······-·NIST-800-171-3.4.521987 ······-·NIST-800-171-3.4.5
21988 ······-·NIST-800-53-AC-6(1)21988 ······-·NIST-800-53-AC-6(1)
21989 ······-·NIST-800-53-CM-6(a)21989 ······-·NIST-800-53-CM-6(a)
21990 ······-·PCI-DSS-Req-7.121990 ······-·PCI-DSS-Req-7.1
Offset 21997, 16 lines modifiedOffset 21997, 16 lines modified
21997 ······-·no_reboot_needed21997 ······-·no_reboot_needed
  
21998 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg21998 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
21999 ······file:21999 ······file:
22000 ········path:·/boot/grub2/grub.cfg22000 ········path:·/boot/grub2/grub.cfg
22001 ········owner:·'0'22001 ········owner:·'0'
22002 ······when:22002 ······when:
22003 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22004 ······-·'"grub2-common"·in·ansible_facts.packages'22003 ······-·'"grub2-common"·in·ansible_facts.packages'
 22004 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22005 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22005 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22006 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists22006 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
22007 ······tags:22007 ······tags:
22008 ······-·CJIS-5.5.2.222008 ······-·CJIS-5.5.2.2
22009 ······-·NIST-800-171-3.4.522009 ······-·NIST-800-171-3.4.5
22010 ······-·NIST-800-53-AC-6(1)22010 ······-·NIST-800-53-AC-6(1)
22011 ······-·NIST-800-53-CM-6(a)22011 ······-·NIST-800-53-CM-6(a)
2.73 KB
./usr/share/scap-security-guide/ansible/cs9-playbook-pci-dss.yml
Ordering differences only
    
Offset 22621, 16 lines modifiedOffset 22621, 16 lines modified
22621 ······-·no_reboot_needed22621 ······-·no_reboot_needed
  
22622 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg22622 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
22623 ······stat:22623 ······stat:
22624 ········path:·/boot/grub2/grub.cfg22624 ········path:·/boot/grub2/grub.cfg
22625 ······register:·file_exists22625 ······register:·file_exists
22626 ······when:22626 ······when:
22627 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22628 ······-·'"grub2-common"·in·ansible_facts.packages'22627 ······-·'"grub2-common"·in·ansible_facts.packages'
 22628 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22629 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22629 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22630 ······tags:22630 ······tags:
22631 ······-·CJIS-5.5.2.222631 ······-·CJIS-5.5.2.2
22632 ······-·NIST-800-171-3.4.522632 ······-·NIST-800-171-3.4.5
22633 ······-·NIST-800-53-AC-6(1)22633 ······-·NIST-800-53-AC-6(1)
22634 ······-·NIST-800-53-CM-6(a)22634 ······-·NIST-800-53-CM-6(a)
22635 ······-·PCI-DSS-Req-7.122635 ······-·PCI-DSS-Req-7.1
Offset 22642, 16 lines modifiedOffset 22642, 16 lines modified
22642 ······-·no_reboot_needed22642 ······-·no_reboot_needed
  
22643 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg22643 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
22644 ······file:22644 ······file:
22645 ········path:·/boot/grub2/grub.cfg22645 ········path:·/boot/grub2/grub.cfg
22646 ········group:·'0'22646 ········group:·'0'
22647 ······when:22647 ······when:
22648 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22649 ······-·'"grub2-common"·in·ansible_facts.packages'22648 ······-·'"grub2-common"·in·ansible_facts.packages'
 22649 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22650 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22650 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22651 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists22651 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
22652 ······tags:22652 ······tags:
22653 ······-·CJIS-5.5.2.222653 ······-·CJIS-5.5.2.2
22654 ······-·NIST-800-171-3.4.522654 ······-·NIST-800-171-3.4.5
22655 ······-·NIST-800-53-AC-6(1)22655 ······-·NIST-800-53-AC-6(1)
22656 ······-·NIST-800-53-CM-6(a)22656 ······-·NIST-800-53-CM-6(a)
Offset 22681, 16 lines modifiedOffset 22681, 16 lines modified
22681 ······-·no_reboot_needed22681 ······-·no_reboot_needed
  
22682 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg22682 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
22683 ······stat:22683 ······stat:
22684 ········path:·/boot/grub2/grub.cfg22684 ········path:·/boot/grub2/grub.cfg
22685 ······register:·file_exists22685 ······register:·file_exists
22686 ······when:22686 ······when:
22687 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22688 ······-·'"grub2-common"·in·ansible_facts.packages'22687 ······-·'"grub2-common"·in·ansible_facts.packages'
 22688 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22689 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22689 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22690 ······tags:22690 ······tags:
22691 ······-·CJIS-5.5.2.222691 ······-·CJIS-5.5.2.2
22692 ······-·NIST-800-171-3.4.522692 ······-·NIST-800-171-3.4.5
22693 ······-·NIST-800-53-AC-6(1)22693 ······-·NIST-800-53-AC-6(1)
22694 ······-·NIST-800-53-CM-6(a)22694 ······-·NIST-800-53-CM-6(a)
22695 ······-·PCI-DSS-Req-7.122695 ······-·PCI-DSS-Req-7.1
Offset 22702, 16 lines modifiedOffset 22702, 16 lines modified
22702 ······-·no_reboot_needed22702 ······-·no_reboot_needed
  
22703 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg22703 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
22704 ······file:22704 ······file:
22705 ········path:·/boot/grub2/grub.cfg22705 ········path:·/boot/grub2/grub.cfg
22706 ········owner:·'0'22706 ········owner:·'0'
22707 ······when:22707 ······when:
22708 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22709 ······-·'"grub2-common"·in·ansible_facts.packages'22708 ······-·'"grub2-common"·in·ansible_facts.packages'
 22709 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22710 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22710 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22711 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists22711 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
22712 ······tags:22712 ······tags:
22713 ······-·CJIS-5.5.2.222713 ······-·CJIS-5.5.2.2
22714 ······-·NIST-800-171-3.4.522714 ······-·NIST-800-171-3.4.5
22715 ······-·NIST-800-53-AC-6(1)22715 ······-·NIST-800-53-AC-6(1)
22716 ······-·NIST-800-53-CM-6(a)22716 ······-·NIST-800-53-CM-6(a)
2.07 KB
./usr/share/scap-security-guide/ansible/cs9-playbook-stig.yml
Ordering differences only
    
Offset 35153, 16 lines modifiedOffset 35153, 16 lines modified
35153 ······-·no_reboot_needed35153 ······-·no_reboot_needed
  
35154 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg35154 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
35155 ······stat:35155 ······stat:
35156 ········path:·/boot/grub2/grub.cfg35156 ········path:·/boot/grub2/grub.cfg
35157 ······register:·file_exists35157 ······register:·file_exists
35158 ······when:35158 ······when:
35159 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
35160 ······-·'"grub2-common"·in·ansible_facts.packages'35159 ······-·'"grub2-common"·in·ansible_facts.packages'
 35160 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
35161 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]35161 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
35162 ······tags:35162 ······tags:
35163 ······-·CJIS-5.5.2.235163 ······-·CJIS-5.5.2.2
35164 ······-·NIST-800-171-3.4.535164 ······-·NIST-800-171-3.4.5
35165 ······-·NIST-800-53-AC-6(1)35165 ······-·NIST-800-53-AC-6(1)
35166 ······-·NIST-800-53-CM-6(a)35166 ······-·NIST-800-53-CM-6(a)
35167 ······-·PCI-DSS-Req-7.135167 ······-·PCI-DSS-Req-7.1
Offset 35174, 16 lines modifiedOffset 35174, 16 lines modified
35174 ······-·no_reboot_needed35174 ······-·no_reboot_needed
  
35175 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg35175 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
35176 ······file:35176 ······file:
35177 ········path:·/boot/grub2/grub.cfg35177 ········path:·/boot/grub2/grub.cfg
35178 ········group:·'0'35178 ········group:·'0'
35179 ······when:35179 ······when:
35180 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
35181 ······-·'"grub2-common"·in·ansible_facts.packages'35180 ······-·'"grub2-common"·in·ansible_facts.packages'
 35181 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
35182 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]35182 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
35183 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists35183 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
35184 ······tags:35184 ······tags:
35185 ······-·CJIS-5.5.2.235185 ······-·CJIS-5.5.2.2
35186 ······-·NIST-800-171-3.4.535186 ······-·NIST-800-171-3.4.5
35187 ······-·NIST-800-53-AC-6(1)35187 ······-·NIST-800-53-AC-6(1)
35188 ······-·NIST-800-53-CM-6(a)35188 ······-·NIST-800-53-CM-6(a)
Offset 43513, 16 lines modifiedOffset 43513, 16 lines modified
43513 ········lineinfile:43513 ········lineinfile:
43514 ··········path:·/etc/postfix/main.cf43514 ··········path:·/etc/postfix/main.cf
43515 ··········create:·true43515 ··········create:·true
43516 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*43516 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
43517 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject43517 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject
43518 ··········state:·present43518 ··········state:·present
43519 ······when:43519 ······when:
43520 ······-·'"postfix"·in·ansible_facts.packages' 
43521 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]43520 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 43521 ······-·'"postfix"·in·ansible_facts.packages'
43522 ······tags:43522 ······tags:
43523 ······-·low_complexity43523 ······-·low_complexity
43524 ······-·low_disruption43524 ······-·low_disruption
43525 ······-·medium_severity43525 ······-·medium_severity
43526 ······-·no_reboot_needed43526 ······-·no_reboot_needed
43527 ······-·postfix_prevent_unrestricted_relay43527 ······-·postfix_prevent_unrestricted_relay
43528 ······-·restrict_strategy43528 ······-·restrict_strategy
2.08 KB
./usr/share/scap-security-guide/ansible/cs9-playbook-stig_gui.yml
Ordering differences only
    
Offset 35127, 16 lines modifiedOffset 35127, 16 lines modified
35127 ······-·no_reboot_needed35127 ······-·no_reboot_needed
  
35128 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg35128 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
35129 ······stat:35129 ······stat:
35130 ········path:·/boot/grub2/grub.cfg35130 ········path:·/boot/grub2/grub.cfg
35131 ······register:·file_exists35131 ······register:·file_exists
35132 ······when:35132 ······when:
35133 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
35134 ······-·'"grub2-common"·in·ansible_facts.packages'35133 ······-·'"grub2-common"·in·ansible_facts.packages'
 35134 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
35135 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]35135 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
35136 ······tags:35136 ······tags:
35137 ······-·CJIS-5.5.2.235137 ······-·CJIS-5.5.2.2
35138 ······-·NIST-800-171-3.4.535138 ······-·NIST-800-171-3.4.5
35139 ······-·NIST-800-53-AC-6(1)35139 ······-·NIST-800-53-AC-6(1)
35140 ······-·NIST-800-53-CM-6(a)35140 ······-·NIST-800-53-CM-6(a)
35141 ······-·PCI-DSS-Req-7.135141 ······-·PCI-DSS-Req-7.1
Offset 35148, 16 lines modifiedOffset 35148, 16 lines modified
35148 ······-·no_reboot_needed35148 ······-·no_reboot_needed
  
35149 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg35149 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
35150 ······file:35150 ······file:
35151 ········path:·/boot/grub2/grub.cfg35151 ········path:·/boot/grub2/grub.cfg
35152 ········group:·'0'35152 ········group:·'0'
35153 ······when:35153 ······when:
35154 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
35155 ······-·'"grub2-common"·in·ansible_facts.packages'35154 ······-·'"grub2-common"·in·ansible_facts.packages'
 35155 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
35156 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]35156 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
35157 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists35157 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
35158 ······tags:35158 ······tags:
35159 ······-·CJIS-5.5.2.235159 ······-·CJIS-5.5.2.2
35160 ······-·NIST-800-171-3.4.535160 ······-·NIST-800-171-3.4.5
35161 ······-·NIST-800-53-AC-6(1)35161 ······-·NIST-800-53-AC-6(1)
35162 ······-·NIST-800-53-CM-6(a)35162 ······-·NIST-800-53-CM-6(a)
Offset 43487, 16 lines modifiedOffset 43487, 16 lines modified
43487 ········lineinfile:43487 ········lineinfile:
43488 ··········path:·/etc/postfix/main.cf43488 ··········path:·/etc/postfix/main.cf
43489 ··········create:·true43489 ··········create:·true
43490 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*43490 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
43491 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject43491 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject
43492 ··········state:·present43492 ··········state:·present
43493 ······when:43493 ······when:
43494 ······-·'"postfix"·in·ansible_facts.packages' 
43495 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]43494 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 43495 ······-·'"postfix"·in·ansible_facts.packages'
43496 ······tags:43496 ······tags:
43497 ······-·low_complexity43497 ······-·low_complexity
43498 ······-·low_disruption43498 ······-·low_disruption
43499 ······-·medium_severity43499 ······-·medium_severity
43500 ······-·no_reboot_needed43500 ······-·no_reboot_needed
43501 ······-·postfix_prevent_unrestricted_relay43501 ······-·postfix_prevent_unrestricted_relay
43502 ······-·restrict_strategy43502 ······-·restrict_strategy
250 KB
./usr/share/scap-security-guide/ansible/fedora-playbook-ospp.yml
Ordering differences only
    
Offset 5154, 16 lines modifiedOffset 5154, 16 lines modified
5154 ······-·reboot_required5154 ······-·reboot_required
5155 ······-·restrict_strategy5155 ······-·restrict_strategy
  
5156 ····-·name:·Set·architecture·for·audit·open·tasks5156 ····-·name:·Set·architecture·for·audit·open·tasks
5157 ······set_fact:5157 ······set_fact:
5158 ········audit_arch:·b645158 ········audit_arch:·b64
5159 ······when:5159 ······when:
5160 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5161 ······-·'"audit"·in·ansible_facts.packages'5160 ······-·'"audit"·in·ansible_facts.packages'
 5161 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5162 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture5162 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
5163 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"5163 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
5164 ······tags:5164 ······tags:
5165 ······-·NIST-800-53-AC-2(4)5165 ······-·NIST-800-53-AC-2(4)
5166 ······-·NIST-800-53-AC-6(9)5166 ······-·NIST-800-53-AC-6(9)
5167 ······-·NIST-800-53-AU-12(c)5167 ······-·NIST-800-53-AU-12(c)
5168 ······-·NIST-800-53-AU-2(d)5168 ······-·NIST-800-53-AU-2(d)
Offset 5292, 16 lines modifiedOffset 5292, 16 lines modified
5292 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&03·-F·path=/etc/group5292 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&03·-F·path=/etc/group
5293 ············-F·auid>=1000·-F·auid!=unset·-F·key=modify5293 ············-F·auid>=1000·-F·auid!=unset·-F·key=modify
5294 ··········create:·true5294 ··········create:·true
5295 ··········mode:·o-rwx5295 ··········mode:·o-rwx
5296 ··········state:·present5296 ··········state:·present
5297 ········when:·syscalls_found·|·length·==·05297 ········when:·syscalls_found·|·length·==·0
5298 ······when:5298 ······when:
5299 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5300 ······-·'"audit"·in·ansible_facts.packages'5299 ······-·'"audit"·in·ansible_facts.packages'
 5300 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5301 ······tags:5301 ······tags:
5302 ······-·NIST-800-53-AC-2(4)5302 ······-·NIST-800-53-AC-2(4)
5303 ······-·NIST-800-53-AC-6(9)5303 ······-·NIST-800-53-AC-6(9)
5304 ······-·NIST-800-53-AU-12(c)5304 ······-·NIST-800-53-AU-12(c)
5305 ······-·NIST-800-53-AU-2(d)5305 ······-·NIST-800-53-AU-2(d)
5306 ······-·NIST-800-53-CM-6(a)5306 ······-·NIST-800-53-CM-6(a)
5307 ······-·audit_rules_etc_group_open5307 ······-·audit_rules_etc_group_open
Offset 5428, 16 lines modifiedOffset 5428, 16 lines modified
5428 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&03·-F·path=/etc/group5428 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&03·-F·path=/etc/group
5429 ············-F·auid>=1000·-F·auid!=unset·-F·key=modify5429 ············-F·auid>=1000·-F·auid!=unset·-F·key=modify
5430 ··········create:·true5430 ··········create:·true
5431 ··········mode:·o-rwx5431 ··········mode:·o-rwx
5432 ··········state:·present5432 ··········state:·present
5433 ········when:·syscalls_found·|·length·==·05433 ········when:·syscalls_found·|·length·==·0
5434 ······when:5434 ······when:
5435 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5436 ······-·'"audit"·in·ansible_facts.packages'5435 ······-·'"audit"·in·ansible_facts.packages'
 5436 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5437 ······-·audit_arch·==·"b64"5437 ······-·audit_arch·==·"b64"
5438 ······tags:5438 ······tags:
5439 ······-·NIST-800-53-AC-2(4)5439 ······-·NIST-800-53-AC-2(4)
5440 ······-·NIST-800-53-AC-6(9)5440 ······-·NIST-800-53-AC-6(9)
5441 ······-·NIST-800-53-AU-12(c)5441 ······-·NIST-800-53-AU-12(c)
5442 ······-·NIST-800-53-AU-2(d)5442 ······-·NIST-800-53-AU-2(d)
5443 ······-·NIST-800-53-CM-6(a)5443 ······-·NIST-800-53-CM-6(a)
Offset 5465, 16 lines modifiedOffset 5465, 16 lines modified
5465 ······-·reboot_required5465 ······-·reboot_required
5466 ······-·restrict_strategy5466 ······-·restrict_strategy
  
5467 ····-·name:·Set·architecture·for·audit·open_by_handle_at·tasks5467 ····-·name:·Set·architecture·for·audit·open_by_handle_at·tasks
5468 ······set_fact:5468 ······set_fact:
5469 ········audit_arch:·b645469 ········audit_arch:·b64
5470 ······when:5470 ······when:
5471 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5472 ······-·'"audit"·in·ansible_facts.packages'5471 ······-·'"audit"·in·ansible_facts.packages'
 5472 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5473 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture5473 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
5474 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"5474 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
5475 ······tags:5475 ······tags:
5476 ······-·NIST-800-53-AC-2(4)5476 ······-·NIST-800-53-AC-2(4)
5477 ······-·NIST-800-53-AC-6(9)5477 ······-·NIST-800-53-AC-6(9)
5478 ······-·NIST-800-53-AU-12(c)5478 ······-·NIST-800-53-AU-12(c)
5479 ······-·NIST-800-53-AU-2(d)5479 ······-·NIST-800-53-AU-2(d)
Offset 5603, 16 lines modifiedOffset 5603, 16 lines modified
5603 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&03·-F·path=/etc/group5603 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&03·-F·path=/etc/group
5604 ············-F·auid>=1000·-F·auid!=unset·-F·key=modify5604 ············-F·auid>=1000·-F·auid!=unset·-F·key=modify
5605 ··········create:·true5605 ··········create:·true
5606 ··········mode:·o-rwx5606 ··········mode:·o-rwx
5607 ··········state:·present5607 ··········state:·present
5608 ········when:·syscalls_found·|·length·==·05608 ········when:·syscalls_found·|·length·==·0
5609 ······when:5609 ······when:
5610 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5611 ······-·'"audit"·in·ansible_facts.packages'5610 ······-·'"audit"·in·ansible_facts.packages'
 5611 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5612 ······tags:5612 ······tags:
5613 ······-·NIST-800-53-AC-2(4)5613 ······-·NIST-800-53-AC-2(4)
5614 ······-·NIST-800-53-AC-6(9)5614 ······-·NIST-800-53-AC-6(9)
5615 ······-·NIST-800-53-AU-12(c)5615 ······-·NIST-800-53-AU-12(c)
5616 ······-·NIST-800-53-AU-2(d)5616 ······-·NIST-800-53-AU-2(d)
5617 ······-·NIST-800-53-CM-6(a)5617 ······-·NIST-800-53-CM-6(a)
5618 ······-·audit_rules_etc_group_open_by_handle_at5618 ······-·audit_rules_etc_group_open_by_handle_at
Offset 5739, 16 lines modifiedOffset 5739, 16 lines modified
5739 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&03·-F·path=/etc/group5739 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&03·-F·path=/etc/group
5740 ············-F·auid>=1000·-F·auid!=unset·-F·key=modify5740 ············-F·auid>=1000·-F·auid!=unset·-F·key=modify
5741 ··········create:·true5741 ··········create:·true
5742 ··········mode:·o-rwx5742 ··········mode:·o-rwx
5743 ··········state:·present5743 ··········state:·present
5744 ········when:·syscalls_found·|·length·==·05744 ········when:·syscalls_found·|·length·==·0
5745 ······when:5745 ······when:
5746 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5747 ······-·'"audit"·in·ansible_facts.packages'5746 ······-·'"audit"·in·ansible_facts.packages'
 5747 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5748 ······-·audit_arch·==·"b64"5748 ······-·audit_arch·==·"b64"
5749 ······tags:5749 ······tags:
5750 ······-·NIST-800-53-AC-2(4)5750 ······-·NIST-800-53-AC-2(4)
5751 ······-·NIST-800-53-AC-6(9)5751 ······-·NIST-800-53-AC-6(9)
5752 ······-·NIST-800-53-AU-12(c)5752 ······-·NIST-800-53-AU-12(c)
5753 ······-·NIST-800-53-AU-2(d)5753 ······-·NIST-800-53-AU-2(d)
5754 ······-·NIST-800-53-CM-6(a)5754 ······-·NIST-800-53-CM-6(a)
Offset 5776, 16 lines modifiedOffset 5776, 16 lines modified
5776 ······-·reboot_required5776 ······-·reboot_required
5777 ······-·restrict_strategy5777 ······-·restrict_strategy
  
5778 ····-·name:·Set·architecture·for·audit·openat·tasks5778 ····-·name:·Set·architecture·for·audit·openat·tasks
5779 ······set_fact:5779 ······set_fact:
5780 ········audit_arch:·b645780 ········audit_arch:·b64
5781 ······when:5781 ······when:
5782 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5783 ······-·'"audit"·in·ansible_facts.packages'5782 ······-·'"audit"·in·ansible_facts.packages'
 5783 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5784 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture5784 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
5785 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"5785 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
5786 ······tags:5786 ······tags:
5787 ······-·NIST-800-53-AC-2(4)5787 ······-·NIST-800-53-AC-2(4)
5788 ······-·NIST-800-53-AC-6(9)5788 ······-·NIST-800-53-AC-6(9)
5789 ······-·NIST-800-53-AU-12(c)5789 ······-·NIST-800-53-AU-12(c)
5790 ······-·NIST-800-53-AU-2(d)5790 ······-·NIST-800-53-AU-2(d)
Offset 5914, 16 lines modifiedOffset 5914, 16 lines modified
5914 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&03·-F·path=/etc/group5914 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&03·-F·path=/etc/group
Max diff block lines reached; 250199/255595 bytes (97.89%) of diff not shown.
164 KB
./usr/share/scap-security-guide/ansible/fedora-playbook-pci-dss.yml
Ordering differences only
    
Offset 4622, 16 lines modifiedOffset 4622, 16 lines modified
  
4622 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension4622 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
4623 ······find:4623 ······find:
4624 ········paths:·/etc/audit/rules.d/4624 ········paths:·/etc/audit/rules.d/
4625 ········patterns:·'*.rules'4625 ········patterns:·'*.rules'
4626 ······register:·find_rules_d4626 ······register:·find_rules_d
4627 ······when:4627 ······when:
4628 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4629 ······-·'"audit"·in·ansible_facts.packages'4628 ······-·'"audit"·in·ansible_facts.packages'
 4629 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4630 ······tags:4630 ······tags:
4631 ······-·CJIS-5.4.1.14631 ······-·CJIS-5.4.1.1
4632 ······-·NIST-800-171-3.3.14632 ······-·NIST-800-171-3.3.1
4633 ······-·NIST-800-171-3.4.34633 ······-·NIST-800-171-3.4.3
4634 ······-·NIST-800-53-AC-6(9)4634 ······-·NIST-800-53-AC-6(9)
4635 ······-·NIST-800-53-CM-6(a)4635 ······-·NIST-800-53-CM-6(a)
4636 ······-·PCI-DSS-Req-10.5.24636 ······-·PCI-DSS-Req-10.5.2
Offset 4646, 16 lines modifiedOffset 4646, 16 lines modified
4646 ······lineinfile:4646 ······lineinfile:
4647 ········path:·'{{·item·}}'4647 ········path:·'{{·item·}}'
4648 ········regexp:·^\s*(?:-e)\s+.*$4648 ········regexp:·^\s*(?:-e)\s+.*$
4649 ········state:·absent4649 ········state:·absent
4650 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']4650 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
4651 ········}}'4651 ········}}'
4652 ······when:4652 ······when:
4653 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4654 ······-·'"audit"·in·ansible_facts.packages'4653 ······-·'"audit"·in·ansible_facts.packages'
 4654 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4655 ······tags:4655 ······tags:
4656 ······-·CJIS-5.4.1.14656 ······-·CJIS-5.4.1.1
4657 ······-·NIST-800-171-3.3.14657 ······-·NIST-800-171-3.3.1
4658 ······-·NIST-800-171-3.4.34658 ······-·NIST-800-171-3.4.3
4659 ······-·NIST-800-53-AC-6(9)4659 ······-·NIST-800-53-AC-6(9)
4660 ······-·NIST-800-53-CM-6(a)4660 ······-·NIST-800-53-CM-6(a)
4661 ······-·PCI-DSS-Req-10.5.24661 ······-·PCI-DSS-Req-10.5.2
Offset 4672, 16 lines modifiedOffset 4672, 16 lines modified
4672 ········create:·true4672 ········create:·true
4673 ········line:·-e·24673 ········line:·-e·2
4674 ········mode:·o-rwx4674 ········mode:·o-rwx
4675 ······loop:4675 ······loop:
4676 ······-·/etc/audit/audit.rules4676 ······-·/etc/audit/audit.rules
4677 ······-·/etc/audit/rules.d/immutable.rules4677 ······-·/etc/audit/rules.d/immutable.rules
4678 ······when:4678 ······when:
4679 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4680 ······-·'"audit"·in·ansible_facts.packages'4679 ······-·'"audit"·in·ansible_facts.packages'
 4680 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4681 ······tags:4681 ······tags:
4682 ······-·CJIS-5.4.1.14682 ······-·CJIS-5.4.1.1
4683 ······-·NIST-800-171-3.3.14683 ······-·NIST-800-171-3.3.1
4684 ······-·NIST-800-171-3.4.34684 ······-·NIST-800-171-3.4.3
4685 ······-·NIST-800-53-AC-6(9)4685 ······-·NIST-800-53-AC-6(9)
4686 ······-·NIST-800-53-CM-6(a)4686 ······-·NIST-800-53-CM-6(a)
4687 ······-·PCI-DSS-Req-10.5.24687 ······-·PCI-DSS-Req-10.5.2
Offset 4713, 16 lines modifiedOffset 4713, 16 lines modified
4713 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/4713 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
4714 ······find:4714 ······find:
4715 ········paths:·/etc/audit/rules.d4715 ········paths:·/etc/audit/rules.d
4716 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+4716 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
4717 ········patterns:·'*.rules'4717 ········patterns:·'*.rules'
4718 ······register:·find_existing_watch_rules_d4718 ······register:·find_existing_watch_rules_d
4719 ······when:4719 ······when:
4720 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4721 ······-·'"audit"·in·ansible_facts.packages'4720 ······-·'"audit"·in·ansible_facts.packages'
 4721 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4722 ······tags:4722 ······tags:
4723 ······-·CJIS-5.4.1.14723 ······-·CJIS-5.4.1.1
4724 ······-·NIST-800-171-3.1.84724 ······-·NIST-800-171-3.1.8
4725 ······-·NIST-800-53-AU-12(c)4725 ······-·NIST-800-53-AU-12(c)
4726 ······-·NIST-800-53-AU-2(d)4726 ······-·NIST-800-53-AU-2(d)
4727 ······-·NIST-800-53-CM-6(a)4727 ······-·NIST-800-53-CM-6(a)
4728 ······-·PCI-DSS-Req-10.5.54728 ······-·PCI-DSS-Req-10.5.5
Offset 4736, 16 lines modifiedOffset 4736, 16 lines modified
4736 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy4736 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
4737 ······find:4737 ······find:
4738 ········paths:·/etc/audit/rules.d4738 ········paths:·/etc/audit/rules.d
4739 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$4739 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
4740 ········patterns:·'*.rules'4740 ········patterns:·'*.rules'
4741 ······register:·find_watch_key4741 ······register:·find_watch_key
4742 ······when:4742 ······when:
4743 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4744 ······-·'"audit"·in·ansible_facts.packages'4743 ······-·'"audit"·in·ansible_facts.packages'
 4744 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4745 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched4745 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
4746 ········==·04746 ········==·0
4747 ······tags:4747 ······tags:
4748 ······-·CJIS-5.4.1.14748 ······-·CJIS-5.4.1.1
4749 ······-·NIST-800-171-3.1.84749 ······-·NIST-800-171-3.1.8
4750 ······-·NIST-800-53-AU-12(c)4750 ······-·NIST-800-53-AU-12(c)
4751 ······-·NIST-800-53-AU-2(d)4751 ······-·NIST-800-53-AU-2(d)
Offset 4759, 16 lines modifiedOffset 4759, 16 lines modified
4759 ······-·restrict_strategy4759 ······-·restrict_strategy
  
4760 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule4760 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
4761 ······set_fact:4761 ······set_fact:
4762 ········all_files:4762 ········all_files:
4763 ········-·/etc/audit/rules.d/MAC-policy.rules4763 ········-·/etc/audit/rules.d/MAC-policy.rules
4764 ······when:4764 ······when:
4765 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4766 ······-·'"audit"·in·ansible_facts.packages'4765 ······-·'"audit"·in·ansible_facts.packages'
 4766 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4767 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched4767 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
4768 ········is·defined·and·find_existing_watch_rules_d.matched·==·04768 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
4769 ······tags:4769 ······tags:
4770 ······-·CJIS-5.4.1.14770 ······-·CJIS-5.4.1.1
4771 ······-·NIST-800-171-3.1.84771 ······-·NIST-800-171-3.1.8
4772 ······-·NIST-800-53-AU-12(c)4772 ······-·NIST-800-53-AU-12(c)
4773 ······-·NIST-800-53-AU-2(d)4773 ······-·NIST-800-53-AU-2(d)
Offset 4782, 16 lines modifiedOffset 4782, 16 lines modified
4782 ······-·restrict_strategy4782 ······-·restrict_strategy
  
4783 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule4783 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
4784 ······set_fact:4784 ······set_fact:
4785 ········all_files:4785 ········all_files:
4786 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'4786 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
4787 ······when:4787 ······when:
4788 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4789 ······-·'"audit"·in·ansible_facts.packages'4788 ······-·'"audit"·in·ansible_facts.packages'
 4789 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4790 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched4790 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
4791 ········is·defined·and·find_existing_watch_rules_d.matched·==·04791 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
4792 ······tags:4792 ······tags:
4793 ······-·CJIS-5.4.1.14793 ······-·CJIS-5.4.1.1
4794 ······-·NIST-800-171-3.1.84794 ······-·NIST-800-171-3.1.8
4795 ······-·NIST-800-53-AU-12(c)4795 ······-·NIST-800-53-AU-12(c)
4796 ······-·NIST-800-53-AU-2(d)4796 ······-·NIST-800-53-AU-2(d)
Offset 4807, 16 lines modifiedOffset 4807, 16 lines modified
4807 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/4807 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
Max diff block lines reached; 163241/168276 bytes (97.01%) of diff not shown.
106 KB
./usr/share/scap-security-guide/ansible/fedora-playbook-standard.yml
Ordering differences only
    
Offset 1570, 16 lines modifiedOffset 1570, 16 lines modified
  
1570 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension1570 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
1571 ······find:1571 ······find:
1572 ········paths:·/etc/audit/rules.d/1572 ········paths:·/etc/audit/rules.d/
1573 ········patterns:·'*.rules'1573 ········patterns:·'*.rules'
1574 ······register:·find_rules_d1574 ······register:·find_rules_d
1575 ······when:1575 ······when:
1576 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1577 ······-·'"audit"·in·ansible_facts.packages'1576 ······-·'"audit"·in·ansible_facts.packages'
 1577 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1578 ······tags:1578 ······tags:
1579 ······-·CJIS-5.4.1.11579 ······-·CJIS-5.4.1.1
1580 ······-·NIST-800-171-3.3.11580 ······-·NIST-800-171-3.3.1
1581 ······-·NIST-800-171-3.4.31581 ······-·NIST-800-171-3.4.3
1582 ······-·NIST-800-53-AC-6(9)1582 ······-·NIST-800-53-AC-6(9)
1583 ······-·NIST-800-53-CM-6(a)1583 ······-·NIST-800-53-CM-6(a)
1584 ······-·PCI-DSS-Req-10.5.21584 ······-·PCI-DSS-Req-10.5.2
Offset 1594, 16 lines modifiedOffset 1594, 16 lines modified
1594 ······lineinfile:1594 ······lineinfile:
1595 ········path:·'{{·item·}}'1595 ········path:·'{{·item·}}'
1596 ········regexp:·^\s*(?:-e)\s+.*$1596 ········regexp:·^\s*(?:-e)\s+.*$
1597 ········state:·absent1597 ········state:·absent
1598 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']1598 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
1599 ········}}'1599 ········}}'
1600 ······when:1600 ······when:
1601 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1602 ······-·'"audit"·in·ansible_facts.packages'1601 ······-·'"audit"·in·ansible_facts.packages'
 1602 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1603 ······tags:1603 ······tags:
1604 ······-·CJIS-5.4.1.11604 ······-·CJIS-5.4.1.1
1605 ······-·NIST-800-171-3.3.11605 ······-·NIST-800-171-3.3.1
1606 ······-·NIST-800-171-3.4.31606 ······-·NIST-800-171-3.4.3
1607 ······-·NIST-800-53-AC-6(9)1607 ······-·NIST-800-53-AC-6(9)
1608 ······-·NIST-800-53-CM-6(a)1608 ······-·NIST-800-53-CM-6(a)
1609 ······-·PCI-DSS-Req-10.5.21609 ······-·PCI-DSS-Req-10.5.2
Offset 1620, 16 lines modifiedOffset 1620, 16 lines modified
1620 ········create:·true1620 ········create:·true
1621 ········line:·-e·21621 ········line:·-e·2
1622 ········mode:·o-rwx1622 ········mode:·o-rwx
1623 ······loop:1623 ······loop:
1624 ······-·/etc/audit/audit.rules1624 ······-·/etc/audit/audit.rules
1625 ······-·/etc/audit/rules.d/immutable.rules1625 ······-·/etc/audit/rules.d/immutable.rules
1626 ······when:1626 ······when:
1627 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1628 ······-·'"audit"·in·ansible_facts.packages'1627 ······-·'"audit"·in·ansible_facts.packages'
 1628 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1629 ······tags:1629 ······tags:
1630 ······-·CJIS-5.4.1.11630 ······-·CJIS-5.4.1.1
1631 ······-·NIST-800-171-3.3.11631 ······-·NIST-800-171-3.3.1
1632 ······-·NIST-800-171-3.4.31632 ······-·NIST-800-171-3.4.3
1633 ······-·NIST-800-53-AC-6(9)1633 ······-·NIST-800-53-AC-6(9)
1634 ······-·NIST-800-53-CM-6(a)1634 ······-·NIST-800-53-CM-6(a)
1635 ······-·PCI-DSS-Req-10.5.21635 ······-·PCI-DSS-Req-10.5.2
Offset 1661, 16 lines modifiedOffset 1661, 16 lines modified
1661 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/1661 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
1662 ······find:1662 ······find:
1663 ········paths:·/etc/audit/rules.d1663 ········paths:·/etc/audit/rules.d
1664 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+1664 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
1665 ········patterns:·'*.rules'1665 ········patterns:·'*.rules'
1666 ······register:·find_existing_watch_rules_d1666 ······register:·find_existing_watch_rules_d
1667 ······when:1667 ······when:
1668 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1669 ······-·'"audit"·in·ansible_facts.packages'1668 ······-·'"audit"·in·ansible_facts.packages'
 1669 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1670 ······tags:1670 ······tags:
1671 ······-·CJIS-5.4.1.11671 ······-·CJIS-5.4.1.1
1672 ······-·NIST-800-171-3.1.81672 ······-·NIST-800-171-3.1.8
1673 ······-·NIST-800-53-AU-12(c)1673 ······-·NIST-800-53-AU-12(c)
1674 ······-·NIST-800-53-AU-2(d)1674 ······-·NIST-800-53-AU-2(d)
1675 ······-·NIST-800-53-CM-6(a)1675 ······-·NIST-800-53-CM-6(a)
1676 ······-·PCI-DSS-Req-10.5.51676 ······-·PCI-DSS-Req-10.5.5
Offset 1684, 16 lines modifiedOffset 1684, 16 lines modified
1684 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy1684 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
1685 ······find:1685 ······find:
1686 ········paths:·/etc/audit/rules.d1686 ········paths:·/etc/audit/rules.d
1687 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$1687 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
1688 ········patterns:·'*.rules'1688 ········patterns:·'*.rules'
1689 ······register:·find_watch_key1689 ······register:·find_watch_key
1690 ······when:1690 ······when:
1691 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1692 ······-·'"audit"·in·ansible_facts.packages'1691 ······-·'"audit"·in·ansible_facts.packages'
 1692 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1693 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched1693 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
1694 ········==·01694 ········==·0
1695 ······tags:1695 ······tags:
1696 ······-·CJIS-5.4.1.11696 ······-·CJIS-5.4.1.1
1697 ······-·NIST-800-171-3.1.81697 ······-·NIST-800-171-3.1.8
1698 ······-·NIST-800-53-AU-12(c)1698 ······-·NIST-800-53-AU-12(c)
1699 ······-·NIST-800-53-AU-2(d)1699 ······-·NIST-800-53-AU-2(d)
Offset 1707, 16 lines modifiedOffset 1707, 16 lines modified
1707 ······-·restrict_strategy1707 ······-·restrict_strategy
  
1708 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule1708 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
1709 ······set_fact:1709 ······set_fact:
1710 ········all_files:1710 ········all_files:
1711 ········-·/etc/audit/rules.d/MAC-policy.rules1711 ········-·/etc/audit/rules.d/MAC-policy.rules
1712 ······when:1712 ······when:
1713 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1714 ······-·'"audit"·in·ansible_facts.packages'1713 ······-·'"audit"·in·ansible_facts.packages'
 1714 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1715 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched1715 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
1716 ········is·defined·and·find_existing_watch_rules_d.matched·==·01716 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1717 ······tags:1717 ······tags:
1718 ······-·CJIS-5.4.1.11718 ······-·CJIS-5.4.1.1
1719 ······-·NIST-800-171-3.1.81719 ······-·NIST-800-171-3.1.8
1720 ······-·NIST-800-53-AU-12(c)1720 ······-·NIST-800-53-AU-12(c)
1721 ······-·NIST-800-53-AU-2(d)1721 ······-·NIST-800-53-AU-2(d)
Offset 1730, 16 lines modifiedOffset 1730, 16 lines modified
1730 ······-·restrict_strategy1730 ······-·restrict_strategy
  
1731 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule1731 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
1732 ······set_fact:1732 ······set_fact:
1733 ········all_files:1733 ········all_files:
1734 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'1734 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
1735 ······when:1735 ······when:
1736 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1737 ······-·'"audit"·in·ansible_facts.packages'1736 ······-·'"audit"·in·ansible_facts.packages'
 1737 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1738 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched1738 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
1739 ········is·defined·and·find_existing_watch_rules_d.matched·==·01739 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1740 ······tags:1740 ······tags:
1741 ······-·CJIS-5.4.1.11741 ······-·CJIS-5.4.1.1
1742 ······-·NIST-800-171-3.1.81742 ······-·NIST-800-171-3.1.8
1743 ······-·NIST-800-53-AU-12(c)1743 ······-·NIST-800-53-AU-12(c)
1744 ······-·NIST-800-53-AU-2(d)1744 ······-·NIST-800-53-AU-2(d)
Offset 1755, 16 lines modifiedOffset 1755, 16 lines modified
1755 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/1755 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
Max diff block lines reached; 103613/108648 bytes (95.37%) of diff not shown.
2.73 KB
./usr/share/scap-security-guide/ansible/ol8-playbook-cjis.yml
Ordering differences only
    
Offset 13093, 16 lines modifiedOffset 13093, 16 lines modified
13093 ······-·no_reboot_needed13093 ······-·no_reboot_needed
  
13094 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg13094 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
13095 ······stat:13095 ······stat:
13096 ········path:·/boot/grub2/grub.cfg13096 ········path:·/boot/grub2/grub.cfg
13097 ······register:·file_exists13097 ······register:·file_exists
13098 ······when:13098 ······when:
13099 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
13100 ······-·'"grub2-common"·in·ansible_facts.packages'13099 ······-·'"grub2-common"·in·ansible_facts.packages'
 13100 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
13101 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]13101 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
13102 ······tags:13102 ······tags:
13103 ······-·CJIS-5.5.2.213103 ······-·CJIS-5.5.2.2
13104 ······-·NIST-800-171-3.4.513104 ······-·NIST-800-171-3.4.5
13105 ······-·NIST-800-53-AC-6(1)13105 ······-·NIST-800-53-AC-6(1)
13106 ······-·NIST-800-53-CM-6(a)13106 ······-·NIST-800-53-CM-6(a)
13107 ······-·PCI-DSS-Req-7.113107 ······-·PCI-DSS-Req-7.1
Offset 13114, 16 lines modifiedOffset 13114, 16 lines modified
13114 ······-·no_reboot_needed13114 ······-·no_reboot_needed
  
13115 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg13115 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
13116 ······file:13116 ······file:
13117 ········path:·/boot/grub2/grub.cfg13117 ········path:·/boot/grub2/grub.cfg
13118 ········group:·'0'13118 ········group:·'0'
13119 ······when:13119 ······when:
13120 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
13121 ······-·'"grub2-common"·in·ansible_facts.packages'13120 ······-·'"grub2-common"·in·ansible_facts.packages'
 13121 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
13122 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]13122 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
13123 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists13123 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
13124 ······tags:13124 ······tags:
13125 ······-·CJIS-5.5.2.213125 ······-·CJIS-5.5.2.2
13126 ······-·NIST-800-171-3.4.513126 ······-·NIST-800-171-3.4.5
13127 ······-·NIST-800-53-AC-6(1)13127 ······-·NIST-800-53-AC-6(1)
13128 ······-·NIST-800-53-CM-6(a)13128 ······-·NIST-800-53-CM-6(a)
Offset 13153, 16 lines modifiedOffset 13153, 16 lines modified
13153 ······-·no_reboot_needed13153 ······-·no_reboot_needed
  
13154 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg13154 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
13155 ······stat:13155 ······stat:
13156 ········path:·/boot/grub2/grub.cfg13156 ········path:·/boot/grub2/grub.cfg
13157 ······register:·file_exists13157 ······register:·file_exists
13158 ······when:13158 ······when:
13159 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
13160 ······-·'"grub2-common"·in·ansible_facts.packages'13159 ······-·'"grub2-common"·in·ansible_facts.packages'
 13160 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
13161 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]13161 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
13162 ······tags:13162 ······tags:
13163 ······-·CJIS-5.5.2.213163 ······-·CJIS-5.5.2.2
13164 ······-·NIST-800-171-3.4.513164 ······-·NIST-800-171-3.4.5
13165 ······-·NIST-800-53-AC-6(1)13165 ······-·NIST-800-53-AC-6(1)
13166 ······-·NIST-800-53-CM-6(a)13166 ······-·NIST-800-53-CM-6(a)
13167 ······-·PCI-DSS-Req-7.113167 ······-·PCI-DSS-Req-7.1
Offset 13174, 16 lines modifiedOffset 13174, 16 lines modified
13174 ······-·no_reboot_needed13174 ······-·no_reboot_needed
  
13175 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg13175 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
13176 ······file:13176 ······file:
13177 ········path:·/boot/grub2/grub.cfg13177 ········path:·/boot/grub2/grub.cfg
13178 ········owner:·'0'13178 ········owner:·'0'
13179 ······when:13179 ······when:
13180 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
13181 ······-·'"grub2-common"·in·ansible_facts.packages'13180 ······-·'"grub2-common"·in·ansible_facts.packages'
 13181 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
13182 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]13182 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
13183 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists13183 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
13184 ······tags:13184 ······tags:
13185 ······-·CJIS-5.5.2.213185 ······-·CJIS-5.5.2.2
13186 ······-·NIST-800-171-3.4.513186 ······-·NIST-800-171-3.4.5
13187 ······-·NIST-800-53-AC-6(1)13187 ······-·NIST-800-53-AC-6(1)
13188 ······-·NIST-800-53-CM-6(a)13188 ······-·NIST-800-53-CM-6(a)
4.08 KB
./usr/share/scap-security-guide/ansible/ol8-playbook-hipaa.yml
Ordering differences only
    
Offset 22037, 16 lines modifiedOffset 22037, 16 lines modified
22037 ······-·no_reboot_needed22037 ······-·no_reboot_needed
  
22038 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg22038 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
22039 ······stat:22039 ······stat:
22040 ········path:·/boot/grub2/grub.cfg22040 ········path:·/boot/grub2/grub.cfg
22041 ······register:·file_exists22041 ······register:·file_exists
22042 ······when:22042 ······when:
22043 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22044 ······-·'"grub2-common"·in·ansible_facts.packages'22043 ······-·'"grub2-common"·in·ansible_facts.packages'
 22044 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22045 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22045 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22046 ······tags:22046 ······tags:
22047 ······-·CJIS-5.5.2.222047 ······-·CJIS-5.5.2.2
22048 ······-·NIST-800-171-3.4.522048 ······-·NIST-800-171-3.4.5
22049 ······-·NIST-800-53-AC-6(1)22049 ······-·NIST-800-53-AC-6(1)
22050 ······-·NIST-800-53-CM-6(a)22050 ······-·NIST-800-53-CM-6(a)
22051 ······-·PCI-DSS-Req-7.122051 ······-·PCI-DSS-Req-7.1
Offset 22058, 16 lines modifiedOffset 22058, 16 lines modified
22058 ······-·no_reboot_needed22058 ······-·no_reboot_needed
  
22059 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg22059 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
22060 ······file:22060 ······file:
22061 ········path:·/boot/grub2/grub.cfg22061 ········path:·/boot/grub2/grub.cfg
22062 ········group:·'0'22062 ········group:·'0'
22063 ······when:22063 ······when:
22064 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22065 ······-·'"grub2-common"·in·ansible_facts.packages'22064 ······-·'"grub2-common"·in·ansible_facts.packages'
 22065 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22066 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22066 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22067 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists22067 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
22068 ······tags:22068 ······tags:
22069 ······-·CJIS-5.5.2.222069 ······-·CJIS-5.5.2.2
22070 ······-·NIST-800-171-3.4.522070 ······-·NIST-800-171-3.4.5
22071 ······-·NIST-800-53-AC-6(1)22071 ······-·NIST-800-53-AC-6(1)
22072 ······-·NIST-800-53-CM-6(a)22072 ······-·NIST-800-53-CM-6(a)
Offset 22097, 16 lines modifiedOffset 22097, 16 lines modified
22097 ······-·no_reboot_needed22097 ······-·no_reboot_needed
  
22098 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg22098 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
22099 ······stat:22099 ······stat:
22100 ········path:·/boot/grub2/grub.cfg22100 ········path:·/boot/grub2/grub.cfg
22101 ······register:·file_exists22101 ······register:·file_exists
22102 ······when:22102 ······when:
22103 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22104 ······-·'"grub2-common"·in·ansible_facts.packages'22103 ······-·'"grub2-common"·in·ansible_facts.packages'
 22104 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22105 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22105 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22106 ······tags:22106 ······tags:
22107 ······-·CJIS-5.5.2.222107 ······-·CJIS-5.5.2.2
22108 ······-·NIST-800-171-3.4.522108 ······-·NIST-800-171-3.4.5
22109 ······-·NIST-800-53-AC-6(1)22109 ······-·NIST-800-53-AC-6(1)
22110 ······-·NIST-800-53-CM-6(a)22110 ······-·NIST-800-53-CM-6(a)
22111 ······-·PCI-DSS-Req-7.122111 ······-·PCI-DSS-Req-7.1
Offset 22118, 16 lines modifiedOffset 22118, 16 lines modified
22118 ······-·no_reboot_needed22118 ······-·no_reboot_needed
  
22119 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg22119 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
22120 ······file:22120 ······file:
22121 ········path:·/boot/grub2/grub.cfg22121 ········path:·/boot/grub2/grub.cfg
22122 ········owner:·'0'22122 ········owner:·'0'
22123 ······when:22123 ······when:
22124 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22125 ······-·'"grub2-common"·in·ansible_facts.packages'22124 ······-·'"grub2-common"·in·ansible_facts.packages'
 22125 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22126 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22126 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22127 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists22127 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
22128 ······tags:22128 ······tags:
22129 ······-·CJIS-5.5.2.222129 ······-·CJIS-5.5.2.2
22130 ······-·NIST-800-171-3.4.522130 ······-·NIST-800-171-3.4.5
22131 ······-·NIST-800-53-AC-6(1)22131 ······-·NIST-800-53-AC-6(1)
22132 ······-·NIST-800-53-CM-6(a)22132 ······-·NIST-800-53-CM-6(a)
Offset 22155, 16 lines modifiedOffset 22155, 16 lines modified
22155 ······-·no_reboot_needed22155 ······-·no_reboot_needed
  
22156 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg22156 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
22157 ······stat:22157 ······stat:
22158 ········path:·/boot/grub2/grub.cfg22158 ········path:·/boot/grub2/grub.cfg
22159 ······register:·file_exists22159 ······register:·file_exists
22160 ······when:22160 ······when:
22161 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22162 ······-·'"grub2-common"·in·ansible_facts.packages'22161 ······-·'"grub2-common"·in·ansible_facts.packages'
 22162 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22163 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22163 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22164 ······tags:22164 ······tags:
22165 ······-·NIST-800-171-3.4.522165 ······-·NIST-800-171-3.4.5
22166 ······-·NIST-800-53-AC-6(1)22166 ······-·NIST-800-53-AC-6(1)
22167 ······-·NIST-800-53-CM-6(a)22167 ······-·NIST-800-53-CM-6(a)
22168 ······-·configure_strategy22168 ······-·configure_strategy
22169 ······-·file_permissions_grub2_cfg22169 ······-·file_permissions_grub2_cfg
Offset 22174, 16 lines modifiedOffset 22174, 16 lines modified
22174 ······-·no_reboot_needed22174 ······-·no_reboot_needed
  
22175 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg22175 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
22176 ······file:22176 ······file:
22177 ········path:·/boot/grub2/grub.cfg22177 ········path:·/boot/grub2/grub.cfg
22178 ········mode:·u-xs,g-xwrs,o-xwrt22178 ········mode:·u-xs,g-xwrs,o-xwrt
22179 ······when:22179 ······when:
22180 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22181 ······-·'"grub2-common"·in·ansible_facts.packages'22180 ······-·'"grub2-common"·in·ansible_facts.packages'
 22181 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22182 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22182 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22183 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists22183 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
22184 ······tags:22184 ······tags:
22185 ······-·NIST-800-171-3.4.522185 ······-·NIST-800-171-3.4.5
22186 ······-·NIST-800-53-AC-6(1)22186 ······-·NIST-800-53-AC-6(1)
22187 ······-·NIST-800-53-CM-6(a)22187 ······-·NIST-800-53-CM-6(a)
22188 ······-·configure_strategy22188 ······-·configure_strategy
2.73 KB
./usr/share/scap-security-guide/ansible/ol8-playbook-pci-dss.yml
Ordering differences only
    
Offset 22530, 16 lines modifiedOffset 22530, 16 lines modified
22530 ······-·no_reboot_needed22530 ······-·no_reboot_needed
  
22531 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg22531 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
22532 ······stat:22532 ······stat:
22533 ········path:·/boot/grub2/grub.cfg22533 ········path:·/boot/grub2/grub.cfg
22534 ······register:·file_exists22534 ······register:·file_exists
22535 ······when:22535 ······when:
22536 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22537 ······-·'"grub2-common"·in·ansible_facts.packages'22536 ······-·'"grub2-common"·in·ansible_facts.packages'
 22537 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22538 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22538 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22539 ······tags:22539 ······tags:
22540 ······-·CJIS-5.5.2.222540 ······-·CJIS-5.5.2.2
22541 ······-·NIST-800-171-3.4.522541 ······-·NIST-800-171-3.4.5
22542 ······-·NIST-800-53-AC-6(1)22542 ······-·NIST-800-53-AC-6(1)
22543 ······-·NIST-800-53-CM-6(a)22543 ······-·NIST-800-53-CM-6(a)
22544 ······-·PCI-DSS-Req-7.122544 ······-·PCI-DSS-Req-7.1
Offset 22551, 16 lines modifiedOffset 22551, 16 lines modified
22551 ······-·no_reboot_needed22551 ······-·no_reboot_needed
  
22552 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg22552 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
22553 ······file:22553 ······file:
22554 ········path:·/boot/grub2/grub.cfg22554 ········path:·/boot/grub2/grub.cfg
22555 ········group:·'0'22555 ········group:·'0'
22556 ······when:22556 ······when:
22557 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22558 ······-·'"grub2-common"·in·ansible_facts.packages'22557 ······-·'"grub2-common"·in·ansible_facts.packages'
 22558 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22559 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22559 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22560 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists22560 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
22561 ······tags:22561 ······tags:
22562 ······-·CJIS-5.5.2.222562 ······-·CJIS-5.5.2.2
22563 ······-·NIST-800-171-3.4.522563 ······-·NIST-800-171-3.4.5
22564 ······-·NIST-800-53-AC-6(1)22564 ······-·NIST-800-53-AC-6(1)
22565 ······-·NIST-800-53-CM-6(a)22565 ······-·NIST-800-53-CM-6(a)
Offset 22590, 16 lines modifiedOffset 22590, 16 lines modified
22590 ······-·no_reboot_needed22590 ······-·no_reboot_needed
  
22591 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg22591 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
22592 ······stat:22592 ······stat:
22593 ········path:·/boot/grub2/grub.cfg22593 ········path:·/boot/grub2/grub.cfg
22594 ······register:·file_exists22594 ······register:·file_exists
22595 ······when:22595 ······when:
22596 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22597 ······-·'"grub2-common"·in·ansible_facts.packages'22596 ······-·'"grub2-common"·in·ansible_facts.packages'
 22597 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22598 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22598 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22599 ······tags:22599 ······tags:
22600 ······-·CJIS-5.5.2.222600 ······-·CJIS-5.5.2.2
22601 ······-·NIST-800-171-3.4.522601 ······-·NIST-800-171-3.4.5
22602 ······-·NIST-800-53-AC-6(1)22602 ······-·NIST-800-53-AC-6(1)
22603 ······-·NIST-800-53-CM-6(a)22603 ······-·NIST-800-53-CM-6(a)
22604 ······-·PCI-DSS-Req-7.122604 ······-·PCI-DSS-Req-7.1
Offset 22611, 16 lines modifiedOffset 22611, 16 lines modified
22611 ······-·no_reboot_needed22611 ······-·no_reboot_needed
  
22612 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg22612 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
22613 ······file:22613 ······file:
22614 ········path:·/boot/grub2/grub.cfg22614 ········path:·/boot/grub2/grub.cfg
22615 ········owner:·'0'22615 ········owner:·'0'
22616 ······when:22616 ······when:
22617 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22618 ······-·'"grub2-common"·in·ansible_facts.packages'22617 ······-·'"grub2-common"·in·ansible_facts.packages'
 22618 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22619 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22619 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22620 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists22620 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
22621 ······tags:22621 ······tags:
22622 ······-·CJIS-5.5.2.222622 ······-·CJIS-5.5.2.2
22623 ······-·NIST-800-171-3.4.522623 ······-·NIST-800-171-3.4.5
22624 ······-·NIST-800-53-AC-6(1)22624 ······-·NIST-800-53-AC-6(1)
22625 ······-·NIST-800-53-CM-6(a)22625 ······-·NIST-800-53-CM-6(a)
851 B
./usr/share/scap-security-guide/ansible/ol8-playbook-stig.yml
Ordering differences only
    
Offset 38641, 16 lines modifiedOffset 38641, 16 lines modified
38641 ········lineinfile:38641 ········lineinfile:
38642 ··········path:·/etc/postfix/main.cf38642 ··········path:·/etc/postfix/main.cf
38643 ··········create:·true38643 ··········create:·true
38644 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*38644 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
38645 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject38645 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject
38646 ··········state:·present38646 ··········state:·present
38647 ······when:38647 ······when:
38648 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
38649 ······-·'"postfix"·in·ansible_facts.packages'38648 ······-·'"postfix"·in·ansible_facts.packages'
 38649 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
38650 ······tags:38650 ······tags:
38651 ······-·DISA-STIG-OL08-00-04029038651 ······-·DISA-STIG-OL08-00-040290
38652 ······-·low_complexity38652 ······-·low_complexity
38653 ······-·low_disruption38653 ······-·low_disruption
38654 ······-·medium_severity38654 ······-·medium_severity
38655 ······-·no_reboot_needed38655 ······-·no_reboot_needed
38656 ······-·postfix_prevent_unrestricted_relay38656 ······-·postfix_prevent_unrestricted_relay
859 B
./usr/share/scap-security-guide/ansible/ol8-playbook-stig_gui.yml
Ordering differences only
    
Offset 38646, 16 lines modifiedOffset 38646, 16 lines modified
38646 ········lineinfile:38646 ········lineinfile:
38647 ··········path:·/etc/postfix/main.cf38647 ··········path:·/etc/postfix/main.cf
38648 ··········create:·true38648 ··········create:·true
38649 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*38649 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
38650 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject38650 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject
38651 ··········state:·present38651 ··········state:·present
38652 ······when:38652 ······when:
38653 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
38654 ······-·'"postfix"·in·ansible_facts.packages'38653 ······-·'"postfix"·in·ansible_facts.packages'
 38654 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
38655 ······tags:38655 ······tags:
38656 ······-·DISA-STIG-OL08-00-04029038656 ······-·DISA-STIG-OL08-00-040290
38657 ······-·low_complexity38657 ······-·low_complexity
38658 ······-·low_disruption38658 ······-·low_disruption
38659 ······-·medium_severity38659 ······-·medium_severity
38660 ······-·no_reboot_needed38660 ······-·no_reboot_needed
38661 ······-·postfix_prevent_unrestricted_relay38661 ······-·postfix_prevent_unrestricted_relay
796 B
./usr/share/scap-security-guide/ansible/ol9-playbook-stig.yml
Ordering differences only
    
Offset 32428, 16 lines modifiedOffset 32428, 16 lines modified
32428 ········lineinfile:32428 ········lineinfile:
32429 ··········path:·/etc/postfix/main.cf32429 ··········path:·/etc/postfix/main.cf
32430 ··········create:·true32430 ··········create:·true
32431 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*32431 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
32432 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject32432 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject
32433 ··········state:·present32433 ··········state:·present
32434 ······when:32434 ······when:
32435 ······-·'"postfix"·in·ansible_facts.packages' 
32436 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]32435 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 32436 ······-·'"postfix"·in·ansible_facts.packages'
32437 ······tags:32437 ······tags:
32438 ······-·low_complexity32438 ······-·low_complexity
32439 ······-·low_disruption32439 ······-·low_disruption
32440 ······-·medium_severity32440 ······-·medium_severity
32441 ······-·no_reboot_needed32441 ······-·no_reboot_needed
32442 ······-·postfix_prevent_unrestricted_relay32442 ······-·postfix_prevent_unrestricted_relay
32443 ······-·restrict_strategy32443 ······-·restrict_strategy
804 B
./usr/share/scap-security-guide/ansible/ol9-playbook-stig_gui.yml
Ordering differences only
    
Offset 32433, 16 lines modifiedOffset 32433, 16 lines modified
32433 ········lineinfile:32433 ········lineinfile:
32434 ··········path:·/etc/postfix/main.cf32434 ··········path:·/etc/postfix/main.cf
32435 ··········create:·true32435 ··········create:·true
32436 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*32436 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
32437 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject32437 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject
32438 ··········state:·present32438 ··········state:·present
32439 ······when:32439 ······when:
32440 ······-·'"postfix"·in·ansible_facts.packages' 
32441 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]32440 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 32441 ······-·'"postfix"·in·ansible_facts.packages'
32442 ······tags:32442 ······tags:
32443 ······-·low_complexity32443 ······-·low_complexity
32444 ······-·low_disruption32444 ······-·low_disruption
32445 ······-·medium_severity32445 ······-·medium_severity
32446 ······-·no_reboot_needed32446 ······-·no_reboot_needed
32447 ······-·postfix_prevent_unrestricted_relay32447 ······-·postfix_prevent_unrestricted_relay
32448 ······-·restrict_strategy32448 ······-·restrict_strategy
165 KB
./usr/share/scap-security-guide/ansible/rhel7-playbook-C2S.yml
Ordering differences only
    
Offset 3817, 16 lines modifiedOffset 3817, 16 lines modified
  
3817 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension3817 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
3818 ······find:3818 ······find:
3819 ········paths:·/etc/audit/rules.d/3819 ········paths:·/etc/audit/rules.d/
3820 ········patterns:·'*.rules'3820 ········patterns:·'*.rules'
3821 ······register:·find_rules_d3821 ······register:·find_rules_d
3822 ······when:3822 ······when:
3823 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3824 ······-·'"audit"·in·ansible_facts.packages'3823 ······-·'"audit"·in·ansible_facts.packages'
 3824 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3825 ······tags:3825 ······tags:
3826 ······-·CCE-27097-53826 ······-·CCE-27097-5
3827 ······-·CJIS-5.4.1.13827 ······-·CJIS-5.4.1.1
3828 ······-·NIST-800-171-3.3.13828 ······-·NIST-800-171-3.3.1
3829 ······-·NIST-800-171-3.4.33829 ······-·NIST-800-171-3.4.3
3830 ······-·NIST-800-53-AC-6(9)3830 ······-·NIST-800-53-AC-6(9)
3831 ······-·NIST-800-53-CM-6(a)3831 ······-·NIST-800-53-CM-6(a)
Offset 3842, 16 lines modifiedOffset 3842, 16 lines modified
3842 ······lineinfile:3842 ······lineinfile:
3843 ········path:·'{{·item·}}'3843 ········path:·'{{·item·}}'
3844 ········regexp:·^\s*(?:-e)\s+.*$3844 ········regexp:·^\s*(?:-e)\s+.*$
3845 ········state:·absent3845 ········state:·absent
3846 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']3846 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
3847 ········}}'3847 ········}}'
3848 ······when:3848 ······when:
3849 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3850 ······-·'"audit"·in·ansible_facts.packages'3849 ······-·'"audit"·in·ansible_facts.packages'
 3850 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3851 ······tags:3851 ······tags:
3852 ······-·CCE-27097-53852 ······-·CCE-27097-5
3853 ······-·CJIS-5.4.1.13853 ······-·CJIS-5.4.1.1
3854 ······-·NIST-800-171-3.3.13854 ······-·NIST-800-171-3.3.1
3855 ······-·NIST-800-171-3.4.33855 ······-·NIST-800-171-3.4.3
3856 ······-·NIST-800-53-AC-6(9)3856 ······-·NIST-800-53-AC-6(9)
3857 ······-·NIST-800-53-CM-6(a)3857 ······-·NIST-800-53-CM-6(a)
Offset 3869, 16 lines modifiedOffset 3869, 16 lines modified
3869 ········create:·true3869 ········create:·true
3870 ········line:·-e·23870 ········line:·-e·2
3871 ········mode:·o-rwx3871 ········mode:·o-rwx
3872 ······loop:3872 ······loop:
3873 ······-·/etc/audit/audit.rules3873 ······-·/etc/audit/audit.rules
3874 ······-·/etc/audit/rules.d/immutable.rules3874 ······-·/etc/audit/rules.d/immutable.rules
3875 ······when:3875 ······when:
3876 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3877 ······-·'"audit"·in·ansible_facts.packages'3876 ······-·'"audit"·in·ansible_facts.packages'
 3877 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3878 ······tags:3878 ······tags:
3879 ······-·CCE-27097-53879 ······-·CCE-27097-5
3880 ······-·CJIS-5.4.1.13880 ······-·CJIS-5.4.1.1
3881 ······-·NIST-800-171-3.3.13881 ······-·NIST-800-171-3.3.1
3882 ······-·NIST-800-171-3.4.33882 ······-·NIST-800-171-3.4.3
3883 ······-·NIST-800-53-AC-6(9)3883 ······-·NIST-800-53-AC-6(9)
3884 ······-·NIST-800-53-CM-6(a)3884 ······-·NIST-800-53-CM-6(a)
Offset 3912, 16 lines modifiedOffset 3912, 16 lines modified
3912 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/3912 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
3913 ······find:3913 ······find:
3914 ········paths:·/etc/audit/rules.d3914 ········paths:·/etc/audit/rules.d
3915 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+3915 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
3916 ········patterns:·'*.rules'3916 ········patterns:·'*.rules'
3917 ······register:·find_existing_watch_rules_d3917 ······register:·find_existing_watch_rules_d
3918 ······when:3918 ······when:
3919 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3920 ······-·'"audit"·in·ansible_facts.packages'3919 ······-·'"audit"·in·ansible_facts.packages'
 3920 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3921 ······tags:3921 ······tags:
3922 ······-·CCE-27168-43922 ······-·CCE-27168-4
3923 ······-·CJIS-5.4.1.13923 ······-·CJIS-5.4.1.1
3924 ······-·NIST-800-171-3.1.83924 ······-·NIST-800-171-3.1.8
3925 ······-·NIST-800-53-AU-12(c)3925 ······-·NIST-800-53-AU-12(c)
3926 ······-·NIST-800-53-AU-2(d)3926 ······-·NIST-800-53-AU-2(d)
3927 ······-·NIST-800-53-CM-6(a)3927 ······-·NIST-800-53-CM-6(a)
Offset 3936, 16 lines modifiedOffset 3936, 16 lines modified
3936 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy3936 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
3937 ······find:3937 ······find:
3938 ········paths:·/etc/audit/rules.d3938 ········paths:·/etc/audit/rules.d
3939 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$3939 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
3940 ········patterns:·'*.rules'3940 ········patterns:·'*.rules'
3941 ······register:·find_watch_key3941 ······register:·find_watch_key
3942 ······when:3942 ······when:
3943 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3944 ······-·'"audit"·in·ansible_facts.packages'3943 ······-·'"audit"·in·ansible_facts.packages'
 3944 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3945 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched3945 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
3946 ········==·03946 ········==·0
3947 ······tags:3947 ······tags:
3948 ······-·CCE-27168-43948 ······-·CCE-27168-4
3949 ······-·CJIS-5.4.1.13949 ······-·CJIS-5.4.1.1
3950 ······-·NIST-800-171-3.1.83950 ······-·NIST-800-171-3.1.8
3951 ······-·NIST-800-53-AU-12(c)3951 ······-·NIST-800-53-AU-12(c)
Offset 3960, 16 lines modifiedOffset 3960, 16 lines modified
3960 ······-·restrict_strategy3960 ······-·restrict_strategy
  
3961 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule3961 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
3962 ······set_fact:3962 ······set_fact:
3963 ········all_files:3963 ········all_files:
3964 ········-·/etc/audit/rules.d/MAC-policy.rules3964 ········-·/etc/audit/rules.d/MAC-policy.rules
3965 ······when:3965 ······when:
3966 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3967 ······-·'"audit"·in·ansible_facts.packages'3966 ······-·'"audit"·in·ansible_facts.packages'
 3967 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3968 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched3968 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
3969 ········is·defined·and·find_existing_watch_rules_d.matched·==·03969 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
3970 ······tags:3970 ······tags:
3971 ······-·CCE-27168-43971 ······-·CCE-27168-4
3972 ······-·CJIS-5.4.1.13972 ······-·CJIS-5.4.1.1
3973 ······-·NIST-800-171-3.1.83973 ······-·NIST-800-171-3.1.8
3974 ······-·NIST-800-53-AU-12(c)3974 ······-·NIST-800-53-AU-12(c)
Offset 3984, 16 lines modifiedOffset 3984, 16 lines modified
3984 ······-·restrict_strategy3984 ······-·restrict_strategy
  
3985 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule3985 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
3986 ······set_fact:3986 ······set_fact:
3987 ········all_files:3987 ········all_files:
3988 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'3988 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
3989 ······when:3989 ······when:
3990 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3991 ······-·'"audit"·in·ansible_facts.packages'3990 ······-·'"audit"·in·ansible_facts.packages'
 3991 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3992 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched3992 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
3993 ········is·defined·and·find_existing_watch_rules_d.matched·==·03993 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
3994 ······tags:3994 ······tags:
3995 ······-·CCE-27168-43995 ······-·CCE-27168-4
3996 ······-·CJIS-5.4.1.13996 ······-·CJIS-5.4.1.1
3997 ······-·NIST-800-171-3.1.83997 ······-·NIST-800-171-3.1.8
3998 ······-·NIST-800-53-AU-12(c)3998 ······-·NIST-800-53-AU-12(c)
Offset 4010, 16 lines modifiedOffset 4010, 16 lines modified
4010 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/4010 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
Max diff block lines reached; 163628/168611 bytes (97.04%) of diff not shown.
904 B
./usr/share/scap-security-guide/ansible/rhel7-playbook-anssi_nt28_enhanced.yml
Ordering differences only
    
Offset 5590, 16 lines modifiedOffset 5590, 16 lines modified
5590 ··········line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x5590 ··········line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x
5591 ············-F·auid>=1000·-F·auid!=unset·-F·key=privileged5591 ············-F·auid>=1000·-F·auid!=unset·-F·key=privileged
5592 ··········create:·true5592 ··········create:·true
5593 ··········mode:·o-rwx5593 ··········mode:·o-rwx
5594 ··········state:·present5594 ··········state:·present
5595 ········when:·syscalls_found·|·length·==·05595 ········when:·syscalls_found·|·length·==·0
5596 ······when:5596 ······when:
5597 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5598 ······-·'"audit"·in·ansible_facts.packages'5597 ······-·'"audit"·in·ansible_facts.packages'
 5598 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5599 ······tags:5599 ······tags:
5600 ······-·CCE-80401-35600 ······-·CCE-80401-3
5601 ······-·DISA-STIG-RHEL-07-0306905601 ······-·DISA-STIG-RHEL-07-030690
5602 ······-·NIST-800-171-3.1.75602 ······-·NIST-800-171-3.1.7
5603 ······-·NIST-800-53-AC-6(9)5603 ······-·NIST-800-53-AC-6(9)
5604 ······-·NIST-800-53-AU-12(c)5604 ······-·NIST-800-53-AU-12(c)
5605 ······-·NIST-800-53-AU-2(d)5605 ······-·NIST-800-53-AU-2(d)
896 B
./usr/share/scap-security-guide/ansible/rhel7-playbook-anssi_nt28_high.yml
Ordering differences only
    
Offset 5750, 16 lines modifiedOffset 5750, 16 lines modified
5750 ··········line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x5750 ··········line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x
5751 ············-F·auid>=1000·-F·auid!=unset·-F·key=privileged5751 ············-F·auid>=1000·-F·auid!=unset·-F·key=privileged
5752 ··········create:·true5752 ··········create:·true
5753 ··········mode:·o-rwx5753 ··········mode:·o-rwx
5754 ··········state:·present5754 ··········state:·present
5755 ········when:·syscalls_found·|·length·==·05755 ········when:·syscalls_found·|·length·==·0
5756 ······when:5756 ······when:
5757 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5758 ······-·'"audit"·in·ansible_facts.packages'5757 ······-·'"audit"·in·ansible_facts.packages'
 5758 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5759 ······tags:5759 ······tags:
5760 ······-·CCE-80401-35760 ······-·CCE-80401-3
5761 ······-·DISA-STIG-RHEL-07-0306905761 ······-·DISA-STIG-RHEL-07-030690
5762 ······-·NIST-800-171-3.1.75762 ······-·NIST-800-171-3.1.7
5763 ······-·NIST-800-53-AC-6(9)5763 ······-·NIST-800-53-AC-6(9)
5764 ······-·NIST-800-53-AU-12(c)5764 ······-·NIST-800-53-AU-12(c)
5765 ······-·NIST-800-53-AU-2(d)5765 ······-·NIST-800-53-AU-2(d)
912 B
./usr/share/scap-security-guide/ansible/rhel7-playbook-anssi_nt28_intermediary.yml
Ordering differences only
    
Offset 5305, 16 lines modifiedOffset 5305, 16 lines modified
5305 ··········line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x5305 ··········line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x
5306 ············-F·auid>=1000·-F·auid!=unset·-F·key=privileged5306 ············-F·auid>=1000·-F·auid!=unset·-F·key=privileged
5307 ··········create:·true5307 ··········create:·true
5308 ··········mode:·o-rwx5308 ··········mode:·o-rwx
5309 ··········state:·present5309 ··········state:·present
5310 ········when:·syscalls_found·|·length·==·05310 ········when:·syscalls_found·|·length·==·0
5311 ······when:5311 ······when:
5312 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
5313 ······-·'"audit"·in·ansible_facts.packages'5312 ······-·'"audit"·in·ansible_facts.packages'
 5313 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5314 ······tags:5314 ······tags:
5315 ······-·CCE-80401-35315 ······-·CCE-80401-3
5316 ······-·DISA-STIG-RHEL-07-0306905316 ······-·DISA-STIG-RHEL-07-030690
5317 ······-·NIST-800-171-3.1.75317 ······-·NIST-800-171-3.1.7
5318 ······-·NIST-800-53-AC-6(9)5318 ······-·NIST-800-53-AC-6(9)
5319 ······-·NIST-800-53-AU-12(c)5319 ······-·NIST-800-53-AU-12(c)
5320 ······-·NIST-800-53-AU-2(d)5320 ······-·NIST-800-53-AU-2(d)
194 KB
./usr/share/scap-security-guide/ansible/rhel7-playbook-cis.yml
Ordering differences only
    
Offset 3189, 16 lines modifiedOffset 3189, 16 lines modified
  
3189 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension3189 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
3190 ······find:3190 ······find:
3191 ········paths:·/etc/audit/rules.d/3191 ········paths:·/etc/audit/rules.d/
3192 ········patterns:·'*.rules'3192 ········patterns:·'*.rules'
3193 ······register:·find_rules_d3193 ······register:·find_rules_d
3194 ······when:3194 ······when:
3195 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3196 ······-·'"audit"·in·ansible_facts.packages'3195 ······-·'"audit"·in·ansible_facts.packages'
 3196 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3197 ······tags:3197 ······tags:
3198 ······-·CCE-27097-53198 ······-·CCE-27097-5
3199 ······-·CJIS-5.4.1.13199 ······-·CJIS-5.4.1.1
3200 ······-·NIST-800-171-3.3.13200 ······-·NIST-800-171-3.3.1
3201 ······-·NIST-800-171-3.4.33201 ······-·NIST-800-171-3.4.3
3202 ······-·NIST-800-53-AC-6(9)3202 ······-·NIST-800-53-AC-6(9)
3203 ······-·NIST-800-53-CM-6(a)3203 ······-·NIST-800-53-CM-6(a)
Offset 3214, 16 lines modifiedOffset 3214, 16 lines modified
3214 ······lineinfile:3214 ······lineinfile:
3215 ········path:·'{{·item·}}'3215 ········path:·'{{·item·}}'
3216 ········regexp:·^\s*(?:-e)\s+.*$3216 ········regexp:·^\s*(?:-e)\s+.*$
3217 ········state:·absent3217 ········state:·absent
3218 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']3218 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
3219 ········}}'3219 ········}}'
3220 ······when:3220 ······when:
3221 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3222 ······-·'"audit"·in·ansible_facts.packages'3221 ······-·'"audit"·in·ansible_facts.packages'
 3222 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3223 ······tags:3223 ······tags:
3224 ······-·CCE-27097-53224 ······-·CCE-27097-5
3225 ······-·CJIS-5.4.1.13225 ······-·CJIS-5.4.1.1
3226 ······-·NIST-800-171-3.3.13226 ······-·NIST-800-171-3.3.1
3227 ······-·NIST-800-171-3.4.33227 ······-·NIST-800-171-3.4.3
3228 ······-·NIST-800-53-AC-6(9)3228 ······-·NIST-800-53-AC-6(9)
3229 ······-·NIST-800-53-CM-6(a)3229 ······-·NIST-800-53-CM-6(a)
Offset 3241, 16 lines modifiedOffset 3241, 16 lines modified
3241 ········create:·true3241 ········create:·true
3242 ········line:·-e·23242 ········line:·-e·2
3243 ········mode:·o-rwx3243 ········mode:·o-rwx
3244 ······loop:3244 ······loop:
3245 ······-·/etc/audit/audit.rules3245 ······-·/etc/audit/audit.rules
3246 ······-·/etc/audit/rules.d/immutable.rules3246 ······-·/etc/audit/rules.d/immutable.rules
3247 ······when:3247 ······when:
3248 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3249 ······-·'"audit"·in·ansible_facts.packages'3248 ······-·'"audit"·in·ansible_facts.packages'
 3249 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3250 ······tags:3250 ······tags:
3251 ······-·CCE-27097-53251 ······-·CCE-27097-5
3252 ······-·CJIS-5.4.1.13252 ······-·CJIS-5.4.1.1
3253 ······-·NIST-800-171-3.3.13253 ······-·NIST-800-171-3.3.1
3254 ······-·NIST-800-171-3.4.33254 ······-·NIST-800-171-3.4.3
3255 ······-·NIST-800-53-AC-6(9)3255 ······-·NIST-800-53-AC-6(9)
3256 ······-·NIST-800-53-CM-6(a)3256 ······-·NIST-800-53-CM-6(a)
Offset 3284, 16 lines modifiedOffset 3284, 16 lines modified
3284 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/3284 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
3285 ······find:3285 ······find:
3286 ········paths:·/etc/audit/rules.d3286 ········paths:·/etc/audit/rules.d
3287 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+3287 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
3288 ········patterns:·'*.rules'3288 ········patterns:·'*.rules'
3289 ······register:·find_existing_watch_rules_d3289 ······register:·find_existing_watch_rules_d
3290 ······when:3290 ······when:
3291 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3292 ······-·'"audit"·in·ansible_facts.packages'3291 ······-·'"audit"·in·ansible_facts.packages'
 3292 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3293 ······tags:3293 ······tags:
3294 ······-·CCE-27168-43294 ······-·CCE-27168-4
3295 ······-·CJIS-5.4.1.13295 ······-·CJIS-5.4.1.1
3296 ······-·NIST-800-171-3.1.83296 ······-·NIST-800-171-3.1.8
3297 ······-·NIST-800-53-AU-12(c)3297 ······-·NIST-800-53-AU-12(c)
3298 ······-·NIST-800-53-AU-2(d)3298 ······-·NIST-800-53-AU-2(d)
3299 ······-·NIST-800-53-CM-6(a)3299 ······-·NIST-800-53-CM-6(a)
Offset 3308, 16 lines modifiedOffset 3308, 16 lines modified
3308 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy3308 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
3309 ······find:3309 ······find:
3310 ········paths:·/etc/audit/rules.d3310 ········paths:·/etc/audit/rules.d
3311 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$3311 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
3312 ········patterns:·'*.rules'3312 ········patterns:·'*.rules'
3313 ······register:·find_watch_key3313 ······register:·find_watch_key
3314 ······when:3314 ······when:
3315 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3316 ······-·'"audit"·in·ansible_facts.packages'3315 ······-·'"audit"·in·ansible_facts.packages'
 3316 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3317 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched3317 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
3318 ········==·03318 ········==·0
3319 ······tags:3319 ······tags:
3320 ······-·CCE-27168-43320 ······-·CCE-27168-4
3321 ······-·CJIS-5.4.1.13321 ······-·CJIS-5.4.1.1
3322 ······-·NIST-800-171-3.1.83322 ······-·NIST-800-171-3.1.8
3323 ······-·NIST-800-53-AU-12(c)3323 ······-·NIST-800-53-AU-12(c)
Offset 3332, 16 lines modifiedOffset 3332, 16 lines modified
3332 ······-·restrict_strategy3332 ······-·restrict_strategy
  
3333 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule3333 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
3334 ······set_fact:3334 ······set_fact:
3335 ········all_files:3335 ········all_files:
3336 ········-·/etc/audit/rules.d/MAC-policy.rules3336 ········-·/etc/audit/rules.d/MAC-policy.rules
3337 ······when:3337 ······when:
3338 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3339 ······-·'"audit"·in·ansible_facts.packages'3338 ······-·'"audit"·in·ansible_facts.packages'
 3339 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3340 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched3340 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
3341 ········is·defined·and·find_existing_watch_rules_d.matched·==·03341 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
3342 ······tags:3342 ······tags:
3343 ······-·CCE-27168-43343 ······-·CCE-27168-4
3344 ······-·CJIS-5.4.1.13344 ······-·CJIS-5.4.1.1
3345 ······-·NIST-800-171-3.1.83345 ······-·NIST-800-171-3.1.8
3346 ······-·NIST-800-53-AU-12(c)3346 ······-·NIST-800-53-AU-12(c)
Offset 3356, 16 lines modifiedOffset 3356, 16 lines modified
3356 ······-·restrict_strategy3356 ······-·restrict_strategy
  
3357 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule3357 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
3358 ······set_fact:3358 ······set_fact:
3359 ········all_files:3359 ········all_files:
3360 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'3360 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
3361 ······when:3361 ······when:
3362 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3363 ······-·'"audit"·in·ansible_facts.packages'3362 ······-·'"audit"·in·ansible_facts.packages'
 3363 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3364 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched3364 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
3365 ········is·defined·and·find_existing_watch_rules_d.matched·==·03365 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
3366 ······tags:3366 ······tags:
3367 ······-·CCE-27168-43367 ······-·CCE-27168-4
3368 ······-·CJIS-5.4.1.13368 ······-·CJIS-5.4.1.1
3369 ······-·NIST-800-171-3.1.83369 ······-·NIST-800-171-3.1.8
3370 ······-·NIST-800-53-AU-12(c)3370 ······-·NIST-800-53-AU-12(c)
Offset 3382, 16 lines modifiedOffset 3382, 16 lines modified
3382 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/3382 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
Max diff block lines reached; 193099/198082 bytes (97.48%) of diff not shown.
15.5 KB
./usr/share/scap-security-guide/ansible/rhel7-playbook-cis_server_l1.yml
Ordering differences only
    
Offset 2886, 16 lines modifiedOffset 2886, 16 lines modified
2886 ······-·no_reboot_needed2886 ······-·no_reboot_needed
  
2887 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg2887 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
2888 ······stat:2888 ······stat:
2889 ········path:·/boot/grub2/grub.cfg2889 ········path:·/boot/grub2/grub.cfg
2890 ······register:·file_exists2890 ······register:·file_exists
2891 ······when:2891 ······when:
2892 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2893 ······-·'"grub2-common"·in·ansible_facts.packages'2892 ······-·'"grub2-common"·in·ansible_facts.packages'
 2893 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2894 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2894 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2895 ······tags:2895 ······tags:
2896 ······-·CCE-82023-32896 ······-·CCE-82023-3
2897 ······-·CJIS-5.5.2.22897 ······-·CJIS-5.5.2.2
2898 ······-·NIST-800-171-3.4.52898 ······-·NIST-800-171-3.4.5
2899 ······-·NIST-800-53-AC-6(1)2899 ······-·NIST-800-53-AC-6(1)
2900 ······-·NIST-800-53-CM-6(a)2900 ······-·NIST-800-53-CM-6(a)
Offset 2908, 16 lines modifiedOffset 2908, 16 lines modified
2908 ······-·no_reboot_needed2908 ······-·no_reboot_needed
  
2909 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg2909 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
2910 ······file:2910 ······file:
2911 ········path:·/boot/grub2/grub.cfg2911 ········path:·/boot/grub2/grub.cfg
2912 ········group:·'0'2912 ········group:·'0'
2913 ······when:2913 ······when:
2914 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2915 ······-·'"grub2-common"·in·ansible_facts.packages'2914 ······-·'"grub2-common"·in·ansible_facts.packages'
 2915 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2916 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2916 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2917 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists2917 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
2918 ······tags:2918 ······tags:
2919 ······-·CCE-82023-32919 ······-·CCE-82023-3
2920 ······-·CJIS-5.5.2.22920 ······-·CJIS-5.5.2.2
2921 ······-·NIST-800-171-3.4.52921 ······-·NIST-800-171-3.4.5
2922 ······-·NIST-800-53-AC-6(1)2922 ······-·NIST-800-53-AC-6(1)
Offset 2949, 16 lines modifiedOffset 2949, 16 lines modified
2949 ······-·no_reboot_needed2949 ······-·no_reboot_needed
  
2950 ····-·name:·Test·for·existence·/boot/grub2/user.cfg2950 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
2951 ······stat:2951 ······stat:
2952 ········path:·/boot/grub2/user.cfg2952 ········path:·/boot/grub2/user.cfg
2953 ······register:·file_exists2953 ······register:·file_exists
2954 ······when:2954 ······when:
2955 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2956 ······-·'"grub2-common"·in·ansible_facts.packages'2955 ······-·'"grub2-common"·in·ansible_facts.packages'
 2956 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2957 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2957 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2958 ······tags:2958 ······tags:
2959 ······-·CCE-86008-02959 ······-·CCE-86008-0
2960 ······-·CJIS-5.5.2.22960 ······-·CJIS-5.5.2.2
2961 ······-·NIST-800-171-3.4.52961 ······-·NIST-800-171-3.4.5
2962 ······-·NIST-800-53-AC-6(1)2962 ······-·NIST-800-53-AC-6(1)
2963 ······-·NIST-800-53-CM-6(a)2963 ······-·NIST-800-53-CM-6(a)
Offset 2971, 16 lines modifiedOffset 2971, 16 lines modified
2971 ······-·no_reboot_needed2971 ······-·no_reboot_needed
  
2972 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg2972 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
2973 ······file:2973 ······file:
2974 ········path:·/boot/grub2/user.cfg2974 ········path:·/boot/grub2/user.cfg
2975 ········group:·'0'2975 ········group:·'0'
2976 ······when:2976 ······when:
2977 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2978 ······-·'"grub2-common"·in·ansible_facts.packages'2977 ······-·'"grub2-common"·in·ansible_facts.packages'
 2978 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2979 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2979 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2980 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists2980 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
2981 ······tags:2981 ······tags:
2982 ······-·CCE-86008-02982 ······-·CCE-86008-0
2983 ······-·CJIS-5.5.2.22983 ······-·CJIS-5.5.2.2
2984 ······-·NIST-800-171-3.4.52984 ······-·NIST-800-171-3.4.5
2985 ······-·NIST-800-53-AC-6(1)2985 ······-·NIST-800-53-AC-6(1)
Offset 3012, 16 lines modifiedOffset 3012, 16 lines modified
3012 ······-·no_reboot_needed3012 ······-·no_reboot_needed
  
3013 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg3013 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
3014 ······stat:3014 ······stat:
3015 ········path:·/boot/grub2/grub.cfg3015 ········path:·/boot/grub2/grub.cfg
3016 ······register:·file_exists3016 ······register:·file_exists
3017 ······when:3017 ······when:
3018 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3019 ······-·'"grub2-common"·in·ansible_facts.packages'3018 ······-·'"grub2-common"·in·ansible_facts.packages'
 3019 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
3020 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3020 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3021 ······tags:3021 ······tags:
3022 ······-·CCE-82026-63022 ······-·CCE-82026-6
3023 ······-·CJIS-5.5.2.23023 ······-·CJIS-5.5.2.2
3024 ······-·NIST-800-171-3.4.53024 ······-·NIST-800-171-3.4.5
3025 ······-·NIST-800-53-AC-6(1)3025 ······-·NIST-800-53-AC-6(1)
3026 ······-·NIST-800-53-CM-6(a)3026 ······-·NIST-800-53-CM-6(a)
Offset 3034, 16 lines modifiedOffset 3034, 16 lines modified
3034 ······-·no_reboot_needed3034 ······-·no_reboot_needed
  
3035 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg3035 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
3036 ······file:3036 ······file:
3037 ········path:·/boot/grub2/grub.cfg3037 ········path:·/boot/grub2/grub.cfg
3038 ········owner:·'0'3038 ········owner:·'0'
3039 ······when:3039 ······when:
3040 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3041 ······-·'"grub2-common"·in·ansible_facts.packages'3040 ······-·'"grub2-common"·in·ansible_facts.packages'
 3041 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
3042 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3042 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3043 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists3043 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
3044 ······tags:3044 ······tags:
3045 ······-·CCE-82026-63045 ······-·CCE-82026-6
3046 ······-·CJIS-5.5.2.23046 ······-·CJIS-5.5.2.2
3047 ······-·NIST-800-171-3.4.53047 ······-·NIST-800-171-3.4.5
3048 ······-·NIST-800-53-AC-6(1)3048 ······-·NIST-800-53-AC-6(1)
Offset 3075, 16 lines modifiedOffset 3075, 16 lines modified
3075 ······-·no_reboot_needed3075 ······-·no_reboot_needed
  
3076 ····-·name:·Test·for·existence·/boot/grub2/user.cfg3076 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
3077 ······stat:3077 ······stat:
3078 ········path:·/boot/grub2/user.cfg3078 ········path:·/boot/grub2/user.cfg
3079 ······register:·file_exists3079 ······register:·file_exists
3080 ······when:3080 ······when:
3081 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3082 ······-·'"grub2-common"·in·ansible_facts.packages'3081 ······-·'"grub2-common"·in·ansible_facts.packages'
 3082 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
3083 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3083 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3084 ······tags:3084 ······tags:
3085 ······-·CCE-86014-83085 ······-·CCE-86014-8
3086 ······-·CJIS-5.5.2.23086 ······-·CJIS-5.5.2.2
3087 ······-·NIST-800-171-3.4.53087 ······-·NIST-800-171-3.4.5
3088 ······-·NIST-800-53-AC-6(1)3088 ······-·NIST-800-53-AC-6(1)
3089 ······-·NIST-800-53-CM-6(a)3089 ······-·NIST-800-53-CM-6(a)
Offset 3097, 16 lines modifiedOffset 3097, 16 lines modified
3097 ······-·no_reboot_needed3097 ······-·no_reboot_needed
Max diff block lines reached; 11119/15734 bytes (70.67%) of diff not shown.
15.5 KB
./usr/share/scap-security-guide/ansible/rhel7-playbook-cis_workstation_l1.yml
Ordering differences only
    
Offset 2886, 16 lines modifiedOffset 2886, 16 lines modified
2886 ······-·no_reboot_needed2886 ······-·no_reboot_needed
  
2887 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg2887 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
2888 ······stat:2888 ······stat:
2889 ········path:·/boot/grub2/grub.cfg2889 ········path:·/boot/grub2/grub.cfg
2890 ······register:·file_exists2890 ······register:·file_exists
2891 ······when:2891 ······when:
2892 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2893 ······-·'"grub2-common"·in·ansible_facts.packages'2892 ······-·'"grub2-common"·in·ansible_facts.packages'
 2893 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2894 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2894 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2895 ······tags:2895 ······tags:
2896 ······-·CCE-82023-32896 ······-·CCE-82023-3
2897 ······-·CJIS-5.5.2.22897 ······-·CJIS-5.5.2.2
2898 ······-·NIST-800-171-3.4.52898 ······-·NIST-800-171-3.4.5
2899 ······-·NIST-800-53-AC-6(1)2899 ······-·NIST-800-53-AC-6(1)
2900 ······-·NIST-800-53-CM-6(a)2900 ······-·NIST-800-53-CM-6(a)
Offset 2908, 16 lines modifiedOffset 2908, 16 lines modified
2908 ······-·no_reboot_needed2908 ······-·no_reboot_needed
  
2909 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg2909 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
2910 ······file:2910 ······file:
2911 ········path:·/boot/grub2/grub.cfg2911 ········path:·/boot/grub2/grub.cfg
2912 ········group:·'0'2912 ········group:·'0'
2913 ······when:2913 ······when:
2914 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2915 ······-·'"grub2-common"·in·ansible_facts.packages'2914 ······-·'"grub2-common"·in·ansible_facts.packages'
 2915 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2916 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2916 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2917 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists2917 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
2918 ······tags:2918 ······tags:
2919 ······-·CCE-82023-32919 ······-·CCE-82023-3
2920 ······-·CJIS-5.5.2.22920 ······-·CJIS-5.5.2.2
2921 ······-·NIST-800-171-3.4.52921 ······-·NIST-800-171-3.4.5
2922 ······-·NIST-800-53-AC-6(1)2922 ······-·NIST-800-53-AC-6(1)
Offset 2949, 16 lines modifiedOffset 2949, 16 lines modified
2949 ······-·no_reboot_needed2949 ······-·no_reboot_needed
  
2950 ····-·name:·Test·for·existence·/boot/grub2/user.cfg2950 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
2951 ······stat:2951 ······stat:
2952 ········path:·/boot/grub2/user.cfg2952 ········path:·/boot/grub2/user.cfg
2953 ······register:·file_exists2953 ······register:·file_exists
2954 ······when:2954 ······when:
2955 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2956 ······-·'"grub2-common"·in·ansible_facts.packages'2955 ······-·'"grub2-common"·in·ansible_facts.packages'
 2956 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2957 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2957 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2958 ······tags:2958 ······tags:
2959 ······-·CCE-86008-02959 ······-·CCE-86008-0
2960 ······-·CJIS-5.5.2.22960 ······-·CJIS-5.5.2.2
2961 ······-·NIST-800-171-3.4.52961 ······-·NIST-800-171-3.4.5
2962 ······-·NIST-800-53-AC-6(1)2962 ······-·NIST-800-53-AC-6(1)
2963 ······-·NIST-800-53-CM-6(a)2963 ······-·NIST-800-53-CM-6(a)
Offset 2971, 16 lines modifiedOffset 2971, 16 lines modified
2971 ······-·no_reboot_needed2971 ······-·no_reboot_needed
  
2972 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg2972 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
2973 ······file:2973 ······file:
2974 ········path:·/boot/grub2/user.cfg2974 ········path:·/boot/grub2/user.cfg
2975 ········group:·'0'2975 ········group:·'0'
2976 ······when:2976 ······when:
2977 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2978 ······-·'"grub2-common"·in·ansible_facts.packages'2977 ······-·'"grub2-common"·in·ansible_facts.packages'
 2978 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2979 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2979 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2980 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists2980 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
2981 ······tags:2981 ······tags:
2982 ······-·CCE-86008-02982 ······-·CCE-86008-0
2983 ······-·CJIS-5.5.2.22983 ······-·CJIS-5.5.2.2
2984 ······-·NIST-800-171-3.4.52984 ······-·NIST-800-171-3.4.5
2985 ······-·NIST-800-53-AC-6(1)2985 ······-·NIST-800-53-AC-6(1)
Offset 3012, 16 lines modifiedOffset 3012, 16 lines modified
3012 ······-·no_reboot_needed3012 ······-·no_reboot_needed
  
3013 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg3013 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
3014 ······stat:3014 ······stat:
3015 ········path:·/boot/grub2/grub.cfg3015 ········path:·/boot/grub2/grub.cfg
3016 ······register:·file_exists3016 ······register:·file_exists
3017 ······when:3017 ······when:
3018 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3019 ······-·'"grub2-common"·in·ansible_facts.packages'3018 ······-·'"grub2-common"·in·ansible_facts.packages'
 3019 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
3020 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3020 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3021 ······tags:3021 ······tags:
3022 ······-·CCE-82026-63022 ······-·CCE-82026-6
3023 ······-·CJIS-5.5.2.23023 ······-·CJIS-5.5.2.2
3024 ······-·NIST-800-171-3.4.53024 ······-·NIST-800-171-3.4.5
3025 ······-·NIST-800-53-AC-6(1)3025 ······-·NIST-800-53-AC-6(1)
3026 ······-·NIST-800-53-CM-6(a)3026 ······-·NIST-800-53-CM-6(a)
Offset 3034, 16 lines modifiedOffset 3034, 16 lines modified
3034 ······-·no_reboot_needed3034 ······-·no_reboot_needed
  
3035 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg3035 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
3036 ······file:3036 ······file:
3037 ········path:·/boot/grub2/grub.cfg3037 ········path:·/boot/grub2/grub.cfg
3038 ········owner:·'0'3038 ········owner:·'0'
3039 ······when:3039 ······when:
3040 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3041 ······-·'"grub2-common"·in·ansible_facts.packages'3040 ······-·'"grub2-common"·in·ansible_facts.packages'
 3041 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
3042 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3042 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3043 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists3043 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
3044 ······tags:3044 ······tags:
3045 ······-·CCE-82026-63045 ······-·CCE-82026-6
3046 ······-·CJIS-5.5.2.23046 ······-·CJIS-5.5.2.2
3047 ······-·NIST-800-171-3.4.53047 ······-·NIST-800-171-3.4.5
3048 ······-·NIST-800-53-AC-6(1)3048 ······-·NIST-800-53-AC-6(1)
Offset 3075, 16 lines modifiedOffset 3075, 16 lines modified
3075 ······-·no_reboot_needed3075 ······-·no_reboot_needed
  
3076 ····-·name:·Test·for·existence·/boot/grub2/user.cfg3076 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
3077 ······stat:3077 ······stat:
3078 ········path:·/boot/grub2/user.cfg3078 ········path:·/boot/grub2/user.cfg
3079 ······register:·file_exists3079 ······register:·file_exists
3080 ······when:3080 ······when:
3081 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3082 ······-·'"grub2-common"·in·ansible_facts.packages'3081 ······-·'"grub2-common"·in·ansible_facts.packages'
 3082 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
3083 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3083 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3084 ······tags:3084 ······tags:
3085 ······-·CCE-86014-83085 ······-·CCE-86014-8
3086 ······-·CJIS-5.5.2.23086 ······-·CJIS-5.5.2.2
3087 ······-·NIST-800-171-3.4.53087 ······-·NIST-800-171-3.4.5
3088 ······-·NIST-800-53-AC-6(1)3088 ······-·NIST-800-53-AC-6(1)
3089 ······-·NIST-800-53-CM-6(a)3089 ······-·NIST-800-53-CM-6(a)
Offset 3097, 16 lines modifiedOffset 3097, 16 lines modified
3097 ······-·no_reboot_needed3097 ······-·no_reboot_needed
Max diff block lines reached; 11119/15734 bytes (70.67%) of diff not shown.
194 KB
./usr/share/scap-security-guide/ansible/rhel7-playbook-cis_workstation_l2.yml
Ordering differences only
    
Offset 3189, 16 lines modifiedOffset 3189, 16 lines modified
  
3189 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension3189 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
3190 ······find:3190 ······find:
3191 ········paths:·/etc/audit/rules.d/3191 ········paths:·/etc/audit/rules.d/
3192 ········patterns:·'*.rules'3192 ········patterns:·'*.rules'
3193 ······register:·find_rules_d3193 ······register:·find_rules_d
3194 ······when:3194 ······when:
3195 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3196 ······-·'"audit"·in·ansible_facts.packages'3195 ······-·'"audit"·in·ansible_facts.packages'
 3196 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3197 ······tags:3197 ······tags:
3198 ······-·CCE-27097-53198 ······-·CCE-27097-5
3199 ······-·CJIS-5.4.1.13199 ······-·CJIS-5.4.1.1
3200 ······-·NIST-800-171-3.3.13200 ······-·NIST-800-171-3.3.1
3201 ······-·NIST-800-171-3.4.33201 ······-·NIST-800-171-3.4.3
3202 ······-·NIST-800-53-AC-6(9)3202 ······-·NIST-800-53-AC-6(9)
3203 ······-·NIST-800-53-CM-6(a)3203 ······-·NIST-800-53-CM-6(a)
Offset 3214, 16 lines modifiedOffset 3214, 16 lines modified
3214 ······lineinfile:3214 ······lineinfile:
3215 ········path:·'{{·item·}}'3215 ········path:·'{{·item·}}'
3216 ········regexp:·^\s*(?:-e)\s+.*$3216 ········regexp:·^\s*(?:-e)\s+.*$
3217 ········state:·absent3217 ········state:·absent
3218 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']3218 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
3219 ········}}'3219 ········}}'
3220 ······when:3220 ······when:
3221 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3222 ······-·'"audit"·in·ansible_facts.packages'3221 ······-·'"audit"·in·ansible_facts.packages'
 3222 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3223 ······tags:3223 ······tags:
3224 ······-·CCE-27097-53224 ······-·CCE-27097-5
3225 ······-·CJIS-5.4.1.13225 ······-·CJIS-5.4.1.1
3226 ······-·NIST-800-171-3.3.13226 ······-·NIST-800-171-3.3.1
3227 ······-·NIST-800-171-3.4.33227 ······-·NIST-800-171-3.4.3
3228 ······-·NIST-800-53-AC-6(9)3228 ······-·NIST-800-53-AC-6(9)
3229 ······-·NIST-800-53-CM-6(a)3229 ······-·NIST-800-53-CM-6(a)
Offset 3241, 16 lines modifiedOffset 3241, 16 lines modified
3241 ········create:·true3241 ········create:·true
3242 ········line:·-e·23242 ········line:·-e·2
3243 ········mode:·o-rwx3243 ········mode:·o-rwx
3244 ······loop:3244 ······loop:
3245 ······-·/etc/audit/audit.rules3245 ······-·/etc/audit/audit.rules
3246 ······-·/etc/audit/rules.d/immutable.rules3246 ······-·/etc/audit/rules.d/immutable.rules
3247 ······when:3247 ······when:
3248 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3249 ······-·'"audit"·in·ansible_facts.packages'3248 ······-·'"audit"·in·ansible_facts.packages'
 3249 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3250 ······tags:3250 ······tags:
3251 ······-·CCE-27097-53251 ······-·CCE-27097-5
3252 ······-·CJIS-5.4.1.13252 ······-·CJIS-5.4.1.1
3253 ······-·NIST-800-171-3.3.13253 ······-·NIST-800-171-3.3.1
3254 ······-·NIST-800-171-3.4.33254 ······-·NIST-800-171-3.4.3
3255 ······-·NIST-800-53-AC-6(9)3255 ······-·NIST-800-53-AC-6(9)
3256 ······-·NIST-800-53-CM-6(a)3256 ······-·NIST-800-53-CM-6(a)
Offset 3284, 16 lines modifiedOffset 3284, 16 lines modified
3284 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/3284 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
3285 ······find:3285 ······find:
3286 ········paths:·/etc/audit/rules.d3286 ········paths:·/etc/audit/rules.d
3287 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+3287 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
3288 ········patterns:·'*.rules'3288 ········patterns:·'*.rules'
3289 ······register:·find_existing_watch_rules_d3289 ······register:·find_existing_watch_rules_d
3290 ······when:3290 ······when:
3291 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3292 ······-·'"audit"·in·ansible_facts.packages'3291 ······-·'"audit"·in·ansible_facts.packages'
 3292 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3293 ······tags:3293 ······tags:
3294 ······-·CCE-27168-43294 ······-·CCE-27168-4
3295 ······-·CJIS-5.4.1.13295 ······-·CJIS-5.4.1.1
3296 ······-·NIST-800-171-3.1.83296 ······-·NIST-800-171-3.1.8
3297 ······-·NIST-800-53-AU-12(c)3297 ······-·NIST-800-53-AU-12(c)
3298 ······-·NIST-800-53-AU-2(d)3298 ······-·NIST-800-53-AU-2(d)
3299 ······-·NIST-800-53-CM-6(a)3299 ······-·NIST-800-53-CM-6(a)
Offset 3308, 16 lines modifiedOffset 3308, 16 lines modified
3308 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy3308 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
3309 ······find:3309 ······find:
3310 ········paths:·/etc/audit/rules.d3310 ········paths:·/etc/audit/rules.d
3311 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$3311 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
3312 ········patterns:·'*.rules'3312 ········patterns:·'*.rules'
3313 ······register:·find_watch_key3313 ······register:·find_watch_key
3314 ······when:3314 ······when:
3315 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3316 ······-·'"audit"·in·ansible_facts.packages'3315 ······-·'"audit"·in·ansible_facts.packages'
 3316 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3317 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched3317 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
3318 ········==·03318 ········==·0
3319 ······tags:3319 ······tags:
3320 ······-·CCE-27168-43320 ······-·CCE-27168-4
3321 ······-·CJIS-5.4.1.13321 ······-·CJIS-5.4.1.1
3322 ······-·NIST-800-171-3.1.83322 ······-·NIST-800-171-3.1.8
3323 ······-·NIST-800-53-AU-12(c)3323 ······-·NIST-800-53-AU-12(c)
Offset 3332, 16 lines modifiedOffset 3332, 16 lines modified
3332 ······-·restrict_strategy3332 ······-·restrict_strategy
  
3333 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule3333 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
3334 ······set_fact:3334 ······set_fact:
3335 ········all_files:3335 ········all_files:
3336 ········-·/etc/audit/rules.d/MAC-policy.rules3336 ········-·/etc/audit/rules.d/MAC-policy.rules
3337 ······when:3337 ······when:
3338 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3339 ······-·'"audit"·in·ansible_facts.packages'3338 ······-·'"audit"·in·ansible_facts.packages'
 3339 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3340 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched3340 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
3341 ········is·defined·and·find_existing_watch_rules_d.matched·==·03341 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
3342 ······tags:3342 ······tags:
3343 ······-·CCE-27168-43343 ······-·CCE-27168-4
3344 ······-·CJIS-5.4.1.13344 ······-·CJIS-5.4.1.1
3345 ······-·NIST-800-171-3.1.83345 ······-·NIST-800-171-3.1.8
3346 ······-·NIST-800-53-AU-12(c)3346 ······-·NIST-800-53-AU-12(c)
Offset 3356, 16 lines modifiedOffset 3356, 16 lines modified
3356 ······-·restrict_strategy3356 ······-·restrict_strategy
  
3357 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule3357 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
3358 ······set_fact:3358 ······set_fact:
3359 ········all_files:3359 ········all_files:
3360 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'3360 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
3361 ······when:3361 ······when:
3362 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
3363 ······-·'"audit"·in·ansible_facts.packages'3362 ······-·'"audit"·in·ansible_facts.packages'
 3363 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3364 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched3364 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
3365 ········is·defined·and·find_existing_watch_rules_d.matched·==·03365 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
3366 ······tags:3366 ······tags:
3367 ······-·CCE-27168-43367 ······-·CCE-27168-4
3368 ······-·CJIS-5.4.1.13368 ······-·CJIS-5.4.1.1
3369 ······-·NIST-800-171-3.1.83369 ······-·NIST-800-171-3.1.8
3370 ······-·NIST-800-53-AU-12(c)3370 ······-·NIST-800-53-AU-12(c)
Offset 3382, 16 lines modifiedOffset 3382, 16 lines modified
3382 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/3382 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
Max diff block lines reached; 193099/198082 bytes (97.48%) of diff not shown.
108 KB
./usr/share/scap-security-guide/ansible/rhel7-playbook-cjis.yml
Ordering differences only
    
Offset 2750, 16 lines modifiedOffset 2750, 16 lines modified
  
2750 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension2750 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
2751 ······find:2751 ······find:
2752 ········paths:·/etc/audit/rules.d/2752 ········paths:·/etc/audit/rules.d/
2753 ········patterns:·'*.rules'2753 ········patterns:·'*.rules'
2754 ······register:·find_rules_d2754 ······register:·find_rules_d
2755 ······when:2755 ······when:
2756 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2757 ······-·'"audit"·in·ansible_facts.packages'2756 ······-·'"audit"·in·ansible_facts.packages'
 2757 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2758 ······tags:2758 ······tags:
2759 ······-·CCE-27097-52759 ······-·CCE-27097-5
2760 ······-·CJIS-5.4.1.12760 ······-·CJIS-5.4.1.1
2761 ······-·NIST-800-171-3.3.12761 ······-·NIST-800-171-3.3.1
2762 ······-·NIST-800-171-3.4.32762 ······-·NIST-800-171-3.4.3
2763 ······-·NIST-800-53-AC-6(9)2763 ······-·NIST-800-53-AC-6(9)
2764 ······-·NIST-800-53-CM-6(a)2764 ······-·NIST-800-53-CM-6(a)
Offset 2775, 16 lines modifiedOffset 2775, 16 lines modified
2775 ······lineinfile:2775 ······lineinfile:
2776 ········path:·'{{·item·}}'2776 ········path:·'{{·item·}}'
2777 ········regexp:·^\s*(?:-e)\s+.*$2777 ········regexp:·^\s*(?:-e)\s+.*$
2778 ········state:·absent2778 ········state:·absent
2779 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']2779 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
2780 ········}}'2780 ········}}'
2781 ······when:2781 ······when:
2782 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2783 ······-·'"audit"·in·ansible_facts.packages'2782 ······-·'"audit"·in·ansible_facts.packages'
 2783 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2784 ······tags:2784 ······tags:
2785 ······-·CCE-27097-52785 ······-·CCE-27097-5
2786 ······-·CJIS-5.4.1.12786 ······-·CJIS-5.4.1.1
2787 ······-·NIST-800-171-3.3.12787 ······-·NIST-800-171-3.3.1
2788 ······-·NIST-800-171-3.4.32788 ······-·NIST-800-171-3.4.3
2789 ······-·NIST-800-53-AC-6(9)2789 ······-·NIST-800-53-AC-6(9)
2790 ······-·NIST-800-53-CM-6(a)2790 ······-·NIST-800-53-CM-6(a)
Offset 2802, 16 lines modifiedOffset 2802, 16 lines modified
2802 ········create:·true2802 ········create:·true
2803 ········line:·-e·22803 ········line:·-e·2
2804 ········mode:·o-rwx2804 ········mode:·o-rwx
2805 ······loop:2805 ······loop:
2806 ······-·/etc/audit/audit.rules2806 ······-·/etc/audit/audit.rules
2807 ······-·/etc/audit/rules.d/immutable.rules2807 ······-·/etc/audit/rules.d/immutable.rules
2808 ······when:2808 ······when:
2809 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2810 ······-·'"audit"·in·ansible_facts.packages'2809 ······-·'"audit"·in·ansible_facts.packages'
 2810 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2811 ······tags:2811 ······tags:
2812 ······-·CCE-27097-52812 ······-·CCE-27097-5
2813 ······-·CJIS-5.4.1.12813 ······-·CJIS-5.4.1.1
2814 ······-·NIST-800-171-3.3.12814 ······-·NIST-800-171-3.3.1
2815 ······-·NIST-800-171-3.4.32815 ······-·NIST-800-171-3.4.3
2816 ······-·NIST-800-53-AC-6(9)2816 ······-·NIST-800-53-AC-6(9)
2817 ······-·NIST-800-53-CM-6(a)2817 ······-·NIST-800-53-CM-6(a)
Offset 2845, 16 lines modifiedOffset 2845, 16 lines modified
2845 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/2845 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
2846 ······find:2846 ······find:
2847 ········paths:·/etc/audit/rules.d2847 ········paths:·/etc/audit/rules.d
2848 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+2848 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
2849 ········patterns:·'*.rules'2849 ········patterns:·'*.rules'
2850 ······register:·find_existing_watch_rules_d2850 ······register:·find_existing_watch_rules_d
2851 ······when:2851 ······when:
2852 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2853 ······-·'"audit"·in·ansible_facts.packages'2852 ······-·'"audit"·in·ansible_facts.packages'
 2853 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2854 ······tags:2854 ······tags:
2855 ······-·CCE-27168-42855 ······-·CCE-27168-4
2856 ······-·CJIS-5.4.1.12856 ······-·CJIS-5.4.1.1
2857 ······-·NIST-800-171-3.1.82857 ······-·NIST-800-171-3.1.8
2858 ······-·NIST-800-53-AU-12(c)2858 ······-·NIST-800-53-AU-12(c)
2859 ······-·NIST-800-53-AU-2(d)2859 ······-·NIST-800-53-AU-2(d)
2860 ······-·NIST-800-53-CM-6(a)2860 ······-·NIST-800-53-CM-6(a)
Offset 2869, 16 lines modifiedOffset 2869, 16 lines modified
2869 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy2869 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
2870 ······find:2870 ······find:
2871 ········paths:·/etc/audit/rules.d2871 ········paths:·/etc/audit/rules.d
2872 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$2872 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
2873 ········patterns:·'*.rules'2873 ········patterns:·'*.rules'
2874 ······register:·find_watch_key2874 ······register:·find_watch_key
2875 ······when:2875 ······when:
2876 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2877 ······-·'"audit"·in·ansible_facts.packages'2876 ······-·'"audit"·in·ansible_facts.packages'
 2877 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2878 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched2878 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
2879 ········==·02879 ········==·0
2880 ······tags:2880 ······tags:
2881 ······-·CCE-27168-42881 ······-·CCE-27168-4
2882 ······-·CJIS-5.4.1.12882 ······-·CJIS-5.4.1.1
2883 ······-·NIST-800-171-3.1.82883 ······-·NIST-800-171-3.1.8
2884 ······-·NIST-800-53-AU-12(c)2884 ······-·NIST-800-53-AU-12(c)
Offset 2893, 16 lines modifiedOffset 2893, 16 lines modified
2893 ······-·restrict_strategy2893 ······-·restrict_strategy
  
2894 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule2894 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
2895 ······set_fact:2895 ······set_fact:
2896 ········all_files:2896 ········all_files:
2897 ········-·/etc/audit/rules.d/MAC-policy.rules2897 ········-·/etc/audit/rules.d/MAC-policy.rules
2898 ······when:2898 ······when:
2899 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2900 ······-·'"audit"·in·ansible_facts.packages'2899 ······-·'"audit"·in·ansible_facts.packages'
 2900 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2901 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched2901 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
2902 ········is·defined·and·find_existing_watch_rules_d.matched·==·02902 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
2903 ······tags:2903 ······tags:
2904 ······-·CCE-27168-42904 ······-·CCE-27168-4
2905 ······-·CJIS-5.4.1.12905 ······-·CJIS-5.4.1.1
2906 ······-·NIST-800-171-3.1.82906 ······-·NIST-800-171-3.1.8
2907 ······-·NIST-800-53-AU-12(c)2907 ······-·NIST-800-53-AU-12(c)
Offset 2917, 16 lines modifiedOffset 2917, 16 lines modified
2917 ······-·restrict_strategy2917 ······-·restrict_strategy
  
2918 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule2918 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
2919 ······set_fact:2919 ······set_fact:
2920 ········all_files:2920 ········all_files:
2921 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'2921 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
2922 ······when:2922 ······when:
2923 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
2924 ······-·'"audit"·in·ansible_facts.packages'2923 ······-·'"audit"·in·ansible_facts.packages'
 2924 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2925 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched2925 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
2926 ········is·defined·and·find_existing_watch_rules_d.matched·==·02926 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
2927 ······tags:2927 ······tags:
2928 ······-·CCE-27168-42928 ······-·CCE-27168-4
2929 ······-·CJIS-5.4.1.12929 ······-·CJIS-5.4.1.1
2930 ······-·NIST-800-171-3.1.82930 ······-·NIST-800-171-3.1.8
2931 ······-·NIST-800-53-AU-12(c)2931 ······-·NIST-800-53-AU-12(c)
Offset 2943, 16 lines modifiedOffset 2943, 16 lines modified
2943 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/2943 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
Max diff block lines reached; 105339/110322 bytes (95.48%) of diff not shown.
786 B
./usr/share/scap-security-guide/ansible/rhel7-playbook-cui.yml
Ordering differences only
    
Offset 4681, 16 lines modifiedOffset 4681, 16 lines modified
4681 ······lineinfile:4681 ······lineinfile:
4682 ········dest:·/etc/audit/auditd.conf4682 ········dest:·/etc/audit/auditd.conf
4683 ········regexp:·^\s*flush\s*=\s*.*$4683 ········regexp:·^\s*flush\s*=\s*.*$
4684 ········line:·flush·=·{{·var_auditd_flush·}}4684 ········line:·flush·=·{{·var_auditd_flush·}}
4685 ········state:·present4685 ········state:·present
4686 ········create:·true4686 ········create:·true
4687 ······when:4687 ······when:
4688 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4689 ······-·'"audit"·in·ansible_facts.packages'4688 ······-·'"audit"·in·ansible_facts.packages'
 4689 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4690 ······tags:4690 ······tags:
4691 ······-·CCE-27331-84691 ······-·CCE-27331-8
4692 ······-·NIST-800-171-3.3.14692 ······-·NIST-800-171-3.3.1
4693 ······-·NIST-800-53-AU-114693 ······-·NIST-800-53-AU-11
4694 ······-·NIST-800-53-CM-6(a)4694 ······-·NIST-800-53-CM-6(a)
4695 ······-·auditd_data_retention_flush4695 ······-·auditd_data_retention_flush
4696 ······-·low_complexity4696 ······-·low_complexity
74.0 KB
./usr/share/scap-security-guide/ansible/rhel7-playbook-e8.yml
Ordering differences only
    
Offset 1095, 16 lines modifiedOffset 1095, 16 lines modified
1095 ······-·no_reboot_needed1095 ······-·no_reboot_needed
1096 ······-·restrict_strategy1096 ······-·restrict_strategy
  
1097 ····-·name:·Set·architecture·for·audit·tasks1097 ····-·name:·Set·architecture·for·audit·tasks
1098 ······set_fact:1098 ······set_fact:
1099 ········audit_arch:·b641099 ········audit_arch:·b64
1100 ······when:1100 ······when:
1101 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1102 ······-·'"audit"·in·ansible_facts.packages'1101 ······-·'"audit"·in·ansible_facts.packages'
 1102 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1103 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture1103 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
1104 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"1104 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
1105 ······tags:1105 ······tags:
1106 ······-·CCE-27076-91106 ······-·CCE-27076-9
1107 ······-·CJIS-5.4.1.11107 ······-·CJIS-5.4.1.1
1108 ······-·NIST-800-171-3.1.71108 ······-·NIST-800-171-3.1.7
1109 ······-·NIST-800-53-AC-6(9)1109 ······-·NIST-800-53-AC-6(9)
Offset 1238, 16 lines modifiedOffset 1238, 16 lines modified
1238 ··········path:·'{{·audit_file·}}'1238 ··········path:·'{{·audit_file·}}'
1239 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_rules_networkconfig_modification1239 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_rules_networkconfig_modification
1240 ··········create:·true1240 ··········create:·true
1241 ··········mode:·o-rwx1241 ··········mode:·o-rwx
1242 ··········state:·present1242 ··········state:·present
1243 ········when:·syscalls_found·|·length·==·01243 ········when:·syscalls_found·|·length·==·0
1244 ······when:1244 ······when:
1245 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1246 ······-·'"audit"·in·ansible_facts.packages'1245 ······-·'"audit"·in·ansible_facts.packages'
 1246 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1247 ······tags:1247 ······tags:
1248 ······-·CCE-27076-91248 ······-·CCE-27076-9
1249 ······-·CJIS-5.4.1.11249 ······-·CJIS-5.4.1.1
1250 ······-·NIST-800-171-3.1.71250 ······-·NIST-800-171-3.1.7
1251 ······-·NIST-800-53-AC-6(9)1251 ······-·NIST-800-53-AC-6(9)
1252 ······-·NIST-800-53-AU-12(c)1252 ······-·NIST-800-53-AU-12(c)
1253 ······-·NIST-800-53-AU-2(d)1253 ······-·NIST-800-53-AU-2(d)
Offset 1379, 16 lines modifiedOffset 1379, 16 lines modified
1379 ··········path:·'{{·audit_file·}}'1379 ··········path:·'{{·audit_file·}}'
1380 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_rules_networkconfig_modification1380 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_rules_networkconfig_modification
1381 ··········create:·true1381 ··········create:·true
1382 ··········mode:·o-rwx1382 ··········mode:·o-rwx
1383 ··········state:·present1383 ··········state:·present
1384 ········when:·syscalls_found·|·length·==·01384 ········when:·syscalls_found·|·length·==·0
1385 ······when:1385 ······when:
1386 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1387 ······-·'"audit"·in·ansible_facts.packages'1386 ······-·'"audit"·in·ansible_facts.packages'
 1387 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1388 ······-·audit_arch·==·"b64"1388 ······-·audit_arch·==·"b64"
1389 ······tags:1389 ······tags:
1390 ······-·CCE-27076-91390 ······-·CCE-27076-9
1391 ······-·CJIS-5.4.1.11391 ······-·CJIS-5.4.1.1
1392 ······-·NIST-800-171-3.1.71392 ······-·NIST-800-171-3.1.7
1393 ······-·NIST-800-53-AC-6(9)1393 ······-·NIST-800-53-AC-6(9)
1394 ······-·NIST-800-53-AU-12(c)1394 ······-·NIST-800-53-AU-12(c)
Offset 1405, 16 lines modifiedOffset 1405, 16 lines modified
1405 ····-·name:·Check·if·watch·rule·for·/etc/issue·already·exists·in·/etc/audit/rules.d/1405 ····-·name:·Check·if·watch·rule·for·/etc/issue·already·exists·in·/etc/audit/rules.d/
1406 ······find:1406 ······find:
1407 ········paths:·/etc/audit/rules.d1407 ········paths:·/etc/audit/rules.d
1408 ········contains:·^\s*-w\s+/etc/issue\s+-p\s+wa(\s|$)+1408 ········contains:·^\s*-w\s+/etc/issue\s+-p\s+wa(\s|$)+
1409 ········patterns:·'*.rules'1409 ········patterns:·'*.rules'
1410 ······register:·find_existing_watch_rules_d1410 ······register:·find_existing_watch_rules_d
1411 ······when:1411 ······when:
1412 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1413 ······-·'"audit"·in·ansible_facts.packages'1412 ······-·'"audit"·in·ansible_facts.packages'
 1413 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1414 ······tags:1414 ······tags:
1415 ······-·CCE-27076-91415 ······-·CCE-27076-9
1416 ······-·CJIS-5.4.1.11416 ······-·CJIS-5.4.1.1
1417 ······-·NIST-800-171-3.1.71417 ······-·NIST-800-171-3.1.7
1418 ······-·NIST-800-53-AC-6(9)1418 ······-·NIST-800-53-AC-6(9)
1419 ······-·NIST-800-53-AU-12(c)1419 ······-·NIST-800-53-AU-12(c)
1420 ······-·NIST-800-53-AU-2(d)1420 ······-·NIST-800-53-AU-2(d)
Offset 1430, 16 lines modifiedOffset 1430, 16 lines modified
1430 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·audit_rules_networkconfig_modification1430 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·audit_rules_networkconfig_modification
1431 ······find:1431 ······find:
1432 ········paths:·/etc/audit/rules.d1432 ········paths:·/etc/audit/rules.d
1433 ········contains:·^.*(?:-F·key=|-k\s+)audit_rules_networkconfig_modification$1433 ········contains:·^.*(?:-F·key=|-k\s+)audit_rules_networkconfig_modification$
1434 ········patterns:·'*.rules'1434 ········patterns:·'*.rules'
1435 ······register:·find_watch_key1435 ······register:·find_watch_key
1436 ······when:1436 ······when:
1437 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1438 ······-·'"audit"·in·ansible_facts.packages'1437 ······-·'"audit"·in·ansible_facts.packages'
 1438 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1439 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched1439 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
1440 ········==·01440 ········==·0
1441 ······tags:1441 ······tags:
1442 ······-·CCE-27076-91442 ······-·CCE-27076-9
1443 ······-·CJIS-5.4.1.11443 ······-·CJIS-5.4.1.1
1444 ······-·NIST-800-171-3.1.71444 ······-·NIST-800-171-3.1.7
1445 ······-·NIST-800-53-AC-6(9)1445 ······-·NIST-800-53-AC-6(9)
Offset 1456, 16 lines modifiedOffset 1456, 16 lines modified
  
1456 ····-·name:·Use·/etc/audit/rules.d/audit_rules_networkconfig_modification.rules·as·the1456 ····-·name:·Use·/etc/audit/rules.d/audit_rules_networkconfig_modification.rules·as·the
1457 ········recipient·for·the·rule1457 ········recipient·for·the·rule
1458 ······set_fact:1458 ······set_fact:
1459 ········all_files:1459 ········all_files:
1460 ········-·/etc/audit/rules.d/audit_rules_networkconfig_modification.rules1460 ········-·/etc/audit/rules.d/audit_rules_networkconfig_modification.rules
1461 ······when:1461 ······when:
1462 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1463 ······-·'"audit"·in·ansible_facts.packages'1462 ······-·'"audit"·in·ansible_facts.packages'
 1463 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1464 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched1464 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
1465 ········is·defined·and·find_existing_watch_rules_d.matched·==·01465 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1466 ······tags:1466 ······tags:
1467 ······-·CCE-27076-91467 ······-·CCE-27076-9
1468 ······-·CJIS-5.4.1.11468 ······-·CJIS-5.4.1.1
1469 ······-·NIST-800-171-3.1.71469 ······-·NIST-800-171-3.1.7
1470 ······-·NIST-800-53-AC-6(9)1470 ······-·NIST-800-53-AC-6(9)
Offset 1481, 16 lines modifiedOffset 1481, 16 lines modified
1481 ······-·restrict_strategy1481 ······-·restrict_strategy
  
1482 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule1482 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
1483 ······set_fact:1483 ······set_fact:
1484 ········all_files:1484 ········all_files:
1485 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'1485 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
1486 ······when:1486 ······when:
1487 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1488 ······-·'"audit"·in·ansible_facts.packages'1487 ······-·'"audit"·in·ansible_facts.packages'
 1488 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1489 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched1489 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
1490 ········is·defined·and·find_existing_watch_rules_d.matched·==·01490 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1491 ······tags:1491 ······tags:
1492 ······-·CCE-27076-91492 ······-·CCE-27076-9
1493 ······-·CJIS-5.4.1.11493 ······-·CJIS-5.4.1.1
1494 ······-·NIST-800-171-3.1.71494 ······-·NIST-800-171-3.1.7
1495 ······-·NIST-800-53-AC-6(9)1495 ······-·NIST-800-53-AC-6(9)
Offset 1508, 16 lines modifiedOffset 1508, 16 lines modified
1508 ····-·name:·Add·watch·rule·for·/etc/issue·in·/etc/audit/rules.d/1508 ····-·name:·Add·watch·rule·for·/etc/issue·in·/etc/audit/rules.d/
Max diff block lines reached; 70259/75599 bytes (92.94%) of diff not shown.
192 KB
./usr/share/scap-security-guide/ansible/rhel7-playbook-hipaa.yml
Ordering differences only
    
Offset 1356, 16 lines modifiedOffset 1356, 16 lines modified
  
1356 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension1356 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
1357 ······find:1357 ······find:
1358 ········paths:·/etc/audit/rules.d/1358 ········paths:·/etc/audit/rules.d/
1359 ········patterns:·'*.rules'1359 ········patterns:·'*.rules'
1360 ······register:·find_rules_d1360 ······register:·find_rules_d
1361 ······when:1361 ······when:
1362 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1363 ······-·'"audit"·in·ansible_facts.packages'1362 ······-·'"audit"·in·ansible_facts.packages'
 1363 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1364 ······tags:1364 ······tags:
1365 ······-·CCE-27097-51365 ······-·CCE-27097-5
1366 ······-·CJIS-5.4.1.11366 ······-·CJIS-5.4.1.1
1367 ······-·NIST-800-171-3.3.11367 ······-·NIST-800-171-3.3.1
1368 ······-·NIST-800-171-3.4.31368 ······-·NIST-800-171-3.4.3
1369 ······-·NIST-800-53-AC-6(9)1369 ······-·NIST-800-53-AC-6(9)
1370 ······-·NIST-800-53-CM-6(a)1370 ······-·NIST-800-53-CM-6(a)
Offset 1381, 16 lines modifiedOffset 1381, 16 lines modified
1381 ······lineinfile:1381 ······lineinfile:
1382 ········path:·'{{·item·}}'1382 ········path:·'{{·item·}}'
1383 ········regexp:·^\s*(?:-e)\s+.*$1383 ········regexp:·^\s*(?:-e)\s+.*$
1384 ········state:·absent1384 ········state:·absent
1385 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']1385 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
1386 ········}}'1386 ········}}'
1387 ······when:1387 ······when:
1388 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1389 ······-·'"audit"·in·ansible_facts.packages'1388 ······-·'"audit"·in·ansible_facts.packages'
 1389 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1390 ······tags:1390 ······tags:
1391 ······-·CCE-27097-51391 ······-·CCE-27097-5
1392 ······-·CJIS-5.4.1.11392 ······-·CJIS-5.4.1.1
1393 ······-·NIST-800-171-3.3.11393 ······-·NIST-800-171-3.3.1
1394 ······-·NIST-800-171-3.4.31394 ······-·NIST-800-171-3.4.3
1395 ······-·NIST-800-53-AC-6(9)1395 ······-·NIST-800-53-AC-6(9)
1396 ······-·NIST-800-53-CM-6(a)1396 ······-·NIST-800-53-CM-6(a)
Offset 1408, 16 lines modifiedOffset 1408, 16 lines modified
1408 ········create:·true1408 ········create:·true
1409 ········line:·-e·21409 ········line:·-e·2
1410 ········mode:·o-rwx1410 ········mode:·o-rwx
1411 ······loop:1411 ······loop:
1412 ······-·/etc/audit/audit.rules1412 ······-·/etc/audit/audit.rules
1413 ······-·/etc/audit/rules.d/immutable.rules1413 ······-·/etc/audit/rules.d/immutable.rules
1414 ······when:1414 ······when:
1415 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1416 ······-·'"audit"·in·ansible_facts.packages'1415 ······-·'"audit"·in·ansible_facts.packages'
 1416 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1417 ······tags:1417 ······tags:
1418 ······-·CCE-27097-51418 ······-·CCE-27097-5
1419 ······-·CJIS-5.4.1.11419 ······-·CJIS-5.4.1.1
1420 ······-·NIST-800-171-3.3.11420 ······-·NIST-800-171-3.3.1
1421 ······-·NIST-800-171-3.4.31421 ······-·NIST-800-171-3.4.3
1422 ······-·NIST-800-53-AC-6(9)1422 ······-·NIST-800-53-AC-6(9)
1423 ······-·NIST-800-53-CM-6(a)1423 ······-·NIST-800-53-CM-6(a)
Offset 1451, 16 lines modifiedOffset 1451, 16 lines modified
1451 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/1451 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
1452 ······find:1452 ······find:
1453 ········paths:·/etc/audit/rules.d1453 ········paths:·/etc/audit/rules.d
1454 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+1454 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
1455 ········patterns:·'*.rules'1455 ········patterns:·'*.rules'
1456 ······register:·find_existing_watch_rules_d1456 ······register:·find_existing_watch_rules_d
1457 ······when:1457 ······when:
1458 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1459 ······-·'"audit"·in·ansible_facts.packages'1458 ······-·'"audit"·in·ansible_facts.packages'
 1459 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1460 ······tags:1460 ······tags:
1461 ······-·CCE-27168-41461 ······-·CCE-27168-4
1462 ······-·CJIS-5.4.1.11462 ······-·CJIS-5.4.1.1
1463 ······-·NIST-800-171-3.1.81463 ······-·NIST-800-171-3.1.8
1464 ······-·NIST-800-53-AU-12(c)1464 ······-·NIST-800-53-AU-12(c)
1465 ······-·NIST-800-53-AU-2(d)1465 ······-·NIST-800-53-AU-2(d)
1466 ······-·NIST-800-53-CM-6(a)1466 ······-·NIST-800-53-CM-6(a)
Offset 1475, 16 lines modifiedOffset 1475, 16 lines modified
1475 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy1475 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
1476 ······find:1476 ······find:
1477 ········paths:·/etc/audit/rules.d1477 ········paths:·/etc/audit/rules.d
1478 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$1478 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
1479 ········patterns:·'*.rules'1479 ········patterns:·'*.rules'
1480 ······register:·find_watch_key1480 ······register:·find_watch_key
1481 ······when:1481 ······when:
1482 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1483 ······-·'"audit"·in·ansible_facts.packages'1482 ······-·'"audit"·in·ansible_facts.packages'
 1483 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1484 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched1484 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
1485 ········==·01485 ········==·0
1486 ······tags:1486 ······tags:
1487 ······-·CCE-27168-41487 ······-·CCE-27168-4
1488 ······-·CJIS-5.4.1.11488 ······-·CJIS-5.4.1.1
1489 ······-·NIST-800-171-3.1.81489 ······-·NIST-800-171-3.1.8
1490 ······-·NIST-800-53-AU-12(c)1490 ······-·NIST-800-53-AU-12(c)
Offset 1499, 16 lines modifiedOffset 1499, 16 lines modified
1499 ······-·restrict_strategy1499 ······-·restrict_strategy
  
1500 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule1500 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
1501 ······set_fact:1501 ······set_fact:
1502 ········all_files:1502 ········all_files:
1503 ········-·/etc/audit/rules.d/MAC-policy.rules1503 ········-·/etc/audit/rules.d/MAC-policy.rules
1504 ······when:1504 ······when:
1505 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1506 ······-·'"audit"·in·ansible_facts.packages'1505 ······-·'"audit"·in·ansible_facts.packages'
 1506 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1507 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched1507 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
1508 ········is·defined·and·find_existing_watch_rules_d.matched·==·01508 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1509 ······tags:1509 ······tags:
1510 ······-·CCE-27168-41510 ······-·CCE-27168-4
1511 ······-·CJIS-5.4.1.11511 ······-·CJIS-5.4.1.1
1512 ······-·NIST-800-171-3.1.81512 ······-·NIST-800-171-3.1.8
1513 ······-·NIST-800-53-AU-12(c)1513 ······-·NIST-800-53-AU-12(c)
Offset 1523, 16 lines modifiedOffset 1523, 16 lines modified
1523 ······-·restrict_strategy1523 ······-·restrict_strategy
  
1524 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule1524 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
1525 ······set_fact:1525 ······set_fact:
1526 ········all_files:1526 ········all_files:
1527 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'1527 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
1528 ······when:1528 ······when:
1529 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
1530 ······-·'"audit"·in·ansible_facts.packages'1529 ······-·'"audit"·in·ansible_facts.packages'
 1530 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1531 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched1531 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
1532 ········is·defined·and·find_existing_watch_rules_d.matched·==·01532 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1533 ······tags:1533 ······tags:
1534 ······-·CCE-27168-41534 ······-·CCE-27168-4
1535 ······-·CJIS-5.4.1.11535 ······-·CJIS-5.4.1.1
1536 ······-·NIST-800-171-3.1.81536 ······-·NIST-800-171-3.1.8
1537 ······-·NIST-800-53-AU-12(c)1537 ······-·NIST-800-53-AU-12(c)
Offset 1549, 16 lines modifiedOffset 1549, 16 lines modified
1549 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/1549 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
Max diff block lines reached; 191830/196813 bytes (97.47%) of diff not shown.
201 KB
./usr/share/scap-security-guide/ansible/rhel7-playbook-ncp.yml
Ordering differences only
    
Offset 10096, 16 lines modifiedOffset 10096, 16 lines modified
  
10096 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension10096 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
10097 ······find:10097 ······find:
10098 ········paths:·/etc/audit/rules.d/10098 ········paths:·/etc/audit/rules.d/
10099 ········patterns:·'*.rules'10099 ········patterns:·'*.rules'
10100 ······register:·find_rules_d10100 ······register:·find_rules_d
10101 ······when:10101 ······when:
10102 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
10103 ······-·'"audit"·in·ansible_facts.packages'10102 ······-·'"audit"·in·ansible_facts.packages'
 10103 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
10104 ······tags:10104 ······tags:
10105 ······-·CCE-27097-510105 ······-·CCE-27097-5
10106 ······-·CJIS-5.4.1.110106 ······-·CJIS-5.4.1.1
10107 ······-·NIST-800-171-3.3.110107 ······-·NIST-800-171-3.3.1
10108 ······-·NIST-800-171-3.4.310108 ······-·NIST-800-171-3.4.3
10109 ······-·NIST-800-53-AC-6(9)10109 ······-·NIST-800-53-AC-6(9)
10110 ······-·NIST-800-53-CM-6(a)10110 ······-·NIST-800-53-CM-6(a)
Offset 10121, 16 lines modifiedOffset 10121, 16 lines modified
10121 ······lineinfile:10121 ······lineinfile:
10122 ········path:·'{{·item·}}'10122 ········path:·'{{·item·}}'
10123 ········regexp:·^\s*(?:-e)\s+.*$10123 ········regexp:·^\s*(?:-e)\s+.*$
10124 ········state:·absent10124 ········state:·absent
10125 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']10125 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
10126 ········}}'10126 ········}}'
10127 ······when:10127 ······when:
10128 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
10129 ······-·'"audit"·in·ansible_facts.packages'10128 ······-·'"audit"·in·ansible_facts.packages'
 10129 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
10130 ······tags:10130 ······tags:
10131 ······-·CCE-27097-510131 ······-·CCE-27097-5
10132 ······-·CJIS-5.4.1.110132 ······-·CJIS-5.4.1.1
10133 ······-·NIST-800-171-3.3.110133 ······-·NIST-800-171-3.3.1
10134 ······-·NIST-800-171-3.4.310134 ······-·NIST-800-171-3.4.3
10135 ······-·NIST-800-53-AC-6(9)10135 ······-·NIST-800-53-AC-6(9)
10136 ······-·NIST-800-53-CM-6(a)10136 ······-·NIST-800-53-CM-6(a)
Offset 10148, 16 lines modifiedOffset 10148, 16 lines modified
10148 ········create:·true10148 ········create:·true
10149 ········line:·-e·210149 ········line:·-e·2
10150 ········mode:·o-rwx10150 ········mode:·o-rwx
10151 ······loop:10151 ······loop:
10152 ······-·/etc/audit/audit.rules10152 ······-·/etc/audit/audit.rules
10153 ······-·/etc/audit/rules.d/immutable.rules10153 ······-·/etc/audit/rules.d/immutable.rules
10154 ······when:10154 ······when:
10155 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
10156 ······-·'"audit"·in·ansible_facts.packages'10155 ······-·'"audit"·in·ansible_facts.packages'
 10156 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
10157 ······tags:10157 ······tags:
10158 ······-·CCE-27097-510158 ······-·CCE-27097-5
10159 ······-·CJIS-5.4.1.110159 ······-·CJIS-5.4.1.1
10160 ······-·NIST-800-171-3.3.110160 ······-·NIST-800-171-3.3.1
10161 ······-·NIST-800-171-3.4.310161 ······-·NIST-800-171-3.4.3
10162 ······-·NIST-800-53-AC-6(9)10162 ······-·NIST-800-53-AC-6(9)
10163 ······-·NIST-800-53-CM-6(a)10163 ······-·NIST-800-53-CM-6(a)
Offset 10191, 16 lines modifiedOffset 10191, 16 lines modified
10191 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/10191 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
10192 ······find:10192 ······find:
10193 ········paths:·/etc/audit/rules.d10193 ········paths:·/etc/audit/rules.d
10194 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+10194 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
10195 ········patterns:·'*.rules'10195 ········patterns:·'*.rules'
10196 ······register:·find_existing_watch_rules_d10196 ······register:·find_existing_watch_rules_d
10197 ······when:10197 ······when:
10198 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
10199 ······-·'"audit"·in·ansible_facts.packages'10198 ······-·'"audit"·in·ansible_facts.packages'
 10199 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
10200 ······tags:10200 ······tags:
10201 ······-·CCE-27168-410201 ······-·CCE-27168-4
10202 ······-·CJIS-5.4.1.110202 ······-·CJIS-5.4.1.1
10203 ······-·NIST-800-171-3.1.810203 ······-·NIST-800-171-3.1.8
10204 ······-·NIST-800-53-AU-12(c)10204 ······-·NIST-800-53-AU-12(c)
10205 ······-·NIST-800-53-AU-2(d)10205 ······-·NIST-800-53-AU-2(d)
10206 ······-·NIST-800-53-CM-6(a)10206 ······-·NIST-800-53-CM-6(a)
Offset 10215, 16 lines modifiedOffset 10215, 16 lines modified
10215 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy10215 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
10216 ······find:10216 ······find:
10217 ········paths:·/etc/audit/rules.d10217 ········paths:·/etc/audit/rules.d
10218 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$10218 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
10219 ········patterns:·'*.rules'10219 ········patterns:·'*.rules'
10220 ······register:·find_watch_key10220 ······register:·find_watch_key
10221 ······when:10221 ······when:
10222 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
10223 ······-·'"audit"·in·ansible_facts.packages'10222 ······-·'"audit"·in·ansible_facts.packages'
 10223 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
10224 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched10224 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
10225 ········==·010225 ········==·0
10226 ······tags:10226 ······tags:
10227 ······-·CCE-27168-410227 ······-·CCE-27168-4
10228 ······-·CJIS-5.4.1.110228 ······-·CJIS-5.4.1.1
10229 ······-·NIST-800-171-3.1.810229 ······-·NIST-800-171-3.1.8
10230 ······-·NIST-800-53-AU-12(c)10230 ······-·NIST-800-53-AU-12(c)
Offset 10239, 16 lines modifiedOffset 10239, 16 lines modified
10239 ······-·restrict_strategy10239 ······-·restrict_strategy
  
10240 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule10240 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
10241 ······set_fact:10241 ······set_fact:
10242 ········all_files:10242 ········all_files:
10243 ········-·/etc/audit/rules.d/MAC-policy.rules10243 ········-·/etc/audit/rules.d/MAC-policy.rules
10244 ······when:10244 ······when:
10245 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
10246 ······-·'"audit"·in·ansible_facts.packages'10245 ······-·'"audit"·in·ansible_facts.packages'
 10246 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
10247 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched10247 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
10248 ········is·defined·and·find_existing_watch_rules_d.matched·==·010248 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
10249 ······tags:10249 ······tags:
10250 ······-·CCE-27168-410250 ······-·CCE-27168-4
10251 ······-·CJIS-5.4.1.110251 ······-·CJIS-5.4.1.1
10252 ······-·NIST-800-171-3.1.810252 ······-·NIST-800-171-3.1.8
10253 ······-·NIST-800-53-AU-12(c)10253 ······-·NIST-800-53-AU-12(c)
Offset 10263, 16 lines modifiedOffset 10263, 16 lines modified
10263 ······-·restrict_strategy10263 ······-·restrict_strategy
  
10264 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule10264 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
10265 ······set_fact:10265 ······set_fact:
10266 ········all_files:10266 ········all_files:
10267 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'10267 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
10268 ······when:10268 ······when:
10269 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
10270 ······-·'"audit"·in·ansible_facts.packages'10269 ······-·'"audit"·in·ansible_facts.packages'
 10270 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
10271 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched10271 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
10272 ········is·defined·and·find_existing_watch_rules_d.matched·==·010272 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
10273 ······tags:10273 ······tags:
10274 ······-·CCE-27168-410274 ······-·CCE-27168-4
10275 ······-·CJIS-5.4.1.110275 ······-·CJIS-5.4.1.1
10276 ······-·NIST-800-171-3.1.810276 ······-·NIST-800-171-3.1.8
10277 ······-·NIST-800-53-AU-12(c)10277 ······-·NIST-800-53-AU-12(c)
Offset 10289, 16 lines modifiedOffset 10289, 16 lines modified
10289 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/10289 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
Max diff block lines reached; 200789/205788 bytes (97.57%) of diff not shown.
788 B
./usr/share/scap-security-guide/ansible/rhel7-playbook-ospp.yml
Ordering differences only
    
Offset 4674, 16 lines modifiedOffset 4674, 16 lines modified
4674 ······lineinfile:4674 ······lineinfile:
4675 ········dest:·/etc/audit/auditd.conf4675 ········dest:·/etc/audit/auditd.conf
4676 ········regexp:·^\s*flush\s*=\s*.*$4676 ········regexp:·^\s*flush\s*=\s*.*$
4677 ········line:·flush·=·{{·var_auditd_flush·}}4677 ········line:·flush·=·{{·var_auditd_flush·}}
4678 ········state:·present4678 ········state:·present
4679 ········create:·true4679 ········create:·true
4680 ······when:4680 ······when:
4681 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4682 ······-·'"audit"·in·ansible_facts.packages'4681 ······-·'"audit"·in·ansible_facts.packages'
 4682 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4683 ······tags:4683 ······tags:
4684 ······-·CCE-27331-84684 ······-·CCE-27331-8
4685 ······-·NIST-800-171-3.3.14685 ······-·NIST-800-171-3.3.1
4686 ······-·NIST-800-53-AU-114686 ······-·NIST-800-53-AU-11
4687 ······-·NIST-800-53-CM-6(a)4687 ······-·NIST-800-53-CM-6(a)
4688 ······-·auditd_data_retention_flush4688 ······-·auditd_data_retention_flush
4689 ······-·low_complexity4689 ······-·low_complexity
108 KB
./usr/share/scap-security-guide/ansible/rhel7-playbook-pci-dss.yml
Ordering differences only
    
Offset 4601, 16 lines modifiedOffset 4601, 16 lines modified
  
4601 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension4601 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
4602 ······find:4602 ······find:
4603 ········paths:·/etc/audit/rules.d/4603 ········paths:·/etc/audit/rules.d/
4604 ········patterns:·'*.rules'4604 ········patterns:·'*.rules'
4605 ······register:·find_rules_d4605 ······register:·find_rules_d
4606 ······when:4606 ······when:
4607 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4608 ······-·'"audit"·in·ansible_facts.packages'4607 ······-·'"audit"·in·ansible_facts.packages'
 4608 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4609 ······tags:4609 ······tags:
4610 ······-·CCE-27097-54610 ······-·CCE-27097-5
4611 ······-·CJIS-5.4.1.14611 ······-·CJIS-5.4.1.1
4612 ······-·NIST-800-171-3.3.14612 ······-·NIST-800-171-3.3.1
4613 ······-·NIST-800-171-3.4.34613 ······-·NIST-800-171-3.4.3
4614 ······-·NIST-800-53-AC-6(9)4614 ······-·NIST-800-53-AC-6(9)
4615 ······-·NIST-800-53-CM-6(a)4615 ······-·NIST-800-53-CM-6(a)
Offset 4626, 16 lines modifiedOffset 4626, 16 lines modified
4626 ······lineinfile:4626 ······lineinfile:
4627 ········path:·'{{·item·}}'4627 ········path:·'{{·item·}}'
4628 ········regexp:·^\s*(?:-e)\s+.*$4628 ········regexp:·^\s*(?:-e)\s+.*$
4629 ········state:·absent4629 ········state:·absent
4630 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']4630 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
4631 ········}}'4631 ········}}'
4632 ······when:4632 ······when:
4633 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4634 ······-·'"audit"·in·ansible_facts.packages'4633 ······-·'"audit"·in·ansible_facts.packages'
 4634 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4635 ······tags:4635 ······tags:
4636 ······-·CCE-27097-54636 ······-·CCE-27097-5
4637 ······-·CJIS-5.4.1.14637 ······-·CJIS-5.4.1.1
4638 ······-·NIST-800-171-3.3.14638 ······-·NIST-800-171-3.3.1
4639 ······-·NIST-800-171-3.4.34639 ······-·NIST-800-171-3.4.3
4640 ······-·NIST-800-53-AC-6(9)4640 ······-·NIST-800-53-AC-6(9)
4641 ······-·NIST-800-53-CM-6(a)4641 ······-·NIST-800-53-CM-6(a)
Offset 4653, 16 lines modifiedOffset 4653, 16 lines modified
4653 ········create:·true4653 ········create:·true
4654 ········line:·-e·24654 ········line:·-e·2
4655 ········mode:·o-rwx4655 ········mode:·o-rwx
4656 ······loop:4656 ······loop:
4657 ······-·/etc/audit/audit.rules4657 ······-·/etc/audit/audit.rules
4658 ······-·/etc/audit/rules.d/immutable.rules4658 ······-·/etc/audit/rules.d/immutable.rules
4659 ······when:4659 ······when:
4660 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4661 ······-·'"audit"·in·ansible_facts.packages'4660 ······-·'"audit"·in·ansible_facts.packages'
 4661 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4662 ······tags:4662 ······tags:
4663 ······-·CCE-27097-54663 ······-·CCE-27097-5
4664 ······-·CJIS-5.4.1.14664 ······-·CJIS-5.4.1.1
4665 ······-·NIST-800-171-3.3.14665 ······-·NIST-800-171-3.3.1
4666 ······-·NIST-800-171-3.4.34666 ······-·NIST-800-171-3.4.3
4667 ······-·NIST-800-53-AC-6(9)4667 ······-·NIST-800-53-AC-6(9)
4668 ······-·NIST-800-53-CM-6(a)4668 ······-·NIST-800-53-CM-6(a)
Offset 4696, 16 lines modifiedOffset 4696, 16 lines modified
4696 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/4696 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
4697 ······find:4697 ······find:
4698 ········paths:·/etc/audit/rules.d4698 ········paths:·/etc/audit/rules.d
4699 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+4699 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
4700 ········patterns:·'*.rules'4700 ········patterns:·'*.rules'
4701 ······register:·find_existing_watch_rules_d4701 ······register:·find_existing_watch_rules_d
4702 ······when:4702 ······when:
4703 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4704 ······-·'"audit"·in·ansible_facts.packages'4703 ······-·'"audit"·in·ansible_facts.packages'
 4704 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4705 ······tags:4705 ······tags:
4706 ······-·CCE-27168-44706 ······-·CCE-27168-4
4707 ······-·CJIS-5.4.1.14707 ······-·CJIS-5.4.1.1
4708 ······-·NIST-800-171-3.1.84708 ······-·NIST-800-171-3.1.8
4709 ······-·NIST-800-53-AU-12(c)4709 ······-·NIST-800-53-AU-12(c)
4710 ······-·NIST-800-53-AU-2(d)4710 ······-·NIST-800-53-AU-2(d)
4711 ······-·NIST-800-53-CM-6(a)4711 ······-·NIST-800-53-CM-6(a)
Offset 4720, 16 lines modifiedOffset 4720, 16 lines modified
4720 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy4720 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
4721 ······find:4721 ······find:
4722 ········paths:·/etc/audit/rules.d4722 ········paths:·/etc/audit/rules.d
4723 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$4723 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
4724 ········patterns:·'*.rules'4724 ········patterns:·'*.rules'
4725 ······register:·find_watch_key4725 ······register:·find_watch_key
4726 ······when:4726 ······when:
4727 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4728 ······-·'"audit"·in·ansible_facts.packages'4727 ······-·'"audit"·in·ansible_facts.packages'
 4728 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4729 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched4729 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
4730 ········==·04730 ········==·0
4731 ······tags:4731 ······tags:
4732 ······-·CCE-27168-44732 ······-·CCE-27168-4
4733 ······-·CJIS-5.4.1.14733 ······-·CJIS-5.4.1.1
4734 ······-·NIST-800-171-3.1.84734 ······-·NIST-800-171-3.1.8
4735 ······-·NIST-800-53-AU-12(c)4735 ······-·NIST-800-53-AU-12(c)
Offset 4744, 16 lines modifiedOffset 4744, 16 lines modified
4744 ······-·restrict_strategy4744 ······-·restrict_strategy
  
4745 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule4745 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
4746 ······set_fact:4746 ······set_fact:
4747 ········all_files:4747 ········all_files:
4748 ········-·/etc/audit/rules.d/MAC-policy.rules4748 ········-·/etc/audit/rules.d/MAC-policy.rules
4749 ······when:4749 ······when:
4750 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4751 ······-·'"audit"·in·ansible_facts.packages'4750 ······-·'"audit"·in·ansible_facts.packages'
 4751 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4752 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched4752 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
4753 ········is·defined·and·find_existing_watch_rules_d.matched·==·04753 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
4754 ······tags:4754 ······tags:
4755 ······-·CCE-27168-44755 ······-·CCE-27168-4
4756 ······-·CJIS-5.4.1.14756 ······-·CJIS-5.4.1.1
4757 ······-·NIST-800-171-3.1.84757 ······-·NIST-800-171-3.1.8
4758 ······-·NIST-800-53-AU-12(c)4758 ······-·NIST-800-53-AU-12(c)
Offset 4768, 16 lines modifiedOffset 4768, 16 lines modified
4768 ······-·restrict_strategy4768 ······-·restrict_strategy
  
4769 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule4769 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
4770 ······set_fact:4770 ······set_fact:
4771 ········all_files:4771 ········all_files:
4772 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'4772 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
4773 ······when:4773 ······when:
4774 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4775 ······-·'"audit"·in·ansible_facts.packages'4774 ······-·'"audit"·in·ansible_facts.packages'
 4775 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4776 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched4776 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
4777 ········is·defined·and·find_existing_watch_rules_d.matched·==·04777 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
4778 ······tags:4778 ······tags:
4779 ······-·CCE-27168-44779 ······-·CCE-27168-4
4780 ······-·CJIS-5.4.1.14780 ······-·CJIS-5.4.1.1
4781 ······-·NIST-800-171-3.1.84781 ······-·NIST-800-171-3.1.8
4782 ······-·NIST-800-53-AU-12(c)4782 ······-·NIST-800-53-AU-12(c)
Offset 4794, 16 lines modifiedOffset 4794, 16 lines modified
4794 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/4794 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
Max diff block lines reached; 105371/110354 bytes (95.48%) of diff not shown.
207 KB
./usr/share/scap-security-guide/ansible/rhel7-playbook-rhelh-stig.yml
Ordering differences only
    
Offset 8342, 16 lines modifiedOffset 8342, 16 lines modified
  
8342 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension8342 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
8343 ······find:8343 ······find:
8344 ········paths:·/etc/audit/rules.d/8344 ········paths:·/etc/audit/rules.d/
8345 ········patterns:·'*.rules'8345 ········patterns:·'*.rules'
8346 ······register:·find_rules_d8346 ······register:·find_rules_d
8347 ······when:8347 ······when:
8348 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
8349 ······-·'"audit"·in·ansible_facts.packages'8348 ······-·'"audit"·in·ansible_facts.packages'
 8349 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8350 ······tags:8350 ······tags:
8351 ······-·CCE-27097-58351 ······-·CCE-27097-5
8352 ······-·CJIS-5.4.1.18352 ······-·CJIS-5.4.1.1
8353 ······-·NIST-800-171-3.3.18353 ······-·NIST-800-171-3.3.1
8354 ······-·NIST-800-171-3.4.38354 ······-·NIST-800-171-3.4.3
8355 ······-·NIST-800-53-AC-6(9)8355 ······-·NIST-800-53-AC-6(9)
8356 ······-·NIST-800-53-CM-6(a)8356 ······-·NIST-800-53-CM-6(a)
Offset 8367, 16 lines modifiedOffset 8367, 16 lines modified
8367 ······lineinfile:8367 ······lineinfile:
8368 ········path:·'{{·item·}}'8368 ········path:·'{{·item·}}'
8369 ········regexp:·^\s*(?:-e)\s+.*$8369 ········regexp:·^\s*(?:-e)\s+.*$
8370 ········state:·absent8370 ········state:·absent
8371 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']8371 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
8372 ········}}'8372 ········}}'
8373 ······when:8373 ······when:
8374 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
8375 ······-·'"audit"·in·ansible_facts.packages'8374 ······-·'"audit"·in·ansible_facts.packages'
 8375 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8376 ······tags:8376 ······tags:
8377 ······-·CCE-27097-58377 ······-·CCE-27097-5
8378 ······-·CJIS-5.4.1.18378 ······-·CJIS-5.4.1.1
8379 ······-·NIST-800-171-3.3.18379 ······-·NIST-800-171-3.3.1
8380 ······-·NIST-800-171-3.4.38380 ······-·NIST-800-171-3.4.3
8381 ······-·NIST-800-53-AC-6(9)8381 ······-·NIST-800-53-AC-6(9)
8382 ······-·NIST-800-53-CM-6(a)8382 ······-·NIST-800-53-CM-6(a)
Offset 8394, 16 lines modifiedOffset 8394, 16 lines modified
8394 ········create:·true8394 ········create:·true
8395 ········line:·-e·28395 ········line:·-e·2
8396 ········mode:·o-rwx8396 ········mode:·o-rwx
8397 ······loop:8397 ······loop:
8398 ······-·/etc/audit/audit.rules8398 ······-·/etc/audit/audit.rules
8399 ······-·/etc/audit/rules.d/immutable.rules8399 ······-·/etc/audit/rules.d/immutable.rules
8400 ······when:8400 ······when:
8401 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
8402 ······-·'"audit"·in·ansible_facts.packages'8401 ······-·'"audit"·in·ansible_facts.packages'
 8402 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8403 ······tags:8403 ······tags:
8404 ······-·CCE-27097-58404 ······-·CCE-27097-5
8405 ······-·CJIS-5.4.1.18405 ······-·CJIS-5.4.1.1
8406 ······-·NIST-800-171-3.3.18406 ······-·NIST-800-171-3.3.1
8407 ······-·NIST-800-171-3.4.38407 ······-·NIST-800-171-3.4.3
8408 ······-·NIST-800-53-AC-6(9)8408 ······-·NIST-800-53-AC-6(9)
8409 ······-·NIST-800-53-CM-6(a)8409 ······-·NIST-800-53-CM-6(a)
Offset 8437, 16 lines modifiedOffset 8437, 16 lines modified
8437 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/8437 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
8438 ······find:8438 ······find:
8439 ········paths:·/etc/audit/rules.d8439 ········paths:·/etc/audit/rules.d
8440 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+8440 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
8441 ········patterns:·'*.rules'8441 ········patterns:·'*.rules'
8442 ······register:·find_existing_watch_rules_d8442 ······register:·find_existing_watch_rules_d
8443 ······when:8443 ······when:
8444 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
8445 ······-·'"audit"·in·ansible_facts.packages'8444 ······-·'"audit"·in·ansible_facts.packages'
 8445 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8446 ······tags:8446 ······tags:
8447 ······-·CCE-27168-48447 ······-·CCE-27168-4
8448 ······-·CJIS-5.4.1.18448 ······-·CJIS-5.4.1.1
8449 ······-·NIST-800-171-3.1.88449 ······-·NIST-800-171-3.1.8
8450 ······-·NIST-800-53-AU-12(c)8450 ······-·NIST-800-53-AU-12(c)
8451 ······-·NIST-800-53-AU-2(d)8451 ······-·NIST-800-53-AU-2(d)
8452 ······-·NIST-800-53-CM-6(a)8452 ······-·NIST-800-53-CM-6(a)
Offset 8461, 16 lines modifiedOffset 8461, 16 lines modified
8461 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy8461 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
8462 ······find:8462 ······find:
8463 ········paths:·/etc/audit/rules.d8463 ········paths:·/etc/audit/rules.d
8464 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$8464 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
8465 ········patterns:·'*.rules'8465 ········patterns:·'*.rules'
8466 ······register:·find_watch_key8466 ······register:·find_watch_key
8467 ······when:8467 ······when:
8468 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
8469 ······-·'"audit"·in·ansible_facts.packages'8468 ······-·'"audit"·in·ansible_facts.packages'
 8469 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8470 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched8470 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
8471 ········==·08471 ········==·0
8472 ······tags:8472 ······tags:
8473 ······-·CCE-27168-48473 ······-·CCE-27168-4
8474 ······-·CJIS-5.4.1.18474 ······-·CJIS-5.4.1.1
8475 ······-·NIST-800-171-3.1.88475 ······-·NIST-800-171-3.1.8
8476 ······-·NIST-800-53-AU-12(c)8476 ······-·NIST-800-53-AU-12(c)
Offset 8485, 16 lines modifiedOffset 8485, 16 lines modified
8485 ······-·restrict_strategy8485 ······-·restrict_strategy
  
8486 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule8486 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
8487 ······set_fact:8487 ······set_fact:
8488 ········all_files:8488 ········all_files:
8489 ········-·/etc/audit/rules.d/MAC-policy.rules8489 ········-·/etc/audit/rules.d/MAC-policy.rules
8490 ······when:8490 ······when:
8491 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
8492 ······-·'"audit"·in·ansible_facts.packages'8491 ······-·'"audit"·in·ansible_facts.packages'
 8492 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8493 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched8493 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
8494 ········is·defined·and·find_existing_watch_rules_d.matched·==·08494 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
8495 ······tags:8495 ······tags:
8496 ······-·CCE-27168-48496 ······-·CCE-27168-4
8497 ······-·CJIS-5.4.1.18497 ······-·CJIS-5.4.1.1
8498 ······-·NIST-800-171-3.1.88498 ······-·NIST-800-171-3.1.8
8499 ······-·NIST-800-53-AU-12(c)8499 ······-·NIST-800-53-AU-12(c)
Offset 8509, 16 lines modifiedOffset 8509, 16 lines modified
8509 ······-·restrict_strategy8509 ······-·restrict_strategy
  
8510 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule8510 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
8511 ······set_fact:8511 ······set_fact:
8512 ········all_files:8512 ········all_files:
8513 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'8513 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
8514 ······when:8514 ······when:
8515 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
8516 ······-·'"audit"·in·ansible_facts.packages'8515 ······-·'"audit"·in·ansible_facts.packages'
 8516 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8517 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched8517 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
8518 ········is·defined·and·find_existing_watch_rules_d.matched·==·08518 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
8519 ······tags:8519 ······tags:
8520 ······-·CCE-27168-48520 ······-·CCE-27168-4
8521 ······-·CJIS-5.4.1.18521 ······-·CJIS-5.4.1.1
8522 ······-·NIST-800-171-3.1.88522 ······-·NIST-800-171-3.1.8
8523 ······-·NIST-800-53-AU-12(c)8523 ······-·NIST-800-53-AU-12(c)
Offset 8535, 16 lines modifiedOffset 8535, 16 lines modified
8535 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/8535 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
Max diff block lines reached; 207000/211983 bytes (97.65%) of diff not shown.
138 KB
./usr/share/scap-security-guide/ansible/rhel7-playbook-rhelh-vpp.yml
Ordering differences only
    
Offset 6052, 16 lines modifiedOffset 6052, 16 lines modified
6052 ······-·reboot_required6052 ······-·reboot_required
6053 ······-·restrict_strategy6053 ······-·restrict_strategy
  
6054 ····-·name:·Set·architecture·for·audit·mount·tasks6054 ····-·name:·Set·architecture·for·audit·mount·tasks
6055 ······set_fact:6055 ······set_fact:
6056 ········audit_arch:·b646056 ········audit_arch:·b64
6057 ······when:6057 ······when:
6058 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
6059 ······-·'"audit"·in·ansible_facts.packages'6058 ······-·'"audit"·in·ansible_facts.packages'
 6059 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6060 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture6060 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
6061 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"6061 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
6062 ······tags:6062 ······tags:
6063 ······-·CCE-27447-26063 ······-·CCE-27447-2
6064 ······-·CJIS-5.4.1.16064 ······-·CJIS-5.4.1.1
6065 ······-·DISA-STIG-RHEL-07-0307406065 ······-·DISA-STIG-RHEL-07-030740
6066 ······-·NIST-800-171-3.1.76066 ······-·NIST-800-171-3.1.7
Offset 6194, 16 lines modifiedOffset 6194, 16 lines modified
6194 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10006194 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
6195 ············-F·auid!=unset·-F·key=perm_mod6195 ············-F·auid!=unset·-F·key=perm_mod
6196 ··········create:·true6196 ··········create:·true
6197 ··········mode:·o-rwx6197 ··········mode:·o-rwx
6198 ··········state:·present6198 ··········state:·present
6199 ········when:·syscalls_found·|·length·==·06199 ········when:·syscalls_found·|·length·==·0
6200 ······when:6200 ······when:
6201 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
6202 ······-·'"audit"·in·ansible_facts.packages'6201 ······-·'"audit"·in·ansible_facts.packages'
 6202 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6203 ······tags:6203 ······tags:
6204 ······-·CCE-27447-26204 ······-·CCE-27447-2
6205 ······-·CJIS-5.4.1.16205 ······-·CJIS-5.4.1.1
6206 ······-·DISA-STIG-RHEL-07-0307406206 ······-·DISA-STIG-RHEL-07-030740
6207 ······-·NIST-800-171-3.1.76207 ······-·NIST-800-171-3.1.7
6208 ······-·NIST-800-53-AC-6(9)6208 ······-·NIST-800-53-AC-6(9)
6209 ······-·NIST-800-53-AU-12(c)6209 ······-·NIST-800-53-AU-12(c)
Offset 6334, 16 lines modifiedOffset 6334, 16 lines modified
6334 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10006334 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
6335 ············-F·auid!=unset·-F·key=perm_mod6335 ············-F·auid!=unset·-F·key=perm_mod
6336 ··········create:·true6336 ··········create:·true
6337 ··········mode:·o-rwx6337 ··········mode:·o-rwx
6338 ··········state:·present6338 ··········state:·present
6339 ········when:·syscalls_found·|·length·==·06339 ········when:·syscalls_found·|·length·==·0
6340 ······when:6340 ······when:
6341 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
6342 ······-·'"audit"·in·ansible_facts.packages'6341 ······-·'"audit"·in·ansible_facts.packages'
 6342 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6343 ······-·audit_arch·==·"b64"6343 ······-·audit_arch·==·"b64"
6344 ······tags:6344 ······tags:
6345 ······-·CCE-27447-26345 ······-·CCE-27447-2
6346 ······-·CJIS-5.4.1.16346 ······-·CJIS-5.4.1.1
6347 ······-·DISA-STIG-RHEL-07-0307406347 ······-·DISA-STIG-RHEL-07-030740
6348 ······-·NIST-800-171-3.1.76348 ······-·NIST-800-171-3.1.7
6349 ······-·NIST-800-53-AC-6(9)6349 ······-·NIST-800-53-AC-6(9)
Offset 6384, 16 lines modifiedOffset 6384, 16 lines modified
6384 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/6384 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
6385 ······find:6385 ······find:
6386 ········paths:·/etc/audit/rules.d6386 ········paths:·/etc/audit/rules.d
6387 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+6387 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
6388 ········patterns:·'*.rules'6388 ········patterns:·'*.rules'
6389 ······register:·find_existing_watch_rules_d6389 ······register:·find_existing_watch_rules_d
6390 ······when:6390 ······when:
6391 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
6392 ······-·'"audit"·in·ansible_facts.packages'6391 ······-·'"audit"·in·ansible_facts.packages'
 6392 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6393 ······tags:6393 ······tags:
6394 ······-·CCE-27461-36394 ······-·CCE-27461-3
6395 ······-·CJIS-5.4.1.16395 ······-·CJIS-5.4.1.1
6396 ······-·DISA-STIG-RHEL-07-0307006396 ······-·DISA-STIG-RHEL-07-030700
6397 ······-·NIST-800-171-3.1.76397 ······-·NIST-800-171-3.1.7
6398 ······-·NIST-800-53-AC-2(7)(b)6398 ······-·NIST-800-53-AC-2(7)(b)
6399 ······-·NIST-800-53-AC-6(9)6399 ······-·NIST-800-53-AC-6(9)
Offset 6412, 16 lines modifiedOffset 6412, 16 lines modified
6412 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions6412 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
6413 ······find:6413 ······find:
6414 ········paths:·/etc/audit/rules.d6414 ········paths:·/etc/audit/rules.d
6415 ········contains:·^.*(?:-F·key=|-k\s+)actions$6415 ········contains:·^.*(?:-F·key=|-k\s+)actions$
6416 ········patterns:·'*.rules'6416 ········patterns:·'*.rules'
6417 ······register:·find_watch_key6417 ······register:·find_watch_key
6418 ······when:6418 ······when:
6419 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
6420 ······-·'"audit"·in·ansible_facts.packages'6419 ······-·'"audit"·in·ansible_facts.packages'
 6420 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6421 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched6421 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
6422 ········==·06422 ········==·0
6423 ······tags:6423 ······tags:
6424 ······-·CCE-27461-36424 ······-·CCE-27461-3
6425 ······-·CJIS-5.4.1.16425 ······-·CJIS-5.4.1.1
6426 ······-·DISA-STIG-RHEL-07-0307006426 ······-·DISA-STIG-RHEL-07-030700
6427 ······-·NIST-800-171-3.1.76427 ······-·NIST-800-171-3.1.7
Offset 6440, 16 lines modifiedOffset 6440, 16 lines modified
6440 ······-·restrict_strategy6440 ······-·restrict_strategy
  
6441 ····-·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule6441 ····-·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule
6442 ······set_fact:6442 ······set_fact:
6443 ········all_files:6443 ········all_files:
6444 ········-·/etc/audit/rules.d/actions.rules6444 ········-·/etc/audit/rules.d/actions.rules
6445 ······when:6445 ······when:
6446 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
6447 ······-·'"audit"·in·ansible_facts.packages'6446 ······-·'"audit"·in·ansible_facts.packages'
 6447 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6448 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched6448 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
6449 ········is·defined·and·find_existing_watch_rules_d.matched·==·06449 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
6450 ······tags:6450 ······tags:
6451 ······-·CCE-27461-36451 ······-·CCE-27461-3
6452 ······-·CJIS-5.4.1.16452 ······-·CJIS-5.4.1.1
6453 ······-·DISA-STIG-RHEL-07-0307006453 ······-·DISA-STIG-RHEL-07-030700
6454 ······-·NIST-800-171-3.1.76454 ······-·NIST-800-171-3.1.7
Offset 6468, 16 lines modifiedOffset 6468, 16 lines modified
6468 ······-·restrict_strategy6468 ······-·restrict_strategy
  
6469 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule6469 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
6470 ······set_fact:6470 ······set_fact:
6471 ········all_files:6471 ········all_files:
6472 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'6472 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
6473 ······when:6473 ······when:
6474 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
6475 ······-·'"audit"·in·ansible_facts.packages'6474 ······-·'"audit"·in·ansible_facts.packages'
 6475 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
6476 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched6476 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
6477 ········is·defined·and·find_existing_watch_rules_d.matched·==·06477 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
6478 ······tags:6478 ······tags:
6479 ······-·CCE-27461-36479 ······-·CCE-27461-3
6480 ······-·CJIS-5.4.1.16480 ······-·CJIS-5.4.1.1
6481 ······-·DISA-STIG-RHEL-07-0307006481 ······-·DISA-STIG-RHEL-07-030700
6482 ······-·NIST-800-171-3.1.76482 ······-·NIST-800-171-3.1.7
Offset 6498, 16 lines modifiedOffset 6498, 16 lines modified
6498 ····-·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/6498 ····-·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/
Max diff block lines reached; 135626/140859 bytes (96.28%) of diff not shown.
4.03 KB
./usr/share/scap-security-guide/ansible/rhel7-playbook-rht-ccp.yml
Ordering differences only
    
Offset 2617, 16 lines modifiedOffset 2617, 16 lines modified
2617 ······-·no_reboot_needed2617 ······-·no_reboot_needed
  
2618 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg2618 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
2619 ······stat:2619 ······stat:
2620 ········path:·/boot/grub2/grub.cfg2620 ········path:·/boot/grub2/grub.cfg
2621 ······register:·file_exists2621 ······register:·file_exists
2622 ······when:2622 ······when:
2623 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2624 ······-·'"grub2-common"·in·ansible_facts.packages'2623 ······-·'"grub2-common"·in·ansible_facts.packages'
 2624 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2625 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2625 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2626 ······tags:2626 ······tags:
2627 ······-·CCE-82023-32627 ······-·CCE-82023-3
2628 ······-·CJIS-5.5.2.22628 ······-·CJIS-5.5.2.2
2629 ······-·NIST-800-171-3.4.52629 ······-·NIST-800-171-3.4.5
2630 ······-·NIST-800-53-AC-6(1)2630 ······-·NIST-800-53-AC-6(1)
2631 ······-·NIST-800-53-CM-6(a)2631 ······-·NIST-800-53-CM-6(a)
Offset 2639, 16 lines modifiedOffset 2639, 16 lines modified
2639 ······-·no_reboot_needed2639 ······-·no_reboot_needed
  
2640 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg2640 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
2641 ······file:2641 ······file:
2642 ········path:·/boot/grub2/grub.cfg2642 ········path:·/boot/grub2/grub.cfg
2643 ········group:·'0'2643 ········group:·'0'
2644 ······when:2644 ······when:
2645 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2646 ······-·'"grub2-common"·in·ansible_facts.packages'2645 ······-·'"grub2-common"·in·ansible_facts.packages'
 2646 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2647 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2647 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2648 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists2648 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
2649 ······tags:2649 ······tags:
2650 ······-·CCE-82023-32650 ······-·CCE-82023-3
2651 ······-·CJIS-5.5.2.22651 ······-·CJIS-5.5.2.2
2652 ······-·NIST-800-171-3.4.52652 ······-·NIST-800-171-3.4.5
2653 ······-·NIST-800-53-AC-6(1)2653 ······-·NIST-800-53-AC-6(1)
Offset 2680, 16 lines modifiedOffset 2680, 16 lines modified
2680 ······-·no_reboot_needed2680 ······-·no_reboot_needed
  
2681 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg2681 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
2682 ······stat:2682 ······stat:
2683 ········path:·/boot/grub2/grub.cfg2683 ········path:·/boot/grub2/grub.cfg
2684 ······register:·file_exists2684 ······register:·file_exists
2685 ······when:2685 ······when:
2686 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2687 ······-·'"grub2-common"·in·ansible_facts.packages'2686 ······-·'"grub2-common"·in·ansible_facts.packages'
 2687 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2688 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2688 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2689 ······tags:2689 ······tags:
2690 ······-·CCE-82026-62690 ······-·CCE-82026-6
2691 ······-·CJIS-5.5.2.22691 ······-·CJIS-5.5.2.2
2692 ······-·NIST-800-171-3.4.52692 ······-·NIST-800-171-3.4.5
2693 ······-·NIST-800-53-AC-6(1)2693 ······-·NIST-800-53-AC-6(1)
2694 ······-·NIST-800-53-CM-6(a)2694 ······-·NIST-800-53-CM-6(a)
Offset 2702, 16 lines modifiedOffset 2702, 16 lines modified
2702 ······-·no_reboot_needed2702 ······-·no_reboot_needed
  
2703 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg2703 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
2704 ······file:2704 ······file:
2705 ········path:·/boot/grub2/grub.cfg2705 ········path:·/boot/grub2/grub.cfg
2706 ········owner:·'0'2706 ········owner:·'0'
2707 ······when:2707 ······when:
2708 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2709 ······-·'"grub2-common"·in·ansible_facts.packages'2708 ······-·'"grub2-common"·in·ansible_facts.packages'
 2709 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2710 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2710 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2711 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists2711 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
2712 ······tags:2712 ······tags:
2713 ······-·CCE-82026-62713 ······-·CCE-82026-6
2714 ······-·CJIS-5.5.2.22714 ······-·CJIS-5.5.2.2
2715 ······-·NIST-800-171-3.4.52715 ······-·NIST-800-171-3.4.5
2716 ······-·NIST-800-53-AC-6(1)2716 ······-·NIST-800-53-AC-6(1)
Offset 2741, 16 lines modifiedOffset 2741, 16 lines modified
2741 ······-·no_reboot_needed2741 ······-·no_reboot_needed
  
2742 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg2742 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
2743 ······stat:2743 ······stat:
2744 ········path:·/boot/grub2/grub.cfg2744 ········path:·/boot/grub2/grub.cfg
2745 ······register:·file_exists2745 ······register:·file_exists
2746 ······when:2746 ······when:
2747 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2748 ······-·'"grub2-common"·in·ansible_facts.packages'2747 ······-·'"grub2-common"·in·ansible_facts.packages'
 2748 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2749 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2749 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2750 ······tags:2750 ······tags:
2751 ······-·CCE-82039-92751 ······-·CCE-82039-9
2752 ······-·NIST-800-171-3.4.52752 ······-·NIST-800-171-3.4.5
2753 ······-·NIST-800-53-AC-6(1)2753 ······-·NIST-800-53-AC-6(1)
2754 ······-·NIST-800-53-CM-6(a)2754 ······-·NIST-800-53-CM-6(a)
2755 ······-·configure_strategy2755 ······-·configure_strategy
Offset 2761, 16 lines modifiedOffset 2761, 16 lines modified
2761 ······-·no_reboot_needed2761 ······-·no_reboot_needed
  
2762 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg2762 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
2763 ······file:2763 ······file:
2764 ········path:·/boot/grub2/grub.cfg2764 ········path:·/boot/grub2/grub.cfg
2765 ········mode:·u-xs,g-xwrs,o-xwrt2765 ········mode:·u-xs,g-xwrs,o-xwrt
2766 ······when:2766 ······when:
2767 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2768 ······-·'"grub2-common"·in·ansible_facts.packages'2767 ······-·'"grub2-common"·in·ansible_facts.packages'
 2768 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2769 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2769 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2770 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists2770 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
2771 ······tags:2771 ······tags:
2772 ······-·CCE-82039-92772 ······-·CCE-82039-9
2773 ······-·NIST-800-171-3.4.52773 ······-·NIST-800-171-3.4.5
2774 ······-·NIST-800-53-AC-6(1)2774 ······-·NIST-800-53-AC-6(1)
2775 ······-·NIST-800-53-CM-6(a)2775 ······-·NIST-800-53-CM-6(a)
84.0 KB
./usr/share/scap-security-guide/ansible/rhel7-playbook-standard.yml
Ordering differences only
    
Offset 668, 16 lines modifiedOffset 668, 16 lines modified
668 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/668 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
669 ······find:669 ······find:
670 ········paths:·/etc/audit/rules.d670 ········paths:·/etc/audit/rules.d
671 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+671 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
672 ········patterns:·'*.rules'672 ········patterns:·'*.rules'
673 ······register:·find_existing_watch_rules_d673 ······register:·find_existing_watch_rules_d
674 ······when:674 ······when:
675 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
676 ······-·'"audit"·in·ansible_facts.packages'675 ······-·'"audit"·in·ansible_facts.packages'
 676 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
677 ······tags:677 ······tags:
678 ······-·CCE-27168-4678 ······-·CCE-27168-4
679 ······-·CJIS-5.4.1.1679 ······-·CJIS-5.4.1.1
680 ······-·NIST-800-171-3.1.8680 ······-·NIST-800-171-3.1.8
681 ······-·NIST-800-53-AU-12(c)681 ······-·NIST-800-53-AU-12(c)
682 ······-·NIST-800-53-AU-2(d)682 ······-·NIST-800-53-AU-2(d)
683 ······-·NIST-800-53-CM-6(a)683 ······-·NIST-800-53-CM-6(a)
Offset 692, 16 lines modifiedOffset 692, 16 lines modified
692 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy692 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
693 ······find:693 ······find:
694 ········paths:·/etc/audit/rules.d694 ········paths:·/etc/audit/rules.d
695 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$695 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
696 ········patterns:·'*.rules'696 ········patterns:·'*.rules'
697 ······register:·find_watch_key697 ······register:·find_watch_key
698 ······when:698 ······when:
699 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
700 ······-·'"audit"·in·ansible_facts.packages'699 ······-·'"audit"·in·ansible_facts.packages'
 700 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
701 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched701 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
702 ········==·0702 ········==·0
703 ······tags:703 ······tags:
704 ······-·CCE-27168-4704 ······-·CCE-27168-4
705 ······-·CJIS-5.4.1.1705 ······-·CJIS-5.4.1.1
706 ······-·NIST-800-171-3.1.8706 ······-·NIST-800-171-3.1.8
707 ······-·NIST-800-53-AU-12(c)707 ······-·NIST-800-53-AU-12(c)
Offset 716, 16 lines modifiedOffset 716, 16 lines modified
716 ······-·restrict_strategy716 ······-·restrict_strategy
  
717 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule717 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
718 ······set_fact:718 ······set_fact:
719 ········all_files:719 ········all_files:
720 ········-·/etc/audit/rules.d/MAC-policy.rules720 ········-·/etc/audit/rules.d/MAC-policy.rules
721 ······when:721 ······when:
722 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
723 ······-·'"audit"·in·ansible_facts.packages'722 ······-·'"audit"·in·ansible_facts.packages'
 723 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
724 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched724 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
725 ········is·defined·and·find_existing_watch_rules_d.matched·==·0725 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
726 ······tags:726 ······tags:
727 ······-·CCE-27168-4727 ······-·CCE-27168-4
728 ······-·CJIS-5.4.1.1728 ······-·CJIS-5.4.1.1
729 ······-·NIST-800-171-3.1.8729 ······-·NIST-800-171-3.1.8
730 ······-·NIST-800-53-AU-12(c)730 ······-·NIST-800-53-AU-12(c)
Offset 740, 16 lines modifiedOffset 740, 16 lines modified
740 ······-·restrict_strategy740 ······-·restrict_strategy
  
741 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule741 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
742 ······set_fact:742 ······set_fact:
743 ········all_files:743 ········all_files:
744 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'744 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
745 ······when:745 ······when:
746 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
747 ······-·'"audit"·in·ansible_facts.packages'746 ······-·'"audit"·in·ansible_facts.packages'
 747 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
748 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched748 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
749 ········is·defined·and·find_existing_watch_rules_d.matched·==·0749 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
750 ······tags:750 ······tags:
751 ······-·CCE-27168-4751 ······-·CCE-27168-4
752 ······-·CJIS-5.4.1.1752 ······-·CJIS-5.4.1.1
753 ······-·NIST-800-171-3.1.8753 ······-·NIST-800-171-3.1.8
754 ······-·NIST-800-53-AU-12(c)754 ······-·NIST-800-53-AU-12(c)
Offset 766, 16 lines modifiedOffset 766, 16 lines modified
766 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/766 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
767 ······lineinfile:767 ······lineinfile:
768 ········path:·'{{·all_files[0]·}}'768 ········path:·'{{·all_files[0]·}}'
769 ········line:·-w·/etc/selinux/·-p·wa·-k·MAC-policy769 ········line:·-w·/etc/selinux/·-p·wa·-k·MAC-policy
770 ········create:·true770 ········create:·true
771 ········mode:·'0640'771 ········mode:·'0640'
772 ······when:772 ······when:
773 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
774 ······-·'"audit"·in·ansible_facts.packages'773 ······-·'"audit"·in·ansible_facts.packages'
 774 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
775 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched775 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
776 ········==·0776 ········==·0
777 ······tags:777 ······tags:
778 ······-·CCE-27168-4778 ······-·CCE-27168-4
779 ······-·CJIS-5.4.1.1779 ······-·CJIS-5.4.1.1
780 ······-·NIST-800-171-3.1.8780 ······-·NIST-800-171-3.1.8
781 ······-·NIST-800-53-AU-12(c)781 ······-·NIST-800-53-AU-12(c)
Offset 792, 16 lines modifiedOffset 792, 16 lines modified
792 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/audit.rules792 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/audit.rules
793 ······find:793 ······find:
794 ········paths:·/etc/audit/794 ········paths:·/etc/audit/
795 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+795 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
796 ········patterns:·audit.rules796 ········patterns:·audit.rules
797 ······register:·find_existing_watch_audit_rules797 ······register:·find_existing_watch_audit_rules
798 ······when:798 ······when:
799 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
800 ······-·'"audit"·in·ansible_facts.packages'799 ······-·'"audit"·in·ansible_facts.packages'
 800 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
801 ······tags:801 ······tags:
802 ······-·CCE-27168-4802 ······-·CCE-27168-4
803 ······-·CJIS-5.4.1.1803 ······-·CJIS-5.4.1.1
804 ······-·NIST-800-171-3.1.8804 ······-·NIST-800-171-3.1.8
805 ······-·NIST-800-53-AU-12(c)805 ······-·NIST-800-53-AU-12(c)
806 ······-·NIST-800-53-AU-2(d)806 ······-·NIST-800-53-AU-2(d)
807 ······-·NIST-800-53-CM-6(a)807 ······-·NIST-800-53-CM-6(a)
Offset 817, 16 lines modifiedOffset 817, 16 lines modified
817 ······lineinfile:817 ······lineinfile:
818 ········line:·-w·/etc/selinux/·-p·wa·-k·MAC-policy818 ········line:·-w·/etc/selinux/·-p·wa·-k·MAC-policy
819 ········state:·present819 ········state:·present
820 ········dest:·/etc/audit/audit.rules820 ········dest:·/etc/audit/audit.rules
821 ········create:·true821 ········create:·true
822 ········mode:·'0640'822 ········mode:·'0640'
823 ······when:823 ······when:
824 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
825 ······-·'"audit"·in·ansible_facts.packages'824 ······-·'"audit"·in·ansible_facts.packages'
 825 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
826 ······-·find_existing_watch_audit_rules.matched·is·defined·and·find_existing_watch_audit_rules.matched826 ······-·find_existing_watch_audit_rules.matched·is·defined·and·find_existing_watch_audit_rules.matched
827 ········==·0827 ········==·0
828 ······tags:828 ······tags:
829 ······-·CCE-27168-4829 ······-·CCE-27168-4
830 ······-·CJIS-5.4.1.1830 ······-·CJIS-5.4.1.1
831 ······-·NIST-800-171-3.1.8831 ······-·NIST-800-171-3.1.8
832 ······-·NIST-800-53-AU-12(c)832 ······-·NIST-800-53-AU-12(c)
Offset 861, 16 lines modifiedOffset 861, 16 lines modified
861 ······-·reboot_required861 ······-·reboot_required
Max diff block lines reached; 80706/85868 bytes (93.99%) of diff not shown.
143 KB
./usr/share/scap-security-guide/ansible/rhel7-playbook-stig.yml
Ordering differences only
    
Offset 9553, 16 lines modifiedOffset 9553, 16 lines modified
9553 ······-·reboot_required9553 ······-·reboot_required
9554 ······-·restrict_strategy9554 ······-·restrict_strategy
  
9555 ····-·name:·Set·architecture·for·audit·mount·tasks9555 ····-·name:·Set·architecture·for·audit·mount·tasks
9556 ······set_fact:9556 ······set_fact:
9557 ········audit_arch:·b649557 ········audit_arch:·b64
9558 ······when:9558 ······when:
9559 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
9560 ······-·'"audit"·in·ansible_facts.packages'9559 ······-·'"audit"·in·ansible_facts.packages'
 9560 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
9561 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture9561 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
9562 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"9562 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
9563 ······tags:9563 ······tags:
9564 ······-·CCE-27447-29564 ······-·CCE-27447-2
9565 ······-·CJIS-5.4.1.19565 ······-·CJIS-5.4.1.1
9566 ······-·DISA-STIG-RHEL-07-0307409566 ······-·DISA-STIG-RHEL-07-030740
9567 ······-·NIST-800-171-3.1.79567 ······-·NIST-800-171-3.1.7
Offset 9695, 16 lines modifiedOffset 9695, 16 lines modified
9695 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10009695 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
9696 ············-F·auid!=unset·-F·key=perm_mod9696 ············-F·auid!=unset·-F·key=perm_mod
9697 ··········create:·true9697 ··········create:·true
9698 ··········mode:·o-rwx9698 ··········mode:·o-rwx
9699 ··········state:·present9699 ··········state:·present
9700 ········when:·syscalls_found·|·length·==·09700 ········when:·syscalls_found·|·length·==·0
9701 ······when:9701 ······when:
9702 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
9703 ······-·'"audit"·in·ansible_facts.packages'9702 ······-·'"audit"·in·ansible_facts.packages'
 9703 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
9704 ······tags:9704 ······tags:
9705 ······-·CCE-27447-29705 ······-·CCE-27447-2
9706 ······-·CJIS-5.4.1.19706 ······-·CJIS-5.4.1.1
9707 ······-·DISA-STIG-RHEL-07-0307409707 ······-·DISA-STIG-RHEL-07-030740
9708 ······-·NIST-800-171-3.1.79708 ······-·NIST-800-171-3.1.7
9709 ······-·NIST-800-53-AC-6(9)9709 ······-·NIST-800-53-AC-6(9)
9710 ······-·NIST-800-53-AU-12(c)9710 ······-·NIST-800-53-AU-12(c)
Offset 9835, 16 lines modifiedOffset 9835, 16 lines modified
9835 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10009835 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
9836 ············-F·auid!=unset·-F·key=perm_mod9836 ············-F·auid!=unset·-F·key=perm_mod
9837 ··········create:·true9837 ··········create:·true
9838 ··········mode:·o-rwx9838 ··········mode:·o-rwx
9839 ··········state:·present9839 ··········state:·present
9840 ········when:·syscalls_found·|·length·==·09840 ········when:·syscalls_found·|·length·==·0
9841 ······when:9841 ······when:
9842 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
9843 ······-·'"audit"·in·ansible_facts.packages'9842 ······-·'"audit"·in·ansible_facts.packages'
 9843 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
9844 ······-·audit_arch·==·"b64"9844 ······-·audit_arch·==·"b64"
9845 ······tags:9845 ······tags:
9846 ······-·CCE-27447-29846 ······-·CCE-27447-2
9847 ······-·CJIS-5.4.1.19847 ······-·CJIS-5.4.1.1
9848 ······-·DISA-STIG-RHEL-07-0307409848 ······-·DISA-STIG-RHEL-07-030740
9849 ······-·NIST-800-171-3.1.79849 ······-·NIST-800-171-3.1.7
9850 ······-·NIST-800-53-AC-6(9)9850 ······-·NIST-800-53-AC-6(9)
Offset 9878, 16 lines modifiedOffset 9878, 16 lines modified
9878 ······-·medium_severity9878 ······-·medium_severity
9879 ······-·no_reboot_needed9879 ······-·no_reboot_needed
9880 ······-·restrict_strategy9880 ······-·restrict_strategy
  
9881 ····-·name:·Service·facts9881 ····-·name:·Service·facts
9882 ······service_facts:·null9882 ······service_facts:·null
9883 ······when:9883 ······when:
9884 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
9885 ······-·'"audit"·in·ansible_facts.packages'9884 ······-·'"audit"·in·ansible_facts.packages'
 9885 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
9886 ······tags:9886 ······tags:
9887 ······-·CCE-83555-39887 ······-·CCE-83555-3
9888 ······-·DISA-STIG-RHEL-07-0303609888 ······-·DISA-STIG-RHEL-07-030360
9889 ······-·NIST-800-53-AC-6(9)9889 ······-·NIST-800-53-AC-6(9)
9890 ······-·NIST-800-53-AU-12(3)9890 ······-·NIST-800-53-AU-12(3)
9891 ······-·NIST-800-53-AU-7(a)9891 ······-·NIST-800-53-AU-7(a)
9892 ······-·NIST-800-53-AU-7(b)9892 ······-·NIST-800-53-AU-7(b)
Offset 9900, 16 lines modifiedOffset 9900, 16 lines modified
9900 ······-·no_reboot_needed9900 ······-·no_reboot_needed
9901 ······-·restrict_strategy9901 ······-·restrict_strategy
  
9902 ····-·name:·Check·the·rules·script·being·used9902 ····-·name:·Check·the·rules·script·being·used
9903 ······command:·grep·'^ExecStartPost'·/usr/lib/systemd/system/auditd.service9903 ······command:·grep·'^ExecStartPost'·/usr/lib/systemd/system/auditd.service
9904 ······register:·check_rules_scripts_result9904 ······register:·check_rules_scripts_result
9905 ······when:9905 ······when:
9906 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
9907 ······-·'"audit"·in·ansible_facts.packages'9906 ······-·'"audit"·in·ansible_facts.packages'
 9907 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
9908 ······tags:9908 ······tags:
9909 ······-·CCE-83555-39909 ······-·CCE-83555-3
9910 ······-·DISA-STIG-RHEL-07-0303609910 ······-·DISA-STIG-RHEL-07-030360
9911 ······-·NIST-800-53-AC-6(9)9911 ······-·NIST-800-53-AC-6(9)
9912 ······-·NIST-800-53-AU-12(3)9912 ······-·NIST-800-53-AU-12(3)
9913 ······-·NIST-800-53-AU-7(a)9913 ······-·NIST-800-53-AU-7(a)
9914 ······-·NIST-800-53-AU-7(b)9914 ······-·NIST-800-53-AU-7(b)
Offset 9926, 16 lines modifiedOffset 9926, 16 lines modified
9926 ······set_fact:9926 ······set_fact:
9927 ········suid_audit_rules:9927 ········suid_audit_rules:
9928 ········-·-a·always,exit·-F·arch=b32·-S·execve·-C·gid!=egid·-F·egid=0·-k·setgid9928 ········-·-a·always,exit·-F·arch=b32·-S·execve·-C·gid!=egid·-F·egid=0·-k·setgid
9929 ········-·-a·always,exit·-F·arch=b64·-S·execve·-C·gid!=egid·-F·egid=0·-k·setgid9929 ········-·-a·always,exit·-F·arch=b64·-S·execve·-C·gid!=egid·-F·egid=0·-k·setgid
9930 ········-·-a·always,exit·-F·arch=b32·-S·execve·-C·uid!=euid·-F·euid=0·-k·setuid9930 ········-·-a·always,exit·-F·arch=b32·-S·execve·-C·uid!=euid·-F·euid=0·-k·setuid
9931 ········-·-a·always,exit·-F·arch=b64·-S·execve·-C·uid!=euid·-F·euid=0·-k·setuid9931 ········-·-a·always,exit·-F·arch=b64·-S·execve·-C·uid!=euid·-F·euid=0·-k·setuid
9932 ······when:9932 ······when:
9933 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
9934 ······-·'"audit"·in·ansible_facts.packages'9933 ······-·'"audit"·in·ansible_facts.packages'
 9934 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
9935 ······tags:9935 ······tags:
9936 ······-·CCE-83555-39936 ······-·CCE-83555-3
9937 ······-·DISA-STIG-RHEL-07-0303609937 ······-·DISA-STIG-RHEL-07-030360
9938 ······-·NIST-800-53-AC-6(9)9938 ······-·NIST-800-53-AC-6(9)
9939 ······-·NIST-800-53-AU-12(3)9939 ······-·NIST-800-53-AU-12(3)
9940 ······-·NIST-800-53-AU-7(a)9940 ······-·NIST-800-53-AU-7(a)
9941 ······-·NIST-800-53-AU-7(b)9941 ······-·NIST-800-53-AU-7(b)
Offset 9950, 16 lines modifiedOffset 9950, 16 lines modified
  
9950 ····-·name:·Update·/etc/audit/rules.d/privileged.rules·to·audit·privileged·functions9950 ····-·name:·Update·/etc/audit/rules.d/privileged.rules·to·audit·privileged·functions
9951 ······lineinfile:9951 ······lineinfile:
9952 ········path:·/etc/audit/rules.d/privileged.rules9952 ········path:·/etc/audit/rules.d/privileged.rules
9953 ········line:·'{{··item··}}'9953 ········line:·'{{··item··}}'
9954 ········create:·true9954 ········create:·true
9955 ······when:9955 ······when:
9956 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
9957 ······-·'"audit"·in·ansible_facts.packages'9956 ······-·'"audit"·in·ansible_facts.packages'
 9957 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
9958 ······-·'"auditd.service"·in·ansible_facts.services'9958 ······-·'"auditd.service"·in·ansible_facts.services'
9959 ······-·'"augenrules"·in·check_rules_scripts_result.stdout'9959 ······-·'"augenrules"·in·check_rules_scripts_result.stdout'
9960 ······register:·augenrules_audit_rules_privilege_function_update_result9960 ······register:·augenrules_audit_rules_privilege_function_update_result
9961 ······with_items:·'{{·suid_audit_rules·}}'9961 ······with_items:·'{{·suid_audit_rules·}}'
9962 ······tags:9962 ······tags:
9963 ······-·CCE-83555-39963 ······-·CCE-83555-3
9964 ······-·DISA-STIG-RHEL-07-0303609964 ······-·DISA-STIG-RHEL-07-030360
Offset 9978, 16 lines modifiedOffset 9978, 16 lines modified
  
Max diff block lines reached; 140809/145921 bytes (96.50%) of diff not shown.
143 KB
./usr/share/scap-security-guide/ansible/rhel7-playbook-stig_gui.yml
Ordering differences only
    
Offset 9558, 16 lines modifiedOffset 9558, 16 lines modified
9558 ······-·reboot_required9558 ······-·reboot_required
9559 ······-·restrict_strategy9559 ······-·restrict_strategy
  
9560 ····-·name:·Set·architecture·for·audit·mount·tasks9560 ····-·name:·Set·architecture·for·audit·mount·tasks
9561 ······set_fact:9561 ······set_fact:
9562 ········audit_arch:·b649562 ········audit_arch:·b64
9563 ······when:9563 ······when:
9564 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
9565 ······-·'"audit"·in·ansible_facts.packages'9564 ······-·'"audit"·in·ansible_facts.packages'
 9565 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
9566 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture9566 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
9567 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"9567 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
9568 ······tags:9568 ······tags:
9569 ······-·CCE-27447-29569 ······-·CCE-27447-2
9570 ······-·CJIS-5.4.1.19570 ······-·CJIS-5.4.1.1
9571 ······-·DISA-STIG-RHEL-07-0307409571 ······-·DISA-STIG-RHEL-07-030740
9572 ······-·NIST-800-171-3.1.79572 ······-·NIST-800-171-3.1.7
Offset 9700, 16 lines modifiedOffset 9700, 16 lines modified
9700 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10009700 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
9701 ············-F·auid!=unset·-F·key=perm_mod9701 ············-F·auid!=unset·-F·key=perm_mod
9702 ··········create:·true9702 ··········create:·true
9703 ··········mode:·o-rwx9703 ··········mode:·o-rwx
9704 ··········state:·present9704 ··········state:·present
9705 ········when:·syscalls_found·|·length·==·09705 ········when:·syscalls_found·|·length·==·0
9706 ······when:9706 ······when:
9707 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
9708 ······-·'"audit"·in·ansible_facts.packages'9707 ······-·'"audit"·in·ansible_facts.packages'
 9708 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
9709 ······tags:9709 ······tags:
9710 ······-·CCE-27447-29710 ······-·CCE-27447-2
9711 ······-·CJIS-5.4.1.19711 ······-·CJIS-5.4.1.1
9712 ······-·DISA-STIG-RHEL-07-0307409712 ······-·DISA-STIG-RHEL-07-030740
9713 ······-·NIST-800-171-3.1.79713 ······-·NIST-800-171-3.1.7
9714 ······-·NIST-800-53-AC-6(9)9714 ······-·NIST-800-53-AC-6(9)
9715 ······-·NIST-800-53-AU-12(c)9715 ······-·NIST-800-53-AU-12(c)
Offset 9840, 16 lines modifiedOffset 9840, 16 lines modified
9840 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10009840 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
9841 ············-F·auid!=unset·-F·key=perm_mod9841 ············-F·auid!=unset·-F·key=perm_mod
9842 ··········create:·true9842 ··········create:·true
9843 ··········mode:·o-rwx9843 ··········mode:·o-rwx
9844 ··········state:·present9844 ··········state:·present
9845 ········when:·syscalls_found·|·length·==·09845 ········when:·syscalls_found·|·length·==·0
9846 ······when:9846 ······when:
9847 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
9848 ······-·'"audit"·in·ansible_facts.packages'9847 ······-·'"audit"·in·ansible_facts.packages'
 9848 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
9849 ······-·audit_arch·==·"b64"9849 ······-·audit_arch·==·"b64"
9850 ······tags:9850 ······tags:
9851 ······-·CCE-27447-29851 ······-·CCE-27447-2
9852 ······-·CJIS-5.4.1.19852 ······-·CJIS-5.4.1.1
9853 ······-·DISA-STIG-RHEL-07-0307409853 ······-·DISA-STIG-RHEL-07-030740
9854 ······-·NIST-800-171-3.1.79854 ······-·NIST-800-171-3.1.7
9855 ······-·NIST-800-53-AC-6(9)9855 ······-·NIST-800-53-AC-6(9)
Offset 9883, 16 lines modifiedOffset 9883, 16 lines modified
9883 ······-·medium_severity9883 ······-·medium_severity
9884 ······-·no_reboot_needed9884 ······-·no_reboot_needed
9885 ······-·restrict_strategy9885 ······-·restrict_strategy
  
9886 ····-·name:·Service·facts9886 ····-·name:·Service·facts
9887 ······service_facts:·null9887 ······service_facts:·null
9888 ······when:9888 ······when:
9889 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
9890 ······-·'"audit"·in·ansible_facts.packages'9889 ······-·'"audit"·in·ansible_facts.packages'
 9890 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
9891 ······tags:9891 ······tags:
9892 ······-·CCE-83555-39892 ······-·CCE-83555-3
9893 ······-·DISA-STIG-RHEL-07-0303609893 ······-·DISA-STIG-RHEL-07-030360
9894 ······-·NIST-800-53-AC-6(9)9894 ······-·NIST-800-53-AC-6(9)
9895 ······-·NIST-800-53-AU-12(3)9895 ······-·NIST-800-53-AU-12(3)
9896 ······-·NIST-800-53-AU-7(a)9896 ······-·NIST-800-53-AU-7(a)
9897 ······-·NIST-800-53-AU-7(b)9897 ······-·NIST-800-53-AU-7(b)
Offset 9905, 16 lines modifiedOffset 9905, 16 lines modified
9905 ······-·no_reboot_needed9905 ······-·no_reboot_needed
9906 ······-·restrict_strategy9906 ······-·restrict_strategy
  
9907 ····-·name:·Check·the·rules·script·being·used9907 ····-·name:·Check·the·rules·script·being·used
9908 ······command:·grep·'^ExecStartPost'·/usr/lib/systemd/system/auditd.service9908 ······command:·grep·'^ExecStartPost'·/usr/lib/systemd/system/auditd.service
9909 ······register:·check_rules_scripts_result9909 ······register:·check_rules_scripts_result
9910 ······when:9910 ······when:
9911 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
9912 ······-·'"audit"·in·ansible_facts.packages'9911 ······-·'"audit"·in·ansible_facts.packages'
 9912 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
9913 ······tags:9913 ······tags:
9914 ······-·CCE-83555-39914 ······-·CCE-83555-3
9915 ······-·DISA-STIG-RHEL-07-0303609915 ······-·DISA-STIG-RHEL-07-030360
9916 ······-·NIST-800-53-AC-6(9)9916 ······-·NIST-800-53-AC-6(9)
9917 ······-·NIST-800-53-AU-12(3)9917 ······-·NIST-800-53-AU-12(3)
9918 ······-·NIST-800-53-AU-7(a)9918 ······-·NIST-800-53-AU-7(a)
9919 ······-·NIST-800-53-AU-7(b)9919 ······-·NIST-800-53-AU-7(b)
Offset 9931, 16 lines modifiedOffset 9931, 16 lines modified
9931 ······set_fact:9931 ······set_fact:
9932 ········suid_audit_rules:9932 ········suid_audit_rules:
9933 ········-·-a·always,exit·-F·arch=b32·-S·execve·-C·gid!=egid·-F·egid=0·-k·setgid9933 ········-·-a·always,exit·-F·arch=b32·-S·execve·-C·gid!=egid·-F·egid=0·-k·setgid
9934 ········-·-a·always,exit·-F·arch=b64·-S·execve·-C·gid!=egid·-F·egid=0·-k·setgid9934 ········-·-a·always,exit·-F·arch=b64·-S·execve·-C·gid!=egid·-F·egid=0·-k·setgid
9935 ········-·-a·always,exit·-F·arch=b32·-S·execve·-C·uid!=euid·-F·euid=0·-k·setuid9935 ········-·-a·always,exit·-F·arch=b32·-S·execve·-C·uid!=euid·-F·euid=0·-k·setuid
9936 ········-·-a·always,exit·-F·arch=b64·-S·execve·-C·uid!=euid·-F·euid=0·-k·setuid9936 ········-·-a·always,exit·-F·arch=b64·-S·execve·-C·uid!=euid·-F·euid=0·-k·setuid
9937 ······when:9937 ······when:
9938 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
9939 ······-·'"audit"·in·ansible_facts.packages'9938 ······-·'"audit"·in·ansible_facts.packages'
 9939 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
9940 ······tags:9940 ······tags:
9941 ······-·CCE-83555-39941 ······-·CCE-83555-3
9942 ······-·DISA-STIG-RHEL-07-0303609942 ······-·DISA-STIG-RHEL-07-030360
9943 ······-·NIST-800-53-AC-6(9)9943 ······-·NIST-800-53-AC-6(9)
9944 ······-·NIST-800-53-AU-12(3)9944 ······-·NIST-800-53-AU-12(3)
9945 ······-·NIST-800-53-AU-7(a)9945 ······-·NIST-800-53-AU-7(a)
9946 ······-·NIST-800-53-AU-7(b)9946 ······-·NIST-800-53-AU-7(b)
Offset 9955, 16 lines modifiedOffset 9955, 16 lines modified
  
9955 ····-·name:·Update·/etc/audit/rules.d/privileged.rules·to·audit·privileged·functions9955 ····-·name:·Update·/etc/audit/rules.d/privileged.rules·to·audit·privileged·functions
9956 ······lineinfile:9956 ······lineinfile:
9957 ········path:·/etc/audit/rules.d/privileged.rules9957 ········path:·/etc/audit/rules.d/privileged.rules
9958 ········line:·'{{··item··}}'9958 ········line:·'{{··item··}}'
9959 ········create:·true9959 ········create:·true
9960 ······when:9960 ······when:
9961 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
9962 ······-·'"audit"·in·ansible_facts.packages'9961 ······-·'"audit"·in·ansible_facts.packages'
 9962 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
9963 ······-·'"auditd.service"·in·ansible_facts.services'9963 ······-·'"auditd.service"·in·ansible_facts.services'
9964 ······-·'"augenrules"·in·check_rules_scripts_result.stdout'9964 ······-·'"augenrules"·in·check_rules_scripts_result.stdout'
9965 ······register:·augenrules_audit_rules_privilege_function_update_result9965 ······register:·augenrules_audit_rules_privilege_function_update_result
9966 ······with_items:·'{{·suid_audit_rules·}}'9966 ······with_items:·'{{·suid_audit_rules·}}'
9967 ······tags:9967 ······tags:
9968 ······-·CCE-83555-39968 ······-·CCE-83555-3
9969 ······-·DISA-STIG-RHEL-07-0303609969 ······-·DISA-STIG-RHEL-07-030360
Offset 9983, 16 lines modifiedOffset 9983, 16 lines modified
  
Max diff block lines reached; 140809/145921 bytes (96.50%) of diff not shown.
854 B
./usr/share/scap-security-guide/ansible/rhel8-playbook-anssi_bp28_enhanced.yml
Ordering differences only
    
Offset 5746, 16 lines modifiedOffset 5746, 16 lines modified
5746 ··········line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x5746 ··········line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x
5747 ············-F·auid>=1000·-F·auid!=unset·-F·key=privileged5747 ············-F·auid>=1000·-F·auid!=unset·-F·key=privileged
5748 ··········create:·true5748 ··········create:·true
5749 ··········mode:·o-rwx5749 ··········mode:·o-rwx
5750 ··········state:·present5750 ··········state:·present
5751 ········when:·syscalls_found·|·length·==·05751 ········when:·syscalls_found·|·length·==·0
5752 ······when:5752 ······when:
5753 ······-·'"audit"·in·ansible_facts.packages' 
5754 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5753 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5754 ······-·'"audit"·in·ansible_facts.packages'
5755 ······tags:5755 ······tags:
5756 ······-·CCE-80737-05756 ······-·CCE-80737-0
5757 ······-·DISA-STIG-RHEL-08-0305505757 ······-·DISA-STIG-RHEL-08-030550
5758 ······-·NIST-800-171-3.1.75758 ······-·NIST-800-171-3.1.7
5759 ······-·NIST-800-53-AC-6(9)5759 ······-·NIST-800-53-AC-6(9)
5760 ······-·NIST-800-53-AU-12(c)5760 ······-·NIST-800-53-AU-12(c)
5761 ······-·NIST-800-53-AU-2(d)5761 ······-·NIST-800-53-AU-2(d)
846 B
./usr/share/scap-security-guide/ansible/rhel8-playbook-anssi_bp28_high.yml
Ordering differences only
    
Offset 5900, 16 lines modifiedOffset 5900, 16 lines modified
5900 ··········line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x5900 ··········line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x
5901 ············-F·auid>=1000·-F·auid!=unset·-F·key=privileged5901 ············-F·auid>=1000·-F·auid!=unset·-F·key=privileged
5902 ··········create:·true5902 ··········create:·true
5903 ··········mode:·o-rwx5903 ··········mode:·o-rwx
5904 ··········state:·present5904 ··········state:·present
5905 ········when:·syscalls_found·|·length·==·05905 ········when:·syscalls_found·|·length·==·0
5906 ······when:5906 ······when:
5907 ······-·'"audit"·in·ansible_facts.packages' 
5908 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5907 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5908 ······-·'"audit"·in·ansible_facts.packages'
5909 ······tags:5909 ······tags:
5910 ······-·CCE-80737-05910 ······-·CCE-80737-0
5911 ······-·DISA-STIG-RHEL-08-0305505911 ······-·DISA-STIG-RHEL-08-030550
5912 ······-·NIST-800-171-3.1.75912 ······-·NIST-800-171-3.1.7
5913 ······-·NIST-800-53-AC-6(9)5913 ······-·NIST-800-53-AC-6(9)
5914 ······-·NIST-800-53-AU-12(c)5914 ······-·NIST-800-53-AU-12(c)
5915 ······-·NIST-800-53-AU-2(d)5915 ······-·NIST-800-53-AU-2(d)
862 B
./usr/share/scap-security-guide/ansible/rhel8-playbook-anssi_bp28_intermediary.yml
Ordering differences only
    
Offset 5457, 16 lines modifiedOffset 5457, 16 lines modified
5457 ··········line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x5457 ··········line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x
5458 ············-F·auid>=1000·-F·auid!=unset·-F·key=privileged5458 ············-F·auid>=1000·-F·auid!=unset·-F·key=privileged
5459 ··········create:·true5459 ··········create:·true
5460 ··········mode:·o-rwx5460 ··········mode:·o-rwx
5461 ··········state:·present5461 ··········state:·present
5462 ········when:·syscalls_found·|·length·==·05462 ········when:·syscalls_found·|·length·==·0
5463 ······when:5463 ······when:
5464 ······-·'"audit"·in·ansible_facts.packages' 
5465 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5464 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5465 ······-·'"audit"·in·ansible_facts.packages'
5466 ······tags:5466 ······tags:
5467 ······-·CCE-80737-05467 ······-·CCE-80737-0
5468 ······-·DISA-STIG-RHEL-08-0305505468 ······-·DISA-STIG-RHEL-08-030550
5469 ······-·NIST-800-171-3.1.75469 ······-·NIST-800-171-3.1.7
5470 ······-·NIST-800-53-AC-6(9)5470 ······-·NIST-800-53-AC-6(9)
5471 ······-·NIST-800-53-AU-12(c)5471 ······-·NIST-800-53-AU-12(c)
5472 ······-·NIST-800-53-AU-2(d)5472 ······-·NIST-800-53-AU-2(d)
167 KB
./usr/share/scap-security-guide/ansible/rhel8-playbook-cis.yml
Ordering differences only
    
Offset 5653, 16 lines modifiedOffset 5653, 16 lines modified
  
5653 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension5653 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
5654 ······find:5654 ······find:
5655 ········paths:·/etc/audit/rules.d/5655 ········paths:·/etc/audit/rules.d/
5656 ········patterns:·'*.rules'5656 ········patterns:·'*.rules'
5657 ······register:·find_rules_d5657 ······register:·find_rules_d
5658 ······when:5658 ······when:
5659 ······-·'"audit"·in·ansible_facts.packages' 
5660 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5659 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5660 ······-·'"audit"·in·ansible_facts.packages'
5661 ······tags:5661 ······tags:
5662 ······-·CCE-80708-15662 ······-·CCE-80708-1
5663 ······-·CJIS-5.4.1.15663 ······-·CJIS-5.4.1.1
5664 ······-·DISA-STIG-RHEL-08-0301215664 ······-·DISA-STIG-RHEL-08-030121
5665 ······-·NIST-800-171-3.3.15665 ······-·NIST-800-171-3.3.1
5666 ······-·NIST-800-171-3.4.35666 ······-·NIST-800-171-3.4.3
5667 ······-·NIST-800-53-AC-6(9)5667 ······-·NIST-800-53-AC-6(9)
Offset 5679, 16 lines modifiedOffset 5679, 16 lines modified
5679 ······lineinfile:5679 ······lineinfile:
5680 ········path:·'{{·item·}}'5680 ········path:·'{{·item·}}'
5681 ········regexp:·^\s*(?:-e)\s+.*$5681 ········regexp:·^\s*(?:-e)\s+.*$
5682 ········state:·absent5682 ········state:·absent
5683 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']5683 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
5684 ········}}'5684 ········}}'
5685 ······when:5685 ······when:
5686 ······-·'"audit"·in·ansible_facts.packages' 
5687 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5686 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5687 ······-·'"audit"·in·ansible_facts.packages'
5688 ······tags:5688 ······tags:
5689 ······-·CCE-80708-15689 ······-·CCE-80708-1
5690 ······-·CJIS-5.4.1.15690 ······-·CJIS-5.4.1.1
5691 ······-·DISA-STIG-RHEL-08-0301215691 ······-·DISA-STIG-RHEL-08-030121
5692 ······-·NIST-800-171-3.3.15692 ······-·NIST-800-171-3.3.1
5693 ······-·NIST-800-171-3.4.35693 ······-·NIST-800-171-3.4.3
5694 ······-·NIST-800-53-AC-6(9)5694 ······-·NIST-800-53-AC-6(9)
Offset 5707, 16 lines modifiedOffset 5707, 16 lines modified
5707 ········create:·true5707 ········create:·true
5708 ········line:·-e·25708 ········line:·-e·2
5709 ········mode:·o-rwx5709 ········mode:·o-rwx
5710 ······loop:5710 ······loop:
5711 ······-·/etc/audit/audit.rules5711 ······-·/etc/audit/audit.rules
5712 ······-·/etc/audit/rules.d/immutable.rules5712 ······-·/etc/audit/rules.d/immutable.rules
5713 ······when:5713 ······when:
5714 ······-·'"audit"·in·ansible_facts.packages' 
5715 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5714 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5715 ······-·'"audit"·in·ansible_facts.packages'
5716 ······tags:5716 ······tags:
5717 ······-·CCE-80708-15717 ······-·CCE-80708-1
5718 ······-·CJIS-5.4.1.15718 ······-·CJIS-5.4.1.1
5719 ······-·DISA-STIG-RHEL-08-0301215719 ······-·DISA-STIG-RHEL-08-030121
5720 ······-·NIST-800-171-3.3.15720 ······-·NIST-800-171-3.3.1
5721 ······-·NIST-800-171-3.4.35721 ······-·NIST-800-171-3.4.3
5722 ······-·NIST-800-53-AC-6(9)5722 ······-·NIST-800-53-AC-6(9)
Offset 5751, 16 lines modifiedOffset 5751, 16 lines modified
5751 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/5751 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
5752 ······find:5752 ······find:
5753 ········paths:·/etc/audit/rules.d5753 ········paths:·/etc/audit/rules.d
5754 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+5754 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
5755 ········patterns:·'*.rules'5755 ········patterns:·'*.rules'
5756 ······register:·find_existing_watch_rules_d5756 ······register:·find_existing_watch_rules_d
5757 ······when:5757 ······when:
5758 ······-·'"audit"·in·ansible_facts.packages' 
5759 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5758 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5759 ······-·'"audit"·in·ansible_facts.packages'
5760 ······tags:5760 ······tags:
5761 ······-·CCE-80721-45761 ······-·CCE-80721-4
5762 ······-·CJIS-5.4.1.15762 ······-·CJIS-5.4.1.1
5763 ······-·NIST-800-171-3.1.85763 ······-·NIST-800-171-3.1.8
5764 ······-·NIST-800-53-AU-12(c)5764 ······-·NIST-800-53-AU-12(c)
5765 ······-·NIST-800-53-AU-2(d)5765 ······-·NIST-800-53-AU-2(d)
5766 ······-·NIST-800-53-CM-6(a)5766 ······-·NIST-800-53-CM-6(a)
Offset 5775, 16 lines modifiedOffset 5775, 16 lines modified
5775 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy5775 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
5776 ······find:5776 ······find:
5777 ········paths:·/etc/audit/rules.d5777 ········paths:·/etc/audit/rules.d
5778 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$5778 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
5779 ········patterns:·'*.rules'5779 ········patterns:·'*.rules'
5780 ······register:·find_watch_key5780 ······register:·find_watch_key
5781 ······when:5781 ······when:
5782 ······-·'"audit"·in·ansible_facts.packages' 
5783 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5782 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5783 ······-·'"audit"·in·ansible_facts.packages'
5784 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched5784 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
5785 ········==·05785 ········==·0
5786 ······tags:5786 ······tags:
5787 ······-·CCE-80721-45787 ······-·CCE-80721-4
5788 ······-·CJIS-5.4.1.15788 ······-·CJIS-5.4.1.1
5789 ······-·NIST-800-171-3.1.85789 ······-·NIST-800-171-3.1.8
5790 ······-·NIST-800-53-AU-12(c)5790 ······-·NIST-800-53-AU-12(c)
Offset 5799, 16 lines modifiedOffset 5799, 16 lines modified
5799 ······-·restrict_strategy5799 ······-·restrict_strategy
  
5800 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule5800 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
5801 ······set_fact:5801 ······set_fact:
5802 ········all_files:5802 ········all_files:
5803 ········-·/etc/audit/rules.d/MAC-policy.rules5803 ········-·/etc/audit/rules.d/MAC-policy.rules
5804 ······when:5804 ······when:
5805 ······-·'"audit"·in·ansible_facts.packages' 
5806 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5805 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5806 ······-·'"audit"·in·ansible_facts.packages'
5807 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched5807 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
5808 ········is·defined·and·find_existing_watch_rules_d.matched·==·05808 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
5809 ······tags:5809 ······tags:
5810 ······-·CCE-80721-45810 ······-·CCE-80721-4
5811 ······-·CJIS-5.4.1.15811 ······-·CJIS-5.4.1.1
5812 ······-·NIST-800-171-3.1.85812 ······-·NIST-800-171-3.1.8
5813 ······-·NIST-800-53-AU-12(c)5813 ······-·NIST-800-53-AU-12(c)
Offset 5823, 16 lines modifiedOffset 5823, 16 lines modified
5823 ······-·restrict_strategy5823 ······-·restrict_strategy
  
5824 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule5824 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
5825 ······set_fact:5825 ······set_fact:
5826 ········all_files:5826 ········all_files:
5827 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'5827 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
5828 ······when:5828 ······when:
5829 ······-·'"audit"·in·ansible_facts.packages' 
5830 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5829 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5830 ······-·'"audit"·in·ansible_facts.packages'
5831 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched5831 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
5832 ········is·defined·and·find_existing_watch_rules_d.matched·==·05832 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
5833 ······tags:5833 ······tags:
5834 ······-·CCE-80721-45834 ······-·CCE-80721-4
5835 ······-·CJIS-5.4.1.15835 ······-·CJIS-5.4.1.1
5836 ······-·NIST-800-171-3.1.85836 ······-·NIST-800-171-3.1.8
5837 ······-·NIST-800-53-AU-12(c)5837 ······-·NIST-800-53-AU-12(c)
Offset 5849, 16 lines modifiedOffset 5849, 16 lines modified
5849 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/5849 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
Max diff block lines reached; 165900/170548 bytes (97.27%) of diff not shown.
15.2 KB
./usr/share/scap-security-guide/ansible/rhel8-playbook-cis_server_l1.yml
Ordering differences only
    
Offset 5473, 16 lines modifiedOffset 5473, 16 lines modified
5473 ······-·no_reboot_needed5473 ······-·no_reboot_needed
  
5474 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg5474 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
5475 ······stat:5475 ······stat:
5476 ········path:·/boot/grub2/grub.cfg5476 ········path:·/boot/grub2/grub.cfg
5477 ······register:·file_exists5477 ······register:·file_exists
5478 ······when:5478 ······when:
5479 ······-·'"grub2-common"·in·ansible_facts.packages' 
5480 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'5479 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 5480 ······-·'"grub2-common"·in·ansible_facts.packages'
5481 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5481 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5482 ······tags:5482 ······tags:
5483 ······-·CCE-80800-65483 ······-·CCE-80800-6
5484 ······-·CJIS-5.5.2.25484 ······-·CJIS-5.5.2.2
5485 ······-·NIST-800-171-3.4.55485 ······-·NIST-800-171-3.4.5
5486 ······-·NIST-800-53-AC-6(1)5486 ······-·NIST-800-53-AC-6(1)
5487 ······-·NIST-800-53-CM-6(a)5487 ······-·NIST-800-53-CM-6(a)
Offset 5495, 16 lines modifiedOffset 5495, 16 lines modified
5495 ······-·no_reboot_needed5495 ······-·no_reboot_needed
  
5496 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg5496 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
5497 ······file:5497 ······file:
5498 ········path:·/boot/grub2/grub.cfg5498 ········path:·/boot/grub2/grub.cfg
5499 ········group:·'0'5499 ········group:·'0'
5500 ······when:5500 ······when:
5501 ······-·'"grub2-common"·in·ansible_facts.packages' 
5502 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'5501 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 5502 ······-·'"grub2-common"·in·ansible_facts.packages'
5503 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5503 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5504 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5504 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5505 ······tags:5505 ······tags:
5506 ······-·CCE-80800-65506 ······-·CCE-80800-6
5507 ······-·CJIS-5.5.2.25507 ······-·CJIS-5.5.2.2
5508 ······-·NIST-800-171-3.4.55508 ······-·NIST-800-171-3.4.5
5509 ······-·NIST-800-53-AC-6(1)5509 ······-·NIST-800-53-AC-6(1)
Offset 5536, 16 lines modifiedOffset 5536, 16 lines modified
5536 ······-·no_reboot_needed5536 ······-·no_reboot_needed
  
5537 ····-·name:·Test·for·existence·/boot/grub2/user.cfg5537 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
5538 ······stat:5538 ······stat:
5539 ········path:·/boot/grub2/user.cfg5539 ········path:·/boot/grub2/user.cfg
5540 ······register:·file_exists5540 ······register:·file_exists
5541 ······when:5541 ······when:
5542 ······-·'"grub2-common"·in·ansible_facts.packages' 
5543 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'5542 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 5543 ······-·'"grub2-common"·in·ansible_facts.packages'
5544 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5544 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5545 ······tags:5545 ······tags:
5546 ······-·CCE-86009-85546 ······-·CCE-86009-8
5547 ······-·CJIS-5.5.2.25547 ······-·CJIS-5.5.2.2
5548 ······-·NIST-800-171-3.4.55548 ······-·NIST-800-171-3.4.5
5549 ······-·NIST-800-53-AC-6(1)5549 ······-·NIST-800-53-AC-6(1)
5550 ······-·NIST-800-53-CM-6(a)5550 ······-·NIST-800-53-CM-6(a)
Offset 5558, 16 lines modifiedOffset 5558, 16 lines modified
5558 ······-·no_reboot_needed5558 ······-·no_reboot_needed
  
5559 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg5559 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
5560 ······file:5560 ······file:
5561 ········path:·/boot/grub2/user.cfg5561 ········path:·/boot/grub2/user.cfg
5562 ········group:·'0'5562 ········group:·'0'
5563 ······when:5563 ······when:
5564 ······-·'"grub2-common"·in·ansible_facts.packages' 
5565 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'5564 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 5565 ······-·'"grub2-common"·in·ansible_facts.packages'
5566 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5566 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5567 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5567 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5568 ······tags:5568 ······tags:
5569 ······-·CCE-86009-85569 ······-·CCE-86009-8
5570 ······-·CJIS-5.5.2.25570 ······-·CJIS-5.5.2.2
5571 ······-·NIST-800-171-3.4.55571 ······-·NIST-800-171-3.4.5
5572 ······-·NIST-800-53-AC-6(1)5572 ······-·NIST-800-53-AC-6(1)
Offset 5599, 16 lines modifiedOffset 5599, 16 lines modified
5599 ······-·no_reboot_needed5599 ······-·no_reboot_needed
  
5600 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg5600 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
5601 ······stat:5601 ······stat:
5602 ········path:·/boot/grub2/grub.cfg5602 ········path:·/boot/grub2/grub.cfg
5603 ······register:·file_exists5603 ······register:·file_exists
5604 ······when:5604 ······when:
5605 ······-·'"grub2-common"·in·ansible_facts.packages' 
5606 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'5605 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 5606 ······-·'"grub2-common"·in·ansible_facts.packages'
5607 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5607 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5608 ······tags:5608 ······tags:
5609 ······-·CCE-80805-55609 ······-·CCE-80805-5
5610 ······-·CJIS-5.5.2.25610 ······-·CJIS-5.5.2.2
5611 ······-·NIST-800-171-3.4.55611 ······-·NIST-800-171-3.4.5
5612 ······-·NIST-800-53-AC-6(1)5612 ······-·NIST-800-53-AC-6(1)
5613 ······-·NIST-800-53-CM-6(a)5613 ······-·NIST-800-53-CM-6(a)
Offset 5621, 16 lines modifiedOffset 5621, 16 lines modified
5621 ······-·no_reboot_needed5621 ······-·no_reboot_needed
  
5622 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg5622 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
5623 ······file:5623 ······file:
5624 ········path:·/boot/grub2/grub.cfg5624 ········path:·/boot/grub2/grub.cfg
5625 ········owner:·'0'5625 ········owner:·'0'
5626 ······when:5626 ······when:
5627 ······-·'"grub2-common"·in·ansible_facts.packages' 
5628 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'5627 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 5628 ······-·'"grub2-common"·in·ansible_facts.packages'
5629 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5629 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5630 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5630 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5631 ······tags:5631 ······tags:
5632 ······-·CCE-80805-55632 ······-·CCE-80805-5
5633 ······-·CJIS-5.5.2.25633 ······-·CJIS-5.5.2.2
5634 ······-·NIST-800-171-3.4.55634 ······-·NIST-800-171-3.4.5
5635 ······-·NIST-800-53-AC-6(1)5635 ······-·NIST-800-53-AC-6(1)
Offset 5662, 16 lines modifiedOffset 5662, 16 lines modified
5662 ······-·no_reboot_needed5662 ······-·no_reboot_needed
  
5663 ····-·name:·Test·for·existence·/boot/grub2/user.cfg5663 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
5664 ······stat:5664 ······stat:
5665 ········path:·/boot/grub2/user.cfg5665 ········path:·/boot/grub2/user.cfg
5666 ······register:·file_exists5666 ······register:·file_exists
5667 ······when:5667 ······when:
5668 ······-·'"grub2-common"·in·ansible_facts.packages' 
5669 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'5668 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 5669 ······-·'"grub2-common"·in·ansible_facts.packages'
5670 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5670 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5671 ······tags:5671 ······tags:
5672 ······-·CCE-86015-55672 ······-·CCE-86015-5
5673 ······-·CJIS-5.5.2.25673 ······-·CJIS-5.5.2.2
5674 ······-·NIST-800-171-3.4.55674 ······-·NIST-800-171-3.4.5
5675 ······-·NIST-800-53-AC-6(1)5675 ······-·NIST-800-53-AC-6(1)
5676 ······-·NIST-800-53-CM-6(a)5676 ······-·NIST-800-53-CM-6(a)
Offset 5684, 16 lines modifiedOffset 5684, 16 lines modified
5684 ······-·no_reboot_needed5684 ······-·no_reboot_needed
Max diff block lines reached; 10994/15434 bytes (71.23%) of diff not shown.
15.2 KB
./usr/share/scap-security-guide/ansible/rhel8-playbook-cis_workstation_l1.yml
Ordering differences only
    
Offset 5473, 16 lines modifiedOffset 5473, 16 lines modified
5473 ······-·no_reboot_needed5473 ······-·no_reboot_needed
  
5474 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg5474 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
5475 ······stat:5475 ······stat:
5476 ········path:·/boot/grub2/grub.cfg5476 ········path:·/boot/grub2/grub.cfg
5477 ······register:·file_exists5477 ······register:·file_exists
5478 ······when:5478 ······when:
5479 ······-·'"grub2-common"·in·ansible_facts.packages' 
5480 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'5479 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 5480 ······-·'"grub2-common"·in·ansible_facts.packages'
5481 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5481 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5482 ······tags:5482 ······tags:
5483 ······-·CCE-80800-65483 ······-·CCE-80800-6
5484 ······-·CJIS-5.5.2.25484 ······-·CJIS-5.5.2.2
5485 ······-·NIST-800-171-3.4.55485 ······-·NIST-800-171-3.4.5
5486 ······-·NIST-800-53-AC-6(1)5486 ······-·NIST-800-53-AC-6(1)
5487 ······-·NIST-800-53-CM-6(a)5487 ······-·NIST-800-53-CM-6(a)
Offset 5495, 16 lines modifiedOffset 5495, 16 lines modified
5495 ······-·no_reboot_needed5495 ······-·no_reboot_needed
  
5496 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg5496 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
5497 ······file:5497 ······file:
5498 ········path:·/boot/grub2/grub.cfg5498 ········path:·/boot/grub2/grub.cfg
5499 ········group:·'0'5499 ········group:·'0'
5500 ······when:5500 ······when:
5501 ······-·'"grub2-common"·in·ansible_facts.packages' 
5502 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'5501 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 5502 ······-·'"grub2-common"·in·ansible_facts.packages'
5503 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5503 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5504 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5504 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5505 ······tags:5505 ······tags:
5506 ······-·CCE-80800-65506 ······-·CCE-80800-6
5507 ······-·CJIS-5.5.2.25507 ······-·CJIS-5.5.2.2
5508 ······-·NIST-800-171-3.4.55508 ······-·NIST-800-171-3.4.5
5509 ······-·NIST-800-53-AC-6(1)5509 ······-·NIST-800-53-AC-6(1)
Offset 5536, 16 lines modifiedOffset 5536, 16 lines modified
5536 ······-·no_reboot_needed5536 ······-·no_reboot_needed
  
5537 ····-·name:·Test·for·existence·/boot/grub2/user.cfg5537 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
5538 ······stat:5538 ······stat:
5539 ········path:·/boot/grub2/user.cfg5539 ········path:·/boot/grub2/user.cfg
5540 ······register:·file_exists5540 ······register:·file_exists
5541 ······when:5541 ······when:
5542 ······-·'"grub2-common"·in·ansible_facts.packages' 
5543 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'5542 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 5543 ······-·'"grub2-common"·in·ansible_facts.packages'
5544 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5544 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5545 ······tags:5545 ······tags:
5546 ······-·CCE-86009-85546 ······-·CCE-86009-8
5547 ······-·CJIS-5.5.2.25547 ······-·CJIS-5.5.2.2
5548 ······-·NIST-800-171-3.4.55548 ······-·NIST-800-171-3.4.5
5549 ······-·NIST-800-53-AC-6(1)5549 ······-·NIST-800-53-AC-6(1)
5550 ······-·NIST-800-53-CM-6(a)5550 ······-·NIST-800-53-CM-6(a)
Offset 5558, 16 lines modifiedOffset 5558, 16 lines modified
5558 ······-·no_reboot_needed5558 ······-·no_reboot_needed
  
5559 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg5559 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
5560 ······file:5560 ······file:
5561 ········path:·/boot/grub2/user.cfg5561 ········path:·/boot/grub2/user.cfg
5562 ········group:·'0'5562 ········group:·'0'
5563 ······when:5563 ······when:
5564 ······-·'"grub2-common"·in·ansible_facts.packages' 
5565 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'5564 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 5565 ······-·'"grub2-common"·in·ansible_facts.packages'
5566 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5566 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5567 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5567 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5568 ······tags:5568 ······tags:
5569 ······-·CCE-86009-85569 ······-·CCE-86009-8
5570 ······-·CJIS-5.5.2.25570 ······-·CJIS-5.5.2.2
5571 ······-·NIST-800-171-3.4.55571 ······-·NIST-800-171-3.4.5
5572 ······-·NIST-800-53-AC-6(1)5572 ······-·NIST-800-53-AC-6(1)
Offset 5599, 16 lines modifiedOffset 5599, 16 lines modified
5599 ······-·no_reboot_needed5599 ······-·no_reboot_needed
  
5600 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg5600 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
5601 ······stat:5601 ······stat:
5602 ········path:·/boot/grub2/grub.cfg5602 ········path:·/boot/grub2/grub.cfg
5603 ······register:·file_exists5603 ······register:·file_exists
5604 ······when:5604 ······when:
5605 ······-·'"grub2-common"·in·ansible_facts.packages' 
5606 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'5605 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 5606 ······-·'"grub2-common"·in·ansible_facts.packages'
5607 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5607 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5608 ······tags:5608 ······tags:
5609 ······-·CCE-80805-55609 ······-·CCE-80805-5
5610 ······-·CJIS-5.5.2.25610 ······-·CJIS-5.5.2.2
5611 ······-·NIST-800-171-3.4.55611 ······-·NIST-800-171-3.4.5
5612 ······-·NIST-800-53-AC-6(1)5612 ······-·NIST-800-53-AC-6(1)
5613 ······-·NIST-800-53-CM-6(a)5613 ······-·NIST-800-53-CM-6(a)
Offset 5621, 16 lines modifiedOffset 5621, 16 lines modified
5621 ······-·no_reboot_needed5621 ······-·no_reboot_needed
  
5622 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg5622 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
5623 ······file:5623 ······file:
5624 ········path:·/boot/grub2/grub.cfg5624 ········path:·/boot/grub2/grub.cfg
5625 ········owner:·'0'5625 ········owner:·'0'
5626 ······when:5626 ······when:
5627 ······-·'"grub2-common"·in·ansible_facts.packages' 
5628 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'5627 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 5628 ······-·'"grub2-common"·in·ansible_facts.packages'
5629 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5629 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5630 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5630 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5631 ······tags:5631 ······tags:
5632 ······-·CCE-80805-55632 ······-·CCE-80805-5
5633 ······-·CJIS-5.5.2.25633 ······-·CJIS-5.5.2.2
5634 ······-·NIST-800-171-3.4.55634 ······-·NIST-800-171-3.4.5
5635 ······-·NIST-800-53-AC-6(1)5635 ······-·NIST-800-53-AC-6(1)
Offset 5662, 16 lines modifiedOffset 5662, 16 lines modified
5662 ······-·no_reboot_needed5662 ······-·no_reboot_needed
  
5663 ····-·name:·Test·for·existence·/boot/grub2/user.cfg5663 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
5664 ······stat:5664 ······stat:
5665 ········path:·/boot/grub2/user.cfg5665 ········path:·/boot/grub2/user.cfg
5666 ······register:·file_exists5666 ······register:·file_exists
5667 ······when:5667 ······when:
5668 ······-·'"grub2-common"·in·ansible_facts.packages' 
5669 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'5668 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 5669 ······-·'"grub2-common"·in·ansible_facts.packages'
5670 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5670 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5671 ······tags:5671 ······tags:
5672 ······-·CCE-86015-55672 ······-·CCE-86015-5
5673 ······-·CJIS-5.5.2.25673 ······-·CJIS-5.5.2.2
5674 ······-·NIST-800-171-3.4.55674 ······-·NIST-800-171-3.4.5
5675 ······-·NIST-800-53-AC-6(1)5675 ······-·NIST-800-53-AC-6(1)
5676 ······-·NIST-800-53-CM-6(a)5676 ······-·NIST-800-53-CM-6(a)
Offset 5684, 16 lines modifiedOffset 5684, 16 lines modified
5684 ······-·no_reboot_needed5684 ······-·no_reboot_needed
Max diff block lines reached; 10994/15434 bytes (71.23%) of diff not shown.
167 KB
./usr/share/scap-security-guide/ansible/rhel8-playbook-cis_workstation_l2.yml
Ordering differences only
    
Offset 5653, 16 lines modifiedOffset 5653, 16 lines modified
  
5653 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension5653 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
5654 ······find:5654 ······find:
5655 ········paths:·/etc/audit/rules.d/5655 ········paths:·/etc/audit/rules.d/
5656 ········patterns:·'*.rules'5656 ········patterns:·'*.rules'
5657 ······register:·find_rules_d5657 ······register:·find_rules_d
5658 ······when:5658 ······when:
5659 ······-·'"audit"·in·ansible_facts.packages' 
5660 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5659 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5660 ······-·'"audit"·in·ansible_facts.packages'
5661 ······tags:5661 ······tags:
5662 ······-·CCE-80708-15662 ······-·CCE-80708-1
5663 ······-·CJIS-5.4.1.15663 ······-·CJIS-5.4.1.1
5664 ······-·DISA-STIG-RHEL-08-0301215664 ······-·DISA-STIG-RHEL-08-030121
5665 ······-·NIST-800-171-3.3.15665 ······-·NIST-800-171-3.3.1
5666 ······-·NIST-800-171-3.4.35666 ······-·NIST-800-171-3.4.3
5667 ······-·NIST-800-53-AC-6(9)5667 ······-·NIST-800-53-AC-6(9)
Offset 5679, 16 lines modifiedOffset 5679, 16 lines modified
5679 ······lineinfile:5679 ······lineinfile:
5680 ········path:·'{{·item·}}'5680 ········path:·'{{·item·}}'
5681 ········regexp:·^\s*(?:-e)\s+.*$5681 ········regexp:·^\s*(?:-e)\s+.*$
5682 ········state:·absent5682 ········state:·absent
5683 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']5683 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
5684 ········}}'5684 ········}}'
5685 ······when:5685 ······when:
5686 ······-·'"audit"·in·ansible_facts.packages' 
5687 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5686 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5687 ······-·'"audit"·in·ansible_facts.packages'
5688 ······tags:5688 ······tags:
5689 ······-·CCE-80708-15689 ······-·CCE-80708-1
5690 ······-·CJIS-5.4.1.15690 ······-·CJIS-5.4.1.1
5691 ······-·DISA-STIG-RHEL-08-0301215691 ······-·DISA-STIG-RHEL-08-030121
5692 ······-·NIST-800-171-3.3.15692 ······-·NIST-800-171-3.3.1
5693 ······-·NIST-800-171-3.4.35693 ······-·NIST-800-171-3.4.3
5694 ······-·NIST-800-53-AC-6(9)5694 ······-·NIST-800-53-AC-6(9)
Offset 5707, 16 lines modifiedOffset 5707, 16 lines modified
5707 ········create:·true5707 ········create:·true
5708 ········line:·-e·25708 ········line:·-e·2
5709 ········mode:·o-rwx5709 ········mode:·o-rwx
5710 ······loop:5710 ······loop:
5711 ······-·/etc/audit/audit.rules5711 ······-·/etc/audit/audit.rules
5712 ······-·/etc/audit/rules.d/immutable.rules5712 ······-·/etc/audit/rules.d/immutable.rules
5713 ······when:5713 ······when:
5714 ······-·'"audit"·in·ansible_facts.packages' 
5715 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5714 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5715 ······-·'"audit"·in·ansible_facts.packages'
5716 ······tags:5716 ······tags:
5717 ······-·CCE-80708-15717 ······-·CCE-80708-1
5718 ······-·CJIS-5.4.1.15718 ······-·CJIS-5.4.1.1
5719 ······-·DISA-STIG-RHEL-08-0301215719 ······-·DISA-STIG-RHEL-08-030121
5720 ······-·NIST-800-171-3.3.15720 ······-·NIST-800-171-3.3.1
5721 ······-·NIST-800-171-3.4.35721 ······-·NIST-800-171-3.4.3
5722 ······-·NIST-800-53-AC-6(9)5722 ······-·NIST-800-53-AC-6(9)
Offset 5751, 16 lines modifiedOffset 5751, 16 lines modified
5751 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/5751 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
5752 ······find:5752 ······find:
5753 ········paths:·/etc/audit/rules.d5753 ········paths:·/etc/audit/rules.d
5754 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+5754 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
5755 ········patterns:·'*.rules'5755 ········patterns:·'*.rules'
5756 ······register:·find_existing_watch_rules_d5756 ······register:·find_existing_watch_rules_d
5757 ······when:5757 ······when:
5758 ······-·'"audit"·in·ansible_facts.packages' 
5759 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5758 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5759 ······-·'"audit"·in·ansible_facts.packages'
5760 ······tags:5760 ······tags:
5761 ······-·CCE-80721-45761 ······-·CCE-80721-4
5762 ······-·CJIS-5.4.1.15762 ······-·CJIS-5.4.1.1
5763 ······-·NIST-800-171-3.1.85763 ······-·NIST-800-171-3.1.8
5764 ······-·NIST-800-53-AU-12(c)5764 ······-·NIST-800-53-AU-12(c)
5765 ······-·NIST-800-53-AU-2(d)5765 ······-·NIST-800-53-AU-2(d)
5766 ······-·NIST-800-53-CM-6(a)5766 ······-·NIST-800-53-CM-6(a)
Offset 5775, 16 lines modifiedOffset 5775, 16 lines modified
5775 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy5775 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
5776 ······find:5776 ······find:
5777 ········paths:·/etc/audit/rules.d5777 ········paths:·/etc/audit/rules.d
5778 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$5778 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
5779 ········patterns:·'*.rules'5779 ········patterns:·'*.rules'
5780 ······register:·find_watch_key5780 ······register:·find_watch_key
5781 ······when:5781 ······when:
5782 ······-·'"audit"·in·ansible_facts.packages' 
5783 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5782 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5783 ······-·'"audit"·in·ansible_facts.packages'
5784 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched5784 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
5785 ········==·05785 ········==·0
5786 ······tags:5786 ······tags:
5787 ······-·CCE-80721-45787 ······-·CCE-80721-4
5788 ······-·CJIS-5.4.1.15788 ······-·CJIS-5.4.1.1
5789 ······-·NIST-800-171-3.1.85789 ······-·NIST-800-171-3.1.8
5790 ······-·NIST-800-53-AU-12(c)5790 ······-·NIST-800-53-AU-12(c)
Offset 5799, 16 lines modifiedOffset 5799, 16 lines modified
5799 ······-·restrict_strategy5799 ······-·restrict_strategy
  
5800 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule5800 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
5801 ······set_fact:5801 ······set_fact:
5802 ········all_files:5802 ········all_files:
5803 ········-·/etc/audit/rules.d/MAC-policy.rules5803 ········-·/etc/audit/rules.d/MAC-policy.rules
5804 ······when:5804 ······when:
5805 ······-·'"audit"·in·ansible_facts.packages' 
5806 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5805 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5806 ······-·'"audit"·in·ansible_facts.packages'
5807 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched5807 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
5808 ········is·defined·and·find_existing_watch_rules_d.matched·==·05808 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
5809 ······tags:5809 ······tags:
5810 ······-·CCE-80721-45810 ······-·CCE-80721-4
5811 ······-·CJIS-5.4.1.15811 ······-·CJIS-5.4.1.1
5812 ······-·NIST-800-171-3.1.85812 ······-·NIST-800-171-3.1.8
5813 ······-·NIST-800-53-AU-12(c)5813 ······-·NIST-800-53-AU-12(c)
Offset 5823, 16 lines modifiedOffset 5823, 16 lines modified
5823 ······-·restrict_strategy5823 ······-·restrict_strategy
  
5824 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule5824 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
5825 ······set_fact:5825 ······set_fact:
5826 ········all_files:5826 ········all_files:
5827 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'5827 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
5828 ······when:5828 ······when:
5829 ······-·'"audit"·in·ansible_facts.packages' 
5830 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5829 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5830 ······-·'"audit"·in·ansible_facts.packages'
5831 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched5831 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
5832 ········is·defined·and·find_existing_watch_rules_d.matched·==·05832 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
5833 ······tags:5833 ······tags:
5834 ······-·CCE-80721-45834 ······-·CCE-80721-4
5835 ······-·CJIS-5.4.1.15835 ······-·CJIS-5.4.1.1
5836 ······-·NIST-800-171-3.1.85836 ······-·NIST-800-171-3.1.8
5837 ······-·NIST-800-53-AU-12(c)5837 ······-·NIST-800-53-AU-12(c)
Offset 5849, 16 lines modifiedOffset 5849, 16 lines modified
5849 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/5849 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
Max diff block lines reached; 165900/170548 bytes (97.27%) of diff not shown.
100 KB
./usr/share/scap-security-guide/ansible/rhel8-playbook-cjis.yml
Ordering differences only
    
Offset 3049, 16 lines modifiedOffset 3049, 16 lines modified
  
3049 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension3049 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
3050 ······find:3050 ······find:
3051 ········paths:·/etc/audit/rules.d/3051 ········paths:·/etc/audit/rules.d/
3052 ········patterns:·'*.rules'3052 ········patterns:·'*.rules'
3053 ······register:·find_rules_d3053 ······register:·find_rules_d
3054 ······when:3054 ······when:
3055 ······-·'"audit"·in·ansible_facts.packages' 
3056 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3055 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3056 ······-·'"audit"·in·ansible_facts.packages'
3057 ······tags:3057 ······tags:
3058 ······-·CCE-80708-13058 ······-·CCE-80708-1
3059 ······-·CJIS-5.4.1.13059 ······-·CJIS-5.4.1.1
3060 ······-·DISA-STIG-RHEL-08-0301213060 ······-·DISA-STIG-RHEL-08-030121
3061 ······-·NIST-800-171-3.3.13061 ······-·NIST-800-171-3.3.1
3062 ······-·NIST-800-171-3.4.33062 ······-·NIST-800-171-3.4.3
3063 ······-·NIST-800-53-AC-6(9)3063 ······-·NIST-800-53-AC-6(9)
Offset 3075, 16 lines modifiedOffset 3075, 16 lines modified
3075 ······lineinfile:3075 ······lineinfile:
3076 ········path:·'{{·item·}}'3076 ········path:·'{{·item·}}'
3077 ········regexp:·^\s*(?:-e)\s+.*$3077 ········regexp:·^\s*(?:-e)\s+.*$
3078 ········state:·absent3078 ········state:·absent
3079 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']3079 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
3080 ········}}'3080 ········}}'
3081 ······when:3081 ······when:
3082 ······-·'"audit"·in·ansible_facts.packages' 
3083 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3082 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3083 ······-·'"audit"·in·ansible_facts.packages'
3084 ······tags:3084 ······tags:
3085 ······-·CCE-80708-13085 ······-·CCE-80708-1
3086 ······-·CJIS-5.4.1.13086 ······-·CJIS-5.4.1.1
3087 ······-·DISA-STIG-RHEL-08-0301213087 ······-·DISA-STIG-RHEL-08-030121
3088 ······-·NIST-800-171-3.3.13088 ······-·NIST-800-171-3.3.1
3089 ······-·NIST-800-171-3.4.33089 ······-·NIST-800-171-3.4.3
3090 ······-·NIST-800-53-AC-6(9)3090 ······-·NIST-800-53-AC-6(9)
Offset 3103, 16 lines modifiedOffset 3103, 16 lines modified
3103 ········create:·true3103 ········create:·true
3104 ········line:·-e·23104 ········line:·-e·2
3105 ········mode:·o-rwx3105 ········mode:·o-rwx
3106 ······loop:3106 ······loop:
3107 ······-·/etc/audit/audit.rules3107 ······-·/etc/audit/audit.rules
3108 ······-·/etc/audit/rules.d/immutable.rules3108 ······-·/etc/audit/rules.d/immutable.rules
3109 ······when:3109 ······when:
3110 ······-·'"audit"·in·ansible_facts.packages' 
3111 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3110 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3111 ······-·'"audit"·in·ansible_facts.packages'
3112 ······tags:3112 ······tags:
3113 ······-·CCE-80708-13113 ······-·CCE-80708-1
3114 ······-·CJIS-5.4.1.13114 ······-·CJIS-5.4.1.1
3115 ······-·DISA-STIG-RHEL-08-0301213115 ······-·DISA-STIG-RHEL-08-030121
3116 ······-·NIST-800-171-3.3.13116 ······-·NIST-800-171-3.3.1
3117 ······-·NIST-800-171-3.4.33117 ······-·NIST-800-171-3.4.3
3118 ······-·NIST-800-53-AC-6(9)3118 ······-·NIST-800-53-AC-6(9)
Offset 3147, 16 lines modifiedOffset 3147, 16 lines modified
3147 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/3147 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
3148 ······find:3148 ······find:
3149 ········paths:·/etc/audit/rules.d3149 ········paths:·/etc/audit/rules.d
3150 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+3150 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
3151 ········patterns:·'*.rules'3151 ········patterns:·'*.rules'
3152 ······register:·find_existing_watch_rules_d3152 ······register:·find_existing_watch_rules_d
3153 ······when:3153 ······when:
3154 ······-·'"audit"·in·ansible_facts.packages' 
3155 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3154 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3155 ······-·'"audit"·in·ansible_facts.packages'
3156 ······tags:3156 ······tags:
3157 ······-·CCE-80721-43157 ······-·CCE-80721-4
3158 ······-·CJIS-5.4.1.13158 ······-·CJIS-5.4.1.1
3159 ······-·NIST-800-171-3.1.83159 ······-·NIST-800-171-3.1.8
3160 ······-·NIST-800-53-AU-12(c)3160 ······-·NIST-800-53-AU-12(c)
3161 ······-·NIST-800-53-AU-2(d)3161 ······-·NIST-800-53-AU-2(d)
3162 ······-·NIST-800-53-CM-6(a)3162 ······-·NIST-800-53-CM-6(a)
Offset 3171, 16 lines modifiedOffset 3171, 16 lines modified
3171 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy3171 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
3172 ······find:3172 ······find:
3173 ········paths:·/etc/audit/rules.d3173 ········paths:·/etc/audit/rules.d
3174 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$3174 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
3175 ········patterns:·'*.rules'3175 ········patterns:·'*.rules'
3176 ······register:·find_watch_key3176 ······register:·find_watch_key
3177 ······when:3177 ······when:
3178 ······-·'"audit"·in·ansible_facts.packages' 
3179 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3178 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3179 ······-·'"audit"·in·ansible_facts.packages'
3180 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched3180 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
3181 ········==·03181 ········==·0
3182 ······tags:3182 ······tags:
3183 ······-·CCE-80721-43183 ······-·CCE-80721-4
3184 ······-·CJIS-5.4.1.13184 ······-·CJIS-5.4.1.1
3185 ······-·NIST-800-171-3.1.83185 ······-·NIST-800-171-3.1.8
3186 ······-·NIST-800-53-AU-12(c)3186 ······-·NIST-800-53-AU-12(c)
Offset 3195, 16 lines modifiedOffset 3195, 16 lines modified
3195 ······-·restrict_strategy3195 ······-·restrict_strategy
  
3196 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule3196 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
3197 ······set_fact:3197 ······set_fact:
3198 ········all_files:3198 ········all_files:
3199 ········-·/etc/audit/rules.d/MAC-policy.rules3199 ········-·/etc/audit/rules.d/MAC-policy.rules
3200 ······when:3200 ······when:
3201 ······-·'"audit"·in·ansible_facts.packages' 
3202 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3201 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3202 ······-·'"audit"·in·ansible_facts.packages'
3203 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched3203 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
3204 ········is·defined·and·find_existing_watch_rules_d.matched·==·03204 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
3205 ······tags:3205 ······tags:
3206 ······-·CCE-80721-43206 ······-·CCE-80721-4
3207 ······-·CJIS-5.4.1.13207 ······-·CJIS-5.4.1.1
3208 ······-·NIST-800-171-3.1.83208 ······-·NIST-800-171-3.1.8
3209 ······-·NIST-800-53-AU-12(c)3209 ······-·NIST-800-53-AU-12(c)
Offset 3219, 16 lines modifiedOffset 3219, 16 lines modified
3219 ······-·restrict_strategy3219 ······-·restrict_strategy
  
3220 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule3220 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
3221 ······set_fact:3221 ······set_fact:
3222 ········all_files:3222 ········all_files:
3223 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'3223 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
3224 ······when:3224 ······when:
3225 ······-·'"audit"·in·ansible_facts.packages' 
3226 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3225 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3226 ······-·'"audit"·in·ansible_facts.packages'
3227 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched3227 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
3228 ········is·defined·and·find_existing_watch_rules_d.matched·==·03228 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
3229 ······tags:3229 ······tags:
3230 ······-·CCE-80721-43230 ······-·CCE-80721-4
3231 ······-·CJIS-5.4.1.13231 ······-·CJIS-5.4.1.1
3232 ······-·NIST-800-171-3.1.83232 ······-·NIST-800-171-3.1.8
3233 ······-·NIST-800-53-AU-12(c)3233 ······-·NIST-800-53-AU-12(c)
Offset 3245, 16 lines modifiedOffset 3245, 16 lines modified
3245 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/3245 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
Max diff block lines reached; 97844/102492 bytes (95.47%) of diff not shown.
3.54 KB
./usr/share/scap-security-guide/ansible/rhel8-playbook-cui.yml
Ordering differences only
    
Offset 4972, 16 lines modifiedOffset 4972, 16 lines modified
4972 ······lineinfile:4972 ······lineinfile:
4973 ········dest:·/etc/audit/auditd.conf4973 ········dest:·/etc/audit/auditd.conf
4974 ········regexp:·^\s*flush\s*=\s*.*$4974 ········regexp:·^\s*flush\s*=\s*.*$
4975 ········line:·flush·=·{{·var_auditd_flush·}}4975 ········line:·flush·=·{{·var_auditd_flush·}}
4976 ········state:·present4976 ········state:·present
4977 ········create:·true4977 ········create:·true
4978 ······when:4978 ······when:
4979 ······-·'"audit"·in·ansible_facts.packages' 
4980 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4979 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4980 ······-·'"audit"·in·ansible_facts.packages'
4981 ······tags:4981 ······tags:
4982 ······-·CCE-80680-24982 ······-·CCE-80680-2
4983 ······-·NIST-800-171-3.3.14983 ······-·NIST-800-171-3.3.1
4984 ······-·NIST-800-53-AU-114984 ······-·NIST-800-53-AU-11
4985 ······-·NIST-800-53-CM-6(a)4985 ······-·NIST-800-53-CM-6(a)
4986 ······-·auditd_data_retention_flush4986 ······-·auditd_data_retention_flush
4987 ······-·low_complexity4987 ······-·low_complexity
Offset 5029, 16 lines modifiedOffset 5029, 16 lines modified
5029 ········lineinfile:5029 ········lineinfile:
5030 ··········path:·/etc/audit/auditd.conf5030 ··········path:·/etc/audit/auditd.conf
5031 ··········create:·true5031 ··········create:·true
5032 ··········regexp:·(?i)^\s*freq\s*=\s*5032 ··········regexp:·(?i)^\s*freq\s*=\s*
5033 ··········line:·freq·=·505033 ··········line:·freq·=·50
5034 ··········state:·present5034 ··········state:·present
5035 ······when:5035 ······when:
5036 ······-·'"audit"·in·ansible_facts.packages' 
5037 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5036 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5037 ······-·'"audit"·in·ansible_facts.packages'
5038 ······tags:5038 ······tags:
5039 ······-·CCE-82258-55039 ······-·CCE-82258-5
5040 ······-·NIST-800-53-CM-65040 ······-·NIST-800-53-CM-6
5041 ······-·auditd_freq5041 ······-·auditd_freq
5042 ······-·low_complexity5042 ······-·low_complexity
5043 ······-·low_disruption5043 ······-·low_disruption
5044 ······-·medium_severity5044 ······-·medium_severity
Offset 5085, 16 lines modifiedOffset 5085, 16 lines modified
5085 ········lineinfile:5085 ········lineinfile:
5086 ··········path:·/etc/audit/auditd.conf5086 ··········path:·/etc/audit/auditd.conf
5087 ··········create:·true5087 ··········create:·true
5088 ··········regexp:·(?i)^\s*local_events\s*=\s*5088 ··········regexp:·(?i)^\s*local_events\s*=\s*
5089 ··········line:·local_events·=·yes5089 ··········line:·local_events·=·yes
5090 ··········state:·present5090 ··········state:·present
5091 ······when:5091 ······when:
5092 ······-·'"audit"·in·ansible_facts.packages' 
5093 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5092 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5093 ······-·'"audit"·in·ansible_facts.packages'
5094 ······tags:5094 ······tags:
5095 ······-·CCE-82233-85095 ······-·CCE-82233-8
5096 ······-·DISA-STIG-RHEL-08-0300615096 ······-·DISA-STIG-RHEL-08-030061
5097 ······-·NIST-800-53-CM-65097 ······-·NIST-800-53-CM-6
5098 ······-·auditd_local_events5098 ······-·auditd_local_events
5099 ······-·low_complexity5099 ······-·low_complexity
5100 ······-·low_disruption5100 ······-·low_disruption
Offset 5143, 16 lines modifiedOffset 5143, 16 lines modified
5143 ········lineinfile:5143 ········lineinfile:
5144 ··········path:·/etc/audit/auditd.conf5144 ··········path:·/etc/audit/auditd.conf
5145 ··········create:·true5145 ··········create:·true
5146 ··········regexp:·(?i)^\s*log_format\s*=\s*5146 ··········regexp:·(?i)^\s*log_format\s*=\s*
5147 ··········line:·log_format·=·ENRICHED5147 ··········line:·log_format·=·ENRICHED
5148 ··········state:·present5148 ··········state:·present
5149 ······when:5149 ······when:
5150 ······-·'"audit"·in·ansible_facts.packages' 
5151 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5150 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5151 ······-·'"audit"·in·ansible_facts.packages'
5152 ······tags:5152 ······tags:
5153 ······-·CCE-82201-55153 ······-·CCE-82201-5
5154 ······-·DISA-STIG-RHEL-08-0300635154 ······-·DISA-STIG-RHEL-08-030063
5155 ······-·NIST-800-53-AU-35155 ······-·NIST-800-53-AU-3
5156 ······-·NIST-800-53-CM-65156 ······-·NIST-800-53-CM-6
5157 ······-·auditd_log_format5157 ······-·auditd_log_format
5158 ······-·low_complexity5158 ······-·low_complexity
Offset 5202, 16 lines modifiedOffset 5202, 16 lines modified
5202 ········lineinfile:5202 ········lineinfile:
5203 ··········path:·/etc/audit/auditd.conf5203 ··········path:·/etc/audit/auditd.conf
5204 ··········create:·true5204 ··········create:·true
5205 ··········regexp:·(?i)^\s*name_format\s*=\s*5205 ··········regexp:·(?i)^\s*name_format\s*=\s*
5206 ··········line:·name_format·=·hostname5206 ··········line:·name_format·=·hostname
5207 ··········state:·present5207 ··········state:·present
5208 ······when:5208 ······when:
5209 ······-·'"audit"·in·ansible_facts.packages' 
5210 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5209 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5210 ······-·'"audit"·in·ansible_facts.packages'
5211 ······tags:5211 ······tags:
5212 ······-·CCE-82897-05212 ······-·CCE-82897-0
5213 ······-·DISA-STIG-RHEL-08-0300625213 ······-·DISA-STIG-RHEL-08-030062
5214 ······-·NIST-800-53-AU-35214 ······-·NIST-800-53-AU-3
5215 ······-·NIST-800-53-CM-65215 ······-·NIST-800-53-CM-6
5216 ······-·auditd_name_format5216 ······-·auditd_name_format
5217 ······-·low_complexity5217 ······-·low_complexity
Offset 5259, 16 lines modifiedOffset 5259, 16 lines modified
5259 ········lineinfile:5259 ········lineinfile:
5260 ··········path:·/etc/audit/auditd.conf5260 ··········path:·/etc/audit/auditd.conf
5261 ··········create:·true5261 ··········create:·true
5262 ··········regexp:·(?i)^\s*write_logs\s*=\s*5262 ··········regexp:·(?i)^\s*write_logs\s*=\s*
5263 ··········line:·write_logs·=·yes5263 ··········line:·write_logs·=·yes
5264 ··········state:·present5264 ··········state:·present
5265 ······when:5265 ······when:
5266 ······-·'"audit"·in·ansible_facts.packages' 
5267 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5266 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5267 ······-·'"audit"·in·ansible_facts.packages'
5268 ······tags:5268 ······tags:
5269 ······-·CCE-82366-65269 ······-·CCE-82366-6
5270 ······-·NIST-800-53-CM-65270 ······-·NIST-800-53-CM-6
5271 ······-·auditd_write_logs5271 ······-·auditd_write_logs
5272 ······-·low_complexity5272 ······-·low_complexity
5273 ······-·low_disruption5273 ······-·low_disruption
5274 ······-·medium_severity5274 ······-·medium_severity
68.8 KB
./usr/share/scap-security-guide/ansible/rhel8-playbook-e8.yml
Ordering differences only
    
Offset 1201, 16 lines modifiedOffset 1201, 16 lines modified
1201 ······-·no_reboot_needed1201 ······-·no_reboot_needed
1202 ······-·restrict_strategy1202 ······-·restrict_strategy
  
1203 ····-·name:·Set·architecture·for·audit·tasks1203 ····-·name:·Set·architecture·for·audit·tasks
1204 ······set_fact:1204 ······set_fact:
1205 ········audit_arch:·b641205 ········audit_arch:·b64
1206 ······when:1206 ······when:
1207 ······-·'"audit"·in·ansible_facts.packages' 
1208 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1207 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1208 ······-·'"audit"·in·ansible_facts.packages'
1209 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture1209 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
1210 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"1210 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
1211 ······tags:1211 ······tags:
1212 ······-·CCE-80723-01212 ······-·CCE-80723-0
1213 ······-·CJIS-5.4.1.11213 ······-·CJIS-5.4.1.1
1214 ······-·NIST-800-171-3.1.71214 ······-·NIST-800-171-3.1.7
1215 ······-·NIST-800-53-AC-6(9)1215 ······-·NIST-800-53-AC-6(9)
Offset 1344, 16 lines modifiedOffset 1344, 16 lines modified
1344 ··········path:·'{{·audit_file·}}'1344 ··········path:·'{{·audit_file·}}'
1345 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_rules_networkconfig_modification1345 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_rules_networkconfig_modification
1346 ··········create:·true1346 ··········create:·true
1347 ··········mode:·o-rwx1347 ··········mode:·o-rwx
1348 ··········state:·present1348 ··········state:·present
1349 ········when:·syscalls_found·|·length·==·01349 ········when:·syscalls_found·|·length·==·0
1350 ······when:1350 ······when:
1351 ······-·'"audit"·in·ansible_facts.packages' 
1352 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1351 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1352 ······-·'"audit"·in·ansible_facts.packages'
1353 ······tags:1353 ······tags:
1354 ······-·CCE-80723-01354 ······-·CCE-80723-0
1355 ······-·CJIS-5.4.1.11355 ······-·CJIS-5.4.1.1
1356 ······-·NIST-800-171-3.1.71356 ······-·NIST-800-171-3.1.7
1357 ······-·NIST-800-53-AC-6(9)1357 ······-·NIST-800-53-AC-6(9)
1358 ······-·NIST-800-53-AU-12(c)1358 ······-·NIST-800-53-AU-12(c)
1359 ······-·NIST-800-53-AU-2(d)1359 ······-·NIST-800-53-AU-2(d)
Offset 1485, 16 lines modifiedOffset 1485, 16 lines modified
1485 ··········path:·'{{·audit_file·}}'1485 ··········path:·'{{·audit_file·}}'
1486 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_rules_networkconfig_modification1486 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_rules_networkconfig_modification
1487 ··········create:·true1487 ··········create:·true
1488 ··········mode:·o-rwx1488 ··········mode:·o-rwx
1489 ··········state:·present1489 ··········state:·present
1490 ········when:·syscalls_found·|·length·==·01490 ········when:·syscalls_found·|·length·==·0
1491 ······when:1491 ······when:
1492 ······-·'"audit"·in·ansible_facts.packages' 
1493 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1492 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1493 ······-·'"audit"·in·ansible_facts.packages'
1494 ······-·audit_arch·==·"b64"1494 ······-·audit_arch·==·"b64"
1495 ······tags:1495 ······tags:
1496 ······-·CCE-80723-01496 ······-·CCE-80723-0
1497 ······-·CJIS-5.4.1.11497 ······-·CJIS-5.4.1.1
1498 ······-·NIST-800-171-3.1.71498 ······-·NIST-800-171-3.1.7
1499 ······-·NIST-800-53-AC-6(9)1499 ······-·NIST-800-53-AC-6(9)
1500 ······-·NIST-800-53-AU-12(c)1500 ······-·NIST-800-53-AU-12(c)
Offset 1511, 16 lines modifiedOffset 1511, 16 lines modified
1511 ····-·name:·Check·if·watch·rule·for·/etc/issue·already·exists·in·/etc/audit/rules.d/1511 ····-·name:·Check·if·watch·rule·for·/etc/issue·already·exists·in·/etc/audit/rules.d/
1512 ······find:1512 ······find:
1513 ········paths:·/etc/audit/rules.d1513 ········paths:·/etc/audit/rules.d
1514 ········contains:·^\s*-w\s+/etc/issue\s+-p\s+wa(\s|$)+1514 ········contains:·^\s*-w\s+/etc/issue\s+-p\s+wa(\s|$)+
1515 ········patterns:·'*.rules'1515 ········patterns:·'*.rules'
1516 ······register:·find_existing_watch_rules_d1516 ······register:·find_existing_watch_rules_d
1517 ······when:1517 ······when:
1518 ······-·'"audit"·in·ansible_facts.packages' 
1519 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1518 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1519 ······-·'"audit"·in·ansible_facts.packages'
1520 ······tags:1520 ······tags:
1521 ······-·CCE-80723-01521 ······-·CCE-80723-0
1522 ······-·CJIS-5.4.1.11522 ······-·CJIS-5.4.1.1
1523 ······-·NIST-800-171-3.1.71523 ······-·NIST-800-171-3.1.7
1524 ······-·NIST-800-53-AC-6(9)1524 ······-·NIST-800-53-AC-6(9)
1525 ······-·NIST-800-53-AU-12(c)1525 ······-·NIST-800-53-AU-12(c)
1526 ······-·NIST-800-53-AU-2(d)1526 ······-·NIST-800-53-AU-2(d)
Offset 1536, 16 lines modifiedOffset 1536, 16 lines modified
1536 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·audit_rules_networkconfig_modification1536 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·audit_rules_networkconfig_modification
1537 ······find:1537 ······find:
1538 ········paths:·/etc/audit/rules.d1538 ········paths:·/etc/audit/rules.d
1539 ········contains:·^.*(?:-F·key=|-k\s+)audit_rules_networkconfig_modification$1539 ········contains:·^.*(?:-F·key=|-k\s+)audit_rules_networkconfig_modification$
1540 ········patterns:·'*.rules'1540 ········patterns:·'*.rules'
1541 ······register:·find_watch_key1541 ······register:·find_watch_key
1542 ······when:1542 ······when:
1543 ······-·'"audit"·in·ansible_facts.packages' 
1544 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1543 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1544 ······-·'"audit"·in·ansible_facts.packages'
1545 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched1545 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
1546 ········==·01546 ········==·0
1547 ······tags:1547 ······tags:
1548 ······-·CCE-80723-01548 ······-·CCE-80723-0
1549 ······-·CJIS-5.4.1.11549 ······-·CJIS-5.4.1.1
1550 ······-·NIST-800-171-3.1.71550 ······-·NIST-800-171-3.1.7
1551 ······-·NIST-800-53-AC-6(9)1551 ······-·NIST-800-53-AC-6(9)
Offset 1562, 16 lines modifiedOffset 1562, 16 lines modified
  
1562 ····-·name:·Use·/etc/audit/rules.d/audit_rules_networkconfig_modification.rules·as·the1562 ····-·name:·Use·/etc/audit/rules.d/audit_rules_networkconfig_modification.rules·as·the
1563 ········recipient·for·the·rule1563 ········recipient·for·the·rule
1564 ······set_fact:1564 ······set_fact:
1565 ········all_files:1565 ········all_files:
1566 ········-·/etc/audit/rules.d/audit_rules_networkconfig_modification.rules1566 ········-·/etc/audit/rules.d/audit_rules_networkconfig_modification.rules
1567 ······when:1567 ······when:
1568 ······-·'"audit"·in·ansible_facts.packages' 
1569 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1568 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1569 ······-·'"audit"·in·ansible_facts.packages'
1570 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched1570 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
1571 ········is·defined·and·find_existing_watch_rules_d.matched·==·01571 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1572 ······tags:1572 ······tags:
1573 ······-·CCE-80723-01573 ······-·CCE-80723-0
1574 ······-·CJIS-5.4.1.11574 ······-·CJIS-5.4.1.1
1575 ······-·NIST-800-171-3.1.71575 ······-·NIST-800-171-3.1.7
1576 ······-·NIST-800-53-AC-6(9)1576 ······-·NIST-800-53-AC-6(9)
Offset 1587, 16 lines modifiedOffset 1587, 16 lines modified
1587 ······-·restrict_strategy1587 ······-·restrict_strategy
  
1588 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule1588 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
1589 ······set_fact:1589 ······set_fact:
1590 ········all_files:1590 ········all_files:
1591 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'1591 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
1592 ······when:1592 ······when:
1593 ······-·'"audit"·in·ansible_facts.packages' 
1594 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1593 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1594 ······-·'"audit"·in·ansible_facts.packages'
1595 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched1595 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
1596 ········is·defined·and·find_existing_watch_rules_d.matched·==·01596 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1597 ······tags:1597 ······tags:
1598 ······-·CCE-80723-01598 ······-·CCE-80723-0
1599 ······-·CJIS-5.4.1.11599 ······-·CJIS-5.4.1.1
1600 ······-·NIST-800-171-3.1.71600 ······-·NIST-800-171-3.1.7
1601 ······-·NIST-800-53-AC-6(9)1601 ······-·NIST-800-53-AC-6(9)
Offset 1614, 16 lines modifiedOffset 1614, 16 lines modified
1614 ····-·name:·Add·watch·rule·for·/etc/issue·in·/etc/audit/rules.d/1614 ····-·name:·Add·watch·rule·for·/etc/issue·in·/etc/audit/rules.d/
Max diff block lines reached; 65360/70350 bytes (92.91%) of diff not shown.
179 KB
./usr/share/scap-security-guide/ansible/rhel8-playbook-hipaa.yml
Ordering differences only
    
Offset 1416, 16 lines modifiedOffset 1416, 16 lines modified
  
1416 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension1416 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
1417 ······find:1417 ······find:
1418 ········paths:·/etc/audit/rules.d/1418 ········paths:·/etc/audit/rules.d/
1419 ········patterns:·'*.rules'1419 ········patterns:·'*.rules'
1420 ······register:·find_rules_d1420 ······register:·find_rules_d
1421 ······when:1421 ······when:
1422 ······-·'"audit"·in·ansible_facts.packages' 
1423 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1422 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1423 ······-·'"audit"·in·ansible_facts.packages'
1424 ······tags:1424 ······tags:
1425 ······-·CCE-80708-11425 ······-·CCE-80708-1
1426 ······-·CJIS-5.4.1.11426 ······-·CJIS-5.4.1.1
1427 ······-·DISA-STIG-RHEL-08-0301211427 ······-·DISA-STIG-RHEL-08-030121
1428 ······-·NIST-800-171-3.3.11428 ······-·NIST-800-171-3.3.1
1429 ······-·NIST-800-171-3.4.31429 ······-·NIST-800-171-3.4.3
1430 ······-·NIST-800-53-AC-6(9)1430 ······-·NIST-800-53-AC-6(9)
Offset 1442, 16 lines modifiedOffset 1442, 16 lines modified
1442 ······lineinfile:1442 ······lineinfile:
1443 ········path:·'{{·item·}}'1443 ········path:·'{{·item·}}'
1444 ········regexp:·^\s*(?:-e)\s+.*$1444 ········regexp:·^\s*(?:-e)\s+.*$
1445 ········state:·absent1445 ········state:·absent
1446 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']1446 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
1447 ········}}'1447 ········}}'
1448 ······when:1448 ······when:
1449 ······-·'"audit"·in·ansible_facts.packages' 
1450 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1449 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1450 ······-·'"audit"·in·ansible_facts.packages'
1451 ······tags:1451 ······tags:
1452 ······-·CCE-80708-11452 ······-·CCE-80708-1
1453 ······-·CJIS-5.4.1.11453 ······-·CJIS-5.4.1.1
1454 ······-·DISA-STIG-RHEL-08-0301211454 ······-·DISA-STIG-RHEL-08-030121
1455 ······-·NIST-800-171-3.3.11455 ······-·NIST-800-171-3.3.1
1456 ······-·NIST-800-171-3.4.31456 ······-·NIST-800-171-3.4.3
1457 ······-·NIST-800-53-AC-6(9)1457 ······-·NIST-800-53-AC-6(9)
Offset 1470, 16 lines modifiedOffset 1470, 16 lines modified
1470 ········create:·true1470 ········create:·true
1471 ········line:·-e·21471 ········line:·-e·2
1472 ········mode:·o-rwx1472 ········mode:·o-rwx
1473 ······loop:1473 ······loop:
1474 ······-·/etc/audit/audit.rules1474 ······-·/etc/audit/audit.rules
1475 ······-·/etc/audit/rules.d/immutable.rules1475 ······-·/etc/audit/rules.d/immutable.rules
1476 ······when:1476 ······when:
1477 ······-·'"audit"·in·ansible_facts.packages' 
1478 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1477 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1478 ······-·'"audit"·in·ansible_facts.packages'
1479 ······tags:1479 ······tags:
1480 ······-·CCE-80708-11480 ······-·CCE-80708-1
1481 ······-·CJIS-5.4.1.11481 ······-·CJIS-5.4.1.1
1482 ······-·DISA-STIG-RHEL-08-0301211482 ······-·DISA-STIG-RHEL-08-030121
1483 ······-·NIST-800-171-3.3.11483 ······-·NIST-800-171-3.3.1
1484 ······-·NIST-800-171-3.4.31484 ······-·NIST-800-171-3.4.3
1485 ······-·NIST-800-53-AC-6(9)1485 ······-·NIST-800-53-AC-6(9)
Offset 1514, 16 lines modifiedOffset 1514, 16 lines modified
1514 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/1514 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
1515 ······find:1515 ······find:
1516 ········paths:·/etc/audit/rules.d1516 ········paths:·/etc/audit/rules.d
1517 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+1517 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
1518 ········patterns:·'*.rules'1518 ········patterns:·'*.rules'
1519 ······register:·find_existing_watch_rules_d1519 ······register:·find_existing_watch_rules_d
1520 ······when:1520 ······when:
1521 ······-·'"audit"·in·ansible_facts.packages' 
1522 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1521 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1522 ······-·'"audit"·in·ansible_facts.packages'
1523 ······tags:1523 ······tags:
1524 ······-·CCE-80721-41524 ······-·CCE-80721-4
1525 ······-·CJIS-5.4.1.11525 ······-·CJIS-5.4.1.1
1526 ······-·NIST-800-171-3.1.81526 ······-·NIST-800-171-3.1.8
1527 ······-·NIST-800-53-AU-12(c)1527 ······-·NIST-800-53-AU-12(c)
1528 ······-·NIST-800-53-AU-2(d)1528 ······-·NIST-800-53-AU-2(d)
1529 ······-·NIST-800-53-CM-6(a)1529 ······-·NIST-800-53-CM-6(a)
Offset 1538, 16 lines modifiedOffset 1538, 16 lines modified
1538 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy1538 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
1539 ······find:1539 ······find:
1540 ········paths:·/etc/audit/rules.d1540 ········paths:·/etc/audit/rules.d
1541 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$1541 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
1542 ········patterns:·'*.rules'1542 ········patterns:·'*.rules'
1543 ······register:·find_watch_key1543 ······register:·find_watch_key
1544 ······when:1544 ······when:
1545 ······-·'"audit"·in·ansible_facts.packages' 
1546 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1545 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1546 ······-·'"audit"·in·ansible_facts.packages'
1547 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched1547 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
1548 ········==·01548 ········==·0
1549 ······tags:1549 ······tags:
1550 ······-·CCE-80721-41550 ······-·CCE-80721-4
1551 ······-·CJIS-5.4.1.11551 ······-·CJIS-5.4.1.1
1552 ······-·NIST-800-171-3.1.81552 ······-·NIST-800-171-3.1.8
1553 ······-·NIST-800-53-AU-12(c)1553 ······-·NIST-800-53-AU-12(c)
Offset 1562, 16 lines modifiedOffset 1562, 16 lines modified
1562 ······-·restrict_strategy1562 ······-·restrict_strategy
  
1563 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule1563 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
1564 ······set_fact:1564 ······set_fact:
1565 ········all_files:1565 ········all_files:
1566 ········-·/etc/audit/rules.d/MAC-policy.rules1566 ········-·/etc/audit/rules.d/MAC-policy.rules
1567 ······when:1567 ······when:
1568 ······-·'"audit"·in·ansible_facts.packages' 
1569 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1568 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1569 ······-·'"audit"·in·ansible_facts.packages'
1570 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched1570 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
1571 ········is·defined·and·find_existing_watch_rules_d.matched·==·01571 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1572 ······tags:1572 ······tags:
1573 ······-·CCE-80721-41573 ······-·CCE-80721-4
1574 ······-·CJIS-5.4.1.11574 ······-·CJIS-5.4.1.1
1575 ······-·NIST-800-171-3.1.81575 ······-·NIST-800-171-3.1.8
1576 ······-·NIST-800-53-AU-12(c)1576 ······-·NIST-800-53-AU-12(c)
Offset 1586, 16 lines modifiedOffset 1586, 16 lines modified
1586 ······-·restrict_strategy1586 ······-·restrict_strategy
  
1587 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule1587 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
1588 ······set_fact:1588 ······set_fact:
1589 ········all_files:1589 ········all_files:
1590 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'1590 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
1591 ······when:1591 ······when:
1592 ······-·'"audit"·in·ansible_facts.packages' 
1593 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1592 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1593 ······-·'"audit"·in·ansible_facts.packages'
1594 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched1594 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
1595 ········is·defined·and·find_existing_watch_rules_d.matched·==·01595 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1596 ······tags:1596 ······tags:
1597 ······-·CCE-80721-41597 ······-·CCE-80721-4
1598 ······-·CJIS-5.4.1.11598 ······-·CJIS-5.4.1.1
1599 ······-·NIST-800-171-3.1.81599 ······-·NIST-800-171-3.1.8
1600 ······-·NIST-800-53-AU-12(c)1600 ······-·NIST-800-53-AU-12(c)
Offset 1612, 16 lines modifiedOffset 1612, 16 lines modified
1612 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/1612 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
Max diff block lines reached; 178430/183078 bytes (97.46%) of diff not shown.
85.7 KB
./usr/share/scap-security-guide/ansible/rhel8-playbook-ism_o.yml
Ordering differences only
    
Offset 4745, 16 lines modifiedOffset 4745, 16 lines modified
4745 ······-·no_reboot_needed4745 ······-·no_reboot_needed
4746 ······-·restrict_strategy4746 ······-·restrict_strategy
  
4747 ····-·name:·Set·architecture·for·audit·tasks4747 ····-·name:·Set·architecture·for·audit·tasks
4748 ······set_fact:4748 ······set_fact:
4749 ········audit_arch:·b644749 ········audit_arch:·b64
4750 ······when:4750 ······when:
4751 ······-·'"audit"·in·ansible_facts.packages' 
4752 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4751 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4752 ······-·'"audit"·in·ansible_facts.packages'
4753 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture4753 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
4754 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"4754 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
4755 ······tags:4755 ······tags:
4756 ······-·CCE-80723-04756 ······-·CCE-80723-0
4757 ······-·CJIS-5.4.1.14757 ······-·CJIS-5.4.1.1
4758 ······-·NIST-800-171-3.1.74758 ······-·NIST-800-171-3.1.7
4759 ······-·NIST-800-53-AC-6(9)4759 ······-·NIST-800-53-AC-6(9)
Offset 4888, 16 lines modifiedOffset 4888, 16 lines modified
4888 ··········path:·'{{·audit_file·}}'4888 ··········path:·'{{·audit_file·}}'
4889 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_rules_networkconfig_modification4889 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_rules_networkconfig_modification
4890 ··········create:·true4890 ··········create:·true
4891 ··········mode:·o-rwx4891 ··········mode:·o-rwx
4892 ··········state:·present4892 ··········state:·present
4893 ········when:·syscalls_found·|·length·==·04893 ········when:·syscalls_found·|·length·==·0
4894 ······when:4894 ······when:
4895 ······-·'"audit"·in·ansible_facts.packages' 
4896 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4895 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4896 ······-·'"audit"·in·ansible_facts.packages'
4897 ······tags:4897 ······tags:
4898 ······-·CCE-80723-04898 ······-·CCE-80723-0
4899 ······-·CJIS-5.4.1.14899 ······-·CJIS-5.4.1.1
4900 ······-·NIST-800-171-3.1.74900 ······-·NIST-800-171-3.1.7
4901 ······-·NIST-800-53-AC-6(9)4901 ······-·NIST-800-53-AC-6(9)
4902 ······-·NIST-800-53-AU-12(c)4902 ······-·NIST-800-53-AU-12(c)
4903 ······-·NIST-800-53-AU-2(d)4903 ······-·NIST-800-53-AU-2(d)
Offset 5029, 16 lines modifiedOffset 5029, 16 lines modified
5029 ··········path:·'{{·audit_file·}}'5029 ··········path:·'{{·audit_file·}}'
5030 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_rules_networkconfig_modification5030 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_rules_networkconfig_modification
5031 ··········create:·true5031 ··········create:·true
5032 ··········mode:·o-rwx5032 ··········mode:·o-rwx
5033 ··········state:·present5033 ··········state:·present
5034 ········when:·syscalls_found·|·length·==·05034 ········when:·syscalls_found·|·length·==·0
5035 ······when:5035 ······when:
5036 ······-·'"audit"·in·ansible_facts.packages' 
5037 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5036 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5037 ······-·'"audit"·in·ansible_facts.packages'
5038 ······-·audit_arch·==·"b64"5038 ······-·audit_arch·==·"b64"
5039 ······tags:5039 ······tags:
5040 ······-·CCE-80723-05040 ······-·CCE-80723-0
5041 ······-·CJIS-5.4.1.15041 ······-·CJIS-5.4.1.1
5042 ······-·NIST-800-171-3.1.75042 ······-·NIST-800-171-3.1.7
5043 ······-·NIST-800-53-AC-6(9)5043 ······-·NIST-800-53-AC-6(9)
5044 ······-·NIST-800-53-AU-12(c)5044 ······-·NIST-800-53-AU-12(c)
Offset 5055, 16 lines modifiedOffset 5055, 16 lines modified
5055 ····-·name:·Check·if·watch·rule·for·/etc/issue·already·exists·in·/etc/audit/rules.d/5055 ····-·name:·Check·if·watch·rule·for·/etc/issue·already·exists·in·/etc/audit/rules.d/
5056 ······find:5056 ······find:
5057 ········paths:·/etc/audit/rules.d5057 ········paths:·/etc/audit/rules.d
5058 ········contains:·^\s*-w\s+/etc/issue\s+-p\s+wa(\s|$)+5058 ········contains:·^\s*-w\s+/etc/issue\s+-p\s+wa(\s|$)+
5059 ········patterns:·'*.rules'5059 ········patterns:·'*.rules'
5060 ······register:·find_existing_watch_rules_d5060 ······register:·find_existing_watch_rules_d
5061 ······when:5061 ······when:
5062 ······-·'"audit"·in·ansible_facts.packages' 
5063 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5062 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5063 ······-·'"audit"·in·ansible_facts.packages'
5064 ······tags:5064 ······tags:
5065 ······-·CCE-80723-05065 ······-·CCE-80723-0
5066 ······-·CJIS-5.4.1.15066 ······-·CJIS-5.4.1.1
5067 ······-·NIST-800-171-3.1.75067 ······-·NIST-800-171-3.1.7
5068 ······-·NIST-800-53-AC-6(9)5068 ······-·NIST-800-53-AC-6(9)
5069 ······-·NIST-800-53-AU-12(c)5069 ······-·NIST-800-53-AU-12(c)
5070 ······-·NIST-800-53-AU-2(d)5070 ······-·NIST-800-53-AU-2(d)
Offset 5080, 16 lines modifiedOffset 5080, 16 lines modified
5080 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·audit_rules_networkconfig_modification5080 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·audit_rules_networkconfig_modification
5081 ······find:5081 ······find:
5082 ········paths:·/etc/audit/rules.d5082 ········paths:·/etc/audit/rules.d
5083 ········contains:·^.*(?:-F·key=|-k\s+)audit_rules_networkconfig_modification$5083 ········contains:·^.*(?:-F·key=|-k\s+)audit_rules_networkconfig_modification$
5084 ········patterns:·'*.rules'5084 ········patterns:·'*.rules'
5085 ······register:·find_watch_key5085 ······register:·find_watch_key
5086 ······when:5086 ······when:
5087 ······-·'"audit"·in·ansible_facts.packages' 
5088 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5087 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5088 ······-·'"audit"·in·ansible_facts.packages'
5089 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched5089 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
5090 ········==·05090 ········==·0
5091 ······tags:5091 ······tags:
5092 ······-·CCE-80723-05092 ······-·CCE-80723-0
5093 ······-·CJIS-5.4.1.15093 ······-·CJIS-5.4.1.1
5094 ······-·NIST-800-171-3.1.75094 ······-·NIST-800-171-3.1.7
5095 ······-·NIST-800-53-AC-6(9)5095 ······-·NIST-800-53-AC-6(9)
Offset 5106, 16 lines modifiedOffset 5106, 16 lines modified
  
5106 ····-·name:·Use·/etc/audit/rules.d/audit_rules_networkconfig_modification.rules·as·the5106 ····-·name:·Use·/etc/audit/rules.d/audit_rules_networkconfig_modification.rules·as·the
5107 ········recipient·for·the·rule5107 ········recipient·for·the·rule
5108 ······set_fact:5108 ······set_fact:
5109 ········all_files:5109 ········all_files:
5110 ········-·/etc/audit/rules.d/audit_rules_networkconfig_modification.rules5110 ········-·/etc/audit/rules.d/audit_rules_networkconfig_modification.rules
5111 ······when:5111 ······when:
5112 ······-·'"audit"·in·ansible_facts.packages' 
5113 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5112 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5113 ······-·'"audit"·in·ansible_facts.packages'
5114 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched5114 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
5115 ········is·defined·and·find_existing_watch_rules_d.matched·==·05115 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
5116 ······tags:5116 ······tags:
5117 ······-·CCE-80723-05117 ······-·CCE-80723-0
5118 ······-·CJIS-5.4.1.15118 ······-·CJIS-5.4.1.1
5119 ······-·NIST-800-171-3.1.75119 ······-·NIST-800-171-3.1.7
5120 ······-·NIST-800-53-AC-6(9)5120 ······-·NIST-800-53-AC-6(9)
Offset 5131, 16 lines modifiedOffset 5131, 16 lines modified
5131 ······-·restrict_strategy5131 ······-·restrict_strategy
  
5132 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule5132 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
5133 ······set_fact:5133 ······set_fact:
5134 ········all_files:5134 ········all_files:
5135 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'5135 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
5136 ······when:5136 ······when:
5137 ······-·'"audit"·in·ansible_facts.packages' 
5138 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5137 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5138 ······-·'"audit"·in·ansible_facts.packages'
5139 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched5139 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
5140 ········is·defined·and·find_existing_watch_rules_d.matched·==·05140 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
5141 ······tags:5141 ······tags:
5142 ······-·CCE-80723-05142 ······-·CCE-80723-0
5143 ······-·CJIS-5.4.1.15143 ······-·CJIS-5.4.1.1
5144 ······-·NIST-800-171-3.1.75144 ······-·NIST-800-171-3.1.7
5145 ······-·NIST-800-53-AC-6(9)5145 ······-·NIST-800-53-AC-6(9)
Offset 5158, 16 lines modifiedOffset 5158, 16 lines modified
5158 ····-·name:·Add·watch·rule·for·/etc/issue·in·/etc/audit/rules.d/5158 ····-·name:·Add·watch·rule·for·/etc/issue·in·/etc/audit/rules.d/
Max diff block lines reached; 82625/87615 bytes (94.30%) of diff not shown.
3.54 KB
./usr/share/scap-security-guide/ansible/rhel8-playbook-ospp.yml
Ordering differences only
    
Offset 4965, 16 lines modifiedOffset 4965, 16 lines modified
4965 ······lineinfile:4965 ······lineinfile:
4966 ········dest:·/etc/audit/auditd.conf4966 ········dest:·/etc/audit/auditd.conf
4967 ········regexp:·^\s*flush\s*=\s*.*$4967 ········regexp:·^\s*flush\s*=\s*.*$
4968 ········line:·flush·=·{{·var_auditd_flush·}}4968 ········line:·flush·=·{{·var_auditd_flush·}}
4969 ········state:·present4969 ········state:·present
4970 ········create:·true4970 ········create:·true
4971 ······when:4971 ······when:
4972 ······-·'"audit"·in·ansible_facts.packages' 
4973 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4972 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4973 ······-·'"audit"·in·ansible_facts.packages'
4974 ······tags:4974 ······tags:
4975 ······-·CCE-80680-24975 ······-·CCE-80680-2
4976 ······-·NIST-800-171-3.3.14976 ······-·NIST-800-171-3.3.1
4977 ······-·NIST-800-53-AU-114977 ······-·NIST-800-53-AU-11
4978 ······-·NIST-800-53-CM-6(a)4978 ······-·NIST-800-53-CM-6(a)
4979 ······-·auditd_data_retention_flush4979 ······-·auditd_data_retention_flush
4980 ······-·low_complexity4980 ······-·low_complexity
Offset 5022, 16 lines modifiedOffset 5022, 16 lines modified
5022 ········lineinfile:5022 ········lineinfile:
5023 ··········path:·/etc/audit/auditd.conf5023 ··········path:·/etc/audit/auditd.conf
5024 ··········create:·true5024 ··········create:·true
5025 ··········regexp:·(?i)^\s*freq\s*=\s*5025 ··········regexp:·(?i)^\s*freq\s*=\s*
5026 ··········line:·freq·=·505026 ··········line:·freq·=·50
5027 ··········state:·present5027 ··········state:·present
5028 ······when:5028 ······when:
5029 ······-·'"audit"·in·ansible_facts.packages' 
5030 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5029 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5030 ······-·'"audit"·in·ansible_facts.packages'
5031 ······tags:5031 ······tags:
5032 ······-·CCE-82258-55032 ······-·CCE-82258-5
5033 ······-·NIST-800-53-CM-65033 ······-·NIST-800-53-CM-6
5034 ······-·auditd_freq5034 ······-·auditd_freq
5035 ······-·low_complexity5035 ······-·low_complexity
5036 ······-·low_disruption5036 ······-·low_disruption
5037 ······-·medium_severity5037 ······-·medium_severity
Offset 5078, 16 lines modifiedOffset 5078, 16 lines modified
5078 ········lineinfile:5078 ········lineinfile:
5079 ··········path:·/etc/audit/auditd.conf5079 ··········path:·/etc/audit/auditd.conf
5080 ··········create:·true5080 ··········create:·true
5081 ··········regexp:·(?i)^\s*local_events\s*=\s*5081 ··········regexp:·(?i)^\s*local_events\s*=\s*
5082 ··········line:·local_events·=·yes5082 ··········line:·local_events·=·yes
5083 ··········state:·present5083 ··········state:·present
5084 ······when:5084 ······when:
5085 ······-·'"audit"·in·ansible_facts.packages' 
5086 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5085 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5086 ······-·'"audit"·in·ansible_facts.packages'
5087 ······tags:5087 ······tags:
5088 ······-·CCE-82233-85088 ······-·CCE-82233-8
5089 ······-·DISA-STIG-RHEL-08-0300615089 ······-·DISA-STIG-RHEL-08-030061
5090 ······-·NIST-800-53-CM-65090 ······-·NIST-800-53-CM-6
5091 ······-·auditd_local_events5091 ······-·auditd_local_events
5092 ······-·low_complexity5092 ······-·low_complexity
5093 ······-·low_disruption5093 ······-·low_disruption
Offset 5136, 16 lines modifiedOffset 5136, 16 lines modified
5136 ········lineinfile:5136 ········lineinfile:
5137 ··········path:·/etc/audit/auditd.conf5137 ··········path:·/etc/audit/auditd.conf
5138 ··········create:·true5138 ··········create:·true
5139 ··········regexp:·(?i)^\s*log_format\s*=\s*5139 ··········regexp:·(?i)^\s*log_format\s*=\s*
5140 ··········line:·log_format·=·ENRICHED5140 ··········line:·log_format·=·ENRICHED
5141 ··········state:·present5141 ··········state:·present
5142 ······when:5142 ······when:
5143 ······-·'"audit"·in·ansible_facts.packages' 
5144 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5143 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5144 ······-·'"audit"·in·ansible_facts.packages'
5145 ······tags:5145 ······tags:
5146 ······-·CCE-82201-55146 ······-·CCE-82201-5
5147 ······-·DISA-STIG-RHEL-08-0300635147 ······-·DISA-STIG-RHEL-08-030063
5148 ······-·NIST-800-53-AU-35148 ······-·NIST-800-53-AU-3
5149 ······-·NIST-800-53-CM-65149 ······-·NIST-800-53-CM-6
5150 ······-·auditd_log_format5150 ······-·auditd_log_format
5151 ······-·low_complexity5151 ······-·low_complexity
Offset 5195, 16 lines modifiedOffset 5195, 16 lines modified
5195 ········lineinfile:5195 ········lineinfile:
5196 ··········path:·/etc/audit/auditd.conf5196 ··········path:·/etc/audit/auditd.conf
5197 ··········create:·true5197 ··········create:·true
5198 ··········regexp:·(?i)^\s*name_format\s*=\s*5198 ··········regexp:·(?i)^\s*name_format\s*=\s*
5199 ··········line:·name_format·=·hostname5199 ··········line:·name_format·=·hostname
5200 ··········state:·present5200 ··········state:·present
5201 ······when:5201 ······when:
5202 ······-·'"audit"·in·ansible_facts.packages' 
5203 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5202 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5203 ······-·'"audit"·in·ansible_facts.packages'
5204 ······tags:5204 ······tags:
5205 ······-·CCE-82897-05205 ······-·CCE-82897-0
5206 ······-·DISA-STIG-RHEL-08-0300625206 ······-·DISA-STIG-RHEL-08-030062
5207 ······-·NIST-800-53-AU-35207 ······-·NIST-800-53-AU-3
5208 ······-·NIST-800-53-CM-65208 ······-·NIST-800-53-CM-6
5209 ······-·auditd_name_format5209 ······-·auditd_name_format
5210 ······-·low_complexity5210 ······-·low_complexity
Offset 5252, 16 lines modifiedOffset 5252, 16 lines modified
5252 ········lineinfile:5252 ········lineinfile:
5253 ··········path:·/etc/audit/auditd.conf5253 ··········path:·/etc/audit/auditd.conf
5254 ··········create:·true5254 ··········create:·true
5255 ··········regexp:·(?i)^\s*write_logs\s*=\s*5255 ··········regexp:·(?i)^\s*write_logs\s*=\s*
5256 ··········line:·write_logs·=·yes5256 ··········line:·write_logs·=·yes
5257 ··········state:·present5257 ··········state:·present
5258 ······when:5258 ······when:
5259 ······-·'"audit"·in·ansible_facts.packages' 
5260 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5259 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5260 ······-·'"audit"·in·ansible_facts.packages'
5261 ······tags:5261 ······tags:
5262 ······-·CCE-82366-65262 ······-·CCE-82366-6
5263 ······-·NIST-800-53-CM-65263 ······-·NIST-800-53-CM-6
5264 ······-·auditd_write_logs5264 ······-·auditd_write_logs
5265 ······-·low_complexity5265 ······-·low_complexity
5266 ······-·low_disruption5266 ······-·low_disruption
5267 ······-·medium_severity5267 ······-·medium_severity
158 KB
./usr/share/scap-security-guide/ansible/rhel8-playbook-pci-dss.yml
Ordering differences only
    
Offset 5290, 16 lines modifiedOffset 5290, 16 lines modified
  
5290 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension5290 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
5291 ······find:5291 ······find:
5292 ········paths:·/etc/audit/rules.d/5292 ········paths:·/etc/audit/rules.d/
5293 ········patterns:·'*.rules'5293 ········patterns:·'*.rules'
5294 ······register:·find_rules_d5294 ······register:·find_rules_d
5295 ······when:5295 ······when:
5296 ······-·'"audit"·in·ansible_facts.packages' 
5297 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5296 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5297 ······-·'"audit"·in·ansible_facts.packages'
5298 ······tags:5298 ······tags:
5299 ······-·CCE-80708-15299 ······-·CCE-80708-1
5300 ······-·CJIS-5.4.1.15300 ······-·CJIS-5.4.1.1
5301 ······-·DISA-STIG-RHEL-08-0301215301 ······-·DISA-STIG-RHEL-08-030121
5302 ······-·NIST-800-171-3.3.15302 ······-·NIST-800-171-3.3.1
5303 ······-·NIST-800-171-3.4.35303 ······-·NIST-800-171-3.4.3
5304 ······-·NIST-800-53-AC-6(9)5304 ······-·NIST-800-53-AC-6(9)
Offset 5316, 16 lines modifiedOffset 5316, 16 lines modified
5316 ······lineinfile:5316 ······lineinfile:
5317 ········path:·'{{·item·}}'5317 ········path:·'{{·item·}}'
5318 ········regexp:·^\s*(?:-e)\s+.*$5318 ········regexp:·^\s*(?:-e)\s+.*$
5319 ········state:·absent5319 ········state:·absent
5320 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']5320 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
5321 ········}}'5321 ········}}'
5322 ······when:5322 ······when:
5323 ······-·'"audit"·in·ansible_facts.packages' 
5324 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5323 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5324 ······-·'"audit"·in·ansible_facts.packages'
5325 ······tags:5325 ······tags:
5326 ······-·CCE-80708-15326 ······-·CCE-80708-1
5327 ······-·CJIS-5.4.1.15327 ······-·CJIS-5.4.1.1
5328 ······-·DISA-STIG-RHEL-08-0301215328 ······-·DISA-STIG-RHEL-08-030121
5329 ······-·NIST-800-171-3.3.15329 ······-·NIST-800-171-3.3.1
5330 ······-·NIST-800-171-3.4.35330 ······-·NIST-800-171-3.4.3
5331 ······-·NIST-800-53-AC-6(9)5331 ······-·NIST-800-53-AC-6(9)
Offset 5344, 16 lines modifiedOffset 5344, 16 lines modified
5344 ········create:·true5344 ········create:·true
5345 ········line:·-e·25345 ········line:·-e·2
5346 ········mode:·o-rwx5346 ········mode:·o-rwx
5347 ······loop:5347 ······loop:
5348 ······-·/etc/audit/audit.rules5348 ······-·/etc/audit/audit.rules
5349 ······-·/etc/audit/rules.d/immutable.rules5349 ······-·/etc/audit/rules.d/immutable.rules
5350 ······when:5350 ······when:
5351 ······-·'"audit"·in·ansible_facts.packages' 
5352 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5351 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5352 ······-·'"audit"·in·ansible_facts.packages'
5353 ······tags:5353 ······tags:
5354 ······-·CCE-80708-15354 ······-·CCE-80708-1
5355 ······-·CJIS-5.4.1.15355 ······-·CJIS-5.4.1.1
5356 ······-·DISA-STIG-RHEL-08-0301215356 ······-·DISA-STIG-RHEL-08-030121
5357 ······-·NIST-800-171-3.3.15357 ······-·NIST-800-171-3.3.1
5358 ······-·NIST-800-171-3.4.35358 ······-·NIST-800-171-3.4.3
5359 ······-·NIST-800-53-AC-6(9)5359 ······-·NIST-800-53-AC-6(9)
Offset 5388, 16 lines modifiedOffset 5388, 16 lines modified
5388 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/5388 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
5389 ······find:5389 ······find:
5390 ········paths:·/etc/audit/rules.d5390 ········paths:·/etc/audit/rules.d
5391 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+5391 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
5392 ········patterns:·'*.rules'5392 ········patterns:·'*.rules'
5393 ······register:·find_existing_watch_rules_d5393 ······register:·find_existing_watch_rules_d
5394 ······when:5394 ······when:
5395 ······-·'"audit"·in·ansible_facts.packages' 
5396 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5395 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5396 ······-·'"audit"·in·ansible_facts.packages'
5397 ······tags:5397 ······tags:
5398 ······-·CCE-80721-45398 ······-·CCE-80721-4
5399 ······-·CJIS-5.4.1.15399 ······-·CJIS-5.4.1.1
5400 ······-·NIST-800-171-3.1.85400 ······-·NIST-800-171-3.1.8
5401 ······-·NIST-800-53-AU-12(c)5401 ······-·NIST-800-53-AU-12(c)
5402 ······-·NIST-800-53-AU-2(d)5402 ······-·NIST-800-53-AU-2(d)
5403 ······-·NIST-800-53-CM-6(a)5403 ······-·NIST-800-53-CM-6(a)
Offset 5412, 16 lines modifiedOffset 5412, 16 lines modified
5412 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy5412 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
5413 ······find:5413 ······find:
5414 ········paths:·/etc/audit/rules.d5414 ········paths:·/etc/audit/rules.d
5415 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$5415 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
5416 ········patterns:·'*.rules'5416 ········patterns:·'*.rules'
5417 ······register:·find_watch_key5417 ······register:·find_watch_key
5418 ······when:5418 ······when:
5419 ······-·'"audit"·in·ansible_facts.packages' 
5420 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5419 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5420 ······-·'"audit"·in·ansible_facts.packages'
5421 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched5421 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
5422 ········==·05422 ········==·0
5423 ······tags:5423 ······tags:
5424 ······-·CCE-80721-45424 ······-·CCE-80721-4
5425 ······-·CJIS-5.4.1.15425 ······-·CJIS-5.4.1.1
5426 ······-·NIST-800-171-3.1.85426 ······-·NIST-800-171-3.1.8
5427 ······-·NIST-800-53-AU-12(c)5427 ······-·NIST-800-53-AU-12(c)
Offset 5436, 16 lines modifiedOffset 5436, 16 lines modified
5436 ······-·restrict_strategy5436 ······-·restrict_strategy
  
5437 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule5437 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
5438 ······set_fact:5438 ······set_fact:
5439 ········all_files:5439 ········all_files:
5440 ········-·/etc/audit/rules.d/MAC-policy.rules5440 ········-·/etc/audit/rules.d/MAC-policy.rules
5441 ······when:5441 ······when:
5442 ······-·'"audit"·in·ansible_facts.packages' 
5443 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5442 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5443 ······-·'"audit"·in·ansible_facts.packages'
5444 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched5444 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
5445 ········is·defined·and·find_existing_watch_rules_d.matched·==·05445 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
5446 ······tags:5446 ······tags:
5447 ······-·CCE-80721-45447 ······-·CCE-80721-4
5448 ······-·CJIS-5.4.1.15448 ······-·CJIS-5.4.1.1
5449 ······-·NIST-800-171-3.1.85449 ······-·NIST-800-171-3.1.8
5450 ······-·NIST-800-53-AU-12(c)5450 ······-·NIST-800-53-AU-12(c)
Offset 5460, 16 lines modifiedOffset 5460, 16 lines modified
5460 ······-·restrict_strategy5460 ······-·restrict_strategy
  
5461 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule5461 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
5462 ······set_fact:5462 ······set_fact:
5463 ········all_files:5463 ········all_files:
5464 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'5464 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
5465 ······when:5465 ······when:
5466 ······-·'"audit"·in·ansible_facts.packages' 
5467 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5466 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5467 ······-·'"audit"·in·ansible_facts.packages'
5468 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched5468 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
5469 ········is·defined·and·find_existing_watch_rules_d.matched·==·05469 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
5470 ······tags:5470 ······tags:
5471 ······-·CCE-80721-45471 ······-·CCE-80721-4
5472 ······-·CJIS-5.4.1.15472 ······-·CJIS-5.4.1.1
5473 ······-·NIST-800-171-3.1.85473 ······-·NIST-800-171-3.1.8
5474 ······-·NIST-800-53-AU-12(c)5474 ······-·NIST-800-53-AU-12(c)
Offset 5486, 16 lines modifiedOffset 5486, 16 lines modified
5486 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/5486 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
Max diff block lines reached; 156814/161462 bytes (97.12%) of diff not shown.
3.88 KB
./usr/share/scap-security-guide/ansible/rhel8-playbook-rht-ccp.yml
Ordering differences only
    
Offset 3276, 16 lines modifiedOffset 3276, 16 lines modified
3276 ······-·no_reboot_needed3276 ······-·no_reboot_needed
  
3277 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg3277 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
3278 ······stat:3278 ······stat:
3279 ········path:·/boot/grub2/grub.cfg3279 ········path:·/boot/grub2/grub.cfg
3280 ······register:·file_exists3280 ······register:·file_exists
3281 ······when:3281 ······when:
3282 ······-·'"grub2-common"·in·ansible_facts.packages' 
3283 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'3282 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 3283 ······-·'"grub2-common"·in·ansible_facts.packages'
3284 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3284 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3285 ······tags:3285 ······tags:
3286 ······-·CCE-80800-63286 ······-·CCE-80800-6
3287 ······-·CJIS-5.5.2.23287 ······-·CJIS-5.5.2.2
3288 ······-·NIST-800-171-3.4.53288 ······-·NIST-800-171-3.4.5
3289 ······-·NIST-800-53-AC-6(1)3289 ······-·NIST-800-53-AC-6(1)
3290 ······-·NIST-800-53-CM-6(a)3290 ······-·NIST-800-53-CM-6(a)
Offset 3298, 16 lines modifiedOffset 3298, 16 lines modified
3298 ······-·no_reboot_needed3298 ······-·no_reboot_needed
  
3299 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg3299 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
3300 ······file:3300 ······file:
3301 ········path:·/boot/grub2/grub.cfg3301 ········path:·/boot/grub2/grub.cfg
3302 ········group:·'0'3302 ········group:·'0'
3303 ······when:3303 ······when:
3304 ······-·'"grub2-common"·in·ansible_facts.packages' 
3305 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'3304 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 3305 ······-·'"grub2-common"·in·ansible_facts.packages'
3306 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3306 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3307 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists3307 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
3308 ······tags:3308 ······tags:
3309 ······-·CCE-80800-63309 ······-·CCE-80800-6
3310 ······-·CJIS-5.5.2.23310 ······-·CJIS-5.5.2.2
3311 ······-·NIST-800-171-3.4.53311 ······-·NIST-800-171-3.4.5
3312 ······-·NIST-800-53-AC-6(1)3312 ······-·NIST-800-53-AC-6(1)
Offset 3339, 16 lines modifiedOffset 3339, 16 lines modified
3339 ······-·no_reboot_needed3339 ······-·no_reboot_needed
  
3340 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg3340 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
3341 ······stat:3341 ······stat:
3342 ········path:·/boot/grub2/grub.cfg3342 ········path:·/boot/grub2/grub.cfg
3343 ······register:·file_exists3343 ······register:·file_exists
3344 ······when:3344 ······when:
3345 ······-·'"grub2-common"·in·ansible_facts.packages' 
3346 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'3345 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 3346 ······-·'"grub2-common"·in·ansible_facts.packages'
3347 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3347 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3348 ······tags:3348 ······tags:
3349 ······-·CCE-80805-53349 ······-·CCE-80805-5
3350 ······-·CJIS-5.5.2.23350 ······-·CJIS-5.5.2.2
3351 ······-·NIST-800-171-3.4.53351 ······-·NIST-800-171-3.4.5
3352 ······-·NIST-800-53-AC-6(1)3352 ······-·NIST-800-53-AC-6(1)
3353 ······-·NIST-800-53-CM-6(a)3353 ······-·NIST-800-53-CM-6(a)
Offset 3361, 16 lines modifiedOffset 3361, 16 lines modified
3361 ······-·no_reboot_needed3361 ······-·no_reboot_needed
  
3362 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg3362 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
3363 ······file:3363 ······file:
3364 ········path:·/boot/grub2/grub.cfg3364 ········path:·/boot/grub2/grub.cfg
3365 ········owner:·'0'3365 ········owner:·'0'
3366 ······when:3366 ······when:
3367 ······-·'"grub2-common"·in·ansible_facts.packages' 
3368 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'3367 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 3368 ······-·'"grub2-common"·in·ansible_facts.packages'
3369 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3369 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3370 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists3370 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
3371 ······tags:3371 ······tags:
3372 ······-·CCE-80805-53372 ······-·CCE-80805-5
3373 ······-·CJIS-5.5.2.23373 ······-·CJIS-5.5.2.2
3374 ······-·NIST-800-171-3.4.53374 ······-·NIST-800-171-3.4.5
3375 ······-·NIST-800-53-AC-6(1)3375 ······-·NIST-800-53-AC-6(1)
Offset 3400, 16 lines modifiedOffset 3400, 16 lines modified
3400 ······-·no_reboot_needed3400 ······-·no_reboot_needed
  
3401 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg3401 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
3402 ······stat:3402 ······stat:
3403 ········path:·/boot/grub2/grub.cfg3403 ········path:·/boot/grub2/grub.cfg
3404 ······register:·file_exists3404 ······register:·file_exists
3405 ······when:3405 ······when:
3406 ······-·'"grub2-common"·in·ansible_facts.packages' 
3407 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'3406 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 3407 ······-·'"grub2-common"·in·ansible_facts.packages'
3408 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3408 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3409 ······tags:3409 ······tags:
3410 ······-·CCE-80814-73410 ······-·CCE-80814-7
3411 ······-·NIST-800-171-3.4.53411 ······-·NIST-800-171-3.4.5
3412 ······-·NIST-800-53-AC-6(1)3412 ······-·NIST-800-53-AC-6(1)
3413 ······-·NIST-800-53-CM-6(a)3413 ······-·NIST-800-53-CM-6(a)
3414 ······-·configure_strategy3414 ······-·configure_strategy
Offset 3420, 16 lines modifiedOffset 3420, 16 lines modified
3420 ······-·no_reboot_needed3420 ······-·no_reboot_needed
  
3421 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg3421 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
3422 ······file:3422 ······file:
3423 ········path:·/boot/grub2/grub.cfg3423 ········path:·/boot/grub2/grub.cfg
3424 ········mode:·u-xs,g-xwrs,o-xwrt3424 ········mode:·u-xs,g-xwrs,o-xwrt
3425 ······when:3425 ······when:
3426 ······-·'"grub2-common"·in·ansible_facts.packages' 
3427 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'3426 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 3427 ······-·'"grub2-common"·in·ansible_facts.packages'
3428 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3428 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3429 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists3429 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
3430 ······tags:3430 ······tags:
3431 ······-·CCE-80814-73431 ······-·CCE-80814-7
3432 ······-·NIST-800-171-3.4.53432 ······-·NIST-800-171-3.4.5
3433 ······-·NIST-800-53-AC-6(1)3433 ······-·NIST-800-53-AC-6(1)
3434 ······-·NIST-800-53-CM-6(a)3434 ······-·NIST-800-53-CM-6(a)
78.0 KB
./usr/share/scap-security-guide/ansible/rhel8-playbook-standard.yml
Ordering differences only
    
Offset 849, 16 lines modifiedOffset 849, 16 lines modified
849 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/849 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
850 ······find:850 ······find:
851 ········paths:·/etc/audit/rules.d851 ········paths:·/etc/audit/rules.d
852 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+852 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
853 ········patterns:·'*.rules'853 ········patterns:·'*.rules'
854 ······register:·find_existing_watch_rules_d854 ······register:·find_existing_watch_rules_d
855 ······when:855 ······when:
856 ······-·'"audit"·in·ansible_facts.packages' 
857 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]856 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 857 ······-·'"audit"·in·ansible_facts.packages'
858 ······tags:858 ······tags:
859 ······-·CCE-80721-4859 ······-·CCE-80721-4
860 ······-·CJIS-5.4.1.1860 ······-·CJIS-5.4.1.1
861 ······-·NIST-800-171-3.1.8861 ······-·NIST-800-171-3.1.8
862 ······-·NIST-800-53-AU-12(c)862 ······-·NIST-800-53-AU-12(c)
863 ······-·NIST-800-53-AU-2(d)863 ······-·NIST-800-53-AU-2(d)
864 ······-·NIST-800-53-CM-6(a)864 ······-·NIST-800-53-CM-6(a)
Offset 873, 16 lines modifiedOffset 873, 16 lines modified
873 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy873 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
874 ······find:874 ······find:
875 ········paths:·/etc/audit/rules.d875 ········paths:·/etc/audit/rules.d
876 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$876 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
877 ········patterns:·'*.rules'877 ········patterns:·'*.rules'
878 ······register:·find_watch_key878 ······register:·find_watch_key
879 ······when:879 ······when:
880 ······-·'"audit"·in·ansible_facts.packages' 
881 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]880 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 881 ······-·'"audit"·in·ansible_facts.packages'
882 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched882 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
883 ········==·0883 ········==·0
884 ······tags:884 ······tags:
885 ······-·CCE-80721-4885 ······-·CCE-80721-4
886 ······-·CJIS-5.4.1.1886 ······-·CJIS-5.4.1.1
887 ······-·NIST-800-171-3.1.8887 ······-·NIST-800-171-3.1.8
888 ······-·NIST-800-53-AU-12(c)888 ······-·NIST-800-53-AU-12(c)
Offset 897, 16 lines modifiedOffset 897, 16 lines modified
897 ······-·restrict_strategy897 ······-·restrict_strategy
  
898 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule898 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
899 ······set_fact:899 ······set_fact:
900 ········all_files:900 ········all_files:
901 ········-·/etc/audit/rules.d/MAC-policy.rules901 ········-·/etc/audit/rules.d/MAC-policy.rules
902 ······when:902 ······when:
903 ······-·'"audit"·in·ansible_facts.packages' 
904 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]903 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 904 ······-·'"audit"·in·ansible_facts.packages'
905 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched905 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
906 ········is·defined·and·find_existing_watch_rules_d.matched·==·0906 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
907 ······tags:907 ······tags:
908 ······-·CCE-80721-4908 ······-·CCE-80721-4
909 ······-·CJIS-5.4.1.1909 ······-·CJIS-5.4.1.1
910 ······-·NIST-800-171-3.1.8910 ······-·NIST-800-171-3.1.8
911 ······-·NIST-800-53-AU-12(c)911 ······-·NIST-800-53-AU-12(c)
Offset 921, 16 lines modifiedOffset 921, 16 lines modified
921 ······-·restrict_strategy921 ······-·restrict_strategy
  
922 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule922 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
923 ······set_fact:923 ······set_fact:
924 ········all_files:924 ········all_files:
925 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'925 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
926 ······when:926 ······when:
927 ······-·'"audit"·in·ansible_facts.packages' 
928 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]927 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 928 ······-·'"audit"·in·ansible_facts.packages'
929 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched929 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
930 ········is·defined·and·find_existing_watch_rules_d.matched·==·0930 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
931 ······tags:931 ······tags:
932 ······-·CCE-80721-4932 ······-·CCE-80721-4
933 ······-·CJIS-5.4.1.1933 ······-·CJIS-5.4.1.1
934 ······-·NIST-800-171-3.1.8934 ······-·NIST-800-171-3.1.8
935 ······-·NIST-800-53-AU-12(c)935 ······-·NIST-800-53-AU-12(c)
Offset 947, 16 lines modifiedOffset 947, 16 lines modified
947 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/947 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
948 ······lineinfile:948 ······lineinfile:
949 ········path:·'{{·all_files[0]·}}'949 ········path:·'{{·all_files[0]·}}'
950 ········line:·-w·/etc/selinux/·-p·wa·-k·MAC-policy950 ········line:·-w·/etc/selinux/·-p·wa·-k·MAC-policy
951 ········create:·true951 ········create:·true
952 ········mode:·'0640'952 ········mode:·'0640'
953 ······when:953 ······when:
954 ······-·'"audit"·in·ansible_facts.packages' 
955 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]954 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 955 ······-·'"audit"·in·ansible_facts.packages'
956 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched956 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
957 ········==·0957 ········==·0
958 ······tags:958 ······tags:
959 ······-·CCE-80721-4959 ······-·CCE-80721-4
960 ······-·CJIS-5.4.1.1960 ······-·CJIS-5.4.1.1
961 ······-·NIST-800-171-3.1.8961 ······-·NIST-800-171-3.1.8
962 ······-·NIST-800-53-AU-12(c)962 ······-·NIST-800-53-AU-12(c)
Offset 973, 16 lines modifiedOffset 973, 16 lines modified
973 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/audit.rules973 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/audit.rules
974 ······find:974 ······find:
975 ········paths:·/etc/audit/975 ········paths:·/etc/audit/
976 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+976 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
977 ········patterns:·audit.rules977 ········patterns:·audit.rules
978 ······register:·find_existing_watch_audit_rules978 ······register:·find_existing_watch_audit_rules
979 ······when:979 ······when:
980 ······-·'"audit"·in·ansible_facts.packages' 
981 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]980 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 981 ······-·'"audit"·in·ansible_facts.packages'
982 ······tags:982 ······tags:
983 ······-·CCE-80721-4983 ······-·CCE-80721-4
984 ······-·CJIS-5.4.1.1984 ······-·CJIS-5.4.1.1
985 ······-·NIST-800-171-3.1.8985 ······-·NIST-800-171-3.1.8
986 ······-·NIST-800-53-AU-12(c)986 ······-·NIST-800-53-AU-12(c)
987 ······-·NIST-800-53-AU-2(d)987 ······-·NIST-800-53-AU-2(d)
988 ······-·NIST-800-53-CM-6(a)988 ······-·NIST-800-53-CM-6(a)
Offset 998, 16 lines modifiedOffset 998, 16 lines modified
998 ······lineinfile:998 ······lineinfile:
999 ········line:·-w·/etc/selinux/·-p·wa·-k·MAC-policy999 ········line:·-w·/etc/selinux/·-p·wa·-k·MAC-policy
1000 ········state:·present1000 ········state:·present
1001 ········dest:·/etc/audit/audit.rules1001 ········dest:·/etc/audit/audit.rules
1002 ········create:·true1002 ········create:·true
1003 ········mode:·'0640'1003 ········mode:·'0640'
1004 ······when:1004 ······when:
1005 ······-·'"audit"·in·ansible_facts.packages' 
1006 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1005 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1006 ······-·'"audit"·in·ansible_facts.packages'
1007 ······-·find_existing_watch_audit_rules.matched·is·defined·and·find_existing_watch_audit_rules.matched1007 ······-·find_existing_watch_audit_rules.matched·is·defined·and·find_existing_watch_audit_rules.matched
1008 ········==·01008 ········==·0
1009 ······tags:1009 ······tags:
1010 ······-·CCE-80721-41010 ······-·CCE-80721-4
1011 ······-·CJIS-5.4.1.11011 ······-·CJIS-5.4.1.1
1012 ······-·NIST-800-171-3.1.81012 ······-·NIST-800-171-3.1.8
1013 ······-·NIST-800-53-AU-12(c)1013 ······-·NIST-800-53-AU-12(c)
Offset 1042, 16 lines modifiedOffset 1042, 16 lines modified
1042 ······-·reboot_required1042 ······-·reboot_required
Max diff block lines reached; 74862/79676 bytes (93.96%) of diff not shown.
130 KB
./usr/share/scap-security-guide/ansible/rhel8-playbook-stig.yml
Ordering differences only
    
Offset 11836, 16 lines modifiedOffset 11836, 16 lines modified
  
11836 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension11836 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
11837 ······find:11837 ······find:
11838 ········paths:·/etc/audit/rules.d/11838 ········paths:·/etc/audit/rules.d/
11839 ········patterns:·'*.rules'11839 ········patterns:·'*.rules'
11840 ······register:·find_rules_d11840 ······register:·find_rules_d
11841 ······when:11841 ······when:
11842 ······-·'"audit"·in·ansible_facts.packages' 
11843 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]11842 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 11843 ······-·'"audit"·in·ansible_facts.packages'
11844 ······tags:11844 ······tags:
11845 ······-·CCE-80708-111845 ······-·CCE-80708-1
11846 ······-·CJIS-5.4.1.111846 ······-·CJIS-5.4.1.1
11847 ······-·DISA-STIG-RHEL-08-03012111847 ······-·DISA-STIG-RHEL-08-030121
11848 ······-·NIST-800-171-3.3.111848 ······-·NIST-800-171-3.3.1
11849 ······-·NIST-800-171-3.4.311849 ······-·NIST-800-171-3.4.3
11850 ······-·NIST-800-53-AC-6(9)11850 ······-·NIST-800-53-AC-6(9)
Offset 11862, 16 lines modifiedOffset 11862, 16 lines modified
11862 ······lineinfile:11862 ······lineinfile:
11863 ········path:·'{{·item·}}'11863 ········path:·'{{·item·}}'
11864 ········regexp:·^\s*(?:-e)\s+.*$11864 ········regexp:·^\s*(?:-e)\s+.*$
11865 ········state:·absent11865 ········state:·absent
11866 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']11866 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
11867 ········}}'11867 ········}}'
11868 ······when:11868 ······when:
11869 ······-·'"audit"·in·ansible_facts.packages' 
11870 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]11869 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 11870 ······-·'"audit"·in·ansible_facts.packages'
11871 ······tags:11871 ······tags:
11872 ······-·CCE-80708-111872 ······-·CCE-80708-1
11873 ······-·CJIS-5.4.1.111873 ······-·CJIS-5.4.1.1
11874 ······-·DISA-STIG-RHEL-08-03012111874 ······-·DISA-STIG-RHEL-08-030121
11875 ······-·NIST-800-171-3.3.111875 ······-·NIST-800-171-3.3.1
11876 ······-·NIST-800-171-3.4.311876 ······-·NIST-800-171-3.4.3
11877 ······-·NIST-800-53-AC-6(9)11877 ······-·NIST-800-53-AC-6(9)
Offset 11890, 16 lines modifiedOffset 11890, 16 lines modified
11890 ········create:·true11890 ········create:·true
11891 ········line:·-e·211891 ········line:·-e·2
11892 ········mode:·o-rwx11892 ········mode:·o-rwx
11893 ······loop:11893 ······loop:
11894 ······-·/etc/audit/audit.rules11894 ······-·/etc/audit/audit.rules
11895 ······-·/etc/audit/rules.d/immutable.rules11895 ······-·/etc/audit/rules.d/immutable.rules
11896 ······when:11896 ······when:
11897 ······-·'"audit"·in·ansible_facts.packages' 
11898 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]11897 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 11898 ······-·'"audit"·in·ansible_facts.packages'
11899 ······tags:11899 ······tags:
11900 ······-·CCE-80708-111900 ······-·CCE-80708-1
11901 ······-·CJIS-5.4.1.111901 ······-·CJIS-5.4.1.1
11902 ······-·DISA-STIG-RHEL-08-03012111902 ······-·DISA-STIG-RHEL-08-030121
11903 ······-·NIST-800-171-3.3.111903 ······-·NIST-800-171-3.3.1
11904 ······-·NIST-800-171-3.4.311904 ······-·NIST-800-171-3.4.3
11905 ······-·NIST-800-53-AC-6(9)11905 ······-·NIST-800-53-AC-6(9)
Offset 11933, 16 lines modifiedOffset 11933, 16 lines modified
11933 ······-·reboot_required11933 ······-·reboot_required
11934 ······-·restrict_strategy11934 ······-·restrict_strategy
  
11935 ····-·name:·Set·architecture·for·audit·mount·tasks11935 ····-·name:·Set·architecture·for·audit·mount·tasks
11936 ······set_fact:11936 ······set_fact:
11937 ········audit_arch:·b6411937 ········audit_arch:·b64
11938 ······when:11938 ······when:
11939 ······-·'"audit"·in·ansible_facts.packages' 
11940 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]11939 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 11940 ······-·'"audit"·in·ansible_facts.packages'
11941 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture11941 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
11942 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"11942 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
11943 ······tags:11943 ······tags:
11944 ······-·CCE-80722-211944 ······-·CCE-80722-2
11945 ······-·CJIS-5.4.1.111945 ······-·CJIS-5.4.1.1
11946 ······-·DISA-STIG-RHEL-08-03030211946 ······-·DISA-STIG-RHEL-08-030302
11947 ······-·NIST-800-171-3.1.711947 ······-·NIST-800-171-3.1.7
Offset 12075, 16 lines modifiedOffset 12075, 16 lines modified
12075 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100012075 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
12076 ············-F·auid!=unset·-F·key=perm_mod12076 ············-F·auid!=unset·-F·key=perm_mod
12077 ··········create:·true12077 ··········create:·true
12078 ··········mode:·o-rwx12078 ··········mode:·o-rwx
12079 ··········state:·present12079 ··········state:·present
12080 ········when:·syscalls_found·|·length·==·012080 ········when:·syscalls_found·|·length·==·0
12081 ······when:12081 ······when:
12082 ······-·'"audit"·in·ansible_facts.packages' 
12083 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]12082 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 12083 ······-·'"audit"·in·ansible_facts.packages'
12084 ······tags:12084 ······tags:
12085 ······-·CCE-80722-212085 ······-·CCE-80722-2
12086 ······-·CJIS-5.4.1.112086 ······-·CJIS-5.4.1.1
12087 ······-·DISA-STIG-RHEL-08-03030212087 ······-·DISA-STIG-RHEL-08-030302
12088 ······-·NIST-800-171-3.1.712088 ······-·NIST-800-171-3.1.7
12089 ······-·NIST-800-53-AC-6(9)12089 ······-·NIST-800-53-AC-6(9)
12090 ······-·NIST-800-53-AU-12(c)12090 ······-·NIST-800-53-AU-12(c)
Offset 12215, 16 lines modifiedOffset 12215, 16 lines modified
12215 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100012215 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
12216 ············-F·auid!=unset·-F·key=perm_mod12216 ············-F·auid!=unset·-F·key=perm_mod
12217 ··········create:·true12217 ··········create:·true
12218 ··········mode:·o-rwx12218 ··········mode:·o-rwx
12219 ··········state:·present12219 ··········state:·present
12220 ········when:·syscalls_found·|·length·==·012220 ········when:·syscalls_found·|·length·==·0
12221 ······when:12221 ······when:
12222 ······-·'"audit"·in·ansible_facts.packages' 
12223 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]12222 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 12223 ······-·'"audit"·in·ansible_facts.packages'
12224 ······-·audit_arch·==·"b64"12224 ······-·audit_arch·==·"b64"
12225 ······tags:12225 ······tags:
12226 ······-·CCE-80722-212226 ······-·CCE-80722-2
12227 ······-·CJIS-5.4.1.112227 ······-·CJIS-5.4.1.1
12228 ······-·DISA-STIG-RHEL-08-03030212228 ······-·DISA-STIG-RHEL-08-030302
12229 ······-·NIST-800-171-3.1.712229 ······-·NIST-800-171-3.1.7
12230 ······-·NIST-800-53-AC-6(9)12230 ······-·NIST-800-53-AC-6(9)
Offset 12256, 16 lines modifiedOffset 12256, 16 lines modified
12256 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/12256 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
12257 ······find:12257 ······find:
12258 ········paths:·/etc/audit/rules.d12258 ········paths:·/etc/audit/rules.d
12259 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+12259 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
12260 ········patterns:·'*.rules'12260 ········patterns:·'*.rules'
12261 ······register:·find_existing_watch_rules_d12261 ······register:·find_existing_watch_rules_d
12262 ······when:12262 ······when:
12263 ······-·'"audit"·in·ansible_facts.packages' 
12264 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]12263 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 12264 ······-·'"audit"·in·ansible_facts.packages'
12265 ······tags:12265 ······tags:
12266 ······-·CCE-90175-112266 ······-·CCE-90175-1
12267 ······-·DISA-STIG-RHEL-08-03017112267 ······-·DISA-STIG-RHEL-08-030171
12268 ······-·audit_rules_sudoers12268 ······-·audit_rules_sudoers
12269 ······-·low_complexity12269 ······-·low_complexity
12270 ······-·low_disruption12270 ······-·low_disruption
12271 ······-·medium_severity12271 ······-·medium_severity
Offset 12275, 16 lines modifiedOffset 12275, 16 lines modified
12275 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions12275 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
Max diff block lines reached; 128191/132711 bytes (96.59%) of diff not shown.
130 KB
./usr/share/scap-security-guide/ansible/rhel8-playbook-stig_gui.yml
Ordering differences only
    
Offset 11826, 16 lines modifiedOffset 11826, 16 lines modified
  
11826 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension11826 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
11827 ······find:11827 ······find:
11828 ········paths:·/etc/audit/rules.d/11828 ········paths:·/etc/audit/rules.d/
11829 ········patterns:·'*.rules'11829 ········patterns:·'*.rules'
11830 ······register:·find_rules_d11830 ······register:·find_rules_d
11831 ······when:11831 ······when:
11832 ······-·'"audit"·in·ansible_facts.packages' 
11833 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]11832 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 11833 ······-·'"audit"·in·ansible_facts.packages'
11834 ······tags:11834 ······tags:
11835 ······-·CCE-80708-111835 ······-·CCE-80708-1
11836 ······-·CJIS-5.4.1.111836 ······-·CJIS-5.4.1.1
11837 ······-·DISA-STIG-RHEL-08-03012111837 ······-·DISA-STIG-RHEL-08-030121
11838 ······-·NIST-800-171-3.3.111838 ······-·NIST-800-171-3.3.1
11839 ······-·NIST-800-171-3.4.311839 ······-·NIST-800-171-3.4.3
11840 ······-·NIST-800-53-AC-6(9)11840 ······-·NIST-800-53-AC-6(9)
Offset 11852, 16 lines modifiedOffset 11852, 16 lines modified
11852 ······lineinfile:11852 ······lineinfile:
11853 ········path:·'{{·item·}}'11853 ········path:·'{{·item·}}'
11854 ········regexp:·^\s*(?:-e)\s+.*$11854 ········regexp:·^\s*(?:-e)\s+.*$
11855 ········state:·absent11855 ········state:·absent
11856 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']11856 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
11857 ········}}'11857 ········}}'
11858 ······when:11858 ······when:
11859 ······-·'"audit"·in·ansible_facts.packages' 
11860 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]11859 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 11860 ······-·'"audit"·in·ansible_facts.packages'
11861 ······tags:11861 ······tags:
11862 ······-·CCE-80708-111862 ······-·CCE-80708-1
11863 ······-·CJIS-5.4.1.111863 ······-·CJIS-5.4.1.1
11864 ······-·DISA-STIG-RHEL-08-03012111864 ······-·DISA-STIG-RHEL-08-030121
11865 ······-·NIST-800-171-3.3.111865 ······-·NIST-800-171-3.3.1
11866 ······-·NIST-800-171-3.4.311866 ······-·NIST-800-171-3.4.3
11867 ······-·NIST-800-53-AC-6(9)11867 ······-·NIST-800-53-AC-6(9)
Offset 11880, 16 lines modifiedOffset 11880, 16 lines modified
11880 ········create:·true11880 ········create:·true
11881 ········line:·-e·211881 ········line:·-e·2
11882 ········mode:·o-rwx11882 ········mode:·o-rwx
11883 ······loop:11883 ······loop:
11884 ······-·/etc/audit/audit.rules11884 ······-·/etc/audit/audit.rules
11885 ······-·/etc/audit/rules.d/immutable.rules11885 ······-·/etc/audit/rules.d/immutable.rules
11886 ······when:11886 ······when:
11887 ······-·'"audit"·in·ansible_facts.packages' 
11888 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]11887 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 11888 ······-·'"audit"·in·ansible_facts.packages'
11889 ······tags:11889 ······tags:
11890 ······-·CCE-80708-111890 ······-·CCE-80708-1
11891 ······-·CJIS-5.4.1.111891 ······-·CJIS-5.4.1.1
11892 ······-·DISA-STIG-RHEL-08-03012111892 ······-·DISA-STIG-RHEL-08-030121
11893 ······-·NIST-800-171-3.3.111893 ······-·NIST-800-171-3.3.1
11894 ······-·NIST-800-171-3.4.311894 ······-·NIST-800-171-3.4.3
11895 ······-·NIST-800-53-AC-6(9)11895 ······-·NIST-800-53-AC-6(9)
Offset 11923, 16 lines modifiedOffset 11923, 16 lines modified
11923 ······-·reboot_required11923 ······-·reboot_required
11924 ······-·restrict_strategy11924 ······-·restrict_strategy
  
11925 ····-·name:·Set·architecture·for·audit·mount·tasks11925 ····-·name:·Set·architecture·for·audit·mount·tasks
11926 ······set_fact:11926 ······set_fact:
11927 ········audit_arch:·b6411927 ········audit_arch:·b64
11928 ······when:11928 ······when:
11929 ······-·'"audit"·in·ansible_facts.packages' 
11930 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]11929 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 11930 ······-·'"audit"·in·ansible_facts.packages'
11931 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture11931 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
11932 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"11932 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
11933 ······tags:11933 ······tags:
11934 ······-·CCE-80722-211934 ······-·CCE-80722-2
11935 ······-·CJIS-5.4.1.111935 ······-·CJIS-5.4.1.1
11936 ······-·DISA-STIG-RHEL-08-03030211936 ······-·DISA-STIG-RHEL-08-030302
11937 ······-·NIST-800-171-3.1.711937 ······-·NIST-800-171-3.1.7
Offset 12065, 16 lines modifiedOffset 12065, 16 lines modified
12065 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100012065 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
12066 ············-F·auid!=unset·-F·key=perm_mod12066 ············-F·auid!=unset·-F·key=perm_mod
12067 ··········create:·true12067 ··········create:·true
12068 ··········mode:·o-rwx12068 ··········mode:·o-rwx
12069 ··········state:·present12069 ··········state:·present
12070 ········when:·syscalls_found·|·length·==·012070 ········when:·syscalls_found·|·length·==·0
12071 ······when:12071 ······when:
12072 ······-·'"audit"·in·ansible_facts.packages' 
12073 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]12072 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 12073 ······-·'"audit"·in·ansible_facts.packages'
12074 ······tags:12074 ······tags:
12075 ······-·CCE-80722-212075 ······-·CCE-80722-2
12076 ······-·CJIS-5.4.1.112076 ······-·CJIS-5.4.1.1
12077 ······-·DISA-STIG-RHEL-08-03030212077 ······-·DISA-STIG-RHEL-08-030302
12078 ······-·NIST-800-171-3.1.712078 ······-·NIST-800-171-3.1.7
12079 ······-·NIST-800-53-AC-6(9)12079 ······-·NIST-800-53-AC-6(9)
12080 ······-·NIST-800-53-AU-12(c)12080 ······-·NIST-800-53-AU-12(c)
Offset 12205, 16 lines modifiedOffset 12205, 16 lines modified
12205 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=100012205 ··········line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
12206 ············-F·auid!=unset·-F·key=perm_mod12206 ············-F·auid!=unset·-F·key=perm_mod
12207 ··········create:·true12207 ··········create:·true
12208 ··········mode:·o-rwx12208 ··········mode:·o-rwx
12209 ··········state:·present12209 ··········state:·present
12210 ········when:·syscalls_found·|·length·==·012210 ········when:·syscalls_found·|·length·==·0
12211 ······when:12211 ······when:
12212 ······-·'"audit"·in·ansible_facts.packages' 
12213 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]12212 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 12213 ······-·'"audit"·in·ansible_facts.packages'
12214 ······-·audit_arch·==·"b64"12214 ······-·audit_arch·==·"b64"
12215 ······tags:12215 ······tags:
12216 ······-·CCE-80722-212216 ······-·CCE-80722-2
12217 ······-·CJIS-5.4.1.112217 ······-·CJIS-5.4.1.1
12218 ······-·DISA-STIG-RHEL-08-03030212218 ······-·DISA-STIG-RHEL-08-030302
12219 ······-·NIST-800-171-3.1.712219 ······-·NIST-800-171-3.1.7
12220 ······-·NIST-800-53-AC-6(9)12220 ······-·NIST-800-53-AC-6(9)
Offset 12246, 16 lines modifiedOffset 12246, 16 lines modified
12246 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/12246 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
12247 ······find:12247 ······find:
12248 ········paths:·/etc/audit/rules.d12248 ········paths:·/etc/audit/rules.d
12249 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+12249 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
12250 ········patterns:·'*.rules'12250 ········patterns:·'*.rules'
12251 ······register:·find_existing_watch_rules_d12251 ······register:·find_existing_watch_rules_d
12252 ······when:12252 ······when:
12253 ······-·'"audit"·in·ansible_facts.packages' 
12254 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]12253 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 12254 ······-·'"audit"·in·ansible_facts.packages'
12255 ······tags:12255 ······tags:
12256 ······-·CCE-90175-112256 ······-·CCE-90175-1
12257 ······-·DISA-STIG-RHEL-08-03017112257 ······-·DISA-STIG-RHEL-08-030171
12258 ······-·audit_rules_sudoers12258 ······-·audit_rules_sudoers
12259 ······-·low_complexity12259 ······-·low_complexity
12260 ······-·low_disruption12260 ······-·low_disruption
12261 ······-·medium_severity12261 ······-·medium_severity
Offset 12265, 16 lines modifiedOffset 12265, 16 lines modified
12265 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions12265 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
Max diff block lines reached; 128191/132711 bytes (96.59%) of diff not shown.
13.1 KB
./usr/share/scap-security-guide/ansible/rhel9-playbook-cis.yml
Ordering differences only
    
Offset 21825, 16 lines modifiedOffset 21825, 16 lines modified
21825 ······-·no_reboot_needed21825 ······-·no_reboot_needed
  
21826 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg21826 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
21827 ······stat:21827 ······stat:
21828 ········path:·/boot/grub2/grub.cfg21828 ········path:·/boot/grub2/grub.cfg
21829 ······register:·file_exists21829 ······register:·file_exists
21830 ······when:21830 ······when:
21831 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21832 ······-·'"grub2-common"·in·ansible_facts.packages'21831 ······-·'"grub2-common"·in·ansible_facts.packages'
 21832 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21833 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21833 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21834 ······tags:21834 ······tags:
21835 ······-·CCE-83848-221835 ······-·CCE-83848-2
21836 ······-·CJIS-5.5.2.221836 ······-·CJIS-5.5.2.2
21837 ······-·NIST-800-171-3.4.521837 ······-·NIST-800-171-3.4.5
21838 ······-·NIST-800-53-AC-6(1)21838 ······-·NIST-800-53-AC-6(1)
21839 ······-·NIST-800-53-CM-6(a)21839 ······-·NIST-800-53-CM-6(a)
Offset 21847, 16 lines modifiedOffset 21847, 16 lines modified
21847 ······-·no_reboot_needed21847 ······-·no_reboot_needed
  
21848 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg21848 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
21849 ······file:21849 ······file:
21850 ········path:·/boot/grub2/grub.cfg21850 ········path:·/boot/grub2/grub.cfg
21851 ········group:·'0'21851 ········group:·'0'
21852 ······when:21852 ······when:
21853 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21854 ······-·'"grub2-common"·in·ansible_facts.packages'21853 ······-·'"grub2-common"·in·ansible_facts.packages'
 21854 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21855 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21855 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21856 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists21856 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
21857 ······tags:21857 ······tags:
21858 ······-·CCE-83848-221858 ······-·CCE-83848-2
21859 ······-·CJIS-5.5.2.221859 ······-·CJIS-5.5.2.2
21860 ······-·NIST-800-171-3.4.521860 ······-·NIST-800-171-3.4.5
21861 ······-·NIST-800-53-AC-6(1)21861 ······-·NIST-800-53-AC-6(1)
Offset 21888, 16 lines modifiedOffset 21888, 16 lines modified
21888 ······-·no_reboot_needed21888 ······-·no_reboot_needed
  
21889 ····-·name:·Test·for·existence·/boot/grub2/user.cfg21889 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
21890 ······stat:21890 ······stat:
21891 ········path:·/boot/grub2/user.cfg21891 ········path:·/boot/grub2/user.cfg
21892 ······register:·file_exists21892 ······register:·file_exists
21893 ······when:21893 ······when:
21894 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21895 ······-·'"grub2-common"·in·ansible_facts.packages'21894 ······-·'"grub2-common"·in·ansible_facts.packages'
 21895 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21896 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21896 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21897 ······tags:21897 ······tags:
21898 ······-·CCE-86010-621898 ······-·CCE-86010-6
21899 ······-·CJIS-5.5.2.221899 ······-·CJIS-5.5.2.2
21900 ······-·NIST-800-171-3.4.521900 ······-·NIST-800-171-3.4.5
21901 ······-·NIST-800-53-AC-6(1)21901 ······-·NIST-800-53-AC-6(1)
21902 ······-·NIST-800-53-CM-6(a)21902 ······-·NIST-800-53-CM-6(a)
Offset 21910, 16 lines modifiedOffset 21910, 16 lines modified
21910 ······-·no_reboot_needed21910 ······-·no_reboot_needed
  
21911 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg21911 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
21912 ······file:21912 ······file:
21913 ········path:·/boot/grub2/user.cfg21913 ········path:·/boot/grub2/user.cfg
21914 ········group:·'0'21914 ········group:·'0'
21915 ······when:21915 ······when:
21916 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21917 ······-·'"grub2-common"·in·ansible_facts.packages'21916 ······-·'"grub2-common"·in·ansible_facts.packages'
 21917 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21918 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21918 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21919 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists21919 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
21920 ······tags:21920 ······tags:
21921 ······-·CCE-86010-621921 ······-·CCE-86010-6
21922 ······-·CJIS-5.5.2.221922 ······-·CJIS-5.5.2.2
21923 ······-·NIST-800-171-3.4.521923 ······-·NIST-800-171-3.4.5
21924 ······-·NIST-800-53-AC-6(1)21924 ······-·NIST-800-53-AC-6(1)
Offset 21951, 16 lines modifiedOffset 21951, 16 lines modified
21951 ······-·no_reboot_needed21951 ······-·no_reboot_needed
  
21952 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg21952 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
21953 ······stat:21953 ······stat:
21954 ········path:·/boot/grub2/grub.cfg21954 ········path:·/boot/grub2/grub.cfg
21955 ······register:·file_exists21955 ······register:·file_exists
21956 ······when:21956 ······when:
21957 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21958 ······-·'"grub2-common"·in·ansible_facts.packages'21957 ······-·'"grub2-common"·in·ansible_facts.packages'
 21958 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21959 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21959 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21960 ······tags:21960 ······tags:
21961 ······-·CCE-83845-821961 ······-·CCE-83845-8
21962 ······-·CJIS-5.5.2.221962 ······-·CJIS-5.5.2.2
21963 ······-·NIST-800-171-3.4.521963 ······-·NIST-800-171-3.4.5
21964 ······-·NIST-800-53-AC-6(1)21964 ······-·NIST-800-53-AC-6(1)
21965 ······-·NIST-800-53-CM-6(a)21965 ······-·NIST-800-53-CM-6(a)
Offset 21973, 16 lines modifiedOffset 21973, 16 lines modified
21973 ······-·no_reboot_needed21973 ······-·no_reboot_needed
  
21974 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg21974 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
21975 ······file:21975 ······file:
21976 ········path:·/boot/grub2/grub.cfg21976 ········path:·/boot/grub2/grub.cfg
21977 ········owner:·'0'21977 ········owner:·'0'
21978 ······when:21978 ······when:
21979 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21980 ······-·'"grub2-common"·in·ansible_facts.packages'21979 ······-·'"grub2-common"·in·ansible_facts.packages'
 21980 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21981 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21981 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21982 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists21982 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
21983 ······tags:21983 ······tags:
21984 ······-·CCE-83845-821984 ······-·CCE-83845-8
21985 ······-·CJIS-5.5.2.221985 ······-·CJIS-5.5.2.2
21986 ······-·NIST-800-171-3.4.521986 ······-·NIST-800-171-3.4.5
21987 ······-·NIST-800-53-AC-6(1)21987 ······-·NIST-800-53-AC-6(1)
Offset 22014, 16 lines modifiedOffset 22014, 16 lines modified
22014 ······-·no_reboot_needed22014 ······-·no_reboot_needed
  
22015 ····-·name:·Test·for·existence·/boot/grub2/user.cfg22015 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
22016 ······stat:22016 ······stat:
22017 ········path:·/boot/grub2/user.cfg22017 ········path:·/boot/grub2/user.cfg
22018 ······register:·file_exists22018 ······register:·file_exists
22019 ······when:22019 ······when:
22020 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22021 ······-·'"grub2-common"·in·ansible_facts.packages'22020 ······-·'"grub2-common"·in·ansible_facts.packages'
 22021 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22022 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22022 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22023 ······tags:22023 ······tags:
22024 ······-·CCE-86016-322024 ······-·CCE-86016-3
22025 ······-·CJIS-5.5.2.222025 ······-·CJIS-5.5.2.2
22026 ······-·NIST-800-171-3.4.522026 ······-·NIST-800-171-3.4.5
22027 ······-·NIST-800-53-AC-6(1)22027 ······-·NIST-800-53-AC-6(1)
22028 ······-·NIST-800-53-CM-6(a)22028 ······-·NIST-800-53-CM-6(a)
Offset 22036, 16 lines modifiedOffset 22036, 16 lines modified
22036 ······-·no_reboot_needed22036 ······-·no_reboot_needed
Max diff block lines reached; 8597/13228 bytes (64.99%) of diff not shown.
13.0 KB
./usr/share/scap-security-guide/ansible/rhel9-playbook-cis_server_l1.yml
Ordering differences only
    
Offset 5206, 16 lines modifiedOffset 5206, 16 lines modified
5206 ······-·no_reboot_needed5206 ······-·no_reboot_needed
  
5207 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg5207 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
5208 ······stat:5208 ······stat:
5209 ········path:·/boot/grub2/grub.cfg5209 ········path:·/boot/grub2/grub.cfg
5210 ······register:·file_exists5210 ······register:·file_exists
5211 ······when:5211 ······when:
5212 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5213 ······-·'"grub2-common"·in·ansible_facts.packages'5212 ······-·'"grub2-common"·in·ansible_facts.packages'
 5213 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5214 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5214 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5215 ······tags:5215 ······tags:
5216 ······-·CCE-83848-25216 ······-·CCE-83848-2
5217 ······-·CJIS-5.5.2.25217 ······-·CJIS-5.5.2.2
5218 ······-·NIST-800-171-3.4.55218 ······-·NIST-800-171-3.4.5
5219 ······-·NIST-800-53-AC-6(1)5219 ······-·NIST-800-53-AC-6(1)
5220 ······-·NIST-800-53-CM-6(a)5220 ······-·NIST-800-53-CM-6(a)
Offset 5228, 16 lines modifiedOffset 5228, 16 lines modified
5228 ······-·no_reboot_needed5228 ······-·no_reboot_needed
  
5229 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg5229 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
5230 ······file:5230 ······file:
5231 ········path:·/boot/grub2/grub.cfg5231 ········path:·/boot/grub2/grub.cfg
5232 ········group:·'0'5232 ········group:·'0'
5233 ······when:5233 ······when:
5234 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5235 ······-·'"grub2-common"·in·ansible_facts.packages'5234 ······-·'"grub2-common"·in·ansible_facts.packages'
 5235 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5236 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5236 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5237 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5237 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5238 ······tags:5238 ······tags:
5239 ······-·CCE-83848-25239 ······-·CCE-83848-2
5240 ······-·CJIS-5.5.2.25240 ······-·CJIS-5.5.2.2
5241 ······-·NIST-800-171-3.4.55241 ······-·NIST-800-171-3.4.5
5242 ······-·NIST-800-53-AC-6(1)5242 ······-·NIST-800-53-AC-6(1)
Offset 5269, 16 lines modifiedOffset 5269, 16 lines modified
5269 ······-·no_reboot_needed5269 ······-·no_reboot_needed
  
5270 ····-·name:·Test·for·existence·/boot/grub2/user.cfg5270 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
5271 ······stat:5271 ······stat:
5272 ········path:·/boot/grub2/user.cfg5272 ········path:·/boot/grub2/user.cfg
5273 ······register:·file_exists5273 ······register:·file_exists
5274 ······when:5274 ······when:
5275 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5276 ······-·'"grub2-common"·in·ansible_facts.packages'5275 ······-·'"grub2-common"·in·ansible_facts.packages'
 5276 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5277 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5277 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5278 ······tags:5278 ······tags:
5279 ······-·CCE-86010-65279 ······-·CCE-86010-6
5280 ······-·CJIS-5.5.2.25280 ······-·CJIS-5.5.2.2
5281 ······-·NIST-800-171-3.4.55281 ······-·NIST-800-171-3.4.5
5282 ······-·NIST-800-53-AC-6(1)5282 ······-·NIST-800-53-AC-6(1)
5283 ······-·NIST-800-53-CM-6(a)5283 ······-·NIST-800-53-CM-6(a)
Offset 5291, 16 lines modifiedOffset 5291, 16 lines modified
5291 ······-·no_reboot_needed5291 ······-·no_reboot_needed
  
5292 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg5292 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
5293 ······file:5293 ······file:
5294 ········path:·/boot/grub2/user.cfg5294 ········path:·/boot/grub2/user.cfg
5295 ········group:·'0'5295 ········group:·'0'
5296 ······when:5296 ······when:
5297 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5298 ······-·'"grub2-common"·in·ansible_facts.packages'5297 ······-·'"grub2-common"·in·ansible_facts.packages'
 5298 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5299 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5299 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5300 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5300 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5301 ······tags:5301 ······tags:
5302 ······-·CCE-86010-65302 ······-·CCE-86010-6
5303 ······-·CJIS-5.5.2.25303 ······-·CJIS-5.5.2.2
5304 ······-·NIST-800-171-3.4.55304 ······-·NIST-800-171-3.4.5
5305 ······-·NIST-800-53-AC-6(1)5305 ······-·NIST-800-53-AC-6(1)
Offset 5332, 16 lines modifiedOffset 5332, 16 lines modified
5332 ······-·no_reboot_needed5332 ······-·no_reboot_needed
  
5333 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg5333 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
5334 ······stat:5334 ······stat:
5335 ········path:·/boot/grub2/grub.cfg5335 ········path:·/boot/grub2/grub.cfg
5336 ······register:·file_exists5336 ······register:·file_exists
5337 ······when:5337 ······when:
5338 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5339 ······-·'"grub2-common"·in·ansible_facts.packages'5338 ······-·'"grub2-common"·in·ansible_facts.packages'
 5339 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5340 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5340 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5341 ······tags:5341 ······tags:
5342 ······-·CCE-83845-85342 ······-·CCE-83845-8
5343 ······-·CJIS-5.5.2.25343 ······-·CJIS-5.5.2.2
5344 ······-·NIST-800-171-3.4.55344 ······-·NIST-800-171-3.4.5
5345 ······-·NIST-800-53-AC-6(1)5345 ······-·NIST-800-53-AC-6(1)
5346 ······-·NIST-800-53-CM-6(a)5346 ······-·NIST-800-53-CM-6(a)
Offset 5354, 16 lines modifiedOffset 5354, 16 lines modified
5354 ······-·no_reboot_needed5354 ······-·no_reboot_needed
  
5355 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg5355 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
5356 ······file:5356 ······file:
5357 ········path:·/boot/grub2/grub.cfg5357 ········path:·/boot/grub2/grub.cfg
5358 ········owner:·'0'5358 ········owner:·'0'
5359 ······when:5359 ······when:
5360 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5361 ······-·'"grub2-common"·in·ansible_facts.packages'5360 ······-·'"grub2-common"·in·ansible_facts.packages'
 5361 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5362 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5362 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5363 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5363 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5364 ······tags:5364 ······tags:
5365 ······-·CCE-83845-85365 ······-·CCE-83845-8
5366 ······-·CJIS-5.5.2.25366 ······-·CJIS-5.5.2.2
5367 ······-·NIST-800-171-3.4.55367 ······-·NIST-800-171-3.4.5
5368 ······-·NIST-800-53-AC-6(1)5368 ······-·NIST-800-53-AC-6(1)
Offset 5395, 16 lines modifiedOffset 5395, 16 lines modified
5395 ······-·no_reboot_needed5395 ······-·no_reboot_needed
  
5396 ····-·name:·Test·for·existence·/boot/grub2/user.cfg5396 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
5397 ······stat:5397 ······stat:
5398 ········path:·/boot/grub2/user.cfg5398 ········path:·/boot/grub2/user.cfg
5399 ······register:·file_exists5399 ······register:·file_exists
5400 ······when:5400 ······when:
5401 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5402 ······-·'"grub2-common"·in·ansible_facts.packages'5401 ······-·'"grub2-common"·in·ansible_facts.packages'
 5402 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5403 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5403 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5404 ······tags:5404 ······tags:
5405 ······-·CCE-86016-35405 ······-·CCE-86016-3
5406 ······-·CJIS-5.5.2.25406 ······-·CJIS-5.5.2.2
5407 ······-·NIST-800-171-3.4.55407 ······-·NIST-800-171-3.4.5
5408 ······-·NIST-800-53-AC-6(1)5408 ······-·NIST-800-53-AC-6(1)
5409 ······-·NIST-800-53-CM-6(a)5409 ······-·NIST-800-53-CM-6(a)
Offset 5417, 16 lines modifiedOffset 5417, 16 lines modified
5417 ······-·no_reboot_needed5417 ······-·no_reboot_needed
Max diff block lines reached; 8573/13188 bytes (65.01%) of diff not shown.
13.1 KB
./usr/share/scap-security-guide/ansible/rhel9-playbook-cis_workstation_l1.yml
Ordering differences only
    
Offset 5206, 16 lines modifiedOffset 5206, 16 lines modified
5206 ······-·no_reboot_needed5206 ······-·no_reboot_needed
  
5207 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg5207 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
5208 ······stat:5208 ······stat:
5209 ········path:·/boot/grub2/grub.cfg5209 ········path:·/boot/grub2/grub.cfg
5210 ······register:·file_exists5210 ······register:·file_exists
5211 ······when:5211 ······when:
5212 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5213 ······-·'"grub2-common"·in·ansible_facts.packages'5212 ······-·'"grub2-common"·in·ansible_facts.packages'
 5213 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5214 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5214 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5215 ······tags:5215 ······tags:
5216 ······-·CCE-83848-25216 ······-·CCE-83848-2
5217 ······-·CJIS-5.5.2.25217 ······-·CJIS-5.5.2.2
5218 ······-·NIST-800-171-3.4.55218 ······-·NIST-800-171-3.4.5
5219 ······-·NIST-800-53-AC-6(1)5219 ······-·NIST-800-53-AC-6(1)
5220 ······-·NIST-800-53-CM-6(a)5220 ······-·NIST-800-53-CM-6(a)
Offset 5228, 16 lines modifiedOffset 5228, 16 lines modified
5228 ······-·no_reboot_needed5228 ······-·no_reboot_needed
  
5229 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg5229 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
5230 ······file:5230 ······file:
5231 ········path:·/boot/grub2/grub.cfg5231 ········path:·/boot/grub2/grub.cfg
5232 ········group:·'0'5232 ········group:·'0'
5233 ······when:5233 ······when:
5234 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5235 ······-·'"grub2-common"·in·ansible_facts.packages'5234 ······-·'"grub2-common"·in·ansible_facts.packages'
 5235 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5236 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5236 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5237 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5237 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5238 ······tags:5238 ······tags:
5239 ······-·CCE-83848-25239 ······-·CCE-83848-2
5240 ······-·CJIS-5.5.2.25240 ······-·CJIS-5.5.2.2
5241 ······-·NIST-800-171-3.4.55241 ······-·NIST-800-171-3.4.5
5242 ······-·NIST-800-53-AC-6(1)5242 ······-·NIST-800-53-AC-6(1)
Offset 5269, 16 lines modifiedOffset 5269, 16 lines modified
5269 ······-·no_reboot_needed5269 ······-·no_reboot_needed
  
5270 ····-·name:·Test·for·existence·/boot/grub2/user.cfg5270 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
5271 ······stat:5271 ······stat:
5272 ········path:·/boot/grub2/user.cfg5272 ········path:·/boot/grub2/user.cfg
5273 ······register:·file_exists5273 ······register:·file_exists
5274 ······when:5274 ······when:
5275 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5276 ······-·'"grub2-common"·in·ansible_facts.packages'5275 ······-·'"grub2-common"·in·ansible_facts.packages'
 5276 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5277 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5277 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5278 ······tags:5278 ······tags:
5279 ······-·CCE-86010-65279 ······-·CCE-86010-6
5280 ······-·CJIS-5.5.2.25280 ······-·CJIS-5.5.2.2
5281 ······-·NIST-800-171-3.4.55281 ······-·NIST-800-171-3.4.5
5282 ······-·NIST-800-53-AC-6(1)5282 ······-·NIST-800-53-AC-6(1)
5283 ······-·NIST-800-53-CM-6(a)5283 ······-·NIST-800-53-CM-6(a)
Offset 5291, 16 lines modifiedOffset 5291, 16 lines modified
5291 ······-·no_reboot_needed5291 ······-·no_reboot_needed
  
5292 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg5292 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
5293 ······file:5293 ······file:
5294 ········path:·/boot/grub2/user.cfg5294 ········path:·/boot/grub2/user.cfg
5295 ········group:·'0'5295 ········group:·'0'
5296 ······when:5296 ······when:
5297 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5298 ······-·'"grub2-common"·in·ansible_facts.packages'5297 ······-·'"grub2-common"·in·ansible_facts.packages'
 5298 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5299 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5299 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5300 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5300 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5301 ······tags:5301 ······tags:
5302 ······-·CCE-86010-65302 ······-·CCE-86010-6
5303 ······-·CJIS-5.5.2.25303 ······-·CJIS-5.5.2.2
5304 ······-·NIST-800-171-3.4.55304 ······-·NIST-800-171-3.4.5
5305 ······-·NIST-800-53-AC-6(1)5305 ······-·NIST-800-53-AC-6(1)
Offset 5332, 16 lines modifiedOffset 5332, 16 lines modified
5332 ······-·no_reboot_needed5332 ······-·no_reboot_needed
  
5333 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg5333 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
5334 ······stat:5334 ······stat:
5335 ········path:·/boot/grub2/grub.cfg5335 ········path:·/boot/grub2/grub.cfg
5336 ······register:·file_exists5336 ······register:·file_exists
5337 ······when:5337 ······when:
5338 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5339 ······-·'"grub2-common"·in·ansible_facts.packages'5338 ······-·'"grub2-common"·in·ansible_facts.packages'
 5339 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5340 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5340 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5341 ······tags:5341 ······tags:
5342 ······-·CCE-83845-85342 ······-·CCE-83845-8
5343 ······-·CJIS-5.5.2.25343 ······-·CJIS-5.5.2.2
5344 ······-·NIST-800-171-3.4.55344 ······-·NIST-800-171-3.4.5
5345 ······-·NIST-800-53-AC-6(1)5345 ······-·NIST-800-53-AC-6(1)
5346 ······-·NIST-800-53-CM-6(a)5346 ······-·NIST-800-53-CM-6(a)
Offset 5354, 16 lines modifiedOffset 5354, 16 lines modified
5354 ······-·no_reboot_needed5354 ······-·no_reboot_needed
  
5355 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg5355 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
5356 ······file:5356 ······file:
5357 ········path:·/boot/grub2/grub.cfg5357 ········path:·/boot/grub2/grub.cfg
5358 ········owner:·'0'5358 ········owner:·'0'
5359 ······when:5359 ······when:
5360 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5361 ······-·'"grub2-common"·in·ansible_facts.packages'5360 ······-·'"grub2-common"·in·ansible_facts.packages'
 5361 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5362 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5362 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5363 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists5363 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
5364 ······tags:5364 ······tags:
5365 ······-·CCE-83845-85365 ······-·CCE-83845-8
5366 ······-·CJIS-5.5.2.25366 ······-·CJIS-5.5.2.2
5367 ······-·NIST-800-171-3.4.55367 ······-·NIST-800-171-3.4.5
5368 ······-·NIST-800-53-AC-6(1)5368 ······-·NIST-800-53-AC-6(1)
Offset 5395, 16 lines modifiedOffset 5395, 16 lines modified
5395 ······-·no_reboot_needed5395 ······-·no_reboot_needed
  
5396 ····-·name:·Test·for·existence·/boot/grub2/user.cfg5396 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
5397 ······stat:5397 ······stat:
5398 ········path:·/boot/grub2/user.cfg5398 ········path:·/boot/grub2/user.cfg
5399 ······register:·file_exists5399 ······register:·file_exists
5400 ······when:5400 ······when:
5401 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5402 ······-·'"grub2-common"·in·ansible_facts.packages'5401 ······-·'"grub2-common"·in·ansible_facts.packages'
 5402 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
5403 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5403 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5404 ······tags:5404 ······tags:
5405 ······-·CCE-86016-35405 ······-·CCE-86016-3
5406 ······-·CJIS-5.5.2.25406 ······-·CJIS-5.5.2.2
5407 ······-·NIST-800-171-3.4.55407 ······-·NIST-800-171-3.4.5
5408 ······-·NIST-800-53-AC-6(1)5408 ······-·NIST-800-53-AC-6(1)
5409 ······-·NIST-800-53-CM-6(a)5409 ······-·NIST-800-53-CM-6(a)
Offset 5417, 16 lines modifiedOffset 5417, 16 lines modified
5417 ······-·no_reboot_needed5417 ······-·no_reboot_needed
Max diff block lines reached; 8573/13188 bytes (65.01%) of diff not shown.
13.1 KB
./usr/share/scap-security-guide/ansible/rhel9-playbook-cis_workstation_l2.yml
Ordering differences only
    
Offset 21825, 16 lines modifiedOffset 21825, 16 lines modified
21825 ······-·no_reboot_needed21825 ······-·no_reboot_needed
  
21826 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg21826 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
21827 ······stat:21827 ······stat:
21828 ········path:·/boot/grub2/grub.cfg21828 ········path:·/boot/grub2/grub.cfg
21829 ······register:·file_exists21829 ······register:·file_exists
21830 ······when:21830 ······when:
21831 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21832 ······-·'"grub2-common"·in·ansible_facts.packages'21831 ······-·'"grub2-common"·in·ansible_facts.packages'
 21832 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21833 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21833 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21834 ······tags:21834 ······tags:
21835 ······-·CCE-83848-221835 ······-·CCE-83848-2
21836 ······-·CJIS-5.5.2.221836 ······-·CJIS-5.5.2.2
21837 ······-·NIST-800-171-3.4.521837 ······-·NIST-800-171-3.4.5
21838 ······-·NIST-800-53-AC-6(1)21838 ······-·NIST-800-53-AC-6(1)
21839 ······-·NIST-800-53-CM-6(a)21839 ······-·NIST-800-53-CM-6(a)
Offset 21847, 16 lines modifiedOffset 21847, 16 lines modified
21847 ······-·no_reboot_needed21847 ······-·no_reboot_needed
  
21848 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg21848 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
21849 ······file:21849 ······file:
21850 ········path:·/boot/grub2/grub.cfg21850 ········path:·/boot/grub2/grub.cfg
21851 ········group:·'0'21851 ········group:·'0'
21852 ······when:21852 ······when:
21853 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21854 ······-·'"grub2-common"·in·ansible_facts.packages'21853 ······-·'"grub2-common"·in·ansible_facts.packages'
 21854 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21855 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21855 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21856 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists21856 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
21857 ······tags:21857 ······tags:
21858 ······-·CCE-83848-221858 ······-·CCE-83848-2
21859 ······-·CJIS-5.5.2.221859 ······-·CJIS-5.5.2.2
21860 ······-·NIST-800-171-3.4.521860 ······-·NIST-800-171-3.4.5
21861 ······-·NIST-800-53-AC-6(1)21861 ······-·NIST-800-53-AC-6(1)
Offset 21888, 16 lines modifiedOffset 21888, 16 lines modified
21888 ······-·no_reboot_needed21888 ······-·no_reboot_needed
  
21889 ····-·name:·Test·for·existence·/boot/grub2/user.cfg21889 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
21890 ······stat:21890 ······stat:
21891 ········path:·/boot/grub2/user.cfg21891 ········path:·/boot/grub2/user.cfg
21892 ······register:·file_exists21892 ······register:·file_exists
21893 ······when:21893 ······when:
21894 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21895 ······-·'"grub2-common"·in·ansible_facts.packages'21894 ······-·'"grub2-common"·in·ansible_facts.packages'
 21895 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21896 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21896 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21897 ······tags:21897 ······tags:
21898 ······-·CCE-86010-621898 ······-·CCE-86010-6
21899 ······-·CJIS-5.5.2.221899 ······-·CJIS-5.5.2.2
21900 ······-·NIST-800-171-3.4.521900 ······-·NIST-800-171-3.4.5
21901 ······-·NIST-800-53-AC-6(1)21901 ······-·NIST-800-53-AC-6(1)
21902 ······-·NIST-800-53-CM-6(a)21902 ······-·NIST-800-53-CM-6(a)
Offset 21910, 16 lines modifiedOffset 21910, 16 lines modified
21910 ······-·no_reboot_needed21910 ······-·no_reboot_needed
  
21911 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg21911 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
21912 ······file:21912 ······file:
21913 ········path:·/boot/grub2/user.cfg21913 ········path:·/boot/grub2/user.cfg
21914 ········group:·'0'21914 ········group:·'0'
21915 ······when:21915 ······when:
21916 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21917 ······-·'"grub2-common"·in·ansible_facts.packages'21916 ······-·'"grub2-common"·in·ansible_facts.packages'
 21917 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21918 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21918 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21919 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists21919 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
21920 ······tags:21920 ······tags:
21921 ······-·CCE-86010-621921 ······-·CCE-86010-6
21922 ······-·CJIS-5.5.2.221922 ······-·CJIS-5.5.2.2
21923 ······-·NIST-800-171-3.4.521923 ······-·NIST-800-171-3.4.5
21924 ······-·NIST-800-53-AC-6(1)21924 ······-·NIST-800-53-AC-6(1)
Offset 21951, 16 lines modifiedOffset 21951, 16 lines modified
21951 ······-·no_reboot_needed21951 ······-·no_reboot_needed
  
21952 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg21952 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
21953 ······stat:21953 ······stat:
21954 ········path:·/boot/grub2/grub.cfg21954 ········path:·/boot/grub2/grub.cfg
21955 ······register:·file_exists21955 ······register:·file_exists
21956 ······when:21956 ······when:
21957 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21958 ······-·'"grub2-common"·in·ansible_facts.packages'21957 ······-·'"grub2-common"·in·ansible_facts.packages'
 21958 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21959 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21959 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21960 ······tags:21960 ······tags:
21961 ······-·CCE-83845-821961 ······-·CCE-83845-8
21962 ······-·CJIS-5.5.2.221962 ······-·CJIS-5.5.2.2
21963 ······-·NIST-800-171-3.4.521963 ······-·NIST-800-171-3.4.5
21964 ······-·NIST-800-53-AC-6(1)21964 ······-·NIST-800-53-AC-6(1)
21965 ······-·NIST-800-53-CM-6(a)21965 ······-·NIST-800-53-CM-6(a)
Offset 21973, 16 lines modifiedOffset 21973, 16 lines modified
21973 ······-·no_reboot_needed21973 ······-·no_reboot_needed
  
21974 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg21974 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
21975 ······file:21975 ······file:
21976 ········path:·/boot/grub2/grub.cfg21976 ········path:·/boot/grub2/grub.cfg
21977 ········owner:·'0'21977 ········owner:·'0'
21978 ······when:21978 ······when:
21979 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
21980 ······-·'"grub2-common"·in·ansible_facts.packages'21979 ······-·'"grub2-common"·in·ansible_facts.packages'
 21980 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
21981 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21981 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21982 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists21982 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
21983 ······tags:21983 ······tags:
21984 ······-·CCE-83845-821984 ······-·CCE-83845-8
21985 ······-·CJIS-5.5.2.221985 ······-·CJIS-5.5.2.2
21986 ······-·NIST-800-171-3.4.521986 ······-·NIST-800-171-3.4.5
21987 ······-·NIST-800-53-AC-6(1)21987 ······-·NIST-800-53-AC-6(1)
Offset 22014, 16 lines modifiedOffset 22014, 16 lines modified
22014 ······-·no_reboot_needed22014 ······-·no_reboot_needed
  
22015 ····-·name:·Test·for·existence·/boot/grub2/user.cfg22015 ····-·name:·Test·for·existence·/boot/grub2/user.cfg
22016 ······stat:22016 ······stat:
22017 ········path:·/boot/grub2/user.cfg22017 ········path:·/boot/grub2/user.cfg
22018 ······register:·file_exists22018 ······register:·file_exists
22019 ······when:22019 ······when:
22020 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22021 ······-·'"grub2-common"·in·ansible_facts.packages'22020 ······-·'"grub2-common"·in·ansible_facts.packages'
 22021 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22022 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22022 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22023 ······tags:22023 ······tags:
22024 ······-·CCE-86016-322024 ······-·CCE-86016-3
22025 ······-·CJIS-5.5.2.222025 ······-·CJIS-5.5.2.2
22026 ······-·NIST-800-171-3.4.522026 ······-·NIST-800-171-3.4.5
22027 ······-·NIST-800-53-AC-6(1)22027 ······-·NIST-800-53-AC-6(1)
22028 ······-·NIST-800-53-CM-6(a)22028 ······-·NIST-800-53-CM-6(a)
Offset 22036, 16 lines modifiedOffset 22036, 16 lines modified
22036 ······-·no_reboot_needed22036 ······-·no_reboot_needed
Max diff block lines reached; 8597/13228 bytes (64.99%) of diff not shown.
2.71 KB
./usr/share/scap-security-guide/ansible/rhel9-playbook-hipaa.yml
Ordering differences only
    
Offset 22306, 16 lines modifiedOffset 22306, 16 lines modified
22306 ······-·no_reboot_needed22306 ······-·no_reboot_needed
  
22307 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg22307 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
22308 ······stat:22308 ······stat:
22309 ········path:·/boot/grub2/grub.cfg22309 ········path:·/boot/grub2/grub.cfg
22310 ······register:·file_exists22310 ······register:·file_exists
22311 ······when:22311 ······when:
22312 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22313 ······-·'"grub2-common"·in·ansible_facts.packages'22312 ······-·'"grub2-common"·in·ansible_facts.packages'
 22313 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22314 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22314 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22315 ······tags:22315 ······tags:
22316 ······-·CCE-83848-222316 ······-·CCE-83848-2
22317 ······-·CJIS-5.5.2.222317 ······-·CJIS-5.5.2.2
22318 ······-·NIST-800-171-3.4.522318 ······-·NIST-800-171-3.4.5
22319 ······-·NIST-800-53-AC-6(1)22319 ······-·NIST-800-53-AC-6(1)
22320 ······-·NIST-800-53-CM-6(a)22320 ······-·NIST-800-53-CM-6(a)
Offset 22328, 16 lines modifiedOffset 22328, 16 lines modified
22328 ······-·no_reboot_needed22328 ······-·no_reboot_needed
  
22329 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg22329 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
22330 ······file:22330 ······file:
22331 ········path:·/boot/grub2/grub.cfg22331 ········path:·/boot/grub2/grub.cfg
22332 ········group:·'0'22332 ········group:·'0'
22333 ······when:22333 ······when:
22334 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22335 ······-·'"grub2-common"·in·ansible_facts.packages'22334 ······-·'"grub2-common"·in·ansible_facts.packages'
 22335 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22336 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22336 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22337 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists22337 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
22338 ······tags:22338 ······tags:
22339 ······-·CCE-83848-222339 ······-·CCE-83848-2
22340 ······-·CJIS-5.5.2.222340 ······-·CJIS-5.5.2.2
22341 ······-·NIST-800-171-3.4.522341 ······-·NIST-800-171-3.4.5
22342 ······-·NIST-800-53-AC-6(1)22342 ······-·NIST-800-53-AC-6(1)
Offset 22369, 16 lines modifiedOffset 22369, 16 lines modified
22369 ······-·no_reboot_needed22369 ······-·no_reboot_needed
  
22370 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg22370 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
22371 ······stat:22371 ······stat:
22372 ········path:·/boot/grub2/grub.cfg22372 ········path:·/boot/grub2/grub.cfg
22373 ······register:·file_exists22373 ······register:·file_exists
22374 ······when:22374 ······when:
22375 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22376 ······-·'"grub2-common"·in·ansible_facts.packages'22375 ······-·'"grub2-common"·in·ansible_facts.packages'
 22376 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22377 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22377 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22378 ······tags:22378 ······tags:
22379 ······-·CCE-83845-822379 ······-·CCE-83845-8
22380 ······-·CJIS-5.5.2.222380 ······-·CJIS-5.5.2.2
22381 ······-·NIST-800-171-3.4.522381 ······-·NIST-800-171-3.4.5
22382 ······-·NIST-800-53-AC-6(1)22382 ······-·NIST-800-53-AC-6(1)
22383 ······-·NIST-800-53-CM-6(a)22383 ······-·NIST-800-53-CM-6(a)
Offset 22391, 16 lines modifiedOffset 22391, 16 lines modified
22391 ······-·no_reboot_needed22391 ······-·no_reboot_needed
  
22392 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg22392 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
22393 ······file:22393 ······file:
22394 ········path:·/boot/grub2/grub.cfg22394 ········path:·/boot/grub2/grub.cfg
22395 ········owner:·'0'22395 ········owner:·'0'
22396 ······when:22396 ······when:
22397 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
22398 ······-·'"grub2-common"·in·ansible_facts.packages'22397 ······-·'"grub2-common"·in·ansible_facts.packages'
 22398 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
22399 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]22399 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
22400 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists22400 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
22401 ······tags:22401 ······tags:
22402 ······-·CCE-83845-822402 ······-·CCE-83845-8
22403 ······-·CJIS-5.5.2.222403 ······-·CJIS-5.5.2.2
22404 ······-·NIST-800-171-3.4.522404 ······-·NIST-800-171-3.4.5
22405 ······-·NIST-800-53-AC-6(1)22405 ······-·NIST-800-53-AC-6(1)
2.71 KB
./usr/share/scap-security-guide/ansible/rhel9-playbook-pci-dss.yml
Ordering differences only
    
Offset 23032, 16 lines modifiedOffset 23032, 16 lines modified
23032 ······-·no_reboot_needed23032 ······-·no_reboot_needed
  
23033 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg23033 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
23034 ······stat:23034 ······stat:
23035 ········path:·/boot/grub2/grub.cfg23035 ········path:·/boot/grub2/grub.cfg
23036 ······register:·file_exists23036 ······register:·file_exists
23037 ······when:23037 ······when:
23038 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
23039 ······-·'"grub2-common"·in·ansible_facts.packages'23038 ······-·'"grub2-common"·in·ansible_facts.packages'
 23039 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
23040 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]23040 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
23041 ······tags:23041 ······tags:
23042 ······-·CCE-83848-223042 ······-·CCE-83848-2
23043 ······-·CJIS-5.5.2.223043 ······-·CJIS-5.5.2.2
23044 ······-·NIST-800-171-3.4.523044 ······-·NIST-800-171-3.4.5
23045 ······-·NIST-800-53-AC-6(1)23045 ······-·NIST-800-53-AC-6(1)
23046 ······-·NIST-800-53-CM-6(a)23046 ······-·NIST-800-53-CM-6(a)
Offset 23054, 16 lines modifiedOffset 23054, 16 lines modified
23054 ······-·no_reboot_needed23054 ······-·no_reboot_needed
  
23055 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg23055 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
23056 ······file:23056 ······file:
23057 ········path:·/boot/grub2/grub.cfg23057 ········path:·/boot/grub2/grub.cfg
23058 ········group:·'0'23058 ········group:·'0'
23059 ······when:23059 ······when:
23060 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
23061 ······-·'"grub2-common"·in·ansible_facts.packages'23060 ······-·'"grub2-common"·in·ansible_facts.packages'
 23061 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
23062 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]23062 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
23063 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists23063 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
23064 ······tags:23064 ······tags:
23065 ······-·CCE-83848-223065 ······-·CCE-83848-2
23066 ······-·CJIS-5.5.2.223066 ······-·CJIS-5.5.2.2
23067 ······-·NIST-800-171-3.4.523067 ······-·NIST-800-171-3.4.5
23068 ······-·NIST-800-53-AC-6(1)23068 ······-·NIST-800-53-AC-6(1)
Offset 23095, 16 lines modifiedOffset 23095, 16 lines modified
23095 ······-·no_reboot_needed23095 ······-·no_reboot_needed
  
23096 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg23096 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
23097 ······stat:23097 ······stat:
23098 ········path:·/boot/grub2/grub.cfg23098 ········path:·/boot/grub2/grub.cfg
23099 ······register:·file_exists23099 ······register:·file_exists
23100 ······when:23100 ······when:
23101 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
23102 ······-·'"grub2-common"·in·ansible_facts.packages'23101 ······-·'"grub2-common"·in·ansible_facts.packages'
 23102 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
23103 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]23103 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
23104 ······tags:23104 ······tags:
23105 ······-·CCE-83845-823105 ······-·CCE-83845-8
23106 ······-·CJIS-5.5.2.223106 ······-·CJIS-5.5.2.2
23107 ······-·NIST-800-171-3.4.523107 ······-·NIST-800-171-3.4.5
23108 ······-·NIST-800-53-AC-6(1)23108 ······-·NIST-800-53-AC-6(1)
23109 ······-·NIST-800-53-CM-6(a)23109 ······-·NIST-800-53-CM-6(a)
Offset 23117, 16 lines modifiedOffset 23117, 16 lines modified
23117 ······-·no_reboot_needed23117 ······-·no_reboot_needed
  
23118 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg23118 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
23119 ······file:23119 ······file:
23120 ········path:·/boot/grub2/grub.cfg23120 ········path:·/boot/grub2/grub.cfg
23121 ········owner:·'0'23121 ········owner:·'0'
23122 ······when:23122 ······when:
23123 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
23124 ······-·'"grub2-common"·in·ansible_facts.packages'23123 ······-·'"grub2-common"·in·ansible_facts.packages'
 23124 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
23125 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]23125 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
23126 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists23126 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
23127 ······tags:23127 ······tags:
23128 ······-·CCE-83845-823128 ······-·CCE-83845-8
23129 ······-·CJIS-5.5.2.223129 ······-·CJIS-5.5.2.2
23130 ······-·NIST-800-171-3.4.523130 ······-·NIST-800-171-3.4.5
23131 ······-·NIST-800-53-AC-6(1)23131 ······-·NIST-800-53-AC-6(1)
2.06 KB
./usr/share/scap-security-guide/ansible/rhel9-playbook-stig.yml
Ordering differences only
    
Offset 35864, 16 lines modifiedOffset 35864, 16 lines modified
35864 ······-·no_reboot_needed35864 ······-·no_reboot_needed
  
35865 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg35865 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
35866 ······stat:35866 ······stat:
35867 ········path:·/boot/grub2/grub.cfg35867 ········path:·/boot/grub2/grub.cfg
35868 ······register:·file_exists35868 ······register:·file_exists
35869 ······when:35869 ······when:
35870 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
35871 ······-·'"grub2-common"·in·ansible_facts.packages'35870 ······-·'"grub2-common"·in·ansible_facts.packages'
 35871 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
35872 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]35872 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
35873 ······tags:35873 ······tags:
35874 ······-·CCE-83848-235874 ······-·CCE-83848-2
35875 ······-·CJIS-5.5.2.235875 ······-·CJIS-5.5.2.2
35876 ······-·NIST-800-171-3.4.535876 ······-·NIST-800-171-3.4.5
35877 ······-·NIST-800-53-AC-6(1)35877 ······-·NIST-800-53-AC-6(1)
35878 ······-·NIST-800-53-CM-6(a)35878 ······-·NIST-800-53-CM-6(a)
Offset 35886, 16 lines modifiedOffset 35886, 16 lines modified
35886 ······-·no_reboot_needed35886 ······-·no_reboot_needed
  
35887 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg35887 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
35888 ······file:35888 ······file:
35889 ········path:·/boot/grub2/grub.cfg35889 ········path:·/boot/grub2/grub.cfg
35890 ········group:·'0'35890 ········group:·'0'
35891 ······when:35891 ······when:
35892 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
35893 ······-·'"grub2-common"·in·ansible_facts.packages'35892 ······-·'"grub2-common"·in·ansible_facts.packages'
 35893 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
35894 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]35894 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
35895 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists35895 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
35896 ······tags:35896 ······tags:
35897 ······-·CCE-83848-235897 ······-·CCE-83848-2
35898 ······-·CJIS-5.5.2.235898 ······-·CJIS-5.5.2.2
35899 ······-·NIST-800-171-3.4.535899 ······-·NIST-800-171-3.4.5
35900 ······-·NIST-800-53-AC-6(1)35900 ······-·NIST-800-53-AC-6(1)
Offset 44633, 16 lines modifiedOffset 44633, 16 lines modified
44633 ········lineinfile:44633 ········lineinfile:
44634 ··········path:·/etc/postfix/main.cf44634 ··········path:·/etc/postfix/main.cf
44635 ··········create:·true44635 ··········create:·true
44636 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*44636 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
44637 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject44637 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject
44638 ··········state:·present44638 ··········state:·present
44639 ······when:44639 ······when:
44640 ······-·'"postfix"·in·ansible_facts.packages' 
44641 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]44640 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 44641 ······-·'"postfix"·in·ansible_facts.packages'
44642 ······tags:44642 ······tags:
44643 ······-·CCE-87232-544643 ······-·CCE-87232-5
44644 ······-·low_complexity44644 ······-·low_complexity
44645 ······-·low_disruption44645 ······-·low_disruption
44646 ······-·medium_severity44646 ······-·medium_severity
44647 ······-·no_reboot_needed44647 ······-·no_reboot_needed
44648 ······-·postfix_prevent_unrestricted_relay44648 ······-·postfix_prevent_unrestricted_relay
2.07 KB
./usr/share/scap-security-guide/ansible/rhel9-playbook-stig_gui.yml
Ordering differences only
    
Offset 35836, 16 lines modifiedOffset 35836, 16 lines modified
35836 ······-·no_reboot_needed35836 ······-·no_reboot_needed
  
35837 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg35837 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
35838 ······stat:35838 ······stat:
35839 ········path:·/boot/grub2/grub.cfg35839 ········path:·/boot/grub2/grub.cfg
35840 ······register:·file_exists35840 ······register:·file_exists
35841 ······when:35841 ······when:
35842 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
35843 ······-·'"grub2-common"·in·ansible_facts.packages'35842 ······-·'"grub2-common"·in·ansible_facts.packages'
 35843 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
35844 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]35844 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
35845 ······tags:35845 ······tags:
35846 ······-·CCE-83848-235846 ······-·CCE-83848-2
35847 ······-·CJIS-5.5.2.235847 ······-·CJIS-5.5.2.2
35848 ······-·NIST-800-171-3.4.535848 ······-·NIST-800-171-3.4.5
35849 ······-·NIST-800-53-AC-6(1)35849 ······-·NIST-800-53-AC-6(1)
35850 ······-·NIST-800-53-CM-6(a)35850 ······-·NIST-800-53-CM-6(a)
Offset 35858, 16 lines modifiedOffset 35858, 16 lines modified
35858 ······-·no_reboot_needed35858 ······-·no_reboot_needed
  
35859 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg35859 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
35860 ······file:35860 ······file:
35861 ········path:·/boot/grub2/grub.cfg35861 ········path:·/boot/grub2/grub.cfg
35862 ········group:·'0'35862 ········group:·'0'
35863 ······when:35863 ······when:
35864 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
35865 ······-·'"grub2-common"·in·ansible_facts.packages'35864 ······-·'"grub2-common"·in·ansible_facts.packages'
 35865 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
35866 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]35866 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
35867 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists35867 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
35868 ······tags:35868 ······tags:
35869 ······-·CCE-83848-235869 ······-·CCE-83848-2
35870 ······-·CJIS-5.5.2.235870 ······-·CJIS-5.5.2.2
35871 ······-·NIST-800-171-3.4.535871 ······-·NIST-800-171-3.4.5
35872 ······-·NIST-800-53-AC-6(1)35872 ······-·NIST-800-53-AC-6(1)
Offset 44605, 16 lines modifiedOffset 44605, 16 lines modified
44605 ········lineinfile:44605 ········lineinfile:
44606 ··········path:·/etc/postfix/main.cf44606 ··········path:·/etc/postfix/main.cf
44607 ··········create:·true44607 ··········create:·true
44608 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*44608 ··········regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
44609 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject44609 ··········line:·smtpd_client_restrictions·=·permit_mynetworks,reject
44610 ··········state:·present44610 ··········state:·present
44611 ······when:44611 ······when:
44612 ······-·'"postfix"·in·ansible_facts.packages' 
44613 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]44612 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 44613 ······-·'"postfix"·in·ansible_facts.packages'
44614 ······tags:44614 ······tags:
44615 ······-·CCE-87232-544615 ······-·CCE-87232-5
44616 ······-·low_complexity44616 ······-·low_complexity
44617 ······-·low_disruption44617 ······-·low_disruption
44618 ······-·medium_severity44618 ······-·medium_severity
44619 ······-·no_reboot_needed44619 ······-·no_reboot_needed
44620 ······-·postfix_prevent_unrestricted_relay44620 ······-·postfix_prevent_unrestricted_relay
109 KB
./usr/share/scap-security-guide/ansible/sl7-playbook-pci-dss.yml
Ordering differences only
    
Offset 4494, 16 lines modifiedOffset 4494, 16 lines modified
  
4494 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension4494 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
4495 ······find:4495 ······find:
4496 ········paths:·/etc/audit/rules.d/4496 ········paths:·/etc/audit/rules.d/
4497 ········patterns:·'*.rules'4497 ········patterns:·'*.rules'
4498 ······register:·find_rules_d4498 ······register:·find_rules_d
4499 ······when:4499 ······when:
4500 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4501 ······-·'"audit"·in·ansible_facts.packages'4500 ······-·'"audit"·in·ansible_facts.packages'
 4501 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4502 ······tags:4502 ······tags:
4503 ······-·CJIS-5.4.1.14503 ······-·CJIS-5.4.1.1
4504 ······-·NIST-800-171-3.3.14504 ······-·NIST-800-171-3.3.1
4505 ······-·NIST-800-171-3.4.34505 ······-·NIST-800-171-3.4.3
4506 ······-·NIST-800-53-AC-6(9)4506 ······-·NIST-800-53-AC-6(9)
4507 ······-·NIST-800-53-CM-6(a)4507 ······-·NIST-800-53-CM-6(a)
4508 ······-·PCI-DSS-Req-10.5.24508 ······-·PCI-DSS-Req-10.5.2
Offset 4518, 16 lines modifiedOffset 4518, 16 lines modified
4518 ······lineinfile:4518 ······lineinfile:
4519 ········path:·'{{·item·}}'4519 ········path:·'{{·item·}}'
4520 ········regexp:·^\s*(?:-e)\s+.*$4520 ········regexp:·^\s*(?:-e)\s+.*$
4521 ········state:·absent4521 ········state:·absent
4522 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']4522 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
4523 ········}}'4523 ········}}'
4524 ······when:4524 ······when:
4525 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4526 ······-·'"audit"·in·ansible_facts.packages'4525 ······-·'"audit"·in·ansible_facts.packages'
 4526 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4527 ······tags:4527 ······tags:
4528 ······-·CJIS-5.4.1.14528 ······-·CJIS-5.4.1.1
4529 ······-·NIST-800-171-3.3.14529 ······-·NIST-800-171-3.3.1
4530 ······-·NIST-800-171-3.4.34530 ······-·NIST-800-171-3.4.3
4531 ······-·NIST-800-53-AC-6(9)4531 ······-·NIST-800-53-AC-6(9)
4532 ······-·NIST-800-53-CM-6(a)4532 ······-·NIST-800-53-CM-6(a)
4533 ······-·PCI-DSS-Req-10.5.24533 ······-·PCI-DSS-Req-10.5.2
Offset 4544, 16 lines modifiedOffset 4544, 16 lines modified
4544 ········create:·true4544 ········create:·true
4545 ········line:·-e·24545 ········line:·-e·2
4546 ········mode:·o-rwx4546 ········mode:·o-rwx
4547 ······loop:4547 ······loop:
4548 ······-·/etc/audit/audit.rules4548 ······-·/etc/audit/audit.rules
4549 ······-·/etc/audit/rules.d/immutable.rules4549 ······-·/etc/audit/rules.d/immutable.rules
4550 ······when:4550 ······when:
4551 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4552 ······-·'"audit"·in·ansible_facts.packages'4551 ······-·'"audit"·in·ansible_facts.packages'
 4552 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4553 ······tags:4553 ······tags:
4554 ······-·CJIS-5.4.1.14554 ······-·CJIS-5.4.1.1
4555 ······-·NIST-800-171-3.3.14555 ······-·NIST-800-171-3.3.1
4556 ······-·NIST-800-171-3.4.34556 ······-·NIST-800-171-3.4.3
4557 ······-·NIST-800-53-AC-6(9)4557 ······-·NIST-800-53-AC-6(9)
4558 ······-·NIST-800-53-CM-6(a)4558 ······-·NIST-800-53-CM-6(a)
4559 ······-·PCI-DSS-Req-10.5.24559 ······-·PCI-DSS-Req-10.5.2
Offset 4585, 16 lines modifiedOffset 4585, 16 lines modified
4585 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/4585 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
4586 ······find:4586 ······find:
4587 ········paths:·/etc/audit/rules.d4587 ········paths:·/etc/audit/rules.d
4588 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+4588 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
4589 ········patterns:·'*.rules'4589 ········patterns:·'*.rules'
4590 ······register:·find_existing_watch_rules_d4590 ······register:·find_existing_watch_rules_d
4591 ······when:4591 ······when:
4592 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4593 ······-·'"audit"·in·ansible_facts.packages'4592 ······-·'"audit"·in·ansible_facts.packages'
 4593 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4594 ······tags:4594 ······tags:
4595 ······-·CJIS-5.4.1.14595 ······-·CJIS-5.4.1.1
4596 ······-·NIST-800-171-3.1.84596 ······-·NIST-800-171-3.1.8
4597 ······-·NIST-800-53-AU-12(c)4597 ······-·NIST-800-53-AU-12(c)
4598 ······-·NIST-800-53-AU-2(d)4598 ······-·NIST-800-53-AU-2(d)
4599 ······-·NIST-800-53-CM-6(a)4599 ······-·NIST-800-53-CM-6(a)
4600 ······-·PCI-DSS-Req-10.5.54600 ······-·PCI-DSS-Req-10.5.5
Offset 4608, 16 lines modifiedOffset 4608, 16 lines modified
4608 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy4608 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
4609 ······find:4609 ······find:
4610 ········paths:·/etc/audit/rules.d4610 ········paths:·/etc/audit/rules.d
4611 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$4611 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
4612 ········patterns:·'*.rules'4612 ········patterns:·'*.rules'
4613 ······register:·find_watch_key4613 ······register:·find_watch_key
4614 ······when:4614 ······when:
4615 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4616 ······-·'"audit"·in·ansible_facts.packages'4615 ······-·'"audit"·in·ansible_facts.packages'
 4616 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4617 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched4617 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
4618 ········==·04618 ········==·0
4619 ······tags:4619 ······tags:
4620 ······-·CJIS-5.4.1.14620 ······-·CJIS-5.4.1.1
4621 ······-·NIST-800-171-3.1.84621 ······-·NIST-800-171-3.1.8
4622 ······-·NIST-800-53-AU-12(c)4622 ······-·NIST-800-53-AU-12(c)
4623 ······-·NIST-800-53-AU-2(d)4623 ······-·NIST-800-53-AU-2(d)
Offset 4631, 16 lines modifiedOffset 4631, 16 lines modified
4631 ······-·restrict_strategy4631 ······-·restrict_strategy
  
4632 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule4632 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
4633 ······set_fact:4633 ······set_fact:
4634 ········all_files:4634 ········all_files:
4635 ········-·/etc/audit/rules.d/MAC-policy.rules4635 ········-·/etc/audit/rules.d/MAC-policy.rules
4636 ······when:4636 ······when:
4637 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4638 ······-·'"audit"·in·ansible_facts.packages'4637 ······-·'"audit"·in·ansible_facts.packages'
 4638 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4639 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched4639 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
4640 ········is·defined·and·find_existing_watch_rules_d.matched·==·04640 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
4641 ······tags:4641 ······tags:
4642 ······-·CJIS-5.4.1.14642 ······-·CJIS-5.4.1.1
4643 ······-·NIST-800-171-3.1.84643 ······-·NIST-800-171-3.1.8
4644 ······-·NIST-800-53-AU-12(c)4644 ······-·NIST-800-53-AU-12(c)
4645 ······-·NIST-800-53-AU-2(d)4645 ······-·NIST-800-53-AU-2(d)
Offset 4654, 16 lines modifiedOffset 4654, 16 lines modified
4654 ······-·restrict_strategy4654 ······-·restrict_strategy
  
4655 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule4655 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
4656 ······set_fact:4656 ······set_fact:
4657 ········all_files:4657 ········all_files:
4658 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'4658 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
4659 ······when:4659 ······when:
4660 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
4661 ······-·'"audit"·in·ansible_facts.packages'4660 ······-·'"audit"·in·ansible_facts.packages'
 4661 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4662 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched4662 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
4663 ········is·defined·and·find_existing_watch_rules_d.matched·==·04663 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
4664 ······tags:4664 ······tags:
4665 ······-·CJIS-5.4.1.14665 ······-·CJIS-5.4.1.1
4666 ······-·NIST-800-171-3.1.84666 ······-·NIST-800-171-3.1.8
4667 ······-·NIST-800-53-AU-12(c)4667 ······-·NIST-800-53-AU-12(c)
4668 ······-·NIST-800-53-AU-2(d)4668 ······-·NIST-800-53-AU-2(d)
Offset 4679, 16 lines modifiedOffset 4679, 16 lines modified
4679 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/4679 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
Max diff block lines reached; 106634/111669 bytes (95.49%) of diff not shown.
85.0 KB
./usr/share/scap-security-guide/ansible/sl7-playbook-standard.yml
Ordering differences only
    
Offset 644, 16 lines modifiedOffset 644, 16 lines modified
644 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/644 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
645 ······find:645 ······find:
646 ········paths:·/etc/audit/rules.d646 ········paths:·/etc/audit/rules.d
647 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+647 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
648 ········patterns:·'*.rules'648 ········patterns:·'*.rules'
649 ······register:·find_existing_watch_rules_d649 ······register:·find_existing_watch_rules_d
650 ······when:650 ······when:
651 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
652 ······-·'"audit"·in·ansible_facts.packages'651 ······-·'"audit"·in·ansible_facts.packages'
 652 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
653 ······tags:653 ······tags:
654 ······-·CJIS-5.4.1.1654 ······-·CJIS-5.4.1.1
655 ······-·NIST-800-171-3.1.8655 ······-·NIST-800-171-3.1.8
656 ······-·NIST-800-53-AU-12(c)656 ······-·NIST-800-53-AU-12(c)
657 ······-·NIST-800-53-AU-2(d)657 ······-·NIST-800-53-AU-2(d)
658 ······-·NIST-800-53-CM-6(a)658 ······-·NIST-800-53-CM-6(a)
659 ······-·PCI-DSS-Req-10.5.5659 ······-·PCI-DSS-Req-10.5.5
Offset 667, 16 lines modifiedOffset 667, 16 lines modified
667 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy667 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
668 ······find:668 ······find:
669 ········paths:·/etc/audit/rules.d669 ········paths:·/etc/audit/rules.d
670 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$670 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
671 ········patterns:·'*.rules'671 ········patterns:·'*.rules'
672 ······register:·find_watch_key672 ······register:·find_watch_key
673 ······when:673 ······when:
674 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
675 ······-·'"audit"·in·ansible_facts.packages'674 ······-·'"audit"·in·ansible_facts.packages'
 675 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
676 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched676 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
677 ········==·0677 ········==·0
678 ······tags:678 ······tags:
679 ······-·CJIS-5.4.1.1679 ······-·CJIS-5.4.1.1
680 ······-·NIST-800-171-3.1.8680 ······-·NIST-800-171-3.1.8
681 ······-·NIST-800-53-AU-12(c)681 ······-·NIST-800-53-AU-12(c)
682 ······-·NIST-800-53-AU-2(d)682 ······-·NIST-800-53-AU-2(d)
Offset 690, 16 lines modifiedOffset 690, 16 lines modified
690 ······-·restrict_strategy690 ······-·restrict_strategy
  
691 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule691 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
692 ······set_fact:692 ······set_fact:
693 ········all_files:693 ········all_files:
694 ········-·/etc/audit/rules.d/MAC-policy.rules694 ········-·/etc/audit/rules.d/MAC-policy.rules
695 ······when:695 ······when:
696 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
697 ······-·'"audit"·in·ansible_facts.packages'696 ······-·'"audit"·in·ansible_facts.packages'
 697 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
698 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched698 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
699 ········is·defined·and·find_existing_watch_rules_d.matched·==·0699 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
700 ······tags:700 ······tags:
701 ······-·CJIS-5.4.1.1701 ······-·CJIS-5.4.1.1
702 ······-·NIST-800-171-3.1.8702 ······-·NIST-800-171-3.1.8
703 ······-·NIST-800-53-AU-12(c)703 ······-·NIST-800-53-AU-12(c)
704 ······-·NIST-800-53-AU-2(d)704 ······-·NIST-800-53-AU-2(d)
Offset 713, 16 lines modifiedOffset 713, 16 lines modified
713 ······-·restrict_strategy713 ······-·restrict_strategy
  
714 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule714 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
715 ······set_fact:715 ······set_fact:
716 ········all_files:716 ········all_files:
717 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'717 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
718 ······when:718 ······when:
719 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
720 ······-·'"audit"·in·ansible_facts.packages'719 ······-·'"audit"·in·ansible_facts.packages'
 720 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
721 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched721 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
722 ········is·defined·and·find_existing_watch_rules_d.matched·==·0722 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
723 ······tags:723 ······tags:
724 ······-·CJIS-5.4.1.1724 ······-·CJIS-5.4.1.1
725 ······-·NIST-800-171-3.1.8725 ······-·NIST-800-171-3.1.8
726 ······-·NIST-800-53-AU-12(c)726 ······-·NIST-800-53-AU-12(c)
727 ······-·NIST-800-53-AU-2(d)727 ······-·NIST-800-53-AU-2(d)
Offset 738, 16 lines modifiedOffset 738, 16 lines modified
738 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/738 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
739 ······lineinfile:739 ······lineinfile:
740 ········path:·'{{·all_files[0]·}}'740 ········path:·'{{·all_files[0]·}}'
741 ········line:·-w·/etc/selinux/·-p·wa·-k·MAC-policy741 ········line:·-w·/etc/selinux/·-p·wa·-k·MAC-policy
742 ········create:·true742 ········create:·true
743 ········mode:·'0640'743 ········mode:·'0640'
744 ······when:744 ······when:
745 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
746 ······-·'"audit"·in·ansible_facts.packages'745 ······-·'"audit"·in·ansible_facts.packages'
 746 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
747 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched747 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
748 ········==·0748 ········==·0
749 ······tags:749 ······tags:
750 ······-·CJIS-5.4.1.1750 ······-·CJIS-5.4.1.1
751 ······-·NIST-800-171-3.1.8751 ······-·NIST-800-171-3.1.8
752 ······-·NIST-800-53-AU-12(c)752 ······-·NIST-800-53-AU-12(c)
753 ······-·NIST-800-53-AU-2(d)753 ······-·NIST-800-53-AU-2(d)
Offset 763, 16 lines modifiedOffset 763, 16 lines modified
763 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/audit.rules763 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/audit.rules
764 ······find:764 ······find:
765 ········paths:·/etc/audit/765 ········paths:·/etc/audit/
766 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+766 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
767 ········patterns:·audit.rules767 ········patterns:·audit.rules
768 ······register:·find_existing_watch_audit_rules768 ······register:·find_existing_watch_audit_rules
769 ······when:769 ······when:
770 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
771 ······-·'"audit"·in·ansible_facts.packages'770 ······-·'"audit"·in·ansible_facts.packages'
 771 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
772 ······tags:772 ······tags:
773 ······-·CJIS-5.4.1.1773 ······-·CJIS-5.4.1.1
774 ······-·NIST-800-171-3.1.8774 ······-·NIST-800-171-3.1.8
775 ······-·NIST-800-53-AU-12(c)775 ······-·NIST-800-53-AU-12(c)
776 ······-·NIST-800-53-AU-2(d)776 ······-·NIST-800-53-AU-2(d)
777 ······-·NIST-800-53-CM-6(a)777 ······-·NIST-800-53-CM-6(a)
778 ······-·PCI-DSS-Req-10.5.5778 ······-·PCI-DSS-Req-10.5.5
Offset 787, 16 lines modifiedOffset 787, 16 lines modified
787 ······lineinfile:787 ······lineinfile:
788 ········line:·-w·/etc/selinux/·-p·wa·-k·MAC-policy788 ········line:·-w·/etc/selinux/·-p·wa·-k·MAC-policy
789 ········state:·present789 ········state:·present
790 ········dest:·/etc/audit/audit.rules790 ········dest:·/etc/audit/audit.rules
791 ········create:·true791 ········create:·true
792 ········mode:·'0640'792 ········mode:·'0640'
793 ······when:793 ······when:
794 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"] 
795 ······-·'"audit"·in·ansible_facts.packages'794 ······-·'"audit"·in·ansible_facts.packages'
 795 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
796 ······-·find_existing_watch_audit_rules.matched·is·defined·and·find_existing_watch_audit_rules.matched796 ······-·find_existing_watch_audit_rules.matched·is·defined·and·find_existing_watch_audit_rules.matched
797 ········==·0797 ········==·0
798 ······tags:798 ······tags:
799 ······-·CJIS-5.4.1.1799 ······-·CJIS-5.4.1.1
800 ······-·NIST-800-171-3.1.8800 ······-·NIST-800-171-3.1.8
801 ······-·NIST-800-53-AU-12(c)801 ······-·NIST-800-53-AU-12(c)
802 ······-·NIST-800-53-AU-2(d)802 ······-·NIST-800-53-AU-2(d)
Offset 829, 16 lines modifiedOffset 829, 16 lines modified
829 ······-·reboot_required829 ······-·reboot_required
Max diff block lines reached; 81679/86895 bytes (94.00%) of diff not shown.
854 B
./usr/share/scap-security-guide/ansible/sle12-playbook-anssi_bp28_enhanced.yml
Ordering differences only
    
Offset 3960, 16 lines modifiedOffset 3960, 16 lines modified
3960 ··········line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x3960 ··········line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x
3961 ············-F·auid>=1000·-F·auid!=unset·-F·key=privileged3961 ············-F·auid>=1000·-F·auid!=unset·-F·key=privileged
3962 ··········create:·true3962 ··········create:·true
3963 ··········mode:·o-rwx3963 ··········mode:·o-rwx
3964 ··········state:·present3964 ··········state:·present
3965 ········when:·syscalls_found·|·length·==·03965 ········when:·syscalls_found·|·length·==·0
3966 ······when:3966 ······when:
3967 ······-·'"audit"·in·ansible_facts.packages' 
3968 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3967 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3968 ······-·'"audit"·in·ansible_facts.packages'
3969 ······tags:3969 ······tags:
3970 ······-·CCE-83144-63970 ······-·CCE-83144-6
3971 ······-·DISA-STIG-SLES-12-0202603971 ······-·DISA-STIG-SLES-12-020260
3972 ······-·NIST-800-171-3.1.73972 ······-·NIST-800-171-3.1.7
3973 ······-·NIST-800-53-AC-6(9)3973 ······-·NIST-800-53-AC-6(9)
3974 ······-·NIST-800-53-AU-12(c)3974 ······-·NIST-800-53-AU-12(c)
3975 ······-·NIST-800-53-AU-2(d)3975 ······-·NIST-800-53-AU-2(d)
846 B
./usr/share/scap-security-guide/ansible/sle12-playbook-anssi_bp28_high.yml
Ordering differences only
    
Offset 4234, 16 lines modifiedOffset 4234, 16 lines modified
4234 ··········line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x4234 ··········line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x
4235 ············-F·auid>=1000·-F·auid!=unset·-F·key=privileged4235 ············-F·auid>=1000·-F·auid!=unset·-F·key=privileged
4236 ··········create:·true4236 ··········create:·true
4237 ··········mode:·o-rwx4237 ··········mode:·o-rwx
4238 ··········state:·present4238 ··········state:·present
4239 ········when:·syscalls_found·|·length·==·04239 ········when:·syscalls_found·|·length·==·0
4240 ······when:4240 ······when:
4241 ······-·'"audit"·in·ansible_facts.packages' 
4242 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4241 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4242 ······-·'"audit"·in·ansible_facts.packages'
4243 ······tags:4243 ······tags:
4244 ······-·CCE-83144-64244 ······-·CCE-83144-6
4245 ······-·DISA-STIG-SLES-12-0202604245 ······-·DISA-STIG-SLES-12-020260
4246 ······-·NIST-800-171-3.1.74246 ······-·NIST-800-171-3.1.7
4247 ······-·NIST-800-53-AC-6(9)4247 ······-·NIST-800-53-AC-6(9)
4248 ······-·NIST-800-53-AU-12(c)4248 ······-·NIST-800-53-AU-12(c)
4249 ······-·NIST-800-53-AU-2(d)4249 ······-·NIST-800-53-AU-2(d)
862 B
./usr/share/scap-security-guide/ansible/sle12-playbook-anssi_bp28_intermediary.yml
Ordering differences only
    
Offset 3606, 16 lines modifiedOffset 3606, 16 lines modified
3606 ··········line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x3606 ··········line:·-a·always,exit{{·syscalls·|·join(',')·}}·-F·path=/usr/bin/sudo·-F·perm=x
3607 ············-F·auid>=1000·-F·auid!=unset·-F·key=privileged3607 ············-F·auid>=1000·-F·auid!=unset·-F·key=privileged
3608 ··········create:·true3608 ··········create:·true
3609 ··········mode:·o-rwx3609 ··········mode:·o-rwx
3610 ··········state:·present3610 ··········state:·present
3611 ········when:·syscalls_found·|·length·==·03611 ········when:·syscalls_found·|·length·==·0
3612 ······when:3612 ······when:
3613 ······-·'"audit"·in·ansible_facts.packages' 
3614 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3613 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3614 ······-·'"audit"·in·ansible_facts.packages'
3615 ······tags:3615 ······tags:
3616 ······-·CCE-83144-63616 ······-·CCE-83144-6
3617 ······-·DISA-STIG-SLES-12-0202603617 ······-·DISA-STIG-SLES-12-020260
3618 ······-·NIST-800-171-3.1.73618 ······-·NIST-800-171-3.1.7
3619 ······-·NIST-800-53-AC-6(9)3619 ······-·NIST-800-53-AC-6(9)
3620 ······-·NIST-800-53-AU-12(c)3620 ······-·NIST-800-53-AU-12(c)
3621 ······-·NIST-800-53-AU-2(d)3621 ······-·NIST-800-53-AU-2(d)
165 KB
./usr/share/scap-security-guide/ansible/sle12-playbook-cis.yml
Ordering differences only
    
Offset 2900, 16 lines modifiedOffset 2900, 16 lines modified
  
2900 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension2900 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
2901 ······find:2901 ······find:
2902 ········paths:·/etc/audit/rules.d/2902 ········paths:·/etc/audit/rules.d/
2903 ········patterns:·'*.rules'2903 ········patterns:·'*.rules'
2904 ······register:·find_rules_d2904 ······register:·find_rules_d
2905 ······when:2905 ······when:
2906 ······-·'"audit"·in·ansible_facts.packages' 
2907 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2906 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 2907 ······-·'"audit"·in·ansible_facts.packages'
2908 ······tags:2908 ······tags:
2909 ······-·CCE-91554-62909 ······-·CCE-91554-6
2910 ······-·CJIS-5.4.1.12910 ······-·CJIS-5.4.1.1
2911 ······-·NIST-800-171-3.3.12911 ······-·NIST-800-171-3.3.1
2912 ······-·NIST-800-171-3.4.32912 ······-·NIST-800-171-3.4.3
2913 ······-·NIST-800-53-AC-6(9)2913 ······-·NIST-800-53-AC-6(9)
2914 ······-·NIST-800-53-CM-6(a)2914 ······-·NIST-800-53-CM-6(a)
Offset 2925, 16 lines modifiedOffset 2925, 16 lines modified
2925 ······lineinfile:2925 ······lineinfile:
2926 ········path:·'{{·item·}}'2926 ········path:·'{{·item·}}'
2927 ········regexp:·^\s*(?:-e)\s+.*$2927 ········regexp:·^\s*(?:-e)\s+.*$
2928 ········state:·absent2928 ········state:·absent
2929 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']2929 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
2930 ········}}'2930 ········}}'
2931 ······when:2931 ······when:
2932 ······-·'"audit"·in·ansible_facts.packages' 
2933 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2932 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 2933 ······-·'"audit"·in·ansible_facts.packages'
2934 ······tags:2934 ······tags:
2935 ······-·CCE-91554-62935 ······-·CCE-91554-6
2936 ······-·CJIS-5.4.1.12936 ······-·CJIS-5.4.1.1
2937 ······-·NIST-800-171-3.3.12937 ······-·NIST-800-171-3.3.1
2938 ······-·NIST-800-171-3.4.32938 ······-·NIST-800-171-3.4.3
2939 ······-·NIST-800-53-AC-6(9)2939 ······-·NIST-800-53-AC-6(9)
2940 ······-·NIST-800-53-CM-6(a)2940 ······-·NIST-800-53-CM-6(a)
Offset 2952, 16 lines modifiedOffset 2952, 16 lines modified
2952 ········create:·true2952 ········create:·true
2953 ········line:·-e·22953 ········line:·-e·2
2954 ········mode:·o-rwx2954 ········mode:·o-rwx
2955 ······loop:2955 ······loop:
2956 ······-·/etc/audit/audit.rules2956 ······-·/etc/audit/audit.rules
2957 ······-·/etc/audit/rules.d/immutable.rules2957 ······-·/etc/audit/rules.d/immutable.rules
2958 ······when:2958 ······when:
2959 ······-·'"audit"·in·ansible_facts.packages' 
2960 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2959 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 2960 ······-·'"audit"·in·ansible_facts.packages'
2961 ······tags:2961 ······tags:
2962 ······-·CCE-91554-62962 ······-·CCE-91554-6
2963 ······-·CJIS-5.4.1.12963 ······-·CJIS-5.4.1.1
2964 ······-·NIST-800-171-3.3.12964 ······-·NIST-800-171-3.3.1
2965 ······-·NIST-800-171-3.4.32965 ······-·NIST-800-171-3.4.3
2966 ······-·NIST-800-53-AC-6(9)2966 ······-·NIST-800-53-AC-6(9)
2967 ······-·NIST-800-53-CM-6(a)2967 ······-·NIST-800-53-CM-6(a)
Offset 2995, 16 lines modifiedOffset 2995, 16 lines modified
2995 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/2995 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
2996 ······find:2996 ······find:
2997 ········paths:·/etc/audit/rules.d2997 ········paths:·/etc/audit/rules.d
2998 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+2998 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
2999 ········patterns:·'*.rules'2999 ········patterns:·'*.rules'
3000 ······register:·find_existing_watch_rules_d3000 ······register:·find_existing_watch_rules_d
3001 ······when:3001 ······when:
3002 ······-·'"audit"·in·ansible_facts.packages' 
3003 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3002 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3003 ······-·'"audit"·in·ansible_facts.packages'
3004 ······tags:3004 ······tags:
3005 ······-·CCE-91601-53005 ······-·CCE-91601-5
3006 ······-·CJIS-5.4.1.13006 ······-·CJIS-5.4.1.1
3007 ······-·NIST-800-171-3.1.83007 ······-·NIST-800-171-3.1.8
3008 ······-·NIST-800-53-AU-12(c)3008 ······-·NIST-800-53-AU-12(c)
3009 ······-·NIST-800-53-AU-2(d)3009 ······-·NIST-800-53-AU-2(d)
3010 ······-·NIST-800-53-CM-6(a)3010 ······-·NIST-800-53-CM-6(a)
Offset 3019, 16 lines modifiedOffset 3019, 16 lines modified
3019 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy3019 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
3020 ······find:3020 ······find:
3021 ········paths:·/etc/audit/rules.d3021 ········paths:·/etc/audit/rules.d
3022 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$3022 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
3023 ········patterns:·'*.rules'3023 ········patterns:·'*.rules'
3024 ······register:·find_watch_key3024 ······register:·find_watch_key
3025 ······when:3025 ······when:
3026 ······-·'"audit"·in·ansible_facts.packages' 
3027 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3026 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3027 ······-·'"audit"·in·ansible_facts.packages'
3028 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched3028 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
3029 ········==·03029 ········==·0
3030 ······tags:3030 ······tags:
3031 ······-·CCE-91601-53031 ······-·CCE-91601-5
3032 ······-·CJIS-5.4.1.13032 ······-·CJIS-5.4.1.1
3033 ······-·NIST-800-171-3.1.83033 ······-·NIST-800-171-3.1.8
3034 ······-·NIST-800-53-AU-12(c)3034 ······-·NIST-800-53-AU-12(c)
Offset 3043, 16 lines modifiedOffset 3043, 16 lines modified
3043 ······-·restrict_strategy3043 ······-·restrict_strategy
  
3044 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule3044 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
3045 ······set_fact:3045 ······set_fact:
3046 ········all_files:3046 ········all_files:
3047 ········-·/etc/audit/rules.d/MAC-policy.rules3047 ········-·/etc/audit/rules.d/MAC-policy.rules
3048 ······when:3048 ······when:
3049 ······-·'"audit"·in·ansible_facts.packages' 
3050 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3049 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3050 ······-·'"audit"·in·ansible_facts.packages'
3051 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched3051 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
3052 ········is·defined·and·find_existing_watch_rules_d.matched·==·03052 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
3053 ······tags:3053 ······tags:
3054 ······-·CCE-91601-53054 ······-·CCE-91601-5
3055 ······-·CJIS-5.4.1.13055 ······-·CJIS-5.4.1.1
3056 ······-·NIST-800-171-3.1.83056 ······-·NIST-800-171-3.1.8
3057 ······-·NIST-800-53-AU-12(c)3057 ······-·NIST-800-53-AU-12(c)
Offset 3067, 16 lines modifiedOffset 3067, 16 lines modified
3067 ······-·restrict_strategy3067 ······-·restrict_strategy
  
3068 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule3068 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
3069 ······set_fact:3069 ······set_fact:
3070 ········all_files:3070 ········all_files:
3071 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'3071 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
3072 ······when:3072 ······when:
3073 ······-·'"audit"·in·ansible_facts.packages' 
3074 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3073 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3074 ······-·'"audit"·in·ansible_facts.packages'
3075 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched3075 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
3076 ········is·defined·and·find_existing_watch_rules_d.matched·==·03076 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
3077 ······tags:3077 ······tags:
3078 ······-·CCE-91601-53078 ······-·CCE-91601-5
3079 ······-·CJIS-5.4.1.13079 ······-·CJIS-5.4.1.1
3080 ······-·NIST-800-171-3.1.83080 ······-·NIST-800-171-3.1.8
3081 ······-·NIST-800-53-AU-12(c)3081 ······-·NIST-800-53-AU-12(c)
Offset 3093, 16 lines modifiedOffset 3093, 16 lines modified
3093 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/3093 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
Max diff block lines reached; 164327/168960 bytes (97.26%) of diff not shown.
4.02 KB
./usr/share/scap-security-guide/ansible/sle12-playbook-cis_server_l1.yml
Ordering differences only
    
Offset 2614, 16 lines modifiedOffset 2614, 16 lines modified
2614 ······-·no_reboot_needed2614 ······-·no_reboot_needed
  
2615 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg2615 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
2616 ······stat:2616 ······stat:
2617 ········path:·/boot/grub2/grub.cfg2617 ········path:·/boot/grub2/grub.cfg
2618 ······register:·file_exists2618 ······register:·file_exists
2619 ······when:2619 ······when:
2620 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2621 ······-·'"grub2"·in·ansible_facts.packages'2620 ······-·'"grub2"·in·ansible_facts.packages'
 2621 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2622 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2622 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2623 ······tags:2623 ······tags:
2624 ······-·CCE-91623-92624 ······-·CCE-91623-9
2625 ······-·CJIS-5.5.2.22625 ······-·CJIS-5.5.2.2
2626 ······-·NIST-800-171-3.4.52626 ······-·NIST-800-171-3.4.5
2627 ······-·NIST-800-53-AC-6(1)2627 ······-·NIST-800-53-AC-6(1)
2628 ······-·NIST-800-53-CM-6(a)2628 ······-·NIST-800-53-CM-6(a)
Offset 2636, 16 lines modifiedOffset 2636, 16 lines modified
2636 ······-·no_reboot_needed2636 ······-·no_reboot_needed
  
2637 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg2637 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
2638 ······file:2638 ······file:
2639 ········path:·/boot/grub2/grub.cfg2639 ········path:·/boot/grub2/grub.cfg
2640 ········group:·'0'2640 ········group:·'0'
2641 ······when:2641 ······when:
2642 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2643 ······-·'"grub2"·in·ansible_facts.packages'2642 ······-·'"grub2"·in·ansible_facts.packages'
 2643 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2644 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2644 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2645 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists2645 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
2646 ······tags:2646 ······tags:
2647 ······-·CCE-91623-92647 ······-·CCE-91623-9
2648 ······-·CJIS-5.5.2.22648 ······-·CJIS-5.5.2.2
2649 ······-·NIST-800-171-3.4.52649 ······-·NIST-800-171-3.4.5
2650 ······-·NIST-800-53-AC-6(1)2650 ······-·NIST-800-53-AC-6(1)
Offset 2677, 16 lines modifiedOffset 2677, 16 lines modified
2677 ······-·no_reboot_needed2677 ······-·no_reboot_needed
  
2678 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg2678 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
2679 ······stat:2679 ······stat:
2680 ········path:·/boot/grub2/grub.cfg2680 ········path:·/boot/grub2/grub.cfg
2681 ······register:·file_exists2681 ······register:·file_exists
2682 ······when:2682 ······when:
2683 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2684 ······-·'"grub2"·in·ansible_facts.packages'2683 ······-·'"grub2"·in·ansible_facts.packages'
 2684 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2685 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2685 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2686 ······tags:2686 ······tags:
2687 ······-·CCE-91624-72687 ······-·CCE-91624-7
2688 ······-·CJIS-5.5.2.22688 ······-·CJIS-5.5.2.2
2689 ······-·NIST-800-171-3.4.52689 ······-·NIST-800-171-3.4.5
2690 ······-·NIST-800-53-AC-6(1)2690 ······-·NIST-800-53-AC-6(1)
2691 ······-·NIST-800-53-CM-6(a)2691 ······-·NIST-800-53-CM-6(a)
Offset 2699, 16 lines modifiedOffset 2699, 16 lines modified
2699 ······-·no_reboot_needed2699 ······-·no_reboot_needed
  
2700 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg2700 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
2701 ······file:2701 ······file:
2702 ········path:·/boot/grub2/grub.cfg2702 ········path:·/boot/grub2/grub.cfg
2703 ········owner:·'0'2703 ········owner:·'0'
2704 ······when:2704 ······when:
2705 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2706 ······-·'"grub2"·in·ansible_facts.packages'2705 ······-·'"grub2"·in·ansible_facts.packages'
 2706 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2707 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2707 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2708 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists2708 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
2709 ······tags:2709 ······tags:
2710 ······-·CCE-91624-72710 ······-·CCE-91624-7
2711 ······-·CJIS-5.5.2.22711 ······-·CJIS-5.5.2.2
2712 ······-·NIST-800-171-3.4.52712 ······-·NIST-800-171-3.4.5
2713 ······-·NIST-800-53-AC-6(1)2713 ······-·NIST-800-53-AC-6(1)
Offset 2737, 16 lines modifiedOffset 2737, 16 lines modified
2737 ······-·no_reboot_needed2737 ······-·no_reboot_needed
  
2738 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg2738 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
2739 ······stat:2739 ······stat:
2740 ········path:·/boot/grub2/grub.cfg2740 ········path:·/boot/grub2/grub.cfg
2741 ······register:·file_exists2741 ······register:·file_exists
2742 ······when:2742 ······when:
2743 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2744 ······-·'"grub2"·in·ansible_facts.packages'2743 ······-·'"grub2"·in·ansible_facts.packages'
 2744 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2745 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2745 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2746 ······tags:2746 ······tags:
2747 ······-·NIST-800-171-3.4.52747 ······-·NIST-800-171-3.4.5
2748 ······-·NIST-800-53-AC-6(1)2748 ······-·NIST-800-53-AC-6(1)
2749 ······-·NIST-800-53-CM-6(a)2749 ······-·NIST-800-53-CM-6(a)
2750 ······-·configure_strategy2750 ······-·configure_strategy
2751 ······-·file_permissions_grub2_cfg2751 ······-·file_permissions_grub2_cfg
Offset 2756, 16 lines modifiedOffset 2756, 16 lines modified
2756 ······-·no_reboot_needed2756 ······-·no_reboot_needed
  
2757 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg2757 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
2758 ······file:2758 ······file:
2759 ········path:·/boot/grub2/grub.cfg2759 ········path:·/boot/grub2/grub.cfg
2760 ········mode:·u-xs,g-xwrs,o-xwrt2760 ········mode:·u-xs,g-xwrs,o-xwrt
2761 ······when:2761 ······when:
2762 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2763 ······-·'"grub2"·in·ansible_facts.packages'2762 ······-·'"grub2"·in·ansible_facts.packages'
 2763 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2764 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2764 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2765 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists2765 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
2766 ······tags:2766 ······tags:
2767 ······-·NIST-800-171-3.4.52767 ······-·NIST-800-171-3.4.5
2768 ······-·NIST-800-53-AC-6(1)2768 ······-·NIST-800-53-AC-6(1)
2769 ······-·NIST-800-53-CM-6(a)2769 ······-·NIST-800-53-CM-6(a)
2770 ······-·configure_strategy2770 ······-·configure_strategy
4.03 KB
./usr/share/scap-security-guide/ansible/sle12-playbook-cis_workstation_l1.yml
Ordering differences only
    
Offset 2614, 16 lines modifiedOffset 2614, 16 lines modified
2614 ······-·no_reboot_needed2614 ······-·no_reboot_needed
  
2615 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg2615 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
2616 ······stat:2616 ······stat:
2617 ········path:·/boot/grub2/grub.cfg2617 ········path:·/boot/grub2/grub.cfg
2618 ······register:·file_exists2618 ······register:·file_exists
2619 ······when:2619 ······when:
2620 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2621 ······-·'"grub2"·in·ansible_facts.packages'2620 ······-·'"grub2"·in·ansible_facts.packages'
 2621 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2622 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2622 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2623 ······tags:2623 ······tags:
2624 ······-·CCE-91623-92624 ······-·CCE-91623-9
2625 ······-·CJIS-5.5.2.22625 ······-·CJIS-5.5.2.2
2626 ······-·NIST-800-171-3.4.52626 ······-·NIST-800-171-3.4.5
2627 ······-·NIST-800-53-AC-6(1)2627 ······-·NIST-800-53-AC-6(1)
2628 ······-·NIST-800-53-CM-6(a)2628 ······-·NIST-800-53-CM-6(a)
Offset 2636, 16 lines modifiedOffset 2636, 16 lines modified
2636 ······-·no_reboot_needed2636 ······-·no_reboot_needed
  
2637 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg2637 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
2638 ······file:2638 ······file:
2639 ········path:·/boot/grub2/grub.cfg2639 ········path:·/boot/grub2/grub.cfg
2640 ········group:·'0'2640 ········group:·'0'
2641 ······when:2641 ······when:
2642 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2643 ······-·'"grub2"·in·ansible_facts.packages'2642 ······-·'"grub2"·in·ansible_facts.packages'
 2643 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2644 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2644 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2645 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists2645 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
2646 ······tags:2646 ······tags:
2647 ······-·CCE-91623-92647 ······-·CCE-91623-9
2648 ······-·CJIS-5.5.2.22648 ······-·CJIS-5.5.2.2
2649 ······-·NIST-800-171-3.4.52649 ······-·NIST-800-171-3.4.5
2650 ······-·NIST-800-53-AC-6(1)2650 ······-·NIST-800-53-AC-6(1)
Offset 2677, 16 lines modifiedOffset 2677, 16 lines modified
2677 ······-·no_reboot_needed2677 ······-·no_reboot_needed
  
2678 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg2678 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
2679 ······stat:2679 ······stat:
2680 ········path:·/boot/grub2/grub.cfg2680 ········path:·/boot/grub2/grub.cfg
2681 ······register:·file_exists2681 ······register:·file_exists
2682 ······when:2682 ······when:
2683 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2684 ······-·'"grub2"·in·ansible_facts.packages'2683 ······-·'"grub2"·in·ansible_facts.packages'
 2684 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2685 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2685 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2686 ······tags:2686 ······tags:
2687 ······-·CCE-91624-72687 ······-·CCE-91624-7
2688 ······-·CJIS-5.5.2.22688 ······-·CJIS-5.5.2.2
2689 ······-·NIST-800-171-3.4.52689 ······-·NIST-800-171-3.4.5
2690 ······-·NIST-800-53-AC-6(1)2690 ······-·NIST-800-53-AC-6(1)
2691 ······-·NIST-800-53-CM-6(a)2691 ······-·NIST-800-53-CM-6(a)
Offset 2699, 16 lines modifiedOffset 2699, 16 lines modified
2699 ······-·no_reboot_needed2699 ······-·no_reboot_needed
  
2700 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg2700 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
2701 ······file:2701 ······file:
2702 ········path:·/boot/grub2/grub.cfg2702 ········path:·/boot/grub2/grub.cfg
2703 ········owner:·'0'2703 ········owner:·'0'
2704 ······when:2704 ······when:
2705 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2706 ······-·'"grub2"·in·ansible_facts.packages'2705 ······-·'"grub2"·in·ansible_facts.packages'
 2706 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2707 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2707 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2708 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists2708 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
2709 ······tags:2709 ······tags:
2710 ······-·CCE-91624-72710 ······-·CCE-91624-7
2711 ······-·CJIS-5.5.2.22711 ······-·CJIS-5.5.2.2
2712 ······-·NIST-800-171-3.4.52712 ······-·NIST-800-171-3.4.5
2713 ······-·NIST-800-53-AC-6(1)2713 ······-·NIST-800-53-AC-6(1)
Offset 2737, 16 lines modifiedOffset 2737, 16 lines modified
2737 ······-·no_reboot_needed2737 ······-·no_reboot_needed
  
2738 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg2738 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
2739 ······stat:2739 ······stat:
2740 ········path:·/boot/grub2/grub.cfg2740 ········path:·/boot/grub2/grub.cfg
2741 ······register:·file_exists2741 ······register:·file_exists
2742 ······when:2742 ······when:
2743 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2744 ······-·'"grub2"·in·ansible_facts.packages'2743 ······-·'"grub2"·in·ansible_facts.packages'
 2744 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2745 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2745 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2746 ······tags:2746 ······tags:
2747 ······-·NIST-800-171-3.4.52747 ······-·NIST-800-171-3.4.5
2748 ······-·NIST-800-53-AC-6(1)2748 ······-·NIST-800-53-AC-6(1)
2749 ······-·NIST-800-53-CM-6(a)2749 ······-·NIST-800-53-CM-6(a)
2750 ······-·configure_strategy2750 ······-·configure_strategy
2751 ······-·file_permissions_grub2_cfg2751 ······-·file_permissions_grub2_cfg
Offset 2756, 16 lines modifiedOffset 2756, 16 lines modified
2756 ······-·no_reboot_needed2756 ······-·no_reboot_needed
  
2757 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg2757 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
2758 ······file:2758 ······file:
2759 ········path:·/boot/grub2/grub.cfg2759 ········path:·/boot/grub2/grub.cfg
2760 ········mode:·u-xs,g-xwrs,o-xwrt2760 ········mode:·u-xs,g-xwrs,o-xwrt
2761 ······when:2761 ······when:
2762 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
2763 ······-·'"grub2"·in·ansible_facts.packages'2762 ······-·'"grub2"·in·ansible_facts.packages'
 2763 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
2764 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2764 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2765 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists2765 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
2766 ······tags:2766 ······tags:
2767 ······-·NIST-800-171-3.4.52767 ······-·NIST-800-171-3.4.5
2768 ······-·NIST-800-53-AC-6(1)2768 ······-·NIST-800-53-AC-6(1)
2769 ······-·NIST-800-53-CM-6(a)2769 ······-·NIST-800-53-CM-6(a)
2770 ······-·configure_strategy2770 ······-·configure_strategy
165 KB
./usr/share/scap-security-guide/ansible/sle12-playbook-cis_workstation_l2.yml
Ordering differences only
    
Offset 2900, 16 lines modifiedOffset 2900, 16 lines modified
  
2900 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension2900 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
2901 ······find:2901 ······find:
2902 ········paths:·/etc/audit/rules.d/2902 ········paths:·/etc/audit/rules.d/
2903 ········patterns:·'*.rules'2903 ········patterns:·'*.rules'
2904 ······register:·find_rules_d2904 ······register:·find_rules_d
2905 ······when:2905 ······when:
2906 ······-·'"audit"·in·ansible_facts.packages' 
2907 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2906 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 2907 ······-·'"audit"·in·ansible_facts.packages'
2908 ······tags:2908 ······tags:
2909 ······-·CCE-91554-62909 ······-·CCE-91554-6
2910 ······-·CJIS-5.4.1.12910 ······-·CJIS-5.4.1.1
2911 ······-·NIST-800-171-3.3.12911 ······-·NIST-800-171-3.3.1
2912 ······-·NIST-800-171-3.4.32912 ······-·NIST-800-171-3.4.3
2913 ······-·NIST-800-53-AC-6(9)2913 ······-·NIST-800-53-AC-6(9)
2914 ······-·NIST-800-53-CM-6(a)2914 ······-·NIST-800-53-CM-6(a)
Offset 2925, 16 lines modifiedOffset 2925, 16 lines modified
2925 ······lineinfile:2925 ······lineinfile:
2926 ········path:·'{{·item·}}'2926 ········path:·'{{·item·}}'
2927 ········regexp:·^\s*(?:-e)\s+.*$2927 ········regexp:·^\s*(?:-e)\s+.*$
2928 ········state:·absent2928 ········state:·absent
2929 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']2929 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
2930 ········}}'2930 ········}}'
2931 ······when:2931 ······when:
2932 ······-·'"audit"·in·ansible_facts.packages' 
2933 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2932 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 2933 ······-·'"audit"·in·ansible_facts.packages'
2934 ······tags:2934 ······tags:
2935 ······-·CCE-91554-62935 ······-·CCE-91554-6
2936 ······-·CJIS-5.4.1.12936 ······-·CJIS-5.4.1.1
2937 ······-·NIST-800-171-3.3.12937 ······-·NIST-800-171-3.3.1
2938 ······-·NIST-800-171-3.4.32938 ······-·NIST-800-171-3.4.3
2939 ······-·NIST-800-53-AC-6(9)2939 ······-·NIST-800-53-AC-6(9)
2940 ······-·NIST-800-53-CM-6(a)2940 ······-·NIST-800-53-CM-6(a)
Offset 2952, 16 lines modifiedOffset 2952, 16 lines modified
2952 ········create:·true2952 ········create:·true
2953 ········line:·-e·22953 ········line:·-e·2
2954 ········mode:·o-rwx2954 ········mode:·o-rwx
2955 ······loop:2955 ······loop:
2956 ······-·/etc/audit/audit.rules2956 ······-·/etc/audit/audit.rules
2957 ······-·/etc/audit/rules.d/immutable.rules2957 ······-·/etc/audit/rules.d/immutable.rules
2958 ······when:2958 ······when:
2959 ······-·'"audit"·in·ansible_facts.packages' 
2960 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2959 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 2960 ······-·'"audit"·in·ansible_facts.packages'
2961 ······tags:2961 ······tags:
2962 ······-·CCE-91554-62962 ······-·CCE-91554-6
2963 ······-·CJIS-5.4.1.12963 ······-·CJIS-5.4.1.1
2964 ······-·NIST-800-171-3.3.12964 ······-·NIST-800-171-3.3.1
2965 ······-·NIST-800-171-3.4.32965 ······-·NIST-800-171-3.4.3
2966 ······-·NIST-800-53-AC-6(9)2966 ······-·NIST-800-53-AC-6(9)
2967 ······-·NIST-800-53-CM-6(a)2967 ······-·NIST-800-53-CM-6(a)
Offset 2995, 16 lines modifiedOffset 2995, 16 lines modified
2995 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/2995 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
2996 ······find:2996 ······find:
2997 ········paths:·/etc/audit/rules.d2997 ········paths:·/etc/audit/rules.d
2998 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+2998 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
2999 ········patterns:·'*.rules'2999 ········patterns:·'*.rules'
3000 ······register:·find_existing_watch_rules_d3000 ······register:·find_existing_watch_rules_d
3001 ······when:3001 ······when:
3002 ······-·'"audit"·in·ansible_facts.packages' 
3003 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3002 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3003 ······-·'"audit"·in·ansible_facts.packages'
3004 ······tags:3004 ······tags:
3005 ······-·CCE-91601-53005 ······-·CCE-91601-5
3006 ······-·CJIS-5.4.1.13006 ······-·CJIS-5.4.1.1
3007 ······-·NIST-800-171-3.1.83007 ······-·NIST-800-171-3.1.8
3008 ······-·NIST-800-53-AU-12(c)3008 ······-·NIST-800-53-AU-12(c)
3009 ······-·NIST-800-53-AU-2(d)3009 ······-·NIST-800-53-AU-2(d)
3010 ······-·NIST-800-53-CM-6(a)3010 ······-·NIST-800-53-CM-6(a)
Offset 3019, 16 lines modifiedOffset 3019, 16 lines modified
3019 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy3019 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
3020 ······find:3020 ······find:
3021 ········paths:·/etc/audit/rules.d3021 ········paths:·/etc/audit/rules.d
3022 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$3022 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
3023 ········patterns:·'*.rules'3023 ········patterns:·'*.rules'
3024 ······register:·find_watch_key3024 ······register:·find_watch_key
3025 ······when:3025 ······when:
3026 ······-·'"audit"·in·ansible_facts.packages' 
3027 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3026 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3027 ······-·'"audit"·in·ansible_facts.packages'
3028 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched3028 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
3029 ········==·03029 ········==·0
3030 ······tags:3030 ······tags:
3031 ······-·CCE-91601-53031 ······-·CCE-91601-5
3032 ······-·CJIS-5.4.1.13032 ······-·CJIS-5.4.1.1
3033 ······-·NIST-800-171-3.1.83033 ······-·NIST-800-171-3.1.8
3034 ······-·NIST-800-53-AU-12(c)3034 ······-·NIST-800-53-AU-12(c)
Offset 3043, 16 lines modifiedOffset 3043, 16 lines modified
3043 ······-·restrict_strategy3043 ······-·restrict_strategy
  
3044 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule3044 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
3045 ······set_fact:3045 ······set_fact:
3046 ········all_files:3046 ········all_files:
3047 ········-·/etc/audit/rules.d/MAC-policy.rules3047 ········-·/etc/audit/rules.d/MAC-policy.rules
3048 ······when:3048 ······when:
3049 ······-·'"audit"·in·ansible_facts.packages' 
3050 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3049 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3050 ······-·'"audit"·in·ansible_facts.packages'
3051 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched3051 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
3052 ········is·defined·and·find_existing_watch_rules_d.matched·==·03052 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
3053 ······tags:3053 ······tags:
3054 ······-·CCE-91601-53054 ······-·CCE-91601-5
3055 ······-·CJIS-5.4.1.13055 ······-·CJIS-5.4.1.1
3056 ······-·NIST-800-171-3.1.83056 ······-·NIST-800-171-3.1.8
3057 ······-·NIST-800-53-AU-12(c)3057 ······-·NIST-800-53-AU-12(c)
Offset 3067, 16 lines modifiedOffset 3067, 16 lines modified
3067 ······-·restrict_strategy3067 ······-·restrict_strategy
  
3068 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule3068 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
3069 ······set_fact:3069 ······set_fact:
3070 ········all_files:3070 ········all_files:
3071 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'3071 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
3072 ······when:3072 ······when:
3073 ······-·'"audit"·in·ansible_facts.packages' 
3074 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3073 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3074 ······-·'"audit"·in·ansible_facts.packages'
3075 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched3075 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
3076 ········is·defined·and·find_existing_watch_rules_d.matched·==·03076 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
3077 ······tags:3077 ······tags:
3078 ······-·CCE-91601-53078 ······-·CCE-91601-5
3079 ······-·CJIS-5.4.1.13079 ······-·CJIS-5.4.1.1
3080 ······-·NIST-800-171-3.1.83080 ······-·NIST-800-171-3.1.8
3081 ······-·NIST-800-53-AU-12(c)3081 ······-·NIST-800-53-AU-12(c)
Offset 3093, 16 lines modifiedOffset 3093, 16 lines modified
3093 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/3093 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
Max diff block lines reached; 164327/168960 bytes (97.26%) of diff not shown.
182 KB
./usr/share/scap-security-guide/ansible/sle12-playbook-pci-dss-4.yml
Ordering differences only
    
Offset 4085, 16 lines modifiedOffset 4085, 16 lines modified
  
4085 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension4085 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
4086 ······find:4086 ······find:
4087 ········paths:·/etc/audit/rules.d/4087 ········paths:·/etc/audit/rules.d/
4088 ········patterns:·'*.rules'4088 ········patterns:·'*.rules'
4089 ······register:·find_rules_d4089 ······register:·find_rules_d
4090 ······when:4090 ······when:
4091 ······-·'"audit"·in·ansible_facts.packages' 
4092 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4091 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4092 ······-·'"audit"·in·ansible_facts.packages'
4093 ······tags:4093 ······tags:
4094 ······-·CCE-91554-64094 ······-·CCE-91554-6
4095 ······-·CJIS-5.4.1.14095 ······-·CJIS-5.4.1.1
4096 ······-·NIST-800-171-3.3.14096 ······-·NIST-800-171-3.3.1
4097 ······-·NIST-800-171-3.4.34097 ······-·NIST-800-171-3.4.3
4098 ······-·NIST-800-53-AC-6(9)4098 ······-·NIST-800-53-AC-6(9)
4099 ······-·NIST-800-53-CM-6(a)4099 ······-·NIST-800-53-CM-6(a)
Offset 4110, 16 lines modifiedOffset 4110, 16 lines modified
4110 ······lineinfile:4110 ······lineinfile:
4111 ········path:·'{{·item·}}'4111 ········path:·'{{·item·}}'
4112 ········regexp:·^\s*(?:-e)\s+.*$4112 ········regexp:·^\s*(?:-e)\s+.*$
4113 ········state:·absent4113 ········state:·absent
4114 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']4114 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
4115 ········}}'4115 ········}}'
4116 ······when:4116 ······when:
4117 ······-·'"audit"·in·ansible_facts.packages' 
4118 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4117 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4118 ······-·'"audit"·in·ansible_facts.packages'
4119 ······tags:4119 ······tags:
4120 ······-·CCE-91554-64120 ······-·CCE-91554-6
4121 ······-·CJIS-5.4.1.14121 ······-·CJIS-5.4.1.1
4122 ······-·NIST-800-171-3.3.14122 ······-·NIST-800-171-3.3.1
4123 ······-·NIST-800-171-3.4.34123 ······-·NIST-800-171-3.4.3
4124 ······-·NIST-800-53-AC-6(9)4124 ······-·NIST-800-53-AC-6(9)
4125 ······-·NIST-800-53-CM-6(a)4125 ······-·NIST-800-53-CM-6(a)
Offset 4137, 16 lines modifiedOffset 4137, 16 lines modified
4137 ········create:·true4137 ········create:·true
4138 ········line:·-e·24138 ········line:·-e·2
4139 ········mode:·o-rwx4139 ········mode:·o-rwx
4140 ······loop:4140 ······loop:
4141 ······-·/etc/audit/audit.rules4141 ······-·/etc/audit/audit.rules
4142 ······-·/etc/audit/rules.d/immutable.rules4142 ······-·/etc/audit/rules.d/immutable.rules
4143 ······when:4143 ······when:
4144 ······-·'"audit"·in·ansible_facts.packages' 
4145 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4144 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4145 ······-·'"audit"·in·ansible_facts.packages'
4146 ······tags:4146 ······tags:
4147 ······-·CCE-91554-64147 ······-·CCE-91554-6
4148 ······-·CJIS-5.4.1.14148 ······-·CJIS-5.4.1.1
4149 ······-·NIST-800-171-3.3.14149 ······-·NIST-800-171-3.3.1
4150 ······-·NIST-800-171-3.4.34150 ······-·NIST-800-171-3.4.3
4151 ······-·NIST-800-53-AC-6(9)4151 ······-·NIST-800-53-AC-6(9)
4152 ······-·NIST-800-53-CM-6(a)4152 ······-·NIST-800-53-CM-6(a)
Offset 4180, 16 lines modifiedOffset 4180, 16 lines modified
4180 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/4180 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
4181 ······find:4181 ······find:
4182 ········paths:·/etc/audit/rules.d4182 ········paths:·/etc/audit/rules.d
4183 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+4183 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
4184 ········patterns:·'*.rules'4184 ········patterns:·'*.rules'
4185 ······register:·find_existing_watch_rules_d4185 ······register:·find_existing_watch_rules_d
4186 ······when:4186 ······when:
4187 ······-·'"audit"·in·ansible_facts.packages' 
4188 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4187 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4188 ······-·'"audit"·in·ansible_facts.packages'
4189 ······tags:4189 ······tags:
4190 ······-·CCE-91601-54190 ······-·CCE-91601-5
4191 ······-·CJIS-5.4.1.14191 ······-·CJIS-5.4.1.1
4192 ······-·NIST-800-171-3.1.84192 ······-·NIST-800-171-3.1.8
4193 ······-·NIST-800-53-AU-12(c)4193 ······-·NIST-800-53-AU-12(c)
4194 ······-·NIST-800-53-AU-2(d)4194 ······-·NIST-800-53-AU-2(d)
4195 ······-·NIST-800-53-CM-6(a)4195 ······-·NIST-800-53-CM-6(a)
Offset 4204, 16 lines modifiedOffset 4204, 16 lines modified
4204 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy4204 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
4205 ······find:4205 ······find:
4206 ········paths:·/etc/audit/rules.d4206 ········paths:·/etc/audit/rules.d
4207 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$4207 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
4208 ········patterns:·'*.rules'4208 ········patterns:·'*.rules'
4209 ······register:·find_watch_key4209 ······register:·find_watch_key
4210 ······when:4210 ······when:
4211 ······-·'"audit"·in·ansible_facts.packages' 
4212 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4211 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4212 ······-·'"audit"·in·ansible_facts.packages'
4213 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched4213 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
4214 ········==·04214 ········==·0
4215 ······tags:4215 ······tags:
4216 ······-·CCE-91601-54216 ······-·CCE-91601-5
4217 ······-·CJIS-5.4.1.14217 ······-·CJIS-5.4.1.1
4218 ······-·NIST-800-171-3.1.84218 ······-·NIST-800-171-3.1.8
4219 ······-·NIST-800-53-AU-12(c)4219 ······-·NIST-800-53-AU-12(c)
Offset 4228, 16 lines modifiedOffset 4228, 16 lines modified
4228 ······-·restrict_strategy4228 ······-·restrict_strategy
  
4229 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule4229 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
4230 ······set_fact:4230 ······set_fact:
4231 ········all_files:4231 ········all_files:
4232 ········-·/etc/audit/rules.d/MAC-policy.rules4232 ········-·/etc/audit/rules.d/MAC-policy.rules
4233 ······when:4233 ······when:
4234 ······-·'"audit"·in·ansible_facts.packages' 
4235 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4234 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4235 ······-·'"audit"·in·ansible_facts.packages'
4236 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched4236 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
4237 ········is·defined·and·find_existing_watch_rules_d.matched·==·04237 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
4238 ······tags:4238 ······tags:
4239 ······-·CCE-91601-54239 ······-·CCE-91601-5
4240 ······-·CJIS-5.4.1.14240 ······-·CJIS-5.4.1.1
4241 ······-·NIST-800-171-3.1.84241 ······-·NIST-800-171-3.1.8
4242 ······-·NIST-800-53-AU-12(c)4242 ······-·NIST-800-53-AU-12(c)
Offset 4252, 16 lines modifiedOffset 4252, 16 lines modified
4252 ······-·restrict_strategy4252 ······-·restrict_strategy
  
4253 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule4253 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
4254 ······set_fact:4254 ······set_fact:
4255 ········all_files:4255 ········all_files:
4256 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'4256 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
4257 ······when:4257 ······when:
4258 ······-·'"audit"·in·ansible_facts.packages' 
4259 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4258 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4259 ······-·'"audit"·in·ansible_facts.packages'
4260 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched4260 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
4261 ········is·defined·and·find_existing_watch_rules_d.matched·==·04261 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
4262 ······tags:4262 ······tags:
4263 ······-·CCE-91601-54263 ······-·CCE-91601-5
4264 ······-·CJIS-5.4.1.14264 ······-·CJIS-5.4.1.1
4265 ······-·NIST-800-171-3.1.84265 ······-·NIST-800-171-3.1.8
4266 ······-·NIST-800-53-AU-12(c)4266 ······-·NIST-800-53-AU-12(c)
Offset 4278, 16 lines modifiedOffset 4278, 16 lines modified
4278 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/4278 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
Max diff block lines reached; 181418/186051 bytes (97.51%) of diff not shown.
182 KB
./usr/share/scap-security-guide/ansible/sle12-playbook-pci-dss.yml
Ordering differences only
    
Offset 4080, 16 lines modifiedOffset 4080, 16 lines modified
  
4080 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension4080 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
4081 ······find:4081 ······find:
4082 ········paths:·/etc/audit/rules.d/4082 ········paths:·/etc/audit/rules.d/
4083 ········patterns:·'*.rules'4083 ········patterns:·'*.rules'
4084 ······register:·find_rules_d4084 ······register:·find_rules_d
4085 ······when:4085 ······when:
4086 ······-·'"audit"·in·ansible_facts.packages' 
4087 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4086 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4087 ······-·'"audit"·in·ansible_facts.packages'
4088 ······tags:4088 ······tags:
4089 ······-·CCE-91554-64089 ······-·CCE-91554-6
4090 ······-·CJIS-5.4.1.14090 ······-·CJIS-5.4.1.1
4091 ······-·NIST-800-171-3.3.14091 ······-·NIST-800-171-3.3.1
4092 ······-·NIST-800-171-3.4.34092 ······-·NIST-800-171-3.4.3
4093 ······-·NIST-800-53-AC-6(9)4093 ······-·NIST-800-53-AC-6(9)
4094 ······-·NIST-800-53-CM-6(a)4094 ······-·NIST-800-53-CM-6(a)
Offset 4105, 16 lines modifiedOffset 4105, 16 lines modified
4105 ······lineinfile:4105 ······lineinfile:
4106 ········path:·'{{·item·}}'4106 ········path:·'{{·item·}}'
4107 ········regexp:·^\s*(?:-e)\s+.*$4107 ········regexp:·^\s*(?:-e)\s+.*$
4108 ········state:·absent4108 ········state:·absent
4109 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']4109 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
4110 ········}}'4110 ········}}'
4111 ······when:4111 ······when:
4112 ······-·'"audit"·in·ansible_facts.packages' 
4113 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4112 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4113 ······-·'"audit"·in·ansible_facts.packages'
4114 ······tags:4114 ······tags:
4115 ······-·CCE-91554-64115 ······-·CCE-91554-6
4116 ······-·CJIS-5.4.1.14116 ······-·CJIS-5.4.1.1
4117 ······-·NIST-800-171-3.3.14117 ······-·NIST-800-171-3.3.1
4118 ······-·NIST-800-171-3.4.34118 ······-·NIST-800-171-3.4.3
4119 ······-·NIST-800-53-AC-6(9)4119 ······-·NIST-800-53-AC-6(9)
4120 ······-·NIST-800-53-CM-6(a)4120 ······-·NIST-800-53-CM-6(a)
Offset 4132, 16 lines modifiedOffset 4132, 16 lines modified
4132 ········create:·true4132 ········create:·true
4133 ········line:·-e·24133 ········line:·-e·2
4134 ········mode:·o-rwx4134 ········mode:·o-rwx
4135 ······loop:4135 ······loop:
4136 ······-·/etc/audit/audit.rules4136 ······-·/etc/audit/audit.rules
4137 ······-·/etc/audit/rules.d/immutable.rules4137 ······-·/etc/audit/rules.d/immutable.rules
4138 ······when:4138 ······when:
4139 ······-·'"audit"·in·ansible_facts.packages' 
4140 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4139 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4140 ······-·'"audit"·in·ansible_facts.packages'
4141 ······tags:4141 ······tags:
4142 ······-·CCE-91554-64142 ······-·CCE-91554-6
4143 ······-·CJIS-5.4.1.14143 ······-·CJIS-5.4.1.1
4144 ······-·NIST-800-171-3.3.14144 ······-·NIST-800-171-3.3.1
4145 ······-·NIST-800-171-3.4.34145 ······-·NIST-800-171-3.4.3
4146 ······-·NIST-800-53-AC-6(9)4146 ······-·NIST-800-53-AC-6(9)
4147 ······-·NIST-800-53-CM-6(a)4147 ······-·NIST-800-53-CM-6(a)
Offset 4175, 16 lines modifiedOffset 4175, 16 lines modified
4175 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/4175 ····-·name:·Check·if·watch·rule·for·/etc/selinux/·already·exists·in·/etc/audit/rules.d/
4176 ······find:4176 ······find:
4177 ········paths:·/etc/audit/rules.d4177 ········paths:·/etc/audit/rules.d
4178 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+4178 ········contains:·^\s*-w\s+/etc/selinux/\s+-p\s+wa(\s|$)+
4179 ········patterns:·'*.rules'4179 ········patterns:·'*.rules'
4180 ······register:·find_existing_watch_rules_d4180 ······register:·find_existing_watch_rules_d
4181 ······when:4181 ······when:
4182 ······-·'"audit"·in·ansible_facts.packages' 
4183 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4182 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4183 ······-·'"audit"·in·ansible_facts.packages'
4184 ······tags:4184 ······tags:
4185 ······-·CCE-91601-54185 ······-·CCE-91601-5
4186 ······-·CJIS-5.4.1.14186 ······-·CJIS-5.4.1.1
4187 ······-·NIST-800-171-3.1.84187 ······-·NIST-800-171-3.1.8
4188 ······-·NIST-800-53-AU-12(c)4188 ······-·NIST-800-53-AU-12(c)
4189 ······-·NIST-800-53-AU-2(d)4189 ······-·NIST-800-53-AU-2(d)
4190 ······-·NIST-800-53-CM-6(a)4190 ······-·NIST-800-53-CM-6(a)
Offset 4199, 16 lines modifiedOffset 4199, 16 lines modified
4199 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy4199 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·MAC-policy
4200 ······find:4200 ······find:
4201 ········paths:·/etc/audit/rules.d4201 ········paths:·/etc/audit/rules.d
4202 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$4202 ········contains:·^.*(?:-F·key=|-k\s+)MAC-policy$
4203 ········patterns:·'*.rules'4203 ········patterns:·'*.rules'
4204 ······register:·find_watch_key4204 ······register:·find_watch_key
4205 ······when:4205 ······when:
4206 ······-·'"audit"·in·ansible_facts.packages' 
4207 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4206 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4207 ······-·'"audit"·in·ansible_facts.packages'
4208 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched4208 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
4209 ········==·04209 ········==·0
4210 ······tags:4210 ······tags:
4211 ······-·CCE-91601-54211 ······-·CCE-91601-5
4212 ······-·CJIS-5.4.1.14212 ······-·CJIS-5.4.1.1
4213 ······-·NIST-800-171-3.1.84213 ······-·NIST-800-171-3.1.8
4214 ······-·NIST-800-53-AU-12(c)4214 ······-·NIST-800-53-AU-12(c)
Offset 4223, 16 lines modifiedOffset 4223, 16 lines modified
4223 ······-·restrict_strategy4223 ······-·restrict_strategy
  
4224 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule4224 ····-·name:·Use·/etc/audit/rules.d/MAC-policy.rules·as·the·recipient·for·the·rule
4225 ······set_fact:4225 ······set_fact:
4226 ········all_files:4226 ········all_files:
4227 ········-·/etc/audit/rules.d/MAC-policy.rules4227 ········-·/etc/audit/rules.d/MAC-policy.rules
4228 ······when:4228 ······when:
4229 ······-·'"audit"·in·ansible_facts.packages' 
4230 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4229 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4230 ······-·'"audit"·in·ansible_facts.packages'
4231 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched4231 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
4232 ········is·defined·and·find_existing_watch_rules_d.matched·==·04232 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
4233 ······tags:4233 ······tags:
4234 ······-·CCE-91601-54234 ······-·CCE-91601-5
4235 ······-·CJIS-5.4.1.14235 ······-·CJIS-5.4.1.1
4236 ······-·NIST-800-171-3.1.84236 ······-·NIST-800-171-3.1.8
4237 ······-·NIST-800-53-AU-12(c)4237 ······-·NIST-800-53-AU-12(c)
Offset 4247, 16 lines modifiedOffset 4247, 16 lines modified
4247 ······-·restrict_strategy4247 ······-·restrict_strategy
  
4248 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule4248 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
4249 ······set_fact:4249 ······set_fact:
4250 ········all_files:4250 ········all_files:
4251 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'4251 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
4252 ······when:4252 ······when:
4253 ······-·'"audit"·in·ansible_facts.packages' 
4254 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4253 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4254 ······-·'"audit"·in·ansible_facts.packages'
4255 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched4255 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
4256 ········is·defined·and·find_existing_watch_rules_d.matched·==·04256 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
4257 ······tags:4257 ······tags:
4258 ······-·CCE-91601-54258 ······-·CCE-91601-5
4259 ······-·CJIS-5.4.1.14259 ······-·CJIS-5.4.1.1
4260 ······-·NIST-800-171-3.1.84260 ······-·NIST-800-171-3.1.8
4261 ······-·NIST-800-53-AU-12(c)4261 ······-·NIST-800-53-AU-12(c)
Offset 4273, 16 lines modifiedOffset 4273, 16 lines modified
4273 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/4273 ····-·name:·Add·watch·rule·for·/etc/selinux/·in·/etc/audit/rules.d/
Max diff block lines reached; 181418/186051 bytes (97.51%) of diff not shown.
136 KB
./usr/share/scap-security-guide/ansible/sle12-playbook-stig.yml
Ordering differences only
    
Offset 5811, 32 lines modifiedOffset 5811, 32 lines modified
5811 ······-·medium_severity5811 ······-·medium_severity
5812 ······-·no_reboot_needed5812 ······-·no_reboot_needed
5813 ······-·restrict_strategy5813 ······-·restrict_strategy
  
5814 ····-·name:·Service·facts5814 ····-·name:·Service·facts
5815 ······service_facts:·null5815 ······service_facts:·null
5816 ······when:5816 ······when:
5817 ······-·'"audit"·in·ansible_facts.packages' 
5818 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5817 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5818 ······-·'"audit"·in·ansible_facts.packages'
5819 ······tags:5819 ······tags:
5820 ······-·CCE-83119-85820 ······-·CCE-83119-8
5821 ······-·DISA-STIG-SLES-12-0201995821 ······-·DISA-STIG-SLES-12-020199
5822 ······-·audit_rules_enable_syscall_auditing5822 ······-·audit_rules_enable_syscall_auditing
5823 ······-·low_complexity5823 ······-·low_complexity
5824 ······-·low_disruption5824 ······-·low_disruption
5825 ······-·medium_severity5825 ······-·medium_severity
5826 ······-·no_reboot_needed5826 ······-·no_reboot_needed
5827 ······-·restrict_strategy5827 ······-·restrict_strategy
  
5828 ····-·name:·Check·the·rules·script·being·used5828 ····-·name:·Check·the·rules·script·being·used
5829 ······command:·grep·-E·'^(ExecStartPost|Requires)'·/usr/lib/systemd/system/auditd.service5829 ······command:·grep·-E·'^(ExecStartPost|Requires)'·/usr/lib/systemd/system/auditd.service
5830 ······register:·check_rules_scripts_result5830 ······register:·check_rules_scripts_result
5831 ······when:5831 ······when:
5832 ······-·'"audit"·in·ansible_facts.packages' 
5833 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5832 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5833 ······-·'"audit"·in·ansible_facts.packages'
5834 ······tags:5834 ······tags:
5835 ······-·CCE-83119-85835 ······-·CCE-83119-8
5836 ······-·DISA-STIG-SLES-12-0201995836 ······-·DISA-STIG-SLES-12-020199
5837 ······-·audit_rules_enable_syscall_auditing5837 ······-·audit_rules_enable_syscall_auditing
5838 ······-·low_complexity5838 ······-·low_complexity
5839 ······-·low_disruption5839 ······-·low_disruption
5840 ······-·medium_severity5840 ······-·medium_severity
Offset 5846, 16 lines modifiedOffset 5846, 16 lines modified
5846 ····-·name:·Find·audit·rules·in·/etc/audit/rules.d5846 ····-·name:·Find·audit·rules·in·/etc/audit/rules.d
5847 ······find:5847 ······find:
5848 ········paths:·/etc/audit/rules.d5848 ········paths:·/etc/audit/rules.d
5849 ········file_type:·file5849 ········file_type:·file
5850 ········follow:·true5850 ········follow:·true
5851 ······register:·find_audit_rules_result5851 ······register:·find_audit_rules_result
5852 ······when:5852 ······when:
5853 ······-·'"audit"·in·ansible_facts.packages' 
5854 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5853 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5854 ······-·'"audit"·in·ansible_facts.packages'
5855 ······-·'"auditd.service"·in·ansible_facts.services'5855 ······-·'"auditd.service"·in·ansible_facts.services'
5856 ······-·'"augenrules"·in·check_rules_scripts_result.stdout'5856 ······-·'"augenrules"·in·check_rules_scripts_result.stdout'
5857 ······tags:5857 ······tags:
5858 ······-·CCE-83119-85858 ······-·CCE-83119-8
5859 ······-·DISA-STIG-SLES-12-0201995859 ······-·DISA-STIG-SLES-12-020199
5860 ······-·audit_rules_enable_syscall_auditing5860 ······-·audit_rules_enable_syscall_auditing
5861 ······-·low_complexity5861 ······-·low_complexity
Offset 5867, 16 lines modifiedOffset 5867, 16 lines modified
5867 ····-·name:·Enable·syscall·auditing·(augenrules)5867 ····-·name:·Enable·syscall·auditing·(augenrules)
5868 ······lineinfile:5868 ······lineinfile:
5869 ········path:·'{{·item.path·}}'5869 ········path:·'{{·item.path·}}'
5870 ········regex:·^(?i)(\s*-a\s+task,never)\s*$5870 ········regex:·^(?i)(\s*-a\s+task,never)\s*$
5871 ········line:·'#-a·task,never'5871 ········line:·'#-a·task,never'
5872 ······with_items:·'{{·find_audit_rules_result.files·}}'5872 ······with_items:·'{{·find_audit_rules_result.files·}}'
5873 ······when:5873 ······when:
5874 ······-·'"audit"·in·ansible_facts.packages' 
5875 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5874 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5875 ······-·'"audit"·in·ansible_facts.packages'
5876 ······-·'"auditd.service"·in·ansible_facts.services'5876 ······-·'"auditd.service"·in·ansible_facts.services'
5877 ······-·'"augenrules"·in·check_rules_scripts_result.stdout'5877 ······-·'"augenrules"·in·check_rules_scripts_result.stdout'
5878 ······register:·augenrules_syscall_auditing_rule_update_result5878 ······register:·augenrules_syscall_auditing_rule_update_result
5879 ······tags:5879 ······tags:
5880 ······-·CCE-83119-85880 ······-·CCE-83119-8
5881 ······-·DISA-STIG-SLES-12-0201995881 ······-·DISA-STIG-SLES-12-020199
5882 ······-·audit_rules_enable_syscall_auditing5882 ······-·audit_rules_enable_syscall_auditing
Offset 5888, 16 lines modifiedOffset 5888, 16 lines modified
  
5888 ····-·name:·Enable·syscall·auditing·(auditctl)5888 ····-·name:·Enable·syscall·auditing·(auditctl)
5889 ······lineinfile:5889 ······lineinfile:
5890 ········path:·/etc/audit/audit.rules5890 ········path:·/etc/audit/audit.rules
5891 ········regex:·^(?i)(\s*-a\s+task,never)\s*$5891 ········regex:·^(?i)(\s*-a\s+task,never)\s*$
5892 ········line:·'#-a·task,never'5892 ········line:·'#-a·task,never'
5893 ······when:5893 ······when:
5894 ······-·'"audit"·in·ansible_facts.packages' 
5895 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5894 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5895 ······-·'"audit"·in·ansible_facts.packages'
5896 ······-·'"auditd.service"·in·ansible_facts.services'5896 ······-·'"auditd.service"·in·ansible_facts.services'
5897 ······-·'"auditctl"·in·check_rules_scripts_result.stdout'5897 ······-·'"auditctl"·in·check_rules_scripts_result.stdout'
5898 ······register:·auditctl_syscall_auditing_rule_update_result5898 ······register:·auditctl_syscall_auditing_rule_update_result
5899 ······tags:5899 ······tags:
5900 ······-·CCE-83119-85900 ······-·CCE-83119-8
5901 ······-·DISA-STIG-SLES-12-0201995901 ······-·DISA-STIG-SLES-12-020199
5902 ······-·audit_rules_enable_syscall_auditing5902 ······-·audit_rules_enable_syscall_auditing
Offset 5908, 16 lines modifiedOffset 5908, 16 lines modified
5908 ······-·restrict_strategy5908 ······-·restrict_strategy
  
5909 ····-·name:·Restart·auditd.service5909 ····-·name:·Restart·auditd.service
5910 ······systemd:5910 ······systemd:
5911 ········name:·auditd.service5911 ········name:·auditd.service
5912 ········state:·restarted5912 ········state:·restarted
5913 ······when:5913 ······when:
5914 ······-·'"audit"·in·ansible_facts.packages' 
5915 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5914 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5915 ······-·'"audit"·in·ansible_facts.packages'
5916 ······-·ansible_facts.services["auditd.service"].state·==·"running"5916 ······-·ansible_facts.services["auditd.service"].state·==·"running"
5917 ······-·(augenrules_syscall_auditing_rule_update_result.changed·or·auditctl_syscall_auditing_rule_update_result.changed)5917 ······-·(augenrules_syscall_auditing_rule_update_result.changed·or·auditctl_syscall_auditing_rule_update_result.changed)
5918 ······tags:5918 ······tags:
5919 ······-·CCE-83119-85919 ······-·CCE-83119-8
5920 ······-·DISA-STIG-SLES-12-0201995920 ······-·DISA-STIG-SLES-12-020199
5921 ······-·audit_rules_enable_syscall_auditing5921 ······-·audit_rules_enable_syscall_auditing
5922 ······-·low_complexity5922 ······-·low_complexity
Offset 5947, 16 lines modifiedOffset 5947, 16 lines modified
5947 ······-·reboot_required5947 ······-·reboot_required
5948 ······-·restrict_strategy5948 ······-·restrict_strategy
  
5949 ····-·name:·Set·architecture·for·audit·mount·tasks5949 ····-·name:·Set·architecture·for·audit·mount·tasks
5950 ······set_fact:5950 ······set_fact:
5951 ········audit_arch:·b645951 ········audit_arch:·b64
5952 ······when:5952 ······when:
5953 ······-·'"audit"·in·ansible_facts.packages' 
5954 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5953 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 5954 ······-·'"audit"·in·ansible_facts.packages'
5955 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture5955 ······-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
5956 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"5956 ········==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
5957 ······tags:5957 ······tags:
5958 ······-·CCE-83217-05958 ······-·CCE-83217-0
5959 ······-·CJIS-5.4.1.15959 ······-·CJIS-5.4.1.1
5960 ······-·DISA-STIG-SLES-12-0202905960 ······-·DISA-STIG-SLES-12-020290
5961 ······-·NIST-800-171-3.1.75961 ······-·NIST-800-171-3.1.7
Offset 6089, 16 lines modifiedOffset 6089, 16 lines modified
6089 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10006089 ··········line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
6090 ············-F·auid!=unset·-F·key=perm_mod6090 ············-F·auid!=unset·-F·key=perm_mod
Max diff block lines reached; 134582/139403 bytes (96.54%) of diff not shown.
3.8 KB
./usr/share/scap-security-guide/ansible/sle15-playbook-cis.yml
Ordering differences only
    
Offset 18652, 16 lines modifiedOffset 18652, 16 lines modified
18652 ······-·no_reboot_needed18652 ······-·no_reboot_needed
  
18653 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg18653 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
18654 ······stat:18654 ······stat:
18655 ········path:·/boot/grub2/grub.cfg18655 ········path:·/boot/grub2/grub.cfg
18656 ······register:·file_exists18656 ······register:·file_exists
18657 ······when:18657 ······when:
18658 ······-·'"grub2"·in·ansible_facts.packages' 
18659 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'18658 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 18659 ······-·'"grub2"·in·ansible_facts.packages'
18660 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]18660 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
18661 ······tags:18661 ······tags:
18662 ······-·CCE-85849-818662 ······-·CCE-85849-8
18663 ······-·CJIS-5.5.2.218663 ······-·CJIS-5.5.2.2
18664 ······-·NIST-800-171-3.4.518664 ······-·NIST-800-171-3.4.5
18665 ······-·NIST-800-53-AC-6(1)18665 ······-·NIST-800-53-AC-6(1)
18666 ······-·NIST-800-53-CM-6(a)18666 ······-·NIST-800-53-CM-6(a)
Offset 18674, 16 lines modifiedOffset 18674, 16 lines modified
18674 ······-·no_reboot_needed18674 ······-·no_reboot_needed
  
18675 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg18675 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
18676 ······file:18676 ······file:
18677 ········path:·/boot/grub2/grub.cfg18677 ········path:·/boot/grub2/grub.cfg
18678 ········group:·'0'18678 ········group:·'0'
18679 ······when:18679 ······when:
18680 ······-·'"grub2"·in·ansible_facts.packages' 
18681 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'18680 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 18681 ······-·'"grub2"·in·ansible_facts.packages'
18682 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]18682 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
18683 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists18683 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
18684 ······tags:18684 ······tags:
18685 ······-·CCE-85849-818685 ······-·CCE-85849-8
18686 ······-·CJIS-5.5.2.218686 ······-·CJIS-5.5.2.2
18687 ······-·NIST-800-171-3.4.518687 ······-·NIST-800-171-3.4.5
18688 ······-·NIST-800-53-AC-6(1)18688 ······-·NIST-800-53-AC-6(1)
Offset 18715, 16 lines modifiedOffset 18715, 16 lines modified
18715 ······-·no_reboot_needed18715 ······-·no_reboot_needed
  
18716 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg18716 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
18717 ······stat:18717 ······stat:
18718 ········path:·/boot/grub2/grub.cfg18718 ········path:·/boot/grub2/grub.cfg
18719 ······register:·file_exists18719 ······register:·file_exists
18720 ······when:18720 ······when:
18721 ······-·'"grub2"·in·ansible_facts.packages' 
18722 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'18721 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 18722 ······-·'"grub2"·in·ansible_facts.packages'
18723 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]18723 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
18724 ······tags:18724 ······tags:
18725 ······-·CCE-85848-018725 ······-·CCE-85848-0
18726 ······-·CJIS-5.5.2.218726 ······-·CJIS-5.5.2.2
18727 ······-·NIST-800-171-3.4.518727 ······-·NIST-800-171-3.4.5
18728 ······-·NIST-800-53-AC-6(1)18728 ······-·NIST-800-53-AC-6(1)
18729 ······-·NIST-800-53-CM-6(a)18729 ······-·NIST-800-53-CM-6(a)
Offset 18737, 16 lines modifiedOffset 18737, 16 lines modified
18737 ······-·no_reboot_needed18737 ······-·no_reboot_needed
  
18738 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg18738 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
18739 ······file:18739 ······file:
18740 ········path:·/boot/grub2/grub.cfg18740 ········path:·/boot/grub2/grub.cfg
18741 ········owner:·'0'18741 ········owner:·'0'
18742 ······when:18742 ······when:
18743 ······-·'"grub2"·in·ansible_facts.packages' 
18744 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'18743 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 18744 ······-·'"grub2"·in·ansible_facts.packages'
18745 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]18745 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
18746 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists18746 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
18747 ······tags:18747 ······tags:
18748 ······-·CCE-85848-018748 ······-·CCE-85848-0
18749 ······-·CJIS-5.5.2.218749 ······-·CJIS-5.5.2.2
18750 ······-·NIST-800-171-3.4.518750 ······-·NIST-800-171-3.4.5
18751 ······-·NIST-800-53-AC-6(1)18751 ······-·NIST-800-53-AC-6(1)
Offset 18776, 16 lines modifiedOffset 18776, 16 lines modified
18776 ······-·no_reboot_needed18776 ······-·no_reboot_needed
  
18777 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg18777 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
18778 ······stat:18778 ······stat:
18779 ········path:·/boot/grub2/grub.cfg18779 ········path:·/boot/grub2/grub.cfg
18780 ······register:·file_exists18780 ······register:·file_exists
18781 ······when:18781 ······when:
18782 ······-·'"grub2"·in·ansible_facts.packages' 
18783 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'18782 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 18783 ······-·'"grub2"·in·ansible_facts.packages'
18784 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]18784 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
18785 ······tags:18785 ······tags:
18786 ······-·CCE-91426-718786 ······-·CCE-91426-7
18787 ······-·NIST-800-171-3.4.518787 ······-·NIST-800-171-3.4.5
18788 ······-·NIST-800-53-AC-6(1)18788 ······-·NIST-800-53-AC-6(1)
18789 ······-·NIST-800-53-CM-6(a)18789 ······-·NIST-800-53-CM-6(a)
18790 ······-·configure_strategy18790 ······-·configure_strategy
Offset 18796, 16 lines modifiedOffset 18796, 16 lines modified
18796 ······-·no_reboot_needed18796 ······-·no_reboot_needed
  
18797 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg18797 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
18798 ······file:18798 ······file:
18799 ········path:·/boot/grub2/grub.cfg18799 ········path:·/boot/grub2/grub.cfg
18800 ········mode:·u-xs,g-xwrs,o-xwrt18800 ········mode:·u-xs,g-xwrs,o-xwrt
18801 ······when:18801 ······when:
18802 ······-·'"grub2"·in·ansible_facts.packages' 
18803 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'18802 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 18803 ······-·'"grub2"·in·ansible_facts.packages'
18804 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]18804 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
18805 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists18805 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
18806 ······tags:18806 ······tags:
18807 ······-·CCE-91426-718807 ······-·CCE-91426-7
18808 ······-·NIST-800-171-3.4.518808 ······-·NIST-800-171-3.4.5
18809 ······-·NIST-800-53-AC-6(1)18809 ······-·NIST-800-53-AC-6(1)
18810 ······-·NIST-800-53-CM-6(a)18810 ······-·NIST-800-53-CM-6(a)
3.81 KB
./usr/share/scap-security-guide/ansible/sle15-playbook-cis_server_l1.yml
Ordering differences only
    
Offset 2794, 16 lines modifiedOffset 2794, 16 lines modified
2794 ······-·no_reboot_needed2794 ······-·no_reboot_needed
  
2795 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg2795 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
2796 ······stat:2796 ······stat:
2797 ········path:·/boot/grub2/grub.cfg2797 ········path:·/boot/grub2/grub.cfg
2798 ······register:·file_exists2798 ······register:·file_exists
2799 ······when:2799 ······when:
2800 ······-·'"grub2"·in·ansible_facts.packages' 
2801 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'2800 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 2801 ······-·'"grub2"·in·ansible_facts.packages'
2802 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2802 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2803 ······tags:2803 ······tags:
2804 ······-·CCE-85849-82804 ······-·CCE-85849-8
2805 ······-·CJIS-5.5.2.22805 ······-·CJIS-5.5.2.2
2806 ······-·NIST-800-171-3.4.52806 ······-·NIST-800-171-3.4.5
2807 ······-·NIST-800-53-AC-6(1)2807 ······-·NIST-800-53-AC-6(1)
2808 ······-·NIST-800-53-CM-6(a)2808 ······-·NIST-800-53-CM-6(a)
Offset 2816, 16 lines modifiedOffset 2816, 16 lines modified
2816 ······-·no_reboot_needed2816 ······-·no_reboot_needed
  
2817 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg2817 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
2818 ······file:2818 ······file:
2819 ········path:·/boot/grub2/grub.cfg2819 ········path:·/boot/grub2/grub.cfg
2820 ········group:·'0'2820 ········group:·'0'
2821 ······when:2821 ······when:
2822 ······-·'"grub2"·in·ansible_facts.packages' 
2823 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'2822 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 2823 ······-·'"grub2"·in·ansible_facts.packages'
2824 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2824 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2825 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists2825 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
2826 ······tags:2826 ······tags:
2827 ······-·CCE-85849-82827 ······-·CCE-85849-8
2828 ······-·CJIS-5.5.2.22828 ······-·CJIS-5.5.2.2
2829 ······-·NIST-800-171-3.4.52829 ······-·NIST-800-171-3.4.5
2830 ······-·NIST-800-53-AC-6(1)2830 ······-·NIST-800-53-AC-6(1)
Offset 2857, 16 lines modifiedOffset 2857, 16 lines modified
2857 ······-·no_reboot_needed2857 ······-·no_reboot_needed
  
2858 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg2858 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
2859 ······stat:2859 ······stat:
2860 ········path:·/boot/grub2/grub.cfg2860 ········path:·/boot/grub2/grub.cfg
2861 ······register:·file_exists2861 ······register:·file_exists
2862 ······when:2862 ······when:
2863 ······-·'"grub2"·in·ansible_facts.packages' 
2864 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'2863 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 2864 ······-·'"grub2"·in·ansible_facts.packages'
2865 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2865 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2866 ······tags:2866 ······tags:
2867 ······-·CCE-85848-02867 ······-·CCE-85848-0
2868 ······-·CJIS-5.5.2.22868 ······-·CJIS-5.5.2.2
2869 ······-·NIST-800-171-3.4.52869 ······-·NIST-800-171-3.4.5
2870 ······-·NIST-800-53-AC-6(1)2870 ······-·NIST-800-53-AC-6(1)
2871 ······-·NIST-800-53-CM-6(a)2871 ······-·NIST-800-53-CM-6(a)
Offset 2879, 16 lines modifiedOffset 2879, 16 lines modified
2879 ······-·no_reboot_needed2879 ······-·no_reboot_needed
  
2880 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg2880 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
2881 ······file:2881 ······file:
2882 ········path:·/boot/grub2/grub.cfg2882 ········path:·/boot/grub2/grub.cfg
2883 ········owner:·'0'2883 ········owner:·'0'
2884 ······when:2884 ······when:
2885 ······-·'"grub2"·in·ansible_facts.packages' 
2886 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'2885 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 2886 ······-·'"grub2"·in·ansible_facts.packages'
2887 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2887 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2888 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists2888 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
2889 ······tags:2889 ······tags:
2890 ······-·CCE-85848-02890 ······-·CCE-85848-0
2891 ······-·CJIS-5.5.2.22891 ······-·CJIS-5.5.2.2
2892 ······-·NIST-800-171-3.4.52892 ······-·NIST-800-171-3.4.5
2893 ······-·NIST-800-53-AC-6(1)2893 ······-·NIST-800-53-AC-6(1)
Offset 2918, 16 lines modifiedOffset 2918, 16 lines modified
2918 ······-·no_reboot_needed2918 ······-·no_reboot_needed
  
2919 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg2919 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
2920 ······stat:2920 ······stat:
2921 ········path:·/boot/grub2/grub.cfg2921 ········path:·/boot/grub2/grub.cfg
2922 ······register:·file_exists2922 ······register:·file_exists
2923 ······when:2923 ······when:
2924 ······-·'"grub2"·in·ansible_facts.packages' 
2925 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'2924 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 2925 ······-·'"grub2"·in·ansible_facts.packages'
2926 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2926 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2927 ······tags:2927 ······tags:
2928 ······-·CCE-91426-72928 ······-·CCE-91426-7
2929 ······-·NIST-800-171-3.4.52929 ······-·NIST-800-171-3.4.5
2930 ······-·NIST-800-53-AC-6(1)2930 ······-·NIST-800-53-AC-6(1)
2931 ······-·NIST-800-53-CM-6(a)2931 ······-·NIST-800-53-CM-6(a)
2932 ······-·configure_strategy2932 ······-·configure_strategy
Offset 2938, 16 lines modifiedOffset 2938, 16 lines modified
2938 ······-·no_reboot_needed2938 ······-·no_reboot_needed
  
2939 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg2939 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
2940 ······file:2940 ······file:
2941 ········path:·/boot/grub2/grub.cfg2941 ········path:·/boot/grub2/grub.cfg
2942 ········mode:·u-xs,g-xwrs,o-xwrt2942 ········mode:·u-xs,g-xwrs,o-xwrt
2943 ······when:2943 ······when:
2944 ······-·'"grub2"·in·ansible_facts.packages' 
2945 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'2944 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 2945 ······-·'"grub2"·in·ansible_facts.packages'
2946 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2946 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2947 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists2947 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
2948 ······tags:2948 ······tags:
2949 ······-·CCE-91426-72949 ······-·CCE-91426-7
2950 ······-·NIST-800-171-3.4.52950 ······-·NIST-800-171-3.4.5
2951 ······-·NIST-800-53-AC-6(1)2951 ······-·NIST-800-53-AC-6(1)
2952 ······-·NIST-800-53-CM-6(a)2952 ······-·NIST-800-53-CM-6(a)
3.82 KB
./usr/share/scap-security-guide/ansible/sle15-playbook-cis_workstation_l1.yml
Ordering differences only
    
Offset 2794, 16 lines modifiedOffset 2794, 16 lines modified
2794 ······-·no_reboot_needed2794 ······-·no_reboot_needed
  
2795 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg2795 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
2796 ······stat:2796 ······stat:
2797 ········path:·/boot/grub2/grub.cfg2797 ········path:·/boot/grub2/grub.cfg
2798 ······register:·file_exists2798 ······register:·file_exists
2799 ······when:2799 ······when:
2800 ······-·'"grub2"·in·ansible_facts.packages' 
2801 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'2800 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 2801 ······-·'"grub2"·in·ansible_facts.packages'
2802 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2802 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2803 ······tags:2803 ······tags:
2804 ······-·CCE-85849-82804 ······-·CCE-85849-8
2805 ······-·CJIS-5.5.2.22805 ······-·CJIS-5.5.2.2
2806 ······-·NIST-800-171-3.4.52806 ······-·NIST-800-171-3.4.5
2807 ······-·NIST-800-53-AC-6(1)2807 ······-·NIST-800-53-AC-6(1)
2808 ······-·NIST-800-53-CM-6(a)2808 ······-·NIST-800-53-CM-6(a)
Offset 2816, 16 lines modifiedOffset 2816, 16 lines modified
2816 ······-·no_reboot_needed2816 ······-·no_reboot_needed
  
2817 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg2817 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
2818 ······file:2818 ······file:
2819 ········path:·/boot/grub2/grub.cfg2819 ········path:·/boot/grub2/grub.cfg
2820 ········group:·'0'2820 ········group:·'0'
2821 ······when:2821 ······when:
2822 ······-·'"grub2"·in·ansible_facts.packages' 
2823 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'2822 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 2823 ······-·'"grub2"·in·ansible_facts.packages'
2824 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2824 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2825 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists2825 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
2826 ······tags:2826 ······tags:
2827 ······-·CCE-85849-82827 ······-·CCE-85849-8
2828 ······-·CJIS-5.5.2.22828 ······-·CJIS-5.5.2.2
2829 ······-·NIST-800-171-3.4.52829 ······-·NIST-800-171-3.4.5
2830 ······-·NIST-800-53-AC-6(1)2830 ······-·NIST-800-53-AC-6(1)
Offset 2857, 16 lines modifiedOffset 2857, 16 lines modified
2857 ······-·no_reboot_needed2857 ······-·no_reboot_needed
  
2858 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg2858 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
2859 ······stat:2859 ······stat:
2860 ········path:·/boot/grub2/grub.cfg2860 ········path:·/boot/grub2/grub.cfg
2861 ······register:·file_exists2861 ······register:·file_exists
2862 ······when:2862 ······when:
2863 ······-·'"grub2"·in·ansible_facts.packages' 
2864 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'2863 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 2864 ······-·'"grub2"·in·ansible_facts.packages'
2865 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2865 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2866 ······tags:2866 ······tags:
2867 ······-·CCE-85848-02867 ······-·CCE-85848-0
2868 ······-·CJIS-5.5.2.22868 ······-·CJIS-5.5.2.2
2869 ······-·NIST-800-171-3.4.52869 ······-·NIST-800-171-3.4.5
2870 ······-·NIST-800-53-AC-6(1)2870 ······-·NIST-800-53-AC-6(1)
2871 ······-·NIST-800-53-CM-6(a)2871 ······-·NIST-800-53-CM-6(a)
Offset 2879, 16 lines modifiedOffset 2879, 16 lines modified
2879 ······-·no_reboot_needed2879 ······-·no_reboot_needed
  
2880 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg2880 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
2881 ······file:2881 ······file:
2882 ········path:·/boot/grub2/grub.cfg2882 ········path:·/boot/grub2/grub.cfg
2883 ········owner:·'0'2883 ········owner:·'0'
2884 ······when:2884 ······when:
2885 ······-·'"grub2"·in·ansible_facts.packages' 
2886 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'2885 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 2886 ······-·'"grub2"·in·ansible_facts.packages'
2887 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2887 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2888 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists2888 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
2889 ······tags:2889 ······tags:
2890 ······-·CCE-85848-02890 ······-·CCE-85848-0
2891 ······-·CJIS-5.5.2.22891 ······-·CJIS-5.5.2.2
2892 ······-·NIST-800-171-3.4.52892 ······-·NIST-800-171-3.4.5
2893 ······-·NIST-800-53-AC-6(1)2893 ······-·NIST-800-53-AC-6(1)
Offset 2918, 16 lines modifiedOffset 2918, 16 lines modified
2918 ······-·no_reboot_needed2918 ······-·no_reboot_needed
  
2919 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg2919 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
2920 ······stat:2920 ······stat:
2921 ········path:·/boot/grub2/grub.cfg2921 ········path:·/boot/grub2/grub.cfg
2922 ······register:·file_exists2922 ······register:·file_exists
2923 ······when:2923 ······when:
2924 ······-·'"grub2"·in·ansible_facts.packages' 
2925 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'2924 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 2925 ······-·'"grub2"·in·ansible_facts.packages'
2926 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2926 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2927 ······tags:2927 ······tags:
2928 ······-·CCE-91426-72928 ······-·CCE-91426-7
2929 ······-·NIST-800-171-3.4.52929 ······-·NIST-800-171-3.4.5
2930 ······-·NIST-800-53-AC-6(1)2930 ······-·NIST-800-53-AC-6(1)
2931 ······-·NIST-800-53-CM-6(a)2931 ······-·NIST-800-53-CM-6(a)
2932 ······-·configure_strategy2932 ······-·configure_strategy
Offset 2938, 16 lines modifiedOffset 2938, 16 lines modified
2938 ······-·no_reboot_needed2938 ······-·no_reboot_needed
  
2939 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg2939 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
2940 ······file:2940 ······file:
2941 ········path:·/boot/grub2/grub.cfg2941 ········path:·/boot/grub2/grub.cfg
2942 ········mode:·u-xs,g-xwrs,o-xwrt2942 ········mode:·u-xs,g-xwrs,o-xwrt
2943 ······when:2943 ······when:
2944 ······-·'"grub2"·in·ansible_facts.packages' 
2945 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'2944 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 2945 ······-·'"grub2"·in·ansible_facts.packages'
2946 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2946 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2947 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists2947 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
2948 ······tags:2948 ······tags:
2949 ······-·CCE-91426-72949 ······-·CCE-91426-7
2950 ······-·NIST-800-171-3.4.52950 ······-·NIST-800-171-3.4.5
2951 ······-·NIST-800-53-AC-6(1)2951 ······-·NIST-800-53-AC-6(1)
2952 ······-·NIST-800-53-CM-6(a)2952 ······-·NIST-800-53-CM-6(a)
3.83 KB
./usr/share/scap-security-guide/ansible/sle15-playbook-cis_workstation_l2.yml
Ordering differences only
    
Offset 18652, 16 lines modifiedOffset 18652, 16 lines modified
18652 ······-·no_reboot_needed18652 ······-·no_reboot_needed
  
18653 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg18653 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
18654 ······stat:18654 ······stat:
18655 ········path:·/boot/grub2/grub.cfg18655 ········path:·/boot/grub2/grub.cfg
18656 ······register:·file_exists18656 ······register:·file_exists
18657 ······when:18657 ······when:
18658 ······-·'"grub2"·in·ansible_facts.packages' 
18659 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'18658 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 18659 ······-·'"grub2"·in·ansible_facts.packages'
18660 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]18660 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
18661 ······tags:18661 ······tags:
18662 ······-·CCE-85849-818662 ······-·CCE-85849-8
18663 ······-·CJIS-5.5.2.218663 ······-·CJIS-5.5.2.2
18664 ······-·NIST-800-171-3.4.518664 ······-·NIST-800-171-3.4.5
18665 ······-·NIST-800-53-AC-6(1)18665 ······-·NIST-800-53-AC-6(1)
18666 ······-·NIST-800-53-CM-6(a)18666 ······-·NIST-800-53-CM-6(a)
Offset 18674, 16 lines modifiedOffset 18674, 16 lines modified
18674 ······-·no_reboot_needed18674 ······-·no_reboot_needed
  
18675 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg18675 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
18676 ······file:18676 ······file:
18677 ········path:·/boot/grub2/grub.cfg18677 ········path:·/boot/grub2/grub.cfg
18678 ········group:·'0'18678 ········group:·'0'
18679 ······when:18679 ······when:
18680 ······-·'"grub2"·in·ansible_facts.packages' 
18681 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'18680 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 18681 ······-·'"grub2"·in·ansible_facts.packages'
18682 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]18682 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
18683 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists18683 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
18684 ······tags:18684 ······tags:
18685 ······-·CCE-85849-818685 ······-·CCE-85849-8
18686 ······-·CJIS-5.5.2.218686 ······-·CJIS-5.5.2.2
18687 ······-·NIST-800-171-3.4.518687 ······-·NIST-800-171-3.4.5
18688 ······-·NIST-800-53-AC-6(1)18688 ······-·NIST-800-53-AC-6(1)
Offset 18715, 16 lines modifiedOffset 18715, 16 lines modified
18715 ······-·no_reboot_needed18715 ······-·no_reboot_needed
  
18716 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg18716 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
18717 ······stat:18717 ······stat:
18718 ········path:·/boot/grub2/grub.cfg18718 ········path:·/boot/grub2/grub.cfg
18719 ······register:·file_exists18719 ······register:·file_exists
18720 ······when:18720 ······when:
18721 ······-·'"grub2"·in·ansible_facts.packages' 
18722 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'18721 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 18722 ······-·'"grub2"·in·ansible_facts.packages'
18723 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]18723 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
18724 ······tags:18724 ······tags:
18725 ······-·CCE-85848-018725 ······-·CCE-85848-0
18726 ······-·CJIS-5.5.2.218726 ······-·CJIS-5.5.2.2
18727 ······-·NIST-800-171-3.4.518727 ······-·NIST-800-171-3.4.5
18728 ······-·NIST-800-53-AC-6(1)18728 ······-·NIST-800-53-AC-6(1)
18729 ······-·NIST-800-53-CM-6(a)18729 ······-·NIST-800-53-CM-6(a)
Offset 18737, 16 lines modifiedOffset 18737, 16 lines modified
18737 ······-·no_reboot_needed18737 ······-·no_reboot_needed
  
18738 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg18738 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
18739 ······file:18739 ······file:
18740 ········path:·/boot/grub2/grub.cfg18740 ········path:·/boot/grub2/grub.cfg
18741 ········owner:·'0'18741 ········owner:·'0'
18742 ······when:18742 ······when:
18743 ······-·'"grub2"·in·ansible_facts.packages' 
18744 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'18743 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 18744 ······-·'"grub2"·in·ansible_facts.packages'
18745 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]18745 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
18746 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists18746 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
18747 ······tags:18747 ······tags:
18748 ······-·CCE-85848-018748 ······-·CCE-85848-0
18749 ······-·CJIS-5.5.2.218749 ······-·CJIS-5.5.2.2
18750 ······-·NIST-800-171-3.4.518750 ······-·NIST-800-171-3.4.5
18751 ······-·NIST-800-53-AC-6(1)18751 ······-·NIST-800-53-AC-6(1)
Offset 18776, 16 lines modifiedOffset 18776, 16 lines modified
18776 ······-·no_reboot_needed18776 ······-·no_reboot_needed
  
18777 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg18777 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
18778 ······stat:18778 ······stat:
18779 ········path:·/boot/grub2/grub.cfg18779 ········path:·/boot/grub2/grub.cfg
18780 ······register:·file_exists18780 ······register:·file_exists
18781 ······when:18781 ······when:
18782 ······-·'"grub2"·in·ansible_facts.packages' 
18783 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'18782 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 18783 ······-·'"grub2"·in·ansible_facts.packages'
18784 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]18784 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
18785 ······tags:18785 ······tags:
18786 ······-·CCE-91426-718786 ······-·CCE-91426-7
18787 ······-·NIST-800-171-3.4.518787 ······-·NIST-800-171-3.4.5
18788 ······-·NIST-800-53-AC-6(1)18788 ······-·NIST-800-53-AC-6(1)
18789 ······-·NIST-800-53-CM-6(a)18789 ······-·NIST-800-53-CM-6(a)
18790 ······-·configure_strategy18790 ······-·configure_strategy
Offset 18796, 16 lines modifiedOffset 18796, 16 lines modified
18796 ······-·no_reboot_needed18796 ······-·no_reboot_needed
  
18797 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg18797 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
18798 ······file:18798 ······file:
18799 ········path:·/boot/grub2/grub.cfg18799 ········path:·/boot/grub2/grub.cfg
18800 ········mode:·u-xs,g-xwrs,o-xwrt18800 ········mode:·u-xs,g-xwrs,o-xwrt
18801 ······when:18801 ······when:
18802 ······-·'"grub2"·in·ansible_facts.packages' 
18803 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'18802 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 18803 ······-·'"grub2"·in·ansible_facts.packages'
18804 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]18804 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
18805 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists18805 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
18806 ······tags:18806 ······tags:
18807 ······-·CCE-91426-718807 ······-·CCE-91426-7
18808 ······-·NIST-800-171-3.4.518808 ······-·NIST-800-171-3.4.5
18809 ······-·NIST-800-53-AC-6(1)18809 ······-·NIST-800-53-AC-6(1)
18810 ······-·NIST-800-53-CM-6(a)18810 ······-·NIST-800-53-CM-6(a)
3.81 KB
./usr/share/scap-security-guide/ansible/sle15-playbook-hipaa.yml
Ordering differences only
    
Offset 21255, 16 lines modifiedOffset 21255, 16 lines modified
21255 ······-·no_reboot_needed21255 ······-·no_reboot_needed
  
21256 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg21256 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
21257 ······stat:21257 ······stat:
21258 ········path:·/boot/grub2/grub.cfg21258 ········path:·/boot/grub2/grub.cfg
21259 ······register:·file_exists21259 ······register:·file_exists
21260 ······when:21260 ······when:
21261 ······-·'"grub2"·in·ansible_facts.packages' 
21262 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'21261 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 21262 ······-·'"grub2"·in·ansible_facts.packages'
21263 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21263 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21264 ······tags:21264 ······tags:
21265 ······-·CCE-85849-821265 ······-·CCE-85849-8
21266 ······-·CJIS-5.5.2.221266 ······-·CJIS-5.5.2.2
21267 ······-·NIST-800-171-3.4.521267 ······-·NIST-800-171-3.4.5
21268 ······-·NIST-800-53-AC-6(1)21268 ······-·NIST-800-53-AC-6(1)
21269 ······-·NIST-800-53-CM-6(a)21269 ······-·NIST-800-53-CM-6(a)
Offset 21277, 16 lines modifiedOffset 21277, 16 lines modified
21277 ······-·no_reboot_needed21277 ······-·no_reboot_needed
  
21278 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg21278 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
21279 ······file:21279 ······file:
21280 ········path:·/boot/grub2/grub.cfg21280 ········path:·/boot/grub2/grub.cfg
21281 ········group:·'0'21281 ········group:·'0'
21282 ······when:21282 ······when:
21283 ······-·'"grub2"·in·ansible_facts.packages' 
21284 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'21283 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 21284 ······-·'"grub2"·in·ansible_facts.packages'
21285 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21285 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21286 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists21286 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
21287 ······tags:21287 ······tags:
21288 ······-·CCE-85849-821288 ······-·CCE-85849-8
21289 ······-·CJIS-5.5.2.221289 ······-·CJIS-5.5.2.2
21290 ······-·NIST-800-171-3.4.521290 ······-·NIST-800-171-3.4.5
21291 ······-·NIST-800-53-AC-6(1)21291 ······-·NIST-800-53-AC-6(1)
Offset 21318, 16 lines modifiedOffset 21318, 16 lines modified
21318 ······-·no_reboot_needed21318 ······-·no_reboot_needed
  
21319 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg21319 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
21320 ······stat:21320 ······stat:
21321 ········path:·/boot/grub2/grub.cfg21321 ········path:·/boot/grub2/grub.cfg
21322 ······register:·file_exists21322 ······register:·file_exists
21323 ······when:21323 ······when:
21324 ······-·'"grub2"·in·ansible_facts.packages' 
21325 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'21324 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 21325 ······-·'"grub2"·in·ansible_facts.packages'
21326 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21326 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21327 ······tags:21327 ······tags:
21328 ······-·CCE-85848-021328 ······-·CCE-85848-0
21329 ······-·CJIS-5.5.2.221329 ······-·CJIS-5.5.2.2
21330 ······-·NIST-800-171-3.4.521330 ······-·NIST-800-171-3.4.5
21331 ······-·NIST-800-53-AC-6(1)21331 ······-·NIST-800-53-AC-6(1)
21332 ······-·NIST-800-53-CM-6(a)21332 ······-·NIST-800-53-CM-6(a)
Offset 21340, 16 lines modifiedOffset 21340, 16 lines modified
21340 ······-·no_reboot_needed21340 ······-·no_reboot_needed
  
21341 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg21341 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
21342 ······file:21342 ······file:
21343 ········path:·/boot/grub2/grub.cfg21343 ········path:·/boot/grub2/grub.cfg
21344 ········owner:·'0'21344 ········owner:·'0'
21345 ······when:21345 ······when:
21346 ······-·'"grub2"·in·ansible_facts.packages' 
21347 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'21346 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 21347 ······-·'"grub2"·in·ansible_facts.packages'
21348 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21348 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21349 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists21349 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
21350 ······tags:21350 ······tags:
21351 ······-·CCE-85848-021351 ······-·CCE-85848-0
21352 ······-·CJIS-5.5.2.221352 ······-·CJIS-5.5.2.2
21353 ······-·NIST-800-171-3.4.521353 ······-·NIST-800-171-3.4.5
21354 ······-·NIST-800-53-AC-6(1)21354 ······-·NIST-800-53-AC-6(1)
Offset 21379, 16 lines modifiedOffset 21379, 16 lines modified
21379 ······-·no_reboot_needed21379 ······-·no_reboot_needed
  
21380 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg21380 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
21381 ······stat:21381 ······stat:
21382 ········path:·/boot/grub2/grub.cfg21382 ········path:·/boot/grub2/grub.cfg
21383 ······register:·file_exists21383 ······register:·file_exists
21384 ······when:21384 ······when:
21385 ······-·'"grub2"·in·ansible_facts.packages' 
21386 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'21385 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 21386 ······-·'"grub2"·in·ansible_facts.packages'
21387 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21387 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21388 ······tags:21388 ······tags:
21389 ······-·CCE-91426-721389 ······-·CCE-91426-7
21390 ······-·NIST-800-171-3.4.521390 ······-·NIST-800-171-3.4.5
21391 ······-·NIST-800-53-AC-6(1)21391 ······-·NIST-800-53-AC-6(1)
21392 ······-·NIST-800-53-CM-6(a)21392 ······-·NIST-800-53-CM-6(a)
21393 ······-·configure_strategy21393 ······-·configure_strategy
Offset 21399, 16 lines modifiedOffset 21399, 16 lines modified
21399 ······-·no_reboot_needed21399 ······-·no_reboot_needed
  
21400 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg21400 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
21401 ······file:21401 ······file:
21402 ········path:·/boot/grub2/grub.cfg21402 ········path:·/boot/grub2/grub.cfg
21403 ········mode:·u-xs,g-xwrs,o-xwrt21403 ········mode:·u-xs,g-xwrs,o-xwrt
21404 ······when:21404 ······when:
21405 ······-·'"grub2"·in·ansible_facts.packages' 
21406 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'21405 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 21406 ······-·'"grub2"·in·ansible_facts.packages'
21407 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]21407 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
21408 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists21408 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
21409 ······tags:21409 ······tags:
21410 ······-·CCE-91426-721410 ······-·CCE-91426-7
21411 ······-·NIST-800-171-3.4.521411 ······-·NIST-800-171-3.4.5
21412 ······-·NIST-800-53-AC-6(1)21412 ······-·NIST-800-53-AC-6(1)
21413 ······-·NIST-800-53-CM-6(a)21413 ······-·NIST-800-53-CM-6(a)
2.57 KB
./usr/share/scap-security-guide/ansible/sle15-playbook-pci-dss-4.yml
Ordering differences only
    
Offset 26994, 16 lines modifiedOffset 26994, 16 lines modified
26994 ······-·no_reboot_needed26994 ······-·no_reboot_needed
  
26995 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg26995 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
26996 ······stat:26996 ······stat:
26997 ········path:·/boot/grub2/grub.cfg26997 ········path:·/boot/grub2/grub.cfg
26998 ······register:·file_exists26998 ······register:·file_exists
26999 ······when:26999 ······when:
27000 ······-·'"grub2"·in·ansible_facts.packages' 
27001 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'27000 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 27001 ······-·'"grub2"·in·ansible_facts.packages'
27002 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]27002 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
27003 ······tags:27003 ······tags:
27004 ······-·CCE-85849-827004 ······-·CCE-85849-8
27005 ······-·CJIS-5.5.2.227005 ······-·CJIS-5.5.2.2
27006 ······-·NIST-800-171-3.4.527006 ······-·NIST-800-171-3.4.5
27007 ······-·NIST-800-53-AC-6(1)27007 ······-·NIST-800-53-AC-6(1)
27008 ······-·NIST-800-53-CM-6(a)27008 ······-·NIST-800-53-CM-6(a)
Offset 27016, 16 lines modifiedOffset 27016, 16 lines modified
27016 ······-·no_reboot_needed27016 ······-·no_reboot_needed
  
27017 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg27017 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
27018 ······file:27018 ······file:
27019 ········path:·/boot/grub2/grub.cfg27019 ········path:·/boot/grub2/grub.cfg
27020 ········group:·'0'27020 ········group:·'0'
27021 ······when:27021 ······when:
27022 ······-·'"grub2"·in·ansible_facts.packages' 
27023 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'27022 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 27023 ······-·'"grub2"·in·ansible_facts.packages'
27024 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]27024 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
27025 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists27025 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
27026 ······tags:27026 ······tags:
27027 ······-·CCE-85849-827027 ······-·CCE-85849-8
27028 ······-·CJIS-5.5.2.227028 ······-·CJIS-5.5.2.2
27029 ······-·NIST-800-171-3.4.527029 ······-·NIST-800-171-3.4.5
27030 ······-·NIST-800-53-AC-6(1)27030 ······-·NIST-800-53-AC-6(1)
Offset 27057, 16 lines modifiedOffset 27057, 16 lines modified
27057 ······-·no_reboot_needed27057 ······-·no_reboot_needed
  
27058 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg27058 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
27059 ······stat:27059 ······stat:
27060 ········path:·/boot/grub2/grub.cfg27060 ········path:·/boot/grub2/grub.cfg
27061 ······register:·file_exists27061 ······register:·file_exists
27062 ······when:27062 ······when:
27063 ······-·'"grub2"·in·ansible_facts.packages' 
27064 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'27063 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 27064 ······-·'"grub2"·in·ansible_facts.packages'
27065 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]27065 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
27066 ······tags:27066 ······tags:
27067 ······-·CCE-85848-027067 ······-·CCE-85848-0
27068 ······-·CJIS-5.5.2.227068 ······-·CJIS-5.5.2.2
27069 ······-·NIST-800-171-3.4.527069 ······-·NIST-800-171-3.4.5
27070 ······-·NIST-800-53-AC-6(1)27070 ······-·NIST-800-53-AC-6(1)
27071 ······-·NIST-800-53-CM-6(a)27071 ······-·NIST-800-53-CM-6(a)
Offset 27079, 16 lines modifiedOffset 27079, 16 lines modified
27079 ······-·no_reboot_needed27079 ······-·no_reboot_needed
  
27080 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg27080 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
27081 ······file:27081 ······file:
27082 ········path:·/boot/grub2/grub.cfg27082 ········path:·/boot/grub2/grub.cfg
27083 ········owner:·'0'27083 ········owner:·'0'
27084 ······when:27084 ······when:
27085 ······-·'"grub2"·in·ansible_facts.packages' 
27086 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'27085 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 27086 ······-·'"grub2"·in·ansible_facts.packages'
27087 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]27087 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
27088 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists27088 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
27089 ······tags:27089 ······tags:
27090 ······-·CCE-85848-027090 ······-·CCE-85848-0
27091 ······-·CJIS-5.5.2.227091 ······-·CJIS-5.5.2.2
27092 ······-·NIST-800-171-3.4.527092 ······-·NIST-800-171-3.4.5
27093 ······-·NIST-800-53-AC-6(1)27093 ······-·NIST-800-53-AC-6(1)
2.56 KB
./usr/share/scap-security-guide/ansible/sle15-playbook-pci-dss.yml
Ordering differences only
    
Offset 25610, 16 lines modifiedOffset 25610, 16 lines modified
25610 ······-·no_reboot_needed25610 ······-·no_reboot_needed
  
25611 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg25611 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
25612 ······stat:25612 ······stat:
25613 ········path:·/boot/grub2/grub.cfg25613 ········path:·/boot/grub2/grub.cfg
25614 ······register:·file_exists25614 ······register:·file_exists
25615 ······when:25615 ······when:
25616 ······-·'"grub2"·in·ansible_facts.packages' 
25617 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'25616 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 25617 ······-·'"grub2"·in·ansible_facts.packages'
25618 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]25618 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
25619 ······tags:25619 ······tags:
25620 ······-·CCE-85849-825620 ······-·CCE-85849-8
25621 ······-·CJIS-5.5.2.225621 ······-·CJIS-5.5.2.2
25622 ······-·NIST-800-171-3.4.525622 ······-·NIST-800-171-3.4.5
25623 ······-·NIST-800-53-AC-6(1)25623 ······-·NIST-800-53-AC-6(1)
25624 ······-·NIST-800-53-CM-6(a)25624 ······-·NIST-800-53-CM-6(a)
Offset 25632, 16 lines modifiedOffset 25632, 16 lines modified
25632 ······-·no_reboot_needed25632 ······-·no_reboot_needed
  
25633 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg25633 ····-·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
25634 ······file:25634 ······file:
25635 ········path:·/boot/grub2/grub.cfg25635 ········path:·/boot/grub2/grub.cfg
25636 ········group:·'0'25636 ········group:·'0'
25637 ······when:25637 ······when:
25638 ······-·'"grub2"·in·ansible_facts.packages' 
25639 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'25638 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 25639 ······-·'"grub2"·in·ansible_facts.packages'
25640 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]25640 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
25641 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists25641 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
25642 ······tags:25642 ······tags:
25643 ······-·CCE-85849-825643 ······-·CCE-85849-8
25644 ······-·CJIS-5.5.2.225644 ······-·CJIS-5.5.2.2
25645 ······-·NIST-800-171-3.4.525645 ······-·NIST-800-171-3.4.5
25646 ······-·NIST-800-53-AC-6(1)25646 ······-·NIST-800-53-AC-6(1)
Offset 25673, 16 lines modifiedOffset 25673, 16 lines modified
25673 ······-·no_reboot_needed25673 ······-·no_reboot_needed
  
25674 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg25674 ····-·name:·Test·for·existence·/boot/grub2/grub.cfg
25675 ······stat:25675 ······stat:
25676 ········path:·/boot/grub2/grub.cfg25676 ········path:·/boot/grub2/grub.cfg
25677 ······register:·file_exists25677 ······register:·file_exists
25678 ······when:25678 ······when:
25679 ······-·'"grub2"·in·ansible_facts.packages' 
25680 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'25679 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 25680 ······-·'"grub2"·in·ansible_facts.packages'
25681 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]25681 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
25682 ······tags:25682 ······tags:
25683 ······-·CCE-85848-025683 ······-·CCE-85848-0
25684 ······-·CJIS-5.5.2.225684 ······-·CJIS-5.5.2.2
25685 ······-·NIST-800-171-3.4.525685 ······-·NIST-800-171-3.4.5
25686 ······-·NIST-800-53-AC-6(1)25686 ······-·NIST-800-53-AC-6(1)
25687 ······-·NIST-800-53-CM-6(a)25687 ······-·NIST-800-53-CM-6(a)
Offset 25695, 16 lines modifiedOffset 25695, 16 lines modified
25695 ······-·no_reboot_needed25695 ······-·no_reboot_needed
  
25696 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg25696 ····-·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
25697 ······file:25697 ······file:
25698 ········path:·/boot/grub2/grub.cfg25698 ········path:·/boot/grub2/grub.cfg
25699 ········owner:·'0'25699 ········owner:·'0'
25700 ······when:25700 ······when:
25701 ······-·'"grub2"·in·ansible_facts.packages' 
25702 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'25701 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 25702 ······-·'"grub2"·in·ansible_facts.packages'
25703 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]25703 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
25704 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists25704 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
25705 ······tags:25705 ······tags:
25706 ······-·CCE-85848-025706 ······-·CCE-85848-0
25707 ······-·CJIS-5.5.2.225707 ······-·CJIS-5.5.2.2
25708 ······-·NIST-800-171-3.4.525708 ······-·NIST-800-171-3.4.5
25709 ······-·NIST-800-53-AC-6(1)25709 ······-·NIST-800-53-AC-6(1)
1.14 KB
./usr/share/scap-security-guide/tailoring/rhel7_stig_delta_tailoring.xml
1.0 KB
./usr/share/scap-security-guide/tailoring/rhel7_stig_delta_tailoring.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Tailoring·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·id="xccdf_content-disa-delta_tailoring_default">2 <xccdf-1.2:Tailoring·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·id="xccdf_content-disa-delta_tailoring_default">
3 ··<xccdf-1.2:version·time="2024-01-14T02:14:29.828623">1</xccdf-1.2:version>3 ··<xccdf-1.2:version·time="2025-02-15T09:40:09.935389">1</xccdf-1.2:version>
4 ··<xccdf-1.2:Profile·id="xccdf_org.ssgproject.content_profile_stig_delta_tailoring"·extends="xccdf_org.ssgproject.content_profile_stig">4 ··<xccdf-1.2:Profile·id="xccdf_org.ssgproject.content_profile_stig_delta_tailoring"·extends="xccdf_org.ssgproject.content_profile_stig">
5 ····<xccdf-1.2:title·override="true">DISA·STIG·for·Red·Hat·Enterprise·Linux·7</xccdf-1.2:title>5 ····<xccdf-1.2:title·override="true">DISA·STIG·for·Red·Hat·Enterprise·Linux·7</xccdf-1.2:title>
6 ····<xccdf-1.2:description·override="true">This·profile·contains·configuration·checks·that·align·to·the6 ····<xccdf-1.2:description·override="true">This·profile·contains·configuration·checks·that·align·to·the
7 DISA·STIG·for·Red·Hat·Enterprise·Linux·V3R9.7 DISA·STIG·for·Red·Hat·Enterprise·Linux·V3R9.
  
8 In·addition·to·being·applicable·to·Red·Hat·Enterprise·Linux·7,·DISA·recognizes·this8 In·addition·to·being·applicable·to·Red·Hat·Enterprise·Linux·7,·DISA·recognizes·this
9 configuration·baseline·as·applicable·to·the·operating·system·tier·of9 configuration·baseline·as·applicable·to·the·operating·system·tier·of
1.15 KB
./usr/share/scap-security-guide/tailoring/rhel8_stig_delta_tailoring.xml
1.0 KB
./usr/share/scap-security-guide/tailoring/rhel8_stig_delta_tailoring.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Tailoring·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·id="xccdf_content-disa-delta_tailoring_default">2 <xccdf-1.2:Tailoring·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·id="xccdf_content-disa-delta_tailoring_default">
3 ··<xccdf-1.2:version·time="2024-01-14T02:14:52.044979">1</xccdf-1.2:version>3 ··<xccdf-1.2:version·time="2025-02-15T09:40:23.683224">1</xccdf-1.2:version>
4 ··<xccdf-1.2:Profile·id="xccdf_org.ssgproject.content_profile_stig_delta_tailoring"·extends="xccdf_org.ssgproject.content_profile_stig">4 ··<xccdf-1.2:Profile·id="xccdf_org.ssgproject.content_profile_stig_delta_tailoring"·extends="xccdf_org.ssgproject.content_profile_stig">
5 ····<xccdf-1.2:title·override="true">DISA·STIG·for·Red·Hat·Enterprise·Linux·8</xccdf-1.2:title>5 ····<xccdf-1.2:title·override="true">DISA·STIG·for·Red·Hat·Enterprise·Linux·8</xccdf-1.2:title>
6 ····<xccdf-1.2:description·override="true">This·profile·contains·configuration·checks·that·align·to·the6 ····<xccdf-1.2:description·override="true">This·profile·contains·configuration·checks·that·align·to·the
7 DISA·STIG·for·Red·Hat·Enterprise·Linux·8·V1R8.7 DISA·STIG·for·Red·Hat·Enterprise·Linux·8·V1R8.
  
8 In·addition·to·being·applicable·to·Red·Hat·Enterprise·Linux·8,·DISA·recognizes·this8 In·addition·to·being·applicable·to·Red·Hat·Enterprise·Linux·8,·DISA·recognizes·this
9 configuration·baseline·as·applicable·to·the·operating·system·tier·of9 configuration·baseline·as·applicable·to·the·operating·system·tier·of
8.02 KB
./usr/share/xml/scap/ssg/content/ssg-alinux2-ds-1.2.xml
7.92 KB
./usr/share/xml/scap/ssg/content/ssg-alinux2-ds-1.2.xml
    
Offset 104, 15 lines modifiedOffset 104, 15 lines modified
104 ········<cpe-dict:title·xml:lang="en-us">Alibaba·Cloud·Linux·2</cpe-dict:title>104 ········<cpe-dict:title·xml:lang="en-us">Alibaba·Cloud·Linux·2</cpe-dict:title>
105 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml">oval:ssg-installed_OS_is_alinux2:def:1</cpe-dict:check>105 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml">oval:ssg-installed_OS_is_alinux2:def:1</cpe-dict:check>
106 ······</cpe-dict:cpe-item>106 ······</cpe-dict:cpe-item>
107 ····</cpe-dict:cpe-list>107 ····</cpe-dict:cpe-list>
108 ··</ds:component>108 ··</ds:component>
109 ··<ds:component·id="scap_org.open-scap_comp_ssg-alinux2-xccdf.xml"·timestamp="2022-12-20T09:54:05">109 ··<ds:component·id="scap_org.open-scap_comp_ssg-alinux2-xccdf.xml"·timestamp="2022-12-20T09:54:05">
110 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_ALINUX-2"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">110 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_ALINUX-2"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
111 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>111 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
112 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Alibaba·Cloud·Linux·2</xccdf-1.2:title>112 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Alibaba·Cloud·Linux·2</xccdf-1.2:title>
113 ······<xccdf-1.2:description>113 ······<xccdf-1.2:description>
114 ········This·guide·presents·a·catalog·of·security-relevant114 ········This·guide·presents·a·catalog·of·security-relevant
115 configuration·settings·for·Alibaba·Cloud·Linux·2.·It·is·a·rendering·of115 configuration·settings·for·Alibaba·Cloud·Linux·2.·It·is·a·rendering·of
116 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)116 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
117 in·order·to·support·security·automation.··The·SCAP·content·is117 in·order·to·support·security·automation.··The·SCAP·content·is
118 is·available·in·the118 is·available·in·the
Offset 29953, 16 lines modifiedOffset 29953, 16 lines modified
29953 ··-·no_reboot_needed29953 ··-·no_reboot_needed
  
29954 -·name:·Test·for·existence·/boot/grub2/grub.cfg29954 -·name:·Test·for·existence·/boot/grub2/grub.cfg
29955 ··stat:29955 ··stat:
29956 ····path:·/boot/grub2/grub.cfg29956 ····path:·/boot/grub2/grub.cfg
29957 ··register:·file_exists29957 ··register:·file_exists
29958 ··when:29958 ··when:
29959 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
29960 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'29959 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 29960 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
29961 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]29961 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
29962 ··tags:29962 ··tags:
29963 ··-·CJIS-5.5.2.229963 ··-·CJIS-5.5.2.2
29964 ··-·NIST-800-171-3.4.529964 ··-·NIST-800-171-3.4.5
29965 ··-·NIST-800-53-AC-6(1)29965 ··-·NIST-800-53-AC-6(1)
29966 ··-·NIST-800-53-CM-6(a)29966 ··-·NIST-800-53-CM-6(a)
29967 ··-·PCI-DSS-Req-7.129967 ··-·PCI-DSS-Req-7.1
Offset 29974, 16 lines modifiedOffset 29974, 16 lines modified
29974 ··-·no_reboot_needed29974 ··-·no_reboot_needed
  
29975 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg29975 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
29976 ··file:29976 ··file:
29977 ····path:·/boot/grub2/grub.cfg29977 ····path:·/boot/grub2/grub.cfg
29978 ····group:·'0'29978 ····group:·'0'
29979 ··when:29979 ··when:
29980 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
29981 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'29980 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 29981 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
29982 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]29982 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
29983 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists29983 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
29984 ··tags:29984 ··tags:
29985 ··-·CJIS-5.5.2.229985 ··-·CJIS-5.5.2.2
29986 ··-·NIST-800-171-3.4.529986 ··-·NIST-800-171-3.4.5
29987 ··-·NIST-800-53-AC-6(1)29987 ··-·NIST-800-53-AC-6(1)
29988 ··-·NIST-800-53-CM-6(a)29988 ··-·NIST-800-53-CM-6(a)
Offset 29991, 15 lines modifiedOffset 29991, 15 lines modified
29991 ··-·configure_strategy29991 ··-·configure_strategy
29992 ··-·file_groupowner_grub2_cfg29992 ··-·file_groupowner_grub2_cfg
29993 ··-·low_complexity29993 ··-·low_complexity
29994 ··-·low_disruption29994 ··-·low_disruption
29995 ··-·medium_severity29995 ··-·medium_severity
29996 ··-·no_reboot_needed</xccdf-1.2:fix>29996 ··-·no_reboot_needed</xccdf-1.2:fix>
29997 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms29997 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
29998 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then29998 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
29999 chgrp·0·/boot/grub2/grub.cfg29999 chgrp·0·/boot/grub2/grub.cfg
  
30000 else30000 else
30001 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'30001 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
30002 fi</xccdf-1.2:fix>30002 fi</xccdf-1.2:fix>
30003 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">30003 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 30102, 16 lines modifiedOffset 30102, 16 lines modified
30102 ··-·no_reboot_needed30102 ··-·no_reboot_needed
  
30103 -·name:·Test·for·existence·/boot/grub2/grub.cfg30103 -·name:·Test·for·existence·/boot/grub2/grub.cfg
30104 ··stat:30104 ··stat:
30105 ····path:·/boot/grub2/grub.cfg30105 ····path:·/boot/grub2/grub.cfg
30106 ··register:·file_exists30106 ··register:·file_exists
30107 ··when:30107 ··when:
30108 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
30109 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'30108 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 30109 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
30110 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]30110 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
30111 ··tags:30111 ··tags:
30112 ··-·CJIS-5.5.2.230112 ··-·CJIS-5.5.2.2
30113 ··-·NIST-800-171-3.4.530113 ··-·NIST-800-171-3.4.5
30114 ··-·NIST-800-53-AC-6(1)30114 ··-·NIST-800-53-AC-6(1)
30115 ··-·NIST-800-53-CM-6(a)30115 ··-·NIST-800-53-CM-6(a)
30116 ··-·PCI-DSS-Req-7.130116 ··-·PCI-DSS-Req-7.1
Offset 30123, 16 lines modifiedOffset 30123, 16 lines modified
30123 ··-·no_reboot_needed30123 ··-·no_reboot_needed
  
30124 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg30124 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
30125 ··file:30125 ··file:
30126 ····path:·/boot/grub2/grub.cfg30126 ····path:·/boot/grub2/grub.cfg
30127 ····owner:·'0'30127 ····owner:·'0'
30128 ··when:30128 ··when:
30129 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
30130 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'30129 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 30130 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
30131 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]30131 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
30132 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists30132 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
30133 ··tags:30133 ··tags:
30134 ··-·CJIS-5.5.2.230134 ··-·CJIS-5.5.2.2
30135 ··-·NIST-800-171-3.4.530135 ··-·NIST-800-171-3.4.5
30136 ··-·NIST-800-53-AC-6(1)30136 ··-·NIST-800-53-AC-6(1)
30137 ··-·NIST-800-53-CM-6(a)30137 ··-·NIST-800-53-CM-6(a)
Offset 30140, 15 lines modifiedOffset 30140, 15 lines modified
30140 ··-·configure_strategy30140 ··-·configure_strategy
30141 ··-·file_owner_grub2_cfg30141 ··-·file_owner_grub2_cfg
30142 ··-·low_complexity30142 ··-·low_complexity
30143 ··-·low_disruption30143 ··-·low_disruption
30144 ··-·medium_severity30144 ··-·medium_severity
30145 ··-·no_reboot_needed</xccdf-1.2:fix>30145 ··-·no_reboot_needed</xccdf-1.2:fix>
30146 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms30146 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
30147 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then30147 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
30148 chown·0·/boot/grub2/grub.cfg30148 chown·0·/boot/grub2/grub.cfg
  
30149 else30149 else
30150 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'30150 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
30151 fi</xccdf-1.2:fix>30151 fi</xccdf-1.2:fix>
30152 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">30152 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 30244, 16 lines modifiedOffset 30244, 16 lines modified
30244 ··-·no_reboot_needed30244 ··-·no_reboot_needed
  
30245 -·name:·Test·for·existence·/boot/grub2/grub.cfg30245 -·name:·Test·for·existence·/boot/grub2/grub.cfg
30246 ··stat:30246 ··stat:
30247 ····path:·/boot/grub2/grub.cfg30247 ····path:·/boot/grub2/grub.cfg
30248 ··register:·file_exists30248 ··register:·file_exists
30249 ··when:30249 ··when:
Max diff block lines reached; 1951/7995 bytes (24.40%) of diff not shown.
8.01 KB
./usr/share/xml/scap/ssg/content/ssg-alinux2-ds.xml
7.91 KB
./usr/share/xml/scap/ssg/content/ssg-alinux2-ds.xml
    
Offset 104, 15 lines modifiedOffset 104, 15 lines modified
104 ········<cpe-dict:title·xml:lang="en-us">Alibaba·Cloud·Linux·2</cpe-dict:title>104 ········<cpe-dict:title·xml:lang="en-us">Alibaba·Cloud·Linux·2</cpe-dict:title>
105 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml">oval:ssg-installed_OS_is_alinux2:def:1</cpe-dict:check>105 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux2-cpe-oval.xml">oval:ssg-installed_OS_is_alinux2:def:1</cpe-dict:check>
106 ······</cpe-dict:cpe-item>106 ······</cpe-dict:cpe-item>
107 ····</cpe-dict:cpe-list>107 ····</cpe-dict:cpe-list>
108 ··</ds:component>108 ··</ds:component>
109 ··<ds:component·id="scap_org.open-scap_comp_ssg-alinux2-xccdf.xml"·timestamp="2022-12-20T09:54:05">109 ··<ds:component·id="scap_org.open-scap_comp_ssg-alinux2-xccdf.xml"·timestamp="2022-12-20T09:54:05">
110 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_ALINUX-2"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">110 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_ALINUX-2"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
111 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>111 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
112 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Alibaba·Cloud·Linux·2</xccdf-1.2:title>112 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Alibaba·Cloud·Linux·2</xccdf-1.2:title>
113 ······<xccdf-1.2:description>113 ······<xccdf-1.2:description>
114 ········This·guide·presents·a·catalog·of·security-relevant114 ········This·guide·presents·a·catalog·of·security-relevant
115 configuration·settings·for·Alibaba·Cloud·Linux·2.·It·is·a·rendering·of115 configuration·settings·for·Alibaba·Cloud·Linux·2.·It·is·a·rendering·of
116 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)116 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
117 in·order·to·support·security·automation.··The·SCAP·content·is117 in·order·to·support·security·automation.··The·SCAP·content·is
118 is·available·in·the118 is·available·in·the
Offset 29953, 16 lines modifiedOffset 29953, 16 lines modified
29953 ··-·no_reboot_needed29953 ··-·no_reboot_needed
  
29954 -·name:·Test·for·existence·/boot/grub2/grub.cfg29954 -·name:·Test·for·existence·/boot/grub2/grub.cfg
29955 ··stat:29955 ··stat:
29956 ····path:·/boot/grub2/grub.cfg29956 ····path:·/boot/grub2/grub.cfg
29957 ··register:·file_exists29957 ··register:·file_exists
29958 ··when:29958 ··when:
29959 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
29960 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'29959 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 29960 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
29961 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]29961 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
29962 ··tags:29962 ··tags:
29963 ··-·CJIS-5.5.2.229963 ··-·CJIS-5.5.2.2
29964 ··-·NIST-800-171-3.4.529964 ··-·NIST-800-171-3.4.5
29965 ··-·NIST-800-53-AC-6(1)29965 ··-·NIST-800-53-AC-6(1)
29966 ··-·NIST-800-53-CM-6(a)29966 ··-·NIST-800-53-CM-6(a)
29967 ··-·PCI-DSS-Req-7.129967 ··-·PCI-DSS-Req-7.1
Offset 29974, 16 lines modifiedOffset 29974, 16 lines modified
29974 ··-·no_reboot_needed29974 ··-·no_reboot_needed
  
29975 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg29975 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
29976 ··file:29976 ··file:
29977 ····path:·/boot/grub2/grub.cfg29977 ····path:·/boot/grub2/grub.cfg
29978 ····group:·'0'29978 ····group:·'0'
29979 ··when:29979 ··when:
29980 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
29981 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'29980 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 29981 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
29982 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]29982 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
29983 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists29983 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
29984 ··tags:29984 ··tags:
29985 ··-·CJIS-5.5.2.229985 ··-·CJIS-5.5.2.2
29986 ··-·NIST-800-171-3.4.529986 ··-·NIST-800-171-3.4.5
29987 ··-·NIST-800-53-AC-6(1)29987 ··-·NIST-800-53-AC-6(1)
29988 ··-·NIST-800-53-CM-6(a)29988 ··-·NIST-800-53-CM-6(a)
Offset 29991, 15 lines modifiedOffset 29991, 15 lines modified
29991 ··-·configure_strategy29991 ··-·configure_strategy
29992 ··-·file_groupowner_grub2_cfg29992 ··-·file_groupowner_grub2_cfg
29993 ··-·low_complexity29993 ··-·low_complexity
29994 ··-·low_disruption29994 ··-·low_disruption
29995 ··-·medium_severity29995 ··-·medium_severity
29996 ··-·no_reboot_needed</xccdf-1.2:fix>29996 ··-·no_reboot_needed</xccdf-1.2:fix>
29997 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms29997 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
29998 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then29998 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
29999 chgrp·0·/boot/grub2/grub.cfg29999 chgrp·0·/boot/grub2/grub.cfg
  
30000 else30000 else
30001 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'30001 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
30002 fi</xccdf-1.2:fix>30002 fi</xccdf-1.2:fix>
30003 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">30003 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 30102, 16 lines modifiedOffset 30102, 16 lines modified
30102 ··-·no_reboot_needed30102 ··-·no_reboot_needed
  
30103 -·name:·Test·for·existence·/boot/grub2/grub.cfg30103 -·name:·Test·for·existence·/boot/grub2/grub.cfg
30104 ··stat:30104 ··stat:
30105 ····path:·/boot/grub2/grub.cfg30105 ····path:·/boot/grub2/grub.cfg
30106 ··register:·file_exists30106 ··register:·file_exists
30107 ··when:30107 ··when:
30108 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
30109 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'30108 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 30109 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
30110 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]30110 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
30111 ··tags:30111 ··tags:
30112 ··-·CJIS-5.5.2.230112 ··-·CJIS-5.5.2.2
30113 ··-·NIST-800-171-3.4.530113 ··-·NIST-800-171-3.4.5
30114 ··-·NIST-800-53-AC-6(1)30114 ··-·NIST-800-53-AC-6(1)
30115 ··-·NIST-800-53-CM-6(a)30115 ··-·NIST-800-53-CM-6(a)
30116 ··-·PCI-DSS-Req-7.130116 ··-·PCI-DSS-Req-7.1
Offset 30123, 16 lines modifiedOffset 30123, 16 lines modified
30123 ··-·no_reboot_needed30123 ··-·no_reboot_needed
  
30124 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg30124 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
30125 ··file:30125 ··file:
30126 ····path:·/boot/grub2/grub.cfg30126 ····path:·/boot/grub2/grub.cfg
30127 ····owner:·'0'30127 ····owner:·'0'
30128 ··when:30128 ··when:
30129 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
30130 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'30129 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 30130 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
30131 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]30131 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
30132 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists30132 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
30133 ··tags:30133 ··tags:
30134 ··-·CJIS-5.5.2.230134 ··-·CJIS-5.5.2.2
30135 ··-·NIST-800-171-3.4.530135 ··-·NIST-800-171-3.4.5
30136 ··-·NIST-800-53-AC-6(1)30136 ··-·NIST-800-53-AC-6(1)
30137 ··-·NIST-800-53-CM-6(a)30137 ··-·NIST-800-53-CM-6(a)
Offset 30140, 15 lines modifiedOffset 30140, 15 lines modified
30140 ··-·configure_strategy30140 ··-·configure_strategy
30141 ··-·file_owner_grub2_cfg30141 ··-·file_owner_grub2_cfg
30142 ··-·low_complexity30142 ··-·low_complexity
30143 ··-·low_disruption30143 ··-·low_disruption
30144 ··-·medium_severity30144 ··-·medium_severity
30145 ··-·no_reboot_needed</xccdf-1.2:fix>30145 ··-·no_reboot_needed</xccdf-1.2:fix>
30146 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms30146 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
30147 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then30147 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
30148 chown·0·/boot/grub2/grub.cfg30148 chown·0·/boot/grub2/grub.cfg
  
30149 else30149 else
30150 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'30150 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
30151 fi</xccdf-1.2:fix>30151 fi</xccdf-1.2:fix>
30152 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">30152 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 30244, 16 lines modifiedOffset 30244, 16 lines modified
30244 ··-·no_reboot_needed30244 ··-·no_reboot_needed
  
30245 -·name:·Test·for·existence·/boot/grub2/grub.cfg30245 -·name:·Test·for·existence·/boot/grub2/grub.cfg
30246 ··stat:30246 ··stat:
30247 ····path:·/boot/grub2/grub.cfg30247 ····path:·/boot/grub2/grub.cfg
30248 ··register:·file_exists30248 ··register:·file_exists
30249 ··when:30249 ··when:
Max diff block lines reached; 1951/7995 bytes (24.40%) of diff not shown.
7.83 KB
./usr/share/xml/scap/ssg/content/ssg-alinux2-xccdf.xml
7.72 KB
./usr/share/xml/scap/ssg/content/ssg-alinux2-xccdf.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_ALINUX-2"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_ALINUX-2"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
3 ··<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>3 ··<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Alibaba·Cloud·Linux·2</xccdf-1.2:title>4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Alibaba·Cloud·Linux·2</xccdf-1.2:title>
5 ··<xccdf-1.2:description>5 ··<xccdf-1.2:description>
6 ····This·guide·presents·a·catalog·of·security-relevant6 ····This·guide·presents·a·catalog·of·security-relevant
7 configuration·settings·for·Alibaba·Cloud·Linux·2.·It·is·a·rendering·of7 configuration·settings·for·Alibaba·Cloud·Linux·2.·It·is·a·rendering·of
8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
9 in·order·to·support·security·automation.··The·SCAP·content·is9 in·order·to·support·security·automation.··The·SCAP·content·is
10 is·available·in·the10 is·available·in·the
Offset 29845, 16 lines modifiedOffset 29845, 16 lines modified
29845 ··-·no_reboot_needed29845 ··-·no_reboot_needed
  
29846 -·name:·Test·for·existence·/boot/grub2/grub.cfg29846 -·name:·Test·for·existence·/boot/grub2/grub.cfg
29847 ··stat:29847 ··stat:
29848 ····path:·/boot/grub2/grub.cfg29848 ····path:·/boot/grub2/grub.cfg
29849 ··register:·file_exists29849 ··register:·file_exists
29850 ··when:29850 ··when:
29851 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
29852 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'29851 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 29852 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
29853 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]29853 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
29854 ··tags:29854 ··tags:
29855 ··-·CJIS-5.5.2.229855 ··-·CJIS-5.5.2.2
29856 ··-·NIST-800-171-3.4.529856 ··-·NIST-800-171-3.4.5
29857 ··-·NIST-800-53-AC-6(1)29857 ··-·NIST-800-53-AC-6(1)
29858 ··-·NIST-800-53-CM-6(a)29858 ··-·NIST-800-53-CM-6(a)
29859 ··-·PCI-DSS-Req-7.129859 ··-·PCI-DSS-Req-7.1
Offset 29866, 16 lines modifiedOffset 29866, 16 lines modified
29866 ··-·no_reboot_needed29866 ··-·no_reboot_needed
  
29867 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg29867 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
29868 ··file:29868 ··file:
29869 ····path:·/boot/grub2/grub.cfg29869 ····path:·/boot/grub2/grub.cfg
29870 ····group:·'0'29870 ····group:·'0'
29871 ··when:29871 ··when:
29872 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
29873 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'29872 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 29873 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
29874 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]29874 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
29875 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists29875 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
29876 ··tags:29876 ··tags:
29877 ··-·CJIS-5.5.2.229877 ··-·CJIS-5.5.2.2
29878 ··-·NIST-800-171-3.4.529878 ··-·NIST-800-171-3.4.5
29879 ··-·NIST-800-53-AC-6(1)29879 ··-·NIST-800-53-AC-6(1)
29880 ··-·NIST-800-53-CM-6(a)29880 ··-·NIST-800-53-CM-6(a)
Offset 29883, 15 lines modifiedOffset 29883, 15 lines modified
29883 ··-·configure_strategy29883 ··-·configure_strategy
29884 ··-·file_groupowner_grub2_cfg29884 ··-·file_groupowner_grub2_cfg
29885 ··-·low_complexity29885 ··-·low_complexity
29886 ··-·low_disruption29886 ··-·low_disruption
29887 ··-·medium_severity29887 ··-·medium_severity
29888 ··-·no_reboot_needed</xccdf-1.2:fix>29888 ··-·no_reboot_needed</xccdf-1.2:fix>
29889 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms29889 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
29890 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then29890 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
29891 chgrp·0·/boot/grub2/grub.cfg29891 chgrp·0·/boot/grub2/grub.cfg
  
29892 else29892 else
29893 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'29893 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
29894 fi</xccdf-1.2:fix>29894 fi</xccdf-1.2:fix>
29895 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">29895 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 29994, 16 lines modifiedOffset 29994, 16 lines modified
29994 ··-·no_reboot_needed29994 ··-·no_reboot_needed
  
29995 -·name:·Test·for·existence·/boot/grub2/grub.cfg29995 -·name:·Test·for·existence·/boot/grub2/grub.cfg
29996 ··stat:29996 ··stat:
29997 ····path:·/boot/grub2/grub.cfg29997 ····path:·/boot/grub2/grub.cfg
29998 ··register:·file_exists29998 ··register:·file_exists
29999 ··when:29999 ··when:
30000 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
30001 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'30000 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 30001 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
30002 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]30002 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
30003 ··tags:30003 ··tags:
30004 ··-·CJIS-5.5.2.230004 ··-·CJIS-5.5.2.2
30005 ··-·NIST-800-171-3.4.530005 ··-·NIST-800-171-3.4.5
30006 ··-·NIST-800-53-AC-6(1)30006 ··-·NIST-800-53-AC-6(1)
30007 ··-·NIST-800-53-CM-6(a)30007 ··-·NIST-800-53-CM-6(a)
30008 ··-·PCI-DSS-Req-7.130008 ··-·PCI-DSS-Req-7.1
Offset 30015, 16 lines modifiedOffset 30015, 16 lines modified
30015 ··-·no_reboot_needed30015 ··-·no_reboot_needed
  
30016 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg30016 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
30017 ··file:30017 ··file:
30018 ····path:·/boot/grub2/grub.cfg30018 ····path:·/boot/grub2/grub.cfg
30019 ····owner:·'0'30019 ····owner:·'0'
30020 ··when:30020 ··when:
30021 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
30022 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'30021 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 30022 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
30023 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]30023 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
30024 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists30024 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
30025 ··tags:30025 ··tags:
30026 ··-·CJIS-5.5.2.230026 ··-·CJIS-5.5.2.2
30027 ··-·NIST-800-171-3.4.530027 ··-·NIST-800-171-3.4.5
30028 ··-·NIST-800-53-AC-6(1)30028 ··-·NIST-800-53-AC-6(1)
30029 ··-·NIST-800-53-CM-6(a)30029 ··-·NIST-800-53-CM-6(a)
Offset 30032, 15 lines modifiedOffset 30032, 15 lines modified
30032 ··-·configure_strategy30032 ··-·configure_strategy
30033 ··-·file_owner_grub2_cfg30033 ··-·file_owner_grub2_cfg
30034 ··-·low_complexity30034 ··-·low_complexity
30035 ··-·low_disruption30035 ··-·low_disruption
30036 ··-·medium_severity30036 ··-·medium_severity
30037 ··-·no_reboot_needed</xccdf-1.2:fix>30037 ··-·no_reboot_needed</xccdf-1.2:fix>
30038 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms30038 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
30039 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then30039 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
30040 chown·0·/boot/grub2/grub.cfg30040 chown·0·/boot/grub2/grub.cfg
  
30041 else30041 else
30042 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'30042 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
30043 fi</xccdf-1.2:fix>30043 fi</xccdf-1.2:fix>
30044 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">30044 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 30136, 16 lines modifiedOffset 30136, 16 lines modified
30136 ··-·no_reboot_needed30136 ··-·no_reboot_needed
  
30137 -·name:·Test·for·existence·/boot/grub2/grub.cfg30137 -·name:·Test·for·existence·/boot/grub2/grub.cfg
30138 ··stat:30138 ··stat:
30139 ····path:·/boot/grub2/grub.cfg30139 ····path:·/boot/grub2/grub.cfg
30140 ··register:·file_exists30140 ··register:·file_exists
30141 ··when:30141 ··when:
30142 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
30143 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'30142 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 30143 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
30144 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]30144 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
30145 ··tags:30145 ··tags:
Max diff block lines reached; 1711/7801 bytes (21.93%) of diff not shown.
58.5 KB
./usr/share/xml/scap/ssg/content/ssg-alinux3-ds-1.2.xml
58.4 KB
./usr/share/xml/scap/ssg/content/ssg-alinux3-ds-1.2.xml
    
Offset 108, 15 lines modifiedOffset 108, 15 lines modified
108 ········<cpe-dict:title·xml:lang="en-us">Alibaba·Cloud·Linux·3</cpe-dict:title>108 ········<cpe-dict:title·xml:lang="en-us">Alibaba·Cloud·Linux·3</cpe-dict:title>
109 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml">oval:ssg-installed_OS_is_alinux3:def:1</cpe-dict:check>109 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml">oval:ssg-installed_OS_is_alinux3:def:1</cpe-dict:check>
110 ······</cpe-dict:cpe-item>110 ······</cpe-dict:cpe-item>
111 ····</cpe-dict:cpe-list>111 ····</cpe-dict:cpe-list>
112 ··</ds:component>112 ··</ds:component>
113 ··<ds:component·id="scap_org.open-scap_comp_ssg-alinux3-xccdf.xml"·timestamp="2022-12-20T09:54:05">113 ··<ds:component·id="scap_org.open-scap_comp_ssg-alinux3-xccdf.xml"·timestamp="2022-12-20T09:54:05">
114 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_ALINUX-3"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">114 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_ALINUX-3"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
115 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>115 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
116 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Alibaba·Cloud·Linux·3</xccdf-1.2:title>116 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Alibaba·Cloud·Linux·3</xccdf-1.2:title>
117 ······<xccdf-1.2:description>117 ······<xccdf-1.2:description>
118 ········This·guide·presents·a·catalog·of·security-relevant118 ········This·guide·presents·a·catalog·of·security-relevant
119 configuration·settings·for·Alibaba·Cloud·Linux·3.·It·is·a·rendering·of119 configuration·settings·for·Alibaba·Cloud·Linux·3.·It·is·a·rendering·of
120 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)120 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
121 in·order·to·support·security·automation.··The·SCAP·content·is121 in·order·to·support·security·automation.··The·SCAP·content·is
122 is·available·in·the122 is·available·in·the
Offset 12604, 16 lines modifiedOffset 12604, 16 lines modified
  
12604 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension12604 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
12605 ··find:12605 ··find:
12606 ····paths:·/etc/audit/rules.d/12606 ····paths:·/etc/audit/rules.d/
12607 ····patterns:·'*.rules'12607 ····patterns:·'*.rules'
12608 ··register:·find_rules_d12608 ··register:·find_rules_d
12609 ··when:12609 ··when:
12610 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
12611 ··-·'&quot;audit&quot;·in·ansible_facts.packages'12610 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 12611 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
12612 ··tags:12612 ··tags:
12613 ··-·CJIS-5.4.1.112613 ··-·CJIS-5.4.1.1
12614 ··-·NIST-800-171-3.3.112614 ··-·NIST-800-171-3.3.1
12615 ··-·NIST-800-171-3.4.312615 ··-·NIST-800-171-3.4.3
12616 ··-·NIST-800-53-AC-6(9)12616 ··-·NIST-800-53-AC-6(9)
12617 ··-·NIST-800-53-CM-6(a)12617 ··-·NIST-800-53-CM-6(a)
12618 ··-·PCI-DSS-Req-10.5.212618 ··-·PCI-DSS-Req-10.5.2
Offset 12628, 16 lines modifiedOffset 12628, 16 lines modified
12628 ··lineinfile:12628 ··lineinfile:
12629 ····path:·'{{·item·}}'12629 ····path:·'{{·item·}}'
12630 ····regexp:·^\s*(?:-e)\s+.*$12630 ····regexp:·^\s*(?:-e)\s+.*$
12631 ····state:·absent12631 ····state:·absent
12632 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']12632 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
12633 ····}}'12633 ····}}'
12634 ··when:12634 ··when:
12635 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
12636 ··-·'&quot;audit&quot;·in·ansible_facts.packages'12635 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 12636 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
12637 ··tags:12637 ··tags:
12638 ··-·CJIS-5.4.1.112638 ··-·CJIS-5.4.1.1
12639 ··-·NIST-800-171-3.3.112639 ··-·NIST-800-171-3.3.1
12640 ··-·NIST-800-171-3.4.312640 ··-·NIST-800-171-3.4.3
12641 ··-·NIST-800-53-AC-6(9)12641 ··-·NIST-800-53-AC-6(9)
12642 ··-·NIST-800-53-CM-6(a)12642 ··-·NIST-800-53-CM-6(a)
12643 ··-·PCI-DSS-Req-10.5.212643 ··-·PCI-DSS-Req-10.5.2
Offset 12654, 16 lines modifiedOffset 12654, 16 lines modified
12654 ····create:·true12654 ····create:·true
12655 ····line:·-e·212655 ····line:·-e·2
12656 ····mode:·o-rwx12656 ····mode:·o-rwx
12657 ··loop:12657 ··loop:
12658 ··-·/etc/audit/audit.rules12658 ··-·/etc/audit/audit.rules
12659 ··-·/etc/audit/rules.d/immutable.rules12659 ··-·/etc/audit/rules.d/immutable.rules
12660 ··when:12660 ··when:
12661 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
12662 ··-·'&quot;audit&quot;·in·ansible_facts.packages'12661 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 12662 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
12663 ··tags:12663 ··tags:
12664 ··-·CJIS-5.4.1.112664 ··-·CJIS-5.4.1.1
12665 ··-·NIST-800-171-3.3.112665 ··-·NIST-800-171-3.3.1
12666 ··-·NIST-800-171-3.4.312666 ··-·NIST-800-171-3.4.3
12667 ··-·NIST-800-53-AC-6(9)12667 ··-·NIST-800-53-AC-6(9)
12668 ··-·NIST-800-53-CM-6(a)12668 ··-·NIST-800-53-CM-6(a)
12669 ··-·PCI-DSS-Req-10.5.212669 ··-·PCI-DSS-Req-10.5.2
Offset 13547, 16 lines modifiedOffset 13547, 16 lines modified
13547 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/13547 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
13548 ··find:13548 ··find:
13549 ····paths:·/etc/audit/rules.d13549 ····paths:·/etc/audit/rules.d
13550 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+13550 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
13551 ····patterns:·'*.rules'13551 ····patterns:·'*.rules'
13552 ··register:·find_existing_watch_rules_d13552 ··register:·find_existing_watch_rules_d
13553 ··when:13553 ··when:
13554 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
13555 ··-·'&quot;audit&quot;·in·ansible_facts.packages'13554 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 13555 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
13556 ··tags:13556 ··tags:
13557 ··-·CJIS-5.4.1.113557 ··-·CJIS-5.4.1.1
13558 ··-·NIST-800-171-3.1.713558 ··-·NIST-800-171-3.1.7
13559 ··-·NIST-800-53-AC-2(7)(b)13559 ··-·NIST-800-53-AC-2(7)(b)
13560 ··-·NIST-800-53-AC-6(9)13560 ··-·NIST-800-53-AC-6(9)
13561 ··-·NIST-800-53-AU-12(c)13561 ··-·NIST-800-53-AU-12(c)
13562 ··-·NIST-800-53-AU-2(d)13562 ··-·NIST-800-53-AU-2(d)
Offset 13573, 16 lines modifiedOffset 13573, 16 lines modified
13573 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions13573 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
13574 ··find:13574 ··find:
13575 ····paths:·/etc/audit/rules.d13575 ····paths:·/etc/audit/rules.d
13576 ····contains:·^.*(?:-F·key=|-k\s+)actions$13576 ····contains:·^.*(?:-F·key=|-k\s+)actions$
13577 ····patterns:·'*.rules'13577 ····patterns:·'*.rules'
13578 ··register:·find_watch_key13578 ··register:·find_watch_key
13579 ··when:13579 ··when:
13580 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
13581 ··-·'&quot;audit&quot;·in·ansible_facts.packages'13580 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 13581 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
13582 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched13582 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
13583 ····==·013583 ····==·0
13584 ··tags:13584 ··tags:
13585 ··-·CJIS-5.4.1.113585 ··-·CJIS-5.4.1.1
13586 ··-·NIST-800-171-3.1.713586 ··-·NIST-800-171-3.1.7
13587 ··-·NIST-800-53-AC-2(7)(b)13587 ··-·NIST-800-53-AC-2(7)(b)
13588 ··-·NIST-800-53-AC-6(9)13588 ··-·NIST-800-53-AC-6(9)
Offset 13599, 16 lines modifiedOffset 13599, 16 lines modified
13599 ··-·restrict_strategy13599 ··-·restrict_strategy
  
13600 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule13600 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule
13601 ··set_fact:13601 ··set_fact:
13602 ····all_files:13602 ····all_files:
13603 ····-·/etc/audit/rules.d/actions.rules13603 ····-·/etc/audit/rules.d/actions.rules
13604 ··when:13604 ··when:
13605 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
13606 ··-·'&quot;audit&quot;·in·ansible_facts.packages'13605 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 13606 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
13607 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched13607 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
13608 ····is·defined·and·find_existing_watch_rules_d.matched·==·013608 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
13609 ··tags:13609 ··tags:
13610 ··-·CJIS-5.4.1.113610 ··-·CJIS-5.4.1.1
13611 ··-·NIST-800-171-3.1.713611 ··-·NIST-800-171-3.1.7
13612 ··-·NIST-800-53-AC-2(7)(b)13612 ··-·NIST-800-53-AC-2(7)(b)
13613 ··-·NIST-800-53-AC-6(9)13613 ··-·NIST-800-53-AC-6(9)
Offset 13625, 16 lines modifiedOffset 13625, 16 lines modified
13625 ··-·restrict_strategy13625 ··-·restrict_strategy
  
13626 -·name:·Use·matched·file·as·the·recipient·for·the·rule13626 -·name:·Use·matched·file·as·the·recipient·for·the·rule
Max diff block lines reached; 53963/59719 bytes (90.36%) of diff not shown.
58.5 KB
./usr/share/xml/scap/ssg/content/ssg-alinux3-ds.xml
58.4 KB
./usr/share/xml/scap/ssg/content/ssg-alinux3-ds.xml
    
Offset 108, 15 lines modifiedOffset 108, 15 lines modified
108 ········<cpe-dict:title·xml:lang="en-us">Alibaba·Cloud·Linux·3</cpe-dict:title>108 ········<cpe-dict:title·xml:lang="en-us">Alibaba·Cloud·Linux·3</cpe-dict:title>
109 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml">oval:ssg-installed_OS_is_alinux3:def:1</cpe-dict:check>109 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-alinux3-cpe-oval.xml">oval:ssg-installed_OS_is_alinux3:def:1</cpe-dict:check>
110 ······</cpe-dict:cpe-item>110 ······</cpe-dict:cpe-item>
111 ····</cpe-dict:cpe-list>111 ····</cpe-dict:cpe-list>
112 ··</ds:component>112 ··</ds:component>
113 ··<ds:component·id="scap_org.open-scap_comp_ssg-alinux3-xccdf.xml"·timestamp="2022-12-20T09:54:05">113 ··<ds:component·id="scap_org.open-scap_comp_ssg-alinux3-xccdf.xml"·timestamp="2022-12-20T09:54:05">
114 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_ALINUX-3"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">114 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_ALINUX-3"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
115 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>115 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
116 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Alibaba·Cloud·Linux·3</xccdf-1.2:title>116 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Alibaba·Cloud·Linux·3</xccdf-1.2:title>
117 ······<xccdf-1.2:description>117 ······<xccdf-1.2:description>
118 ········This·guide·presents·a·catalog·of·security-relevant118 ········This·guide·presents·a·catalog·of·security-relevant
119 configuration·settings·for·Alibaba·Cloud·Linux·3.·It·is·a·rendering·of119 configuration·settings·for·Alibaba·Cloud·Linux·3.·It·is·a·rendering·of
120 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)120 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
121 in·order·to·support·security·automation.··The·SCAP·content·is121 in·order·to·support·security·automation.··The·SCAP·content·is
122 is·available·in·the122 is·available·in·the
Offset 12604, 16 lines modifiedOffset 12604, 16 lines modified
  
12604 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension12604 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
12605 ··find:12605 ··find:
12606 ····paths:·/etc/audit/rules.d/12606 ····paths:·/etc/audit/rules.d/
12607 ····patterns:·'*.rules'12607 ····patterns:·'*.rules'
12608 ··register:·find_rules_d12608 ··register:·find_rules_d
12609 ··when:12609 ··when:
12610 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
12611 ··-·'&quot;audit&quot;·in·ansible_facts.packages'12610 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 12611 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
12612 ··tags:12612 ··tags:
12613 ··-·CJIS-5.4.1.112613 ··-·CJIS-5.4.1.1
12614 ··-·NIST-800-171-3.3.112614 ··-·NIST-800-171-3.3.1
12615 ··-·NIST-800-171-3.4.312615 ··-·NIST-800-171-3.4.3
12616 ··-·NIST-800-53-AC-6(9)12616 ··-·NIST-800-53-AC-6(9)
12617 ··-·NIST-800-53-CM-6(a)12617 ··-·NIST-800-53-CM-6(a)
12618 ··-·PCI-DSS-Req-10.5.212618 ··-·PCI-DSS-Req-10.5.2
Offset 12628, 16 lines modifiedOffset 12628, 16 lines modified
12628 ··lineinfile:12628 ··lineinfile:
12629 ····path:·'{{·item·}}'12629 ····path:·'{{·item·}}'
12630 ····regexp:·^\s*(?:-e)\s+.*$12630 ····regexp:·^\s*(?:-e)\s+.*$
12631 ····state:·absent12631 ····state:·absent
12632 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']12632 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
12633 ····}}'12633 ····}}'
12634 ··when:12634 ··when:
12635 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
12636 ··-·'&quot;audit&quot;·in·ansible_facts.packages'12635 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 12636 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
12637 ··tags:12637 ··tags:
12638 ··-·CJIS-5.4.1.112638 ··-·CJIS-5.4.1.1
12639 ··-·NIST-800-171-3.3.112639 ··-·NIST-800-171-3.3.1
12640 ··-·NIST-800-171-3.4.312640 ··-·NIST-800-171-3.4.3
12641 ··-·NIST-800-53-AC-6(9)12641 ··-·NIST-800-53-AC-6(9)
12642 ··-·NIST-800-53-CM-6(a)12642 ··-·NIST-800-53-CM-6(a)
12643 ··-·PCI-DSS-Req-10.5.212643 ··-·PCI-DSS-Req-10.5.2
Offset 12654, 16 lines modifiedOffset 12654, 16 lines modified
12654 ····create:·true12654 ····create:·true
12655 ····line:·-e·212655 ····line:·-e·2
12656 ····mode:·o-rwx12656 ····mode:·o-rwx
12657 ··loop:12657 ··loop:
12658 ··-·/etc/audit/audit.rules12658 ··-·/etc/audit/audit.rules
12659 ··-·/etc/audit/rules.d/immutable.rules12659 ··-·/etc/audit/rules.d/immutable.rules
12660 ··when:12660 ··when:
12661 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
12662 ··-·'&quot;audit&quot;·in·ansible_facts.packages'12661 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 12662 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
12663 ··tags:12663 ··tags:
12664 ··-·CJIS-5.4.1.112664 ··-·CJIS-5.4.1.1
12665 ··-·NIST-800-171-3.3.112665 ··-·NIST-800-171-3.3.1
12666 ··-·NIST-800-171-3.4.312666 ··-·NIST-800-171-3.4.3
12667 ··-·NIST-800-53-AC-6(9)12667 ··-·NIST-800-53-AC-6(9)
12668 ··-·NIST-800-53-CM-6(a)12668 ··-·NIST-800-53-CM-6(a)
12669 ··-·PCI-DSS-Req-10.5.212669 ··-·PCI-DSS-Req-10.5.2
Offset 13547, 16 lines modifiedOffset 13547, 16 lines modified
13547 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/13547 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
13548 ··find:13548 ··find:
13549 ····paths:·/etc/audit/rules.d13549 ····paths:·/etc/audit/rules.d
13550 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+13550 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
13551 ····patterns:·'*.rules'13551 ····patterns:·'*.rules'
13552 ··register:·find_existing_watch_rules_d13552 ··register:·find_existing_watch_rules_d
13553 ··when:13553 ··when:
13554 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
13555 ··-·'&quot;audit&quot;·in·ansible_facts.packages'13554 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 13555 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
13556 ··tags:13556 ··tags:
13557 ··-·CJIS-5.4.1.113557 ··-·CJIS-5.4.1.1
13558 ··-·NIST-800-171-3.1.713558 ··-·NIST-800-171-3.1.7
13559 ··-·NIST-800-53-AC-2(7)(b)13559 ··-·NIST-800-53-AC-2(7)(b)
13560 ··-·NIST-800-53-AC-6(9)13560 ··-·NIST-800-53-AC-6(9)
13561 ··-·NIST-800-53-AU-12(c)13561 ··-·NIST-800-53-AU-12(c)
13562 ··-·NIST-800-53-AU-2(d)13562 ··-·NIST-800-53-AU-2(d)
Offset 13573, 16 lines modifiedOffset 13573, 16 lines modified
13573 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions13573 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
13574 ··find:13574 ··find:
13575 ····paths:·/etc/audit/rules.d13575 ····paths:·/etc/audit/rules.d
13576 ····contains:·^.*(?:-F·key=|-k\s+)actions$13576 ····contains:·^.*(?:-F·key=|-k\s+)actions$
13577 ····patterns:·'*.rules'13577 ····patterns:·'*.rules'
13578 ··register:·find_watch_key13578 ··register:·find_watch_key
13579 ··when:13579 ··when:
13580 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
13581 ··-·'&quot;audit&quot;·in·ansible_facts.packages'13580 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 13581 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
13582 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched13582 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
13583 ····==·013583 ····==·0
13584 ··tags:13584 ··tags:
13585 ··-·CJIS-5.4.1.113585 ··-·CJIS-5.4.1.1
13586 ··-·NIST-800-171-3.1.713586 ··-·NIST-800-171-3.1.7
13587 ··-·NIST-800-53-AC-2(7)(b)13587 ··-·NIST-800-53-AC-2(7)(b)
13588 ··-·NIST-800-53-AC-6(9)13588 ··-·NIST-800-53-AC-6(9)
Offset 13599, 16 lines modifiedOffset 13599, 16 lines modified
13599 ··-·restrict_strategy13599 ··-·restrict_strategy
  
13600 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule13600 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule
13601 ··set_fact:13601 ··set_fact:
13602 ····all_files:13602 ····all_files:
13603 ····-·/etc/audit/rules.d/actions.rules13603 ····-·/etc/audit/rules.d/actions.rules
13604 ··when:13604 ··when:
13605 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
13606 ··-·'&quot;audit&quot;·in·ansible_facts.packages'13605 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 13606 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
13607 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched13607 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
13608 ····is·defined·and·find_existing_watch_rules_d.matched·==·013608 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
13609 ··tags:13609 ··tags:
13610 ··-·CJIS-5.4.1.113610 ··-·CJIS-5.4.1.1
13611 ··-·NIST-800-171-3.1.713611 ··-·NIST-800-171-3.1.7
13612 ··-·NIST-800-53-AC-2(7)(b)13612 ··-·NIST-800-53-AC-2(7)(b)
13613 ··-·NIST-800-53-AC-6(9)13613 ··-·NIST-800-53-AC-6(9)
Offset 13625, 16 lines modifiedOffset 13625, 16 lines modified
13625 ··-·restrict_strategy13625 ··-·restrict_strategy
  
13626 -·name:·Use·matched·file·as·the·recipient·for·the·rule13626 -·name:·Use·matched·file·as·the·recipient·for·the·rule
Max diff block lines reached; 53963/59719 bytes (90.36%) of diff not shown.
58.2 KB
./usr/share/xml/scap/ssg/content/ssg-alinux3-xccdf.xml
58.1 KB
./usr/share/xml/scap/ssg/content/ssg-alinux3-xccdf.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_ALINUX-3"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_ALINUX-3"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
3 ··<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>3 ··<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Alibaba·Cloud·Linux·3</xccdf-1.2:title>4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Alibaba·Cloud·Linux·3</xccdf-1.2:title>
5 ··<xccdf-1.2:description>5 ··<xccdf-1.2:description>
6 ····This·guide·presents·a·catalog·of·security-relevant6 ····This·guide·presents·a·catalog·of·security-relevant
7 configuration·settings·for·Alibaba·Cloud·Linux·3.·It·is·a·rendering·of7 configuration·settings·for·Alibaba·Cloud·Linux·3.·It·is·a·rendering·of
8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
9 in·order·to·support·security·automation.··The·SCAP·content·is9 in·order·to·support·security·automation.··The·SCAP·content·is
10 is·available·in·the10 is·available·in·the
Offset 12492, 16 lines modifiedOffset 12492, 16 lines modified
  
12492 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension12492 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
12493 ··find:12493 ··find:
12494 ····paths:·/etc/audit/rules.d/12494 ····paths:·/etc/audit/rules.d/
12495 ····patterns:·'*.rules'12495 ····patterns:·'*.rules'
12496 ··register:·find_rules_d12496 ··register:·find_rules_d
12497 ··when:12497 ··when:
12498 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
12499 ··-·'&quot;audit&quot;·in·ansible_facts.packages'12498 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 12499 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
12500 ··tags:12500 ··tags:
12501 ··-·CJIS-5.4.1.112501 ··-·CJIS-5.4.1.1
12502 ··-·NIST-800-171-3.3.112502 ··-·NIST-800-171-3.3.1
12503 ··-·NIST-800-171-3.4.312503 ··-·NIST-800-171-3.4.3
12504 ··-·NIST-800-53-AC-6(9)12504 ··-·NIST-800-53-AC-6(9)
12505 ··-·NIST-800-53-CM-6(a)12505 ··-·NIST-800-53-CM-6(a)
12506 ··-·PCI-DSS-Req-10.5.212506 ··-·PCI-DSS-Req-10.5.2
Offset 12516, 16 lines modifiedOffset 12516, 16 lines modified
12516 ··lineinfile:12516 ··lineinfile:
12517 ····path:·'{{·item·}}'12517 ····path:·'{{·item·}}'
12518 ····regexp:·^\s*(?:-e)\s+.*$12518 ····regexp:·^\s*(?:-e)\s+.*$
12519 ····state:·absent12519 ····state:·absent
12520 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']12520 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
12521 ····}}'12521 ····}}'
12522 ··when:12522 ··when:
12523 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
12524 ··-·'&quot;audit&quot;·in·ansible_facts.packages'12523 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 12524 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
12525 ··tags:12525 ··tags:
12526 ··-·CJIS-5.4.1.112526 ··-·CJIS-5.4.1.1
12527 ··-·NIST-800-171-3.3.112527 ··-·NIST-800-171-3.3.1
12528 ··-·NIST-800-171-3.4.312528 ··-·NIST-800-171-3.4.3
12529 ··-·NIST-800-53-AC-6(9)12529 ··-·NIST-800-53-AC-6(9)
12530 ··-·NIST-800-53-CM-6(a)12530 ··-·NIST-800-53-CM-6(a)
12531 ··-·PCI-DSS-Req-10.5.212531 ··-·PCI-DSS-Req-10.5.2
Offset 12542, 16 lines modifiedOffset 12542, 16 lines modified
12542 ····create:·true12542 ····create:·true
12543 ····line:·-e·212543 ····line:·-e·2
12544 ····mode:·o-rwx12544 ····mode:·o-rwx
12545 ··loop:12545 ··loop:
12546 ··-·/etc/audit/audit.rules12546 ··-·/etc/audit/audit.rules
12547 ··-·/etc/audit/rules.d/immutable.rules12547 ··-·/etc/audit/rules.d/immutable.rules
12548 ··when:12548 ··when:
12549 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
12550 ··-·'&quot;audit&quot;·in·ansible_facts.packages'12549 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 12550 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
12551 ··tags:12551 ··tags:
12552 ··-·CJIS-5.4.1.112552 ··-·CJIS-5.4.1.1
12553 ··-·NIST-800-171-3.3.112553 ··-·NIST-800-171-3.3.1
12554 ··-·NIST-800-171-3.4.312554 ··-·NIST-800-171-3.4.3
12555 ··-·NIST-800-53-AC-6(9)12555 ··-·NIST-800-53-AC-6(9)
12556 ··-·NIST-800-53-CM-6(a)12556 ··-·NIST-800-53-CM-6(a)
12557 ··-·PCI-DSS-Req-10.5.212557 ··-·PCI-DSS-Req-10.5.2
Offset 13435, 16 lines modifiedOffset 13435, 16 lines modified
13435 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/13435 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
13436 ··find:13436 ··find:
13437 ····paths:·/etc/audit/rules.d13437 ····paths:·/etc/audit/rules.d
13438 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+13438 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
13439 ····patterns:·'*.rules'13439 ····patterns:·'*.rules'
13440 ··register:·find_existing_watch_rules_d13440 ··register:·find_existing_watch_rules_d
13441 ··when:13441 ··when:
13442 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
13443 ··-·'&quot;audit&quot;·in·ansible_facts.packages'13442 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 13443 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
13444 ··tags:13444 ··tags:
13445 ··-·CJIS-5.4.1.113445 ··-·CJIS-5.4.1.1
13446 ··-·NIST-800-171-3.1.713446 ··-·NIST-800-171-3.1.7
13447 ··-·NIST-800-53-AC-2(7)(b)13447 ··-·NIST-800-53-AC-2(7)(b)
13448 ··-·NIST-800-53-AC-6(9)13448 ··-·NIST-800-53-AC-6(9)
13449 ··-·NIST-800-53-AU-12(c)13449 ··-·NIST-800-53-AU-12(c)
13450 ··-·NIST-800-53-AU-2(d)13450 ··-·NIST-800-53-AU-2(d)
Offset 13461, 16 lines modifiedOffset 13461, 16 lines modified
13461 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions13461 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
13462 ··find:13462 ··find:
13463 ····paths:·/etc/audit/rules.d13463 ····paths:·/etc/audit/rules.d
13464 ····contains:·^.*(?:-F·key=|-k\s+)actions$13464 ····contains:·^.*(?:-F·key=|-k\s+)actions$
13465 ····patterns:·'*.rules'13465 ····patterns:·'*.rules'
13466 ··register:·find_watch_key13466 ··register:·find_watch_key
13467 ··when:13467 ··when:
13468 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
13469 ··-·'&quot;audit&quot;·in·ansible_facts.packages'13468 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 13469 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
13470 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched13470 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
13471 ····==·013471 ····==·0
13472 ··tags:13472 ··tags:
13473 ··-·CJIS-5.4.1.113473 ··-·CJIS-5.4.1.1
13474 ··-·NIST-800-171-3.1.713474 ··-·NIST-800-171-3.1.7
13475 ··-·NIST-800-53-AC-2(7)(b)13475 ··-·NIST-800-53-AC-2(7)(b)
13476 ··-·NIST-800-53-AC-6(9)13476 ··-·NIST-800-53-AC-6(9)
Offset 13487, 16 lines modifiedOffset 13487, 16 lines modified
13487 ··-·restrict_strategy13487 ··-·restrict_strategy
  
13488 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule13488 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule
13489 ··set_fact:13489 ··set_fact:
13490 ····all_files:13490 ····all_files:
13491 ····-·/etc/audit/rules.d/actions.rules13491 ····-·/etc/audit/rules.d/actions.rules
13492 ··when:13492 ··when:
13493 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
13494 ··-·'&quot;audit&quot;·in·ansible_facts.packages'13493 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 13494 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
13495 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched13495 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
13496 ····is·defined·and·find_existing_watch_rules_d.matched·==·013496 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
13497 ··tags:13497 ··tags:
13498 ··-·CJIS-5.4.1.113498 ··-·CJIS-5.4.1.1
13499 ··-·NIST-800-171-3.1.713499 ··-·NIST-800-171-3.1.7
13500 ··-·NIST-800-53-AC-2(7)(b)13500 ··-·NIST-800-53-AC-2(7)(b)
13501 ··-·NIST-800-53-AC-6(9)13501 ··-·NIST-800-53-AC-6(9)
Offset 13513, 16 lines modifiedOffset 13513, 16 lines modified
13513 ··-·restrict_strategy13513 ··-·restrict_strategy
  
13514 -·name:·Use·matched·file·as·the·recipient·for·the·rule13514 -·name:·Use·matched·file·as·the·recipient·for·the·rule
13515 ··set_fact:13515 ··set_fact:
13516 ····all_files:13516 ····all_files:
13517 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'13517 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
13518 ··when:13518 ··when:
13519 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
Max diff block lines reached; 53457/59337 bytes (90.09%) of diff not shown.
60.8 KB
./usr/share/xml/scap/ssg/content/ssg-anolis8-ds-1.2.xml
60.7 KB
./usr/share/xml/scap/ssg/content/ssg-anolis8-ds-1.2.xml
    
Offset 100, 15 lines modifiedOffset 100, 15 lines modified
100 ········<cpe-dict:title·xml:lang="en-us">Anolis·OS·8</cpe-dict:title>100 ········<cpe-dict:title·xml:lang="en-us">Anolis·OS·8</cpe-dict:title>
101 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml">oval:ssg-installed_OS_is_anolis8:def:1</cpe-dict:check>101 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml">oval:ssg-installed_OS_is_anolis8:def:1</cpe-dict:check>
102 ······</cpe-dict:cpe-item>102 ······</cpe-dict:cpe-item>
103 ····</cpe-dict:cpe-list>103 ····</cpe-dict:cpe-list>
104 ··</ds:component>104 ··</ds:component>
105 ··<ds:component·id="scap_org.open-scap_comp_ssg-anolis8-xccdf.xml"·timestamp="2022-12-20T09:54:05">105 ··<ds:component·id="scap_org.open-scap_comp_ssg-anolis8-xccdf.xml"·timestamp="2022-12-20T09:54:05">
106 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_ANOLIS-8"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">106 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_ANOLIS-8"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
107 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>107 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
108 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Anolis·OS·8</xccdf-1.2:title>108 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Anolis·OS·8</xccdf-1.2:title>
109 ······<xccdf-1.2:description>109 ······<xccdf-1.2:description>
110 ········This·guide·presents·a·catalog·of·security-relevant110 ········This·guide·presents·a·catalog·of·security-relevant
111 configuration·settings·for·Anolis·OS·8.·It·is·a·rendering·of111 configuration·settings·for·Anolis·OS·8.·It·is·a·rendering·of
112 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)112 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
113 in·order·to·support·security·automation.··The·SCAP·content·is113 in·order·to·support·security·automation.··The·SCAP·content·is
114 is·available·in·the114 is·available·in·the
Offset 11095, 16 lines modifiedOffset 11095, 16 lines modified
  
11095 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension11095 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
11096 ··find:11096 ··find:
11097 ····paths:·/etc/audit/rules.d/11097 ····paths:·/etc/audit/rules.d/
11098 ····patterns:·'*.rules'11098 ····patterns:·'*.rules'
11099 ··register:·find_rules_d11099 ··register:·find_rules_d
11100 ··when:11100 ··when:
11101 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
11102 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]11101 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 11102 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
11103 ··tags:11103 ··tags:
11104 ··-·CJIS-5.4.1.111104 ··-·CJIS-5.4.1.1
11105 ··-·NIST-800-171-3.3.111105 ··-·NIST-800-171-3.3.1
11106 ··-·NIST-800-171-3.4.311106 ··-·NIST-800-171-3.4.3
11107 ··-·NIST-800-53-AC-6(9)11107 ··-·NIST-800-53-AC-6(9)
11108 ··-·NIST-800-53-CM-6(a)11108 ··-·NIST-800-53-CM-6(a)
11109 ··-·PCI-DSS-Req-10.5.211109 ··-·PCI-DSS-Req-10.5.2
Offset 11119, 16 lines modifiedOffset 11119, 16 lines modified
11119 ··lineinfile:11119 ··lineinfile:
11120 ····path:·'{{·item·}}'11120 ····path:·'{{·item·}}'
11121 ····regexp:·^\s*(?:-e)\s+.*$11121 ····regexp:·^\s*(?:-e)\s+.*$
11122 ····state:·absent11122 ····state:·absent
11123 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']11123 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
11124 ····}}'11124 ····}}'
11125 ··when:11125 ··when:
11126 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
11127 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]11126 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 11127 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
11128 ··tags:11128 ··tags:
11129 ··-·CJIS-5.4.1.111129 ··-·CJIS-5.4.1.1
11130 ··-·NIST-800-171-3.3.111130 ··-·NIST-800-171-3.3.1
11131 ··-·NIST-800-171-3.4.311131 ··-·NIST-800-171-3.4.3
11132 ··-·NIST-800-53-AC-6(9)11132 ··-·NIST-800-53-AC-6(9)
11133 ··-·NIST-800-53-CM-6(a)11133 ··-·NIST-800-53-CM-6(a)
11134 ··-·PCI-DSS-Req-10.5.211134 ··-·PCI-DSS-Req-10.5.2
Offset 11145, 16 lines modifiedOffset 11145, 16 lines modified
11145 ····create:·true11145 ····create:·true
11146 ····line:·-e·211146 ····line:·-e·2
11147 ····mode:·o-rwx11147 ····mode:·o-rwx
11148 ··loop:11148 ··loop:
11149 ··-·/etc/audit/audit.rules11149 ··-·/etc/audit/audit.rules
11150 ··-·/etc/audit/rules.d/immutable.rules11150 ··-·/etc/audit/rules.d/immutable.rules
11151 ··when:11151 ··when:
11152 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
11153 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]11152 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 11153 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
11154 ··tags:11154 ··tags:
11155 ··-·CJIS-5.4.1.111155 ··-·CJIS-5.4.1.1
11156 ··-·NIST-800-171-3.3.111156 ··-·NIST-800-171-3.3.1
11157 ··-·NIST-800-171-3.4.311157 ··-·NIST-800-171-3.4.3
11158 ··-·NIST-800-53-AC-6(9)11158 ··-·NIST-800-53-AC-6(9)
11159 ··-·NIST-800-53-CM-6(a)11159 ··-·NIST-800-53-CM-6(a)
11160 ··-·PCI-DSS-Req-10.5.211160 ··-·PCI-DSS-Req-10.5.2
Offset 12034, 16 lines modifiedOffset 12034, 16 lines modified
12034 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/12034 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
12035 ··find:12035 ··find:
12036 ····paths:·/etc/audit/rules.d12036 ····paths:·/etc/audit/rules.d
12037 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+12037 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
12038 ····patterns:·'*.rules'12038 ····patterns:·'*.rules'
12039 ··register:·find_existing_watch_rules_d12039 ··register:·find_existing_watch_rules_d
12040 ··when:12040 ··when:
12041 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
12042 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]12041 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 12042 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
12043 ··tags:12043 ··tags:
12044 ··-·CJIS-5.4.1.112044 ··-·CJIS-5.4.1.1
12045 ··-·NIST-800-171-3.1.712045 ··-·NIST-800-171-3.1.7
12046 ··-·NIST-800-53-AC-2(7)(b)12046 ··-·NIST-800-53-AC-2(7)(b)
12047 ··-·NIST-800-53-AC-6(9)12047 ··-·NIST-800-53-AC-6(9)
12048 ··-·NIST-800-53-AU-12(c)12048 ··-·NIST-800-53-AU-12(c)
12049 ··-·NIST-800-53-AU-2(d)12049 ··-·NIST-800-53-AU-2(d)
Offset 12060, 16 lines modifiedOffset 12060, 16 lines modified
12060 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions12060 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
12061 ··find:12061 ··find:
12062 ····paths:·/etc/audit/rules.d12062 ····paths:·/etc/audit/rules.d
12063 ····contains:·^.*(?:-F·key=|-k\s+)actions$12063 ····contains:·^.*(?:-F·key=|-k\s+)actions$
12064 ····patterns:·'*.rules'12064 ····patterns:·'*.rules'
12065 ··register:·find_watch_key12065 ··register:·find_watch_key
12066 ··when:12066 ··when:
12067 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
12068 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]12067 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 12068 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
12069 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched12069 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
12070 ····==·012070 ····==·0
12071 ··tags:12071 ··tags:
12072 ··-·CJIS-5.4.1.112072 ··-·CJIS-5.4.1.1
12073 ··-·NIST-800-171-3.1.712073 ··-·NIST-800-171-3.1.7
12074 ··-·NIST-800-53-AC-2(7)(b)12074 ··-·NIST-800-53-AC-2(7)(b)
12075 ··-·NIST-800-53-AC-6(9)12075 ··-·NIST-800-53-AC-6(9)
Offset 12086, 16 lines modifiedOffset 12086, 16 lines modified
12086 ··-·restrict_strategy12086 ··-·restrict_strategy
  
12087 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule12087 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule
12088 ··set_fact:12088 ··set_fact:
12089 ····all_files:12089 ····all_files:
12090 ····-·/etc/audit/rules.d/actions.rules12090 ····-·/etc/audit/rules.d/actions.rules
12091 ··when:12091 ··when:
12092 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
12093 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]12092 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 12093 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
12094 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched12094 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
12095 ····is·defined·and·find_existing_watch_rules_d.matched·==·012095 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
12096 ··tags:12096 ··tags:
12097 ··-·CJIS-5.4.1.112097 ··-·CJIS-5.4.1.1
12098 ··-·NIST-800-171-3.1.712098 ··-·NIST-800-171-3.1.7
12099 ··-·NIST-800-53-AC-2(7)(b)12099 ··-·NIST-800-53-AC-2(7)(b)
12100 ··-·NIST-800-53-AC-6(9)12100 ··-·NIST-800-53-AC-6(9)
Offset 12112, 16 lines modifiedOffset 12112, 16 lines modified
12112 ··-·restrict_strategy12112 ··-·restrict_strategy
  
12113 -·name:·Use·matched·file·as·the·recipient·for·the·rule12113 -·name:·Use·matched·file·as·the·recipient·for·the·rule
Max diff block lines reached; 56828/62014 bytes (91.64%) of diff not shown.
60.8 KB
./usr/share/xml/scap/ssg/content/ssg-anolis8-ds.xml
60.7 KB
./usr/share/xml/scap/ssg/content/ssg-anolis8-ds.xml
    
Offset 100, 15 lines modifiedOffset 100, 15 lines modified
100 ········<cpe-dict:title·xml:lang="en-us">Anolis·OS·8</cpe-dict:title>100 ········<cpe-dict:title·xml:lang="en-us">Anolis·OS·8</cpe-dict:title>
101 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml">oval:ssg-installed_OS_is_anolis8:def:1</cpe-dict:check>101 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-anolis8-cpe-oval.xml">oval:ssg-installed_OS_is_anolis8:def:1</cpe-dict:check>
102 ······</cpe-dict:cpe-item>102 ······</cpe-dict:cpe-item>
103 ····</cpe-dict:cpe-list>103 ····</cpe-dict:cpe-list>
104 ··</ds:component>104 ··</ds:component>
105 ··<ds:component·id="scap_org.open-scap_comp_ssg-anolis8-xccdf.xml"·timestamp="2022-12-20T09:54:05">105 ··<ds:component·id="scap_org.open-scap_comp_ssg-anolis8-xccdf.xml"·timestamp="2022-12-20T09:54:05">
106 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_ANOLIS-8"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">106 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_ANOLIS-8"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
107 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>107 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
108 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Anolis·OS·8</xccdf-1.2:title>108 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Anolis·OS·8</xccdf-1.2:title>
109 ······<xccdf-1.2:description>109 ······<xccdf-1.2:description>
110 ········This·guide·presents·a·catalog·of·security-relevant110 ········This·guide·presents·a·catalog·of·security-relevant
111 configuration·settings·for·Anolis·OS·8.·It·is·a·rendering·of111 configuration·settings·for·Anolis·OS·8.·It·is·a·rendering·of
112 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)112 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
113 in·order·to·support·security·automation.··The·SCAP·content·is113 in·order·to·support·security·automation.··The·SCAP·content·is
114 is·available·in·the114 is·available·in·the
Offset 11095, 16 lines modifiedOffset 11095, 16 lines modified
  
11095 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension11095 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
11096 ··find:11096 ··find:
11097 ····paths:·/etc/audit/rules.d/11097 ····paths:·/etc/audit/rules.d/
11098 ····patterns:·'*.rules'11098 ····patterns:·'*.rules'
11099 ··register:·find_rules_d11099 ··register:·find_rules_d
11100 ··when:11100 ··when:
11101 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
11102 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]11101 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 11102 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
11103 ··tags:11103 ··tags:
11104 ··-·CJIS-5.4.1.111104 ··-·CJIS-5.4.1.1
11105 ··-·NIST-800-171-3.3.111105 ··-·NIST-800-171-3.3.1
11106 ··-·NIST-800-171-3.4.311106 ··-·NIST-800-171-3.4.3
11107 ··-·NIST-800-53-AC-6(9)11107 ··-·NIST-800-53-AC-6(9)
11108 ··-·NIST-800-53-CM-6(a)11108 ··-·NIST-800-53-CM-6(a)
11109 ··-·PCI-DSS-Req-10.5.211109 ··-·PCI-DSS-Req-10.5.2
Offset 11119, 16 lines modifiedOffset 11119, 16 lines modified
11119 ··lineinfile:11119 ··lineinfile:
11120 ····path:·'{{·item·}}'11120 ····path:·'{{·item·}}'
11121 ····regexp:·^\s*(?:-e)\s+.*$11121 ····regexp:·^\s*(?:-e)\s+.*$
11122 ····state:·absent11122 ····state:·absent
11123 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']11123 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
11124 ····}}'11124 ····}}'
11125 ··when:11125 ··when:
11126 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
11127 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]11126 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 11127 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
11128 ··tags:11128 ··tags:
11129 ··-·CJIS-5.4.1.111129 ··-·CJIS-5.4.1.1
11130 ··-·NIST-800-171-3.3.111130 ··-·NIST-800-171-3.3.1
11131 ··-·NIST-800-171-3.4.311131 ··-·NIST-800-171-3.4.3
11132 ··-·NIST-800-53-AC-6(9)11132 ··-·NIST-800-53-AC-6(9)
11133 ··-·NIST-800-53-CM-6(a)11133 ··-·NIST-800-53-CM-6(a)
11134 ··-·PCI-DSS-Req-10.5.211134 ··-·PCI-DSS-Req-10.5.2
Offset 11145, 16 lines modifiedOffset 11145, 16 lines modified
11145 ····create:·true11145 ····create:·true
11146 ····line:·-e·211146 ····line:·-e·2
11147 ····mode:·o-rwx11147 ····mode:·o-rwx
11148 ··loop:11148 ··loop:
11149 ··-·/etc/audit/audit.rules11149 ··-·/etc/audit/audit.rules
11150 ··-·/etc/audit/rules.d/immutable.rules11150 ··-·/etc/audit/rules.d/immutable.rules
11151 ··when:11151 ··when:
11152 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
11153 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]11152 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 11153 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
11154 ··tags:11154 ··tags:
11155 ··-·CJIS-5.4.1.111155 ··-·CJIS-5.4.1.1
11156 ··-·NIST-800-171-3.3.111156 ··-·NIST-800-171-3.3.1
11157 ··-·NIST-800-171-3.4.311157 ··-·NIST-800-171-3.4.3
11158 ··-·NIST-800-53-AC-6(9)11158 ··-·NIST-800-53-AC-6(9)
11159 ··-·NIST-800-53-CM-6(a)11159 ··-·NIST-800-53-CM-6(a)
11160 ··-·PCI-DSS-Req-10.5.211160 ··-·PCI-DSS-Req-10.5.2
Offset 12034, 16 lines modifiedOffset 12034, 16 lines modified
12034 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/12034 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
12035 ··find:12035 ··find:
12036 ····paths:·/etc/audit/rules.d12036 ····paths:·/etc/audit/rules.d
12037 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+12037 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
12038 ····patterns:·'*.rules'12038 ····patterns:·'*.rules'
12039 ··register:·find_existing_watch_rules_d12039 ··register:·find_existing_watch_rules_d
12040 ··when:12040 ··when:
12041 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
12042 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]12041 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 12042 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
12043 ··tags:12043 ··tags:
12044 ··-·CJIS-5.4.1.112044 ··-·CJIS-5.4.1.1
12045 ··-·NIST-800-171-3.1.712045 ··-·NIST-800-171-3.1.7
12046 ··-·NIST-800-53-AC-2(7)(b)12046 ··-·NIST-800-53-AC-2(7)(b)
12047 ··-·NIST-800-53-AC-6(9)12047 ··-·NIST-800-53-AC-6(9)
12048 ··-·NIST-800-53-AU-12(c)12048 ··-·NIST-800-53-AU-12(c)
12049 ··-·NIST-800-53-AU-2(d)12049 ··-·NIST-800-53-AU-2(d)
Offset 12060, 16 lines modifiedOffset 12060, 16 lines modified
12060 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions12060 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
12061 ··find:12061 ··find:
12062 ····paths:·/etc/audit/rules.d12062 ····paths:·/etc/audit/rules.d
12063 ····contains:·^.*(?:-F·key=|-k\s+)actions$12063 ····contains:·^.*(?:-F·key=|-k\s+)actions$
12064 ····patterns:·'*.rules'12064 ····patterns:·'*.rules'
12065 ··register:·find_watch_key12065 ··register:·find_watch_key
12066 ··when:12066 ··when:
12067 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
12068 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]12067 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 12068 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
12069 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched12069 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
12070 ····==·012070 ····==·0
12071 ··tags:12071 ··tags:
12072 ··-·CJIS-5.4.1.112072 ··-·CJIS-5.4.1.1
12073 ··-·NIST-800-171-3.1.712073 ··-·NIST-800-171-3.1.7
12074 ··-·NIST-800-53-AC-2(7)(b)12074 ··-·NIST-800-53-AC-2(7)(b)
12075 ··-·NIST-800-53-AC-6(9)12075 ··-·NIST-800-53-AC-6(9)
Offset 12086, 16 lines modifiedOffset 12086, 16 lines modified
12086 ··-·restrict_strategy12086 ··-·restrict_strategy
  
12087 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule12087 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule
12088 ··set_fact:12088 ··set_fact:
12089 ····all_files:12089 ····all_files:
12090 ····-·/etc/audit/rules.d/actions.rules12090 ····-·/etc/audit/rules.d/actions.rules
12091 ··when:12091 ··when:
12092 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
12093 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]12092 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 12093 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
12094 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched12094 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
12095 ····is·defined·and·find_existing_watch_rules_d.matched·==·012095 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
12096 ··tags:12096 ··tags:
12097 ··-·CJIS-5.4.1.112097 ··-·CJIS-5.4.1.1
12098 ··-·NIST-800-171-3.1.712098 ··-·NIST-800-171-3.1.7
12099 ··-·NIST-800-53-AC-2(7)(b)12099 ··-·NIST-800-53-AC-2(7)(b)
12100 ··-·NIST-800-53-AC-6(9)12100 ··-·NIST-800-53-AC-6(9)
Offset 12112, 16 lines modifiedOffset 12112, 16 lines modified
12112 ··-·restrict_strategy12112 ··-·restrict_strategy
  
12113 -·name:·Use·matched·file·as·the·recipient·for·the·rule12113 -·name:·Use·matched·file·as·the·recipient·for·the·rule
Max diff block lines reached; 56828/62014 bytes (91.64%) of diff not shown.
60.4 KB
./usr/share/xml/scap/ssg/content/ssg-anolis8-xccdf.xml
60.3 KB
./usr/share/xml/scap/ssg/content/ssg-anolis8-xccdf.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_ANOLIS-8"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_ANOLIS-8"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
3 ··<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>3 ··<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Anolis·OS·8</xccdf-1.2:title>4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Anolis·OS·8</xccdf-1.2:title>
5 ··<xccdf-1.2:description>5 ··<xccdf-1.2:description>
6 ····This·guide·presents·a·catalog·of·security-relevant6 ····This·guide·presents·a·catalog·of·security-relevant
7 configuration·settings·for·Anolis·OS·8.·It·is·a·rendering·of7 configuration·settings·for·Anolis·OS·8.·It·is·a·rendering·of
8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
9 in·order·to·support·security·automation.··The·SCAP·content·is9 in·order·to·support·security·automation.··The·SCAP·content·is
10 is·available·in·the10 is·available·in·the
Offset 10991, 16 lines modifiedOffset 10991, 16 lines modified
  
10991 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension10991 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
10992 ··find:10992 ··find:
10993 ····paths:·/etc/audit/rules.d/10993 ····paths:·/etc/audit/rules.d/
10994 ····patterns:·'*.rules'10994 ····patterns:·'*.rules'
10995 ··register:·find_rules_d10995 ··register:·find_rules_d
10996 ··when:10996 ··when:
10997 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
10998 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]10997 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 10998 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
10999 ··tags:10999 ··tags:
11000 ··-·CJIS-5.4.1.111000 ··-·CJIS-5.4.1.1
11001 ··-·NIST-800-171-3.3.111001 ··-·NIST-800-171-3.3.1
11002 ··-·NIST-800-171-3.4.311002 ··-·NIST-800-171-3.4.3
11003 ··-·NIST-800-53-AC-6(9)11003 ··-·NIST-800-53-AC-6(9)
11004 ··-·NIST-800-53-CM-6(a)11004 ··-·NIST-800-53-CM-6(a)
11005 ··-·PCI-DSS-Req-10.5.211005 ··-·PCI-DSS-Req-10.5.2
Offset 11015, 16 lines modifiedOffset 11015, 16 lines modified
11015 ··lineinfile:11015 ··lineinfile:
11016 ····path:·'{{·item·}}'11016 ····path:·'{{·item·}}'
11017 ····regexp:·^\s*(?:-e)\s+.*$11017 ····regexp:·^\s*(?:-e)\s+.*$
11018 ····state:·absent11018 ····state:·absent
11019 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']11019 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
11020 ····}}'11020 ····}}'
11021 ··when:11021 ··when:
11022 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
11023 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]11022 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 11023 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
11024 ··tags:11024 ··tags:
11025 ··-·CJIS-5.4.1.111025 ··-·CJIS-5.4.1.1
11026 ··-·NIST-800-171-3.3.111026 ··-·NIST-800-171-3.3.1
11027 ··-·NIST-800-171-3.4.311027 ··-·NIST-800-171-3.4.3
11028 ··-·NIST-800-53-AC-6(9)11028 ··-·NIST-800-53-AC-6(9)
11029 ··-·NIST-800-53-CM-6(a)11029 ··-·NIST-800-53-CM-6(a)
11030 ··-·PCI-DSS-Req-10.5.211030 ··-·PCI-DSS-Req-10.5.2
Offset 11041, 16 lines modifiedOffset 11041, 16 lines modified
11041 ····create:·true11041 ····create:·true
11042 ····line:·-e·211042 ····line:·-e·2
11043 ····mode:·o-rwx11043 ····mode:·o-rwx
11044 ··loop:11044 ··loop:
11045 ··-·/etc/audit/audit.rules11045 ··-·/etc/audit/audit.rules
11046 ··-·/etc/audit/rules.d/immutable.rules11046 ··-·/etc/audit/rules.d/immutable.rules
11047 ··when:11047 ··when:
11048 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
11049 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]11048 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 11049 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
11050 ··tags:11050 ··tags:
11051 ··-·CJIS-5.4.1.111051 ··-·CJIS-5.4.1.1
11052 ··-·NIST-800-171-3.3.111052 ··-·NIST-800-171-3.3.1
11053 ··-·NIST-800-171-3.4.311053 ··-·NIST-800-171-3.4.3
11054 ··-·NIST-800-53-AC-6(9)11054 ··-·NIST-800-53-AC-6(9)
11055 ··-·NIST-800-53-CM-6(a)11055 ··-·NIST-800-53-CM-6(a)
11056 ··-·PCI-DSS-Req-10.5.211056 ··-·PCI-DSS-Req-10.5.2
Offset 11930, 16 lines modifiedOffset 11930, 16 lines modified
11930 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/11930 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
11931 ··find:11931 ··find:
11932 ····paths:·/etc/audit/rules.d11932 ····paths:·/etc/audit/rules.d
11933 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+11933 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
11934 ····patterns:·'*.rules'11934 ····patterns:·'*.rules'
11935 ··register:·find_existing_watch_rules_d11935 ··register:·find_existing_watch_rules_d
11936 ··when:11936 ··when:
11937 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
11938 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]11937 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 11938 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
11939 ··tags:11939 ··tags:
11940 ··-·CJIS-5.4.1.111940 ··-·CJIS-5.4.1.1
11941 ··-·NIST-800-171-3.1.711941 ··-·NIST-800-171-3.1.7
11942 ··-·NIST-800-53-AC-2(7)(b)11942 ··-·NIST-800-53-AC-2(7)(b)
11943 ··-·NIST-800-53-AC-6(9)11943 ··-·NIST-800-53-AC-6(9)
11944 ··-·NIST-800-53-AU-12(c)11944 ··-·NIST-800-53-AU-12(c)
11945 ··-·NIST-800-53-AU-2(d)11945 ··-·NIST-800-53-AU-2(d)
Offset 11956, 16 lines modifiedOffset 11956, 16 lines modified
11956 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions11956 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
11957 ··find:11957 ··find:
11958 ····paths:·/etc/audit/rules.d11958 ····paths:·/etc/audit/rules.d
11959 ····contains:·^.*(?:-F·key=|-k\s+)actions$11959 ····contains:·^.*(?:-F·key=|-k\s+)actions$
11960 ····patterns:·'*.rules'11960 ····patterns:·'*.rules'
11961 ··register:·find_watch_key11961 ··register:·find_watch_key
11962 ··when:11962 ··when:
11963 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
11964 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]11963 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 11964 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
11965 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched11965 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
11966 ····==·011966 ····==·0
11967 ··tags:11967 ··tags:
11968 ··-·CJIS-5.4.1.111968 ··-·CJIS-5.4.1.1
11969 ··-·NIST-800-171-3.1.711969 ··-·NIST-800-171-3.1.7
11970 ··-·NIST-800-53-AC-2(7)(b)11970 ··-·NIST-800-53-AC-2(7)(b)
11971 ··-·NIST-800-53-AC-6(9)11971 ··-·NIST-800-53-AC-6(9)
Offset 11982, 16 lines modifiedOffset 11982, 16 lines modified
11982 ··-·restrict_strategy11982 ··-·restrict_strategy
  
11983 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule11983 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule
11984 ··set_fact:11984 ··set_fact:
11985 ····all_files:11985 ····all_files:
11986 ····-·/etc/audit/rules.d/actions.rules11986 ····-·/etc/audit/rules.d/actions.rules
11987 ··when:11987 ··when:
11988 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
11989 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]11988 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 11989 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
11990 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched11990 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
11991 ····is·defined·and·find_existing_watch_rules_d.matched·==·011991 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
11992 ··tags:11992 ··tags:
11993 ··-·CJIS-5.4.1.111993 ··-·CJIS-5.4.1.1
11994 ··-·NIST-800-171-3.1.711994 ··-·NIST-800-171-3.1.7
11995 ··-·NIST-800-53-AC-2(7)(b)11995 ··-·NIST-800-53-AC-2(7)(b)
11996 ··-·NIST-800-53-AC-6(9)11996 ··-·NIST-800-53-AC-6(9)
Offset 12008, 16 lines modifiedOffset 12008, 16 lines modified
12008 ··-·restrict_strategy12008 ··-·restrict_strategy
  
12009 -·name:·Use·matched·file·as·the·recipient·for·the·rule12009 -·name:·Use·matched·file·as·the·recipient·for·the·rule
12010 ··set_fact:12010 ··set_fact:
12011 ····all_files:12011 ····all_files:
12012 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'12012 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
12013 ··when:12013 ··when:
12014 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
Max diff block lines reached; 56298/61618 bytes (91.37%) of diff not shown.
543 KB
./usr/share/xml/scap/ssg/content/ssg-centos7-ds-1.2.xml
543 KB
./usr/share/xml/scap/ssg/content/ssg-centos7-ds-1.2.xml
    
Offset 168, 15 lines modifiedOffset 168, 15 lines modified
168 ········<cpe-dict:title·xml:lang="en-us">CentOS·7</cpe-dict:title>168 ········<cpe-dict:title·xml:lang="en-us">CentOS·7</cpe-dict:title>
169 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel7-cpe-oval.xml">oval:ssg-installed_OS_is_centos7:def:1</cpe-dict:check>169 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel7-cpe-oval.xml">oval:ssg-installed_OS_is_centos7:def:1</cpe-dict:check>
170 ······</cpe-dict:cpe-item>170 ······</cpe-dict:cpe-item>
171 ····</cpe-dict:cpe-list>171 ····</cpe-dict:cpe-list>
172 ··</ds:component>172 ··</ds:component>
173 ··<ds:component·id="scap_org.open-scap_comp_ssg-rhel7-xccdf.xml"·timestamp="2022-12-20T09:54:05">173 ··<ds:component·id="scap_org.open-scap_comp_ssg-rhel7-xccdf.xml"·timestamp="2022-12-20T09:54:05">
174 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHEL-7"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">174 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHEL-7"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
175 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>175 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
176 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·7</xccdf-1.2:title>176 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·7</xccdf-1.2:title>
177 ······<xccdf-1.2:description>177 ······<xccdf-1.2:description>
178 ········This·guide·presents·a·catalog·of·security-relevant178 ········This·guide·presents·a·catalog·of·security-relevant
179 configuration·settings·for·Red·Hat·Enterprise·Linux·7.·It·is·a·rendering·of179 configuration·settings·for·Red·Hat·Enterprise·Linux·7.·It·is·a·rendering·of
180 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)180 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
181 in·order·to·support·security·automation.··The·SCAP·content·is181 in·order·to·support·security·automation.··The·SCAP·content·is
182 is·available·in·the182 is·available·in·the
Offset 40041, 16 lines modifiedOffset 40041, 16 lines modified
40041 ··-·reboot_required40041 ··-·reboot_required
40042 ··-·restrict_strategy40042 ··-·restrict_strategy
  
40043 -·name:·Set·architecture·for·audit·open·tasks40043 -·name:·Set·architecture·for·audit·open·tasks
40044 ··set_fact:40044 ··set_fact:
40045 ····audit_arch:·b6440045 ····audit_arch:·b64
40046 ··when:40046 ··when:
40047 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
40048 ··-·'&quot;audit&quot;·in·ansible_facts.packages'40047 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 40048 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
40049 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture40049 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
40050 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;40050 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
40051 ··tags:40051 ··tags:
40052 ··-·NIST-800-53-AC-2(4)40052 ··-·NIST-800-53-AC-2(4)
40053 ··-·NIST-800-53-AC-6(9)40053 ··-·NIST-800-53-AC-6(9)
40054 ··-·NIST-800-53-AU-12(c)40054 ··-·NIST-800-53-AU-12(c)
40055 ··-·NIST-800-53-AU-2(d)40055 ··-·NIST-800-53-AU-2(d)
Offset 40179, 16 lines modifiedOffset 40179, 16 lines modified
40179 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group40179 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
40180 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify40180 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
40181 ······create:·true40181 ······create:·true
40182 ······mode:·o-rwx40182 ······mode:·o-rwx
40183 ······state:·present40183 ······state:·present
40184 ····when:·syscalls_found·|·length·==·040184 ····when:·syscalls_found·|·length·==·0
40185 ··when:40185 ··when:
40186 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
40187 ··-·'&quot;audit&quot;·in·ansible_facts.packages'40186 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 40187 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
40188 ··tags:40188 ··tags:
40189 ··-·NIST-800-53-AC-2(4)40189 ··-·NIST-800-53-AC-2(4)
40190 ··-·NIST-800-53-AC-6(9)40190 ··-·NIST-800-53-AC-6(9)
40191 ··-·NIST-800-53-AU-12(c)40191 ··-·NIST-800-53-AU-12(c)
40192 ··-·NIST-800-53-AU-2(d)40192 ··-·NIST-800-53-AU-2(d)
40193 ··-·NIST-800-53-CM-6(a)40193 ··-·NIST-800-53-CM-6(a)
40194 ··-·audit_rules_etc_group_open40194 ··-·audit_rules_etc_group_open
Offset 40315, 31 lines modifiedOffset 40315, 31 lines modified
40315 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group40315 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
40316 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify40316 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
40317 ······create:·true40317 ······create:·true
40318 ······mode:·o-rwx40318 ······mode:·o-rwx
40319 ······state:·present40319 ······state:·present
40320 ····when:·syscalls_found·|·length·==·040320 ····when:·syscalls_found·|·length·==·0
40321 ··when:40321 ··when:
40322 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
40323 ··-·'&quot;audit&quot;·in·ansible_facts.packages'40322 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 40323 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
40324 ··-·audit_arch·==·&quot;b64&quot;40324 ··-·audit_arch·==·&quot;b64&quot;
40325 ··tags:40325 ··tags:
40326 ··-·NIST-800-53-AC-2(4)40326 ··-·NIST-800-53-AC-2(4)
40327 ··-·NIST-800-53-AC-6(9)40327 ··-·NIST-800-53-AC-6(9)
40328 ··-·NIST-800-53-AU-12(c)40328 ··-·NIST-800-53-AU-12(c)
40329 ··-·NIST-800-53-AU-2(d)40329 ··-·NIST-800-53-AU-2(d)
40330 ··-·NIST-800-53-CM-6(a)40330 ··-·NIST-800-53-CM-6(a)
40331 ··-·audit_rules_etc_group_open40331 ··-·audit_rules_etc_group_open
40332 ··-·low_complexity40332 ··-·low_complexity
40333 ··-·low_disruption40333 ··-·low_disruption
40334 ··-·medium_severity40334 ··-·medium_severity
40335 ··-·reboot_required40335 ··-·reboot_required
40336 ··-·restrict_strategy</xccdf-1.2:fix>40336 ··-·restrict_strategy</xccdf-1.2:fix>
40337 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms40337 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms
40338 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·rpm·--quiet·-q·audit;·then40338 if·rpm·--quiet·-q·audit·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then
  
40339 #·First·perform·the·remediation·of·the·syscall·rule40339 #·First·perform·the·remediation·of·the·syscall·rule
40340 #·Retrieve·hardware·architecture·of·the·underlying·system40340 #·Retrieve·hardware·architecture·of·the·underlying·system
40341 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)40341 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
40342 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;40342 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
40343 do40343 do
Offset 40735, 16 lines modifiedOffset 40735, 16 lines modified
40735 ··-·reboot_required40735 ··-·reboot_required
40736 ··-·restrict_strategy40736 ··-·restrict_strategy
  
40737 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks40737 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks
40738 ··set_fact:40738 ··set_fact:
40739 ····audit_arch:·b6440739 ····audit_arch:·b64
40740 ··when:40740 ··when:
40741 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
40742 ··-·'&quot;audit&quot;·in·ansible_facts.packages'40741 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 40742 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
40743 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture40743 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
40744 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;40744 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
40745 ··tags:40745 ··tags:
40746 ··-·NIST-800-53-AC-2(4)40746 ··-·NIST-800-53-AC-2(4)
40747 ··-·NIST-800-53-AC-6(9)40747 ··-·NIST-800-53-AC-6(9)
40748 ··-·NIST-800-53-AU-12(c)40748 ··-·NIST-800-53-AU-12(c)
40749 ··-·NIST-800-53-AU-2(d)40749 ··-·NIST-800-53-AU-2(d)
Offset 40873, 16 lines modifiedOffset 40873, 16 lines modified
40873 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group40873 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
40874 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify40874 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
40875 ······create:·true40875 ······create:·true
40876 ······mode:·o-rwx40876 ······mode:·o-rwx
40877 ······state:·present40877 ······state:·present
40878 ····when:·syscalls_found·|·length·==·040878 ····when:·syscalls_found·|·length·==·0
40879 ··when:40879 ··when:
40880 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
40881 ··-·'&quot;audit&quot;·in·ansible_facts.packages'40880 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 40881 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
40882 ··tags:40882 ··tags:
40883 ··-·NIST-800-53-AC-2(4)40883 ··-·NIST-800-53-AC-2(4)
40884 ··-·NIST-800-53-AC-6(9)40884 ··-·NIST-800-53-AC-6(9)
40885 ··-·NIST-800-53-AU-12(c)40885 ··-·NIST-800-53-AU-12(c)
40886 ··-·NIST-800-53-AU-2(d)40886 ··-·NIST-800-53-AU-2(d)
40887 ··-·NIST-800-53-CM-6(a)40887 ··-·NIST-800-53-CM-6(a)
40888 ··-·audit_rules_etc_group_open_by_handle_at40888 ··-·audit_rules_etc_group_open_by_handle_at
Offset 41009, 31 lines modifiedOffset 41009, 31 lines modified
41009 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group41009 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
41010 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify41010 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
41011 ······create:·true41011 ······create:·true
41012 ······mode:·o-rwx41012 ······mode:·o-rwx
41013 ······state:·present41013 ······state:·present
41014 ····when:·syscalls_found·|·length·==·041014 ····when:·syscalls_found·|·length·==·0
Max diff block lines reached; 549530/555943 bytes (98.85%) of diff not shown.
543 KB
./usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml
543 KB
./usr/share/xml/scap/ssg/content/ssg-centos7-ds.xml
    
Offset 170, 15 lines modifiedOffset 170, 15 lines modified
170 ········<cpe-dict:title·xml:lang="en-us">CentOS·7</cpe-dict:title>170 ········<cpe-dict:title·xml:lang="en-us">CentOS·7</cpe-dict:title>
171 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel7-cpe-oval.xml">oval:ssg-installed_OS_is_centos7:def:1</cpe-dict:check>171 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel7-cpe-oval.xml">oval:ssg-installed_OS_is_centos7:def:1</cpe-dict:check>
172 ······</cpe-dict:cpe-item>172 ······</cpe-dict:cpe-item>
173 ····</cpe-dict:cpe-list>173 ····</cpe-dict:cpe-list>
174 ··</ds:component>174 ··</ds:component>
175 ··<ds:component·id="scap_org.open-scap_comp_ssg-rhel7-xccdf.xml"·timestamp="2022-12-20T09:54:05">175 ··<ds:component·id="scap_org.open-scap_comp_ssg-rhel7-xccdf.xml"·timestamp="2022-12-20T09:54:05">
176 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHEL-7"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">176 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHEL-7"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
177 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>177 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
178 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·7</xccdf-1.2:title>178 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·7</xccdf-1.2:title>
179 ······<xccdf-1.2:description>179 ······<xccdf-1.2:description>
180 ········This·guide·presents·a·catalog·of·security-relevant180 ········This·guide·presents·a·catalog·of·security-relevant
181 configuration·settings·for·Red·Hat·Enterprise·Linux·7.·It·is·a·rendering·of181 configuration·settings·for·Red·Hat·Enterprise·Linux·7.·It·is·a·rendering·of
182 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)182 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
183 in·order·to·support·security·automation.··The·SCAP·content·is183 in·order·to·support·security·automation.··The·SCAP·content·is
184 is·available·in·the184 is·available·in·the
Offset 40043, 16 lines modifiedOffset 40043, 16 lines modified
40043 ··-·reboot_required40043 ··-·reboot_required
40044 ··-·restrict_strategy40044 ··-·restrict_strategy
  
40045 -·name:·Set·architecture·for·audit·open·tasks40045 -·name:·Set·architecture·for·audit·open·tasks
40046 ··set_fact:40046 ··set_fact:
40047 ····audit_arch:·b6440047 ····audit_arch:·b64
40048 ··when:40048 ··when:
40049 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
40050 ··-·'&quot;audit&quot;·in·ansible_facts.packages'40049 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 40050 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
40051 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture40051 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
40052 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;40052 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
40053 ··tags:40053 ··tags:
40054 ··-·NIST-800-53-AC-2(4)40054 ··-·NIST-800-53-AC-2(4)
40055 ··-·NIST-800-53-AC-6(9)40055 ··-·NIST-800-53-AC-6(9)
40056 ··-·NIST-800-53-AU-12(c)40056 ··-·NIST-800-53-AU-12(c)
40057 ··-·NIST-800-53-AU-2(d)40057 ··-·NIST-800-53-AU-2(d)
Offset 40181, 16 lines modifiedOffset 40181, 16 lines modified
40181 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group40181 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
40182 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify40182 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
40183 ······create:·true40183 ······create:·true
40184 ······mode:·o-rwx40184 ······mode:·o-rwx
40185 ······state:·present40185 ······state:·present
40186 ····when:·syscalls_found·|·length·==·040186 ····when:·syscalls_found·|·length·==·0
40187 ··when:40187 ··when:
40188 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
40189 ··-·'&quot;audit&quot;·in·ansible_facts.packages'40188 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 40189 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
40190 ··tags:40190 ··tags:
40191 ··-·NIST-800-53-AC-2(4)40191 ··-·NIST-800-53-AC-2(4)
40192 ··-·NIST-800-53-AC-6(9)40192 ··-·NIST-800-53-AC-6(9)
40193 ··-·NIST-800-53-AU-12(c)40193 ··-·NIST-800-53-AU-12(c)
40194 ··-·NIST-800-53-AU-2(d)40194 ··-·NIST-800-53-AU-2(d)
40195 ··-·NIST-800-53-CM-6(a)40195 ··-·NIST-800-53-CM-6(a)
40196 ··-·audit_rules_etc_group_open40196 ··-·audit_rules_etc_group_open
Offset 40317, 31 lines modifiedOffset 40317, 31 lines modified
40317 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group40317 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
40318 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify40318 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
40319 ······create:·true40319 ······create:·true
40320 ······mode:·o-rwx40320 ······mode:·o-rwx
40321 ······state:·present40321 ······state:·present
40322 ····when:·syscalls_found·|·length·==·040322 ····when:·syscalls_found·|·length·==·0
40323 ··when:40323 ··when:
40324 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
40325 ··-·'&quot;audit&quot;·in·ansible_facts.packages'40324 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 40325 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
40326 ··-·audit_arch·==·&quot;b64&quot;40326 ··-·audit_arch·==·&quot;b64&quot;
40327 ··tags:40327 ··tags:
40328 ··-·NIST-800-53-AC-2(4)40328 ··-·NIST-800-53-AC-2(4)
40329 ··-·NIST-800-53-AC-6(9)40329 ··-·NIST-800-53-AC-6(9)
40330 ··-·NIST-800-53-AU-12(c)40330 ··-·NIST-800-53-AU-12(c)
40331 ··-·NIST-800-53-AU-2(d)40331 ··-·NIST-800-53-AU-2(d)
40332 ··-·NIST-800-53-CM-6(a)40332 ··-·NIST-800-53-CM-6(a)
40333 ··-·audit_rules_etc_group_open40333 ··-·audit_rules_etc_group_open
40334 ··-·low_complexity40334 ··-·low_complexity
40335 ··-·low_disruption40335 ··-·low_disruption
40336 ··-·medium_severity40336 ··-·medium_severity
40337 ··-·reboot_required40337 ··-·reboot_required
40338 ··-·restrict_strategy</xccdf-1.2:fix>40338 ··-·restrict_strategy</xccdf-1.2:fix>
40339 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms40339 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms
40340 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·rpm·--quiet·-q·audit;·then40340 if·rpm·--quiet·-q·audit·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then
  
40341 #·First·perform·the·remediation·of·the·syscall·rule40341 #·First·perform·the·remediation·of·the·syscall·rule
40342 #·Retrieve·hardware·architecture·of·the·underlying·system40342 #·Retrieve·hardware·architecture·of·the·underlying·system
40343 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)40343 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
40344 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;40344 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
40345 do40345 do
Offset 40737, 16 lines modifiedOffset 40737, 16 lines modified
40737 ··-·reboot_required40737 ··-·reboot_required
40738 ··-·restrict_strategy40738 ··-·restrict_strategy
  
40739 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks40739 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks
40740 ··set_fact:40740 ··set_fact:
40741 ····audit_arch:·b6440741 ····audit_arch:·b64
40742 ··when:40742 ··when:
40743 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
40744 ··-·'&quot;audit&quot;·in·ansible_facts.packages'40743 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 40744 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
40745 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture40745 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
40746 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;40746 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
40747 ··tags:40747 ··tags:
40748 ··-·NIST-800-53-AC-2(4)40748 ··-·NIST-800-53-AC-2(4)
40749 ··-·NIST-800-53-AC-6(9)40749 ··-·NIST-800-53-AC-6(9)
40750 ··-·NIST-800-53-AU-12(c)40750 ··-·NIST-800-53-AU-12(c)
40751 ··-·NIST-800-53-AU-2(d)40751 ··-·NIST-800-53-AU-2(d)
Offset 40875, 16 lines modifiedOffset 40875, 16 lines modified
40875 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group40875 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
40876 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify40876 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
40877 ······create:·true40877 ······create:·true
40878 ······mode:·o-rwx40878 ······mode:·o-rwx
40879 ······state:·present40879 ······state:·present
40880 ····when:·syscalls_found·|·length·==·040880 ····when:·syscalls_found·|·length·==·0
40881 ··when:40881 ··when:
40882 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
40883 ··-·'&quot;audit&quot;·in·ansible_facts.packages'40882 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 40883 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
40884 ··tags:40884 ··tags:
40885 ··-·NIST-800-53-AC-2(4)40885 ··-·NIST-800-53-AC-2(4)
40886 ··-·NIST-800-53-AC-6(9)40886 ··-·NIST-800-53-AC-6(9)
40887 ··-·NIST-800-53-AU-12(c)40887 ··-·NIST-800-53-AU-12(c)
40888 ··-·NIST-800-53-AU-2(d)40888 ··-·NIST-800-53-AU-2(d)
40889 ··-·NIST-800-53-CM-6(a)40889 ··-·NIST-800-53-CM-6(a)
40890 ··-·audit_rules_etc_group_open_by_handle_at40890 ··-·audit_rules_etc_group_open_by_handle_at
Offset 41011, 31 lines modifiedOffset 41011, 31 lines modified
41011 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group41011 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
41012 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify41012 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
41013 ······create:·true41013 ······create:·true
41014 ······mode:·o-rwx41014 ······mode:·o-rwx
41015 ······state:·present41015 ······state:·present
41016 ····when:·syscalls_found·|·length·==·041016 ····when:·syscalls_found·|·length·==·0
Max diff block lines reached; 549530/555943 bytes (98.85%) of diff not shown.
542 KB
./usr/share/xml/scap/ssg/content/ssg-centos7-xccdf.xml
542 KB
./usr/share/xml/scap/ssg/content/ssg-centos7-xccdf.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_RHEL-7"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_RHEL-7"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
3 ··<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>3 ··<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·7</xccdf-1.2:title>4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·7</xccdf-1.2:title>
5 ··<xccdf-1.2:description>5 ··<xccdf-1.2:description>
6 ····This·guide·presents·a·catalog·of·security-relevant6 ····This·guide·presents·a·catalog·of·security-relevant
7 configuration·settings·for·Red·Hat·Enterprise·Linux·7.·It·is·a·rendering·of7 configuration·settings·for·Red·Hat·Enterprise·Linux·7.·It·is·a·rendering·of
8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
9 in·order·to·support·security·automation.··The·SCAP·content·is9 in·order·to·support·security·automation.··The·SCAP·content·is
10 is·available·in·the10 is·available·in·the
Offset 39869, 16 lines modifiedOffset 39869, 16 lines modified
39869 ··-·reboot_required39869 ··-·reboot_required
39870 ··-·restrict_strategy39870 ··-·restrict_strategy
  
39871 -·name:·Set·architecture·for·audit·open·tasks39871 -·name:·Set·architecture·for·audit·open·tasks
39872 ··set_fact:39872 ··set_fact:
39873 ····audit_arch:·b6439873 ····audit_arch:·b64
39874 ··when:39874 ··when:
39875 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
39876 ··-·'&quot;audit&quot;·in·ansible_facts.packages'39875 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 39876 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
39877 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture39877 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
39878 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;39878 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
39879 ··tags:39879 ··tags:
39880 ··-·NIST-800-53-AC-2(4)39880 ··-·NIST-800-53-AC-2(4)
39881 ··-·NIST-800-53-AC-6(9)39881 ··-·NIST-800-53-AC-6(9)
39882 ··-·NIST-800-53-AU-12(c)39882 ··-·NIST-800-53-AU-12(c)
39883 ··-·NIST-800-53-AU-2(d)39883 ··-·NIST-800-53-AU-2(d)
Offset 40007, 16 lines modifiedOffset 40007, 16 lines modified
40007 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group40007 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
40008 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify40008 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
40009 ······create:·true40009 ······create:·true
40010 ······mode:·o-rwx40010 ······mode:·o-rwx
40011 ······state:·present40011 ······state:·present
40012 ····when:·syscalls_found·|·length·==·040012 ····when:·syscalls_found·|·length·==·0
40013 ··when:40013 ··when:
40014 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
40015 ··-·'&quot;audit&quot;·in·ansible_facts.packages'40014 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 40015 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
40016 ··tags:40016 ··tags:
40017 ··-·NIST-800-53-AC-2(4)40017 ··-·NIST-800-53-AC-2(4)
40018 ··-·NIST-800-53-AC-6(9)40018 ··-·NIST-800-53-AC-6(9)
40019 ··-·NIST-800-53-AU-12(c)40019 ··-·NIST-800-53-AU-12(c)
40020 ··-·NIST-800-53-AU-2(d)40020 ··-·NIST-800-53-AU-2(d)
40021 ··-·NIST-800-53-CM-6(a)40021 ··-·NIST-800-53-CM-6(a)
40022 ··-·audit_rules_etc_group_open40022 ··-·audit_rules_etc_group_open
Offset 40143, 31 lines modifiedOffset 40143, 31 lines modified
40143 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group40143 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
40144 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify40144 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
40145 ······create:·true40145 ······create:·true
40146 ······mode:·o-rwx40146 ······mode:·o-rwx
40147 ······state:·present40147 ······state:·present
40148 ····when:·syscalls_found·|·length·==·040148 ····when:·syscalls_found·|·length·==·0
40149 ··when:40149 ··when:
40150 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
40151 ··-·'&quot;audit&quot;·in·ansible_facts.packages'40150 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 40151 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
40152 ··-·audit_arch·==·&quot;b64&quot;40152 ··-·audit_arch·==·&quot;b64&quot;
40153 ··tags:40153 ··tags:
40154 ··-·NIST-800-53-AC-2(4)40154 ··-·NIST-800-53-AC-2(4)
40155 ··-·NIST-800-53-AC-6(9)40155 ··-·NIST-800-53-AC-6(9)
40156 ··-·NIST-800-53-AU-12(c)40156 ··-·NIST-800-53-AU-12(c)
40157 ··-·NIST-800-53-AU-2(d)40157 ··-·NIST-800-53-AU-2(d)
40158 ··-·NIST-800-53-CM-6(a)40158 ··-·NIST-800-53-CM-6(a)
40159 ··-·audit_rules_etc_group_open40159 ··-·audit_rules_etc_group_open
40160 ··-·low_complexity40160 ··-·low_complexity
40161 ··-·low_disruption40161 ··-·low_disruption
40162 ··-·medium_severity40162 ··-·medium_severity
40163 ··-·reboot_required40163 ··-·reboot_required
40164 ··-·restrict_strategy</xccdf-1.2:fix>40164 ··-·restrict_strategy</xccdf-1.2:fix>
40165 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms40165 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms
40166 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·rpm·--quiet·-q·audit;·then40166 if·rpm·--quiet·-q·audit·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then
  
40167 #·First·perform·the·remediation·of·the·syscall·rule40167 #·First·perform·the·remediation·of·the·syscall·rule
40168 #·Retrieve·hardware·architecture·of·the·underlying·system40168 #·Retrieve·hardware·architecture·of·the·underlying·system
40169 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)40169 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
40170 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;40170 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
40171 do40171 do
Offset 40563, 16 lines modifiedOffset 40563, 16 lines modified
40563 ··-·reboot_required40563 ··-·reboot_required
40564 ··-·restrict_strategy40564 ··-·restrict_strategy
  
40565 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks40565 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks
40566 ··set_fact:40566 ··set_fact:
40567 ····audit_arch:·b6440567 ····audit_arch:·b64
40568 ··when:40568 ··when:
40569 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
40570 ··-·'&quot;audit&quot;·in·ansible_facts.packages'40569 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 40570 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
40571 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture40571 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
40572 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;40572 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
40573 ··tags:40573 ··tags:
40574 ··-·NIST-800-53-AC-2(4)40574 ··-·NIST-800-53-AC-2(4)
40575 ··-·NIST-800-53-AC-6(9)40575 ··-·NIST-800-53-AC-6(9)
40576 ··-·NIST-800-53-AU-12(c)40576 ··-·NIST-800-53-AU-12(c)
40577 ··-·NIST-800-53-AU-2(d)40577 ··-·NIST-800-53-AU-2(d)
Offset 40701, 16 lines modifiedOffset 40701, 16 lines modified
40701 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group40701 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
40702 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify40702 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
40703 ······create:·true40703 ······create:·true
40704 ······mode:·o-rwx40704 ······mode:·o-rwx
40705 ······state:·present40705 ······state:·present
40706 ····when:·syscalls_found·|·length·==·040706 ····when:·syscalls_found·|·length·==·0
40707 ··when:40707 ··when:
40708 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
40709 ··-·'&quot;audit&quot;·in·ansible_facts.packages'40708 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 40709 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
40710 ··tags:40710 ··tags:
40711 ··-·NIST-800-53-AC-2(4)40711 ··-·NIST-800-53-AC-2(4)
40712 ··-·NIST-800-53-AC-6(9)40712 ··-·NIST-800-53-AC-6(9)
40713 ··-·NIST-800-53-AU-12(c)40713 ··-·NIST-800-53-AU-12(c)
40714 ··-·NIST-800-53-AU-2(d)40714 ··-·NIST-800-53-AU-2(d)
40715 ··-·NIST-800-53-CM-6(a)40715 ··-·NIST-800-53-CM-6(a)
40716 ··-·audit_rules_etc_group_open_by_handle_at40716 ··-·audit_rules_etc_group_open_by_handle_at
Offset 40837, 31 lines modifiedOffset 40837, 31 lines modified
40837 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group40837 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
40838 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify40838 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
40839 ······create:·true40839 ······create:·true
40840 ······mode:·o-rwx40840 ······mode:·o-rwx
40841 ······state:·present40841 ······state:·present
40842 ····when:·syscalls_found·|·length·==·040842 ····when:·syscalls_found·|·length·==·0
40843 ··when:40843 ··when:
40844 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
40845 ··-·'&quot;audit&quot;·in·ansible_facts.packages'40844 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 40845 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
40846 ··-·audit_arch·==·&quot;b64&quot;40846 ··-·audit_arch·==·&quot;b64&quot;
Max diff block lines reached; 547931/554564 bytes (98.80%) of diff not shown.
516 KB
./usr/share/xml/scap/ssg/content/ssg-centos8-ds-1.2.xml
516 KB
./usr/share/xml/scap/ssg/content/ssg-centos8-ds-1.2.xml
    
Offset 204, 15 lines modifiedOffset 204, 15 lines modified
204 ········<cpe-dict:title·xml:lang="en-us">CentOS·8</cpe-dict:title>204 ········<cpe-dict:title·xml:lang="en-us">CentOS·8</cpe-dict:title>
205 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel8-cpe-oval.xml">oval:ssg-installed_OS_is_centos8:def:1</cpe-dict:check>205 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel8-cpe-oval.xml">oval:ssg-installed_OS_is_centos8:def:1</cpe-dict:check>
206 ······</cpe-dict:cpe-item>206 ······</cpe-dict:cpe-item>
207 ····</cpe-dict:cpe-list>207 ····</cpe-dict:cpe-list>
208 ··</ds:component>208 ··</ds:component>
209 ··<ds:component·id="scap_org.open-scap_comp_ssg-rhel8-xccdf.xml"·timestamp="2022-12-20T09:54:05">209 ··<ds:component·id="scap_org.open-scap_comp_ssg-rhel8-xccdf.xml"·timestamp="2022-12-20T09:54:05">
210 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHEL-8"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">210 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHEL-8"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
211 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>211 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
212 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·8</xccdf-1.2:title>212 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·8</xccdf-1.2:title>
213 ······<xccdf-1.2:description>213 ······<xccdf-1.2:description>
214 ········This·guide·presents·a·catalog·of·security-relevant214 ········This·guide·presents·a·catalog·of·security-relevant
215 configuration·settings·for·Red·Hat·Enterprise·Linux·8.·It·is·a·rendering·of215 configuration·settings·for·Red·Hat·Enterprise·Linux·8.·It·is·a·rendering·of
216 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)216 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
217 in·order·to·support·security·automation.··The·SCAP·content·is217 in·order·to·support·security·automation.··The·SCAP·content·is
218 is·available·in·the218 is·available·in·the
Offset 52127, 16 lines modifiedOffset 52127, 16 lines modified
52127 ··-·reboot_required52127 ··-·reboot_required
52128 ··-·restrict_strategy52128 ··-·restrict_strategy
  
52129 -·name:·Set·architecture·for·audit·open·tasks52129 -·name:·Set·architecture·for·audit·open·tasks
52130 ··set_fact:52130 ··set_fact:
52131 ····audit_arch:·b6452131 ····audit_arch:·b64
52132 ··when:52132 ··when:
52133 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
52134 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]52133 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 52134 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
52135 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture52135 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
52136 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;52136 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
52137 ··tags:52137 ··tags:
52138 ··-·NIST-800-53-AC-2(4)52138 ··-·NIST-800-53-AC-2(4)
52139 ··-·NIST-800-53-AC-6(9)52139 ··-·NIST-800-53-AC-6(9)
52140 ··-·NIST-800-53-AU-12(c)52140 ··-·NIST-800-53-AU-12(c)
52141 ··-·NIST-800-53-AU-2(d)52141 ··-·NIST-800-53-AU-2(d)
Offset 52265, 16 lines modifiedOffset 52265, 16 lines modified
52265 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group52265 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
52266 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify52266 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
52267 ······create:·true52267 ······create:·true
52268 ······mode:·o-rwx52268 ······mode:·o-rwx
52269 ······state:·present52269 ······state:·present
52270 ····when:·syscalls_found·|·length·==·052270 ····when:·syscalls_found·|·length·==·0
52271 ··when:52271 ··when:
52272 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
52273 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]52272 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 52273 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
52274 ··tags:52274 ··tags:
52275 ··-·NIST-800-53-AC-2(4)52275 ··-·NIST-800-53-AC-2(4)
52276 ··-·NIST-800-53-AC-6(9)52276 ··-·NIST-800-53-AC-6(9)
52277 ··-·NIST-800-53-AU-12(c)52277 ··-·NIST-800-53-AU-12(c)
52278 ··-·NIST-800-53-AU-2(d)52278 ··-·NIST-800-53-AU-2(d)
52279 ··-·NIST-800-53-CM-6(a)52279 ··-·NIST-800-53-CM-6(a)
52280 ··-·audit_rules_etc_group_open52280 ··-·audit_rules_etc_group_open
Offset 52401, 31 lines modifiedOffset 52401, 31 lines modified
52401 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group52401 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
52402 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify52402 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
52403 ······create:·true52403 ······create:·true
52404 ······mode:·o-rwx52404 ······mode:·o-rwx
52405 ······state:·present52405 ······state:·present
52406 ····when:·syscalls_found·|·length·==·052406 ····when:·syscalls_found·|·length·==·0
52407 ··when:52407 ··when:
52408 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
52409 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]52408 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 52409 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
52410 ··-·audit_arch·==·&quot;b64&quot;52410 ··-·audit_arch·==·&quot;b64&quot;
52411 ··tags:52411 ··tags:
52412 ··-·NIST-800-53-AC-2(4)52412 ··-·NIST-800-53-AC-2(4)
52413 ··-·NIST-800-53-AC-6(9)52413 ··-·NIST-800-53-AC-6(9)
52414 ··-·NIST-800-53-AU-12(c)52414 ··-·NIST-800-53-AU-12(c)
52415 ··-·NIST-800-53-AU-2(d)52415 ··-·NIST-800-53-AU-2(d)
52416 ··-·NIST-800-53-CM-6(a)52416 ··-·NIST-800-53-CM-6(a)
52417 ··-·audit_rules_etc_group_open52417 ··-·audit_rules_etc_group_open
52418 ··-·low_complexity52418 ··-·low_complexity
52419 ··-·low_disruption52419 ··-·low_disruption
52420 ··-·medium_severity52420 ··-·medium_severity
52421 ··-·reboot_required52421 ··-·reboot_required
52422 ··-·restrict_strategy</xccdf-1.2:fix>52422 ··-·restrict_strategy</xccdf-1.2:fix>
52423 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms52423 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms
52424 if·rpm·--quiet·-q·audit·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then52424 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·rpm·--quiet·-q·audit;·then
  
52425 #·First·perform·the·remediation·of·the·syscall·rule52425 #·First·perform·the·remediation·of·the·syscall·rule
52426 #·Retrieve·hardware·architecture·of·the·underlying·system52426 #·Retrieve·hardware·architecture·of·the·underlying·system
52427 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)52427 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
52428 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;52428 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
52429 do52429 do
Offset 52821, 16 lines modifiedOffset 52821, 16 lines modified
52821 ··-·reboot_required52821 ··-·reboot_required
52822 ··-·restrict_strategy52822 ··-·restrict_strategy
  
52823 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks52823 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks
52824 ··set_fact:52824 ··set_fact:
52825 ····audit_arch:·b6452825 ····audit_arch:·b64
52826 ··when:52826 ··when:
52827 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
52828 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]52827 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 52828 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
52829 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture52829 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
52830 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;52830 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
52831 ··tags:52831 ··tags:
52832 ··-·NIST-800-53-AC-2(4)52832 ··-·NIST-800-53-AC-2(4)
52833 ··-·NIST-800-53-AC-6(9)52833 ··-·NIST-800-53-AC-6(9)
52834 ··-·NIST-800-53-AU-12(c)52834 ··-·NIST-800-53-AU-12(c)
52835 ··-·NIST-800-53-AU-2(d)52835 ··-·NIST-800-53-AU-2(d)
Offset 52959, 16 lines modifiedOffset 52959, 16 lines modified
52959 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group52959 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
52960 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify52960 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
52961 ······create:·true52961 ······create:·true
52962 ······mode:·o-rwx52962 ······mode:·o-rwx
52963 ······state:·present52963 ······state:·present
52964 ····when:·syscalls_found·|·length·==·052964 ····when:·syscalls_found·|·length·==·0
52965 ··when:52965 ··when:
52966 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
52967 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]52966 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 52967 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
52968 ··tags:52968 ··tags:
52969 ··-·NIST-800-53-AC-2(4)52969 ··-·NIST-800-53-AC-2(4)
52970 ··-·NIST-800-53-AC-6(9)52970 ··-·NIST-800-53-AC-6(9)
52971 ··-·NIST-800-53-AU-12(c)52971 ··-·NIST-800-53-AU-12(c)
52972 ··-·NIST-800-53-AU-2(d)52972 ··-·NIST-800-53-AU-2(d)
52973 ··-·NIST-800-53-CM-6(a)52973 ··-·NIST-800-53-CM-6(a)
52974 ··-·audit_rules_etc_group_open_by_handle_at52974 ··-·audit_rules_etc_group_open_by_handle_at
Offset 53095, 31 lines modifiedOffset 53095, 31 lines modified
53095 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group53095 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
53096 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify53096 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
53097 ······create:·true53097 ······create:·true
53098 ······mode:·o-rwx53098 ······mode:·o-rwx
53099 ······state:·present53099 ······state:·present
53100 ····when:·syscalls_found·|·length·==·053100 ····when:·syscalls_found·|·length·==·0
Max diff block lines reached; 521839/527802 bytes (98.87%) of diff not shown.
516 KB
./usr/share/xml/scap/ssg/content/ssg-centos8-ds.xml
516 KB
./usr/share/xml/scap/ssg/content/ssg-centos8-ds.xml
    
Offset 206, 15 lines modifiedOffset 206, 15 lines modified
206 ········<cpe-dict:title·xml:lang="en-us">CentOS·8</cpe-dict:title>206 ········<cpe-dict:title·xml:lang="en-us">CentOS·8</cpe-dict:title>
207 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel8-cpe-oval.xml">oval:ssg-installed_OS_is_centos8:def:1</cpe-dict:check>207 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel8-cpe-oval.xml">oval:ssg-installed_OS_is_centos8:def:1</cpe-dict:check>
208 ······</cpe-dict:cpe-item>208 ······</cpe-dict:cpe-item>
209 ····</cpe-dict:cpe-list>209 ····</cpe-dict:cpe-list>
210 ··</ds:component>210 ··</ds:component>
211 ··<ds:component·id="scap_org.open-scap_comp_ssg-rhel8-xccdf.xml"·timestamp="2022-12-20T09:54:05">211 ··<ds:component·id="scap_org.open-scap_comp_ssg-rhel8-xccdf.xml"·timestamp="2022-12-20T09:54:05">
212 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHEL-8"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">212 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHEL-8"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
213 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>213 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
214 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·8</xccdf-1.2:title>214 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·8</xccdf-1.2:title>
215 ······<xccdf-1.2:description>215 ······<xccdf-1.2:description>
216 ········This·guide·presents·a·catalog·of·security-relevant216 ········This·guide·presents·a·catalog·of·security-relevant
217 configuration·settings·for·Red·Hat·Enterprise·Linux·8.·It·is·a·rendering·of217 configuration·settings·for·Red·Hat·Enterprise·Linux·8.·It·is·a·rendering·of
218 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)218 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
219 in·order·to·support·security·automation.··The·SCAP·content·is219 in·order·to·support·security·automation.··The·SCAP·content·is
220 is·available·in·the220 is·available·in·the
Offset 52129, 16 lines modifiedOffset 52129, 16 lines modified
52129 ··-·reboot_required52129 ··-·reboot_required
52130 ··-·restrict_strategy52130 ··-·restrict_strategy
  
52131 -·name:·Set·architecture·for·audit·open·tasks52131 -·name:·Set·architecture·for·audit·open·tasks
52132 ··set_fact:52132 ··set_fact:
52133 ····audit_arch:·b6452133 ····audit_arch:·b64
52134 ··when:52134 ··when:
52135 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
52136 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]52135 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 52136 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
52137 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture52137 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
52138 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;52138 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
52139 ··tags:52139 ··tags:
52140 ··-·NIST-800-53-AC-2(4)52140 ··-·NIST-800-53-AC-2(4)
52141 ··-·NIST-800-53-AC-6(9)52141 ··-·NIST-800-53-AC-6(9)
52142 ··-·NIST-800-53-AU-12(c)52142 ··-·NIST-800-53-AU-12(c)
52143 ··-·NIST-800-53-AU-2(d)52143 ··-·NIST-800-53-AU-2(d)
Offset 52267, 16 lines modifiedOffset 52267, 16 lines modified
52267 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group52267 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
52268 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify52268 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
52269 ······create:·true52269 ······create:·true
52270 ······mode:·o-rwx52270 ······mode:·o-rwx
52271 ······state:·present52271 ······state:·present
52272 ····when:·syscalls_found·|·length·==·052272 ····when:·syscalls_found·|·length·==·0
52273 ··when:52273 ··when:
52274 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
52275 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]52274 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 52275 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
52276 ··tags:52276 ··tags:
52277 ··-·NIST-800-53-AC-2(4)52277 ··-·NIST-800-53-AC-2(4)
52278 ··-·NIST-800-53-AC-6(9)52278 ··-·NIST-800-53-AC-6(9)
52279 ··-·NIST-800-53-AU-12(c)52279 ··-·NIST-800-53-AU-12(c)
52280 ··-·NIST-800-53-AU-2(d)52280 ··-·NIST-800-53-AU-2(d)
52281 ··-·NIST-800-53-CM-6(a)52281 ··-·NIST-800-53-CM-6(a)
52282 ··-·audit_rules_etc_group_open52282 ··-·audit_rules_etc_group_open
Offset 52403, 31 lines modifiedOffset 52403, 31 lines modified
52403 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group52403 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
52404 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify52404 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
52405 ······create:·true52405 ······create:·true
52406 ······mode:·o-rwx52406 ······mode:·o-rwx
52407 ······state:·present52407 ······state:·present
52408 ····when:·syscalls_found·|·length·==·052408 ····when:·syscalls_found·|·length·==·0
52409 ··when:52409 ··when:
52410 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
52411 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]52410 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 52411 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
52412 ··-·audit_arch·==·&quot;b64&quot;52412 ··-·audit_arch·==·&quot;b64&quot;
52413 ··tags:52413 ··tags:
52414 ··-·NIST-800-53-AC-2(4)52414 ··-·NIST-800-53-AC-2(4)
52415 ··-·NIST-800-53-AC-6(9)52415 ··-·NIST-800-53-AC-6(9)
52416 ··-·NIST-800-53-AU-12(c)52416 ··-·NIST-800-53-AU-12(c)
52417 ··-·NIST-800-53-AU-2(d)52417 ··-·NIST-800-53-AU-2(d)
52418 ··-·NIST-800-53-CM-6(a)52418 ··-·NIST-800-53-CM-6(a)
52419 ··-·audit_rules_etc_group_open52419 ··-·audit_rules_etc_group_open
52420 ··-·low_complexity52420 ··-·low_complexity
52421 ··-·low_disruption52421 ··-·low_disruption
52422 ··-·medium_severity52422 ··-·medium_severity
52423 ··-·reboot_required52423 ··-·reboot_required
52424 ··-·restrict_strategy</xccdf-1.2:fix>52424 ··-·restrict_strategy</xccdf-1.2:fix>
52425 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms52425 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms
52426 if·rpm·--quiet·-q·audit·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then52426 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·rpm·--quiet·-q·audit;·then
  
52427 #·First·perform·the·remediation·of·the·syscall·rule52427 #·First·perform·the·remediation·of·the·syscall·rule
52428 #·Retrieve·hardware·architecture·of·the·underlying·system52428 #·Retrieve·hardware·architecture·of·the·underlying·system
52429 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)52429 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
52430 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;52430 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
52431 do52431 do
Offset 52823, 16 lines modifiedOffset 52823, 16 lines modified
52823 ··-·reboot_required52823 ··-·reboot_required
52824 ··-·restrict_strategy52824 ··-·restrict_strategy
  
52825 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks52825 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks
52826 ··set_fact:52826 ··set_fact:
52827 ····audit_arch:·b6452827 ····audit_arch:·b64
52828 ··when:52828 ··when:
52829 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
52830 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]52829 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 52830 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
52831 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture52831 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
52832 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;52832 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
52833 ··tags:52833 ··tags:
52834 ··-·NIST-800-53-AC-2(4)52834 ··-·NIST-800-53-AC-2(4)
52835 ··-·NIST-800-53-AC-6(9)52835 ··-·NIST-800-53-AC-6(9)
52836 ··-·NIST-800-53-AU-12(c)52836 ··-·NIST-800-53-AU-12(c)
52837 ··-·NIST-800-53-AU-2(d)52837 ··-·NIST-800-53-AU-2(d)
Offset 52961, 16 lines modifiedOffset 52961, 16 lines modified
52961 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group52961 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
52962 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify52962 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
52963 ······create:·true52963 ······create:·true
52964 ······mode:·o-rwx52964 ······mode:·o-rwx
52965 ······state:·present52965 ······state:·present
52966 ····when:·syscalls_found·|·length·==·052966 ····when:·syscalls_found·|·length·==·0
52967 ··when:52967 ··when:
52968 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
52969 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]52968 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 52969 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
52970 ··tags:52970 ··tags:
52971 ··-·NIST-800-53-AC-2(4)52971 ··-·NIST-800-53-AC-2(4)
52972 ··-·NIST-800-53-AC-6(9)52972 ··-·NIST-800-53-AC-6(9)
52973 ··-·NIST-800-53-AU-12(c)52973 ··-·NIST-800-53-AU-12(c)
52974 ··-·NIST-800-53-AU-2(d)52974 ··-·NIST-800-53-AU-2(d)
52975 ··-·NIST-800-53-CM-6(a)52975 ··-·NIST-800-53-CM-6(a)
52976 ··-·audit_rules_etc_group_open_by_handle_at52976 ··-·audit_rules_etc_group_open_by_handle_at
Offset 53097, 31 lines modifiedOffset 53097, 31 lines modified
53097 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group53097 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
53098 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify53098 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
53099 ······create:·true53099 ······create:·true
53100 ······mode:·o-rwx53100 ······mode:·o-rwx
53101 ······state:·present53101 ······state:·present
53102 ····when:·syscalls_found·|·length·==·053102 ····when:·syscalls_found·|·length·==·0
Max diff block lines reached; 521839/527802 bytes (98.87%) of diff not shown.
514 KB
./usr/share/xml/scap/ssg/content/ssg-centos8-xccdf.xml
514 KB
./usr/share/xml/scap/ssg/content/ssg-centos8-xccdf.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_RHEL-8"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_RHEL-8"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
3 ··<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>3 ··<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·8</xccdf-1.2:title>4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·8</xccdf-1.2:title>
5 ··<xccdf-1.2:description>5 ··<xccdf-1.2:description>
6 ····This·guide·presents·a·catalog·of·security-relevant6 ····This·guide·presents·a·catalog·of·security-relevant
7 configuration·settings·for·Red·Hat·Enterprise·Linux·8.·It·is·a·rendering·of7 configuration·settings·for·Red·Hat·Enterprise·Linux·8.·It·is·a·rendering·of
8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
9 in·order·to·support·security·automation.··The·SCAP·content·is9 in·order·to·support·security·automation.··The·SCAP·content·is
10 is·available·in·the10 is·available·in·the
Offset 51919, 16 lines modifiedOffset 51919, 16 lines modified
51919 ··-·reboot_required51919 ··-·reboot_required
51920 ··-·restrict_strategy51920 ··-·restrict_strategy
  
51921 -·name:·Set·architecture·for·audit·open·tasks51921 -·name:·Set·architecture·for·audit·open·tasks
51922 ··set_fact:51922 ··set_fact:
51923 ····audit_arch:·b6451923 ····audit_arch:·b64
51924 ··when:51924 ··when:
51925 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
51926 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]51925 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 51926 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
51927 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture51927 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
51928 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;51928 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
51929 ··tags:51929 ··tags:
51930 ··-·NIST-800-53-AC-2(4)51930 ··-·NIST-800-53-AC-2(4)
51931 ··-·NIST-800-53-AC-6(9)51931 ··-·NIST-800-53-AC-6(9)
51932 ··-·NIST-800-53-AU-12(c)51932 ··-·NIST-800-53-AU-12(c)
51933 ··-·NIST-800-53-AU-2(d)51933 ··-·NIST-800-53-AU-2(d)
Offset 52057, 16 lines modifiedOffset 52057, 16 lines modified
52057 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group52057 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
52058 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify52058 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
52059 ······create:·true52059 ······create:·true
52060 ······mode:·o-rwx52060 ······mode:·o-rwx
52061 ······state:·present52061 ······state:·present
52062 ····when:·syscalls_found·|·length·==·052062 ····when:·syscalls_found·|·length·==·0
52063 ··when:52063 ··when:
52064 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
52065 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]52064 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 52065 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
52066 ··tags:52066 ··tags:
52067 ··-·NIST-800-53-AC-2(4)52067 ··-·NIST-800-53-AC-2(4)
52068 ··-·NIST-800-53-AC-6(9)52068 ··-·NIST-800-53-AC-6(9)
52069 ··-·NIST-800-53-AU-12(c)52069 ··-·NIST-800-53-AU-12(c)
52070 ··-·NIST-800-53-AU-2(d)52070 ··-·NIST-800-53-AU-2(d)
52071 ··-·NIST-800-53-CM-6(a)52071 ··-·NIST-800-53-CM-6(a)
52072 ··-·audit_rules_etc_group_open52072 ··-·audit_rules_etc_group_open
Offset 52193, 31 lines modifiedOffset 52193, 31 lines modified
52193 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group52193 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
52194 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify52194 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
52195 ······create:·true52195 ······create:·true
52196 ······mode:·o-rwx52196 ······mode:·o-rwx
52197 ······state:·present52197 ······state:·present
52198 ····when:·syscalls_found·|·length·==·052198 ····when:·syscalls_found·|·length·==·0
52199 ··when:52199 ··when:
52200 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
52201 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]52200 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 52201 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
52202 ··-·audit_arch·==·&quot;b64&quot;52202 ··-·audit_arch·==·&quot;b64&quot;
52203 ··tags:52203 ··tags:
52204 ··-·NIST-800-53-AC-2(4)52204 ··-·NIST-800-53-AC-2(4)
52205 ··-·NIST-800-53-AC-6(9)52205 ··-·NIST-800-53-AC-6(9)
52206 ··-·NIST-800-53-AU-12(c)52206 ··-·NIST-800-53-AU-12(c)
52207 ··-·NIST-800-53-AU-2(d)52207 ··-·NIST-800-53-AU-2(d)
52208 ··-·NIST-800-53-CM-6(a)52208 ··-·NIST-800-53-CM-6(a)
52209 ··-·audit_rules_etc_group_open52209 ··-·audit_rules_etc_group_open
52210 ··-·low_complexity52210 ··-·low_complexity
52211 ··-·low_disruption52211 ··-·low_disruption
52212 ··-·medium_severity52212 ··-·medium_severity
52213 ··-·reboot_required52213 ··-·reboot_required
52214 ··-·restrict_strategy</xccdf-1.2:fix>52214 ··-·restrict_strategy</xccdf-1.2:fix>
52215 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms52215 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms
52216 if·rpm·--quiet·-q·audit·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then52216 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·rpm·--quiet·-q·audit;·then
  
52217 #·First·perform·the·remediation·of·the·syscall·rule52217 #·First·perform·the·remediation·of·the·syscall·rule
52218 #·Retrieve·hardware·architecture·of·the·underlying·system52218 #·Retrieve·hardware·architecture·of·the·underlying·system
52219 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)52219 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
52220 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;52220 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
52221 do52221 do
Offset 52613, 16 lines modifiedOffset 52613, 16 lines modified
52613 ··-·reboot_required52613 ··-·reboot_required
52614 ··-·restrict_strategy52614 ··-·restrict_strategy
  
52615 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks52615 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks
52616 ··set_fact:52616 ··set_fact:
52617 ····audit_arch:·b6452617 ····audit_arch:·b64
52618 ··when:52618 ··when:
52619 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
52620 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]52619 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 52620 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
52621 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture52621 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
52622 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;52622 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
52623 ··tags:52623 ··tags:
52624 ··-·NIST-800-53-AC-2(4)52624 ··-·NIST-800-53-AC-2(4)
52625 ··-·NIST-800-53-AC-6(9)52625 ··-·NIST-800-53-AC-6(9)
52626 ··-·NIST-800-53-AU-12(c)52626 ··-·NIST-800-53-AU-12(c)
52627 ··-·NIST-800-53-AU-2(d)52627 ··-·NIST-800-53-AU-2(d)
Offset 52751, 16 lines modifiedOffset 52751, 16 lines modified
52751 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group52751 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
52752 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify52752 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
52753 ······create:·true52753 ······create:·true
52754 ······mode:·o-rwx52754 ······mode:·o-rwx
52755 ······state:·present52755 ······state:·present
52756 ····when:·syscalls_found·|·length·==·052756 ····when:·syscalls_found·|·length·==·0
52757 ··when:52757 ··when:
52758 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
52759 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]52758 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 52759 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
52760 ··tags:52760 ··tags:
52761 ··-·NIST-800-53-AC-2(4)52761 ··-·NIST-800-53-AC-2(4)
52762 ··-·NIST-800-53-AC-6(9)52762 ··-·NIST-800-53-AC-6(9)
52763 ··-·NIST-800-53-AU-12(c)52763 ··-·NIST-800-53-AU-12(c)
52764 ··-·NIST-800-53-AU-2(d)52764 ··-·NIST-800-53-AU-2(d)
52765 ··-·NIST-800-53-CM-6(a)52765 ··-·NIST-800-53-CM-6(a)
52766 ··-·audit_rules_etc_group_open_by_handle_at52766 ··-·audit_rules_etc_group_open_by_handle_at
Offset 52887, 31 lines modifiedOffset 52887, 31 lines modified
52887 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group52887 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
52888 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify52888 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
52889 ······create:·true52889 ······create:·true
52890 ······mode:·o-rwx52890 ······mode:·o-rwx
52891 ······state:·present52891 ······state:·present
52892 ····when:·syscalls_found·|·length·==·052892 ····when:·syscalls_found·|·length·==·0
52893 ··when:52893 ··when:
52894 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
52895 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]52894 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 52895 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
52896 ··-·audit_arch·==·&quot;b64&quot;52896 ··-·audit_arch·==·&quot;b64&quot;
Max diff block lines reached; 520176/526269 bytes (98.84%) of diff not shown.
25.4 KB
./usr/share/xml/scap/ssg/content/ssg-cs9-ds-1.2.xml
25.3 KB
./usr/share/xml/scap/ssg/content/ssg-cs9-ds-1.2.xml
    
Offset 160, 15 lines modifiedOffset 160, 15 lines modified
160 ········<cpe-dict:title·xml:lang="en-us">CentOS·Stream·9</cpe-dict:title>160 ········<cpe-dict:title·xml:lang="en-us">CentOS·Stream·9</cpe-dict:title>
161 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel9-cpe-oval.xml">oval:ssg-installed_OS_is_centos9:def:1</cpe-dict:check>161 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel9-cpe-oval.xml">oval:ssg-installed_OS_is_centos9:def:1</cpe-dict:check>
162 ······</cpe-dict:cpe-item>162 ······</cpe-dict:cpe-item>
163 ····</cpe-dict:cpe-list>163 ····</cpe-dict:cpe-list>
164 ··</ds:component>164 ··</ds:component>
165 ··<ds:component·id="scap_org.open-scap_comp_ssg-rhel9-xccdf.xml"·timestamp="2022-12-20T09:54:05">165 ··<ds:component·id="scap_org.open-scap_comp_ssg-rhel9-xccdf.xml"·timestamp="2022-12-20T09:54:05">
166 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHEL-9"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">166 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHEL-9"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
167 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>167 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
168 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·9</xccdf-1.2:title>168 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·9</xccdf-1.2:title>
169 ······<xccdf-1.2:description>169 ······<xccdf-1.2:description>
170 ········This·guide·presents·a·catalog·of·security-relevant170 ········This·guide·presents·a·catalog·of·security-relevant
171 configuration·settings·for·Red·Hat·Enterprise·Linux·9.·It·is·a·rendering·of171 configuration·settings·for·Red·Hat·Enterprise·Linux·9.·It·is·a·rendering·of
172 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)172 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
173 in·order·to·support·security·automation.··The·SCAP·content·is173 in·order·to·support·security·automation.··The·SCAP·content·is
174 is·available·in·the174 is·available·in·the
Offset 166652, 16 lines modifiedOffset 166652, 16 lines modified
166652 ··-·no_reboot_needed166652 ··-·no_reboot_needed
  
166653 -·name:·Test·for·existence·/boot/grub2/grub.cfg166653 -·name:·Test·for·existence·/boot/grub2/grub.cfg
166654 ··stat:166654 ··stat:
166655 ····path:·/boot/grub2/grub.cfg166655 ····path:·/boot/grub2/grub.cfg
166656 ··register:·file_exists166656 ··register:·file_exists
166657 ··when:166657 ··when:
166658 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
166659 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'166658 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 166659 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
166660 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]166660 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
166661 ··tags:166661 ··tags:
166662 ··-·CJIS-5.5.2.2166662 ··-·CJIS-5.5.2.2
166663 ··-·NIST-800-171-3.4.5166663 ··-·NIST-800-171-3.4.5
166664 ··-·NIST-800-53-AC-6(1)166664 ··-·NIST-800-53-AC-6(1)
166665 ··-·NIST-800-53-CM-6(a)166665 ··-·NIST-800-53-CM-6(a)
166666 ··-·PCI-DSS-Req-7.1166666 ··-·PCI-DSS-Req-7.1
Offset 166673, 16 lines modifiedOffset 166673, 16 lines modified
166673 ··-·no_reboot_needed166673 ··-·no_reboot_needed
  
166674 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg166674 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
166675 ··file:166675 ··file:
166676 ····path:·/boot/grub2/grub.cfg166676 ····path:·/boot/grub2/grub.cfg
166677 ····group:·'0'166677 ····group:·'0'
166678 ··when:166678 ··when:
166679 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
166680 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'166679 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 166680 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
166681 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]166681 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
166682 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists166682 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
166683 ··tags:166683 ··tags:
166684 ··-·CJIS-5.5.2.2166684 ··-·CJIS-5.5.2.2
166685 ··-·NIST-800-171-3.4.5166685 ··-·NIST-800-171-3.4.5
166686 ··-·NIST-800-53-AC-6(1)166686 ··-·NIST-800-53-AC-6(1)
166687 ··-·NIST-800-53-CM-6(a)166687 ··-·NIST-800-53-CM-6(a)
Offset 166690, 15 lines modifiedOffset 166690, 15 lines modified
166690 ··-·configure_strategy166690 ··-·configure_strategy
166691 ··-·file_groupowner_grub2_cfg166691 ··-·file_groupowner_grub2_cfg
166692 ··-·low_complexity166692 ··-·low_complexity
166693 ··-·low_disruption166693 ··-·low_disruption
166694 ··-·medium_severity166694 ··-·medium_severity
166695 ··-·no_reboot_needed</xccdf-1.2:fix>166695 ··-·no_reboot_needed</xccdf-1.2:fix>
166696 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms166696 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
166697 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then166697 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
166698 chgrp·0·/boot/grub2/grub.cfg166698 chgrp·0·/boot/grub2/grub.cfg
  
166699 else166699 else
166700 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'166700 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
166701 fi</xccdf-1.2:fix>166701 fi</xccdf-1.2:fix>
166702 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">166702 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 166805, 16 lines modifiedOffset 166805, 16 lines modified
166805 ··-·no_reboot_needed166805 ··-·no_reboot_needed
  
166806 -·name:·Test·for·existence·/boot/grub2/user.cfg166806 -·name:·Test·for·existence·/boot/grub2/user.cfg
166807 ··stat:166807 ··stat:
166808 ····path:·/boot/grub2/user.cfg166808 ····path:·/boot/grub2/user.cfg
166809 ··register:·file_exists166809 ··register:·file_exists
166810 ··when:166810 ··when:
166811 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
166812 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'166811 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 166812 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
166813 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]166813 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
166814 ··tags:166814 ··tags:
166815 ··-·CJIS-5.5.2.2166815 ··-·CJIS-5.5.2.2
166816 ··-·NIST-800-171-3.4.5166816 ··-·NIST-800-171-3.4.5
166817 ··-·NIST-800-53-AC-6(1)166817 ··-·NIST-800-53-AC-6(1)
166818 ··-·NIST-800-53-CM-6(a)166818 ··-·NIST-800-53-CM-6(a)
166819 ··-·PCI-DSS-Req-7.1166819 ··-·PCI-DSS-Req-7.1
Offset 166826, 16 lines modifiedOffset 166826, 16 lines modified
166826 ··-·no_reboot_needed166826 ··-·no_reboot_needed
  
166827 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg166827 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
166828 ··file:166828 ··file:
166829 ····path:·/boot/grub2/user.cfg166829 ····path:·/boot/grub2/user.cfg
166830 ····group:·'0'166830 ····group:·'0'
166831 ··when:166831 ··when:
166832 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
166833 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'166832 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 166833 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
166834 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]166834 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
166835 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists166835 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
166836 ··tags:166836 ··tags:
166837 ··-·CJIS-5.5.2.2166837 ··-·CJIS-5.5.2.2
166838 ··-·NIST-800-171-3.4.5166838 ··-·NIST-800-171-3.4.5
166839 ··-·NIST-800-53-AC-6(1)166839 ··-·NIST-800-53-AC-6(1)
166840 ··-·NIST-800-53-CM-6(a)166840 ··-·NIST-800-53-CM-6(a)
Offset 166843, 15 lines modifiedOffset 166843, 15 lines modified
166843 ··-·configure_strategy166843 ··-·configure_strategy
166844 ··-·file_groupowner_user_cfg166844 ··-·file_groupowner_user_cfg
166845 ··-·low_complexity166845 ··-·low_complexity
166846 ··-·low_disruption166846 ··-·low_disruption
166847 ··-·medium_severity166847 ··-·medium_severity
166848 ··-·no_reboot_needed</xccdf-1.2:fix>166848 ··-·no_reboot_needed</xccdf-1.2:fix>
166849 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms166849 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
166850 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then166850 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
166851 chgrp·0·/boot/grub2/user.cfg166851 chgrp·0·/boot/grub2/user.cfg
  
166852 else166852 else
166853 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'166853 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
166854 fi</xccdf-1.2:fix>166854 fi</xccdf-1.2:fix>
166855 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">166855 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 166953, 16 lines modifiedOffset 166953, 16 lines modified
166953 ··-·no_reboot_needed166953 ··-·no_reboot_needed
  
166954 -·name:·Test·for·existence·/boot/grub2/grub.cfg166954 -·name:·Test·for·existence·/boot/grub2/grub.cfg
166955 ··stat:166955 ··stat:
166956 ····path:·/boot/grub2/grub.cfg166956 ····path:·/boot/grub2/grub.cfg
166957 ··register:·file_exists166957 ··register:·file_exists
166958 ··when:166958 ··when:
Max diff block lines reached; 19640/25850 bytes (75.98%) of diff not shown.
25.4 KB
./usr/share/xml/scap/ssg/content/ssg-cs9-ds.xml
25.3 KB
./usr/share/xml/scap/ssg/content/ssg-cs9-ds.xml
    
Offset 162, 15 lines modifiedOffset 162, 15 lines modified
162 ········<cpe-dict:title·xml:lang="en-us">CentOS·Stream·9</cpe-dict:title>162 ········<cpe-dict:title·xml:lang="en-us">CentOS·Stream·9</cpe-dict:title>
163 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel9-cpe-oval.xml">oval:ssg-installed_OS_is_centos9:def:1</cpe-dict:check>163 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel9-cpe-oval.xml">oval:ssg-installed_OS_is_centos9:def:1</cpe-dict:check>
164 ······</cpe-dict:cpe-item>164 ······</cpe-dict:cpe-item>
165 ····</cpe-dict:cpe-list>165 ····</cpe-dict:cpe-list>
166 ··</ds:component>166 ··</ds:component>
167 ··<ds:component·id="scap_org.open-scap_comp_ssg-rhel9-xccdf.xml"·timestamp="2022-12-20T09:54:05">167 ··<ds:component·id="scap_org.open-scap_comp_ssg-rhel9-xccdf.xml"·timestamp="2022-12-20T09:54:05">
168 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHEL-9"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">168 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHEL-9"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
169 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>169 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
170 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·9</xccdf-1.2:title>170 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·9</xccdf-1.2:title>
171 ······<xccdf-1.2:description>171 ······<xccdf-1.2:description>
172 ········This·guide·presents·a·catalog·of·security-relevant172 ········This·guide·presents·a·catalog·of·security-relevant
173 configuration·settings·for·Red·Hat·Enterprise·Linux·9.·It·is·a·rendering·of173 configuration·settings·for·Red·Hat·Enterprise·Linux·9.·It·is·a·rendering·of
174 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)174 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
175 in·order·to·support·security·automation.··The·SCAP·content·is175 in·order·to·support·security·automation.··The·SCAP·content·is
176 is·available·in·the176 is·available·in·the
Offset 166654, 16 lines modifiedOffset 166654, 16 lines modified
166654 ··-·no_reboot_needed166654 ··-·no_reboot_needed
  
166655 -·name:·Test·for·existence·/boot/grub2/grub.cfg166655 -·name:·Test·for·existence·/boot/grub2/grub.cfg
166656 ··stat:166656 ··stat:
166657 ····path:·/boot/grub2/grub.cfg166657 ····path:·/boot/grub2/grub.cfg
166658 ··register:·file_exists166658 ··register:·file_exists
166659 ··when:166659 ··when:
166660 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
166661 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'166660 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 166661 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
166662 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]166662 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
166663 ··tags:166663 ··tags:
166664 ··-·CJIS-5.5.2.2166664 ··-·CJIS-5.5.2.2
166665 ··-·NIST-800-171-3.4.5166665 ··-·NIST-800-171-3.4.5
166666 ··-·NIST-800-53-AC-6(1)166666 ··-·NIST-800-53-AC-6(1)
166667 ··-·NIST-800-53-CM-6(a)166667 ··-·NIST-800-53-CM-6(a)
166668 ··-·PCI-DSS-Req-7.1166668 ··-·PCI-DSS-Req-7.1
Offset 166675, 16 lines modifiedOffset 166675, 16 lines modified
166675 ··-·no_reboot_needed166675 ··-·no_reboot_needed
  
166676 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg166676 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
166677 ··file:166677 ··file:
166678 ····path:·/boot/grub2/grub.cfg166678 ····path:·/boot/grub2/grub.cfg
166679 ····group:·'0'166679 ····group:·'0'
166680 ··when:166680 ··when:
166681 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
166682 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'166681 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 166682 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
166683 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]166683 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
166684 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists166684 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
166685 ··tags:166685 ··tags:
166686 ··-·CJIS-5.5.2.2166686 ··-·CJIS-5.5.2.2
166687 ··-·NIST-800-171-3.4.5166687 ··-·NIST-800-171-3.4.5
166688 ··-·NIST-800-53-AC-6(1)166688 ··-·NIST-800-53-AC-6(1)
166689 ··-·NIST-800-53-CM-6(a)166689 ··-·NIST-800-53-CM-6(a)
Offset 166692, 15 lines modifiedOffset 166692, 15 lines modified
166692 ··-·configure_strategy166692 ··-·configure_strategy
166693 ··-·file_groupowner_grub2_cfg166693 ··-·file_groupowner_grub2_cfg
166694 ··-·low_complexity166694 ··-·low_complexity
166695 ··-·low_disruption166695 ··-·low_disruption
166696 ··-·medium_severity166696 ··-·medium_severity
166697 ··-·no_reboot_needed</xccdf-1.2:fix>166697 ··-·no_reboot_needed</xccdf-1.2:fix>
166698 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms166698 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
166699 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then166699 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
166700 chgrp·0·/boot/grub2/grub.cfg166700 chgrp·0·/boot/grub2/grub.cfg
  
166701 else166701 else
166702 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'166702 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
166703 fi</xccdf-1.2:fix>166703 fi</xccdf-1.2:fix>
166704 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">166704 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 166807, 16 lines modifiedOffset 166807, 16 lines modified
166807 ··-·no_reboot_needed166807 ··-·no_reboot_needed
  
166808 -·name:·Test·for·existence·/boot/grub2/user.cfg166808 -·name:·Test·for·existence·/boot/grub2/user.cfg
166809 ··stat:166809 ··stat:
166810 ····path:·/boot/grub2/user.cfg166810 ····path:·/boot/grub2/user.cfg
166811 ··register:·file_exists166811 ··register:·file_exists
166812 ··when:166812 ··when:
166813 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
166814 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'166813 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 166814 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
166815 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]166815 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
166816 ··tags:166816 ··tags:
166817 ··-·CJIS-5.5.2.2166817 ··-·CJIS-5.5.2.2
166818 ··-·NIST-800-171-3.4.5166818 ··-·NIST-800-171-3.4.5
166819 ··-·NIST-800-53-AC-6(1)166819 ··-·NIST-800-53-AC-6(1)
166820 ··-·NIST-800-53-CM-6(a)166820 ··-·NIST-800-53-CM-6(a)
166821 ··-·PCI-DSS-Req-7.1166821 ··-·PCI-DSS-Req-7.1
Offset 166828, 16 lines modifiedOffset 166828, 16 lines modified
166828 ··-·no_reboot_needed166828 ··-·no_reboot_needed
  
166829 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg166829 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
166830 ··file:166830 ··file:
166831 ····path:·/boot/grub2/user.cfg166831 ····path:·/boot/grub2/user.cfg
166832 ····group:·'0'166832 ····group:·'0'
166833 ··when:166833 ··when:
166834 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
166835 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'166834 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 166835 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
166836 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]166836 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
166837 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists166837 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
166838 ··tags:166838 ··tags:
166839 ··-·CJIS-5.5.2.2166839 ··-·CJIS-5.5.2.2
166840 ··-·NIST-800-171-3.4.5166840 ··-·NIST-800-171-3.4.5
166841 ··-·NIST-800-53-AC-6(1)166841 ··-·NIST-800-53-AC-6(1)
166842 ··-·NIST-800-53-CM-6(a)166842 ··-·NIST-800-53-CM-6(a)
Offset 166845, 15 lines modifiedOffset 166845, 15 lines modified
166845 ··-·configure_strategy166845 ··-·configure_strategy
166846 ··-·file_groupowner_user_cfg166846 ··-·file_groupowner_user_cfg
166847 ··-·low_complexity166847 ··-·low_complexity
166848 ··-·low_disruption166848 ··-·low_disruption
166849 ··-·medium_severity166849 ··-·medium_severity
166850 ··-·no_reboot_needed</xccdf-1.2:fix>166850 ··-·no_reboot_needed</xccdf-1.2:fix>
166851 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms166851 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
166852 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then166852 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
166853 chgrp·0·/boot/grub2/user.cfg166853 chgrp·0·/boot/grub2/user.cfg
  
166854 else166854 else
166855 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'166855 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
166856 fi</xccdf-1.2:fix>166856 fi</xccdf-1.2:fix>
166857 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">166857 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 166955, 16 lines modifiedOffset 166955, 16 lines modified
166955 ··-·no_reboot_needed166955 ··-·no_reboot_needed
  
166956 -·name:·Test·for·existence·/boot/grub2/grub.cfg166956 -·name:·Test·for·existence·/boot/grub2/grub.cfg
166957 ··stat:166957 ··stat:
166958 ····path:·/boot/grub2/grub.cfg166958 ····path:·/boot/grub2/grub.cfg
166959 ··register:·file_exists166959 ··register:·file_exists
166960 ··when:166960 ··when:
Max diff block lines reached; 19640/25850 bytes (75.98%) of diff not shown.
25.2 KB
./usr/share/xml/scap/ssg/content/ssg-cs9-xccdf.xml
25.1 KB
./usr/share/xml/scap/ssg/content/ssg-cs9-xccdf.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_RHEL-9"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_RHEL-9"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
3 ··<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>3 ··<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·9</xccdf-1.2:title>4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·9</xccdf-1.2:title>
5 ··<xccdf-1.2:description>5 ··<xccdf-1.2:description>
6 ····This·guide·presents·a·catalog·of·security-relevant6 ····This·guide·presents·a·catalog·of·security-relevant
7 configuration·settings·for·Red·Hat·Enterprise·Linux·9.·It·is·a·rendering·of7 configuration·settings·for·Red·Hat·Enterprise·Linux·9.·It·is·a·rendering·of
8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
9 in·order·to·support·security·automation.··The·SCAP·content·is9 in·order·to·support·security·automation.··The·SCAP·content·is
10 is·available·in·the10 is·available·in·the
Offset 166488, 16 lines modifiedOffset 166488, 16 lines modified
166488 ··-·no_reboot_needed166488 ··-·no_reboot_needed
  
166489 -·name:·Test·for·existence·/boot/grub2/grub.cfg166489 -·name:·Test·for·existence·/boot/grub2/grub.cfg
166490 ··stat:166490 ··stat:
166491 ····path:·/boot/grub2/grub.cfg166491 ····path:·/boot/grub2/grub.cfg
166492 ··register:·file_exists166492 ··register:·file_exists
166493 ··when:166493 ··when:
166494 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
166495 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'166494 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 166495 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
166496 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]166496 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
166497 ··tags:166497 ··tags:
166498 ··-·CJIS-5.5.2.2166498 ··-·CJIS-5.5.2.2
166499 ··-·NIST-800-171-3.4.5166499 ··-·NIST-800-171-3.4.5
166500 ··-·NIST-800-53-AC-6(1)166500 ··-·NIST-800-53-AC-6(1)
166501 ··-·NIST-800-53-CM-6(a)166501 ··-·NIST-800-53-CM-6(a)
166502 ··-·PCI-DSS-Req-7.1166502 ··-·PCI-DSS-Req-7.1
Offset 166509, 16 lines modifiedOffset 166509, 16 lines modified
166509 ··-·no_reboot_needed166509 ··-·no_reboot_needed
  
166510 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg166510 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
166511 ··file:166511 ··file:
166512 ····path:·/boot/grub2/grub.cfg166512 ····path:·/boot/grub2/grub.cfg
166513 ····group:·'0'166513 ····group:·'0'
166514 ··when:166514 ··when:
166515 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
166516 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'166515 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 166516 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
166517 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]166517 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
166518 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists166518 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
166519 ··tags:166519 ··tags:
166520 ··-·CJIS-5.5.2.2166520 ··-·CJIS-5.5.2.2
166521 ··-·NIST-800-171-3.4.5166521 ··-·NIST-800-171-3.4.5
166522 ··-·NIST-800-53-AC-6(1)166522 ··-·NIST-800-53-AC-6(1)
166523 ··-·NIST-800-53-CM-6(a)166523 ··-·NIST-800-53-CM-6(a)
Offset 166526, 15 lines modifiedOffset 166526, 15 lines modified
166526 ··-·configure_strategy166526 ··-·configure_strategy
166527 ··-·file_groupowner_grub2_cfg166527 ··-·file_groupowner_grub2_cfg
166528 ··-·low_complexity166528 ··-·low_complexity
166529 ··-·low_disruption166529 ··-·low_disruption
166530 ··-·medium_severity166530 ··-·medium_severity
166531 ··-·no_reboot_needed</xccdf-1.2:fix>166531 ··-·no_reboot_needed</xccdf-1.2:fix>
166532 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms166532 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
166533 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then166533 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
166534 chgrp·0·/boot/grub2/grub.cfg166534 chgrp·0·/boot/grub2/grub.cfg
  
166535 else166535 else
166536 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'166536 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
166537 fi</xccdf-1.2:fix>166537 fi</xccdf-1.2:fix>
166538 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">166538 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 166641, 16 lines modifiedOffset 166641, 16 lines modified
166641 ··-·no_reboot_needed166641 ··-·no_reboot_needed
  
166642 -·name:·Test·for·existence·/boot/grub2/user.cfg166642 -·name:·Test·for·existence·/boot/grub2/user.cfg
166643 ··stat:166643 ··stat:
166644 ····path:·/boot/grub2/user.cfg166644 ····path:·/boot/grub2/user.cfg
166645 ··register:·file_exists166645 ··register:·file_exists
166646 ··when:166646 ··when:
166647 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
166648 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'166647 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 166648 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
166649 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]166649 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
166650 ··tags:166650 ··tags:
166651 ··-·CJIS-5.5.2.2166651 ··-·CJIS-5.5.2.2
166652 ··-·NIST-800-171-3.4.5166652 ··-·NIST-800-171-3.4.5
166653 ··-·NIST-800-53-AC-6(1)166653 ··-·NIST-800-53-AC-6(1)
166654 ··-·NIST-800-53-CM-6(a)166654 ··-·NIST-800-53-CM-6(a)
166655 ··-·PCI-DSS-Req-7.1166655 ··-·PCI-DSS-Req-7.1
Offset 166662, 16 lines modifiedOffset 166662, 16 lines modified
166662 ··-·no_reboot_needed166662 ··-·no_reboot_needed
  
166663 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg166663 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
166664 ··file:166664 ··file:
166665 ····path:·/boot/grub2/user.cfg166665 ····path:·/boot/grub2/user.cfg
166666 ····group:·'0'166666 ····group:·'0'
166667 ··when:166667 ··when:
166668 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
166669 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'166668 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 166669 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
166670 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]166670 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
166671 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists166671 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
166672 ··tags:166672 ··tags:
166673 ··-·CJIS-5.5.2.2166673 ··-·CJIS-5.5.2.2
166674 ··-·NIST-800-171-3.4.5166674 ··-·NIST-800-171-3.4.5
166675 ··-·NIST-800-53-AC-6(1)166675 ··-·NIST-800-53-AC-6(1)
166676 ··-·NIST-800-53-CM-6(a)166676 ··-·NIST-800-53-CM-6(a)
Offset 166679, 15 lines modifiedOffset 166679, 15 lines modified
166679 ··-·configure_strategy166679 ··-·configure_strategy
166680 ··-·file_groupowner_user_cfg166680 ··-·file_groupowner_user_cfg
166681 ··-·low_complexity166681 ··-·low_complexity
166682 ··-·low_disruption166682 ··-·low_disruption
166683 ··-·medium_severity166683 ··-·medium_severity
166684 ··-·no_reboot_needed</xccdf-1.2:fix>166684 ··-·no_reboot_needed</xccdf-1.2:fix>
166685 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms166685 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
166686 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then166686 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
166687 chgrp·0·/boot/grub2/user.cfg166687 chgrp·0·/boot/grub2/user.cfg
  
166688 else166688 else
166689 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'166689 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
166690 fi</xccdf-1.2:fix>166690 fi</xccdf-1.2:fix>
166691 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">166691 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 166789, 16 lines modifiedOffset 166789, 16 lines modified
166789 ··-·no_reboot_needed166789 ··-·no_reboot_needed
  
166790 -·name:·Test·for·existence·/boot/grub2/grub.cfg166790 -·name:·Test·for·existence·/boot/grub2/grub.cfg
166791 ··stat:166791 ··stat:
166792 ····path:·/boot/grub2/grub.cfg166792 ····path:·/boot/grub2/grub.cfg
166793 ··register:·file_exists166793 ··register:·file_exists
166794 ··when:166794 ··when:
166795 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
166796 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'166795 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 166796 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
166797 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]166797 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
166798 ··tags:166798 ··tags:
Max diff block lines reached; 19311/25606 bytes (75.42%) of diff not shown.
483 KB
./usr/share/xml/scap/ssg/content/ssg-fedora-ds-1.2.xml
483 KB
./usr/share/xml/scap/ssg/content/ssg-fedora-ds-1.2.xml
    
Offset 144, 15 lines modifiedOffset 144, 15 lines modified
144 ········<cpe-dict:title·xml:lang="en-us">Fedora·38</cpe-dict:title>144 ········<cpe-dict:title·xml:lang="en-us">Fedora·38</cpe-dict:title>
145 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-fedora-cpe-oval.xml">oval:ssg-installed_OS_is_fedora:def:1</cpe-dict:check>145 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-fedora-cpe-oval.xml">oval:ssg-installed_OS_is_fedora:def:1</cpe-dict:check>
146 ······</cpe-dict:cpe-item>146 ······</cpe-dict:cpe-item>
147 ····</cpe-dict:cpe-list>147 ····</cpe-dict:cpe-list>
148 ··</ds:component>148 ··</ds:component>
149 ··<ds:component·id="scap_org.open-scap_comp_ssg-fedora-xccdf.xml"·timestamp="2022-12-20T09:54:05">149 ··<ds:component·id="scap_org.open-scap_comp_ssg-fedora-xccdf.xml"·timestamp="2022-12-20T09:54:05">
150 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_FEDORA"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">150 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_FEDORA"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
151 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>151 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
152 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Fedora</xccdf-1.2:title>152 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Fedora</xccdf-1.2:title>
153 ······<xccdf-1.2:description>153 ······<xccdf-1.2:description>
154 ········This·guide·presents·a·catalog·of·security-relevant154 ········This·guide·presents·a·catalog·of·security-relevant
155 configuration·settings·for·Fedora.·It·is·a·rendering·of155 configuration·settings·for·Fedora.·It·is·a·rendering·of
156 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)156 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
157 in·order·to·support·security·automation.··The·SCAP·content·is157 in·order·to·support·security·automation.··The·SCAP·content·is
158 is·available·in·the158 is·available·in·the
Offset 39087, 16 lines modifiedOffset 39087, 16 lines modified
39087 ··-·reboot_required39087 ··-·reboot_required
39088 ··-·restrict_strategy39088 ··-·restrict_strategy
  
39089 -·name:·Set·architecture·for·audit·open·tasks39089 -·name:·Set·architecture·for·audit·open·tasks
39090 ··set_fact:39090 ··set_fact:
39091 ····audit_arch:·b6439091 ····audit_arch:·b64
39092 ··when:39092 ··when:
39093 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
39094 ··-·'&quot;audit&quot;·in·ansible_facts.packages'39093 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 39094 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
39095 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture39095 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
39096 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;39096 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
39097 ··tags:39097 ··tags:
39098 ··-·NIST-800-53-AC-2(4)39098 ··-·NIST-800-53-AC-2(4)
39099 ··-·NIST-800-53-AC-6(9)39099 ··-·NIST-800-53-AC-6(9)
39100 ··-·NIST-800-53-AU-12(c)39100 ··-·NIST-800-53-AU-12(c)
39101 ··-·NIST-800-53-AU-2(d)39101 ··-·NIST-800-53-AU-2(d)
Offset 39225, 16 lines modifiedOffset 39225, 16 lines modified
39225 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group39225 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
39226 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify39226 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
39227 ······create:·true39227 ······create:·true
39228 ······mode:·o-rwx39228 ······mode:·o-rwx
39229 ······state:·present39229 ······state:·present
39230 ····when:·syscalls_found·|·length·==·039230 ····when:·syscalls_found·|·length·==·0
39231 ··when:39231 ··when:
39232 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
39233 ··-·'&quot;audit&quot;·in·ansible_facts.packages'39232 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 39233 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
39234 ··tags:39234 ··tags:
39235 ··-·NIST-800-53-AC-2(4)39235 ··-·NIST-800-53-AC-2(4)
39236 ··-·NIST-800-53-AC-6(9)39236 ··-·NIST-800-53-AC-6(9)
39237 ··-·NIST-800-53-AU-12(c)39237 ··-·NIST-800-53-AU-12(c)
39238 ··-·NIST-800-53-AU-2(d)39238 ··-·NIST-800-53-AU-2(d)
39239 ··-·NIST-800-53-CM-6(a)39239 ··-·NIST-800-53-CM-6(a)
39240 ··-·audit_rules_etc_group_open39240 ··-·audit_rules_etc_group_open
Offset 39361, 31 lines modifiedOffset 39361, 31 lines modified
39361 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group39361 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
39362 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify39362 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
39363 ······create:·true39363 ······create:·true
39364 ······mode:·o-rwx39364 ······mode:·o-rwx
39365 ······state:·present39365 ······state:·present
39366 ····when:·syscalls_found·|·length·==·039366 ····when:·syscalls_found·|·length·==·0
39367 ··when:39367 ··when:
39368 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
39369 ··-·'&quot;audit&quot;·in·ansible_facts.packages'39368 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 39369 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
39370 ··-·audit_arch·==·&quot;b64&quot;39370 ··-·audit_arch·==·&quot;b64&quot;
39371 ··tags:39371 ··tags:
39372 ··-·NIST-800-53-AC-2(4)39372 ··-·NIST-800-53-AC-2(4)
39373 ··-·NIST-800-53-AC-6(9)39373 ··-·NIST-800-53-AC-6(9)
39374 ··-·NIST-800-53-AU-12(c)39374 ··-·NIST-800-53-AU-12(c)
39375 ··-·NIST-800-53-AU-2(d)39375 ··-·NIST-800-53-AU-2(d)
39376 ··-·NIST-800-53-CM-6(a)39376 ··-·NIST-800-53-CM-6(a)
39377 ··-·audit_rules_etc_group_open39377 ··-·audit_rules_etc_group_open
39378 ··-·low_complexity39378 ··-·low_complexity
39379 ··-·low_disruption39379 ··-·low_disruption
39380 ··-·medium_severity39380 ··-·medium_severity
39381 ··-·reboot_required39381 ··-·reboot_required
39382 ··-·restrict_strategy</xccdf-1.2:fix>39382 ··-·restrict_strategy</xccdf-1.2:fix>
39383 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms39383 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms
39384 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·rpm·--quiet·-q·audit;·then39384 if·rpm·--quiet·-q·audit·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then
  
39385 #·First·perform·the·remediation·of·the·syscall·rule39385 #·First·perform·the·remediation·of·the·syscall·rule
39386 #·Retrieve·hardware·architecture·of·the·underlying·system39386 #·Retrieve·hardware·architecture·of·the·underlying·system
39387 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)39387 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
39388 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;39388 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
39389 do39389 do
Offset 39781, 16 lines modifiedOffset 39781, 16 lines modified
39781 ··-·reboot_required39781 ··-·reboot_required
39782 ··-·restrict_strategy39782 ··-·restrict_strategy
  
39783 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks39783 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks
39784 ··set_fact:39784 ··set_fact:
39785 ····audit_arch:·b6439785 ····audit_arch:·b64
39786 ··when:39786 ··when:
39787 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
39788 ··-·'&quot;audit&quot;·in·ansible_facts.packages'39787 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 39788 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
39789 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture39789 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
39790 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;39790 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
39791 ··tags:39791 ··tags:
39792 ··-·NIST-800-53-AC-2(4)39792 ··-·NIST-800-53-AC-2(4)
39793 ··-·NIST-800-53-AC-6(9)39793 ··-·NIST-800-53-AC-6(9)
39794 ··-·NIST-800-53-AU-12(c)39794 ··-·NIST-800-53-AU-12(c)
39795 ··-·NIST-800-53-AU-2(d)39795 ··-·NIST-800-53-AU-2(d)
Offset 39919, 16 lines modifiedOffset 39919, 16 lines modified
39919 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group39919 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
39920 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify39920 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
39921 ······create:·true39921 ······create:·true
39922 ······mode:·o-rwx39922 ······mode:·o-rwx
39923 ······state:·present39923 ······state:·present
39924 ····when:·syscalls_found·|·length·==·039924 ····when:·syscalls_found·|·length·==·0
39925 ··when:39925 ··when:
39926 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
39927 ··-·'&quot;audit&quot;·in·ansible_facts.packages'39926 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 39927 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
39928 ··tags:39928 ··tags:
39929 ··-·NIST-800-53-AC-2(4)39929 ··-·NIST-800-53-AC-2(4)
39930 ··-·NIST-800-53-AC-6(9)39930 ··-·NIST-800-53-AC-6(9)
39931 ··-·NIST-800-53-AU-12(c)39931 ··-·NIST-800-53-AU-12(c)
39932 ··-·NIST-800-53-AU-2(d)39932 ··-·NIST-800-53-AU-2(d)
39933 ··-·NIST-800-53-CM-6(a)39933 ··-·NIST-800-53-CM-6(a)
39934 ··-·audit_rules_etc_group_open_by_handle_at39934 ··-·audit_rules_etc_group_open_by_handle_at
Offset 40055, 31 lines modifiedOffset 40055, 31 lines modified
40055 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group40055 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
40056 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify40056 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
40057 ······create:·true40057 ······create:·true
40058 ······mode:·o-rwx40058 ······mode:·o-rwx
40059 ······state:·present40059 ······state:·present
40060 ····when:·syscalls_found·|·length·==·040060 ····when:·syscalls_found·|·length·==·0
Max diff block lines reached; 487609/493984 bytes (98.71%) of diff not shown.
483 KB
./usr/share/xml/scap/ssg/content/ssg-fedora-ds.xml
483 KB
./usr/share/xml/scap/ssg/content/ssg-fedora-ds.xml
    
Offset 144, 15 lines modifiedOffset 144, 15 lines modified
144 ········<cpe-dict:title·xml:lang="en-us">Fedora·38</cpe-dict:title>144 ········<cpe-dict:title·xml:lang="en-us">Fedora·38</cpe-dict:title>
145 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-fedora-cpe-oval.xml">oval:ssg-installed_OS_is_fedora:def:1</cpe-dict:check>145 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-fedora-cpe-oval.xml">oval:ssg-installed_OS_is_fedora:def:1</cpe-dict:check>
146 ······</cpe-dict:cpe-item>146 ······</cpe-dict:cpe-item>
147 ····</cpe-dict:cpe-list>147 ····</cpe-dict:cpe-list>
148 ··</ds:component>148 ··</ds:component>
149 ··<ds:component·id="scap_org.open-scap_comp_ssg-fedora-xccdf.xml"·timestamp="2022-12-20T09:54:05">149 ··<ds:component·id="scap_org.open-scap_comp_ssg-fedora-xccdf.xml"·timestamp="2022-12-20T09:54:05">
150 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_FEDORA"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">150 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_FEDORA"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
151 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>151 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
152 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Fedora</xccdf-1.2:title>152 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Fedora</xccdf-1.2:title>
153 ······<xccdf-1.2:description>153 ······<xccdf-1.2:description>
154 ········This·guide·presents·a·catalog·of·security-relevant154 ········This·guide·presents·a·catalog·of·security-relevant
155 configuration·settings·for·Fedora.·It·is·a·rendering·of155 configuration·settings·for·Fedora.·It·is·a·rendering·of
156 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)156 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
157 in·order·to·support·security·automation.··The·SCAP·content·is157 in·order·to·support·security·automation.··The·SCAP·content·is
158 is·available·in·the158 is·available·in·the
Offset 39087, 16 lines modifiedOffset 39087, 16 lines modified
39087 ··-·reboot_required39087 ··-·reboot_required
39088 ··-·restrict_strategy39088 ··-·restrict_strategy
  
39089 -·name:·Set·architecture·for·audit·open·tasks39089 -·name:·Set·architecture·for·audit·open·tasks
39090 ··set_fact:39090 ··set_fact:
39091 ····audit_arch:·b6439091 ····audit_arch:·b64
39092 ··when:39092 ··when:
39093 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
39094 ··-·'&quot;audit&quot;·in·ansible_facts.packages'39093 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 39094 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
39095 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture39095 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
39096 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;39096 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
39097 ··tags:39097 ··tags:
39098 ··-·NIST-800-53-AC-2(4)39098 ··-·NIST-800-53-AC-2(4)
39099 ··-·NIST-800-53-AC-6(9)39099 ··-·NIST-800-53-AC-6(9)
39100 ··-·NIST-800-53-AU-12(c)39100 ··-·NIST-800-53-AU-12(c)
39101 ··-·NIST-800-53-AU-2(d)39101 ··-·NIST-800-53-AU-2(d)
Offset 39225, 16 lines modifiedOffset 39225, 16 lines modified
39225 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group39225 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
39226 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify39226 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
39227 ······create:·true39227 ······create:·true
39228 ······mode:·o-rwx39228 ······mode:·o-rwx
39229 ······state:·present39229 ······state:·present
39230 ····when:·syscalls_found·|·length·==·039230 ····when:·syscalls_found·|·length·==·0
39231 ··when:39231 ··when:
39232 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
39233 ··-·'&quot;audit&quot;·in·ansible_facts.packages'39232 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 39233 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
39234 ··tags:39234 ··tags:
39235 ··-·NIST-800-53-AC-2(4)39235 ··-·NIST-800-53-AC-2(4)
39236 ··-·NIST-800-53-AC-6(9)39236 ··-·NIST-800-53-AC-6(9)
39237 ··-·NIST-800-53-AU-12(c)39237 ··-·NIST-800-53-AU-12(c)
39238 ··-·NIST-800-53-AU-2(d)39238 ··-·NIST-800-53-AU-2(d)
39239 ··-·NIST-800-53-CM-6(a)39239 ··-·NIST-800-53-CM-6(a)
39240 ··-·audit_rules_etc_group_open39240 ··-·audit_rules_etc_group_open
Offset 39361, 31 lines modifiedOffset 39361, 31 lines modified
39361 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group39361 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
39362 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify39362 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
39363 ······create:·true39363 ······create:·true
39364 ······mode:·o-rwx39364 ······mode:·o-rwx
39365 ······state:·present39365 ······state:·present
39366 ····when:·syscalls_found·|·length·==·039366 ····when:·syscalls_found·|·length·==·0
39367 ··when:39367 ··when:
39368 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
39369 ··-·'&quot;audit&quot;·in·ansible_facts.packages'39368 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 39369 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
39370 ··-·audit_arch·==·&quot;b64&quot;39370 ··-·audit_arch·==·&quot;b64&quot;
39371 ··tags:39371 ··tags:
39372 ··-·NIST-800-53-AC-2(4)39372 ··-·NIST-800-53-AC-2(4)
39373 ··-·NIST-800-53-AC-6(9)39373 ··-·NIST-800-53-AC-6(9)
39374 ··-·NIST-800-53-AU-12(c)39374 ··-·NIST-800-53-AU-12(c)
39375 ··-·NIST-800-53-AU-2(d)39375 ··-·NIST-800-53-AU-2(d)
39376 ··-·NIST-800-53-CM-6(a)39376 ··-·NIST-800-53-CM-6(a)
39377 ··-·audit_rules_etc_group_open39377 ··-·audit_rules_etc_group_open
39378 ··-·low_complexity39378 ··-·low_complexity
39379 ··-·low_disruption39379 ··-·low_disruption
39380 ··-·medium_severity39380 ··-·medium_severity
39381 ··-·reboot_required39381 ··-·reboot_required
39382 ··-·restrict_strategy</xccdf-1.2:fix>39382 ··-·restrict_strategy</xccdf-1.2:fix>
39383 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms39383 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms
39384 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·rpm·--quiet·-q·audit;·then39384 if·rpm·--quiet·-q·audit·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then
  
39385 #·First·perform·the·remediation·of·the·syscall·rule39385 #·First·perform·the·remediation·of·the·syscall·rule
39386 #·Retrieve·hardware·architecture·of·the·underlying·system39386 #·Retrieve·hardware·architecture·of·the·underlying·system
39387 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)39387 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
39388 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;39388 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
39389 do39389 do
Offset 39781, 16 lines modifiedOffset 39781, 16 lines modified
39781 ··-·reboot_required39781 ··-·reboot_required
39782 ··-·restrict_strategy39782 ··-·restrict_strategy
  
39783 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks39783 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks
39784 ··set_fact:39784 ··set_fact:
39785 ····audit_arch:·b6439785 ····audit_arch:·b64
39786 ··when:39786 ··when:
39787 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
39788 ··-·'&quot;audit&quot;·in·ansible_facts.packages'39787 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 39788 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
39789 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture39789 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
39790 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;39790 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
39791 ··tags:39791 ··tags:
39792 ··-·NIST-800-53-AC-2(4)39792 ··-·NIST-800-53-AC-2(4)
39793 ··-·NIST-800-53-AC-6(9)39793 ··-·NIST-800-53-AC-6(9)
39794 ··-·NIST-800-53-AU-12(c)39794 ··-·NIST-800-53-AU-12(c)
39795 ··-·NIST-800-53-AU-2(d)39795 ··-·NIST-800-53-AU-2(d)
Offset 39919, 16 lines modifiedOffset 39919, 16 lines modified
39919 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group39919 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
39920 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify39920 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
39921 ······create:·true39921 ······create:·true
39922 ······mode:·o-rwx39922 ······mode:·o-rwx
39923 ······state:·present39923 ······state:·present
39924 ····when:·syscalls_found·|·length·==·039924 ····when:·syscalls_found·|·length·==·0
39925 ··when:39925 ··when:
39926 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
39927 ··-·'&quot;audit&quot;·in·ansible_facts.packages'39926 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 39927 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
39928 ··tags:39928 ··tags:
39929 ··-·NIST-800-53-AC-2(4)39929 ··-·NIST-800-53-AC-2(4)
39930 ··-·NIST-800-53-AC-6(9)39930 ··-·NIST-800-53-AC-6(9)
39931 ··-·NIST-800-53-AU-12(c)39931 ··-·NIST-800-53-AU-12(c)
39932 ··-·NIST-800-53-AU-2(d)39932 ··-·NIST-800-53-AU-2(d)
39933 ··-·NIST-800-53-CM-6(a)39933 ··-·NIST-800-53-CM-6(a)
39934 ··-·audit_rules_etc_group_open_by_handle_at39934 ··-·audit_rules_etc_group_open_by_handle_at
Offset 40055, 31 lines modifiedOffset 40055, 31 lines modified
40055 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group40055 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
40056 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify40056 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
40057 ······create:·true40057 ······create:·true
40058 ······mode:·o-rwx40058 ······mode:·o-rwx
40059 ······state:·present40059 ······state:·present
40060 ····when:·syscalls_found·|·length·==·040060 ····when:·syscalls_found·|·length·==·0
Max diff block lines reached; 487609/493984 bytes (98.71%) of diff not shown.
482 KB
./usr/share/xml/scap/ssg/content/ssg-fedora-xccdf.xml
481 KB
./usr/share/xml/scap/ssg/content/ssg-fedora-xccdf.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_FEDORA"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_FEDORA"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
3 ··<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>3 ··<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Fedora</xccdf-1.2:title>4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Fedora</xccdf-1.2:title>
5 ··<xccdf-1.2:description>5 ··<xccdf-1.2:description>
6 ····This·guide·presents·a·catalog·of·security-relevant6 ····This·guide·presents·a·catalog·of·security-relevant
7 configuration·settings·for·Fedora.·It·is·a·rendering·of7 configuration·settings·for·Fedora.·It·is·a·rendering·of
8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
9 in·order·to·support·security·automation.··The·SCAP·content·is9 in·order·to·support·security·automation.··The·SCAP·content·is
10 is·available·in·the10 is·available·in·the
Offset 38939, 16 lines modifiedOffset 38939, 16 lines modified
38939 ··-·reboot_required38939 ··-·reboot_required
38940 ··-·restrict_strategy38940 ··-·restrict_strategy
  
38941 -·name:·Set·architecture·for·audit·open·tasks38941 -·name:·Set·architecture·for·audit·open·tasks
38942 ··set_fact:38942 ··set_fact:
38943 ····audit_arch:·b6438943 ····audit_arch:·b64
38944 ··when:38944 ··when:
38945 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
38946 ··-·'&quot;audit&quot;·in·ansible_facts.packages'38945 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 38946 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
38947 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture38947 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
38948 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;38948 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
38949 ··tags:38949 ··tags:
38950 ··-·NIST-800-53-AC-2(4)38950 ··-·NIST-800-53-AC-2(4)
38951 ··-·NIST-800-53-AC-6(9)38951 ··-·NIST-800-53-AC-6(9)
38952 ··-·NIST-800-53-AU-12(c)38952 ··-·NIST-800-53-AU-12(c)
38953 ··-·NIST-800-53-AU-2(d)38953 ··-·NIST-800-53-AU-2(d)
Offset 39077, 16 lines modifiedOffset 39077, 16 lines modified
39077 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group39077 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
39078 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify39078 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
39079 ······create:·true39079 ······create:·true
39080 ······mode:·o-rwx39080 ······mode:·o-rwx
39081 ······state:·present39081 ······state:·present
39082 ····when:·syscalls_found·|·length·==·039082 ····when:·syscalls_found·|·length·==·0
39083 ··when:39083 ··when:
39084 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
39085 ··-·'&quot;audit&quot;·in·ansible_facts.packages'39084 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 39085 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
39086 ··tags:39086 ··tags:
39087 ··-·NIST-800-53-AC-2(4)39087 ··-·NIST-800-53-AC-2(4)
39088 ··-·NIST-800-53-AC-6(9)39088 ··-·NIST-800-53-AC-6(9)
39089 ··-·NIST-800-53-AU-12(c)39089 ··-·NIST-800-53-AU-12(c)
39090 ··-·NIST-800-53-AU-2(d)39090 ··-·NIST-800-53-AU-2(d)
39091 ··-·NIST-800-53-CM-6(a)39091 ··-·NIST-800-53-CM-6(a)
39092 ··-·audit_rules_etc_group_open39092 ··-·audit_rules_etc_group_open
Offset 39213, 31 lines modifiedOffset 39213, 31 lines modified
39213 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group39213 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
39214 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify39214 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
39215 ······create:·true39215 ······create:·true
39216 ······mode:·o-rwx39216 ······mode:·o-rwx
39217 ······state:·present39217 ······state:·present
39218 ····when:·syscalls_found·|·length·==·039218 ····when:·syscalls_found·|·length·==·0
39219 ··when:39219 ··when:
39220 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
39221 ··-·'&quot;audit&quot;·in·ansible_facts.packages'39220 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 39221 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
39222 ··-·audit_arch·==·&quot;b64&quot;39222 ··-·audit_arch·==·&quot;b64&quot;
39223 ··tags:39223 ··tags:
39224 ··-·NIST-800-53-AC-2(4)39224 ··-·NIST-800-53-AC-2(4)
39225 ··-·NIST-800-53-AC-6(9)39225 ··-·NIST-800-53-AC-6(9)
39226 ··-·NIST-800-53-AU-12(c)39226 ··-·NIST-800-53-AU-12(c)
39227 ··-·NIST-800-53-AU-2(d)39227 ··-·NIST-800-53-AU-2(d)
39228 ··-·NIST-800-53-CM-6(a)39228 ··-·NIST-800-53-CM-6(a)
39229 ··-·audit_rules_etc_group_open39229 ··-·audit_rules_etc_group_open
39230 ··-·low_complexity39230 ··-·low_complexity
39231 ··-·low_disruption39231 ··-·low_disruption
39232 ··-·medium_severity39232 ··-·medium_severity
39233 ··-·reboot_required39233 ··-·reboot_required
39234 ··-·restrict_strategy</xccdf-1.2:fix>39234 ··-·restrict_strategy</xccdf-1.2:fix>
39235 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms39235 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms
39236 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·rpm·--quiet·-q·audit;·then39236 if·rpm·--quiet·-q·audit·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then
  
39237 #·First·perform·the·remediation·of·the·syscall·rule39237 #·First·perform·the·remediation·of·the·syscall·rule
39238 #·Retrieve·hardware·architecture·of·the·underlying·system39238 #·Retrieve·hardware·architecture·of·the·underlying·system
39239 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)39239 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
39240 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;39240 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
39241 do39241 do
Offset 39633, 16 lines modifiedOffset 39633, 16 lines modified
39633 ··-·reboot_required39633 ··-·reboot_required
39634 ··-·restrict_strategy39634 ··-·restrict_strategy
  
39635 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks39635 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks
39636 ··set_fact:39636 ··set_fact:
39637 ····audit_arch:·b6439637 ····audit_arch:·b64
39638 ··when:39638 ··when:
39639 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
39640 ··-·'&quot;audit&quot;·in·ansible_facts.packages'39639 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 39640 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
39641 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture39641 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
39642 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;39642 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
39643 ··tags:39643 ··tags:
39644 ··-·NIST-800-53-AC-2(4)39644 ··-·NIST-800-53-AC-2(4)
39645 ··-·NIST-800-53-AC-6(9)39645 ··-·NIST-800-53-AC-6(9)
39646 ··-·NIST-800-53-AU-12(c)39646 ··-·NIST-800-53-AU-12(c)
39647 ··-·NIST-800-53-AU-2(d)39647 ··-·NIST-800-53-AU-2(d)
Offset 39771, 16 lines modifiedOffset 39771, 16 lines modified
39771 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group39771 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
39772 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify39772 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
39773 ······create:·true39773 ······create:·true
39774 ······mode:·o-rwx39774 ······mode:·o-rwx
39775 ······state:·present39775 ······state:·present
39776 ····when:·syscalls_found·|·length·==·039776 ····when:·syscalls_found·|·length·==·0
39777 ··when:39777 ··when:
39778 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
39779 ··-·'&quot;audit&quot;·in·ansible_facts.packages'39778 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 39779 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
39780 ··tags:39780 ··tags:
39781 ··-·NIST-800-53-AC-2(4)39781 ··-·NIST-800-53-AC-2(4)
39782 ··-·NIST-800-53-AC-6(9)39782 ··-·NIST-800-53-AC-6(9)
39783 ··-·NIST-800-53-AU-12(c)39783 ··-·NIST-800-53-AU-12(c)
39784 ··-·NIST-800-53-AU-2(d)39784 ··-·NIST-800-53-AU-2(d)
39785 ··-·NIST-800-53-CM-6(a)39785 ··-·NIST-800-53-CM-6(a)
39786 ··-·audit_rules_etc_group_open_by_handle_at39786 ··-·audit_rules_etc_group_open_by_handle_at
Offset 39907, 31 lines modifiedOffset 39907, 31 lines modified
39907 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group39907 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
39908 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify39908 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
39909 ······create:·true39909 ······create:·true
39910 ······mode:·o-rwx39910 ······mode:·o-rwx
39911 ······state:·present39911 ······state:·present
39912 ····when:·syscalls_found·|·length·==·039912 ····when:·syscalls_found·|·length·==·0
39913 ··when:39913 ··when:
39914 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
39915 ··-·'&quot;audit&quot;·in·ansible_facts.packages'39914 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 39915 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
39916 ··-·audit_arch·==·&quot;b64&quot;39916 ··-·audit_arch·==·&quot;b64&quot;
Max diff block lines reached; 486354/492947 bytes (98.66%) of diff not shown.
1.39 KB
./usr/share/xml/scap/ssg/content/ssg-macos1015-ds-1.2.xml
1.28 KB
./usr/share/xml/scap/ssg/content/ssg-macos1015-ds-1.2.xml
    
Offset 28, 15 lines modifiedOffset 28, 15 lines modified
28 ········<cpe-dict:title·xml:lang="en-us">Apple·macOS·10.15</cpe-dict:title>28 ········<cpe-dict:title·xml:lang="en-us">Apple·macOS·10.15</cpe-dict:title>
29 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-macos1015-cpe-oval.xml">oval:ssg-installed_OS_is_macos1015:def:1</cpe-dict:check>29 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-macos1015-cpe-oval.xml">oval:ssg-installed_OS_is_macos1015:def:1</cpe-dict:check>
30 ······</cpe-dict:cpe-item>30 ······</cpe-dict:cpe-item>
31 ····</cpe-dict:cpe-list>31 ····</cpe-dict:cpe-list>
32 ··</ds:component>32 ··</ds:component>
33 ··<ds:component·id="scap_org.open-scap_comp_ssg-macos1015-xccdf.xml"·timestamp="2022-12-20T09:54:05">33 ··<ds:component·id="scap_org.open-scap_comp_ssg-macos1015-xccdf.xml"·timestamp="2022-12-20T09:54:05">
34 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_macOS-1015"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">34 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_macOS-1015"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
35 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>35 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
36 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Apple·macOS·10.15</xccdf-1.2:title>36 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Apple·macOS·10.15</xccdf-1.2:title>
37 ······<xccdf-1.2:description>37 ······<xccdf-1.2:description>
38 ········This·guide·presents·a·catalog·of·security-relevant38 ········This·guide·presents·a·catalog·of·security-relevant
39 configuration·settings·for·Apple·macOS·10.15.·It·is·a·rendering·of39 configuration·settings·for·Apple·macOS·10.15.·It·is·a·rendering·of
40 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)40 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
41 in·order·to·support·security·automation.41 in·order·to·support·security·automation.
42 ········<html:br/>42 ········<html:br/>
1.38 KB
./usr/share/xml/scap/ssg/content/ssg-macos1015-ds.xml
1.27 KB
./usr/share/xml/scap/ssg/content/ssg-macos1015-ds.xml
    
Offset 28, 15 lines modifiedOffset 28, 15 lines modified
28 ········<cpe-dict:title·xml:lang="en-us">Apple·macOS·10.15</cpe-dict:title>28 ········<cpe-dict:title·xml:lang="en-us">Apple·macOS·10.15</cpe-dict:title>
29 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-macos1015-cpe-oval.xml">oval:ssg-installed_OS_is_macos1015:def:1</cpe-dict:check>29 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-macos1015-cpe-oval.xml">oval:ssg-installed_OS_is_macos1015:def:1</cpe-dict:check>
30 ······</cpe-dict:cpe-item>30 ······</cpe-dict:cpe-item>
31 ····</cpe-dict:cpe-list>31 ····</cpe-dict:cpe-list>
32 ··</ds:component>32 ··</ds:component>
33 ··<ds:component·id="scap_org.open-scap_comp_ssg-macos1015-xccdf.xml"·timestamp="2022-12-20T09:54:05">33 ··<ds:component·id="scap_org.open-scap_comp_ssg-macos1015-xccdf.xml"·timestamp="2022-12-20T09:54:05">
34 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_macOS-1015"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">34 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_macOS-1015"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
35 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>35 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
36 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Apple·macOS·10.15</xccdf-1.2:title>36 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Apple·macOS·10.15</xccdf-1.2:title>
37 ······<xccdf-1.2:description>37 ······<xccdf-1.2:description>
38 ········This·guide·presents·a·catalog·of·security-relevant38 ········This·guide·presents·a·catalog·of·security-relevant
39 configuration·settings·for·Apple·macOS·10.15.·It·is·a·rendering·of39 configuration·settings·for·Apple·macOS·10.15.·It·is·a·rendering·of
40 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)40 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
41 in·order·to·support·security·automation.41 in·order·to·support·security·automation.
42 ········<html:br/>42 ········<html:br/>
1.17 KB
./usr/share/xml/scap/ssg/content/ssg-macos1015-xccdf.xml
1.06 KB
./usr/share/xml/scap/ssg/content/ssg-macos1015-xccdf.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Benchmark·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_macOS-1015"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">2 <xccdf-1.2:Benchmark·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_macOS-1015"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
3 ··<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>3 ··<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Apple·macOS·10.15</xccdf-1.2:title>4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Apple·macOS·10.15</xccdf-1.2:title>
5 ··<xccdf-1.2:description>5 ··<xccdf-1.2:description>
6 ····This·guide·presents·a·catalog·of·security-relevant6 ····This·guide·presents·a·catalog·of·security-relevant
7 configuration·settings·for·Apple·macOS·10.15.·It·is·a·rendering·of7 configuration·settings·for·Apple·macOS·10.15.·It·is·a·rendering·of
8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
9 in·order·to·support·security·automation.9 in·order·to·support·security·automation.
10 ····<html:br/>10 ····<html:br/>
3.53 KB
./usr/share/xml/scap/ssg/content/ssg-ocp4-cpe-oval.xml
3.42 KB
./usr/share/xml/scap/ssg/content/ssg-ocp4-cpe-oval.xml
Ordering differences only
    
Offset 2742, 27 lines modifiedOffset 2742, 27 lines modified
2742 ······<ind:subexpression·datatype="string"·operation="pattern·match">^s390x$</ind:subexpression>2742 ······<ind:subexpression·datatype="string"·operation="pattern·match">^s390x$</ind:subexpression>
2743 ····</ind:textfilecontent54_state>2743 ····</ind:textfilecontent54_state>
2744 ····<unix:uname_state·comment="64·bit·architecture"·id="oval:ssg-state_system_info_architecture_ppcle_64:ste:1"·version="1">2744 ····<unix:uname_state·comment="64·bit·architecture"·id="oval:ssg-state_system_info_architecture_ppcle_64:ste:1"·version="1">
2745 ······<unix:processor_type·operation="equals">ppc64le</unix:processor_type>2745 ······<unix:processor_type·operation="equals">ppc64le</unix:processor_type>
2746 ····</unix:uname_state>2746 ····</unix:uname_state>
2747 ··</oval-def:states>2747 ··</oval-def:states>
2748 ··<oval-def:variables>2748 ··<oval-def:variables>
2749 ····<oval-def:local_variable·id="oval:ssg-ocp4_infra_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·infra·file·to·scan."·version="1"> 
2750 ······<oval-def:literal_component>/kubernetes-api-resources/apis/config.openshift.io/v1/infrastructures/cluster</oval-def:literal_component> 
2751 ····</oval-def:local_variable> 
2752 ····<oval-def:local_variable·id="oval:ssg-ocp4_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·file·to·scan."·version="1"> 
2753 ······<oval-def:literal_component>/kubernetes-api-resources/ocp/version</oval-def:literal_component> 
2754 ····</oval-def:local_variable> 
2755 ····<oval-def:local_variable·id="oval:ssg-ocp4_node_network_file_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·network·file·to·scan."·version="1"> 
2756 ······<oval-def:literal_component>/etc/kubernetes/cni/net.d/00-multus.conf</oval-def:literal_component> 
2757 ····</oval-def:local_variable> 
2758 ····<oval-def:local_variable·id="oval:ssg-ocp4_network_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·network·file·to·scan."·version="1">2749 ····<oval-def:local_variable·id="oval:ssg-ocp4_network_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·network·file·to·scan."·version="1">
2759 ······<oval-def:literal_component>/kubernetes-api-resources/apis/config.openshift.io/v1/networks/cluster</oval-def:literal_component>2750 ······<oval-def:literal_component>/kubernetes-api-resources/apis/config.openshift.io/v1/networks/cluster</oval-def:literal_component>
2760 ····</oval-def:local_variable>2751 ····</oval-def:local_variable>
2761 ····<oval-def:local_variable·id="oval:ssg-ocp4_hypershift_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·file·to·scan."·version="1">2752 ····<oval-def:local_variable·id="oval:ssg-ocp4_hypershift_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·file·to·scan."·version="1">
2762 ······<oval-def:literal_component>/kubernetes-api-resources/hypershift/version</oval-def:literal_component>2753 ······<oval-def:literal_component>/kubernetes-api-resources/hypershift/version</oval-def:literal_component>
2763 ····</oval-def:local_variable>2754 ····</oval-def:local_variable>
2764 ····<oval-def:local_variable·id="oval:ssg-hypershift_hosted_cluster_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·file·to·scan."·version="1">2755 ····<oval-def:local_variable·id="oval:ssg-hypershift_hosted_cluster_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·file·to·scan."·version="1">
2765 ······<oval-def:literal_component>/kubernetes-api-resources/apis/apiextensions.k8s.io/v1/customresourcedefinitions/hostedclusters.hypershift.openshift.io</oval-def:literal_component>2756 ······<oval-def:literal_component>/kubernetes-api-resources/apis/apiextensions.k8s.io/v1/customresourcedefinitions/hostedclusters.hypershift.openshift.io</oval-def:literal_component>
2766 ····</oval-def:local_variable>2757 ····</oval-def:local_variable>
 2758 ····<oval-def:local_variable·id="oval:ssg-ocp4_infra_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·infra·file·to·scan."·version="1">
 2759 ······<oval-def:literal_component>/kubernetes-api-resources/apis/config.openshift.io/v1/infrastructures/cluster</oval-def:literal_component>
 2760 ····</oval-def:local_variable>
 2761 ····<oval-def:local_variable·id="oval:ssg-ocp4_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·file·to·scan."·version="1">
 2762 ······<oval-def:literal_component>/kubernetes-api-resources/ocp/version</oval-def:literal_component>
 2763 ····</oval-def:local_variable>
 2764 ····<oval-def:local_variable·id="oval:ssg-ocp4_node_network_file_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·network·file·to·scan."·version="1">
 2765 ······<oval-def:literal_component>/etc/kubernetes/cni/net.d/00-multus.conf</oval-def:literal_component>
 2766 ····</oval-def:local_variable>
2767 ··</oval-def:variables>2767 ··</oval-def:variables>
2768 </oval-def:oval_definitions>2768 </oval-def:oval_definitions>
4.93 KB
./usr/share/xml/scap/ssg/content/ssg-ocp4-ds-1.2.xml
4.83 KB
./usr/share/xml/scap/ssg/content/ssg-ocp4-ds-1.2.xml
    
Offset 128, 15 lines modifiedOffset 128, 15 lines modified
128 ········<cpe-dict:title·xml:lang="en-us">Red·Hat·OpenShift·Container·Platform·4·Node</cpe-dict:title>128 ········<cpe-dict:title·xml:lang="en-us">Red·Hat·OpenShift·Container·Platform·4·Node</cpe-dict:title>
129 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml">oval:ssg-installed_app_is_ocp4_node:def:1</cpe-dict:check>129 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml">oval:ssg-installed_app_is_ocp4_node:def:1</cpe-dict:check>
130 ······</cpe-dict:cpe-item>130 ······</cpe-dict:cpe-item>
131 ····</cpe-dict:cpe-list>131 ····</cpe-dict:cpe-list>
132 ··</ds:component>132 ··</ds:component>
133 ··<ds:component·id="scap_org.open-scap_comp_ssg-ocp4-xccdf.xml"·timestamp="2022-12-20T09:54:05">133 ··<ds:component·id="scap_org.open-scap_comp_ssg-ocp4-xccdf.xml"·timestamp="2022-12-20T09:54:05">
134 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_OCP-4"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">134 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_OCP-4"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
135 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>135 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
136 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·OpenShift·Container·Platform·4</xccdf-1.2:title>136 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·OpenShift·Container·Platform·4</xccdf-1.2:title>
137 ······<xccdf-1.2:description>137 ······<xccdf-1.2:description>
138 ········This·guide·presents·a·catalog·of·security-relevant138 ········This·guide·presents·a·catalog·of·security-relevant
139 configuration·settings·for·Red·Hat·OpenShift·Container·Platform·4.·It·is·a·rendering·of139 configuration·settings·for·Red·Hat·OpenShift·Container·Platform·4.·It·is·a·rendering·of
140 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)140 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
141 in·order·to·support·security·automation.··The·SCAP·content·is141 in·order·to·support·security·automation.··The·SCAP·content·is
142 is·available·in·the142 is·available·in·the
Offset 48529, 29 lines modifiedOffset 48529, 29 lines modified
48529 ··········<ind:subexpression·datatype="string"·operation="pattern·match">^s390x$</ind:subexpression>48529 ··········<ind:subexpression·datatype="string"·operation="pattern·match">^s390x$</ind:subexpression>
48530 ········</ind:textfilecontent54_state>48530 ········</ind:textfilecontent54_state>
48531 ········<unix:uname_state·comment="64·bit·architecture"·id="oval:ssg-state_system_info_architecture_ppcle_64:ste:1"·version="1">48531 ········<unix:uname_state·comment="64·bit·architecture"·id="oval:ssg-state_system_info_architecture_ppcle_64:ste:1"·version="1">
48532 ··········<unix:processor_type·operation="equals">ppc64le</unix:processor_type>48532 ··········<unix:processor_type·operation="equals">ppc64le</unix:processor_type>
48533 ········</unix:uname_state>48533 ········</unix:uname_state>
48534 ······</oval-def:states>48534 ······</oval-def:states>
48535 ······<oval-def:variables>48535 ······<oval-def:variables>
48536 ········<oval-def:local_variable·id="oval:ssg-ocp4_infra_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·infra·file·to·scan."·version="1"> 
48537 ··········<oval-def:literal_component>/kubernetes-api-resources/apis/config.openshift.io/v1/infrastructures/cluster</oval-def:literal_component> 
48538 ········</oval-def:local_variable> 
48539 ········<oval-def:local_variable·id="oval:ssg-ocp4_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·file·to·scan."·version="1"> 
48540 ··········<oval-def:literal_component>/kubernetes-api-resources/ocp/version</oval-def:literal_component> 
48541 ········</oval-def:local_variable> 
48542 ········<oval-def:local_variable·id="oval:ssg-ocp4_node_network_file_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·network·file·to·scan."·version="1"> 
48543 ··········<oval-def:literal_component>/etc/kubernetes/cni/net.d/00-multus.conf</oval-def:literal_component> 
48544 ········</oval-def:local_variable> 
48545 ········<oval-def:local_variable·id="oval:ssg-ocp4_network_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·network·file·to·scan."·version="1">48536 ········<oval-def:local_variable·id="oval:ssg-ocp4_network_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·network·file·to·scan."·version="1">
48546 ··········<oval-def:literal_component>/kubernetes-api-resources/apis/config.openshift.io/v1/networks/cluster</oval-def:literal_component>48537 ··········<oval-def:literal_component>/kubernetes-api-resources/apis/config.openshift.io/v1/networks/cluster</oval-def:literal_component>
48547 ········</oval-def:local_variable>48538 ········</oval-def:local_variable>
48548 ········<oval-def:local_variable·id="oval:ssg-ocp4_hypershift_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·file·to·scan."·version="1">48539 ········<oval-def:local_variable·id="oval:ssg-ocp4_hypershift_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·file·to·scan."·version="1">
48549 ··········<oval-def:literal_component>/kubernetes-api-resources/hypershift/version</oval-def:literal_component>48540 ··········<oval-def:literal_component>/kubernetes-api-resources/hypershift/version</oval-def:literal_component>
48550 ········</oval-def:local_variable>48541 ········</oval-def:local_variable>
48551 ········<oval-def:local_variable·id="oval:ssg-hypershift_hosted_cluster_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·file·to·scan."·version="1">48542 ········<oval-def:local_variable·id="oval:ssg-hypershift_hosted_cluster_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·file·to·scan."·version="1">
48552 ··········<oval-def:literal_component>/kubernetes-api-resources/apis/apiextensions.k8s.io/v1/customresourcedefinitions/hostedclusters.hypershift.openshift.io</oval-def:literal_component>48543 ··········<oval-def:literal_component>/kubernetes-api-resources/apis/apiextensions.k8s.io/v1/customresourcedefinitions/hostedclusters.hypershift.openshift.io</oval-def:literal_component>
48553 ········</oval-def:local_variable>48544 ········</oval-def:local_variable>
 48545 ········<oval-def:local_variable·id="oval:ssg-ocp4_infra_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·infra·file·to·scan."·version="1">
 48546 ··········<oval-def:literal_component>/kubernetes-api-resources/apis/config.openshift.io/v1/infrastructures/cluster</oval-def:literal_component>
 48547 ········</oval-def:local_variable>
 48548 ········<oval-def:local_variable·id="oval:ssg-ocp4_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·file·to·scan."·version="1">
 48549 ··········<oval-def:literal_component>/kubernetes-api-resources/ocp/version</oval-def:literal_component>
 48550 ········</oval-def:local_variable>
 48551 ········<oval-def:local_variable·id="oval:ssg-ocp4_node_network_file_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·network·file·to·scan."·version="1">
 48552 ··········<oval-def:literal_component>/etc/kubernetes/cni/net.d/00-multus.conf</oval-def:literal_component>
 48553 ········</oval-def:local_variable>
48554 ······</oval-def:variables>48554 ······</oval-def:variables>
48555 ····</oval-def:oval_definitions>48555 ····</oval-def:oval_definitions>
48556 ··</ds:component>48556 ··</ds:component>
48557 </ds:data-stream-collection>48557 </ds:data-stream-collection>
4.92 KB
./usr/share/xml/scap/ssg/content/ssg-ocp4-ds.xml
4.82 KB
./usr/share/xml/scap/ssg/content/ssg-ocp4-ds.xml
    
Offset 128, 15 lines modifiedOffset 128, 15 lines modified
128 ········<cpe-dict:title·xml:lang="en-us">Red·Hat·OpenShift·Container·Platform·4·Node</cpe-dict:title>128 ········<cpe-dict:title·xml:lang="en-us">Red·Hat·OpenShift·Container·Platform·4·Node</cpe-dict:title>
129 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml">oval:ssg-installed_app_is_ocp4_node:def:1</cpe-dict:check>129 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ocp4-cpe-oval.xml">oval:ssg-installed_app_is_ocp4_node:def:1</cpe-dict:check>
130 ······</cpe-dict:cpe-item>130 ······</cpe-dict:cpe-item>
131 ····</cpe-dict:cpe-list>131 ····</cpe-dict:cpe-list>
132 ··</ds:component>132 ··</ds:component>
133 ··<ds:component·id="scap_org.open-scap_comp_ssg-ocp4-xccdf.xml"·timestamp="2022-12-20T09:54:05">133 ··<ds:component·id="scap_org.open-scap_comp_ssg-ocp4-xccdf.xml"·timestamp="2022-12-20T09:54:05">
134 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_OCP-4"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">134 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_OCP-4"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
135 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>135 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
136 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·OpenShift·Container·Platform·4</xccdf-1.2:title>136 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·OpenShift·Container·Platform·4</xccdf-1.2:title>
137 ······<xccdf-1.2:description>137 ······<xccdf-1.2:description>
138 ········This·guide·presents·a·catalog·of·security-relevant138 ········This·guide·presents·a·catalog·of·security-relevant
139 configuration·settings·for·Red·Hat·OpenShift·Container·Platform·4.·It·is·a·rendering·of139 configuration·settings·for·Red·Hat·OpenShift·Container·Platform·4.·It·is·a·rendering·of
140 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)140 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
141 in·order·to·support·security·automation.··The·SCAP·content·is141 in·order·to·support·security·automation.··The·SCAP·content·is
142 is·available·in·the142 is·available·in·the
Offset 48529, 29 lines modifiedOffset 48529, 29 lines modified
48529 ··········<ind:subexpression·datatype="string"·operation="pattern·match">^s390x$</ind:subexpression>48529 ··········<ind:subexpression·datatype="string"·operation="pattern·match">^s390x$</ind:subexpression>
48530 ········</ind:textfilecontent54_state>48530 ········</ind:textfilecontent54_state>
48531 ········<unix:uname_state·comment="64·bit·architecture"·id="oval:ssg-state_system_info_architecture_ppcle_64:ste:1"·version="1">48531 ········<unix:uname_state·comment="64·bit·architecture"·id="oval:ssg-state_system_info_architecture_ppcle_64:ste:1"·version="1">
48532 ··········<unix:processor_type·operation="equals">ppc64le</unix:processor_type>48532 ··········<unix:processor_type·operation="equals">ppc64le</unix:processor_type>
48533 ········</unix:uname_state>48533 ········</unix:uname_state>
48534 ······</oval-def:states>48534 ······</oval-def:states>
48535 ······<oval-def:variables>48535 ······<oval-def:variables>
48536 ········<oval-def:local_variable·id="oval:ssg-ocp4_infra_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·infra·file·to·scan."·version="1"> 
48537 ··········<oval-def:literal_component>/kubernetes-api-resources/apis/config.openshift.io/v1/infrastructures/cluster</oval-def:literal_component> 
48538 ········</oval-def:local_variable> 
48539 ········<oval-def:local_variable·id="oval:ssg-ocp4_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·file·to·scan."·version="1"> 
48540 ··········<oval-def:literal_component>/kubernetes-api-resources/ocp/version</oval-def:literal_component> 
48541 ········</oval-def:local_variable> 
48542 ········<oval-def:local_variable·id="oval:ssg-ocp4_node_network_file_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·network·file·to·scan."·version="1"> 
48543 ··········<oval-def:literal_component>/etc/kubernetes/cni/net.d/00-multus.conf</oval-def:literal_component> 
48544 ········</oval-def:local_variable> 
48545 ········<oval-def:local_variable·id="oval:ssg-ocp4_network_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·network·file·to·scan."·version="1">48536 ········<oval-def:local_variable·id="oval:ssg-ocp4_network_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·network·file·to·scan."·version="1">
48546 ··········<oval-def:literal_component>/kubernetes-api-resources/apis/config.openshift.io/v1/networks/cluster</oval-def:literal_component>48537 ··········<oval-def:literal_component>/kubernetes-api-resources/apis/config.openshift.io/v1/networks/cluster</oval-def:literal_component>
48547 ········</oval-def:local_variable>48538 ········</oval-def:local_variable>
48548 ········<oval-def:local_variable·id="oval:ssg-ocp4_hypershift_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·file·to·scan."·version="1">48539 ········<oval-def:local_variable·id="oval:ssg-ocp4_hypershift_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·file·to·scan."·version="1">
48549 ··········<oval-def:literal_component>/kubernetes-api-resources/hypershift/version</oval-def:literal_component>48540 ··········<oval-def:literal_component>/kubernetes-api-resources/hypershift/version</oval-def:literal_component>
48550 ········</oval-def:local_variable>48541 ········</oval-def:local_variable>
48551 ········<oval-def:local_variable·id="oval:ssg-hypershift_hosted_cluster_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·file·to·scan."·version="1">48542 ········<oval-def:local_variable·id="oval:ssg-hypershift_hosted_cluster_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·file·to·scan."·version="1">
48552 ··········<oval-def:literal_component>/kubernetes-api-resources/apis/apiextensions.k8s.io/v1/customresourcedefinitions/hostedclusters.hypershift.openshift.io</oval-def:literal_component>48543 ··········<oval-def:literal_component>/kubernetes-api-resources/apis/apiextensions.k8s.io/v1/customresourcedefinitions/hostedclusters.hypershift.openshift.io</oval-def:literal_component>
48553 ········</oval-def:local_variable>48544 ········</oval-def:local_variable>
 48545 ········<oval-def:local_variable·id="oval:ssg-ocp4_infra_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·infra·file·to·scan."·version="1">
 48546 ··········<oval-def:literal_component>/kubernetes-api-resources/apis/config.openshift.io/v1/infrastructures/cluster</oval-def:literal_component>
 48547 ········</oval-def:local_variable>
 48548 ········<oval-def:local_variable·id="oval:ssg-ocp4_dump_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·file·to·scan."·version="1">
 48549 ··········<oval-def:literal_component>/kubernetes-api-resources/ocp/version</oval-def:literal_component>
 48550 ········</oval-def:local_variable>
 48551 ········<oval-def:local_variable·id="oval:ssg-ocp4_node_network_file_location:var:1"·datatype="string"·comment="The·actual·filepath·of·the·network·file·to·scan."·version="1">
 48552 ··········<oval-def:literal_component>/etc/kubernetes/cni/net.d/00-multus.conf</oval-def:literal_component>
 48553 ········</oval-def:local_variable>
48554 ······</oval-def:variables>48554 ······</oval-def:variables>
48555 ····</oval-def:oval_definitions>48555 ····</oval-def:oval_definitions>
48556 ··</ds:component>48556 ··</ds:component>
48557 </ds:data-stream-collection>48557 </ds:data-stream-collection>
1.26 KB
./usr/share/xml/scap/ssg/content/ssg-ocp4-xccdf.xml
1.16 KB
./usr/share/xml/scap/ssg/content/ssg-ocp4-xccdf.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_OCP-4"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_OCP-4"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
3 ··<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>3 ··<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·OpenShift·Container·Platform·4</xccdf-1.2:title>4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·OpenShift·Container·Platform·4</xccdf-1.2:title>
5 ··<xccdf-1.2:description>5 ··<xccdf-1.2:description>
6 ····This·guide·presents·a·catalog·of·security-relevant6 ····This·guide·presents·a·catalog·of·security-relevant
7 configuration·settings·for·Red·Hat·OpenShift·Container·Platform·4.·It·is·a·rendering·of7 configuration·settings·for·Red·Hat·OpenShift·Container·Platform·4.·It·is·a·rendering·of
8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
9 in·order·to·support·security·automation.··The·SCAP·content·is9 in·order·to·support·security·automation.··The·SCAP·content·is
10 is·available·in·the10 is·available·in·the
1.37 KB
./usr/share/xml/scap/ssg/content/ssg-ol7-ds-1.2.xml
1.27 KB
./usr/share/xml/scap/ssg/content/ssg-ol7-ds-1.2.xml
    
Offset 140, 15 lines modifiedOffset 140, 15 lines modified
140 ········<cpe-dict:title·xml:lang="en-us">Oracle·Linux·7</cpe-dict:title>140 ········<cpe-dict:title·xml:lang="en-us">Oracle·Linux·7</cpe-dict:title>
141 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ol7-cpe-oval.xml">oval:ssg-installed_OS_is_ol7_family:def:1</cpe-dict:check>141 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ol7-cpe-oval.xml">oval:ssg-installed_OS_is_ol7_family:def:1</cpe-dict:check>
142 ······</cpe-dict:cpe-item>142 ······</cpe-dict:cpe-item>
143 ····</cpe-dict:cpe-list>143 ····</cpe-dict:cpe-list>
144 ··</ds:component>144 ··</ds:component>
145 ··<ds:component·id="scap_org.open-scap_comp_ssg-ol7-xccdf.xml"·timestamp="2022-12-20T09:54:05">145 ··<ds:component·id="scap_org.open-scap_comp_ssg-ol7-xccdf.xml"·timestamp="2022-12-20T09:54:05">
146 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_OL-7"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">146 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_OL-7"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
147 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>147 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
148 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Oracle·Linux·7</xccdf-1.2:title>148 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Oracle·Linux·7</xccdf-1.2:title>
149 ······<xccdf-1.2:description>149 ······<xccdf-1.2:description>
150 ········This·guide·presents·a·catalog·of·security-relevant150 ········This·guide·presents·a·catalog·of·security-relevant
151 configuration·settings·for·Oracle·Linux·7.·It·is·a·rendering·of151 configuration·settings·for·Oracle·Linux·7.·It·is·a·rendering·of
152 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)152 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
153 in·order·to·support·security·automation.··The·SCAP·content·is153 in·order·to·support·security·automation.··The·SCAP·content·is
154 is·available·in·the154 is·available·in·the
1.35 KB
./usr/share/xml/scap/ssg/content/ssg-ol7-ds.xml
1.26 KB
./usr/share/xml/scap/ssg/content/ssg-ol7-ds.xml
    
Offset 142, 15 lines modifiedOffset 142, 15 lines modified
142 ········<cpe-dict:title·xml:lang="en-us">Oracle·Linux·7</cpe-dict:title>142 ········<cpe-dict:title·xml:lang="en-us">Oracle·Linux·7</cpe-dict:title>
143 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ol7-cpe-oval.xml">oval:ssg-installed_OS_is_ol7_family:def:1</cpe-dict:check>143 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ol7-cpe-oval.xml">oval:ssg-installed_OS_is_ol7_family:def:1</cpe-dict:check>
144 ······</cpe-dict:cpe-item>144 ······</cpe-dict:cpe-item>
145 ····</cpe-dict:cpe-list>145 ····</cpe-dict:cpe-list>
146 ··</ds:component>146 ··</ds:component>
147 ··<ds:component·id="scap_org.open-scap_comp_ssg-ol7-xccdf.xml"·timestamp="2022-12-20T09:54:05">147 ··<ds:component·id="scap_org.open-scap_comp_ssg-ol7-xccdf.xml"·timestamp="2022-12-20T09:54:05">
148 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_OL-7"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">148 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_OL-7"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
149 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>149 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
150 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Oracle·Linux·7</xccdf-1.2:title>150 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Oracle·Linux·7</xccdf-1.2:title>
151 ······<xccdf-1.2:description>151 ······<xccdf-1.2:description>
152 ········This·guide·presents·a·catalog·of·security-relevant152 ········This·guide·presents·a·catalog·of·security-relevant
153 configuration·settings·for·Oracle·Linux·7.·It·is·a·rendering·of153 configuration·settings·for·Oracle·Linux·7.·It·is·a·rendering·of
154 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)154 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
155 in·order·to·support·security·automation.··The·SCAP·content·is155 in·order·to·support·security·automation.··The·SCAP·content·is
156 is·available·in·the156 is·available·in·the
1.21 KB
./usr/share/xml/scap/ssg/content/ssg-ol7-xccdf.xml
1.11 KB
./usr/share/xml/scap/ssg/content/ssg-ol7-xccdf.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_OL-7"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_OL-7"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
3 ··<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>3 ··<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Oracle·Linux·7</xccdf-1.2:title>4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Oracle·Linux·7</xccdf-1.2:title>
5 ··<xccdf-1.2:description>5 ··<xccdf-1.2:description>
6 ····This·guide·presents·a·catalog·of·security-relevant6 ····This·guide·presents·a·catalog·of·security-relevant
7 configuration·settings·for·Oracle·Linux·7.·It·is·a·rendering·of7 configuration·settings·for·Oracle·Linux·7.·It·is·a·rendering·of
8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
9 in·order·to·support·security·automation.··The·SCAP·content·is9 in·order·to·support·security·automation.··The·SCAP·content·is
10 is·available·in·the10 is·available·in·the
28.2 KB
./usr/share/xml/scap/ssg/content/ssg-ol8-ds-1.2.xml
28.1 KB
./usr/share/xml/scap/ssg/content/ssg-ol8-ds-1.2.xml
    
Offset 148, 15 lines modifiedOffset 148, 15 lines modified
148 ········<cpe-dict:title·xml:lang="en-us">Oracle·Linux·8</cpe-dict:title>148 ········<cpe-dict:title·xml:lang="en-us">Oracle·Linux·8</cpe-dict:title>
149 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ol8-cpe-oval.xml">oval:ssg-installed_OS_is_ol8_family:def:1</cpe-dict:check>149 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ol8-cpe-oval.xml">oval:ssg-installed_OS_is_ol8_family:def:1</cpe-dict:check>
150 ······</cpe-dict:cpe-item>150 ······</cpe-dict:cpe-item>
151 ····</cpe-dict:cpe-list>151 ····</cpe-dict:cpe-list>
152 ··</ds:component>152 ··</ds:component>
153 ··<ds:component·id="scap_org.open-scap_comp_ssg-ol8-xccdf.xml"·timestamp="2022-12-20T09:54:05">153 ··<ds:component·id="scap_org.open-scap_comp_ssg-ol8-xccdf.xml"·timestamp="2022-12-20T09:54:05">
154 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_OL-8"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">154 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_OL-8"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
155 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>155 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
156 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Oracle·Linux·8</xccdf-1.2:title>156 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Oracle·Linux·8</xccdf-1.2:title>
157 ······<xccdf-1.2:description>157 ······<xccdf-1.2:description>
158 ········This·guide·presents·a·catalog·of·security-relevant158 ········This·guide·presents·a·catalog·of·security-relevant
159 configuration·settings·for·Oracle·Linux·8.·It·is·a·rendering·of159 configuration·settings·for·Oracle·Linux·8.·It·is·a·rendering·of
160 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)160 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
161 in·order·to·support·security·automation.··The·SCAP·content·is161 in·order·to·support·security·automation.··The·SCAP·content·is
162 is·available·in·the162 is·available·in·the
Offset 165131, 16 lines modifiedOffset 165131, 16 lines modified
165131 ··-·no_reboot_needed165131 ··-·no_reboot_needed
  
165132 -·name:·Test·for·existence·/boot/grub2/grub.cfg165132 -·name:·Test·for·existence·/boot/grub2/grub.cfg
165133 ··stat:165133 ··stat:
165134 ····path:·/boot/grub2/grub.cfg165134 ····path:·/boot/grub2/grub.cfg
165135 ··register:·file_exists165135 ··register:·file_exists
165136 ··when:165136 ··when:
165137 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
165138 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'165137 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 165138 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
165139 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]165139 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
165140 ··tags:165140 ··tags:
165141 ··-·CJIS-5.5.2.2165141 ··-·CJIS-5.5.2.2
165142 ··-·NIST-800-171-3.4.5165142 ··-·NIST-800-171-3.4.5
165143 ··-·NIST-800-53-AC-6(1)165143 ··-·NIST-800-53-AC-6(1)
165144 ··-·NIST-800-53-CM-6(a)165144 ··-·NIST-800-53-CM-6(a)
165145 ··-·PCI-DSS-Req-7.1165145 ··-·PCI-DSS-Req-7.1
Offset 165152, 16 lines modifiedOffset 165152, 16 lines modified
165152 ··-·no_reboot_needed165152 ··-·no_reboot_needed
  
165153 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg165153 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
165154 ··file:165154 ··file:
165155 ····path:·/boot/grub2/grub.cfg165155 ····path:·/boot/grub2/grub.cfg
165156 ····group:·'0'165156 ····group:·'0'
165157 ··when:165157 ··when:
165158 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
165159 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'165158 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 165159 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
165160 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]165160 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
165161 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists165161 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
165162 ··tags:165162 ··tags:
165163 ··-·CJIS-5.5.2.2165163 ··-·CJIS-5.5.2.2
165164 ··-·NIST-800-171-3.4.5165164 ··-·NIST-800-171-3.4.5
165165 ··-·NIST-800-53-AC-6(1)165165 ··-·NIST-800-53-AC-6(1)
165166 ··-·NIST-800-53-CM-6(a)165166 ··-·NIST-800-53-CM-6(a)
Offset 165169, 15 lines modifiedOffset 165169, 15 lines modified
165169 ··-·configure_strategy165169 ··-·configure_strategy
165170 ··-·file_groupowner_grub2_cfg165170 ··-·file_groupowner_grub2_cfg
165171 ··-·low_complexity165171 ··-·low_complexity
165172 ··-·low_disruption165172 ··-·low_disruption
165173 ··-·medium_severity165173 ··-·medium_severity
165174 ··-·no_reboot_needed</xccdf-1.2:fix>165174 ··-·no_reboot_needed</xccdf-1.2:fix>
165175 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms165175 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
165176 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then165176 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
165177 chgrp·0·/boot/grub2/grub.cfg165177 chgrp·0·/boot/grub2/grub.cfg
  
165178 else165178 else
165179 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'165179 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
165180 fi</xccdf-1.2:fix>165180 fi</xccdf-1.2:fix>
165181 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">165181 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 165284, 16 lines modifiedOffset 165284, 16 lines modified
165284 ··-·no_reboot_needed165284 ··-·no_reboot_needed
  
165285 -·name:·Test·for·existence·/boot/grub2/user.cfg165285 -·name:·Test·for·existence·/boot/grub2/user.cfg
165286 ··stat:165286 ··stat:
165287 ····path:·/boot/grub2/user.cfg165287 ····path:·/boot/grub2/user.cfg
165288 ··register:·file_exists165288 ··register:·file_exists
165289 ··when:165289 ··when:
165290 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
165291 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'165290 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 165291 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
165292 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]165292 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
165293 ··tags:165293 ··tags:
165294 ··-·CJIS-5.5.2.2165294 ··-·CJIS-5.5.2.2
165295 ··-·NIST-800-171-3.4.5165295 ··-·NIST-800-171-3.4.5
165296 ··-·NIST-800-53-AC-6(1)165296 ··-·NIST-800-53-AC-6(1)
165297 ··-·NIST-800-53-CM-6(a)165297 ··-·NIST-800-53-CM-6(a)
165298 ··-·PCI-DSS-Req-7.1165298 ··-·PCI-DSS-Req-7.1
Offset 165305, 16 lines modifiedOffset 165305, 16 lines modified
165305 ··-·no_reboot_needed165305 ··-·no_reboot_needed
  
165306 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg165306 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
165307 ··file:165307 ··file:
165308 ····path:·/boot/grub2/user.cfg165308 ····path:·/boot/grub2/user.cfg
165309 ····group:·'0'165309 ····group:·'0'
165310 ··when:165310 ··when:
165311 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
165312 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'165311 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 165312 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
165313 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]165313 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
165314 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists165314 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
165315 ··tags:165315 ··tags:
165316 ··-·CJIS-5.5.2.2165316 ··-·CJIS-5.5.2.2
165317 ··-·NIST-800-171-3.4.5165317 ··-·NIST-800-171-3.4.5
165318 ··-·NIST-800-53-AC-6(1)165318 ··-·NIST-800-53-AC-6(1)
165319 ··-·NIST-800-53-CM-6(a)165319 ··-·NIST-800-53-CM-6(a)
Offset 165322, 15 lines modifiedOffset 165322, 15 lines modified
165322 ··-·configure_strategy165322 ··-·configure_strategy
165323 ··-·file_groupowner_user_cfg165323 ··-·file_groupowner_user_cfg
165324 ··-·low_complexity165324 ··-·low_complexity
165325 ··-·low_disruption165325 ··-·low_disruption
165326 ··-·medium_severity165326 ··-·medium_severity
165327 ··-·no_reboot_needed</xccdf-1.2:fix>165327 ··-·no_reboot_needed</xccdf-1.2:fix>
165328 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms165328 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
165329 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then165329 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
165330 chgrp·0·/boot/grub2/user.cfg165330 chgrp·0·/boot/grub2/user.cfg
  
165331 else165331 else
165332 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'165332 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
165333 fi</xccdf-1.2:fix>165333 fi</xccdf-1.2:fix>
165334 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">165334 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 165432, 16 lines modifiedOffset 165432, 16 lines modified
165432 ··-·no_reboot_needed165432 ··-·no_reboot_needed
  
165433 -·name:·Test·for·existence·/boot/grub2/grub.cfg165433 -·name:·Test·for·existence·/boot/grub2/grub.cfg
165434 ··stat:165434 ··stat:
165435 ····path:·/boot/grub2/grub.cfg165435 ····path:·/boot/grub2/grub.cfg
165436 ··register:·file_exists165436 ··register:·file_exists
165437 ··when:165437 ··when:
Max diff block lines reached; 22487/28669 bytes (78.44%) of diff not shown.
28.2 KB
./usr/share/xml/scap/ssg/content/ssg-ol8-ds.xml
28.1 KB
./usr/share/xml/scap/ssg/content/ssg-ol8-ds.xml
    
Offset 150, 15 lines modifiedOffset 150, 15 lines modified
150 ········<cpe-dict:title·xml:lang="en-us">Oracle·Linux·8</cpe-dict:title>150 ········<cpe-dict:title·xml:lang="en-us">Oracle·Linux·8</cpe-dict:title>
151 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ol8-cpe-oval.xml">oval:ssg-installed_OS_is_ol8_family:def:1</cpe-dict:check>151 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ol8-cpe-oval.xml">oval:ssg-installed_OS_is_ol8_family:def:1</cpe-dict:check>
152 ······</cpe-dict:cpe-item>152 ······</cpe-dict:cpe-item>
153 ····</cpe-dict:cpe-list>153 ····</cpe-dict:cpe-list>
154 ··</ds:component>154 ··</ds:component>
155 ··<ds:component·id="scap_org.open-scap_comp_ssg-ol8-xccdf.xml"·timestamp="2022-12-20T09:54:05">155 ··<ds:component·id="scap_org.open-scap_comp_ssg-ol8-xccdf.xml"·timestamp="2022-12-20T09:54:05">
156 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_OL-8"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">156 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_OL-8"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
157 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>157 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
158 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Oracle·Linux·8</xccdf-1.2:title>158 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Oracle·Linux·8</xccdf-1.2:title>
159 ······<xccdf-1.2:description>159 ······<xccdf-1.2:description>
160 ········This·guide·presents·a·catalog·of·security-relevant160 ········This·guide·presents·a·catalog·of·security-relevant
161 configuration·settings·for·Oracle·Linux·8.·It·is·a·rendering·of161 configuration·settings·for·Oracle·Linux·8.·It·is·a·rendering·of
162 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)162 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
163 in·order·to·support·security·automation.··The·SCAP·content·is163 in·order·to·support·security·automation.··The·SCAP·content·is
164 is·available·in·the164 is·available·in·the
Offset 165133, 16 lines modifiedOffset 165133, 16 lines modified
165133 ··-·no_reboot_needed165133 ··-·no_reboot_needed
  
165134 -·name:·Test·for·existence·/boot/grub2/grub.cfg165134 -·name:·Test·for·existence·/boot/grub2/grub.cfg
165135 ··stat:165135 ··stat:
165136 ····path:·/boot/grub2/grub.cfg165136 ····path:·/boot/grub2/grub.cfg
165137 ··register:·file_exists165137 ··register:·file_exists
165138 ··when:165138 ··when:
165139 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
165140 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'165139 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 165140 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
165141 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]165141 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
165142 ··tags:165142 ··tags:
165143 ··-·CJIS-5.5.2.2165143 ··-·CJIS-5.5.2.2
165144 ··-·NIST-800-171-3.4.5165144 ··-·NIST-800-171-3.4.5
165145 ··-·NIST-800-53-AC-6(1)165145 ··-·NIST-800-53-AC-6(1)
165146 ··-·NIST-800-53-CM-6(a)165146 ··-·NIST-800-53-CM-6(a)
165147 ··-·PCI-DSS-Req-7.1165147 ··-·PCI-DSS-Req-7.1
Offset 165154, 16 lines modifiedOffset 165154, 16 lines modified
165154 ··-·no_reboot_needed165154 ··-·no_reboot_needed
  
165155 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg165155 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
165156 ··file:165156 ··file:
165157 ····path:·/boot/grub2/grub.cfg165157 ····path:·/boot/grub2/grub.cfg
165158 ····group:·'0'165158 ····group:·'0'
165159 ··when:165159 ··when:
165160 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
165161 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'165160 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 165161 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
165162 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]165162 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
165163 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists165163 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
165164 ··tags:165164 ··tags:
165165 ··-·CJIS-5.5.2.2165165 ··-·CJIS-5.5.2.2
165166 ··-·NIST-800-171-3.4.5165166 ··-·NIST-800-171-3.4.5
165167 ··-·NIST-800-53-AC-6(1)165167 ··-·NIST-800-53-AC-6(1)
165168 ··-·NIST-800-53-CM-6(a)165168 ··-·NIST-800-53-CM-6(a)
Offset 165171, 15 lines modifiedOffset 165171, 15 lines modified
165171 ··-·configure_strategy165171 ··-·configure_strategy
165172 ··-·file_groupowner_grub2_cfg165172 ··-·file_groupowner_grub2_cfg
165173 ··-·low_complexity165173 ··-·low_complexity
165174 ··-·low_disruption165174 ··-·low_disruption
165175 ··-·medium_severity165175 ··-·medium_severity
165176 ··-·no_reboot_needed</xccdf-1.2:fix>165176 ··-·no_reboot_needed</xccdf-1.2:fix>
165177 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms165177 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
165178 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then165178 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
165179 chgrp·0·/boot/grub2/grub.cfg165179 chgrp·0·/boot/grub2/grub.cfg
  
165180 else165180 else
165181 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'165181 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
165182 fi</xccdf-1.2:fix>165182 fi</xccdf-1.2:fix>
165183 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">165183 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 165286, 16 lines modifiedOffset 165286, 16 lines modified
165286 ··-·no_reboot_needed165286 ··-·no_reboot_needed
  
165287 -·name:·Test·for·existence·/boot/grub2/user.cfg165287 -·name:·Test·for·existence·/boot/grub2/user.cfg
165288 ··stat:165288 ··stat:
165289 ····path:·/boot/grub2/user.cfg165289 ····path:·/boot/grub2/user.cfg
165290 ··register:·file_exists165290 ··register:·file_exists
165291 ··when:165291 ··when:
165292 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
165293 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'165292 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 165293 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
165294 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]165294 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
165295 ··tags:165295 ··tags:
165296 ··-·CJIS-5.5.2.2165296 ··-·CJIS-5.5.2.2
165297 ··-·NIST-800-171-3.4.5165297 ··-·NIST-800-171-3.4.5
165298 ··-·NIST-800-53-AC-6(1)165298 ··-·NIST-800-53-AC-6(1)
165299 ··-·NIST-800-53-CM-6(a)165299 ··-·NIST-800-53-CM-6(a)
165300 ··-·PCI-DSS-Req-7.1165300 ··-·PCI-DSS-Req-7.1
Offset 165307, 16 lines modifiedOffset 165307, 16 lines modified
165307 ··-·no_reboot_needed165307 ··-·no_reboot_needed
  
165308 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg165308 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
165309 ··file:165309 ··file:
165310 ····path:·/boot/grub2/user.cfg165310 ····path:·/boot/grub2/user.cfg
165311 ····group:·'0'165311 ····group:·'0'
165312 ··when:165312 ··when:
165313 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
165314 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'165313 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 165314 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
165315 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]165315 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
165316 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists165316 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
165317 ··tags:165317 ··tags:
165318 ··-·CJIS-5.5.2.2165318 ··-·CJIS-5.5.2.2
165319 ··-·NIST-800-171-3.4.5165319 ··-·NIST-800-171-3.4.5
165320 ··-·NIST-800-53-AC-6(1)165320 ··-·NIST-800-53-AC-6(1)
165321 ··-·NIST-800-53-CM-6(a)165321 ··-·NIST-800-53-CM-6(a)
Offset 165324, 15 lines modifiedOffset 165324, 15 lines modified
165324 ··-·configure_strategy165324 ··-·configure_strategy
165325 ··-·file_groupowner_user_cfg165325 ··-·file_groupowner_user_cfg
165326 ··-·low_complexity165326 ··-·low_complexity
165327 ··-·low_disruption165327 ··-·low_disruption
165328 ··-·medium_severity165328 ··-·medium_severity
165329 ··-·no_reboot_needed</xccdf-1.2:fix>165329 ··-·no_reboot_needed</xccdf-1.2:fix>
165330 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms165330 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
165331 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then165331 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
165332 chgrp·0·/boot/grub2/user.cfg165332 chgrp·0·/boot/grub2/user.cfg
  
165333 else165333 else
165334 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'165334 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
165335 fi</xccdf-1.2:fix>165335 fi</xccdf-1.2:fix>
165336 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">165336 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 165434, 16 lines modifiedOffset 165434, 16 lines modified
165434 ··-·no_reboot_needed165434 ··-·no_reboot_needed
  
165435 -·name:·Test·for·existence·/boot/grub2/grub.cfg165435 -·name:·Test·for·existence·/boot/grub2/grub.cfg
165436 ··stat:165436 ··stat:
165437 ····path:·/boot/grub2/grub.cfg165437 ····path:·/boot/grub2/grub.cfg
165438 ··register:·file_exists165438 ··register:·file_exists
165439 ··when:165439 ··when:
Max diff block lines reached; 22487/28669 bytes (78.44%) of diff not shown.
28.0 KB
./usr/share/xml/scap/ssg/content/ssg-ol8-xccdf.xml
27.9 KB
./usr/share/xml/scap/ssg/content/ssg-ol8-xccdf.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_OL-8"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_OL-8"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
3 ··<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>3 ··<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Oracle·Linux·8</xccdf-1.2:title>4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Oracle·Linux·8</xccdf-1.2:title>
5 ··<xccdf-1.2:description>5 ··<xccdf-1.2:description>
6 ····This·guide·presents·a·catalog·of·security-relevant6 ····This·guide·presents·a·catalog·of·security-relevant
7 configuration·settings·for·Oracle·Linux·8.·It·is·a·rendering·of7 configuration·settings·for·Oracle·Linux·8.·It·is·a·rendering·of
8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
9 in·order·to·support·security·automation.··The·SCAP·content·is9 in·order·to·support·security·automation.··The·SCAP·content·is
10 is·available·in·the10 is·available·in·the
Offset 164979, 16 lines modifiedOffset 164979, 16 lines modified
164979 ··-·no_reboot_needed164979 ··-·no_reboot_needed
  
164980 -·name:·Test·for·existence·/boot/grub2/grub.cfg164980 -·name:·Test·for·existence·/boot/grub2/grub.cfg
164981 ··stat:164981 ··stat:
164982 ····path:·/boot/grub2/grub.cfg164982 ····path:·/boot/grub2/grub.cfg
164983 ··register:·file_exists164983 ··register:·file_exists
164984 ··when:164984 ··when:
164985 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
164986 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'164985 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 164986 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
164987 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]164987 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
164988 ··tags:164988 ··tags:
164989 ··-·CJIS-5.5.2.2164989 ··-·CJIS-5.5.2.2
164990 ··-·NIST-800-171-3.4.5164990 ··-·NIST-800-171-3.4.5
164991 ··-·NIST-800-53-AC-6(1)164991 ··-·NIST-800-53-AC-6(1)
164992 ··-·NIST-800-53-CM-6(a)164992 ··-·NIST-800-53-CM-6(a)
164993 ··-·PCI-DSS-Req-7.1164993 ··-·PCI-DSS-Req-7.1
Offset 165000, 16 lines modifiedOffset 165000, 16 lines modified
165000 ··-·no_reboot_needed165000 ··-·no_reboot_needed
  
165001 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg165001 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
165002 ··file:165002 ··file:
165003 ····path:·/boot/grub2/grub.cfg165003 ····path:·/boot/grub2/grub.cfg
165004 ····group:·'0'165004 ····group:·'0'
165005 ··when:165005 ··when:
165006 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
165007 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'165006 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 165007 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
165008 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]165008 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
165009 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists165009 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
165010 ··tags:165010 ··tags:
165011 ··-·CJIS-5.5.2.2165011 ··-·CJIS-5.5.2.2
165012 ··-·NIST-800-171-3.4.5165012 ··-·NIST-800-171-3.4.5
165013 ··-·NIST-800-53-AC-6(1)165013 ··-·NIST-800-53-AC-6(1)
165014 ··-·NIST-800-53-CM-6(a)165014 ··-·NIST-800-53-CM-6(a)
Offset 165017, 15 lines modifiedOffset 165017, 15 lines modified
165017 ··-·configure_strategy165017 ··-·configure_strategy
165018 ··-·file_groupowner_grub2_cfg165018 ··-·file_groupowner_grub2_cfg
165019 ··-·low_complexity165019 ··-·low_complexity
165020 ··-·low_disruption165020 ··-·low_disruption
165021 ··-·medium_severity165021 ··-·medium_severity
165022 ··-·no_reboot_needed</xccdf-1.2:fix>165022 ··-·no_reboot_needed</xccdf-1.2:fix>
165023 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms165023 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
165024 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then165024 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
165025 chgrp·0·/boot/grub2/grub.cfg165025 chgrp·0·/boot/grub2/grub.cfg
  
165026 else165026 else
165027 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'165027 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
165028 fi</xccdf-1.2:fix>165028 fi</xccdf-1.2:fix>
165029 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">165029 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 165132, 16 lines modifiedOffset 165132, 16 lines modified
165132 ··-·no_reboot_needed165132 ··-·no_reboot_needed
  
165133 -·name:·Test·for·existence·/boot/grub2/user.cfg165133 -·name:·Test·for·existence·/boot/grub2/user.cfg
165134 ··stat:165134 ··stat:
165135 ····path:·/boot/grub2/user.cfg165135 ····path:·/boot/grub2/user.cfg
165136 ··register:·file_exists165136 ··register:·file_exists
165137 ··when:165137 ··when:
165138 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
165139 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'165138 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 165139 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
165140 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]165140 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
165141 ··tags:165141 ··tags:
165142 ··-·CJIS-5.5.2.2165142 ··-·CJIS-5.5.2.2
165143 ··-·NIST-800-171-3.4.5165143 ··-·NIST-800-171-3.4.5
165144 ··-·NIST-800-53-AC-6(1)165144 ··-·NIST-800-53-AC-6(1)
165145 ··-·NIST-800-53-CM-6(a)165145 ··-·NIST-800-53-CM-6(a)
165146 ··-·PCI-DSS-Req-7.1165146 ··-·PCI-DSS-Req-7.1
Offset 165153, 16 lines modifiedOffset 165153, 16 lines modified
165153 ··-·no_reboot_needed165153 ··-·no_reboot_needed
  
165154 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg165154 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
165155 ··file:165155 ··file:
165156 ····path:·/boot/grub2/user.cfg165156 ····path:·/boot/grub2/user.cfg
165157 ····group:·'0'165157 ····group:·'0'
165158 ··when:165158 ··when:
165159 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
165160 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'165159 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 165160 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
165161 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]165161 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
165162 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists165162 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
165163 ··tags:165163 ··tags:
165164 ··-·CJIS-5.5.2.2165164 ··-·CJIS-5.5.2.2
165165 ··-·NIST-800-171-3.4.5165165 ··-·NIST-800-171-3.4.5
165166 ··-·NIST-800-53-AC-6(1)165166 ··-·NIST-800-53-AC-6(1)
165167 ··-·NIST-800-53-CM-6(a)165167 ··-·NIST-800-53-CM-6(a)
Offset 165170, 15 lines modifiedOffset 165170, 15 lines modified
165170 ··-·configure_strategy165170 ··-·configure_strategy
165171 ··-·file_groupowner_user_cfg165171 ··-·file_groupowner_user_cfg
165172 ··-·low_complexity165172 ··-·low_complexity
165173 ··-·low_disruption165173 ··-·low_disruption
165174 ··-·medium_severity165174 ··-·medium_severity
165175 ··-·no_reboot_needed</xccdf-1.2:fix>165175 ··-·no_reboot_needed</xccdf-1.2:fix>
165176 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms165176 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
165177 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then165177 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
165178 chgrp·0·/boot/grub2/user.cfg165178 chgrp·0·/boot/grub2/user.cfg
  
165179 else165179 else
165180 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'165180 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
165181 fi</xccdf-1.2:fix>165181 fi</xccdf-1.2:fix>
165182 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">165182 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 165280, 16 lines modifiedOffset 165280, 16 lines modified
165280 ··-·no_reboot_needed165280 ··-·no_reboot_needed
  
165281 -·name:·Test·for·existence·/boot/grub2/grub.cfg165281 -·name:·Test·for·existence·/boot/grub2/grub.cfg
165282 ··stat:165282 ··stat:
165283 ····path:·/boot/grub2/grub.cfg165283 ····path:·/boot/grub2/grub.cfg
165284 ··register:·file_exists165284 ··register:·file_exists
165285 ··when:165285 ··when:
165286 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
165287 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'165286 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 165287 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
165288 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]165288 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
165289 ··tags:165289 ··tags:
Max diff block lines reached; 22162/28431 bytes (77.95%) of diff not shown.
4.89 KB
./usr/share/xml/scap/ssg/content/ssg-ol9-ds-1.2.xml
4.79 KB
./usr/share/xml/scap/ssg/content/ssg-ol9-ds-1.2.xml
    
Offset 132, 15 lines modifiedOffset 132, 15 lines modified
132 ········<cpe-dict:title·xml:lang="en-us">Oracle·Linux·9</cpe-dict:title>132 ········<cpe-dict:title·xml:lang="en-us">Oracle·Linux·9</cpe-dict:title>
133 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ol9-cpe-oval.xml">oval:ssg-installed_OS_is_ol9_family:def:1</cpe-dict:check>133 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ol9-cpe-oval.xml">oval:ssg-installed_OS_is_ol9_family:def:1</cpe-dict:check>
134 ······</cpe-dict:cpe-item>134 ······</cpe-dict:cpe-item>
135 ····</cpe-dict:cpe-list>135 ····</cpe-dict:cpe-list>
136 ··</ds:component>136 ··</ds:component>
137 ··<ds:component·id="scap_org.open-scap_comp_ssg-ol9-xccdf.xml"·timestamp="2022-12-20T09:54:05">137 ··<ds:component·id="scap_org.open-scap_comp_ssg-ol9-xccdf.xml"·timestamp="2022-12-20T09:54:05">
138 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_OL-9"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">138 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_OL-9"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
139 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>139 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
140 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Oracle·Linux·9</xccdf-1.2:title>140 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Oracle·Linux·9</xccdf-1.2:title>
141 ······<xccdf-1.2:description>141 ······<xccdf-1.2:description>
142 ········This·guide·presents·a·catalog·of·security-relevant142 ········This·guide·presents·a·catalog·of·security-relevant
143 configuration·settings·for·Oracle·Linux·9.·It·is·a·rendering·of143 configuration·settings·for·Oracle·Linux·9.·It·is·a·rendering·of
144 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)144 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
145 in·order·to·support·security·automation.··The·SCAP·content·is145 in·order·to·support·security·automation.··The·SCAP·content·is
146 is·available·in·the146 is·available·in·the
Offset 115243, 16 lines modifiedOffset 115243, 16 lines modified
115243 ··-·no_reboot_needed115243 ··-·no_reboot_needed
  
115244 -·name:·Test·for·existence·/boot/grub2/user.cfg115244 -·name:·Test·for·existence·/boot/grub2/user.cfg
115245 ··stat:115245 ··stat:
115246 ····path:·/boot/grub2/user.cfg115246 ····path:·/boot/grub2/user.cfg
115247 ··register:·file_exists115247 ··register:·file_exists
115248 ··when:115248 ··when:
115249 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
115250 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'115249 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 115250 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
115251 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]115251 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
115252 ··tags:115252 ··tags:
115253 ··-·CJIS-5.5.2.2115253 ··-·CJIS-5.5.2.2
115254 ··-·NIST-800-171-3.4.5115254 ··-·NIST-800-171-3.4.5
115255 ··-·NIST-800-53-AC-6(1)115255 ··-·NIST-800-53-AC-6(1)
115256 ··-·NIST-800-53-CM-6(a)115256 ··-·NIST-800-53-CM-6(a)
115257 ··-·PCI-DSS-Req-7.1115257 ··-·PCI-DSS-Req-7.1
Offset 115264, 16 lines modifiedOffset 115264, 16 lines modified
115264 ··-·no_reboot_needed115264 ··-·no_reboot_needed
  
115265 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg115265 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
115266 ··file:115266 ··file:
115267 ····path:·/boot/grub2/user.cfg115267 ····path:·/boot/grub2/user.cfg
115268 ····group:·'0'115268 ····group:·'0'
115269 ··when:115269 ··when:
115270 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
115271 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'115270 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 115271 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
115272 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]115272 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
115273 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists115273 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
115274 ··tags:115274 ··tags:
115275 ··-·CJIS-5.5.2.2115275 ··-·CJIS-5.5.2.2
115276 ··-·NIST-800-171-3.4.5115276 ··-·NIST-800-171-3.4.5
115277 ··-·NIST-800-53-AC-6(1)115277 ··-·NIST-800-53-AC-6(1)
115278 ··-·NIST-800-53-CM-6(a)115278 ··-·NIST-800-53-CM-6(a)
Offset 115281, 15 lines modifiedOffset 115281, 15 lines modified
115281 ··-·configure_strategy115281 ··-·configure_strategy
115282 ··-·file_groupowner_efi_user_cfg115282 ··-·file_groupowner_efi_user_cfg
115283 ··-·low_complexity115283 ··-·low_complexity
115284 ··-·low_disruption115284 ··-·low_disruption
115285 ··-·medium_severity115285 ··-·medium_severity
115286 ··-·no_reboot_needed</xccdf-1.2:fix>115286 ··-·no_reboot_needed</xccdf-1.2:fix>
115287 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms115287 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
115288 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then115288 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
115289 chgrp·0·/boot/grub2/user.cfg115289 chgrp·0·/boot/grub2/user.cfg
  
115290 else115290 else
115291 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'115291 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
115292 fi</xccdf-1.2:fix>115292 fi</xccdf-1.2:fix>
115293 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">115293 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 158759, 25 lines modifiedOffset 158759, 25 lines modified
158759 ····lineinfile:158759 ····lineinfile:
158760 ······path:·/etc/postfix/main.cf158760 ······path:·/etc/postfix/main.cf
158761 ······create:·true158761 ······create:·true
158762 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*158762 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
158763 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject158763 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject
158764 ······state:·present158764 ······state:·present
158765 ··when:158765 ··when:
158766 ··-·'&quot;postfix&quot;·in·ansible_facts.packages' 
158767 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]158766 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 158767 ··-·'&quot;postfix&quot;·in·ansible_facts.packages'
158768 ··tags:158768 ··tags:
158769 ··-·low_complexity158769 ··-·low_complexity
158770 ··-·low_disruption158770 ··-·low_disruption
158771 ··-·medium_severity158771 ··-·medium_severity
158772 ··-·no_reboot_needed158772 ··-·no_reboot_needed
158773 ··-·postfix_prevent_unrestricted_relay158773 ··-·postfix_prevent_unrestricted_relay
158774 ··-·restrict_strategy</xccdf-1.2:fix>158774 ··-·restrict_strategy</xccdf-1.2:fix>
158775 ··················<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="postfix_prevent_unrestricted_relay">#·Remediation·is·applicable·only·in·certain·platforms158775 ··················<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="postfix_prevent_unrestricted_relay">#·Remediation·is·applicable·only·in·certain·platforms
158776 if·rpm·--quiet·-q·postfix·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then158776 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·rpm·--quiet·-q·postfix;·then
  
158777 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then158777 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then
158778 »       echo·&quot;smtpd_client_restrictions·=·permit_mynetworks,reject&quot;·&gt;&gt;·/etc/postfix/main.cf158778 »       echo·&quot;smtpd_client_restrictions·=·permit_mynetworks,reject&quot;·&gt;&gt;·/etc/postfix/main.cf
158779 else158779 else
158780 »       sed·-i·&quot;s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g&quot;·/etc/postfix/main.cf158780 »       sed·-i·&quot;s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g&quot;·/etc/postfix/main.cf
158781 fi158781 fi
  
4.87 KB
./usr/share/xml/scap/ssg/content/ssg-ol9-ds.xml
4.78 KB
./usr/share/xml/scap/ssg/content/ssg-ol9-ds.xml
    
Offset 134, 15 lines modifiedOffset 134, 15 lines modified
134 ········<cpe-dict:title·xml:lang="en-us">Oracle·Linux·9</cpe-dict:title>134 ········<cpe-dict:title·xml:lang="en-us">Oracle·Linux·9</cpe-dict:title>
135 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ol9-cpe-oval.xml">oval:ssg-installed_OS_is_ol9_family:def:1</cpe-dict:check>135 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-ol9-cpe-oval.xml">oval:ssg-installed_OS_is_ol9_family:def:1</cpe-dict:check>
136 ······</cpe-dict:cpe-item>136 ······</cpe-dict:cpe-item>
137 ····</cpe-dict:cpe-list>137 ····</cpe-dict:cpe-list>
138 ··</ds:component>138 ··</ds:component>
139 ··<ds:component·id="scap_org.open-scap_comp_ssg-ol9-xccdf.xml"·timestamp="2022-12-20T09:54:05">139 ··<ds:component·id="scap_org.open-scap_comp_ssg-ol9-xccdf.xml"·timestamp="2022-12-20T09:54:05">
140 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_OL-9"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">140 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_OL-9"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
141 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>141 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
142 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Oracle·Linux·9</xccdf-1.2:title>142 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Oracle·Linux·9</xccdf-1.2:title>
143 ······<xccdf-1.2:description>143 ······<xccdf-1.2:description>
144 ········This·guide·presents·a·catalog·of·security-relevant144 ········This·guide·presents·a·catalog·of·security-relevant
145 configuration·settings·for·Oracle·Linux·9.·It·is·a·rendering·of145 configuration·settings·for·Oracle·Linux·9.·It·is·a·rendering·of
146 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)146 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
147 in·order·to·support·security·automation.··The·SCAP·content·is147 in·order·to·support·security·automation.··The·SCAP·content·is
148 is·available·in·the148 is·available·in·the
Offset 115245, 16 lines modifiedOffset 115245, 16 lines modified
115245 ··-·no_reboot_needed115245 ··-·no_reboot_needed
  
115246 -·name:·Test·for·existence·/boot/grub2/user.cfg115246 -·name:·Test·for·existence·/boot/grub2/user.cfg
115247 ··stat:115247 ··stat:
115248 ····path:·/boot/grub2/user.cfg115248 ····path:·/boot/grub2/user.cfg
115249 ··register:·file_exists115249 ··register:·file_exists
115250 ··when:115250 ··when:
115251 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
115252 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'115251 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 115252 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
115253 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]115253 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
115254 ··tags:115254 ··tags:
115255 ··-·CJIS-5.5.2.2115255 ··-·CJIS-5.5.2.2
115256 ··-·NIST-800-171-3.4.5115256 ··-·NIST-800-171-3.4.5
115257 ··-·NIST-800-53-AC-6(1)115257 ··-·NIST-800-53-AC-6(1)
115258 ··-·NIST-800-53-CM-6(a)115258 ··-·NIST-800-53-CM-6(a)
115259 ··-·PCI-DSS-Req-7.1115259 ··-·PCI-DSS-Req-7.1
Offset 115266, 16 lines modifiedOffset 115266, 16 lines modified
115266 ··-·no_reboot_needed115266 ··-·no_reboot_needed
  
115267 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg115267 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
115268 ··file:115268 ··file:
115269 ····path:·/boot/grub2/user.cfg115269 ····path:·/boot/grub2/user.cfg
115270 ····group:·'0'115270 ····group:·'0'
115271 ··when:115271 ··when:
115272 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
115273 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'115272 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 115273 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
115274 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]115274 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
115275 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists115275 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
115276 ··tags:115276 ··tags:
115277 ··-·CJIS-5.5.2.2115277 ··-·CJIS-5.5.2.2
115278 ··-·NIST-800-171-3.4.5115278 ··-·NIST-800-171-3.4.5
115279 ··-·NIST-800-53-AC-6(1)115279 ··-·NIST-800-53-AC-6(1)
115280 ··-·NIST-800-53-CM-6(a)115280 ··-·NIST-800-53-CM-6(a)
Offset 115283, 15 lines modifiedOffset 115283, 15 lines modified
115283 ··-·configure_strategy115283 ··-·configure_strategy
115284 ··-·file_groupowner_efi_user_cfg115284 ··-·file_groupowner_efi_user_cfg
115285 ··-·low_complexity115285 ··-·low_complexity
115286 ··-·low_disruption115286 ··-·low_disruption
115287 ··-·medium_severity115287 ··-·medium_severity
115288 ··-·no_reboot_needed</xccdf-1.2:fix>115288 ··-·no_reboot_needed</xccdf-1.2:fix>
115289 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms115289 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
115290 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then115290 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
115291 chgrp·0·/boot/grub2/user.cfg115291 chgrp·0·/boot/grub2/user.cfg
  
115292 else115292 else
115293 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'115293 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
115294 fi</xccdf-1.2:fix>115294 fi</xccdf-1.2:fix>
115295 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">115295 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 158761, 25 lines modifiedOffset 158761, 25 lines modified
158761 ····lineinfile:158761 ····lineinfile:
158762 ······path:·/etc/postfix/main.cf158762 ······path:·/etc/postfix/main.cf
158763 ······create:·true158763 ······create:·true
158764 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*158764 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
158765 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject158765 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject
158766 ······state:·present158766 ······state:·present
158767 ··when:158767 ··when:
158768 ··-·'&quot;postfix&quot;·in·ansible_facts.packages' 
158769 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]158768 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 158769 ··-·'&quot;postfix&quot;·in·ansible_facts.packages'
158770 ··tags:158770 ··tags:
158771 ··-·low_complexity158771 ··-·low_complexity
158772 ··-·low_disruption158772 ··-·low_disruption
158773 ··-·medium_severity158773 ··-·medium_severity
158774 ··-·no_reboot_needed158774 ··-·no_reboot_needed
158775 ··-·postfix_prevent_unrestricted_relay158775 ··-·postfix_prevent_unrestricted_relay
158776 ··-·restrict_strategy</xccdf-1.2:fix>158776 ··-·restrict_strategy</xccdf-1.2:fix>
158777 ··················<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="postfix_prevent_unrestricted_relay">#·Remediation·is·applicable·only·in·certain·platforms158777 ··················<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="postfix_prevent_unrestricted_relay">#·Remediation·is·applicable·only·in·certain·platforms
158778 if·rpm·--quiet·-q·postfix·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then158778 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·rpm·--quiet·-q·postfix;·then
  
158779 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then158779 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then
158780 »       echo·&quot;smtpd_client_restrictions·=·permit_mynetworks,reject&quot;·&gt;&gt;·/etc/postfix/main.cf158780 »       echo·&quot;smtpd_client_restrictions·=·permit_mynetworks,reject&quot;·&gt;&gt;·/etc/postfix/main.cf
158781 else158781 else
158782 »       sed·-i·&quot;s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g&quot;·/etc/postfix/main.cf158782 »       sed·-i·&quot;s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g&quot;·/etc/postfix/main.cf
158783 fi158783 fi
  
4.72 KB
./usr/share/xml/scap/ssg/content/ssg-ol9-xccdf.xml
4.62 KB
./usr/share/xml/scap/ssg/content/ssg-ol9-xccdf.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_OL-9"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_OL-9"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
3 ··<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>3 ··<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Oracle·Linux·9</xccdf-1.2:title>4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Oracle·Linux·9</xccdf-1.2:title>
5 ··<xccdf-1.2:description>5 ··<xccdf-1.2:description>
6 ····This·guide·presents·a·catalog·of·security-relevant6 ····This·guide·presents·a·catalog·of·security-relevant
7 configuration·settings·for·Oracle·Linux·9.·It·is·a·rendering·of7 configuration·settings·for·Oracle·Linux·9.·It·is·a·rendering·of
8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
9 in·order·to·support·security·automation.··The·SCAP·content·is9 in·order·to·support·security·automation.··The·SCAP·content·is
10 is·available·in·the10 is·available·in·the
Offset 115107, 16 lines modifiedOffset 115107, 16 lines modified
115107 ··-·no_reboot_needed115107 ··-·no_reboot_needed
  
115108 -·name:·Test·for·existence·/boot/grub2/user.cfg115108 -·name:·Test·for·existence·/boot/grub2/user.cfg
115109 ··stat:115109 ··stat:
115110 ····path:·/boot/grub2/user.cfg115110 ····path:·/boot/grub2/user.cfg
115111 ··register:·file_exists115111 ··register:·file_exists
115112 ··when:115112 ··when:
115113 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
115114 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'115113 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 115114 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
115115 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]115115 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
115116 ··tags:115116 ··tags:
115117 ··-·CJIS-5.5.2.2115117 ··-·CJIS-5.5.2.2
115118 ··-·NIST-800-171-3.4.5115118 ··-·NIST-800-171-3.4.5
115119 ··-·NIST-800-53-AC-6(1)115119 ··-·NIST-800-53-AC-6(1)
115120 ··-·NIST-800-53-CM-6(a)115120 ··-·NIST-800-53-CM-6(a)
115121 ··-·PCI-DSS-Req-7.1115121 ··-·PCI-DSS-Req-7.1
Offset 115128, 16 lines modifiedOffset 115128, 16 lines modified
115128 ··-·no_reboot_needed115128 ··-·no_reboot_needed
  
115129 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg115129 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
115130 ··file:115130 ··file:
115131 ····path:·/boot/grub2/user.cfg115131 ····path:·/boot/grub2/user.cfg
115132 ····group:·'0'115132 ····group:·'0'
115133 ··when:115133 ··when:
115134 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
115135 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'115134 ··-·'&quot;/boot/efi&quot;·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 115135 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
115136 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]115136 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
115137 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists115137 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
115138 ··tags:115138 ··tags:
115139 ··-·CJIS-5.5.2.2115139 ··-·CJIS-5.5.2.2
115140 ··-·NIST-800-171-3.4.5115140 ··-·NIST-800-171-3.4.5
115141 ··-·NIST-800-53-AC-6(1)115141 ··-·NIST-800-53-AC-6(1)
115142 ··-·NIST-800-53-CM-6(a)115142 ··-·NIST-800-53-CM-6(a)
Offset 115145, 15 lines modifiedOffset 115145, 15 lines modified
115145 ··-·configure_strategy115145 ··-·configure_strategy
115146 ··-·file_groupowner_efi_user_cfg115146 ··-·file_groupowner_efi_user_cfg
115147 ··-·low_complexity115147 ··-·low_complexity
115148 ··-·low_disruption115148 ··-·low_disruption
115149 ··-·medium_severity115149 ··-·medium_severity
115150 ··-·no_reboot_needed</xccdf-1.2:fix>115150 ··-·no_reboot_needed</xccdf-1.2:fix>
115151 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms115151 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_efi_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
115152 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then115152 if·[·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
115153 chgrp·0·/boot/grub2/user.cfg115153 chgrp·0·/boot/grub2/user.cfg
  
115154 else115154 else
115155 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'115155 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
115156 fi</xccdf-1.2:fix>115156 fi</xccdf-1.2:fix>
115157 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">115157 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 158623, 25 lines modifiedOffset 158623, 25 lines modified
158623 ····lineinfile:158623 ····lineinfile:
158624 ······path:·/etc/postfix/main.cf158624 ······path:·/etc/postfix/main.cf
158625 ······create:·true158625 ······create:·true
158626 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*158626 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
158627 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject158627 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject
158628 ······state:·present158628 ······state:·present
158629 ··when:158629 ··when:
158630 ··-·'&quot;postfix&quot;·in·ansible_facts.packages' 
158631 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]158630 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 158631 ··-·'&quot;postfix&quot;·in·ansible_facts.packages'
158632 ··tags:158632 ··tags:
158633 ··-·low_complexity158633 ··-·low_complexity
158634 ··-·low_disruption158634 ··-·low_disruption
158635 ··-·medium_severity158635 ··-·medium_severity
158636 ··-·no_reboot_needed158636 ··-·no_reboot_needed
158637 ··-·postfix_prevent_unrestricted_relay158637 ··-·postfix_prevent_unrestricted_relay
158638 ··-·restrict_strategy</xccdf-1.2:fix>158638 ··-·restrict_strategy</xccdf-1.2:fix>
158639 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="postfix_prevent_unrestricted_relay">#·Remediation·is·applicable·only·in·certain·platforms158639 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="postfix_prevent_unrestricted_relay">#·Remediation·is·applicable·only·in·certain·platforms
158640 if·rpm·--quiet·-q·postfix·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then158640 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·rpm·--quiet·-q·postfix;·then
  
158641 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then158641 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then
158642 »       echo·&quot;smtpd_client_restrictions·=·permit_mynetworks,reject&quot;·&gt;&gt;·/etc/postfix/main.cf158642 »       echo·&quot;smtpd_client_restrictions·=·permit_mynetworks,reject&quot;·&gt;&gt;·/etc/postfix/main.cf
158643 else158643 else
158644 »       sed·-i·&quot;s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g&quot;·/etc/postfix/main.cf158644 »       sed·-i·&quot;s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g&quot;·/etc/postfix/main.cf
158645 fi158645 fi
  
1.4 KB
./usr/share/xml/scap/ssg/content/ssg-opensuse-ds-1.2.xml
1.29 KB
./usr/share/xml/scap/ssg/content/ssg-opensuse-ds-1.2.xml
    
Offset 104, 15 lines modifiedOffset 104, 15 lines modified
104 ········<cpe-dict:title·xml:lang="en-us">openSUSE·Leap·42.3</cpe-dict:title>104 ········<cpe-dict:title·xml:lang="en-us">openSUSE·Leap·42.3</cpe-dict:title>
105 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml">oval:ssg-installed_OS_is_opensuse_leap42:def:1</cpe-dict:check>105 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml">oval:ssg-installed_OS_is_opensuse_leap42:def:1</cpe-dict:check>
106 ······</cpe-dict:cpe-item>106 ······</cpe-dict:cpe-item>
107 ····</cpe-dict:cpe-list>107 ····</cpe-dict:cpe-list>
108 ··</ds:component>108 ··</ds:component>
109 ··<ds:component·id="scap_org.open-scap_comp_ssg-opensuse-xccdf.xml"·timestamp="2022-12-20T09:54:05">109 ··<ds:component·id="scap_org.open-scap_comp_ssg-opensuse-xccdf.xml"·timestamp="2022-12-20T09:54:05">
110 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_OPENSUSE"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">110 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_OPENSUSE"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
111 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>111 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
112 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·openSUSE</xccdf-1.2:title>112 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·openSUSE</xccdf-1.2:title>
113 ······<xccdf-1.2:description>113 ······<xccdf-1.2:description>
114 ········This·guide·presents·a·catalog·of·security-relevant114 ········This·guide·presents·a·catalog·of·security-relevant
115 configuration·settings·for·openSUSE.·It·is·a·rendering·of115 configuration·settings·for·openSUSE.·It·is·a·rendering·of
116 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)116 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
117 in·order·to·support·security·automation.··The·SCAP·content·is117 in·order·to·support·security·automation.··The·SCAP·content·is
118 is·available·in·the118 is·available·in·the
1.38 KB
./usr/share/xml/scap/ssg/content/ssg-opensuse-ds.xml
1.28 KB
./usr/share/xml/scap/ssg/content/ssg-opensuse-ds.xml
    
Offset 104, 15 lines modifiedOffset 104, 15 lines modified
104 ········<cpe-dict:title·xml:lang="en-us">openSUSE·Leap·42.3</cpe-dict:title>104 ········<cpe-dict:title·xml:lang="en-us">openSUSE·Leap·42.3</cpe-dict:title>
105 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml">oval:ssg-installed_OS_is_opensuse_leap42:def:1</cpe-dict:check>105 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-opensuse-cpe-oval.xml">oval:ssg-installed_OS_is_opensuse_leap42:def:1</cpe-dict:check>
106 ······</cpe-dict:cpe-item>106 ······</cpe-dict:cpe-item>
107 ····</cpe-dict:cpe-list>107 ····</cpe-dict:cpe-list>
108 ··</ds:component>108 ··</ds:component>
109 ··<ds:component·id="scap_org.open-scap_comp_ssg-opensuse-xccdf.xml"·timestamp="2022-12-20T09:54:05">109 ··<ds:component·id="scap_org.open-scap_comp_ssg-opensuse-xccdf.xml"·timestamp="2022-12-20T09:54:05">
110 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_OPENSUSE"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">110 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_OPENSUSE"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
111 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>111 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
112 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·openSUSE</xccdf-1.2:title>112 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·openSUSE</xccdf-1.2:title>
113 ······<xccdf-1.2:description>113 ······<xccdf-1.2:description>
114 ········This·guide·presents·a·catalog·of·security-relevant114 ········This·guide·presents·a·catalog·of·security-relevant
115 configuration·settings·for·openSUSE.·It·is·a·rendering·of115 configuration·settings·for·openSUSE.·It·is·a·rendering·of
116 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)116 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
117 in·order·to·support·security·automation.··The·SCAP·content·is117 in·order·to·support·security·automation.··The·SCAP·content·is
118 is·available·in·the118 is·available·in·the
1.22 KB
./usr/share/xml/scap/ssg/content/ssg-opensuse-xccdf.xml
1.11 KB
./usr/share/xml/scap/ssg/content/ssg-opensuse-xccdf.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_OPENSUSE"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_OPENSUSE"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
3 ··<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>3 ··<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·openSUSE</xccdf-1.2:title>4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·openSUSE</xccdf-1.2:title>
5 ··<xccdf-1.2:description>5 ··<xccdf-1.2:description>
6 ····This·guide·presents·a·catalog·of·security-relevant6 ····This·guide·presents·a·catalog·of·security-relevant
7 configuration·settings·for·openSUSE.·It·is·a·rendering·of7 configuration·settings·for·openSUSE.·It·is·a·rendering·of
8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
9 in·order·to·support·security·automation.··The·SCAP·content·is9 in·order·to·support·security·automation.··The·SCAP·content·is
10 is·available·in·the10 is·available·in·the
1.44 KB
./usr/share/xml/scap/ssg/content/ssg-rhcos4-ds-1.2.xml
1.33 KB
./usr/share/xml/scap/ssg/content/ssg-rhcos4-ds-1.2.xml
    
Offset 128, 15 lines modifiedOffset 128, 15 lines modified
128 ········<cpe-dict:title·xml:lang="en-us">Red·Hat·Enterprise·Linux·CoreOS·4</cpe-dict:title>128 ········<cpe-dict:title·xml:lang="en-us">Red·Hat·Enterprise·Linux·CoreOS·4</cpe-dict:title>
129 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml">oval:ssg-installed_OS_is_rhcos4:def:1</cpe-dict:check>129 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml">oval:ssg-installed_OS_is_rhcos4:def:1</cpe-dict:check>
130 ······</cpe-dict:cpe-item>130 ······</cpe-dict:cpe-item>
131 ····</cpe-dict:cpe-list>131 ····</cpe-dict:cpe-list>
132 ··</ds:component>132 ··</ds:component>
133 ··<ds:component·id="scap_org.open-scap_comp_ssg-rhcos4-xccdf.xml"·timestamp="2022-12-20T09:54:05">133 ··<ds:component·id="scap_org.open-scap_comp_ssg-rhcos4-xccdf.xml"·timestamp="2022-12-20T09:54:05">
134 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHCOS-4"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">134 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHCOS-4"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
135 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>135 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
136 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·CoreOS·4</xccdf-1.2:title>136 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·CoreOS·4</xccdf-1.2:title>
137 ······<xccdf-1.2:description>137 ······<xccdf-1.2:description>
138 ········This·guide·presents·a·catalog·of·security-relevant138 ········This·guide·presents·a·catalog·of·security-relevant
139 configuration·settings·for·Red·Hat·Enterprise·Linux·CoreOS·4.·It·is·a·rendering·of139 configuration·settings·for·Red·Hat·Enterprise·Linux·CoreOS·4.·It·is·a·rendering·of
140 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)140 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
141 in·order·to·support·security·automation.··The·SCAP·content·is141 in·order·to·support·security·automation.··The·SCAP·content·is
142 is·available·in·the142 is·available·in·the
1.42 KB
./usr/share/xml/scap/ssg/content/ssg-rhcos4-ds.xml
1.33 KB
./usr/share/xml/scap/ssg/content/ssg-rhcos4-ds.xml
    
Offset 128, 15 lines modifiedOffset 128, 15 lines modified
128 ········<cpe-dict:title·xml:lang="en-us">Red·Hat·Enterprise·Linux·CoreOS·4</cpe-dict:title>128 ········<cpe-dict:title·xml:lang="en-us">Red·Hat·Enterprise·Linux·CoreOS·4</cpe-dict:title>
129 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml">oval:ssg-installed_OS_is_rhcos4:def:1</cpe-dict:check>129 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhcos4-cpe-oval.xml">oval:ssg-installed_OS_is_rhcos4:def:1</cpe-dict:check>
130 ······</cpe-dict:cpe-item>130 ······</cpe-dict:cpe-item>
131 ····</cpe-dict:cpe-list>131 ····</cpe-dict:cpe-list>
132 ··</ds:component>132 ··</ds:component>
133 ··<ds:component·id="scap_org.open-scap_comp_ssg-rhcos4-xccdf.xml"·timestamp="2022-12-20T09:54:05">133 ··<ds:component·id="scap_org.open-scap_comp_ssg-rhcos4-xccdf.xml"·timestamp="2022-12-20T09:54:05">
134 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHCOS-4"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">134 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHCOS-4"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
135 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>135 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
136 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·CoreOS·4</xccdf-1.2:title>136 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·CoreOS·4</xccdf-1.2:title>
137 ······<xccdf-1.2:description>137 ······<xccdf-1.2:description>
138 ········This·guide·presents·a·catalog·of·security-relevant138 ········This·guide·presents·a·catalog·of·security-relevant
139 configuration·settings·for·Red·Hat·Enterprise·Linux·CoreOS·4.·It·is·a·rendering·of139 configuration·settings·for·Red·Hat·Enterprise·Linux·CoreOS·4.·It·is·a·rendering·of
140 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)140 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
141 in·order·to·support·security·automation.··The·SCAP·content·is141 in·order·to·support·security·automation.··The·SCAP·content·is
142 is·available·in·the142 is·available·in·the
1.26 KB
./usr/share/xml/scap/ssg/content/ssg-rhcos4-xccdf.xml
1.16 KB
./usr/share/xml/scap/ssg/content/ssg-rhcos4-xccdf.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_RHCOS-4"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_RHCOS-4"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
3 ··<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>3 ··<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·CoreOS·4</xccdf-1.2:title>4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·CoreOS·4</xccdf-1.2:title>
5 ··<xccdf-1.2:description>5 ··<xccdf-1.2:description>
6 ····This·guide·presents·a·catalog·of·security-relevant6 ····This·guide·presents·a·catalog·of·security-relevant
7 configuration·settings·for·Red·Hat·Enterprise·Linux·CoreOS·4.·It·is·a·rendering·of7 configuration·settings·for·Red·Hat·Enterprise·Linux·CoreOS·4.·It·is·a·rendering·of
8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
9 in·order·to·support·security·automation.··The·SCAP·content·is9 in·order·to·support·security·automation.··The·SCAP·content·is
10 is·available·in·the10 is·available·in·the
541 KB
./usr/share/xml/scap/ssg/content/ssg-rhel7-ds-1.2.xml
540 KB
./usr/share/xml/scap/ssg/content/ssg-rhel7-ds-1.2.xml
    
Offset 164, 15 lines modifiedOffset 164, 15 lines modified
164 ········<cpe-dict:title·xml:lang="en-us">red·hat·enterprise·linux·7·workstation</cpe-dict:title>164 ········<cpe-dict:title·xml:lang="en-us">red·hat·enterprise·linux·7·workstation</cpe-dict:title>
165 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel7-cpe-oval.xml">oval:ssg-installed_OS_is_rhel7:def:1</cpe-dict:check>165 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel7-cpe-oval.xml">oval:ssg-installed_OS_is_rhel7:def:1</cpe-dict:check>
166 ······</cpe-dict:cpe-item>166 ······</cpe-dict:cpe-item>
167 ····</cpe-dict:cpe-list>167 ····</cpe-dict:cpe-list>
168 ··</ds:component>168 ··</ds:component>
169 ··<ds:component·id="scap_org.open-scap_comp_ssg-rhel7-xccdf.xml"·timestamp="2022-12-20T09:54:05">169 ··<ds:component·id="scap_org.open-scap_comp_ssg-rhel7-xccdf.xml"·timestamp="2022-12-20T09:54:05">
170 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHEL-7"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">170 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHEL-7"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
171 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>171 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
172 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·7</xccdf-1.2:title>172 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·7</xccdf-1.2:title>
173 ······<xccdf-1.2:description>173 ······<xccdf-1.2:description>
174 ········This·guide·presents·a·catalog·of·security-relevant174 ········This·guide·presents·a·catalog·of·security-relevant
175 configuration·settings·for·Red·Hat·Enterprise·Linux·7.·It·is·a·rendering·of175 configuration·settings·for·Red·Hat·Enterprise·Linux·7.·It·is·a·rendering·of
176 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)176 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
177 in·order·to·support·security·automation.··The·SCAP·content·is177 in·order·to·support·security·automation.··The·SCAP·content·is
178 is·available·in·the178 is·available·in·the
Offset 49106, 16 lines modifiedOffset 49106, 16 lines modified
49106 ··-·reboot_required49106 ··-·reboot_required
49107 ··-·restrict_strategy49107 ··-·restrict_strategy
  
49108 -·name:·Set·architecture·for·audit·open·tasks49108 -·name:·Set·architecture·for·audit·open·tasks
49109 ··set_fact:49109 ··set_fact:
49110 ····audit_arch:·b6449110 ····audit_arch:·b64
49111 ··when:49111 ··when:
49112 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
49113 ··-·'&quot;audit&quot;·in·ansible_facts.packages'49112 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 49113 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
49114 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture49114 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
49115 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;49115 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
49116 ··tags:49116 ··tags:
49117 ··-·NIST-800-53-AC-2(4)49117 ··-·NIST-800-53-AC-2(4)
49118 ··-·NIST-800-53-AC-6(9)49118 ··-·NIST-800-53-AC-6(9)
49119 ··-·NIST-800-53-AU-12(c)49119 ··-·NIST-800-53-AU-12(c)
49120 ··-·NIST-800-53-AU-2(d)49120 ··-·NIST-800-53-AU-2(d)
Offset 49244, 16 lines modifiedOffset 49244, 16 lines modified
49244 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group49244 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
49245 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify49245 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
49246 ······create:·true49246 ······create:·true
49247 ······mode:·o-rwx49247 ······mode:·o-rwx
49248 ······state:·present49248 ······state:·present
49249 ····when:·syscalls_found·|·length·==·049249 ····when:·syscalls_found·|·length·==·0
49250 ··when:49250 ··when:
49251 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
49252 ··-·'&quot;audit&quot;·in·ansible_facts.packages'49251 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 49252 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
49253 ··tags:49253 ··tags:
49254 ··-·NIST-800-53-AC-2(4)49254 ··-·NIST-800-53-AC-2(4)
49255 ··-·NIST-800-53-AC-6(9)49255 ··-·NIST-800-53-AC-6(9)
49256 ··-·NIST-800-53-AU-12(c)49256 ··-·NIST-800-53-AU-12(c)
49257 ··-·NIST-800-53-AU-2(d)49257 ··-·NIST-800-53-AU-2(d)
49258 ··-·NIST-800-53-CM-6(a)49258 ··-·NIST-800-53-CM-6(a)
49259 ··-·audit_rules_etc_group_open49259 ··-·audit_rules_etc_group_open
Offset 49380, 31 lines modifiedOffset 49380, 31 lines modified
49380 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group49380 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
49381 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify49381 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
49382 ······create:·true49382 ······create:·true
49383 ······mode:·o-rwx49383 ······mode:·o-rwx
49384 ······state:·present49384 ······state:·present
49385 ····when:·syscalls_found·|·length·==·049385 ····when:·syscalls_found·|·length·==·0
49386 ··when:49386 ··when:
49387 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
49388 ··-·'&quot;audit&quot;·in·ansible_facts.packages'49387 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 49388 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
49389 ··-·audit_arch·==·&quot;b64&quot;49389 ··-·audit_arch·==·&quot;b64&quot;
49390 ··tags:49390 ··tags:
49391 ··-·NIST-800-53-AC-2(4)49391 ··-·NIST-800-53-AC-2(4)
49392 ··-·NIST-800-53-AC-6(9)49392 ··-·NIST-800-53-AC-6(9)
49393 ··-·NIST-800-53-AU-12(c)49393 ··-·NIST-800-53-AU-12(c)
49394 ··-·NIST-800-53-AU-2(d)49394 ··-·NIST-800-53-AU-2(d)
49395 ··-·NIST-800-53-CM-6(a)49395 ··-·NIST-800-53-CM-6(a)
49396 ··-·audit_rules_etc_group_open49396 ··-·audit_rules_etc_group_open
49397 ··-·low_complexity49397 ··-·low_complexity
49398 ··-·low_disruption49398 ··-·low_disruption
49399 ··-·medium_severity49399 ··-·medium_severity
49400 ··-·reboot_required49400 ··-·reboot_required
49401 ··-·restrict_strategy</xccdf-1.2:fix>49401 ··-·restrict_strategy</xccdf-1.2:fix>
49402 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms49402 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms
49403 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·rpm·--quiet·-q·audit;·then49403 if·rpm·--quiet·-q·audit·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then
  
49404 #·First·perform·the·remediation·of·the·syscall·rule49404 #·First·perform·the·remediation·of·the·syscall·rule
49405 #·Retrieve·hardware·architecture·of·the·underlying·system49405 #·Retrieve·hardware·architecture·of·the·underlying·system
49406 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)49406 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
49407 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;49407 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
49408 do49408 do
Offset 49800, 16 lines modifiedOffset 49800, 16 lines modified
49800 ··-·reboot_required49800 ··-·reboot_required
49801 ··-·restrict_strategy49801 ··-·restrict_strategy
  
49802 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks49802 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks
49803 ··set_fact:49803 ··set_fact:
49804 ····audit_arch:·b6449804 ····audit_arch:·b64
49805 ··when:49805 ··when:
49806 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
49807 ··-·'&quot;audit&quot;·in·ansible_facts.packages'49806 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 49807 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
49808 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture49808 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
49809 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;49809 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
49810 ··tags:49810 ··tags:
49811 ··-·NIST-800-53-AC-2(4)49811 ··-·NIST-800-53-AC-2(4)
49812 ··-·NIST-800-53-AC-6(9)49812 ··-·NIST-800-53-AC-6(9)
49813 ··-·NIST-800-53-AU-12(c)49813 ··-·NIST-800-53-AU-12(c)
49814 ··-·NIST-800-53-AU-2(d)49814 ··-·NIST-800-53-AU-2(d)
Offset 49938, 16 lines modifiedOffset 49938, 16 lines modified
49938 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group49938 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
49939 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify49939 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
49940 ······create:·true49940 ······create:·true
49941 ······mode:·o-rwx49941 ······mode:·o-rwx
49942 ······state:·present49942 ······state:·present
49943 ····when:·syscalls_found·|·length·==·049943 ····when:·syscalls_found·|·length·==·0
49944 ··when:49944 ··when:
49945 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
49946 ··-·'&quot;audit&quot;·in·ansible_facts.packages'49945 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 49946 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
49947 ··tags:49947 ··tags:
49948 ··-·NIST-800-53-AC-2(4)49948 ··-·NIST-800-53-AC-2(4)
49949 ··-·NIST-800-53-AC-6(9)49949 ··-·NIST-800-53-AC-6(9)
49950 ··-·NIST-800-53-AU-12(c)49950 ··-·NIST-800-53-AU-12(c)
49951 ··-·NIST-800-53-AU-2(d)49951 ··-·NIST-800-53-AU-2(d)
49952 ··-·NIST-800-53-CM-6(a)49952 ··-·NIST-800-53-CM-6(a)
49953 ··-·audit_rules_etc_group_open_by_handle_at49953 ··-·audit_rules_etc_group_open_by_handle_at
Offset 50074, 31 lines modifiedOffset 50074, 31 lines modified
50074 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group50074 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
50075 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify50075 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
50076 ······create:·true50076 ······create:·true
50077 ······mode:·o-rwx50077 ······mode:·o-rwx
50078 ······state:·present50078 ······state:·present
50079 ····when:·syscalls_found·|·length·==·050079 ····when:·syscalls_found·|·length·==·0
Max diff block lines reached; 546893/553334 bytes (98.84%) of diff not shown.
541 KB
./usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml
540 KB
./usr/share/xml/scap/ssg/content/ssg-rhel7-ds.xml
    
Offset 166, 15 lines modifiedOffset 166, 15 lines modified
166 ········<cpe-dict:title·xml:lang="en-us">red·hat·enterprise·linux·7·workstation</cpe-dict:title>166 ········<cpe-dict:title·xml:lang="en-us">red·hat·enterprise·linux·7·workstation</cpe-dict:title>
167 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel7-cpe-oval.xml">oval:ssg-installed_OS_is_rhel7:def:1</cpe-dict:check>167 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel7-cpe-oval.xml">oval:ssg-installed_OS_is_rhel7:def:1</cpe-dict:check>
168 ······</cpe-dict:cpe-item>168 ······</cpe-dict:cpe-item>
169 ····</cpe-dict:cpe-list>169 ····</cpe-dict:cpe-list>
170 ··</ds:component>170 ··</ds:component>
171 ··<ds:component·id="scap_org.open-scap_comp_ssg-rhel7-xccdf.xml"·timestamp="2022-12-20T09:54:05">171 ··<ds:component·id="scap_org.open-scap_comp_ssg-rhel7-xccdf.xml"·timestamp="2022-12-20T09:54:05">
172 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHEL-7"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">172 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHEL-7"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
173 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>173 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
174 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·7</xccdf-1.2:title>174 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·7</xccdf-1.2:title>
175 ······<xccdf-1.2:description>175 ······<xccdf-1.2:description>
176 ········This·guide·presents·a·catalog·of·security-relevant176 ········This·guide·presents·a·catalog·of·security-relevant
177 configuration·settings·for·Red·Hat·Enterprise·Linux·7.·It·is·a·rendering·of177 configuration·settings·for·Red·Hat·Enterprise·Linux·7.·It·is·a·rendering·of
178 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)178 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
179 in·order·to·support·security·automation.··The·SCAP·content·is179 in·order·to·support·security·automation.··The·SCAP·content·is
180 is·available·in·the180 is·available·in·the
Offset 49108, 16 lines modifiedOffset 49108, 16 lines modified
49108 ··-·reboot_required49108 ··-·reboot_required
49109 ··-·restrict_strategy49109 ··-·restrict_strategy
  
49110 -·name:·Set·architecture·for·audit·open·tasks49110 -·name:·Set·architecture·for·audit·open·tasks
49111 ··set_fact:49111 ··set_fact:
49112 ····audit_arch:·b6449112 ····audit_arch:·b64
49113 ··when:49113 ··when:
49114 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
49115 ··-·'&quot;audit&quot;·in·ansible_facts.packages'49114 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 49115 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
49116 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture49116 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
49117 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;49117 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
49118 ··tags:49118 ··tags:
49119 ··-·NIST-800-53-AC-2(4)49119 ··-·NIST-800-53-AC-2(4)
49120 ··-·NIST-800-53-AC-6(9)49120 ··-·NIST-800-53-AC-6(9)
49121 ··-·NIST-800-53-AU-12(c)49121 ··-·NIST-800-53-AU-12(c)
49122 ··-·NIST-800-53-AU-2(d)49122 ··-·NIST-800-53-AU-2(d)
Offset 49246, 16 lines modifiedOffset 49246, 16 lines modified
49246 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group49246 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
49247 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify49247 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
49248 ······create:·true49248 ······create:·true
49249 ······mode:·o-rwx49249 ······mode:·o-rwx
49250 ······state:·present49250 ······state:·present
49251 ····when:·syscalls_found·|·length·==·049251 ····when:·syscalls_found·|·length·==·0
49252 ··when:49252 ··when:
49253 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
49254 ··-·'&quot;audit&quot;·in·ansible_facts.packages'49253 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 49254 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
49255 ··tags:49255 ··tags:
49256 ··-·NIST-800-53-AC-2(4)49256 ··-·NIST-800-53-AC-2(4)
49257 ··-·NIST-800-53-AC-6(9)49257 ··-·NIST-800-53-AC-6(9)
49258 ··-·NIST-800-53-AU-12(c)49258 ··-·NIST-800-53-AU-12(c)
49259 ··-·NIST-800-53-AU-2(d)49259 ··-·NIST-800-53-AU-2(d)
49260 ··-·NIST-800-53-CM-6(a)49260 ··-·NIST-800-53-CM-6(a)
49261 ··-·audit_rules_etc_group_open49261 ··-·audit_rules_etc_group_open
Offset 49382, 31 lines modifiedOffset 49382, 31 lines modified
49382 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group49382 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
49383 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify49383 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
49384 ······create:·true49384 ······create:·true
49385 ······mode:·o-rwx49385 ······mode:·o-rwx
49386 ······state:·present49386 ······state:·present
49387 ····when:·syscalls_found·|·length·==·049387 ····when:·syscalls_found·|·length·==·0
49388 ··when:49388 ··when:
49389 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
49390 ··-·'&quot;audit&quot;·in·ansible_facts.packages'49389 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 49390 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
49391 ··-·audit_arch·==·&quot;b64&quot;49391 ··-·audit_arch·==·&quot;b64&quot;
49392 ··tags:49392 ··tags:
49393 ··-·NIST-800-53-AC-2(4)49393 ··-·NIST-800-53-AC-2(4)
49394 ··-·NIST-800-53-AC-6(9)49394 ··-·NIST-800-53-AC-6(9)
49395 ··-·NIST-800-53-AU-12(c)49395 ··-·NIST-800-53-AU-12(c)
49396 ··-·NIST-800-53-AU-2(d)49396 ··-·NIST-800-53-AU-2(d)
49397 ··-·NIST-800-53-CM-6(a)49397 ··-·NIST-800-53-CM-6(a)
49398 ··-·audit_rules_etc_group_open49398 ··-·audit_rules_etc_group_open
49399 ··-·low_complexity49399 ··-·low_complexity
49400 ··-·low_disruption49400 ··-·low_disruption
49401 ··-·medium_severity49401 ··-·medium_severity
49402 ··-·reboot_required49402 ··-·reboot_required
49403 ··-·restrict_strategy</xccdf-1.2:fix>49403 ··-·restrict_strategy</xccdf-1.2:fix>
49404 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms49404 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms
49405 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·rpm·--quiet·-q·audit;·then49405 if·rpm·--quiet·-q·audit·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then
  
49406 #·First·perform·the·remediation·of·the·syscall·rule49406 #·First·perform·the·remediation·of·the·syscall·rule
49407 #·Retrieve·hardware·architecture·of·the·underlying·system49407 #·Retrieve·hardware·architecture·of·the·underlying·system
49408 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)49408 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
49409 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;49409 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
49410 do49410 do
Offset 49802, 16 lines modifiedOffset 49802, 16 lines modified
49802 ··-·reboot_required49802 ··-·reboot_required
49803 ··-·restrict_strategy49803 ··-·restrict_strategy
  
49804 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks49804 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks
49805 ··set_fact:49805 ··set_fact:
49806 ····audit_arch:·b6449806 ····audit_arch:·b64
49807 ··when:49807 ··when:
49808 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
49809 ··-·'&quot;audit&quot;·in·ansible_facts.packages'49808 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 49809 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
49810 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture49810 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
49811 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;49811 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
49812 ··tags:49812 ··tags:
49813 ··-·NIST-800-53-AC-2(4)49813 ··-·NIST-800-53-AC-2(4)
49814 ··-·NIST-800-53-AC-6(9)49814 ··-·NIST-800-53-AC-6(9)
49815 ··-·NIST-800-53-AU-12(c)49815 ··-·NIST-800-53-AU-12(c)
49816 ··-·NIST-800-53-AU-2(d)49816 ··-·NIST-800-53-AU-2(d)
Offset 49940, 16 lines modifiedOffset 49940, 16 lines modified
49940 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group49940 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
49941 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify49941 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
49942 ······create:·true49942 ······create:·true
49943 ······mode:·o-rwx49943 ······mode:·o-rwx
49944 ······state:·present49944 ······state:·present
49945 ····when:·syscalls_found·|·length·==·049945 ····when:·syscalls_found·|·length·==·0
49946 ··when:49946 ··when:
49947 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
49948 ··-·'&quot;audit&quot;·in·ansible_facts.packages'49947 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 49948 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
49949 ··tags:49949 ··tags:
49950 ··-·NIST-800-53-AC-2(4)49950 ··-·NIST-800-53-AC-2(4)
49951 ··-·NIST-800-53-AC-6(9)49951 ··-·NIST-800-53-AC-6(9)
49952 ··-·NIST-800-53-AU-12(c)49952 ··-·NIST-800-53-AU-12(c)
49953 ··-·NIST-800-53-AU-2(d)49953 ··-·NIST-800-53-AU-2(d)
49954 ··-·NIST-800-53-CM-6(a)49954 ··-·NIST-800-53-CM-6(a)
49955 ··-·audit_rules_etc_group_open_by_handle_at49955 ··-·audit_rules_etc_group_open_by_handle_at
Offset 50076, 31 lines modifiedOffset 50076, 31 lines modified
50076 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group50076 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
50077 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify50077 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
50078 ······create:·true50078 ······create:·true
50079 ······mode:·o-rwx50079 ······mode:·o-rwx
50080 ······state:·present50080 ······state:·present
50081 ····when:·syscalls_found·|·length·==·050081 ····when:·syscalls_found·|·length·==·0
Max diff block lines reached; 546893/553334 bytes (98.84%) of diff not shown.
539 KB
./usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml
539 KB
./usr/share/xml/scap/ssg/content/ssg-rhel7-xccdf.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_RHEL-7"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_RHEL-7"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
3 ··<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>3 ··<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·7</xccdf-1.2:title>4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·7</xccdf-1.2:title>
5 ··<xccdf-1.2:description>5 ··<xccdf-1.2:description>
6 ····This·guide·presents·a·catalog·of·security-relevant6 ····This·guide·presents·a·catalog·of·security-relevant
7 configuration·settings·for·Red·Hat·Enterprise·Linux·7.·It·is·a·rendering·of7 configuration·settings·for·Red·Hat·Enterprise·Linux·7.·It·is·a·rendering·of
8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
9 in·order·to·support·security·automation.··The·SCAP·content·is9 in·order·to·support·security·automation.··The·SCAP·content·is
10 is·available·in·the10 is·available·in·the
Offset 48938, 16 lines modifiedOffset 48938, 16 lines modified
48938 ··-·reboot_required48938 ··-·reboot_required
48939 ··-·restrict_strategy48939 ··-·restrict_strategy
  
48940 -·name:·Set·architecture·for·audit·open·tasks48940 -·name:·Set·architecture·for·audit·open·tasks
48941 ··set_fact:48941 ··set_fact:
48942 ····audit_arch:·b6448942 ····audit_arch:·b64
48943 ··when:48943 ··when:
48944 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
48945 ··-·'&quot;audit&quot;·in·ansible_facts.packages'48944 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 48945 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
48946 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture48946 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
48947 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;48947 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
48948 ··tags:48948 ··tags:
48949 ··-·NIST-800-53-AC-2(4)48949 ··-·NIST-800-53-AC-2(4)
48950 ··-·NIST-800-53-AC-6(9)48950 ··-·NIST-800-53-AC-6(9)
48951 ··-·NIST-800-53-AU-12(c)48951 ··-·NIST-800-53-AU-12(c)
48952 ··-·NIST-800-53-AU-2(d)48952 ··-·NIST-800-53-AU-2(d)
Offset 49076, 16 lines modifiedOffset 49076, 16 lines modified
49076 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group49076 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
49077 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify49077 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
49078 ······create:·true49078 ······create:·true
49079 ······mode:·o-rwx49079 ······mode:·o-rwx
49080 ······state:·present49080 ······state:·present
49081 ····when:·syscalls_found·|·length·==·049081 ····when:·syscalls_found·|·length·==·0
49082 ··when:49082 ··when:
49083 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
49084 ··-·'&quot;audit&quot;·in·ansible_facts.packages'49083 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 49084 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
49085 ··tags:49085 ··tags:
49086 ··-·NIST-800-53-AC-2(4)49086 ··-·NIST-800-53-AC-2(4)
49087 ··-·NIST-800-53-AC-6(9)49087 ··-·NIST-800-53-AC-6(9)
49088 ··-·NIST-800-53-AU-12(c)49088 ··-·NIST-800-53-AU-12(c)
49089 ··-·NIST-800-53-AU-2(d)49089 ··-·NIST-800-53-AU-2(d)
49090 ··-·NIST-800-53-CM-6(a)49090 ··-·NIST-800-53-CM-6(a)
49091 ··-·audit_rules_etc_group_open49091 ··-·audit_rules_etc_group_open
Offset 49212, 31 lines modifiedOffset 49212, 31 lines modified
49212 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group49212 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
49213 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify49213 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
49214 ······create:·true49214 ······create:·true
49215 ······mode:·o-rwx49215 ······mode:·o-rwx
49216 ······state:·present49216 ······state:·present
49217 ····when:·syscalls_found·|·length·==·049217 ····when:·syscalls_found·|·length·==·0
49218 ··when:49218 ··when:
49219 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
49220 ··-·'&quot;audit&quot;·in·ansible_facts.packages'49219 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 49220 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
49221 ··-·audit_arch·==·&quot;b64&quot;49221 ··-·audit_arch·==·&quot;b64&quot;
49222 ··tags:49222 ··tags:
49223 ··-·NIST-800-53-AC-2(4)49223 ··-·NIST-800-53-AC-2(4)
49224 ··-·NIST-800-53-AC-6(9)49224 ··-·NIST-800-53-AC-6(9)
49225 ··-·NIST-800-53-AU-12(c)49225 ··-·NIST-800-53-AU-12(c)
49226 ··-·NIST-800-53-AU-2(d)49226 ··-·NIST-800-53-AU-2(d)
49227 ··-·NIST-800-53-CM-6(a)49227 ··-·NIST-800-53-CM-6(a)
49228 ··-·audit_rules_etc_group_open49228 ··-·audit_rules_etc_group_open
49229 ··-·low_complexity49229 ··-·low_complexity
49230 ··-·low_disruption49230 ··-·low_disruption
49231 ··-·medium_severity49231 ··-·medium_severity
49232 ··-·reboot_required49232 ··-·reboot_required
49233 ··-·restrict_strategy</xccdf-1.2:fix>49233 ··-·restrict_strategy</xccdf-1.2:fix>
49234 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms49234 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms
49235 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·rpm·--quiet·-q·audit;·then49235 if·rpm·--quiet·-q·audit·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then
  
49236 #·First·perform·the·remediation·of·the·syscall·rule49236 #·First·perform·the·remediation·of·the·syscall·rule
49237 #·Retrieve·hardware·architecture·of·the·underlying·system49237 #·Retrieve·hardware·architecture·of·the·underlying·system
49238 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)49238 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
49239 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;49239 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
49240 do49240 do
Offset 49632, 16 lines modifiedOffset 49632, 16 lines modified
49632 ··-·reboot_required49632 ··-·reboot_required
49633 ··-·restrict_strategy49633 ··-·restrict_strategy
  
49634 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks49634 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks
49635 ··set_fact:49635 ··set_fact:
49636 ····audit_arch:·b6449636 ····audit_arch:·b64
49637 ··when:49637 ··when:
49638 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
49639 ··-·'&quot;audit&quot;·in·ansible_facts.packages'49638 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 49639 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
49640 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture49640 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
49641 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;49641 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
49642 ··tags:49642 ··tags:
49643 ··-·NIST-800-53-AC-2(4)49643 ··-·NIST-800-53-AC-2(4)
49644 ··-·NIST-800-53-AC-6(9)49644 ··-·NIST-800-53-AC-6(9)
49645 ··-·NIST-800-53-AU-12(c)49645 ··-·NIST-800-53-AU-12(c)
49646 ··-·NIST-800-53-AU-2(d)49646 ··-·NIST-800-53-AU-2(d)
Offset 49770, 16 lines modifiedOffset 49770, 16 lines modified
49770 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group49770 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
49771 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify49771 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
49772 ······create:·true49772 ······create:·true
49773 ······mode:·o-rwx49773 ······mode:·o-rwx
49774 ······state:·present49774 ······state:·present
49775 ····when:·syscalls_found·|·length·==·049775 ····when:·syscalls_found·|·length·==·0
49776 ··when:49776 ··when:
49777 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
49778 ··-·'&quot;audit&quot;·in·ansible_facts.packages'49777 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 49778 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
49779 ··tags:49779 ··tags:
49780 ··-·NIST-800-53-AC-2(4)49780 ··-·NIST-800-53-AC-2(4)
49781 ··-·NIST-800-53-AC-6(9)49781 ··-·NIST-800-53-AC-6(9)
49782 ··-·NIST-800-53-AU-12(c)49782 ··-·NIST-800-53-AU-12(c)
49783 ··-·NIST-800-53-AU-2(d)49783 ··-·NIST-800-53-AU-2(d)
49784 ··-·NIST-800-53-CM-6(a)49784 ··-·NIST-800-53-CM-6(a)
49785 ··-·audit_rules_etc_group_open_by_handle_at49785 ··-·audit_rules_etc_group_open_by_handle_at
Offset 49906, 31 lines modifiedOffset 49906, 31 lines modified
49906 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group49906 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
49907 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify49907 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
49908 ······create:·true49908 ······create:·true
49909 ······mode:·o-rwx49909 ······mode:·o-rwx
49910 ······state:·present49910 ······state:·present
49911 ····when:·syscalls_found·|·length·==·049911 ····when:·syscalls_found·|·length·==·0
49912 ··when:49912 ··when:
49913 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
49914 ··-·'&quot;audit&quot;·in·ansible_facts.packages'49913 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 49914 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
49915 ··-·audit_arch·==·&quot;b64&quot;49915 ··-·audit_arch·==·&quot;b64&quot;
Max diff block lines reached; 545292/551925 bytes (98.80%) of diff not shown.
512 KB
./usr/share/xml/scap/ssg/content/ssg-rhel8-ds-1.2.xml
512 KB
./usr/share/xml/scap/ssg/content/ssg-rhel8-ds-1.2.xml
    
Offset 200, 15 lines modifiedOffset 200, 15 lines modified
200 ········<cpe-dict:title·xml:lang="en-us">Red·Hat·Enterprise·Linux·8.9</cpe-dict:title>200 ········<cpe-dict:title·xml:lang="en-us">Red·Hat·Enterprise·Linux·8.9</cpe-dict:title>
201 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel8-cpe-oval.xml">oval:ssg-installed_OS_is_rhel8_9:def:1</cpe-dict:check>201 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel8-cpe-oval.xml">oval:ssg-installed_OS_is_rhel8_9:def:1</cpe-dict:check>
202 ······</cpe-dict:cpe-item>202 ······</cpe-dict:cpe-item>
203 ····</cpe-dict:cpe-list>203 ····</cpe-dict:cpe-list>
204 ··</ds:component>204 ··</ds:component>
205 ··<ds:component·id="scap_org.open-scap_comp_ssg-rhel8-xccdf.xml"·timestamp="2022-12-20T09:54:05">205 ··<ds:component·id="scap_org.open-scap_comp_ssg-rhel8-xccdf.xml"·timestamp="2022-12-20T09:54:05">
206 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHEL-8"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">206 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHEL-8"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
207 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>207 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
208 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·8</xccdf-1.2:title>208 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·8</xccdf-1.2:title>
209 ······<xccdf-1.2:description>209 ······<xccdf-1.2:description>
210 ········This·guide·presents·a·catalog·of·security-relevant210 ········This·guide·presents·a·catalog·of·security-relevant
211 configuration·settings·for·Red·Hat·Enterprise·Linux·8.·It·is·a·rendering·of211 configuration·settings·for·Red·Hat·Enterprise·Linux·8.·It·is·a·rendering·of
212 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)212 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
213 in·order·to·support·security·automation.··The·SCAP·content·is213 in·order·to·support·security·automation.··The·SCAP·content·is
214 is·available·in·the214 is·available·in·the
Offset 53074, 16 lines modifiedOffset 53074, 16 lines modified
53074 ··-·reboot_required53074 ··-·reboot_required
53075 ··-·restrict_strategy53075 ··-·restrict_strategy
  
53076 -·name:·Set·architecture·for·audit·open·tasks53076 -·name:·Set·architecture·for·audit·open·tasks
53077 ··set_fact:53077 ··set_fact:
53078 ····audit_arch:·b6453078 ····audit_arch:·b64
53079 ··when:53079 ··when:
53080 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
53081 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]53080 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 53081 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
53082 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture53082 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
53083 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;53083 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
53084 ··tags:53084 ··tags:
53085 ··-·CCE-80927-753085 ··-·CCE-80927-7
53086 ··-·NIST-800-53-AC-2(4)53086 ··-·NIST-800-53-AC-2(4)
53087 ··-·NIST-800-53-AC-6(9)53087 ··-·NIST-800-53-AC-6(9)
53088 ··-·NIST-800-53-AU-12(c)53088 ··-·NIST-800-53-AU-12(c)
Offset 53213, 16 lines modifiedOffset 53213, 16 lines modified
53213 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group53213 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
53214 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify53214 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
53215 ······create:·true53215 ······create:·true
53216 ······mode:·o-rwx53216 ······mode:·o-rwx
53217 ······state:·present53217 ······state:·present
53218 ····when:·syscalls_found·|·length·==·053218 ····when:·syscalls_found·|·length·==·0
53219 ··when:53219 ··when:
53220 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
53221 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]53220 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 53221 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
53222 ··tags:53222 ··tags:
53223 ··-·CCE-80927-753223 ··-·CCE-80927-7
53224 ··-·NIST-800-53-AC-2(4)53224 ··-·NIST-800-53-AC-2(4)
53225 ··-·NIST-800-53-AC-6(9)53225 ··-·NIST-800-53-AC-6(9)
53226 ··-·NIST-800-53-AU-12(c)53226 ··-·NIST-800-53-AU-12(c)
53227 ··-·NIST-800-53-AU-2(d)53227 ··-·NIST-800-53-AU-2(d)
53228 ··-·NIST-800-53-CM-6(a)53228 ··-·NIST-800-53-CM-6(a)
Offset 53350, 16 lines modifiedOffset 53350, 16 lines modified
53350 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group53350 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
53351 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify53351 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
53352 ······create:·true53352 ······create:·true
53353 ······mode:·o-rwx53353 ······mode:·o-rwx
53354 ······state:·present53354 ······state:·present
53355 ····when:·syscalls_found·|·length·==·053355 ····when:·syscalls_found·|·length·==·0
53356 ··when:53356 ··when:
53357 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
53358 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]53357 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 53358 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
53359 ··-·audit_arch·==·&quot;b64&quot;53359 ··-·audit_arch·==·&quot;b64&quot;
53360 ··tags:53360 ··tags:
53361 ··-·CCE-80927-753361 ··-·CCE-80927-7
53362 ··-·NIST-800-53-AC-2(4)53362 ··-·NIST-800-53-AC-2(4)
53363 ··-·NIST-800-53-AC-6(9)53363 ··-·NIST-800-53-AC-6(9)
53364 ··-·NIST-800-53-AU-12(c)53364 ··-·NIST-800-53-AU-12(c)
53365 ··-·NIST-800-53-AU-2(d)53365 ··-·NIST-800-53-AU-2(d)
Offset 53367, 15 lines modifiedOffset 53367, 15 lines modified
53367 ··-·audit_rules_etc_group_open53367 ··-·audit_rules_etc_group_open
53368 ··-·low_complexity53368 ··-·low_complexity
53369 ··-·low_disruption53369 ··-·low_disruption
53370 ··-·medium_severity53370 ··-·medium_severity
53371 ··-·reboot_required53371 ··-·reboot_required
53372 ··-·restrict_strategy</xccdf-1.2:fix>53372 ··-·restrict_strategy</xccdf-1.2:fix>
53373 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms53373 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms
53374 if·rpm·--quiet·-q·audit·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then53374 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·rpm·--quiet·-q·audit;·then
  
53375 #·First·perform·the·remediation·of·the·syscall·rule53375 #·First·perform·the·remediation·of·the·syscall·rule
53376 #·Retrieve·hardware·architecture·of·the·underlying·system53376 #·Retrieve·hardware·architecture·of·the·underlying·system
53377 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)53377 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
53378 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;53378 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
53379 do53379 do
Offset 53773, 16 lines modifiedOffset 53773, 16 lines modified
53773 ··-·reboot_required53773 ··-·reboot_required
53774 ··-·restrict_strategy53774 ··-·restrict_strategy
  
53775 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks53775 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks
53776 ··set_fact:53776 ··set_fact:
53777 ····audit_arch:·b6453777 ····audit_arch:·b64
53778 ··when:53778 ··when:
53779 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
53780 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]53779 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 53780 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
53781 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture53781 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
53782 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;53782 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
53783 ··tags:53783 ··tags:
53784 ··-·CCE-80929-353784 ··-·CCE-80929-3
53785 ··-·NIST-800-53-AC-2(4)53785 ··-·NIST-800-53-AC-2(4)
53786 ··-·NIST-800-53-AC-6(9)53786 ··-·NIST-800-53-AC-6(9)
53787 ··-·NIST-800-53-AU-12(c)53787 ··-·NIST-800-53-AU-12(c)
Offset 53912, 16 lines modifiedOffset 53912, 16 lines modified
53912 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group53912 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
53913 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify53913 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
53914 ······create:·true53914 ······create:·true
53915 ······mode:·o-rwx53915 ······mode:·o-rwx
53916 ······state:·present53916 ······state:·present
53917 ····when:·syscalls_found·|·length·==·053917 ····when:·syscalls_found·|·length·==·0
53918 ··when:53918 ··when:
53919 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
53920 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]53919 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 53920 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
53921 ··tags:53921 ··tags:
53922 ··-·CCE-80929-353922 ··-·CCE-80929-3
53923 ··-·NIST-800-53-AC-2(4)53923 ··-·NIST-800-53-AC-2(4)
53924 ··-·NIST-800-53-AC-6(9)53924 ··-·NIST-800-53-AC-6(9)
53925 ··-·NIST-800-53-AU-12(c)53925 ··-·NIST-800-53-AU-12(c)
53926 ··-·NIST-800-53-AU-2(d)53926 ··-·NIST-800-53-AU-2(d)
53927 ··-·NIST-800-53-CM-6(a)53927 ··-·NIST-800-53-CM-6(a)
Offset 54049, 16 lines modifiedOffset 54049, 16 lines modified
54049 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group54049 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
54050 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify54050 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
54051 ······create:·true54051 ······create:·true
54052 ······mode:·o-rwx54052 ······mode:·o-rwx
54053 ······state:·present54053 ······state:·present
Max diff block lines reached; 518585/524518 bytes (98.87%) of diff not shown.
512 KB
./usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml
512 KB
./usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml
    
Offset 202, 15 lines modifiedOffset 202, 15 lines modified
202 ········<cpe-dict:title·xml:lang="en-us">Red·Hat·Enterprise·Linux·8.9</cpe-dict:title>202 ········<cpe-dict:title·xml:lang="en-us">Red·Hat·Enterprise·Linux·8.9</cpe-dict:title>
203 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel8-cpe-oval.xml">oval:ssg-installed_OS_is_rhel8_9:def:1</cpe-dict:check>203 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel8-cpe-oval.xml">oval:ssg-installed_OS_is_rhel8_9:def:1</cpe-dict:check>
204 ······</cpe-dict:cpe-item>204 ······</cpe-dict:cpe-item>
205 ····</cpe-dict:cpe-list>205 ····</cpe-dict:cpe-list>
206 ··</ds:component>206 ··</ds:component>
207 ··<ds:component·id="scap_org.open-scap_comp_ssg-rhel8-xccdf.xml"·timestamp="2022-12-20T09:54:05">207 ··<ds:component·id="scap_org.open-scap_comp_ssg-rhel8-xccdf.xml"·timestamp="2022-12-20T09:54:05">
208 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHEL-8"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">208 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHEL-8"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
209 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>209 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
210 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·8</xccdf-1.2:title>210 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·8</xccdf-1.2:title>
211 ······<xccdf-1.2:description>211 ······<xccdf-1.2:description>
212 ········This·guide·presents·a·catalog·of·security-relevant212 ········This·guide·presents·a·catalog·of·security-relevant
213 configuration·settings·for·Red·Hat·Enterprise·Linux·8.·It·is·a·rendering·of213 configuration·settings·for·Red·Hat·Enterprise·Linux·8.·It·is·a·rendering·of
214 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)214 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
215 in·order·to·support·security·automation.··The·SCAP·content·is215 in·order·to·support·security·automation.··The·SCAP·content·is
216 is·available·in·the216 is·available·in·the
Offset 53076, 16 lines modifiedOffset 53076, 16 lines modified
53076 ··-·reboot_required53076 ··-·reboot_required
53077 ··-·restrict_strategy53077 ··-·restrict_strategy
  
53078 -·name:·Set·architecture·for·audit·open·tasks53078 -·name:·Set·architecture·for·audit·open·tasks
53079 ··set_fact:53079 ··set_fact:
53080 ····audit_arch:·b6453080 ····audit_arch:·b64
53081 ··when:53081 ··when:
53082 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
53083 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]53082 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 53083 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
53084 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture53084 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
53085 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;53085 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
53086 ··tags:53086 ··tags:
53087 ··-·CCE-80927-753087 ··-·CCE-80927-7
53088 ··-·NIST-800-53-AC-2(4)53088 ··-·NIST-800-53-AC-2(4)
53089 ··-·NIST-800-53-AC-6(9)53089 ··-·NIST-800-53-AC-6(9)
53090 ··-·NIST-800-53-AU-12(c)53090 ··-·NIST-800-53-AU-12(c)
Offset 53215, 16 lines modifiedOffset 53215, 16 lines modified
53215 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group53215 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
53216 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify53216 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
53217 ······create:·true53217 ······create:·true
53218 ······mode:·o-rwx53218 ······mode:·o-rwx
53219 ······state:·present53219 ······state:·present
53220 ····when:·syscalls_found·|·length·==·053220 ····when:·syscalls_found·|·length·==·0
53221 ··when:53221 ··when:
53222 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
53223 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]53222 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 53223 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
53224 ··tags:53224 ··tags:
53225 ··-·CCE-80927-753225 ··-·CCE-80927-7
53226 ··-·NIST-800-53-AC-2(4)53226 ··-·NIST-800-53-AC-2(4)
53227 ··-·NIST-800-53-AC-6(9)53227 ··-·NIST-800-53-AC-6(9)
53228 ··-·NIST-800-53-AU-12(c)53228 ··-·NIST-800-53-AU-12(c)
53229 ··-·NIST-800-53-AU-2(d)53229 ··-·NIST-800-53-AU-2(d)
53230 ··-·NIST-800-53-CM-6(a)53230 ··-·NIST-800-53-CM-6(a)
Offset 53352, 16 lines modifiedOffset 53352, 16 lines modified
53352 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group53352 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
53353 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify53353 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
53354 ······create:·true53354 ······create:·true
53355 ······mode:·o-rwx53355 ······mode:·o-rwx
53356 ······state:·present53356 ······state:·present
53357 ····when:·syscalls_found·|·length·==·053357 ····when:·syscalls_found·|·length·==·0
53358 ··when:53358 ··when:
53359 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
53360 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]53359 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 53360 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
53361 ··-·audit_arch·==·&quot;b64&quot;53361 ··-·audit_arch·==·&quot;b64&quot;
53362 ··tags:53362 ··tags:
53363 ··-·CCE-80927-753363 ··-·CCE-80927-7
53364 ··-·NIST-800-53-AC-2(4)53364 ··-·NIST-800-53-AC-2(4)
53365 ··-·NIST-800-53-AC-6(9)53365 ··-·NIST-800-53-AC-6(9)
53366 ··-·NIST-800-53-AU-12(c)53366 ··-·NIST-800-53-AU-12(c)
53367 ··-·NIST-800-53-AU-2(d)53367 ··-·NIST-800-53-AU-2(d)
Offset 53369, 15 lines modifiedOffset 53369, 15 lines modified
53369 ··-·audit_rules_etc_group_open53369 ··-·audit_rules_etc_group_open
53370 ··-·low_complexity53370 ··-·low_complexity
53371 ··-·low_disruption53371 ··-·low_disruption
53372 ··-·medium_severity53372 ··-·medium_severity
53373 ··-·reboot_required53373 ··-·reboot_required
53374 ··-·restrict_strategy</xccdf-1.2:fix>53374 ··-·restrict_strategy</xccdf-1.2:fix>
53375 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms53375 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms
53376 if·rpm·--quiet·-q·audit·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then53376 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·rpm·--quiet·-q·audit;·then
  
53377 #·First·perform·the·remediation·of·the·syscall·rule53377 #·First·perform·the·remediation·of·the·syscall·rule
53378 #·Retrieve·hardware·architecture·of·the·underlying·system53378 #·Retrieve·hardware·architecture·of·the·underlying·system
53379 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)53379 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
53380 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;53380 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
53381 do53381 do
Offset 53775, 16 lines modifiedOffset 53775, 16 lines modified
53775 ··-·reboot_required53775 ··-·reboot_required
53776 ··-·restrict_strategy53776 ··-·restrict_strategy
  
53777 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks53777 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks
53778 ··set_fact:53778 ··set_fact:
53779 ····audit_arch:·b6453779 ····audit_arch:·b64
53780 ··when:53780 ··when:
53781 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
53782 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]53781 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 53782 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
53783 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture53783 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
53784 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;53784 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
53785 ··tags:53785 ··tags:
53786 ··-·CCE-80929-353786 ··-·CCE-80929-3
53787 ··-·NIST-800-53-AC-2(4)53787 ··-·NIST-800-53-AC-2(4)
53788 ··-·NIST-800-53-AC-6(9)53788 ··-·NIST-800-53-AC-6(9)
53789 ··-·NIST-800-53-AU-12(c)53789 ··-·NIST-800-53-AU-12(c)
Offset 53914, 16 lines modifiedOffset 53914, 16 lines modified
53914 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group53914 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
53915 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify53915 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
53916 ······create:·true53916 ······create:·true
53917 ······mode:·o-rwx53917 ······mode:·o-rwx
53918 ······state:·present53918 ······state:·present
53919 ····when:·syscalls_found·|·length·==·053919 ····when:·syscalls_found·|·length·==·0
53920 ··when:53920 ··when:
53921 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
53922 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]53921 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 53922 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
53923 ··tags:53923 ··tags:
53924 ··-·CCE-80929-353924 ··-·CCE-80929-3
53925 ··-·NIST-800-53-AC-2(4)53925 ··-·NIST-800-53-AC-2(4)
53926 ··-·NIST-800-53-AC-6(9)53926 ··-·NIST-800-53-AC-6(9)
53927 ··-·NIST-800-53-AU-12(c)53927 ··-·NIST-800-53-AU-12(c)
53928 ··-·NIST-800-53-AU-2(d)53928 ··-·NIST-800-53-AU-2(d)
53929 ··-·NIST-800-53-CM-6(a)53929 ··-·NIST-800-53-CM-6(a)
Offset 54051, 16 lines modifiedOffset 54051, 16 lines modified
54051 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group54051 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
54052 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify54052 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
54053 ······create:·true54053 ······create:·true
54054 ······mode:·o-rwx54054 ······mode:·o-rwx
54055 ······state:·present54055 ······state:·present
Max diff block lines reached; 518585/524518 bytes (98.87%) of diff not shown.
511 KB
./usr/share/xml/scap/ssg/content/ssg-rhel8-xccdf.xml
511 KB
./usr/share/xml/scap/ssg/content/ssg-rhel8-xccdf.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_RHEL-8"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_RHEL-8"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
3 ··<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>3 ··<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·8</xccdf-1.2:title>4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·8</xccdf-1.2:title>
5 ··<xccdf-1.2:description>5 ··<xccdf-1.2:description>
6 ····This·guide·presents·a·catalog·of·security-relevant6 ····This·guide·presents·a·catalog·of·security-relevant
7 configuration·settings·for·Red·Hat·Enterprise·Linux·8.·It·is·a·rendering·of7 configuration·settings·for·Red·Hat·Enterprise·Linux·8.·It·is·a·rendering·of
8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
9 in·order·to·support·security·automation.··The·SCAP·content·is9 in·order·to·support·security·automation.··The·SCAP·content·is
10 is·available·in·the10 is·available·in·the
Offset 52870, 16 lines modifiedOffset 52870, 16 lines modified
52870 ··-·reboot_required52870 ··-·reboot_required
52871 ··-·restrict_strategy52871 ··-·restrict_strategy
  
52872 -·name:·Set·architecture·for·audit·open·tasks52872 -·name:·Set·architecture·for·audit·open·tasks
52873 ··set_fact:52873 ··set_fact:
52874 ····audit_arch:·b6452874 ····audit_arch:·b64
52875 ··when:52875 ··when:
52876 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
52877 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]52876 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 52877 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
52878 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture52878 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
52879 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;52879 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
52880 ··tags:52880 ··tags:
52881 ··-·CCE-80927-752881 ··-·CCE-80927-7
52882 ··-·NIST-800-53-AC-2(4)52882 ··-·NIST-800-53-AC-2(4)
52883 ··-·NIST-800-53-AC-6(9)52883 ··-·NIST-800-53-AC-6(9)
52884 ··-·NIST-800-53-AU-12(c)52884 ··-·NIST-800-53-AU-12(c)
Offset 53009, 16 lines modifiedOffset 53009, 16 lines modified
53009 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group53009 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
53010 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify53010 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
53011 ······create:·true53011 ······create:·true
53012 ······mode:·o-rwx53012 ······mode:·o-rwx
53013 ······state:·present53013 ······state:·present
53014 ····when:·syscalls_found·|·length·==·053014 ····when:·syscalls_found·|·length·==·0
53015 ··when:53015 ··when:
53016 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
53017 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]53016 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 53017 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
53018 ··tags:53018 ··tags:
53019 ··-·CCE-80927-753019 ··-·CCE-80927-7
53020 ··-·NIST-800-53-AC-2(4)53020 ··-·NIST-800-53-AC-2(4)
53021 ··-·NIST-800-53-AC-6(9)53021 ··-·NIST-800-53-AC-6(9)
53022 ··-·NIST-800-53-AU-12(c)53022 ··-·NIST-800-53-AU-12(c)
53023 ··-·NIST-800-53-AU-2(d)53023 ··-·NIST-800-53-AU-2(d)
53024 ··-·NIST-800-53-CM-6(a)53024 ··-·NIST-800-53-CM-6(a)
Offset 53146, 16 lines modifiedOffset 53146, 16 lines modified
53146 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group53146 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
53147 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify53147 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
53148 ······create:·true53148 ······create:·true
53149 ······mode:·o-rwx53149 ······mode:·o-rwx
53150 ······state:·present53150 ······state:·present
53151 ····when:·syscalls_found·|·length·==·053151 ····when:·syscalls_found·|·length·==·0
53152 ··when:53152 ··when:
53153 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
53154 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]53153 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 53154 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
53155 ··-·audit_arch·==·&quot;b64&quot;53155 ··-·audit_arch·==·&quot;b64&quot;
53156 ··tags:53156 ··tags:
53157 ··-·CCE-80927-753157 ··-·CCE-80927-7
53158 ··-·NIST-800-53-AC-2(4)53158 ··-·NIST-800-53-AC-2(4)
53159 ··-·NIST-800-53-AC-6(9)53159 ··-·NIST-800-53-AC-6(9)
53160 ··-·NIST-800-53-AU-12(c)53160 ··-·NIST-800-53-AU-12(c)
53161 ··-·NIST-800-53-AU-2(d)53161 ··-·NIST-800-53-AU-2(d)
Offset 53163, 15 lines modifiedOffset 53163, 15 lines modified
53163 ··-·audit_rules_etc_group_open53163 ··-·audit_rules_etc_group_open
53164 ··-·low_complexity53164 ··-·low_complexity
53165 ··-·low_disruption53165 ··-·low_disruption
53166 ··-·medium_severity53166 ··-·medium_severity
53167 ··-·reboot_required53167 ··-·reboot_required
53168 ··-·restrict_strategy</xccdf-1.2:fix>53168 ··-·restrict_strategy</xccdf-1.2:fix>
53169 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms53169 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms
53170 if·rpm·--quiet·-q·audit·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then53170 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·rpm·--quiet·-q·audit;·then
  
53171 #·First·perform·the·remediation·of·the·syscall·rule53171 #·First·perform·the·remediation·of·the·syscall·rule
53172 #·Retrieve·hardware·architecture·of·the·underlying·system53172 #·Retrieve·hardware·architecture·of·the·underlying·system
53173 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)53173 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
53174 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;53174 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
53175 do53175 do
Offset 53569, 16 lines modifiedOffset 53569, 16 lines modified
53569 ··-·reboot_required53569 ··-·reboot_required
53570 ··-·restrict_strategy53570 ··-·restrict_strategy
  
53571 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks53571 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks
53572 ··set_fact:53572 ··set_fact:
53573 ····audit_arch:·b6453573 ····audit_arch:·b64
53574 ··when:53574 ··when:
53575 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
53576 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]53575 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 53576 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
53577 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture53577 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
53578 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;53578 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
53579 ··tags:53579 ··tags:
53580 ··-·CCE-80929-353580 ··-·CCE-80929-3
53581 ··-·NIST-800-53-AC-2(4)53581 ··-·NIST-800-53-AC-2(4)
53582 ··-·NIST-800-53-AC-6(9)53582 ··-·NIST-800-53-AC-6(9)
53583 ··-·NIST-800-53-AU-12(c)53583 ··-·NIST-800-53-AU-12(c)
Offset 53708, 16 lines modifiedOffset 53708, 16 lines modified
53708 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group53708 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
53709 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify53709 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
53710 ······create:·true53710 ······create:·true
53711 ······mode:·o-rwx53711 ······mode:·o-rwx
53712 ······state:·present53712 ······state:·present
53713 ····when:·syscalls_found·|·length·==·053713 ····when:·syscalls_found·|·length·==·0
53714 ··when:53714 ··when:
53715 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
53716 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]53715 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 53716 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
53717 ··tags:53717 ··tags:
53718 ··-·CCE-80929-353718 ··-·CCE-80929-3
53719 ··-·NIST-800-53-AC-2(4)53719 ··-·NIST-800-53-AC-2(4)
53720 ··-·NIST-800-53-AC-6(9)53720 ··-·NIST-800-53-AC-6(9)
53721 ··-·NIST-800-53-AU-12(c)53721 ··-·NIST-800-53-AU-12(c)
53722 ··-·NIST-800-53-AU-2(d)53722 ··-·NIST-800-53-AU-2(d)
53723 ··-·NIST-800-53-CM-6(a)53723 ··-·NIST-800-53-CM-6(a)
Offset 53845, 16 lines modifiedOffset 53845, 16 lines modified
53845 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group53845 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
53846 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify53846 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
53847 ······create:·true53847 ······create:·true
53848 ······mode:·o-rwx53848 ······mode:·o-rwx
53849 ······state:·present53849 ······state:·present
53850 ····when:·syscalls_found·|·length·==·053850 ····when:·syscalls_found·|·length·==·0
53851 ··when:53851 ··when:
53852 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
53853 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]53852 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 53853 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
Max diff block lines reached; 516922/522965 bytes (98.84%) of diff not shown.
25.4 KB
./usr/share/xml/scap/ssg/content/ssg-rhel9-ds-1.2.xml
25.3 KB
./usr/share/xml/scap/ssg/content/ssg-rhel9-ds-1.2.xml
    
Offset 156, 15 lines modifiedOffset 156, 15 lines modified
156 ········<cpe-dict:title·xml:lang="en-us">Red·Hat·Enterprise·Linux·9</cpe-dict:title>156 ········<cpe-dict:title·xml:lang="en-us">Red·Hat·Enterprise·Linux·9</cpe-dict:title>
157 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel9-cpe-oval.xml">oval:ssg-installed_OS_is_rhel9:def:1</cpe-dict:check>157 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel9-cpe-oval.xml">oval:ssg-installed_OS_is_rhel9:def:1</cpe-dict:check>
158 ······</cpe-dict:cpe-item>158 ······</cpe-dict:cpe-item>
159 ····</cpe-dict:cpe-list>159 ····</cpe-dict:cpe-list>
160 ··</ds:component>160 ··</ds:component>
161 ··<ds:component·id="scap_org.open-scap_comp_ssg-rhel9-xccdf.xml"·timestamp="2022-12-20T09:54:05">161 ··<ds:component·id="scap_org.open-scap_comp_ssg-rhel9-xccdf.xml"·timestamp="2022-12-20T09:54:05">
162 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHEL-9"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">162 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHEL-9"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
163 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>163 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
164 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·9</xccdf-1.2:title>164 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·9</xccdf-1.2:title>
165 ······<xccdf-1.2:description>165 ······<xccdf-1.2:description>
166 ········This·guide·presents·a·catalog·of·security-relevant166 ········This·guide·presents·a·catalog·of·security-relevant
167 configuration·settings·for·Red·Hat·Enterprise·Linux·9.·It·is·a·rendering·of167 configuration·settings·for·Red·Hat·Enterprise·Linux·9.·It·is·a·rendering·of
168 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)168 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
169 in·order·to·support·security·automation.··The·SCAP·content·is169 in·order·to·support·security·automation.··The·SCAP·content·is
170 is·available·in·the170 is·available·in·the
Offset 168160, 16 lines modifiedOffset 168160, 16 lines modified
168160 ··-·no_reboot_needed168160 ··-·no_reboot_needed
  
168161 -·name:·Test·for·existence·/boot/grub2/grub.cfg168161 -·name:·Test·for·existence·/boot/grub2/grub.cfg
168162 ··stat:168162 ··stat:
168163 ····path:·/boot/grub2/grub.cfg168163 ····path:·/boot/grub2/grub.cfg
168164 ··register:·file_exists168164 ··register:·file_exists
168165 ··when:168165 ··when:
168166 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
168167 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'168166 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 168167 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
168168 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]168168 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
168169 ··tags:168169 ··tags:
168170 ··-·CCE-83848-2168170 ··-·CCE-83848-2
168171 ··-·CJIS-5.5.2.2168171 ··-·CJIS-5.5.2.2
168172 ··-·NIST-800-171-3.4.5168172 ··-·NIST-800-171-3.4.5
168173 ··-·NIST-800-53-AC-6(1)168173 ··-·NIST-800-53-AC-6(1)
168174 ··-·NIST-800-53-CM-6(a)168174 ··-·NIST-800-53-CM-6(a)
Offset 168182, 16 lines modifiedOffset 168182, 16 lines modified
168182 ··-·no_reboot_needed168182 ··-·no_reboot_needed
  
168183 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg168183 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
168184 ··file:168184 ··file:
168185 ····path:·/boot/grub2/grub.cfg168185 ····path:·/boot/grub2/grub.cfg
168186 ····group:·'0'168186 ····group:·'0'
168187 ··when:168187 ··when:
168188 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
168189 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'168188 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 168189 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
168190 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]168190 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
168191 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists168191 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
168192 ··tags:168192 ··tags:
168193 ··-·CCE-83848-2168193 ··-·CCE-83848-2
168194 ··-·CJIS-5.5.2.2168194 ··-·CJIS-5.5.2.2
168195 ··-·NIST-800-171-3.4.5168195 ··-·NIST-800-171-3.4.5
168196 ··-·NIST-800-53-AC-6(1)168196 ··-·NIST-800-53-AC-6(1)
Offset 168200, 15 lines modifiedOffset 168200, 15 lines modified
168200 ··-·configure_strategy168200 ··-·configure_strategy
168201 ··-·file_groupowner_grub2_cfg168201 ··-·file_groupowner_grub2_cfg
168202 ··-·low_complexity168202 ··-·low_complexity
168203 ··-·low_disruption168203 ··-·low_disruption
168204 ··-·medium_severity168204 ··-·medium_severity
168205 ··-·no_reboot_needed</xccdf-1.2:fix>168205 ··-·no_reboot_needed</xccdf-1.2:fix>
168206 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms168206 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
168207 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then168207 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
168208 chgrp·0·/boot/grub2/grub.cfg168208 chgrp·0·/boot/grub2/grub.cfg
  
168209 else168209 else
168210 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'168210 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
168211 fi</xccdf-1.2:fix>168211 fi</xccdf-1.2:fix>
168212 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">168212 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 168317, 16 lines modifiedOffset 168317, 16 lines modified
168317 ··-·no_reboot_needed168317 ··-·no_reboot_needed
  
168318 -·name:·Test·for·existence·/boot/grub2/user.cfg168318 -·name:·Test·for·existence·/boot/grub2/user.cfg
168319 ··stat:168319 ··stat:
168320 ····path:·/boot/grub2/user.cfg168320 ····path:·/boot/grub2/user.cfg
168321 ··register:·file_exists168321 ··register:·file_exists
168322 ··when:168322 ··when:
168323 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
168324 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'168323 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 168324 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
168325 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]168325 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
168326 ··tags:168326 ··tags:
168327 ··-·CCE-86010-6168327 ··-·CCE-86010-6
168328 ··-·CJIS-5.5.2.2168328 ··-·CJIS-5.5.2.2
168329 ··-·NIST-800-171-3.4.5168329 ··-·NIST-800-171-3.4.5
168330 ··-·NIST-800-53-AC-6(1)168330 ··-·NIST-800-53-AC-6(1)
168331 ··-·NIST-800-53-CM-6(a)168331 ··-·NIST-800-53-CM-6(a)
Offset 168339, 16 lines modifiedOffset 168339, 16 lines modified
168339 ··-·no_reboot_needed168339 ··-·no_reboot_needed
  
168340 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg168340 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
168341 ··file:168341 ··file:
168342 ····path:·/boot/grub2/user.cfg168342 ····path:·/boot/grub2/user.cfg
168343 ····group:·'0'168343 ····group:·'0'
168344 ··when:168344 ··when:
168345 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
168346 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'168345 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 168346 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
168347 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]168347 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
168348 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists168348 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
168349 ··tags:168349 ··tags:
168350 ··-·CCE-86010-6168350 ··-·CCE-86010-6
168351 ··-·CJIS-5.5.2.2168351 ··-·CJIS-5.5.2.2
168352 ··-·NIST-800-171-3.4.5168352 ··-·NIST-800-171-3.4.5
168353 ··-·NIST-800-53-AC-6(1)168353 ··-·NIST-800-53-AC-6(1)
Offset 168357, 15 lines modifiedOffset 168357, 15 lines modified
168357 ··-·configure_strategy168357 ··-·configure_strategy
168358 ··-·file_groupowner_user_cfg168358 ··-·file_groupowner_user_cfg
168359 ··-·low_complexity168359 ··-·low_complexity
168360 ··-·low_disruption168360 ··-·low_disruption
168361 ··-·medium_severity168361 ··-·medium_severity
168362 ··-·no_reboot_needed</xccdf-1.2:fix>168362 ··-·no_reboot_needed</xccdf-1.2:fix>
168363 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms168363 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
168364 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then168364 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
168365 chgrp·0·/boot/grub2/user.cfg168365 chgrp·0·/boot/grub2/user.cfg
  
168366 else168366 else
168367 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'168367 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
168368 fi</xccdf-1.2:fix>168368 fi</xccdf-1.2:fix>
168369 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">168369 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 168469, 16 lines modifiedOffset 168469, 16 lines modified
168469 ··-·no_reboot_needed168469 ··-·no_reboot_needed
  
168470 -·name:·Test·for·existence·/boot/grub2/grub.cfg168470 -·name:·Test·for·existence·/boot/grub2/grub.cfg
168471 ··stat:168471 ··stat:
168472 ····path:·/boot/grub2/grub.cfg168472 ····path:·/boot/grub2/grub.cfg
168473 ··register:·file_exists168473 ··register:·file_exists
168474 ··when:168474 ··when:
Max diff block lines reached; 19611/25806 bytes (75.99%) of diff not shown.
25.4 KB
./usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml
25.3 KB
./usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml
    
Offset 158, 15 lines modifiedOffset 158, 15 lines modified
158 ········<cpe-dict:title·xml:lang="en-us">Red·Hat·Enterprise·Linux·9</cpe-dict:title>158 ········<cpe-dict:title·xml:lang="en-us">Red·Hat·Enterprise·Linux·9</cpe-dict:title>
159 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel9-cpe-oval.xml">oval:ssg-installed_OS_is_rhel9:def:1</cpe-dict:check>159 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel9-cpe-oval.xml">oval:ssg-installed_OS_is_rhel9:def:1</cpe-dict:check>
160 ······</cpe-dict:cpe-item>160 ······</cpe-dict:cpe-item>
161 ····</cpe-dict:cpe-list>161 ····</cpe-dict:cpe-list>
162 ··</ds:component>162 ··</ds:component>
163 ··<ds:component·id="scap_org.open-scap_comp_ssg-rhel9-xccdf.xml"·timestamp="2022-12-20T09:54:05">163 ··<ds:component·id="scap_org.open-scap_comp_ssg-rhel9-xccdf.xml"·timestamp="2022-12-20T09:54:05">
164 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHEL-9"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">164 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHEL-9"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
165 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>165 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
166 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·9</xccdf-1.2:title>166 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·9</xccdf-1.2:title>
167 ······<xccdf-1.2:description>167 ······<xccdf-1.2:description>
168 ········This·guide·presents·a·catalog·of·security-relevant168 ········This·guide·presents·a·catalog·of·security-relevant
169 configuration·settings·for·Red·Hat·Enterprise·Linux·9.·It·is·a·rendering·of169 configuration·settings·for·Red·Hat·Enterprise·Linux·9.·It·is·a·rendering·of
170 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)170 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
171 in·order·to·support·security·automation.··The·SCAP·content·is171 in·order·to·support·security·automation.··The·SCAP·content·is
172 is·available·in·the172 is·available·in·the
Offset 168162, 16 lines modifiedOffset 168162, 16 lines modified
168162 ··-·no_reboot_needed168162 ··-·no_reboot_needed
  
168163 -·name:·Test·for·existence·/boot/grub2/grub.cfg168163 -·name:·Test·for·existence·/boot/grub2/grub.cfg
168164 ··stat:168164 ··stat:
168165 ····path:·/boot/grub2/grub.cfg168165 ····path:·/boot/grub2/grub.cfg
168166 ··register:·file_exists168166 ··register:·file_exists
168167 ··when:168167 ··when:
168168 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
168169 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'168168 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 168169 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
168170 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]168170 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
168171 ··tags:168171 ··tags:
168172 ··-·CCE-83848-2168172 ··-·CCE-83848-2
168173 ··-·CJIS-5.5.2.2168173 ··-·CJIS-5.5.2.2
168174 ··-·NIST-800-171-3.4.5168174 ··-·NIST-800-171-3.4.5
168175 ··-·NIST-800-53-AC-6(1)168175 ··-·NIST-800-53-AC-6(1)
168176 ··-·NIST-800-53-CM-6(a)168176 ··-·NIST-800-53-CM-6(a)
Offset 168184, 16 lines modifiedOffset 168184, 16 lines modified
168184 ··-·no_reboot_needed168184 ··-·no_reboot_needed
  
168185 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg168185 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
168186 ··file:168186 ··file:
168187 ····path:·/boot/grub2/grub.cfg168187 ····path:·/boot/grub2/grub.cfg
168188 ····group:·'0'168188 ····group:·'0'
168189 ··when:168189 ··when:
168190 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
168191 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'168190 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 168191 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
168192 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]168192 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
168193 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists168193 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
168194 ··tags:168194 ··tags:
168195 ··-·CCE-83848-2168195 ··-·CCE-83848-2
168196 ··-·CJIS-5.5.2.2168196 ··-·CJIS-5.5.2.2
168197 ··-·NIST-800-171-3.4.5168197 ··-·NIST-800-171-3.4.5
168198 ··-·NIST-800-53-AC-6(1)168198 ··-·NIST-800-53-AC-6(1)
Offset 168202, 15 lines modifiedOffset 168202, 15 lines modified
168202 ··-·configure_strategy168202 ··-·configure_strategy
168203 ··-·file_groupowner_grub2_cfg168203 ··-·file_groupowner_grub2_cfg
168204 ··-·low_complexity168204 ··-·low_complexity
168205 ··-·low_disruption168205 ··-·low_disruption
168206 ··-·medium_severity168206 ··-·medium_severity
168207 ··-·no_reboot_needed</xccdf-1.2:fix>168207 ··-·no_reboot_needed</xccdf-1.2:fix>
168208 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms168208 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
168209 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then168209 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
168210 chgrp·0·/boot/grub2/grub.cfg168210 chgrp·0·/boot/grub2/grub.cfg
  
168211 else168211 else
168212 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'168212 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
168213 fi</xccdf-1.2:fix>168213 fi</xccdf-1.2:fix>
168214 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">168214 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 168319, 16 lines modifiedOffset 168319, 16 lines modified
168319 ··-·no_reboot_needed168319 ··-·no_reboot_needed
  
168320 -·name:·Test·for·existence·/boot/grub2/user.cfg168320 -·name:·Test·for·existence·/boot/grub2/user.cfg
168321 ··stat:168321 ··stat:
168322 ····path:·/boot/grub2/user.cfg168322 ····path:·/boot/grub2/user.cfg
168323 ··register:·file_exists168323 ··register:·file_exists
168324 ··when:168324 ··when:
168325 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
168326 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'168325 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 168326 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
168327 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]168327 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
168328 ··tags:168328 ··tags:
168329 ··-·CCE-86010-6168329 ··-·CCE-86010-6
168330 ··-·CJIS-5.5.2.2168330 ··-·CJIS-5.5.2.2
168331 ··-·NIST-800-171-3.4.5168331 ··-·NIST-800-171-3.4.5
168332 ··-·NIST-800-53-AC-6(1)168332 ··-·NIST-800-53-AC-6(1)
168333 ··-·NIST-800-53-CM-6(a)168333 ··-·NIST-800-53-CM-6(a)
Offset 168341, 16 lines modifiedOffset 168341, 16 lines modified
168341 ··-·no_reboot_needed168341 ··-·no_reboot_needed
  
168342 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg168342 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
168343 ··file:168343 ··file:
168344 ····path:·/boot/grub2/user.cfg168344 ····path:·/boot/grub2/user.cfg
168345 ····group:·'0'168345 ····group:·'0'
168346 ··when:168346 ··when:
168347 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
168348 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'168347 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 168348 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
168349 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]168349 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
168350 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists168350 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
168351 ··tags:168351 ··tags:
168352 ··-·CCE-86010-6168352 ··-·CCE-86010-6
168353 ··-·CJIS-5.5.2.2168353 ··-·CJIS-5.5.2.2
168354 ··-·NIST-800-171-3.4.5168354 ··-·NIST-800-171-3.4.5
168355 ··-·NIST-800-53-AC-6(1)168355 ··-·NIST-800-53-AC-6(1)
Offset 168359, 15 lines modifiedOffset 168359, 15 lines modified
168359 ··-·configure_strategy168359 ··-·configure_strategy
168360 ··-·file_groupowner_user_cfg168360 ··-·file_groupowner_user_cfg
168361 ··-·low_complexity168361 ··-·low_complexity
168362 ··-·low_disruption168362 ··-·low_disruption
168363 ··-·medium_severity168363 ··-·medium_severity
168364 ··-·no_reboot_needed</xccdf-1.2:fix>168364 ··-·no_reboot_needed</xccdf-1.2:fix>
168365 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms168365 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
168366 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then168366 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
168367 chgrp·0·/boot/grub2/user.cfg168367 chgrp·0·/boot/grub2/user.cfg
  
168368 else168368 else
168369 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'168369 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
168370 fi</xccdf-1.2:fix>168370 fi</xccdf-1.2:fix>
168371 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">168371 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 168471, 16 lines modifiedOffset 168471, 16 lines modified
168471 ··-·no_reboot_needed168471 ··-·no_reboot_needed
  
168472 -·name:·Test·for·existence·/boot/grub2/grub.cfg168472 -·name:·Test·for·existence·/boot/grub2/grub.cfg
168473 ··stat:168473 ··stat:
168474 ····path:·/boot/grub2/grub.cfg168474 ····path:·/boot/grub2/grub.cfg
168475 ··register:·file_exists168475 ··register:·file_exists
168476 ··when:168476 ··when:
Max diff block lines reached; 19611/25806 bytes (75.99%) of diff not shown.
25.2 KB
./usr/share/xml/scap/ssg/content/ssg-rhel9-xccdf.xml
25.1 KB
./usr/share/xml/scap/ssg/content/ssg-rhel9-xccdf.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_RHEL-9"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_RHEL-9"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
3 ··<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>3 ··<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·9</xccdf-1.2:title>4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·9</xccdf-1.2:title>
5 ··<xccdf-1.2:description>5 ··<xccdf-1.2:description>
6 ····This·guide·presents·a·catalog·of·security-relevant6 ····This·guide·presents·a·catalog·of·security-relevant
7 configuration·settings·for·Red·Hat·Enterprise·Linux·9.·It·is·a·rendering·of7 configuration·settings·for·Red·Hat·Enterprise·Linux·9.·It·is·a·rendering·of
8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
9 in·order·to·support·security·automation.··The·SCAP·content·is9 in·order·to·support·security·automation.··The·SCAP·content·is
10 is·available·in·the10 is·available·in·the
Offset 168000, 16 lines modifiedOffset 168000, 16 lines modified
168000 ··-·no_reboot_needed168000 ··-·no_reboot_needed
  
168001 -·name:·Test·for·existence·/boot/grub2/grub.cfg168001 -·name:·Test·for·existence·/boot/grub2/grub.cfg
168002 ··stat:168002 ··stat:
168003 ····path:·/boot/grub2/grub.cfg168003 ····path:·/boot/grub2/grub.cfg
168004 ··register:·file_exists168004 ··register:·file_exists
168005 ··when:168005 ··when:
168006 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
168007 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'168006 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 168007 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
168008 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]168008 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
168009 ··tags:168009 ··tags:
168010 ··-·CCE-83848-2168010 ··-·CCE-83848-2
168011 ··-·CJIS-5.5.2.2168011 ··-·CJIS-5.5.2.2
168012 ··-·NIST-800-171-3.4.5168012 ··-·NIST-800-171-3.4.5
168013 ··-·NIST-800-53-AC-6(1)168013 ··-·NIST-800-53-AC-6(1)
168014 ··-·NIST-800-53-CM-6(a)168014 ··-·NIST-800-53-CM-6(a)
Offset 168022, 16 lines modifiedOffset 168022, 16 lines modified
168022 ··-·no_reboot_needed168022 ··-·no_reboot_needed
  
168023 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg168023 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
168024 ··file:168024 ··file:
168025 ····path:·/boot/grub2/grub.cfg168025 ····path:·/boot/grub2/grub.cfg
168026 ····group:·'0'168026 ····group:·'0'
168027 ··when:168027 ··when:
168028 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
168029 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'168028 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 168029 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
168030 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]168030 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
168031 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists168031 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
168032 ··tags:168032 ··tags:
168033 ··-·CCE-83848-2168033 ··-·CCE-83848-2
168034 ··-·CJIS-5.5.2.2168034 ··-·CJIS-5.5.2.2
168035 ··-·NIST-800-171-3.4.5168035 ··-·NIST-800-171-3.4.5
168036 ··-·NIST-800-53-AC-6(1)168036 ··-·NIST-800-53-AC-6(1)
Offset 168040, 15 lines modifiedOffset 168040, 15 lines modified
168040 ··-·configure_strategy168040 ··-·configure_strategy
168041 ··-·file_groupowner_grub2_cfg168041 ··-·file_groupowner_grub2_cfg
168042 ··-·low_complexity168042 ··-·low_complexity
168043 ··-·low_disruption168043 ··-·low_disruption
168044 ··-·medium_severity168044 ··-·medium_severity
168045 ··-·no_reboot_needed</xccdf-1.2:fix>168045 ··-·no_reboot_needed</xccdf-1.2:fix>
168046 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms168046 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
168047 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then168047 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
168048 chgrp·0·/boot/grub2/grub.cfg168048 chgrp·0·/boot/grub2/grub.cfg
  
168049 else168049 else
168050 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'168050 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
168051 fi</xccdf-1.2:fix>168051 fi</xccdf-1.2:fix>
168052 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">168052 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 168157, 16 lines modifiedOffset 168157, 16 lines modified
168157 ··-·no_reboot_needed168157 ··-·no_reboot_needed
  
168158 -·name:·Test·for·existence·/boot/grub2/user.cfg168158 -·name:·Test·for·existence·/boot/grub2/user.cfg
168159 ··stat:168159 ··stat:
168160 ····path:·/boot/grub2/user.cfg168160 ····path:·/boot/grub2/user.cfg
168161 ··register:·file_exists168161 ··register:·file_exists
168162 ··when:168162 ··when:
168163 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
168164 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'168163 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 168164 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
168165 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]168165 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
168166 ··tags:168166 ··tags:
168167 ··-·CCE-86010-6168167 ··-·CCE-86010-6
168168 ··-·CJIS-5.5.2.2168168 ··-·CJIS-5.5.2.2
168169 ··-·NIST-800-171-3.4.5168169 ··-·NIST-800-171-3.4.5
168170 ··-·NIST-800-53-AC-6(1)168170 ··-·NIST-800-53-AC-6(1)
168171 ··-·NIST-800-53-CM-6(a)168171 ··-·NIST-800-53-CM-6(a)
Offset 168179, 16 lines modifiedOffset 168179, 16 lines modified
168179 ··-·no_reboot_needed168179 ··-·no_reboot_needed
  
168180 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg168180 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
168181 ··file:168181 ··file:
168182 ····path:·/boot/grub2/user.cfg168182 ····path:·/boot/grub2/user.cfg
168183 ····group:·'0'168183 ····group:·'0'
168184 ··when:168184 ··when:
168185 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
168186 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'168185 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 168186 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
168187 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]168187 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
168188 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists168188 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
168189 ··tags:168189 ··tags:
168190 ··-·CCE-86010-6168190 ··-·CCE-86010-6
168191 ··-·CJIS-5.5.2.2168191 ··-·CJIS-5.5.2.2
168192 ··-·NIST-800-171-3.4.5168192 ··-·NIST-800-171-3.4.5
168193 ··-·NIST-800-53-AC-6(1)168193 ··-·NIST-800-53-AC-6(1)
Offset 168197, 15 lines modifiedOffset 168197, 15 lines modified
168197 ··-·configure_strategy168197 ··-·configure_strategy
168198 ··-·file_groupowner_user_cfg168198 ··-·file_groupowner_user_cfg
168199 ··-·low_complexity168199 ··-·low_complexity
168200 ··-·low_disruption168200 ··-·low_disruption
168201 ··-·medium_severity168201 ··-·medium_severity
168202 ··-·no_reboot_needed</xccdf-1.2:fix>168202 ··-·no_reboot_needed</xccdf-1.2:fix>
168203 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms168203 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_user_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
168204 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2-common·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then168204 if·rpm·--quiet·-q·grub2-common·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
168205 chgrp·0·/boot/grub2/user.cfg168205 chgrp·0·/boot/grub2/user.cfg
  
168206 else168206 else
168207 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'168207 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
168208 fi</xccdf-1.2:fix>168208 fi</xccdf-1.2:fix>
168209 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">168209 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 168309, 16 lines modifiedOffset 168309, 16 lines modified
168309 ··-·no_reboot_needed168309 ··-·no_reboot_needed
  
168310 -·name:·Test·for·existence·/boot/grub2/grub.cfg168310 -·name:·Test·for·existence·/boot/grub2/grub.cfg
168311 ··stat:168311 ··stat:
168312 ····path:·/boot/grub2/grub.cfg168312 ····path:·/boot/grub2/grub.cfg
168313 ··register:·file_exists168313 ··register:·file_exists
168314 ··when:168314 ··when:
168315 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list' 
168316 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'168315 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
 168316 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
168317 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]168317 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
168318 ··tags:168318 ··tags:
Max diff block lines reached; 19283/25553 bytes (75.46%) of diff not shown.
1.4 KB
./usr/share/xml/scap/ssg/content/ssg-rhv4-ds-1.2.xml
1.3 KB
./usr/share/xml/scap/ssg/content/ssg-rhv4-ds-1.2.xml
    
Offset 124, 15 lines modifiedOffset 124, 15 lines modified
124 ········<cpe-dict:title·xml:lang="en-us">Red·Hat·Virtualization·4·Host</cpe-dict:title>124 ········<cpe-dict:title·xml:lang="en-us">Red·Hat·Virtualization·4·Host</cpe-dict:title>
125 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhv4-cpe-oval.xml">oval:ssg-installed_OS_is_rhv4:def:1</cpe-dict:check>125 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhv4-cpe-oval.xml">oval:ssg-installed_OS_is_rhv4:def:1</cpe-dict:check>
126 ······</cpe-dict:cpe-item>126 ······</cpe-dict:cpe-item>
127 ····</cpe-dict:cpe-list>127 ····</cpe-dict:cpe-list>
128 ··</ds:component>128 ··</ds:component>
129 ··<ds:component·id="scap_org.open-scap_comp_ssg-rhv4-xccdf.xml"·timestamp="2022-12-20T09:54:05">129 ··<ds:component·id="scap_org.open-scap_comp_ssg-rhv4-xccdf.xml"·timestamp="2022-12-20T09:54:05">
130 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHV-4"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">130 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHV-4"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
131 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>131 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
132 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Virtualization·4</xccdf-1.2:title>132 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Virtualization·4</xccdf-1.2:title>
133 ······<xccdf-1.2:description>133 ······<xccdf-1.2:description>
134 ········This·guide·presents·a·catalog·of·security-relevant134 ········This·guide·presents·a·catalog·of·security-relevant
135 configuration·settings·for·Red·Hat·Virtualization·4.·It·is·a·rendering·of135 configuration·settings·for·Red·Hat·Virtualization·4.·It·is·a·rendering·of
136 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)136 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
137 in·order·to·support·security·automation.··The·SCAP·content·is137 in·order·to·support·security·automation.··The·SCAP·content·is
138 is·available·in·the138 is·available·in·the
1.39 KB
./usr/share/xml/scap/ssg/content/ssg-rhv4-ds.xml
1.29 KB
./usr/share/xml/scap/ssg/content/ssg-rhv4-ds.xml
    
Offset 124, 15 lines modifiedOffset 124, 15 lines modified
124 ········<cpe-dict:title·xml:lang="en-us">Red·Hat·Virtualization·4·Host</cpe-dict:title>124 ········<cpe-dict:title·xml:lang="en-us">Red·Hat·Virtualization·4·Host</cpe-dict:title>
125 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhv4-cpe-oval.xml">oval:ssg-installed_OS_is_rhv4:def:1</cpe-dict:check>125 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhv4-cpe-oval.xml">oval:ssg-installed_OS_is_rhv4:def:1</cpe-dict:check>
126 ······</cpe-dict:cpe-item>126 ······</cpe-dict:cpe-item>
127 ····</cpe-dict:cpe-list>127 ····</cpe-dict:cpe-list>
128 ··</ds:component>128 ··</ds:component>
129 ··<ds:component·id="scap_org.open-scap_comp_ssg-rhv4-xccdf.xml"·timestamp="2022-12-20T09:54:05">129 ··<ds:component·id="scap_org.open-scap_comp_ssg-rhv4-xccdf.xml"·timestamp="2022-12-20T09:54:05">
130 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHV-4"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">130 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHV-4"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
131 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>131 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
132 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Virtualization·4</xccdf-1.2:title>132 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Virtualization·4</xccdf-1.2:title>
133 ······<xccdf-1.2:description>133 ······<xccdf-1.2:description>
134 ········This·guide·presents·a·catalog·of·security-relevant134 ········This·guide·presents·a·catalog·of·security-relevant
135 configuration·settings·for·Red·Hat·Virtualization·4.·It·is·a·rendering·of135 configuration·settings·for·Red·Hat·Virtualization·4.·It·is·a·rendering·of
136 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)136 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
137 in·order·to·support·security·automation.··The·SCAP·content·is137 in·order·to·support·security·automation.··The·SCAP·content·is
138 is·available·in·the138 is·available·in·the
1.23 KB
./usr/share/xml/scap/ssg/content/ssg-rhv4-xccdf.xml
1.13 KB
./usr/share/xml/scap/ssg/content/ssg-rhv4-xccdf.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_RHV-4"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_RHV-4"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
3 ··<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>3 ··<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Virtualization·4</xccdf-1.2:title>4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Virtualization·4</xccdf-1.2:title>
5 ··<xccdf-1.2:description>5 ··<xccdf-1.2:description>
6 ····This·guide·presents·a·catalog·of·security-relevant6 ····This·guide·presents·a·catalog·of·security-relevant
7 configuration·settings·for·Red·Hat·Virtualization·4.·It·is·a·rendering·of7 configuration·settings·for·Red·Hat·Virtualization·4.·It·is·a·rendering·of
8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
9 in·order·to·support·security·automation.··The·SCAP·content·is9 in·order·to·support·security·automation.··The·SCAP·content·is
10 is·available·in·the10 is·available·in·the
543 KB
./usr/share/xml/scap/ssg/content/ssg-sl7-ds-1.2.xml
543 KB
./usr/share/xml/scap/ssg/content/ssg-sl7-ds-1.2.xml
    
Offset 168, 15 lines modifiedOffset 168, 15 lines modified
168 ········<cpe-dict:title·xml:lang="en-us">Scientific·Linux·7</cpe-dict:title>168 ········<cpe-dict:title·xml:lang="en-us">Scientific·Linux·7</cpe-dict:title>
169 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel7-cpe-oval.xml">oval:ssg-installed_OS_is_sl7:def:1</cpe-dict:check>169 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel7-cpe-oval.xml">oval:ssg-installed_OS_is_sl7:def:1</cpe-dict:check>
170 ······</cpe-dict:cpe-item>170 ······</cpe-dict:cpe-item>
171 ····</cpe-dict:cpe-list>171 ····</cpe-dict:cpe-list>
172 ··</ds:component>172 ··</ds:component>
173 ··<ds:component·id="scap_org.open-scap_comp_ssg-rhel7-xccdf.xml"·timestamp="2022-12-20T09:54:05">173 ··<ds:component·id="scap_org.open-scap_comp_ssg-rhel7-xccdf.xml"·timestamp="2022-12-20T09:54:05">
174 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHEL-7"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">174 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHEL-7"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
175 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>175 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
176 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·7</xccdf-1.2:title>176 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·7</xccdf-1.2:title>
177 ······<xccdf-1.2:description>177 ······<xccdf-1.2:description>
178 ········This·guide·presents·a·catalog·of·security-relevant178 ········This·guide·presents·a·catalog·of·security-relevant
179 configuration·settings·for·Red·Hat·Enterprise·Linux·7.·It·is·a·rendering·of179 configuration·settings·for·Red·Hat·Enterprise·Linux·7.·It·is·a·rendering·of
180 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)180 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
181 in·order·to·support·security·automation.··The·SCAP·content·is181 in·order·to·support·security·automation.··The·SCAP·content·is
182 is·available·in·the182 is·available·in·the
Offset 40049, 16 lines modifiedOffset 40049, 16 lines modified
40049 ··-·reboot_required40049 ··-·reboot_required
40050 ··-·restrict_strategy40050 ··-·restrict_strategy
  
40051 -·name:·Set·architecture·for·audit·open·tasks40051 -·name:·Set·architecture·for·audit·open·tasks
40052 ··set_fact:40052 ··set_fact:
40053 ····audit_arch:·b6440053 ····audit_arch:·b64
40054 ··when:40054 ··when:
40055 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
40056 ··-·'&quot;audit&quot;·in·ansible_facts.packages'40055 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 40056 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
40057 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture40057 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
40058 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;40058 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
40059 ··tags:40059 ··tags:
40060 ··-·NIST-800-53-AC-2(4)40060 ··-·NIST-800-53-AC-2(4)
40061 ··-·NIST-800-53-AC-6(9)40061 ··-·NIST-800-53-AC-6(9)
40062 ··-·NIST-800-53-AU-12(c)40062 ··-·NIST-800-53-AU-12(c)
40063 ··-·NIST-800-53-AU-2(d)40063 ··-·NIST-800-53-AU-2(d)
Offset 40187, 16 lines modifiedOffset 40187, 16 lines modified
40187 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group40187 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
40188 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify40188 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
40189 ······create:·true40189 ······create:·true
40190 ······mode:·o-rwx40190 ······mode:·o-rwx
40191 ······state:·present40191 ······state:·present
40192 ····when:·syscalls_found·|·length·==·040192 ····when:·syscalls_found·|·length·==·0
40193 ··when:40193 ··when:
40194 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
40195 ··-·'&quot;audit&quot;·in·ansible_facts.packages'40194 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 40195 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
40196 ··tags:40196 ··tags:
40197 ··-·NIST-800-53-AC-2(4)40197 ··-·NIST-800-53-AC-2(4)
40198 ··-·NIST-800-53-AC-6(9)40198 ··-·NIST-800-53-AC-6(9)
40199 ··-·NIST-800-53-AU-12(c)40199 ··-·NIST-800-53-AU-12(c)
40200 ··-·NIST-800-53-AU-2(d)40200 ··-·NIST-800-53-AU-2(d)
40201 ··-·NIST-800-53-CM-6(a)40201 ··-·NIST-800-53-CM-6(a)
40202 ··-·audit_rules_etc_group_open40202 ··-·audit_rules_etc_group_open
Offset 40323, 31 lines modifiedOffset 40323, 31 lines modified
40323 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group40323 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
40324 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify40324 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
40325 ······create:·true40325 ······create:·true
40326 ······mode:·o-rwx40326 ······mode:·o-rwx
40327 ······state:·present40327 ······state:·present
40328 ····when:·syscalls_found·|·length·==·040328 ····when:·syscalls_found·|·length·==·0
40329 ··when:40329 ··when:
40330 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
40331 ··-·'&quot;audit&quot;·in·ansible_facts.packages'40330 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 40331 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
40332 ··-·audit_arch·==·&quot;b64&quot;40332 ··-·audit_arch·==·&quot;b64&quot;
40333 ··tags:40333 ··tags:
40334 ··-·NIST-800-53-AC-2(4)40334 ··-·NIST-800-53-AC-2(4)
40335 ··-·NIST-800-53-AC-6(9)40335 ··-·NIST-800-53-AC-6(9)
40336 ··-·NIST-800-53-AU-12(c)40336 ··-·NIST-800-53-AU-12(c)
40337 ··-·NIST-800-53-AU-2(d)40337 ··-·NIST-800-53-AU-2(d)
40338 ··-·NIST-800-53-CM-6(a)40338 ··-·NIST-800-53-CM-6(a)
40339 ··-·audit_rules_etc_group_open40339 ··-·audit_rules_etc_group_open
40340 ··-·low_complexity40340 ··-·low_complexity
40341 ··-·low_disruption40341 ··-·low_disruption
40342 ··-·medium_severity40342 ··-·medium_severity
40343 ··-·reboot_required40343 ··-·reboot_required
40344 ··-·restrict_strategy</xccdf-1.2:fix>40344 ··-·restrict_strategy</xccdf-1.2:fix>
40345 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms40345 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms
40346 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·rpm·--quiet·-q·audit;·then40346 if·rpm·--quiet·-q·audit·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then
  
40347 #·First·perform·the·remediation·of·the·syscall·rule40347 #·First·perform·the·remediation·of·the·syscall·rule
40348 #·Retrieve·hardware·architecture·of·the·underlying·system40348 #·Retrieve·hardware·architecture·of·the·underlying·system
40349 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)40349 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
40350 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;40350 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
40351 do40351 do
Offset 40743, 16 lines modifiedOffset 40743, 16 lines modified
40743 ··-·reboot_required40743 ··-·reboot_required
40744 ··-·restrict_strategy40744 ··-·restrict_strategy
  
40745 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks40745 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks
40746 ··set_fact:40746 ··set_fact:
40747 ····audit_arch:·b6440747 ····audit_arch:·b64
40748 ··when:40748 ··when:
40749 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
40750 ··-·'&quot;audit&quot;·in·ansible_facts.packages'40749 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 40750 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
40751 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture40751 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
40752 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;40752 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
40753 ··tags:40753 ··tags:
40754 ··-·NIST-800-53-AC-2(4)40754 ··-·NIST-800-53-AC-2(4)
40755 ··-·NIST-800-53-AC-6(9)40755 ··-·NIST-800-53-AC-6(9)
40756 ··-·NIST-800-53-AU-12(c)40756 ··-·NIST-800-53-AU-12(c)
40757 ··-·NIST-800-53-AU-2(d)40757 ··-·NIST-800-53-AU-2(d)
Offset 40881, 16 lines modifiedOffset 40881, 16 lines modified
40881 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group40881 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
40882 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify40882 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
40883 ······create:·true40883 ······create:·true
40884 ······mode:·o-rwx40884 ······mode:·o-rwx
40885 ······state:·present40885 ······state:·present
40886 ····when:·syscalls_found·|·length·==·040886 ····when:·syscalls_found·|·length·==·0
40887 ··when:40887 ··when:
40888 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
40889 ··-·'&quot;audit&quot;·in·ansible_facts.packages'40888 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 40889 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
40890 ··tags:40890 ··tags:
40891 ··-·NIST-800-53-AC-2(4)40891 ··-·NIST-800-53-AC-2(4)
40892 ··-·NIST-800-53-AC-6(9)40892 ··-·NIST-800-53-AC-6(9)
40893 ··-·NIST-800-53-AU-12(c)40893 ··-·NIST-800-53-AU-12(c)
40894 ··-·NIST-800-53-AU-2(d)40894 ··-·NIST-800-53-AU-2(d)
40895 ··-·NIST-800-53-CM-6(a)40895 ··-·NIST-800-53-CM-6(a)
40896 ··-·audit_rules_etc_group_open_by_handle_at40896 ··-·audit_rules_etc_group_open_by_handle_at
Offset 41017, 31 lines modifiedOffset 41017, 31 lines modified
41017 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group41017 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
41018 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify41018 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
41019 ······create:·true41019 ······create:·true
41020 ······mode:·o-rwx41020 ······mode:·o-rwx
41021 ······state:·present41021 ······state:·present
41022 ····when:·syscalls_found·|·length·==·041022 ····when:·syscalls_found·|·length·==·0
Max diff block lines reached; 549530/555949 bytes (98.85%) of diff not shown.
543 KB
./usr/share/xml/scap/ssg/content/ssg-sl7-ds.xml
543 KB
./usr/share/xml/scap/ssg/content/ssg-sl7-ds.xml
    
Offset 170, 15 lines modifiedOffset 170, 15 lines modified
170 ········<cpe-dict:title·xml:lang="en-us">Scientific·Linux·7</cpe-dict:title>170 ········<cpe-dict:title·xml:lang="en-us">Scientific·Linux·7</cpe-dict:title>
171 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel7-cpe-oval.xml">oval:ssg-installed_OS_is_sl7:def:1</cpe-dict:check>171 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-rhel7-cpe-oval.xml">oval:ssg-installed_OS_is_sl7:def:1</cpe-dict:check>
172 ······</cpe-dict:cpe-item>172 ······</cpe-dict:cpe-item>
173 ····</cpe-dict:cpe-list>173 ····</cpe-dict:cpe-list>
174 ··</ds:component>174 ··</ds:component>
175 ··<ds:component·id="scap_org.open-scap_comp_ssg-rhel7-xccdf.xml"·timestamp="2022-12-20T09:54:05">175 ··<ds:component·id="scap_org.open-scap_comp_ssg-rhel7-xccdf.xml"·timestamp="2022-12-20T09:54:05">
176 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHEL-7"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">176 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_RHEL-7"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
177 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>177 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
178 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·7</xccdf-1.2:title>178 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·7</xccdf-1.2:title>
179 ······<xccdf-1.2:description>179 ······<xccdf-1.2:description>
180 ········This·guide·presents·a·catalog·of·security-relevant180 ········This·guide·presents·a·catalog·of·security-relevant
181 configuration·settings·for·Red·Hat·Enterprise·Linux·7.·It·is·a·rendering·of181 configuration·settings·for·Red·Hat·Enterprise·Linux·7.·It·is·a·rendering·of
182 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)182 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
183 in·order·to·support·security·automation.··The·SCAP·content·is183 in·order·to·support·security·automation.··The·SCAP·content·is
184 is·available·in·the184 is·available·in·the
Offset 40051, 16 lines modifiedOffset 40051, 16 lines modified
40051 ··-·reboot_required40051 ··-·reboot_required
40052 ··-·restrict_strategy40052 ··-·restrict_strategy
  
40053 -·name:·Set·architecture·for·audit·open·tasks40053 -·name:·Set·architecture·for·audit·open·tasks
40054 ··set_fact:40054 ··set_fact:
40055 ····audit_arch:·b6440055 ····audit_arch:·b64
40056 ··when:40056 ··when:
40057 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
40058 ··-·'&quot;audit&quot;·in·ansible_facts.packages'40057 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 40058 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
40059 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture40059 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
40060 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;40060 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
40061 ··tags:40061 ··tags:
40062 ··-·NIST-800-53-AC-2(4)40062 ··-·NIST-800-53-AC-2(4)
40063 ··-·NIST-800-53-AC-6(9)40063 ··-·NIST-800-53-AC-6(9)
40064 ··-·NIST-800-53-AU-12(c)40064 ··-·NIST-800-53-AU-12(c)
40065 ··-·NIST-800-53-AU-2(d)40065 ··-·NIST-800-53-AU-2(d)
Offset 40189, 16 lines modifiedOffset 40189, 16 lines modified
40189 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group40189 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
40190 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify40190 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
40191 ······create:·true40191 ······create:·true
40192 ······mode:·o-rwx40192 ······mode:·o-rwx
40193 ······state:·present40193 ······state:·present
40194 ····when:·syscalls_found·|·length·==·040194 ····when:·syscalls_found·|·length·==·0
40195 ··when:40195 ··when:
40196 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
40197 ··-·'&quot;audit&quot;·in·ansible_facts.packages'40196 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 40197 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
40198 ··tags:40198 ··tags:
40199 ··-·NIST-800-53-AC-2(4)40199 ··-·NIST-800-53-AC-2(4)
40200 ··-·NIST-800-53-AC-6(9)40200 ··-·NIST-800-53-AC-6(9)
40201 ··-·NIST-800-53-AU-12(c)40201 ··-·NIST-800-53-AU-12(c)
40202 ··-·NIST-800-53-AU-2(d)40202 ··-·NIST-800-53-AU-2(d)
40203 ··-·NIST-800-53-CM-6(a)40203 ··-·NIST-800-53-CM-6(a)
40204 ··-·audit_rules_etc_group_open40204 ··-·audit_rules_etc_group_open
Offset 40325, 31 lines modifiedOffset 40325, 31 lines modified
40325 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group40325 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
40326 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify40326 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
40327 ······create:·true40327 ······create:·true
40328 ······mode:·o-rwx40328 ······mode:·o-rwx
40329 ······state:·present40329 ······state:·present
40330 ····when:·syscalls_found·|·length·==·040330 ····when:·syscalls_found·|·length·==·0
40331 ··when:40331 ··when:
40332 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
40333 ··-·'&quot;audit&quot;·in·ansible_facts.packages'40332 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 40333 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
40334 ··-·audit_arch·==·&quot;b64&quot;40334 ··-·audit_arch·==·&quot;b64&quot;
40335 ··tags:40335 ··tags:
40336 ··-·NIST-800-53-AC-2(4)40336 ··-·NIST-800-53-AC-2(4)
40337 ··-·NIST-800-53-AC-6(9)40337 ··-·NIST-800-53-AC-6(9)
40338 ··-·NIST-800-53-AU-12(c)40338 ··-·NIST-800-53-AU-12(c)
40339 ··-·NIST-800-53-AU-2(d)40339 ··-·NIST-800-53-AU-2(d)
40340 ··-·NIST-800-53-CM-6(a)40340 ··-·NIST-800-53-CM-6(a)
40341 ··-·audit_rules_etc_group_open40341 ··-·audit_rules_etc_group_open
40342 ··-·low_complexity40342 ··-·low_complexity
40343 ··-·low_disruption40343 ··-·low_disruption
40344 ··-·medium_severity40344 ··-·medium_severity
40345 ··-·reboot_required40345 ··-·reboot_required
40346 ··-·restrict_strategy</xccdf-1.2:fix>40346 ··-·restrict_strategy</xccdf-1.2:fix>
40347 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms40347 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms
40348 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·rpm·--quiet·-q·audit;·then40348 if·rpm·--quiet·-q·audit·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then
  
40349 #·First·perform·the·remediation·of·the·syscall·rule40349 #·First·perform·the·remediation·of·the·syscall·rule
40350 #·Retrieve·hardware·architecture·of·the·underlying·system40350 #·Retrieve·hardware·architecture·of·the·underlying·system
40351 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)40351 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
40352 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;40352 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
40353 do40353 do
Offset 40745, 16 lines modifiedOffset 40745, 16 lines modified
40745 ··-·reboot_required40745 ··-·reboot_required
40746 ··-·restrict_strategy40746 ··-·restrict_strategy
  
40747 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks40747 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks
40748 ··set_fact:40748 ··set_fact:
40749 ····audit_arch:·b6440749 ····audit_arch:·b64
40750 ··when:40750 ··when:
40751 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
40752 ··-·'&quot;audit&quot;·in·ansible_facts.packages'40751 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 40752 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
40753 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture40753 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
40754 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;40754 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
40755 ··tags:40755 ··tags:
40756 ··-·NIST-800-53-AC-2(4)40756 ··-·NIST-800-53-AC-2(4)
40757 ··-·NIST-800-53-AC-6(9)40757 ··-·NIST-800-53-AC-6(9)
40758 ··-·NIST-800-53-AU-12(c)40758 ··-·NIST-800-53-AU-12(c)
40759 ··-·NIST-800-53-AU-2(d)40759 ··-·NIST-800-53-AU-2(d)
Offset 40883, 16 lines modifiedOffset 40883, 16 lines modified
40883 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group40883 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
40884 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify40884 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
40885 ······create:·true40885 ······create:·true
40886 ······mode:·o-rwx40886 ······mode:·o-rwx
40887 ······state:·present40887 ······state:·present
40888 ····when:·syscalls_found·|·length·==·040888 ····when:·syscalls_found·|·length·==·0
40889 ··when:40889 ··when:
40890 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
40891 ··-·'&quot;audit&quot;·in·ansible_facts.packages'40890 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 40891 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
40892 ··tags:40892 ··tags:
40893 ··-·NIST-800-53-AC-2(4)40893 ··-·NIST-800-53-AC-2(4)
40894 ··-·NIST-800-53-AC-6(9)40894 ··-·NIST-800-53-AC-6(9)
40895 ··-·NIST-800-53-AU-12(c)40895 ··-·NIST-800-53-AU-12(c)
40896 ··-·NIST-800-53-AU-2(d)40896 ··-·NIST-800-53-AU-2(d)
40897 ··-·NIST-800-53-CM-6(a)40897 ··-·NIST-800-53-CM-6(a)
40898 ··-·audit_rules_etc_group_open_by_handle_at40898 ··-·audit_rules_etc_group_open_by_handle_at
Offset 41019, 31 lines modifiedOffset 41019, 31 lines modified
41019 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group41019 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
41020 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify41020 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
41021 ······create:·true41021 ······create:·true
41022 ······mode:·o-rwx41022 ······mode:·o-rwx
41023 ······state:·present41023 ······state:·present
41024 ····when:·syscalls_found·|·length·==·041024 ····when:·syscalls_found·|·length·==·0
Max diff block lines reached; 549530/555949 bytes (98.85%) of diff not shown.
542 KB
./usr/share/xml/scap/ssg/content/ssg-sl7-xccdf.xml
542 KB
./usr/share/xml/scap/ssg/content/ssg-sl7-xccdf.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_RHEL-7"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_RHEL-7"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
3 ··<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>3 ··<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·7</xccdf-1.2:title>4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·Red·Hat·Enterprise·Linux·7</xccdf-1.2:title>
5 ··<xccdf-1.2:description>5 ··<xccdf-1.2:description>
6 ····This·guide·presents·a·catalog·of·security-relevant6 ····This·guide·presents·a·catalog·of·security-relevant
7 configuration·settings·for·Red·Hat·Enterprise·Linux·7.·It·is·a·rendering·of7 configuration·settings·for·Red·Hat·Enterprise·Linux·7.·It·is·a·rendering·of
8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
9 in·order·to·support·security·automation.··The·SCAP·content·is9 in·order·to·support·security·automation.··The·SCAP·content·is
10 is·available·in·the10 is·available·in·the
Offset 39877, 16 lines modifiedOffset 39877, 16 lines modified
39877 ··-·reboot_required39877 ··-·reboot_required
39878 ··-·restrict_strategy39878 ··-·restrict_strategy
  
39879 -·name:·Set·architecture·for·audit·open·tasks39879 -·name:·Set·architecture·for·audit·open·tasks
39880 ··set_fact:39880 ··set_fact:
39881 ····audit_arch:·b6439881 ····audit_arch:·b64
39882 ··when:39882 ··when:
39883 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
39884 ··-·'&quot;audit&quot;·in·ansible_facts.packages'39883 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 39884 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
39885 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture39885 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
39886 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;39886 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
39887 ··tags:39887 ··tags:
39888 ··-·NIST-800-53-AC-2(4)39888 ··-·NIST-800-53-AC-2(4)
39889 ··-·NIST-800-53-AC-6(9)39889 ··-·NIST-800-53-AC-6(9)
39890 ··-·NIST-800-53-AU-12(c)39890 ··-·NIST-800-53-AU-12(c)
39891 ··-·NIST-800-53-AU-2(d)39891 ··-·NIST-800-53-AU-2(d)
Offset 40015, 16 lines modifiedOffset 40015, 16 lines modified
40015 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group40015 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
40016 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify40016 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
40017 ······create:·true40017 ······create:·true
40018 ······mode:·o-rwx40018 ······mode:·o-rwx
40019 ······state:·present40019 ······state:·present
40020 ····when:·syscalls_found·|·length·==·040020 ····when:·syscalls_found·|·length·==·0
40021 ··when:40021 ··when:
40022 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
40023 ··-·'&quot;audit&quot;·in·ansible_facts.packages'40022 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 40023 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
40024 ··tags:40024 ··tags:
40025 ··-·NIST-800-53-AC-2(4)40025 ··-·NIST-800-53-AC-2(4)
40026 ··-·NIST-800-53-AC-6(9)40026 ··-·NIST-800-53-AC-6(9)
40027 ··-·NIST-800-53-AU-12(c)40027 ··-·NIST-800-53-AU-12(c)
40028 ··-·NIST-800-53-AU-2(d)40028 ··-·NIST-800-53-AU-2(d)
40029 ··-·NIST-800-53-CM-6(a)40029 ··-·NIST-800-53-CM-6(a)
40030 ··-·audit_rules_etc_group_open40030 ··-·audit_rules_etc_group_open
Offset 40151, 31 lines modifiedOffset 40151, 31 lines modified
40151 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group40151 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a1&amp;03·-F·path=/etc/group
40152 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify40152 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
40153 ······create:·true40153 ······create:·true
40154 ······mode:·o-rwx40154 ······mode:·o-rwx
40155 ······state:·present40155 ······state:·present
40156 ····when:·syscalls_found·|·length·==·040156 ····when:·syscalls_found·|·length·==·0
40157 ··when:40157 ··when:
40158 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
40159 ··-·'&quot;audit&quot;·in·ansible_facts.packages'40158 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 40159 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
40160 ··-·audit_arch·==·&quot;b64&quot;40160 ··-·audit_arch·==·&quot;b64&quot;
40161 ··tags:40161 ··tags:
40162 ··-·NIST-800-53-AC-2(4)40162 ··-·NIST-800-53-AC-2(4)
40163 ··-·NIST-800-53-AC-6(9)40163 ··-·NIST-800-53-AC-6(9)
40164 ··-·NIST-800-53-AU-12(c)40164 ··-·NIST-800-53-AU-12(c)
40165 ··-·NIST-800-53-AU-2(d)40165 ··-·NIST-800-53-AU-2(d)
40166 ··-·NIST-800-53-CM-6(a)40166 ··-·NIST-800-53-CM-6(a)
40167 ··-·audit_rules_etc_group_open40167 ··-·audit_rules_etc_group_open
40168 ··-·low_complexity40168 ··-·low_complexity
40169 ··-·low_disruption40169 ··-·low_disruption
40170 ··-·medium_severity40170 ··-·medium_severity
40171 ··-·reboot_required40171 ··-·reboot_required
40172 ··-·restrict_strategy</xccdf-1.2:fix>40172 ··-·restrict_strategy</xccdf-1.2:fix>
40173 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms40173 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_etc_group_open">#·Remediation·is·applicable·only·in·certain·platforms
40174 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·rpm·--quiet·-q·audit;·then40174 if·rpm·--quiet·-q·audit·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then
  
40175 #·First·perform·the·remediation·of·the·syscall·rule40175 #·First·perform·the·remediation·of·the·syscall·rule
40176 #·Retrieve·hardware·architecture·of·the·underlying·system40176 #·Retrieve·hardware·architecture·of·the·underlying·system
40177 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)40177 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
40178 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;40178 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
40179 do40179 do
Offset 40571, 16 lines modifiedOffset 40571, 16 lines modified
40571 ··-·reboot_required40571 ··-·reboot_required
40572 ··-·restrict_strategy40572 ··-·restrict_strategy
  
40573 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks40573 -·name:·Set·architecture·for·audit·open_by_handle_at·tasks
40574 ··set_fact:40574 ··set_fact:
40575 ····audit_arch:·b6440575 ····audit_arch:·b64
40576 ··when:40576 ··when:
40577 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
40578 ··-·'&quot;audit&quot;·in·ansible_facts.packages'40577 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 40578 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
40579 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture40579 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
40580 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;40580 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
40581 ··tags:40581 ··tags:
40582 ··-·NIST-800-53-AC-2(4)40582 ··-·NIST-800-53-AC-2(4)
40583 ··-·NIST-800-53-AC-6(9)40583 ··-·NIST-800-53-AC-6(9)
40584 ··-·NIST-800-53-AU-12(c)40584 ··-·NIST-800-53-AU-12(c)
40585 ··-·NIST-800-53-AU-2(d)40585 ··-·NIST-800-53-AU-2(d)
Offset 40709, 16 lines modifiedOffset 40709, 16 lines modified
40709 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group40709 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
40710 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify40710 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
40711 ······create:·true40711 ······create:·true
40712 ······mode:·o-rwx40712 ······mode:·o-rwx
40713 ······state:·present40713 ······state:·present
40714 ····when:·syscalls_found·|·length·==·040714 ····when:·syscalls_found·|·length·==·0
40715 ··when:40715 ··when:
40716 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
40717 ··-·'&quot;audit&quot;·in·ansible_facts.packages'40716 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 40717 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
40718 ··tags:40718 ··tags:
40719 ··-·NIST-800-53-AC-2(4)40719 ··-·NIST-800-53-AC-2(4)
40720 ··-·NIST-800-53-AC-6(9)40720 ··-·NIST-800-53-AC-6(9)
40721 ··-·NIST-800-53-AU-12(c)40721 ··-·NIST-800-53-AU-12(c)
40722 ··-·NIST-800-53-AU-2(d)40722 ··-·NIST-800-53-AU-2(d)
40723 ··-·NIST-800-53-CM-6(a)40723 ··-·NIST-800-53-CM-6(a)
40724 ··-·audit_rules_etc_group_open_by_handle_at40724 ··-·audit_rules_etc_group_open_by_handle_at
Offset 40845, 31 lines modifiedOffset 40845, 31 lines modified
40845 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group40845 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·a2&amp;03·-F·path=/etc/group
40846 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify40846 ········-F·auid&gt;=1000·-F·auid!=unset·-F·key=modify
40847 ······create:·true40847 ······create:·true
40848 ······mode:·o-rwx40848 ······mode:·o-rwx
40849 ······state:·present40849 ······state:·present
40850 ····when:·syscalls_found·|·length·==·040850 ····when:·syscalls_found·|·length·==·0
40851 ··when:40851 ··when:
40852 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
40853 ··-·'&quot;audit&quot;·in·ansible_facts.packages'40852 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 40853 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
40854 ··-·audit_arch·==·&quot;b64&quot;40854 ··-·audit_arch·==·&quot;b64&quot;
Max diff block lines reached; 547931/554564 bytes (98.80%) of diff not shown.
347 KB
./usr/share/xml/scap/ssg/content/ssg-sle12-ds-1.2.xml
347 KB
./usr/share/xml/scap/ssg/content/ssg-sle12-ds-1.2.xml
    
Offset 120, 15 lines modifiedOffset 120, 15 lines modified
120 ········<cpe-dict:title·xml:lang="en-us">SUSE·Linux·Enterprise·Server·12</cpe-dict:title>120 ········<cpe-dict:title·xml:lang="en-us">SUSE·Linux·Enterprise·Server·12</cpe-dict:title>
121 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-sle12-cpe-oval.xml">oval:ssg-installed_OS_is_sle12:def:1</cpe-dict:check>121 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-sle12-cpe-oval.xml">oval:ssg-installed_OS_is_sle12:def:1</cpe-dict:check>
122 ······</cpe-dict:cpe-item>122 ······</cpe-dict:cpe-item>
123 ····</cpe-dict:cpe-list>123 ····</cpe-dict:cpe-list>
124 ··</ds:component>124 ··</ds:component>
125 ··<ds:component·id="scap_org.open-scap_comp_ssg-sle12-xccdf.xml"·timestamp="2022-12-20T09:54:05">125 ··<ds:component·id="scap_org.open-scap_comp_ssg-sle12-xccdf.xml"·timestamp="2022-12-20T09:54:05">
126 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_SLE-12"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">126 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_SLE-12"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
127 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>127 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
128 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·SUSE·Linux·Enterprise·12</xccdf-1.2:title>128 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·SUSE·Linux·Enterprise·12</xccdf-1.2:title>
129 ······<xccdf-1.2:description>129 ······<xccdf-1.2:description>
130 ········This·guide·presents·a·catalog·of·security-relevant130 ········This·guide·presents·a·catalog·of·security-relevant
131 configuration·settings·for·SUSE·Linux·Enterprise·12.·It·is·a·rendering·of131 configuration·settings·for·SUSE·Linux·Enterprise·12.·It·is·a·rendering·of
132 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)132 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
133 in·order·to·support·security·automation.··The·SCAP·content·is133 in·order·to·support·security·automation.··The·SCAP·content·is
134 is·available·in·the134 is·available·in·the
Offset 33079, 32 lines modifiedOffset 33079, 32 lines modified
33079 ··-·medium_severity33079 ··-·medium_severity
33080 ··-·no_reboot_needed33080 ··-·no_reboot_needed
33081 ··-·restrict_strategy33081 ··-·restrict_strategy
  
33082 -·name:·Service·facts33082 -·name:·Service·facts
33083 ··service_facts:·null33083 ··service_facts:·null
33084 ··when:33084 ··when:
33085 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
33086 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]33085 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 33086 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
33087 ··tags:33087 ··tags:
33088 ··-·CCE-83119-833088 ··-·CCE-83119-8
33089 ··-·DISA-STIG-SLES-12-02019933089 ··-·DISA-STIG-SLES-12-020199
33090 ··-·audit_rules_enable_syscall_auditing33090 ··-·audit_rules_enable_syscall_auditing
33091 ··-·low_complexity33091 ··-·low_complexity
33092 ··-·low_disruption33092 ··-·low_disruption
33093 ··-·medium_severity33093 ··-·medium_severity
33094 ··-·no_reboot_needed33094 ··-·no_reboot_needed
33095 ··-·restrict_strategy33095 ··-·restrict_strategy
  
33096 -·name:·Check·the·rules·script·being·used33096 -·name:·Check·the·rules·script·being·used
33097 ··command:·grep·-E·'^(ExecStartPost|Requires)'·/usr/lib/systemd/system/auditd.service33097 ··command:·grep·-E·'^(ExecStartPost|Requires)'·/usr/lib/systemd/system/auditd.service
33098 ··register:·check_rules_scripts_result33098 ··register:·check_rules_scripts_result
33099 ··when:33099 ··when:
33100 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
33101 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]33100 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 33101 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
33102 ··tags:33102 ··tags:
33103 ··-·CCE-83119-833103 ··-·CCE-83119-8
33104 ··-·DISA-STIG-SLES-12-02019933104 ··-·DISA-STIG-SLES-12-020199
33105 ··-·audit_rules_enable_syscall_auditing33105 ··-·audit_rules_enable_syscall_auditing
33106 ··-·low_complexity33106 ··-·low_complexity
33107 ··-·low_disruption33107 ··-·low_disruption
33108 ··-·medium_severity33108 ··-·medium_severity
Offset 33114, 16 lines modifiedOffset 33114, 16 lines modified
33114 -·name:·Find·audit·rules·in·/etc/audit/rules.d33114 -·name:·Find·audit·rules·in·/etc/audit/rules.d
33115 ··find:33115 ··find:
33116 ····paths:·/etc/audit/rules.d33116 ····paths:·/etc/audit/rules.d
33117 ····file_type:·file33117 ····file_type:·file
33118 ····follow:·true33118 ····follow:·true
33119 ··register:·find_audit_rules_result33119 ··register:·find_audit_rules_result
33120 ··when:33120 ··when:
33121 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
33122 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]33121 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 33122 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
33123 ··-·'&quot;auditd.service&quot;·in·ansible_facts.services'33123 ··-·'&quot;auditd.service&quot;·in·ansible_facts.services'
33124 ··-·'&quot;augenrules&quot;·in·check_rules_scripts_result.stdout'33124 ··-·'&quot;augenrules&quot;·in·check_rules_scripts_result.stdout'
33125 ··tags:33125 ··tags:
33126 ··-·CCE-83119-833126 ··-·CCE-83119-8
33127 ··-·DISA-STIG-SLES-12-02019933127 ··-·DISA-STIG-SLES-12-020199
33128 ··-·audit_rules_enable_syscall_auditing33128 ··-·audit_rules_enable_syscall_auditing
33129 ··-·low_complexity33129 ··-·low_complexity
Offset 33135, 16 lines modifiedOffset 33135, 16 lines modified
33135 -·name:·Enable·syscall·auditing·(augenrules)33135 -·name:·Enable·syscall·auditing·(augenrules)
33136 ··lineinfile:33136 ··lineinfile:
33137 ····path:·'{{·item.path·}}'33137 ····path:·'{{·item.path·}}'
33138 ····regex:·^(?i)(\s*-a\s+task,never)\s*$33138 ····regex:·^(?i)(\s*-a\s+task,never)\s*$
33139 ····line:·'#-a·task,never'33139 ····line:·'#-a·task,never'
33140 ··with_items:·'{{·find_audit_rules_result.files·}}'33140 ··with_items:·'{{·find_audit_rules_result.files·}}'
33141 ··when:33141 ··when:
33142 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
33143 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]33142 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 33143 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
33144 ··-·'&quot;auditd.service&quot;·in·ansible_facts.services'33144 ··-·'&quot;auditd.service&quot;·in·ansible_facts.services'
33145 ··-·'&quot;augenrules&quot;·in·check_rules_scripts_result.stdout'33145 ··-·'&quot;augenrules&quot;·in·check_rules_scripts_result.stdout'
33146 ··register:·augenrules_syscall_auditing_rule_update_result33146 ··register:·augenrules_syscall_auditing_rule_update_result
33147 ··tags:33147 ··tags:
33148 ··-·CCE-83119-833148 ··-·CCE-83119-8
33149 ··-·DISA-STIG-SLES-12-02019933149 ··-·DISA-STIG-SLES-12-020199
33150 ··-·audit_rules_enable_syscall_auditing33150 ··-·audit_rules_enable_syscall_auditing
Offset 33156, 16 lines modifiedOffset 33156, 16 lines modified
  
33156 -·name:·Enable·syscall·auditing·(auditctl)33156 -·name:·Enable·syscall·auditing·(auditctl)
33157 ··lineinfile:33157 ··lineinfile:
33158 ····path:·/etc/audit/audit.rules33158 ····path:·/etc/audit/audit.rules
33159 ····regex:·^(?i)(\s*-a\s+task,never)\s*$33159 ····regex:·^(?i)(\s*-a\s+task,never)\s*$
33160 ····line:·'#-a·task,never'33160 ····line:·'#-a·task,never'
33161 ··when:33161 ··when:
33162 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
33163 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]33162 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 33163 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
33164 ··-·'&quot;auditd.service&quot;·in·ansible_facts.services'33164 ··-·'&quot;auditd.service&quot;·in·ansible_facts.services'
33165 ··-·'&quot;auditctl&quot;·in·check_rules_scripts_result.stdout'33165 ··-·'&quot;auditctl&quot;·in·check_rules_scripts_result.stdout'
33166 ··register:·auditctl_syscall_auditing_rule_update_result33166 ··register:·auditctl_syscall_auditing_rule_update_result
33167 ··tags:33167 ··tags:
33168 ··-·CCE-83119-833168 ··-·CCE-83119-8
33169 ··-·DISA-STIG-SLES-12-02019933169 ··-·DISA-STIG-SLES-12-020199
33170 ··-·audit_rules_enable_syscall_auditing33170 ··-·audit_rules_enable_syscall_auditing
Offset 33176, 29 lines modifiedOffset 33176, 29 lines modified
33176 ··-·restrict_strategy33176 ··-·restrict_strategy
  
33177 -·name:·Restart·auditd.service33177 -·name:·Restart·auditd.service
33178 ··systemd:33178 ··systemd:
33179 ····name:·auditd.service33179 ····name:·auditd.service
33180 ····state:·restarted33180 ····state:·restarted
33181 ··when:33181 ··when:
33182 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
33183 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]33182 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 33183 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
33184 ··-·ansible_facts.services[&quot;auditd.service&quot;].state·==·&quot;running&quot;33184 ··-·ansible_facts.services[&quot;auditd.service&quot;].state·==·&quot;running&quot;
33185 ··-·(augenrules_syscall_auditing_rule_update_result.changed·or·auditctl_syscall_auditing_rule_update_result.changed)33185 ··-·(augenrules_syscall_auditing_rule_update_result.changed·or·auditctl_syscall_auditing_rule_update_result.changed)
33186 ··tags:33186 ··tags:
33187 ··-·CCE-83119-833187 ··-·CCE-83119-8
33188 ··-·DISA-STIG-SLES-12-02019933188 ··-·DISA-STIG-SLES-12-020199
33189 ··-·audit_rules_enable_syscall_auditing33189 ··-·audit_rules_enable_syscall_auditing
33190 ··-·low_complexity33190 ··-·low_complexity
33191 ··-·low_disruption33191 ··-·low_disruption
33192 ··-·medium_severity33192 ··-·medium_severity
33193 ··-·no_reboot_needed33193 ··-·no_reboot_needed
33194 ··-·restrict_strategy</xccdf-1.2:fix>33194 ··-·restrict_strategy</xccdf-1.2:fix>
33195 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_enable_syscall_auditing">#·Remediation·is·applicable·only·in·certain·platforms33195 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_enable_syscall_auditing">#·Remediation·is·applicable·only·in·certain·platforms
Max diff block lines reached; 349024/354801 bytes (98.37%) of diff not shown.
347 KB
./usr/share/xml/scap/ssg/content/ssg-sle12-ds.xml
347 KB
./usr/share/xml/scap/ssg/content/ssg-sle12-ds.xml
    
Offset 122, 15 lines modifiedOffset 122, 15 lines modified
122 ········<cpe-dict:title·xml:lang="en-us">SUSE·Linux·Enterprise·Server·12</cpe-dict:title>122 ········<cpe-dict:title·xml:lang="en-us">SUSE·Linux·Enterprise·Server·12</cpe-dict:title>
123 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-sle12-cpe-oval.xml">oval:ssg-installed_OS_is_sle12:def:1</cpe-dict:check>123 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-sle12-cpe-oval.xml">oval:ssg-installed_OS_is_sle12:def:1</cpe-dict:check>
124 ······</cpe-dict:cpe-item>124 ······</cpe-dict:cpe-item>
125 ····</cpe-dict:cpe-list>125 ····</cpe-dict:cpe-list>
126 ··</ds:component>126 ··</ds:component>
127 ··<ds:component·id="scap_org.open-scap_comp_ssg-sle12-xccdf.xml"·timestamp="2022-12-20T09:54:05">127 ··<ds:component·id="scap_org.open-scap_comp_ssg-sle12-xccdf.xml"·timestamp="2022-12-20T09:54:05">
128 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_SLE-12"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">128 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_SLE-12"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
129 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>129 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
130 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·SUSE·Linux·Enterprise·12</xccdf-1.2:title>130 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·SUSE·Linux·Enterprise·12</xccdf-1.2:title>
131 ······<xccdf-1.2:description>131 ······<xccdf-1.2:description>
132 ········This·guide·presents·a·catalog·of·security-relevant132 ········This·guide·presents·a·catalog·of·security-relevant
133 configuration·settings·for·SUSE·Linux·Enterprise·12.·It·is·a·rendering·of133 configuration·settings·for·SUSE·Linux·Enterprise·12.·It·is·a·rendering·of
134 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)134 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
135 in·order·to·support·security·automation.··The·SCAP·content·is135 in·order·to·support·security·automation.··The·SCAP·content·is
136 is·available·in·the136 is·available·in·the
Offset 33081, 32 lines modifiedOffset 33081, 32 lines modified
33081 ··-·medium_severity33081 ··-·medium_severity
33082 ··-·no_reboot_needed33082 ··-·no_reboot_needed
33083 ··-·restrict_strategy33083 ··-·restrict_strategy
  
33084 -·name:·Service·facts33084 -·name:·Service·facts
33085 ··service_facts:·null33085 ··service_facts:·null
33086 ··when:33086 ··when:
33087 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
33088 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]33087 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 33088 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
33089 ··tags:33089 ··tags:
33090 ··-·CCE-83119-833090 ··-·CCE-83119-8
33091 ··-·DISA-STIG-SLES-12-02019933091 ··-·DISA-STIG-SLES-12-020199
33092 ··-·audit_rules_enable_syscall_auditing33092 ··-·audit_rules_enable_syscall_auditing
33093 ··-·low_complexity33093 ··-·low_complexity
33094 ··-·low_disruption33094 ··-·low_disruption
33095 ··-·medium_severity33095 ··-·medium_severity
33096 ··-·no_reboot_needed33096 ··-·no_reboot_needed
33097 ··-·restrict_strategy33097 ··-·restrict_strategy
  
33098 -·name:·Check·the·rules·script·being·used33098 -·name:·Check·the·rules·script·being·used
33099 ··command:·grep·-E·'^(ExecStartPost|Requires)'·/usr/lib/systemd/system/auditd.service33099 ··command:·grep·-E·'^(ExecStartPost|Requires)'·/usr/lib/systemd/system/auditd.service
33100 ··register:·check_rules_scripts_result33100 ··register:·check_rules_scripts_result
33101 ··when:33101 ··when:
33102 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
33103 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]33102 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 33103 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
33104 ··tags:33104 ··tags:
33105 ··-·CCE-83119-833105 ··-·CCE-83119-8
33106 ··-·DISA-STIG-SLES-12-02019933106 ··-·DISA-STIG-SLES-12-020199
33107 ··-·audit_rules_enable_syscall_auditing33107 ··-·audit_rules_enable_syscall_auditing
33108 ··-·low_complexity33108 ··-·low_complexity
33109 ··-·low_disruption33109 ··-·low_disruption
33110 ··-·medium_severity33110 ··-·medium_severity
Offset 33116, 16 lines modifiedOffset 33116, 16 lines modified
33116 -·name:·Find·audit·rules·in·/etc/audit/rules.d33116 -·name:·Find·audit·rules·in·/etc/audit/rules.d
33117 ··find:33117 ··find:
33118 ····paths:·/etc/audit/rules.d33118 ····paths:·/etc/audit/rules.d
33119 ····file_type:·file33119 ····file_type:·file
33120 ····follow:·true33120 ····follow:·true
33121 ··register:·find_audit_rules_result33121 ··register:·find_audit_rules_result
33122 ··when:33122 ··when:
33123 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
33124 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]33123 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 33124 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
33125 ··-·'&quot;auditd.service&quot;·in·ansible_facts.services'33125 ··-·'&quot;auditd.service&quot;·in·ansible_facts.services'
33126 ··-·'&quot;augenrules&quot;·in·check_rules_scripts_result.stdout'33126 ··-·'&quot;augenrules&quot;·in·check_rules_scripts_result.stdout'
33127 ··tags:33127 ··tags:
33128 ··-·CCE-83119-833128 ··-·CCE-83119-8
33129 ··-·DISA-STIG-SLES-12-02019933129 ··-·DISA-STIG-SLES-12-020199
33130 ··-·audit_rules_enable_syscall_auditing33130 ··-·audit_rules_enable_syscall_auditing
33131 ··-·low_complexity33131 ··-·low_complexity
Offset 33137, 16 lines modifiedOffset 33137, 16 lines modified
33137 -·name:·Enable·syscall·auditing·(augenrules)33137 -·name:·Enable·syscall·auditing·(augenrules)
33138 ··lineinfile:33138 ··lineinfile:
33139 ····path:·'{{·item.path·}}'33139 ····path:·'{{·item.path·}}'
33140 ····regex:·^(?i)(\s*-a\s+task,never)\s*$33140 ····regex:·^(?i)(\s*-a\s+task,never)\s*$
33141 ····line:·'#-a·task,never'33141 ····line:·'#-a·task,never'
33142 ··with_items:·'{{·find_audit_rules_result.files·}}'33142 ··with_items:·'{{·find_audit_rules_result.files·}}'
33143 ··when:33143 ··when:
33144 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
33145 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]33144 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 33145 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
33146 ··-·'&quot;auditd.service&quot;·in·ansible_facts.services'33146 ··-·'&quot;auditd.service&quot;·in·ansible_facts.services'
33147 ··-·'&quot;augenrules&quot;·in·check_rules_scripts_result.stdout'33147 ··-·'&quot;augenrules&quot;·in·check_rules_scripts_result.stdout'
33148 ··register:·augenrules_syscall_auditing_rule_update_result33148 ··register:·augenrules_syscall_auditing_rule_update_result
33149 ··tags:33149 ··tags:
33150 ··-·CCE-83119-833150 ··-·CCE-83119-8
33151 ··-·DISA-STIG-SLES-12-02019933151 ··-·DISA-STIG-SLES-12-020199
33152 ··-·audit_rules_enable_syscall_auditing33152 ··-·audit_rules_enable_syscall_auditing
Offset 33158, 16 lines modifiedOffset 33158, 16 lines modified
  
33158 -·name:·Enable·syscall·auditing·(auditctl)33158 -·name:·Enable·syscall·auditing·(auditctl)
33159 ··lineinfile:33159 ··lineinfile:
33160 ····path:·/etc/audit/audit.rules33160 ····path:·/etc/audit/audit.rules
33161 ····regex:·^(?i)(\s*-a\s+task,never)\s*$33161 ····regex:·^(?i)(\s*-a\s+task,never)\s*$
33162 ····line:·'#-a·task,never'33162 ····line:·'#-a·task,never'
33163 ··when:33163 ··when:
33164 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
33165 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]33164 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 33165 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
33166 ··-·'&quot;auditd.service&quot;·in·ansible_facts.services'33166 ··-·'&quot;auditd.service&quot;·in·ansible_facts.services'
33167 ··-·'&quot;auditctl&quot;·in·check_rules_scripts_result.stdout'33167 ··-·'&quot;auditctl&quot;·in·check_rules_scripts_result.stdout'
33168 ··register:·auditctl_syscall_auditing_rule_update_result33168 ··register:·auditctl_syscall_auditing_rule_update_result
33169 ··tags:33169 ··tags:
33170 ··-·CCE-83119-833170 ··-·CCE-83119-8
33171 ··-·DISA-STIG-SLES-12-02019933171 ··-·DISA-STIG-SLES-12-020199
33172 ··-·audit_rules_enable_syscall_auditing33172 ··-·audit_rules_enable_syscall_auditing
Offset 33178, 29 lines modifiedOffset 33178, 29 lines modified
33178 ··-·restrict_strategy33178 ··-·restrict_strategy
  
33179 -·name:·Restart·auditd.service33179 -·name:·Restart·auditd.service
33180 ··systemd:33180 ··systemd:
33181 ····name:·auditd.service33181 ····name:·auditd.service
33182 ····state:·restarted33182 ····state:·restarted
33183 ··when:33183 ··when:
33184 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
33185 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]33184 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 33185 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
33186 ··-·ansible_facts.services[&quot;auditd.service&quot;].state·==·&quot;running&quot;33186 ··-·ansible_facts.services[&quot;auditd.service&quot;].state·==·&quot;running&quot;
33187 ··-·(augenrules_syscall_auditing_rule_update_result.changed·or·auditctl_syscall_auditing_rule_update_result.changed)33187 ··-·(augenrules_syscall_auditing_rule_update_result.changed·or·auditctl_syscall_auditing_rule_update_result.changed)
33188 ··tags:33188 ··tags:
33189 ··-·CCE-83119-833189 ··-·CCE-83119-8
33190 ··-·DISA-STIG-SLES-12-02019933190 ··-·DISA-STIG-SLES-12-020199
33191 ··-·audit_rules_enable_syscall_auditing33191 ··-·audit_rules_enable_syscall_auditing
33192 ··-·low_complexity33192 ··-·low_complexity
33193 ··-·low_disruption33193 ··-·low_disruption
33194 ··-·medium_severity33194 ··-·medium_severity
33195 ··-·no_reboot_needed33195 ··-·no_reboot_needed
33196 ··-·restrict_strategy</xccdf-1.2:fix>33196 ··-·restrict_strategy</xccdf-1.2:fix>
33197 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_enable_syscall_auditing">#·Remediation·is·applicable·only·in·certain·platforms33197 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_enable_syscall_auditing">#·Remediation·is·applicable·only·in·certain·platforms
Max diff block lines reached; 349024/354801 bytes (98.37%) of diff not shown.
346 KB
./usr/share/xml/scap/ssg/content/ssg-sle12-xccdf.xml
346 KB
./usr/share/xml/scap/ssg/content/ssg-sle12-xccdf.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_SLE-12"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_SLE-12"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
3 ··<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>3 ··<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·SUSE·Linux·Enterprise·12</xccdf-1.2:title>4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·SUSE·Linux·Enterprise·12</xccdf-1.2:title>
5 ··<xccdf-1.2:description>5 ··<xccdf-1.2:description>
6 ····This·guide·presents·a·catalog·of·security-relevant6 ····This·guide·presents·a·catalog·of·security-relevant
7 configuration·settings·for·SUSE·Linux·Enterprise·12.·It·is·a·rendering·of7 configuration·settings·for·SUSE·Linux·Enterprise·12.·It·is·a·rendering·of
8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
9 in·order·to·support·security·automation.··The·SCAP·content·is9 in·order·to·support·security·automation.··The·SCAP·content·is
10 is·available·in·the10 is·available·in·the
Offset 32955, 32 lines modifiedOffset 32955, 32 lines modified
32955 ··-·medium_severity32955 ··-·medium_severity
32956 ··-·no_reboot_needed32956 ··-·no_reboot_needed
32957 ··-·restrict_strategy32957 ··-·restrict_strategy
  
32958 -·name:·Service·facts32958 -·name:·Service·facts
32959 ··service_facts:·null32959 ··service_facts:·null
32960 ··when:32960 ··when:
32961 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
32962 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]32961 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 32962 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
32963 ··tags:32963 ··tags:
32964 ··-·CCE-83119-832964 ··-·CCE-83119-8
32965 ··-·DISA-STIG-SLES-12-02019932965 ··-·DISA-STIG-SLES-12-020199
32966 ··-·audit_rules_enable_syscall_auditing32966 ··-·audit_rules_enable_syscall_auditing
32967 ··-·low_complexity32967 ··-·low_complexity
32968 ··-·low_disruption32968 ··-·low_disruption
32969 ··-·medium_severity32969 ··-·medium_severity
32970 ··-·no_reboot_needed32970 ··-·no_reboot_needed
32971 ··-·restrict_strategy32971 ··-·restrict_strategy
  
32972 -·name:·Check·the·rules·script·being·used32972 -·name:·Check·the·rules·script·being·used
32973 ··command:·grep·-E·'^(ExecStartPost|Requires)'·/usr/lib/systemd/system/auditd.service32973 ··command:·grep·-E·'^(ExecStartPost|Requires)'·/usr/lib/systemd/system/auditd.service
32974 ··register:·check_rules_scripts_result32974 ··register:·check_rules_scripts_result
32975 ··when:32975 ··when:
32976 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
32977 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]32976 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 32977 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
32978 ··tags:32978 ··tags:
32979 ··-·CCE-83119-832979 ··-·CCE-83119-8
32980 ··-·DISA-STIG-SLES-12-02019932980 ··-·DISA-STIG-SLES-12-020199
32981 ··-·audit_rules_enable_syscall_auditing32981 ··-·audit_rules_enable_syscall_auditing
32982 ··-·low_complexity32982 ··-·low_complexity
32983 ··-·low_disruption32983 ··-·low_disruption
32984 ··-·medium_severity32984 ··-·medium_severity
Offset 32990, 16 lines modifiedOffset 32990, 16 lines modified
32990 -·name:·Find·audit·rules·in·/etc/audit/rules.d32990 -·name:·Find·audit·rules·in·/etc/audit/rules.d
32991 ··find:32991 ··find:
32992 ····paths:·/etc/audit/rules.d32992 ····paths:·/etc/audit/rules.d
32993 ····file_type:·file32993 ····file_type:·file
32994 ····follow:·true32994 ····follow:·true
32995 ··register:·find_audit_rules_result32995 ··register:·find_audit_rules_result
32996 ··when:32996 ··when:
32997 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
32998 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]32997 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 32998 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
32999 ··-·'&quot;auditd.service&quot;·in·ansible_facts.services'32999 ··-·'&quot;auditd.service&quot;·in·ansible_facts.services'
33000 ··-·'&quot;augenrules&quot;·in·check_rules_scripts_result.stdout'33000 ··-·'&quot;augenrules&quot;·in·check_rules_scripts_result.stdout'
33001 ··tags:33001 ··tags:
33002 ··-·CCE-83119-833002 ··-·CCE-83119-8
33003 ··-·DISA-STIG-SLES-12-02019933003 ··-·DISA-STIG-SLES-12-020199
33004 ··-·audit_rules_enable_syscall_auditing33004 ··-·audit_rules_enable_syscall_auditing
33005 ··-·low_complexity33005 ··-·low_complexity
Offset 33011, 16 lines modifiedOffset 33011, 16 lines modified
33011 -·name:·Enable·syscall·auditing·(augenrules)33011 -·name:·Enable·syscall·auditing·(augenrules)
33012 ··lineinfile:33012 ··lineinfile:
33013 ····path:·'{{·item.path·}}'33013 ····path:·'{{·item.path·}}'
33014 ····regex:·^(?i)(\s*-a\s+task,never)\s*$33014 ····regex:·^(?i)(\s*-a\s+task,never)\s*$
33015 ····line:·'#-a·task,never'33015 ····line:·'#-a·task,never'
33016 ··with_items:·'{{·find_audit_rules_result.files·}}'33016 ··with_items:·'{{·find_audit_rules_result.files·}}'
33017 ··when:33017 ··when:
33018 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
33019 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]33018 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 33019 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
33020 ··-·'&quot;auditd.service&quot;·in·ansible_facts.services'33020 ··-·'&quot;auditd.service&quot;·in·ansible_facts.services'
33021 ··-·'&quot;augenrules&quot;·in·check_rules_scripts_result.stdout'33021 ··-·'&quot;augenrules&quot;·in·check_rules_scripts_result.stdout'
33022 ··register:·augenrules_syscall_auditing_rule_update_result33022 ··register:·augenrules_syscall_auditing_rule_update_result
33023 ··tags:33023 ··tags:
33024 ··-·CCE-83119-833024 ··-·CCE-83119-8
33025 ··-·DISA-STIG-SLES-12-02019933025 ··-·DISA-STIG-SLES-12-020199
33026 ··-·audit_rules_enable_syscall_auditing33026 ··-·audit_rules_enable_syscall_auditing
Offset 33032, 16 lines modifiedOffset 33032, 16 lines modified
  
33032 -·name:·Enable·syscall·auditing·(auditctl)33032 -·name:·Enable·syscall·auditing·(auditctl)
33033 ··lineinfile:33033 ··lineinfile:
33034 ····path:·/etc/audit/audit.rules33034 ····path:·/etc/audit/audit.rules
33035 ····regex:·^(?i)(\s*-a\s+task,never)\s*$33035 ····regex:·^(?i)(\s*-a\s+task,never)\s*$
33036 ····line:·'#-a·task,never'33036 ····line:·'#-a·task,never'
33037 ··when:33037 ··when:
33038 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
33039 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]33038 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 33039 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
33040 ··-·'&quot;auditd.service&quot;·in·ansible_facts.services'33040 ··-·'&quot;auditd.service&quot;·in·ansible_facts.services'
33041 ··-·'&quot;auditctl&quot;·in·check_rules_scripts_result.stdout'33041 ··-·'&quot;auditctl&quot;·in·check_rules_scripts_result.stdout'
33042 ··register:·auditctl_syscall_auditing_rule_update_result33042 ··register:·auditctl_syscall_auditing_rule_update_result
33043 ··tags:33043 ··tags:
33044 ··-·CCE-83119-833044 ··-·CCE-83119-8
33045 ··-·DISA-STIG-SLES-12-02019933045 ··-·DISA-STIG-SLES-12-020199
33046 ··-·audit_rules_enable_syscall_auditing33046 ··-·audit_rules_enable_syscall_auditing
Offset 33052, 29 lines modifiedOffset 33052, 29 lines modified
33052 ··-·restrict_strategy33052 ··-·restrict_strategy
  
33053 -·name:·Restart·auditd.service33053 -·name:·Restart·auditd.service
33054 ··systemd:33054 ··systemd:
33055 ····name:·auditd.service33055 ····name:·auditd.service
33056 ····state:·restarted33056 ····state:·restarted
33057 ··when:33057 ··when:
33058 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
33059 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]33058 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 33059 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
33060 ··-·ansible_facts.services[&quot;auditd.service&quot;].state·==·&quot;running&quot;33060 ··-·ansible_facts.services[&quot;auditd.service&quot;].state·==·&quot;running&quot;
33061 ··-·(augenrules_syscall_auditing_rule_update_result.changed·or·auditctl_syscall_auditing_rule_update_result.changed)33061 ··-·(augenrules_syscall_auditing_rule_update_result.changed·or·auditctl_syscall_auditing_rule_update_result.changed)
33062 ··tags:33062 ··tags:
33063 ··-·CCE-83119-833063 ··-·CCE-83119-8
33064 ··-·DISA-STIG-SLES-12-02019933064 ··-·DISA-STIG-SLES-12-020199
33065 ··-·audit_rules_enable_syscall_auditing33065 ··-·audit_rules_enable_syscall_auditing
33066 ··-·low_complexity33066 ··-·low_complexity
33067 ··-·low_disruption33067 ··-·low_disruption
33068 ··-·medium_severity33068 ··-·medium_severity
33069 ··-·no_reboot_needed33069 ··-·no_reboot_needed
33070 ··-·restrict_strategy</xccdf-1.2:fix>33070 ··-·restrict_strategy</xccdf-1.2:fix>
33071 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_enable_syscall_auditing">#·Remediation·is·applicable·only·in·certain·platforms33071 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_enable_syscall_auditing">#·Remediation·is·applicable·only·in·certain·platforms
33072 if·rpm·--quiet·-q·audit·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then33072 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·rpm·--quiet·-q·audit;·then
  
33073 if·[·-f·&quot;/usr/lib/systemd/system/auditd.service&quot;·]·;·then33073 if·[·-f·&quot;/usr/lib/systemd/system/auditd.service&quot;·]·;·then
33074 ····IS_AUGENRULES=$(grep·-E·&quot;^(ExecStartPost=|Requires=augenrules\.service)&quot;·/usr/lib/systemd/system/auditd.service)33074 ····IS_AUGENRULES=$(grep·-E·&quot;^(ExecStartPost=|Requires=augenrules\.service)&quot;·/usr/lib/systemd/system/auditd.service)
  
Max diff block lines reached; 347965/353839 bytes (98.34%) of diff not shown.
7.89 KB
./usr/share/xml/scap/ssg/content/ssg-sle15-ds-1.2.xml
7.79 KB
./usr/share/xml/scap/ssg/content/ssg-sle15-ds-1.2.xml
    
Offset 124, 15 lines modifiedOffset 124, 15 lines modified
124 ········<cpe-dict:title·xml:lang="en-us">SUSE·Linux·Enterprise·Server·15</cpe-dict:title>124 ········<cpe-dict:title·xml:lang="en-us">SUSE·Linux·Enterprise·Server·15</cpe-dict:title>
125 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-sle15-cpe-oval.xml">oval:ssg-installed_OS_is_sle15:def:1</cpe-dict:check>125 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-sle15-cpe-oval.xml">oval:ssg-installed_OS_is_sle15:def:1</cpe-dict:check>
126 ······</cpe-dict:cpe-item>126 ······</cpe-dict:cpe-item>
127 ····</cpe-dict:cpe-list>127 ····</cpe-dict:cpe-list>
128 ··</ds:component>128 ··</ds:component>
129 ··<ds:component·id="scap_org.open-scap_comp_ssg-sle15-xccdf.xml"·timestamp="2022-12-20T09:54:05">129 ··<ds:component·id="scap_org.open-scap_comp_ssg-sle15-xccdf.xml"·timestamp="2022-12-20T09:54:05">
130 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_SLE-15"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">130 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_SLE-15"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
131 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>131 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
132 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·SUSE·Linux·Enterprise·15</xccdf-1.2:title>132 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·SUSE·Linux·Enterprise·15</xccdf-1.2:title>
133 ······<xccdf-1.2:description>133 ······<xccdf-1.2:description>
134 ········This·guide·presents·a·catalog·of·security-relevant134 ········This·guide·presents·a·catalog·of·security-relevant
135 configuration·settings·for·SUSE·Linux·Enterprise·15.·It·is·a·rendering·of135 configuration·settings·for·SUSE·Linux·Enterprise·15.·It·is·a·rendering·of
136 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)136 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
137 in·order·to·support·security·automation.··The·SCAP·content·is137 in·order·to·support·security·automation.··The·SCAP·content·is
138 is·available·in·the138 is·available·in·the
Offset 122486, 16 lines modifiedOffset 122486, 16 lines modified
122486 ··-·no_reboot_needed122486 ··-·no_reboot_needed
  
122487 -·name:·Test·for·existence·/boot/grub2/grub.cfg122487 -·name:·Test·for·existence·/boot/grub2/grub.cfg
122488 ··stat:122488 ··stat:
122489 ····path:·/boot/grub2/grub.cfg122489 ····path:·/boot/grub2/grub.cfg
122490 ··register:·file_exists122490 ··register:·file_exists
122491 ··when:122491 ··when:
122492 ··-·'&quot;grub2&quot;·in·ansible_facts.packages' 
122493 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'122492 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 122493 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'
122494 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]122494 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
122495 ··tags:122495 ··tags:
122496 ··-·CCE-85849-8122496 ··-·CCE-85849-8
122497 ··-·CJIS-5.5.2.2122497 ··-·CJIS-5.5.2.2
122498 ··-·NIST-800-171-3.4.5122498 ··-·NIST-800-171-3.4.5
122499 ··-·NIST-800-53-AC-6(1)122499 ··-·NIST-800-53-AC-6(1)
122500 ··-·NIST-800-53-CM-6(a)122500 ··-·NIST-800-53-CM-6(a)
Offset 122508, 16 lines modifiedOffset 122508, 16 lines modified
122508 ··-·no_reboot_needed122508 ··-·no_reboot_needed
  
122509 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg122509 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
122510 ··file:122510 ··file:
122511 ····path:·/boot/grub2/grub.cfg122511 ····path:·/boot/grub2/grub.cfg
122512 ····group:·'0'122512 ····group:·'0'
122513 ··when:122513 ··when:
122514 ··-·'&quot;grub2&quot;·in·ansible_facts.packages' 
122515 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'122514 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 122515 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'
122516 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]122516 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
122517 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists122517 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
122518 ··tags:122518 ··tags:
122519 ··-·CCE-85849-8122519 ··-·CCE-85849-8
122520 ··-·CJIS-5.5.2.2122520 ··-·CJIS-5.5.2.2
122521 ··-·NIST-800-171-3.4.5122521 ··-·NIST-800-171-3.4.5
122522 ··-·NIST-800-53-AC-6(1)122522 ··-·NIST-800-53-AC-6(1)
Offset 122526, 15 lines modifiedOffset 122526, 15 lines modified
122526 ··-·configure_strategy122526 ··-·configure_strategy
122527 ··-·file_groupowner_grub2_cfg122527 ··-·file_groupowner_grub2_cfg
122528 ··-·low_complexity122528 ··-·low_complexity
122529 ··-·low_disruption122529 ··-·low_disruption
122530 ··-·medium_severity122530 ··-·medium_severity
122531 ··-·no_reboot_needed</xccdf-1.2:fix>122531 ··-·no_reboot_needed</xccdf-1.2:fix>
122532 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms122532 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
122533 if·rpm·--quiet·-q·grub2·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then122533 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
122534 chgrp·0·/boot/grub2/grub.cfg122534 chgrp·0·/boot/grub2/grub.cfg
  
122535 else122535 else
122536 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'122536 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
122537 fi</xccdf-1.2:fix>122537 fi</xccdf-1.2:fix>
122538 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">122538 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 122639, 16 lines modifiedOffset 122639, 16 lines modified
122639 ··-·no_reboot_needed122639 ··-·no_reboot_needed
  
122640 -·name:·Test·for·existence·/boot/grub2/grub.cfg122640 -·name:·Test·for·existence·/boot/grub2/grub.cfg
122641 ··stat:122641 ··stat:
122642 ····path:·/boot/grub2/grub.cfg122642 ····path:·/boot/grub2/grub.cfg
122643 ··register:·file_exists122643 ··register:·file_exists
122644 ··when:122644 ··when:
122645 ··-·'&quot;grub2&quot;·in·ansible_facts.packages' 
122646 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'122645 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 122646 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'
122647 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]122647 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
122648 ··tags:122648 ··tags:
122649 ··-·CCE-85848-0122649 ··-·CCE-85848-0
122650 ··-·CJIS-5.5.2.2122650 ··-·CJIS-5.5.2.2
122651 ··-·NIST-800-171-3.4.5122651 ··-·NIST-800-171-3.4.5
122652 ··-·NIST-800-53-AC-6(1)122652 ··-·NIST-800-53-AC-6(1)
122653 ··-·NIST-800-53-CM-6(a)122653 ··-·NIST-800-53-CM-6(a)
Offset 122661, 16 lines modifiedOffset 122661, 16 lines modified
122661 ··-·no_reboot_needed122661 ··-·no_reboot_needed
  
122662 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg122662 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
122663 ··file:122663 ··file:
122664 ····path:·/boot/grub2/grub.cfg122664 ····path:·/boot/grub2/grub.cfg
122665 ····owner:·'0'122665 ····owner:·'0'
122666 ··when:122666 ··when:
122667 ··-·'&quot;grub2&quot;·in·ansible_facts.packages' 
122668 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'122667 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 122668 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'
122669 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]122669 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
122670 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists122670 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
122671 ··tags:122671 ··tags:
122672 ··-·CCE-85848-0122672 ··-·CCE-85848-0
122673 ··-·CJIS-5.5.2.2122673 ··-·CJIS-5.5.2.2
122674 ··-·NIST-800-171-3.4.5122674 ··-·NIST-800-171-3.4.5
122675 ··-·NIST-800-53-AC-6(1)122675 ··-·NIST-800-53-AC-6(1)
Offset 122679, 15 lines modifiedOffset 122679, 15 lines modified
122679 ··-·configure_strategy122679 ··-·configure_strategy
122680 ··-·file_owner_grub2_cfg122680 ··-·file_owner_grub2_cfg
122681 ··-·low_complexity122681 ··-·low_complexity
122682 ··-·low_disruption122682 ··-·low_disruption
122683 ··-·medium_severity122683 ··-·medium_severity
122684 ··-·no_reboot_needed</xccdf-1.2:fix>122684 ··-·no_reboot_needed</xccdf-1.2:fix>
122685 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms122685 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
122686 if·rpm·--quiet·-q·grub2·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then122686 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
122687 chown·0·/boot/grub2/grub.cfg122687 chown·0·/boot/grub2/grub.cfg
  
122688 else122688 else
122689 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'122689 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
122690 fi</xccdf-1.2:fix>122690 fi</xccdf-1.2:fix>
122691 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">122691 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 122785, 16 lines modifiedOffset 122785, 16 lines modified
122785 ··-·no_reboot_needed122785 ··-·no_reboot_needed
  
122786 -·name:·Test·for·existence·/boot/grub2/grub.cfg122786 -·name:·Test·for·existence·/boot/grub2/grub.cfg
122787 ··stat:122787 ··stat:
122788 ····path:·/boot/grub2/grub.cfg122788 ····path:·/boot/grub2/grub.cfg
122789 ··register:·file_exists122789 ··register:·file_exists
122790 ··when:122790 ··when:
Max diff block lines reached; 1920/7871 bytes (24.39%) of diff not shown.
7.88 KB
./usr/share/xml/scap/ssg/content/ssg-sle15-ds.xml
7.78 KB
./usr/share/xml/scap/ssg/content/ssg-sle15-ds.xml
    
Offset 126, 15 lines modifiedOffset 126, 15 lines modified
126 ········<cpe-dict:title·xml:lang="en-us">SUSE·Linux·Enterprise·Server·15</cpe-dict:title>126 ········<cpe-dict:title·xml:lang="en-us">SUSE·Linux·Enterprise·Server·15</cpe-dict:title>
127 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-sle15-cpe-oval.xml">oval:ssg-installed_OS_is_sle15:def:1</cpe-dict:check>127 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-sle15-cpe-oval.xml">oval:ssg-installed_OS_is_sle15:def:1</cpe-dict:check>
128 ······</cpe-dict:cpe-item>128 ······</cpe-dict:cpe-item>
129 ····</cpe-dict:cpe-list>129 ····</cpe-dict:cpe-list>
130 ··</ds:component>130 ··</ds:component>
131 ··<ds:component·id="scap_org.open-scap_comp_ssg-sle15-xccdf.xml"·timestamp="2022-12-20T09:54:05">131 ··<ds:component·id="scap_org.open-scap_comp_ssg-sle15-xccdf.xml"·timestamp="2022-12-20T09:54:05">
132 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_SLE-15"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">132 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_SLE-15"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
133 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>133 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
134 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·SUSE·Linux·Enterprise·15</xccdf-1.2:title>134 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·SUSE·Linux·Enterprise·15</xccdf-1.2:title>
135 ······<xccdf-1.2:description>135 ······<xccdf-1.2:description>
136 ········This·guide·presents·a·catalog·of·security-relevant136 ········This·guide·presents·a·catalog·of·security-relevant
137 configuration·settings·for·SUSE·Linux·Enterprise·15.·It·is·a·rendering·of137 configuration·settings·for·SUSE·Linux·Enterprise·15.·It·is·a·rendering·of
138 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)138 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
139 in·order·to·support·security·automation.··The·SCAP·content·is139 in·order·to·support·security·automation.··The·SCAP·content·is
140 is·available·in·the140 is·available·in·the
Offset 122488, 16 lines modifiedOffset 122488, 16 lines modified
122488 ··-·no_reboot_needed122488 ··-·no_reboot_needed
  
122489 -·name:·Test·for·existence·/boot/grub2/grub.cfg122489 -·name:·Test·for·existence·/boot/grub2/grub.cfg
122490 ··stat:122490 ··stat:
122491 ····path:·/boot/grub2/grub.cfg122491 ····path:·/boot/grub2/grub.cfg
122492 ··register:·file_exists122492 ··register:·file_exists
122493 ··when:122493 ··when:
122494 ··-·'&quot;grub2&quot;·in·ansible_facts.packages' 
122495 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'122494 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 122495 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'
122496 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]122496 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
122497 ··tags:122497 ··tags:
122498 ··-·CCE-85849-8122498 ··-·CCE-85849-8
122499 ··-·CJIS-5.5.2.2122499 ··-·CJIS-5.5.2.2
122500 ··-·NIST-800-171-3.4.5122500 ··-·NIST-800-171-3.4.5
122501 ··-·NIST-800-53-AC-6(1)122501 ··-·NIST-800-53-AC-6(1)
122502 ··-·NIST-800-53-CM-6(a)122502 ··-·NIST-800-53-CM-6(a)
Offset 122510, 16 lines modifiedOffset 122510, 16 lines modified
122510 ··-·no_reboot_needed122510 ··-·no_reboot_needed
  
122511 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg122511 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
122512 ··file:122512 ··file:
122513 ····path:·/boot/grub2/grub.cfg122513 ····path:·/boot/grub2/grub.cfg
122514 ····group:·'0'122514 ····group:·'0'
122515 ··when:122515 ··when:
122516 ··-·'&quot;grub2&quot;·in·ansible_facts.packages' 
122517 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'122516 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 122517 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'
122518 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]122518 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
122519 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists122519 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
122520 ··tags:122520 ··tags:
122521 ··-·CCE-85849-8122521 ··-·CCE-85849-8
122522 ··-·CJIS-5.5.2.2122522 ··-·CJIS-5.5.2.2
122523 ··-·NIST-800-171-3.4.5122523 ··-·NIST-800-171-3.4.5
122524 ··-·NIST-800-53-AC-6(1)122524 ··-·NIST-800-53-AC-6(1)
Offset 122528, 15 lines modifiedOffset 122528, 15 lines modified
122528 ··-·configure_strategy122528 ··-·configure_strategy
122529 ··-·file_groupowner_grub2_cfg122529 ··-·file_groupowner_grub2_cfg
122530 ··-·low_complexity122530 ··-·low_complexity
122531 ··-·low_disruption122531 ··-·low_disruption
122532 ··-·medium_severity122532 ··-·medium_severity
122533 ··-·no_reboot_needed</xccdf-1.2:fix>122533 ··-·no_reboot_needed</xccdf-1.2:fix>
122534 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms122534 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
122535 if·rpm·--quiet·-q·grub2·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then122535 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
122536 chgrp·0·/boot/grub2/grub.cfg122536 chgrp·0·/boot/grub2/grub.cfg
  
122537 else122537 else
122538 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'122538 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
122539 fi</xccdf-1.2:fix>122539 fi</xccdf-1.2:fix>
122540 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">122540 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 122641, 16 lines modifiedOffset 122641, 16 lines modified
122641 ··-·no_reboot_needed122641 ··-·no_reboot_needed
  
122642 -·name:·Test·for·existence·/boot/grub2/grub.cfg122642 -·name:·Test·for·existence·/boot/grub2/grub.cfg
122643 ··stat:122643 ··stat:
122644 ····path:·/boot/grub2/grub.cfg122644 ····path:·/boot/grub2/grub.cfg
122645 ··register:·file_exists122645 ··register:·file_exists
122646 ··when:122646 ··when:
122647 ··-·'&quot;grub2&quot;·in·ansible_facts.packages' 
122648 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'122647 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 122648 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'
122649 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]122649 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
122650 ··tags:122650 ··tags:
122651 ··-·CCE-85848-0122651 ··-·CCE-85848-0
122652 ··-·CJIS-5.5.2.2122652 ··-·CJIS-5.5.2.2
122653 ··-·NIST-800-171-3.4.5122653 ··-·NIST-800-171-3.4.5
122654 ··-·NIST-800-53-AC-6(1)122654 ··-·NIST-800-53-AC-6(1)
122655 ··-·NIST-800-53-CM-6(a)122655 ··-·NIST-800-53-CM-6(a)
Offset 122663, 16 lines modifiedOffset 122663, 16 lines modified
122663 ··-·no_reboot_needed122663 ··-·no_reboot_needed
  
122664 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg122664 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
122665 ··file:122665 ··file:
122666 ····path:·/boot/grub2/grub.cfg122666 ····path:·/boot/grub2/grub.cfg
122667 ····owner:·'0'122667 ····owner:·'0'
122668 ··when:122668 ··when:
122669 ··-·'&quot;grub2&quot;·in·ansible_facts.packages' 
122670 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'122669 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 122670 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'
122671 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]122671 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
122672 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists122672 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
122673 ··tags:122673 ··tags:
122674 ··-·CCE-85848-0122674 ··-·CCE-85848-0
122675 ··-·CJIS-5.5.2.2122675 ··-·CJIS-5.5.2.2
122676 ··-·NIST-800-171-3.4.5122676 ··-·NIST-800-171-3.4.5
122677 ··-·NIST-800-53-AC-6(1)122677 ··-·NIST-800-53-AC-6(1)
Offset 122681, 15 lines modifiedOffset 122681, 15 lines modified
122681 ··-·configure_strategy122681 ··-·configure_strategy
122682 ··-·file_owner_grub2_cfg122682 ··-·file_owner_grub2_cfg
122683 ··-·low_complexity122683 ··-·low_complexity
122684 ··-·low_disruption122684 ··-·low_disruption
122685 ··-·medium_severity122685 ··-·medium_severity
122686 ··-·no_reboot_needed</xccdf-1.2:fix>122686 ··-·no_reboot_needed</xccdf-1.2:fix>
122687 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms122687 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
122688 if·rpm·--quiet·-q·grub2·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then122688 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
122689 chown·0·/boot/grub2/grub.cfg122689 chown·0·/boot/grub2/grub.cfg
  
122690 else122690 else
122691 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'122691 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
122692 fi</xccdf-1.2:fix>122692 fi</xccdf-1.2:fix>
122693 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">122693 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 122787, 16 lines modifiedOffset 122787, 16 lines modified
122787 ··-·no_reboot_needed122787 ··-·no_reboot_needed
  
122788 -·name:·Test·for·existence·/boot/grub2/grub.cfg122788 -·name:·Test·for·existence·/boot/grub2/grub.cfg
122789 ··stat:122789 ··stat:
122790 ····path:·/boot/grub2/grub.cfg122790 ····path:·/boot/grub2/grub.cfg
122791 ··register:·file_exists122791 ··register:·file_exists
122792 ··when:122792 ··when:
Max diff block lines reached; 1920/7871 bytes (24.39%) of diff not shown.
7.7 KB
./usr/share/xml/scap/ssg/content/ssg-sle15-xccdf.xml
7.59 KB
./usr/share/xml/scap/ssg/content/ssg-sle15-xccdf.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_SLE-15"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_SLE-15"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
3 ··<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>3 ··<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·SUSE·Linux·Enterprise·15</xccdf-1.2:title>4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·SUSE·Linux·Enterprise·15</xccdf-1.2:title>
5 ··<xccdf-1.2:description>5 ··<xccdf-1.2:description>
6 ····This·guide·presents·a·catalog·of·security-relevant6 ····This·guide·presents·a·catalog·of·security-relevant
7 configuration·settings·for·SUSE·Linux·Enterprise·15.·It·is·a·rendering·of7 configuration·settings·for·SUSE·Linux·Enterprise·15.·It·is·a·rendering·of
8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
9 in·order·to·support·security·automation.··The·SCAP·content·is9 in·order·to·support·security·automation.··The·SCAP·content·is
10 is·available·in·the10 is·available·in·the
Offset 122358, 16 lines modifiedOffset 122358, 16 lines modified
122358 ··-·no_reboot_needed122358 ··-·no_reboot_needed
  
122359 -·name:·Test·for·existence·/boot/grub2/grub.cfg122359 -·name:·Test·for·existence·/boot/grub2/grub.cfg
122360 ··stat:122360 ··stat:
122361 ····path:·/boot/grub2/grub.cfg122361 ····path:·/boot/grub2/grub.cfg
122362 ··register:·file_exists122362 ··register:·file_exists
122363 ··when:122363 ··when:
122364 ··-·'&quot;grub2&quot;·in·ansible_facts.packages' 
122365 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'122364 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 122365 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'
122366 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]122366 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
122367 ··tags:122367 ··tags:
122368 ··-·CCE-85849-8122368 ··-·CCE-85849-8
122369 ··-·CJIS-5.5.2.2122369 ··-·CJIS-5.5.2.2
122370 ··-·NIST-800-171-3.4.5122370 ··-·NIST-800-171-3.4.5
122371 ··-·NIST-800-53-AC-6(1)122371 ··-·NIST-800-53-AC-6(1)
122372 ··-·NIST-800-53-CM-6(a)122372 ··-·NIST-800-53-CM-6(a)
Offset 122380, 16 lines modifiedOffset 122380, 16 lines modified
122380 ··-·no_reboot_needed122380 ··-·no_reboot_needed
  
122381 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg122381 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
122382 ··file:122382 ··file:
122383 ····path:·/boot/grub2/grub.cfg122383 ····path:·/boot/grub2/grub.cfg
122384 ····group:·'0'122384 ····group:·'0'
122385 ··when:122385 ··when:
122386 ··-·'&quot;grub2&quot;·in·ansible_facts.packages' 
122387 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'122386 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 122387 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'
122388 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]122388 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
122389 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists122389 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
122390 ··tags:122390 ··tags:
122391 ··-·CCE-85849-8122391 ··-·CCE-85849-8
122392 ··-·CJIS-5.5.2.2122392 ··-·CJIS-5.5.2.2
122393 ··-·NIST-800-171-3.4.5122393 ··-·NIST-800-171-3.4.5
122394 ··-·NIST-800-53-AC-6(1)122394 ··-·NIST-800-53-AC-6(1)
Offset 122398, 15 lines modifiedOffset 122398, 15 lines modified
122398 ··-·configure_strategy122398 ··-·configure_strategy
122399 ··-·file_groupowner_grub2_cfg122399 ··-·file_groupowner_grub2_cfg
122400 ··-·low_complexity122400 ··-·low_complexity
122401 ··-·low_disruption122401 ··-·low_disruption
122402 ··-·medium_severity122402 ··-·medium_severity
122403 ··-·no_reboot_needed</xccdf-1.2:fix>122403 ··-·no_reboot_needed</xccdf-1.2:fix>
122404 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms122404 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_groupowner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
122405 if·rpm·--quiet·-q·grub2·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then122405 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
122406 chgrp·0·/boot/grub2/grub.cfg122406 chgrp·0·/boot/grub2/grub.cfg
  
122407 else122407 else
122408 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'122408 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
122409 fi</xccdf-1.2:fix>122409 fi</xccdf-1.2:fix>
122410 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">122410 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 122511, 16 lines modifiedOffset 122511, 16 lines modified
122511 ··-·no_reboot_needed122511 ··-·no_reboot_needed
  
122512 -·name:·Test·for·existence·/boot/grub2/grub.cfg122512 -·name:·Test·for·existence·/boot/grub2/grub.cfg
122513 ··stat:122513 ··stat:
122514 ····path:·/boot/grub2/grub.cfg122514 ····path:·/boot/grub2/grub.cfg
122515 ··register:·file_exists122515 ··register:·file_exists
122516 ··when:122516 ··when:
122517 ··-·'&quot;grub2&quot;·in·ansible_facts.packages' 
122518 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'122517 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 122518 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'
122519 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]122519 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
122520 ··tags:122520 ··tags:
122521 ··-·CCE-85848-0122521 ··-·CCE-85848-0
122522 ··-·CJIS-5.5.2.2122522 ··-·CJIS-5.5.2.2
122523 ··-·NIST-800-171-3.4.5122523 ··-·NIST-800-171-3.4.5
122524 ··-·NIST-800-53-AC-6(1)122524 ··-·NIST-800-53-AC-6(1)
122525 ··-·NIST-800-53-CM-6(a)122525 ··-·NIST-800-53-CM-6(a)
Offset 122533, 16 lines modifiedOffset 122533, 16 lines modified
122533 ··-·no_reboot_needed122533 ··-·no_reboot_needed
  
122534 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg122534 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
122535 ··file:122535 ··file:
122536 ····path:·/boot/grub2/grub.cfg122536 ····path:·/boot/grub2/grub.cfg
122537 ····owner:·'0'122537 ····owner:·'0'
122538 ··when:122538 ··when:
122539 ··-·'&quot;grub2&quot;·in·ansible_facts.packages' 
122540 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'122539 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 122540 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'
122541 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]122541 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
122542 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists122542 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
122543 ··tags:122543 ··tags:
122544 ··-·CCE-85848-0122544 ··-·CCE-85848-0
122545 ··-·CJIS-5.5.2.2122545 ··-·CJIS-5.5.2.2
122546 ··-·NIST-800-171-3.4.5122546 ··-·NIST-800-171-3.4.5
122547 ··-·NIST-800-53-AC-6(1)122547 ··-·NIST-800-53-AC-6(1)
Offset 122551, 15 lines modifiedOffset 122551, 15 lines modified
122551 ··-·configure_strategy122551 ··-·configure_strategy
122552 ··-·file_owner_grub2_cfg122552 ··-·file_owner_grub2_cfg
122553 ··-·low_complexity122553 ··-·low_complexity
122554 ··-·low_disruption122554 ··-·low_disruption
122555 ··-·medium_severity122555 ··-·medium_severity
122556 ··-·no_reboot_needed</xccdf-1.2:fix>122556 ··-·no_reboot_needed</xccdf-1.2:fix>
122557 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms122557 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
122558 if·rpm·--quiet·-q·grub2·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then122558 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·rpm·--quiet·-q·grub2·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
122559 chown·0·/boot/grub2/grub.cfg122559 chown·0·/boot/grub2/grub.cfg
  
122560 else122560 else
122561 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'122561 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
122562 fi</xccdf-1.2:fix>122562 fi</xccdf-1.2:fix>
122563 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">122563 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 122657, 16 lines modifiedOffset 122657, 16 lines modified
122657 ··-·no_reboot_needed122657 ··-·no_reboot_needed
  
122658 -·name:·Test·for·existence·/boot/grub2/grub.cfg122658 -·name:·Test·for·existence·/boot/grub2/grub.cfg
122659 ··stat:122659 ··stat:
122660 ····path:·/boot/grub2/grub.cfg122660 ····path:·/boot/grub2/grub.cfg
122661 ··register:·file_exists122661 ··register:·file_exists
122662 ··when:122662 ··when:
122663 ··-·'&quot;grub2&quot;·in·ansible_facts.packages' 
122664 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'122663 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 122664 ··-·'&quot;grub2&quot;·in·ansible_facts.packages'
122665 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]122665 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
122666 ··tags:122666 ··tags:
Max diff block lines reached; 1694/7673 bytes (22.08%) of diff not shown.
1.4 KB
./usr/share/xml/scap/ssg/content/ssg-uos20-ds-1.2.xml
1.29 KB
./usr/share/xml/scap/ssg/content/ssg-uos20-ds-1.2.xml
    
Offset 96, 15 lines modifiedOffset 96, 15 lines modified
96 ········<cpe-dict:title·xml:lang="en-us">UnionTech·OS·Server·20</cpe-dict:title>96 ········<cpe-dict:title·xml:lang="en-us">UnionTech·OS·Server·20</cpe-dict:title>
97 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-uos20-cpe-oval.xml">oval:ssg-installed_OS_is_uos20:def:1</cpe-dict:check>97 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-uos20-cpe-oval.xml">oval:ssg-installed_OS_is_uos20:def:1</cpe-dict:check>
98 ······</cpe-dict:cpe-item>98 ······</cpe-dict:cpe-item>
99 ····</cpe-dict:cpe-list>99 ····</cpe-dict:cpe-list>
100 ··</ds:component>100 ··</ds:component>
101 ··<ds:component·id="scap_org.open-scap_comp_ssg-uos20-xccdf.xml"·timestamp="2022-12-20T09:54:05">101 ··<ds:component·id="scap_org.open-scap_comp_ssg-uos20-xccdf.xml"·timestamp="2022-12-20T09:54:05">
102 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UOS-20"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">102 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UOS-20"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
103 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>103 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
104 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·UnionTech·OS·Server·20</xccdf-1.2:title>104 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·UnionTech·OS·Server·20</xccdf-1.2:title>
105 ······<xccdf-1.2:description>105 ······<xccdf-1.2:description>
106 ········This·guide·presents·a·catalog·of·security-relevant106 ········This·guide·presents·a·catalog·of·security-relevant
107 configuration·settings·for·UnionTech·OS·Server·20.·It·is·a·rendering·of107 configuration·settings·for·UnionTech·OS·Server·20.·It·is·a·rendering·of
108 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)108 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
109 in·order·to·support·security·automation.··The·SCAP·content·is109 in·order·to·support·security·automation.··The·SCAP·content·is
110 is·available·in·the110 is·available·in·the
1.38 KB
./usr/share/xml/scap/ssg/content/ssg-uos20-ds.xml
1.29 KB
./usr/share/xml/scap/ssg/content/ssg-uos20-ds.xml
    
Offset 96, 15 lines modifiedOffset 96, 15 lines modified
96 ········<cpe-dict:title·xml:lang="en-us">UnionTech·OS·Server·20</cpe-dict:title>96 ········<cpe-dict:title·xml:lang="en-us">UnionTech·OS·Server·20</cpe-dict:title>
97 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-uos20-cpe-oval.xml">oval:ssg-installed_OS_is_uos20:def:1</cpe-dict:check>97 ········<cpe-dict:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5"·href="ssg-uos20-cpe-oval.xml">oval:ssg-installed_OS_is_uos20:def:1</cpe-dict:check>
98 ······</cpe-dict:cpe-item>98 ······</cpe-dict:cpe-item>
99 ····</cpe-dict:cpe-list>99 ····</cpe-dict:cpe-list>
100 ··</ds:component>100 ··</ds:component>
101 ··<ds:component·id="scap_org.open-scap_comp_ssg-uos20-xccdf.xml"·timestamp="2022-12-20T09:54:05">101 ··<ds:component·id="scap_org.open-scap_comp_ssg-uos20-xccdf.xml"·timestamp="2022-12-20T09:54:05">
102 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UOS-20"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">102 ····<xccdf-1.2:Benchmark·id="xccdf_org.ssgproject.content_benchmark_UOS-20"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
103 ······<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>103 ······<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
104 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·UnionTech·OS·Server·20</xccdf-1.2:title>104 ······<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·UnionTech·OS·Server·20</xccdf-1.2:title>
105 ······<xccdf-1.2:description>105 ······<xccdf-1.2:description>
106 ········This·guide·presents·a·catalog·of·security-relevant106 ········This·guide·presents·a·catalog·of·security-relevant
107 configuration·settings·for·UnionTech·OS·Server·20.·It·is·a·rendering·of107 configuration·settings·for·UnionTech·OS·Server·20.·It·is·a·rendering·of
108 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)108 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
109 in·order·to·support·security·automation.··The·SCAP·content·is109 in·order·to·support·security·automation.··The·SCAP·content·is
110 is·available·in·the110 is·available·in·the
1.24 KB
./usr/share/xml/scap/ssg/content/ssg-uos20-xccdf.xml
1.13 KB
./usr/share/xml/scap/ssg/content/ssg-uos20-xccdf.xml
    
Offset 1, 10 lines modifiedOffset 1, 10 lines modified
1 <?xml·version="1.0"·encoding="utf-8"?>1 <?xml·version="1.0"·encoding="utf-8"?>
2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_UOS-20"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">2 <xccdf-1.2:Benchmark·xmlns:cpe-lang="http://cpe.mitre.org/language/2.0"·xmlns:dc="http://purl.org/dc/elements/1.1/"·xmlns:html="http://www.w3.org/1999/xhtml"·xmlns:xccdf-1.2="http://checklists.nist.gov/xccdf/1.2"·xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"·id="xccdf_org.ssgproject.content_benchmark_UOS-20"·xsi:schemaLocation="http://checklists.nist.gov/xccdf/1.2·xccdf-1.2.4.xsd"·style="SCAP_1.2"·resolved="true"·xml:lang="en-US">
3 ··<xccdf-1.2:status·date="2024-01-14">draft</xccdf-1.2:status>3 ··<xccdf-1.2:status·date="2025-02-15">draft</xccdf-1.2:status>
4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·UnionTech·OS·Server·20</xccdf-1.2:title>4 ··<xccdf-1.2:title>Guide·to·the·Secure·Configuration·of·UnionTech·OS·Server·20</xccdf-1.2:title>
5 ··<xccdf-1.2:description>5 ··<xccdf-1.2:description>
6 ····This·guide·presents·a·catalog·of·security-relevant6 ····This·guide·presents·a·catalog·of·security-relevant
7 configuration·settings·for·UnionTech·OS·Server·20.·It·is·a·rendering·of7 configuration·settings·for·UnionTech·OS·Server·20.·It·is·a·rendering·of
8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)8 content·structured·in·the·eXtensible·Configuration·Checklist·Description·Format·(XCCDF)
9 in·order·to·support·security·automation.··The·SCAP·content·is9 in·order·to·support·security·automation.··The·SCAP·content·is
10 is·available·in·the10 is·available·in·the
Generated by diffoscope 240