26.1 MB
/srv/reproducible-results/rbuild-debian/r-b-build.eX6vxjdz/b1/scap-security-guide_0.1.65-1_arm64.changes vs.
/srv/reproducible-results/rbuild-debian/r-b-build.eX6vxjdz/b2/scap-security-guide_0.1.65-1_arm64.changes
731 B
Files
    
Offset 1, 6 lines modifiedOffset 1, 6 lines modified
  
1 ·d6416617fad0f985b9a3e54a25bd18b0·181960·admin·optional·ssg-applications_0.1.65-1_all.deb1 ·d6416617fad0f985b9a3e54a25bd18b0·181960·admin·optional·ssg-applications_0.1.65-1_all.deb
2 ·f7bae0738ce4e633a16dbb487c1b30d5·27788·admin·optional·ssg-base_0.1.65-1_all.deb2 ·f7bae0738ce4e633a16dbb487c1b30d5·27788·admin·optional·ssg-base_0.1.65-1_all.deb
3 ·d25685a1025fbc489f936a51e9fe92c0·3378740·admin·optional·ssg-debderived_0.1.65-1_all.deb 
4 ·5c779913026f82fe951154bf9861896b·828612·admin·optional·ssg-debian_0.1.65-1_all.deb 
5 ·125905bcd3311ac3d259cd8166f14381·40215688·admin·optional·ssg-nondebian_0.1.65-1_all.deb3 ·dea77b39c5e186adcc8f0678e4b52c30·3380276·admin·optional·ssg-debderived_0.1.65-1_all.deb
 4 ·70c3da9449f76a545986e2dcc5b671b2·828508·admin·optional·ssg-debian_0.1.65-1_all.deb
 5 ·9ef0b7b63abc4f4b2bb118c4cfb99a5b·40218700·admin·optional·ssg-nondebian_0.1.65-1_all.deb
3.76 MB
ssg-debderived_0.1.65-1_all.deb
452 B
file list
    
Offset 1, 3 lines modifiedOffset 1, 3 lines modified
1 -rw-r--r--···0········0········0········4·2022-12-20·09:54:05.000000·debian-binary1 -rw-r--r--···0········0········0········4·2022-12-20·09:54:05.000000·debian-binary
2 -rw-r--r--···0········0········0·····2784·2022-12-20·09:54:05.000000·control.tar.xz2 -rw-r--r--···0········0········0·····2788·2022-12-20·09:54:05.000000·control.tar.xz
3 -rw-r--r--···0········0········0··3375764·2022-12-20·09:54:05.000000·data.tar.xz3 -rw-r--r--···0········0········0··3377296·2022-12-20·09:54:05.000000·data.tar.xz
98.0 B
control.tar.xz
70.0 B
control.tar
48.0 B
./md5sums
30.0 B
./md5sums
Files differ
3.76 MB
data.tar.xz
3.76 MB
data.tar
50.1 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu1804-guide-cis.html
    
Offset 18332, 22 lines modifiedOffset 18332, 22 lines modified
000479b0:·6e65·6564·6564·0a20·202d·2072·6573·7472··needed.··-·restr000479b0:·6e65·6564·6564·0a20·202d·2072·6573·7472··needed.··-·restr
000479c0:·6963·745f·7374·7261·7465·6779·0a0a·2d20··ict_strategy..-·000479c0:·6963·745f·7374·7261·7465·6779·0a0a·2d20··ict_strategy..-·
000479d0:·6e61·6d65·3a20·5365·7420·6172·6368·6974··name:·Set·archit000479d0:·6e61·6d65·3a20·5365·7420·6172·6368·6974··name:·Set·archit
000479e0:·6563·7475·7265·2066·6f72·2061·7564·6974··ecture·for·audit000479e0:·6563·7475·7265·2066·6f72·2061·7564·6974··ecture·for·audit
000479f0:·2074·6173·6b73·0a20·2073·6574·5f66·6163···tasks.··set_fac000479f0:·2074·6173·6b73·0a20·2073·6574·5f66·6163···tasks.··set_fac
00047a00:·743a·0a20·2020·2061·7564·6974·5f61·7263··t:.····audit_arc00047a00:·743a·0a20·2020·2061·7564·6974·5f61·7263··t:.····audit_arc
00047a10:·683a·2062·3634·0a20·2077·6865·6e3a·0a20··h:·b64.··when:.·00047a10:·683a·2062·3634·0a20·2077·6865·6e3a·0a20··h:·b64.··when:.·
00047a20:·202d·2027·2261·7564·6974·2220·696e·2061···-·'"audit"·in·a 
00047a30:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac 
00047a40:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib 
00047a50:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio 
00047a60:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·[" 
00047a70:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",· 
00047a80:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma 
00047a90:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]00047a20:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu
 00047a30:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n
 00047a40:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",
 00047a50:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"
 00047a60:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con
 00047a70:·7461·696e·6572·225d·0a20·202d·2027·2261··tainer"].··-·'"a
 00047a80:·7564·6974·2220·696e·2061·6e73·6962·6c65··udit"·in·ansible
 00047a90:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
00047aa0:·0a20·202d·2061·6e73·6962·6c65·5f61·7263··.··-·ansible_arc00047aa0:·0a20·202d·2061·6e73·6962·6c65·5f61·7263··.··-·ansible_arc
00047ab0:·6869·7465·6374·7572·6520·3d3d·2022·6161··hitecture·==·"aa00047ab0:·6869·7465·6374·7572·6520·3d3d·2022·6161··hitecture·==·"aa
00047ac0:·7263·6836·3422·206f·7220·616e·7369·626c··rch64"·or·ansibl00047ac0:·7263·6836·3422·206f·7220·616e·7369·626c··rch64"·or·ansibl
00047ad0:·655f·6172·6368·6974·6563·7475·7265·203d··e_architecture·=00047ad0:·655f·6172·6368·6974·6563·7475·7265·203d··e_architecture·=
00047ae0:·3d20·2270·7063·3634·2220·6f72·2061·6e73··=·"ppc64"·or·ans00047ae0:·3d20·2270·7063·3634·2220·6f72·2061·6e73··=·"ppc64"·or·ans
00047af0:·6962·6c65·5f61·7263·6869·7465·6374·7572··ible_architectur00047af0:·6962·6c65·5f61·7263·6869·7465·6374·7572··ible_architectur
00047b00:·650a·2020·2020·3d3d·2022·7070·6336·346c··e.····==·"ppc64l00047b00:·650a·2020·2020·3d3d·2022·7070·6336·346c··e.····==·"ppc64l
Offset 18644, 23 lines modifiedOffset 18644, 23 lines modified
00048d30:·6d65·5f72·756c·6573·0a20·2020·2020·2063··me_rules.······c00048d30:·6d65·5f72·756c·6573·0a20·2020·2020·2063··me_rules.······c
00048d40:·7265·6174·653a·2074·7275·650a·2020·2020··reate:·true.····00048d40:·7265·6174·653a·2074·7275·650a·2020·2020··reate:·true.····
00048d50:·2020·6d6f·6465·3a20·6f2d·7277·780a·2020····mode:·o-rwx.··00048d50:·2020·6d6f·6465·3a20·6f2d·7277·780a·2020····mode:·o-rwx.··
00048d60:·2020·2020·7374·6174·653a·2070·7265·7365······state:·prese00048d60:·2020·2020·7374·6174·653a·2070·7265·7365······state:·prese
00048d70:·6e74·0a20·2020·2077·6865·6e3a·2073·7973··nt.····when:·sys00048d70:·6e74·0a20·2020·2077·6865·6e3a·2073·7973··nt.····when:·sys
00048d80:·6361·6c6c·735f·666f·756e·6420·7c20·6c65··calls_found·|·le00048d80:·6361·6c6c·735f·666f·756e·6420·7c20·6c65··calls_found·|·le
00048d90:·6e67·7468·203d·3d20·300a·2020·7768·656e··ngth·==·0.··when00048d90:·6e67·7468·203d·3d20·300a·2020·7768·656e··ngth·==·0.··when
00048da0:·3a0a·2020·2d20·2722·6175·6469·7422·2069··:.··-·'"audit"·i 
00048db0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
00048dc0:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an 
00048dd0:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza 
00048de0:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in 
00048df0:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc 
00048e00:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po 
00048e10:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe00048da0:·3a0a·2020·2d20·616e·7369·626c·655f·7669··:.··-·ansible_vi
 00048db0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
 00048dc0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
 00048dd0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
 00048de0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
 00048df0:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·
 00048e00:·2722·6175·6469·7422·2069·6e20·616e·7369··'"audit"·in·ansi
 00048e10:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
00048e20:·7222·5d0a·2020·7461·6773·3a0a·2020·2d20··r"].··tags:.··-·00048e20:·6573·270a·2020·7461·6773·3a0a·2020·2d20··es'.··tags:.··-·
00048e30:·434a·4953·2d35·2e34·2e31·2e31·0a20·202d··CJIS-5.4.1.1.··-00048e30:·434a·4953·2d35·2e34·2e31·2e31·0a20·202d··CJIS-5.4.1.1.··-
00048e40:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.00048e40:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.
00048e50:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-80000048e50:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-800
00048e60:·2d35·332d·4143·2d36·2839·290a·2020·2d20··-53-AC-6(9).··-·00048e60:·2d35·332d·4143·2d36·2839·290a·2020·2d20··-53-AC-6(9).··-·
00048e70:·4e49·5354·2d38·3030·2d35·332d·4155·2d31··NIST-800-53-AU-100048e70:·4e49·5354·2d38·3030·2d35·332d·4155·2d31··NIST-800-53-AU-1
00048e80:·3228·6329·0a20·202d·204e·4953·542d·3830··2(c).··-·NIST-8000048e80:·3228·6329·0a20·202d·204e·4953·542d·3830··2(c).··-·NIST-80
00048e90:·302d·3533·2d41·552d·3228·6429·0a20·202d··0-53-AU-2(d).··-00048e90:·302d·3533·2d41·552d·3228·6429·0a20·202d··0-53-AU-2(d).··-
Offset 18944, 22 lines modifiedOffset 18944, 22 lines modified
00049ff0:·756c·6573·0a20·2020·2020·2063·7265·6174··ules.······creat00049ff0:·756c·6573·0a20·2020·2020·2063·7265·6174··ules.······creat
0004a000:·653a·2074·7275·650a·2020·2020·2020·6d6f··e:·true.······mo0004a000:·653a·2074·7275·650a·2020·2020·2020·6d6f··e:·true.······mo
0004a010:·6465·3a20·6f2d·7277·780a·2020·2020·2020··de:·o-rwx.······0004a010:·6465·3a20·6f2d·7277·780a·2020·2020·2020··de:·o-rwx.······
0004a020:·7374·6174·653a·2070·7265·7365·6e74·0a20··state:·present.·0004a020:·7374·6174·653a·2070·7265·7365·6e74·0a20··state:·present.·
0004a030:·2020·2077·6865·6e3a·2073·7973·6361·6c6c·····when:·syscall0004a030:·2020·2077·6865·6e3a·2073·7973·6361·6c6c·····when:·syscall
0004a040:·735f·666f·756e·6420·7c20·6c65·6e67·7468··s_found·|·length0004a040:·735f·666f·756e·6420·7c20·6c65·6e67·7468··s_found·|·length
0004a050:·203d·3d20·300a·2020·7768·656e·3a0a·2020···==·0.··when:.··0004a050:·203d·3d20·300a·2020·7768·656e·3a0a·2020···==·0.··when:.··
0004a060:·2d20·2722·6175·6469·7422·2069·6e20·616e··-·'"audit"·in·an 
0004a070:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack 
0004a080:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl 
0004a090:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization 
0004a0a0:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d 
0004a0b0:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·" 
0004a0c0:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman 
0004a0d0:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].0004a060:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
 0004a070:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
 0004a080:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
 0004a090:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
 0004a0a0:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
 0004a0b0:·6169·6e65·7222·5d0a·2020·2d20·2722·6175··ainer"].··-·'"au
 0004a0c0:·6469·7422·2069·6e20·616e·7369·626c·655f··dit"·in·ansible_
 0004a0d0:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.
0004a0e0:·2020·2d20·6175·6469·745f·6172·6368·203d····-·audit_arch·=0004a0e0:·2020·2d20·6175·6469·745f·6172·6368·203d····-·audit_arch·=
0004a0f0:·3d20·2262·3634·220a·2020·7461·6773·3a0a··=·"b64".··tags:.0004a0f0:·3d20·2262·3634·220a·2020·7461·6773·3a0a··=·"b64".··tags:.
0004a100:·2020·2d20·434a·4953·2d35·2e34·2e31·2e31····-·CJIS-5.4.1.10004a100:·2020·2d20·434a·4953·2d35·2e34·2e31·2e31····-·CJIS-5.4.1.1
0004a110:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-170004a110:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17
0004a120:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST0004a120:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST
0004a130:·2d38·3030·2d35·332d·4143·2d36·2839·290a··-800-53-AC-6(9).0004a130:·2d38·3030·2d35·332d·4143·2d36·2839·290a··-800-53-AC-6(9).
0004a140:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-0004a140:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-
Offset 22393, 23 lines modifiedOffset 22393, 23 lines modified
00057780:·2063·6f6e·7461·696e·733a·205e·5c73·2a2d···contains:·^\s*-00057780:·2063·6f6e·7461·696e·733a·205e·5c73·2a2d···contains:·^\s*-
00057790:·775c·732b·2f65·7463·2f73·7564·6f65·7273··w\s+/etc/sudoers00057790:·775c·732b·2f65·7463·2f73·7564·6f65·7273··w\s+/etc/sudoers
000577a0:·5c73·2b2d·705c·732b·7761·285c·737c·2429··\s+-p\s+wa(\s|$)000577a0:·5c73·2b2d·705c·732b·7761·285c·737c·2429··\s+-p\s+wa(\s|$)
000577b0:·2b0a·2020·2020·7061·7474·6572·6e73·3a20··+.····patterns:·000577b0:·2b0a·2020·2020·7061·7474·6572·6e73·3a20··+.····patterns:·
000577c0:·272a·2e72·756c·6573·270a·2020·7265·6769··'*.rules'.··regi000577c0:·272a·2e72·756c·6573·270a·2020·7265·6769··'*.rules'.··regi
000577d0:·7374·6572·3a20·6669·6e64·5f65·7869·7374··ster:·find_exist000577d0:·7374·6572·3a20·6669·6e64·5f65·7869·7374··ster:·find_exist
000577e0:·696e·675f·7761·7463·685f·7275·6c65·735f··ing_watch_rules_000577e0:·696e·675f·7761·7463·685f·7275·6c65·735f··ing_watch_rules_
000577f0:·640a·2020·7768·656e·3a0a·2020·2d20·2722··d.··when:.··-·'"000577f0:·640a·2020·7768·656e·3a0a·2020·2d20·616e··d.··when:.··-·an
00057800:·6175·6469·7422·2069·6e20·616e·7369·626c··audit"·in·ansibl 
00057810:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages 
00057820:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi 
00057830:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ 
00057840:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke 
00057850:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open 
00057860:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·" 
00057870:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta00057800:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
 00057810:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
 00057820:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
 00057830:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
 00057840:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
 00057850:·7222·5d0a·2020·2d20·2722·6175·6469·7422··r"].··-·'"audit"
 00057860:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 00057870:·732e·7061·636b·6167·6573·270a·2020·7461··s.packages'.··ta
00057880:·6773·3a0a·2020·2d20·434a·4953·2d35·2e34··gs:.··-·CJIS-5.400057880:·6773·3a0a·2020·2d20·434a·4953·2d35·2e34··gs:.··-·CJIS-5.4
00057890:·2e31·2e31·0a20·202d·204e·4953·542d·3830··.1.1.··-·NIST-8000057890:·2e31·2e31·0a20·202d·204e·4953·542d·3830··.1.1.··-·NIST-80
000578a0:·302d·3137·312d·332e·312e·370a·2020·2d20··0-171-3.1.7.··-·000578a0:·302d·3137·312d·332e·312e·370a·2020·2d20··0-171-3.1.7.··-·
000578b0:·4e49·5354·2d38·3030·2d35·332d·4143·2d32··NIST-800-53-AC-2000578b0:·4e49·5354·2d38·3030·2d35·332d·4143·2d32··NIST-800-53-AC-2
000578c0:·2837·2928·6229·0a20·202d·204e·4953·542d··(7)(b).··-·NIST-000578c0:·2837·2928·6229·0a20·202d·204e·4953·542d··(7)(b).··-·NIST-
000578d0:·3830·302d·3533·2d41·432d·3628·3929·0a20··800-53-AC-6(9).·000578d0:·3830·302d·3533·2d41·432d·3628·3929·0a20··800-53-AC-6(9).·
000578e0:·202d·204e·4953·542d·3830·302d·3533·2d41···-·NIST-800-53-A000578e0:·202d·204e·4953·542d·3830·302d·3533·2d41···-·NIST-800-53-A
Offset 22437, 23 lines modifiedOffset 22437, 23 lines modified
00057a40:·6574·632f·6175·6469·742f·7275·6c65·732e··etc/audit/rules.00057a40:·6574·632f·6175·6469·742f·7275·6c65·732e··etc/audit/rules.
00057a50:·640a·2020·2020·636f·6e74·6169·6e73·3a20··d.····contains:·00057a50:·640a·2020·2020·636f·6e74·6169·6e73·3a20··d.····contains:·
00057a60:·5e2e·2a28·3f3a·2d46·206b·6579·3d7c·2d6b··^.*(?:-F·key=|-k00057a60:·5e2e·2a28·3f3a·2d46·206b·6579·3d7c·2d6b··^.*(?:-F·key=|-k
00057a70:·5c73·2b29·6163·7469·6f6e·7324·0a20·2020··\s+)actions$.···00057a70:·5c73·2b29·6163·7469·6f6e·7324·0a20·2020··\s+)actions$.···
00057a80:·2070·6174·7465·726e·733a·2027·2a2e·7275···patterns:·'*.ru00057a80:·2070·6174·7465·726e·733a·2027·2a2e·7275···patterns:·'*.ru
Max diff block lines reached; 30698/39798 bytes (77.13%) of diff not shown.
11.1 KB
html2text {}
    
Offset 369, 16 lines modifiedOffset 369, 16 lines modified
369 ··-·no_reboot_needed369 ··-·no_reboot_needed
370 ··-·restrict_strategy370 ··-·restrict_strategy
  
371 -·name:·Set·architecture·for·audit·tasks371 -·name:·Set·architecture·for·audit·tasks
372 ··set_fact:372 ··set_fact:
373 ····audit_arch:·b64373 ····audit_arch:·b64
374 ··when:374 ··when:
375 ··-·'"audit"·in·ansible_facts.packages' 
376 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]375 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 376 ··-·'"audit"·in·ansible_facts.packages'
377 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture377 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
378 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"378 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
379 ··tags:379 ··tags:
380 ··-·CJIS-5.4.1.1380 ··-·CJIS-5.4.1.1
381 ··-·NIST-800-171-3.1.7381 ··-·NIST-800-171-3.1.7
382 ··-·NIST-800-53-AC-6(9)382 ··-·NIST-800-53-AC-6(9)
383 ··-·NIST-800-53-AU-12(c)383 ··-·NIST-800-53-AU-12(c)
Offset 513, 16 lines modifiedOffset 513, 16 lines modified
513 ······path:·'{{·audit_file·}}'513 ······path:·'{{·audit_file·}}'
514 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_time_rules514 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_time_rules
515 ······create:·true515 ······create:·true
516 ······mode:·o-rwx516 ······mode:·o-rwx
517 ······state:·present517 ······state:·present
518 ····when:·syscalls_found·|·length·==·0518 ····when:·syscalls_found·|·length·==·0
519 ··when:519 ··when:
520 ··-·'"audit"·in·ansible_facts.packages' 
521 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]520 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 521 ··-·'"audit"·in·ansible_facts.packages'
522 ··tags:522 ··tags:
523 ··-·CJIS-5.4.1.1523 ··-·CJIS-5.4.1.1
524 ··-·NIST-800-171-3.1.7524 ··-·NIST-800-171-3.1.7
525 ··-·NIST-800-53-AC-6(9)525 ··-·NIST-800-53-AC-6(9)
526 ··-·NIST-800-53-AU-12(c)526 ··-·NIST-800-53-AU-12(c)
527 ··-·NIST-800-53-AU-2(d)527 ··-·NIST-800-53-AU-2(d)
528 ··-·NIST-800-53-CM-6(a)528 ··-·NIST-800-53-CM-6(a)
Offset 654, 16 lines modifiedOffset 654, 16 lines modified
654 ······path:·'{{·audit_file·}}'654 ······path:·'{{·audit_file·}}'
655 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_time_rules655 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_time_rules
656 ······create:·true656 ······create:·true
657 ······mode:·o-rwx657 ······mode:·o-rwx
658 ······state:·present658 ······state:·present
659 ····when:·syscalls_found·|·length·==·0659 ····when:·syscalls_found·|·length·==·0
660 ··when:660 ··when:
661 ··-·'"audit"·in·ansible_facts.packages' 
662 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]661 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 662 ··-·'"audit"·in·ansible_facts.packages'
663 ··-·audit_arch·==·"b64"663 ··-·audit_arch·==·"b64"
664 ··tags:664 ··tags:
665 ··-·CJIS-5.4.1.1665 ··-·CJIS-5.4.1.1
666 ··-·NIST-800-171-3.1.7666 ··-·NIST-800-171-3.1.7
667 ··-·NIST-800-53-AC-6(9)667 ··-·NIST-800-53-AC-6(9)
668 ··-·NIST-800-53-AU-12(c)668 ··-·NIST-800-53-AU-12(c)
669 ··-·NIST-800-53-AU-2(d)669 ··-·NIST-800-53-AU-2(d)
Offset 831, 16 lines modifiedOffset 831, 16 lines modified
831 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/831 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
832 ··find:832 ··find:
833 ····paths:·/etc/audit/rules.d833 ····paths:·/etc/audit/rules.d
834 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+834 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
835 ····patterns:·'*.rules'835 ····patterns:·'*.rules'
836 ··register:·find_existing_watch_rules_d836 ··register:·find_existing_watch_rules_d
837 ··when:837 ··when:
838 ··-·'"audit"·in·ansible_facts.packages' 
839 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]838 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 839 ··-·'"audit"·in·ansible_facts.packages'
840 ··tags:840 ··tags:
841 ··-·CJIS-5.4.1.1841 ··-·CJIS-5.4.1.1
842 ··-·NIST-800-171-3.1.7842 ··-·NIST-800-171-3.1.7
843 ··-·NIST-800-53-AC-2(7)(b)843 ··-·NIST-800-53-AC-2(7)(b)
844 ··-·NIST-800-53-AC-6(9)844 ··-·NIST-800-53-AC-6(9)
845 ··-·NIST-800-53-AU-12(c)845 ··-·NIST-800-53-AU-12(c)
846 ··-·NIST-800-53-AU-2(d)846 ··-·NIST-800-53-AU-2(d)
Offset 857, 16 lines modifiedOffset 857, 16 lines modified
857 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions857 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
858 ··find:858 ··find:
859 ····paths:·/etc/audit/rules.d859 ····paths:·/etc/audit/rules.d
860 ····contains:·^.*(?:-F·key=|-k\s+)actions$860 ····contains:·^.*(?:-F·key=|-k\s+)actions$
861 ····patterns:·'*.rules'861 ····patterns:·'*.rules'
862 ··register:·find_watch_key862 ··register:·find_watch_key
863 ··when:863 ··when:
864 ··-·'"audit"·in·ansible_facts.packages' 
865 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]864 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 865 ··-·'"audit"·in·ansible_facts.packages'
866 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched866 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
867 ····==·0867 ····==·0
868 ··tags:868 ··tags:
869 ··-·CJIS-5.4.1.1869 ··-·CJIS-5.4.1.1
870 ··-·NIST-800-171-3.1.7870 ··-·NIST-800-171-3.1.7
871 ··-·NIST-800-53-AC-2(7)(b)871 ··-·NIST-800-53-AC-2(7)(b)
872 ··-·NIST-800-53-AC-6(9)872 ··-·NIST-800-53-AC-6(9)
Offset 883, 16 lines modifiedOffset 883, 16 lines modified
883 ··-·restrict_strategy883 ··-·restrict_strategy
  
884 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule884 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule
885 ··set_fact:885 ··set_fact:
886 ····all_files:886 ····all_files:
887 ····-·/etc/audit/rules.d/actions.rules887 ····-·/etc/audit/rules.d/actions.rules
888 ··when:888 ··when:
889 ··-·'"audit"·in·ansible_facts.packages' 
890 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]889 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 890 ··-·'"audit"·in·ansible_facts.packages'
891 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and891 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and
892 find_existing_watch_rules_d.matched892 find_existing_watch_rules_d.matched
893 ····is·defined·and·find_existing_watch_rules_d.matched·==·0893 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
894 ··tags:894 ··tags:
895 ··-·CJIS-5.4.1.1895 ··-·CJIS-5.4.1.1
896 ··-·NIST-800-171-3.1.7896 ··-·NIST-800-171-3.1.7
897 ··-·NIST-800-53-AC-2(7)(b)897 ··-·NIST-800-53-AC-2(7)(b)
Offset 910, 16 lines modifiedOffset 910, 16 lines modified
910 ··-·restrict_strategy910 ··-·restrict_strategy
  
911 -·name:·Use·matched·file·as·the·recipient·for·the·rule911 -·name:·Use·matched·file·as·the·recipient·for·the·rule
912 ··set_fact:912 ··set_fact:
913 ····all_files:913 ····all_files:
914 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'914 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
915 ··when:915 ··when:
916 ··-·'"audit"·in·ansible_facts.packages' 
917 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]916 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 917 ··-·'"audit"·in·ansible_facts.packages'
918 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and918 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and
919 find_existing_watch_rules_d.matched919 find_existing_watch_rules_d.matched
920 ····is·defined·and·find_existing_watch_rules_d.matched·==·0920 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
921 ··tags:921 ··tags:
922 ··-·CJIS-5.4.1.1922 ··-·CJIS-5.4.1.1
923 ··-·NIST-800-171-3.1.7923 ··-·NIST-800-171-3.1.7
924 ··-·NIST-800-53-AC-2(7)(b)924 ··-·NIST-800-53-AC-2(7)(b)
Offset 939, 16 lines modifiedOffset 939, 16 lines modified
939 -·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/939 -·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/
Max diff block lines reached; 6978/11357 bytes (61.44%) of diff not shown.
16.8 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu2004-guide-cis_level1_server.html
    
Offset 38517, 22 lines modifiedOffset 38517, 22 lines modified
00096740:·616d·653a·2054·6573·7420·666f·7220·6578··ame:·Test·for·ex00096740:·616d·653a·2054·6573·7420·666f·7220·6578··ame:·Test·for·ex
00096750:·6973·7465·6e63·6520·2f62·6f6f·742f·6772··istence·/boot/gr00096750:·6973·7465·6e63·6520·2f62·6f6f·742f·6772··istence·/boot/gr
00096760:·7562·2f67·7275·622e·6366·670a·2020·7374··ub/grub.cfg.··st00096760:·7562·2f67·7275·622e·6366·670a·2020·7374··ub/grub.cfg.··st
00096770:·6174·3a0a·2020·2020·7061·7468·3a20·2f62··at:.····path:·/b00096770:·6174·3a0a·2020·2020·7061·7468·3a20·2f62··at:.····path:·/b
00096780:·6f6f·742f·6772·7562·2f67·7275·622e·6366··oot/grub/grub.cf00096780:·6f6f·742f·6772·7562·2f67·7275·622e·6366··oot/grub/grub.cf
00096790:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi00096790:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi
000967a0:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when000967a0:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when
000967b0:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef 
000967c0:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl 
000967d0:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a 
000967e0:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount" 
000967f0:·2920·7c20·6c69·7374·270a·2020·2d20·2722··)·|·list'.··-·'" 
00096800:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in 
00096810:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
00096820:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans000967b0:·3a0a·2020·2d20·2722·6772·7562·322d·636f··:.··-·'"grub2-co
 000967c0:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible
 000967d0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 000967e0:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi
 000967f0:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible
 00096800:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at
 00096810:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount")
 00096820:·207c·206c·6973·7427·0a20·202d·2061·6e73···|·list'.··-·ans
00096830:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat00096830:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
00096840:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·00096840:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
00096850:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"00096850:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
00096860:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod00096860:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
00096870:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container00096870:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
00096880:·225d·0a20·2074·6167·733a·0a20·202d·2043··"].··tags:.··-·C00096880:·225d·0a20·2074·6167·733a·0a20·202d·2043··"].··tags:.··-·C
00096890:·4a49·532d·352e·352e·322e·320a·2020·2d20··JIS-5.5.2.2.··-·00096890:·4a49·532d·352e·352e·322e·320a·2020·2d20··JIS-5.5.2.2.··-·
Offset 38552, 22 lines modifiedOffset 38552, 22 lines modified
00096970:·6565·6465·640a·0a2d·206e·616d·653a·2045··eeded..-·name:·E00096970:·6565·6465·640a·0a2d·206e·616d·653a·2045··eeded..-·name:·E
00096980:·6e73·7572·6520·6f77·6e65·7220·3020·6f6e··nsure·owner·0·on00096980:·6e73·7572·6520·6f77·6e65·7220·3020·6f6e··nsure·owner·0·on
00096990:·202f·626f·6f74·2f67·7275·622f·6772·7562···/boot/grub/grub00096990:·202f·626f·6f74·2f67·7275·622f·6772·7562···/boot/grub/grub
000969a0:·2e63·6667·0a20·2066·696c·653a·0a20·2020··.cfg.··file:.···000969a0:·2e63·6667·0a20·2066·696c·653a·0a20·2020··.cfg.··file:.···
000969b0:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru000969b0:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru
000969c0:·622f·6772·7562·2e63·6667·0a20·2020·206f··b/grub.cfg.····o000969c0:·622f·6772·7562·2e63·6667·0a20·2020·206f··b/grub.cfg.····o
000969d0:·776e·6572·3a20·2730·270a·2020·7768·656e··wner:·'0'.··when000969d0:·776e·6572·3a20·2730·270a·2020·7768·656e··wner:·'0'.··when
000969e0:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef 
000969f0:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl 
00096a00:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a 
00096a10:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount" 
00096a20:·2920·7c20·6c69·7374·270a·2020·2d20·2722··)·|·list'.··-·'" 
00096a30:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in 
00096a40:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
00096a50:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans000969e0:·3a0a·2020·2d20·2722·6772·7562·322d·636f··:.··-·'"grub2-co
 000969f0:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible
 00096a00:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 00096a10:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi
 00096a20:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible
 00096a30:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at
 00096a40:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount")
 00096a50:·207c·206c·6973·7427·0a20·202d·2061·6e73···|·list'.··-·ans
00096a60:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat00096a60:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
00096a70:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·00096a70:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
00096a80:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"00096a80:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
00096a90:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod00096a90:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
00096aa0:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container00096aa0:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
00096ab0:·225d·0a20·202d·2066·696c·655f·6578·6973··"].··-·file_exis00096ab0:·225d·0a20·202d·2066·696c·655f·6578·6973··"].··-·file_exis
00096ac0:·7473·2e73·7461·7420·6973·2064·6566·696e··ts.stat·is·defin00096ac0:·7473·2e73·7461·7420·6973·2064·6566·696e··ts.stat·is·defin
Offset 38617, 24 lines modifiedOffset 38617, 24 lines modified
00096d80:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy00096d80:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy
00096d90:·3a3c·2f74·683e·3c74·643e·636f·6e66·6967··:</th><td>config00096d90:·3a3c·2f74·683e·3c74·643e·636f·6e66·6967··:</th><td>config
00096da0:·7572·653c·2f74·643e·3c2f·7472·3e3c·2f74··ure</td></tr></t00096da0:·7572·653c·2f74·643e·3c2f·7472·3e3c·2f74··ure</td></tr></t
00096db0:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>00096db0:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>
00096dc0:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is00096dc0:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is
00096dd0:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only00096dd0:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only
00096de0:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat00096de0:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat
00096df0:·666f·726d·730a·6966·205b·2021·202d·6620··forms.if·[·!·-f· 
00096e00:·2f73·7973·2f66·6972·6d77·6172·652f·6566··/sys/firmware/ef00096df0:·666f·726d·730a·6966·2064·706b·672d·7175··forms.if·dpkg-qu
 00096e00:·6572·7920·2d2d·7368·6f77·202d·2d73·686f··ery·--show·--sho
 00096e10:·7766·6f72·6d61·743d·2724·7b64·623a·5374··wformat='${db:St
 00096e20:·6174·7573·2d53·7461·7475·737d·5c6e·2720··atus-Status}\n'·
 00096e30:·2767·7275·6232·2d63·6f6d·6d6f·6e27·2032··'grub2-common'·2
 00096e40:·2667·743b·2f64·6576·2f6e·756c·6c20·7c20··&gt;/dev/null·|·
 00096e50:·6772·6570·202d·7120·696e·7374·616c·6c65··grep·-q·installe
00096e10:·6920·5d20·2661·6d70·3b26·616d·703b·2064··i·]·&amp;&amp;·d00096e60:·6420·2661·6d70·3b26·616d·703b·205b·2021··d·&amp;&amp;·[·!
 00096e70:·202d·6620·2f73·7973·2f66·6972·6d77·6172···-f·/sys/firmwar
 00096e80:·652f·6566·6920·5d20·2661·6d70·3b26·616d··e/efi·]·&amp;&am
00096e20:·706b·672d·7175·6572·7920·2d2d·7368·6f77··pkg-query·--show 
00096e30:·202d·2d73·686f·7766·6f72·6d61·743d·2724···--showformat='$ 
00096e40:·7b64·623a·5374·6174·7573·2d53·7461·7475··{db:Status-Statu 
00096e50:·737d·5c6e·2720·2767·7275·6232·2d63·6f6d··s}\n'·'grub2-com 
00096e60:·6d6f·6e27·2032·2667·743b·2f64·6576·2f6e··mon'·2&gt;/dev/n 
00096e70:·756c·6c20·7c20·6772·6570·202d·7120·696e··ull·|·grep·-q·in 
00096e80:·7374·616c·6c65·6420·2661·6d70·3b26·616d··stalled·&amp;&am 
00096e90:·703b·207b·205b·2021·202d·6620·2f2e·646f··p;·{·[·!·-f·/.do00096e90:·703b·207b·205b·2021·202d·6620·2f2e·646f··p;·{·[·!·-f·/.do
00096ea0:·636b·6572·656e·7620·5d20·2661·6d70·3b26··ckerenv·]·&amp;&00096ea0:·636b·6572·656e·7620·5d20·2661·6d70·3b26··ckerenv·]·&amp;&
00096eb0:·616d·703b·205b·2021·202d·6620·2f72·756e··amp;·[·!·-f·/run00096eb0:·616d·703b·205b·2021·202d·6620·2f72·756e··amp;·[·!·-f·/run
00096ec0:·2f2e·636f·6e74·6169·6e65·7265·6e76·205d··/.containerenv·]00096ec0:·2f2e·636f·6e74·6169·6e65·7265·6e76·205d··/.containerenv·]
00096ed0:·3b20·7d3b·2074·6865·6e0a·0a63·686f·776e··;·};·then..chown00096ed0:·3b20·7d3b·2074·6865·6e0a·0a63·686f·776e··;·};·then..chown
00096ee0:·2030·202f·626f·6f74·2f67·7275·622f·6772···0·/boot/grub/gr00096ee0:·2030·202f·626f·6f74·2f67·7275·622f·6772···0·/boot/grub/gr
00096ef0:·7562·2e63·6667·0a0a·656c·7365·0a20·2020··ub.cfg..else.···00096ef0:·7562·2e63·6667·0a0a·656c·7365·0a20·2020··ub.cfg..else.···
Offset 39085, 22 lines modifiedOffset 39085, 22 lines modified
00098ac0:·0a2d·206e·616d·653a·2054·6573·7420·666f··.-·name:·Test·fo00098ac0:·0a2d·206e·616d·653a·2054·6573·7420·666f··.-·name:·Test·fo
00098ad0:·7220·6578·6973·7465·6e63·6520·2f62·6f6f··r·existence·/boo00098ad0:·7220·6578·6973·7465·6e63·6520·2f62·6f6f··r·existence·/boo
00098ae0:·742f·6772·7562·2f67·7275·622e·6366·670a··t/grub/grub.cfg.00098ae0:·742f·6772·7562·2f67·7275·622e·6366·670a··t/grub/grub.cfg.
00098af0:·2020·7374·6174·3a0a·2020·2020·7061·7468····stat:.····path00098af0:·2020·7374·6174·3a0a·2020·2020·7061·7468····stat:.····path
00098b00:·3a20·2f62·6f6f·742f·6772·7562·2f67·7275··:·/boot/grub/gru00098b00:·3a20·2f62·6f6f·742f·6772·7562·2f67·7275··:·/boot/grub/gru
00098b10:·622e·6366·670a·2020·7265·6769·7374·6572··b.cfg.··register00098b10:·622e·6366·670a·2020·7265·6769·7374·6572··b.cfg.··register
00098b20:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··00098b20:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··
00098b30:·7768·656e·3a0a·2020·2d20·2722·2f62·6f6f··when:.··-·'"/boo00098b30:·7768·656e·3a0a·2020·2d20·2722·6772·7562··when:.··-·'"grub
00098b40:·742f·6566·6922·206e·6f74·2069·6e20·616e··t/efi"·not·in·an 
00098b50:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m 
00098b60:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo 
00098b70:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.·· 
00098b80:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common 
00098b90:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
00098ba0:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-00098b40:·322d·636f·6d6d·6f6e·2220·696e·2061·6e73··2-common"·in·ans
 00098b50:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
 00098b60:·6765·7327·0a20·202d·2027·222f·626f·6f74··ges'.··-·'"/boot
 00098b70:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans
 00098b80:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma
 00098b90:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou
 00098ba0:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··-
00098bb0:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual00098bb0:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
00098bc0:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not00098bc0:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
00098bd0:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"00098bd0:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
00098be0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·00098be0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
00098bf0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta00098bf0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
00098c00:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·00098c00:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·
00098c10:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-00098c10:·202d·204e·4953·542d·3830·302d·3137·312d···-·NIST-800-171-
Offset 39121, 21 lines modifiedOffset 39121, 21 lines modified
00098d00:·732c·6f2d·7877·7274·206f·6e20·2f62·6f6f··s,o-xwrt·on·/boo00098d00:·732c·6f2d·7877·7274·206f·6e20·2f62·6f6f··s,o-xwrt·on·/boo
00098d10:·742f·6772·7562·2f67·7275·622e·6366·670a··t/grub/grub.cfg.00098d10:·742f·6772·7562·2f67·7275·622e·6366·670a··t/grub/grub.cfg.
00098d20:·2020·6669·6c65·3a0a·2020·2020·7061·7468····file:.····path00098d20:·2020·6669·6c65·3a0a·2020·2020·7061·7468····file:.····path
00098d30:·3a20·2f62·6f6f·742f·6772·7562·2f67·7275··:·/boot/grub/gru00098d30:·3a20·2f62·6f6f·742f·6772·7562·2f67·7275··:·/boot/grub/gru
00098d40:·622e·6366·670a·2020·2020·6d6f·6465·3a20··b.cfg.····mode:·00098d40:·622e·6366·670a·2020·2020·6d6f·6465·3a20··b.cfg.····mode:·
Max diff block lines reached; 3890/12990 bytes (29.95%) of diff not shown.
3.94 KB
html2text {}
    
Offset 3223, 16 lines modifiedOffset 3223, 16 lines modified
3223 ··-·no_reboot_needed3223 ··-·no_reboot_needed
  
3224 -·name:·Test·for·existence·/boot/grub/grub.cfg3224 -·name:·Test·for·existence·/boot/grub/grub.cfg
3225 ··stat:3225 ··stat:
3226 ····path:·/boot/grub/grub.cfg3226 ····path:·/boot/grub/grub.cfg
3227 ··register:·file_exists3227 ··register:·file_exists
3228 ··when:3228 ··when:
3229 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3230 ··-·'"grub2-common"·in·ansible_facts.packages'3229 ··-·'"grub2-common"·in·ansible_facts.packages'
 3230 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
3231 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3231 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3232 ··tags:3232 ··tags:
3233 ··-·CJIS-5.5.2.23233 ··-·CJIS-5.5.2.2
3234 ··-·NIST-800-171-3.4.53234 ··-·NIST-800-171-3.4.5
3235 ··-·NIST-800-53-AC-6(1)3235 ··-·NIST-800-53-AC-6(1)
3236 ··-·NIST-800-53-CM-6(a)3236 ··-·NIST-800-53-CM-6(a)
3237 ··-·PCI-DSS-Req-7.13237 ··-·PCI-DSS-Req-7.1
Offset 3244, 16 lines modifiedOffset 3244, 16 lines modified
3244 ··-·no_reboot_needed3244 ··-·no_reboot_needed
  
3245 -·name:·Ensure·owner·0·on·/boot/grub/grub.cfg3245 -·name:·Ensure·owner·0·on·/boot/grub/grub.cfg
3246 ··file:3246 ··file:
3247 ····path:·/boot/grub/grub.cfg3247 ····path:·/boot/grub/grub.cfg
3248 ····owner:·'0'3248 ····owner:·'0'
3249 ··when:3249 ··when:
3250 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3251 ··-·'"grub2-common"·in·ansible_facts.packages'3250 ··-·'"grub2-common"·in·ansible_facts.packages'
 3251 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
3252 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3252 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3253 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists3253 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
3254 ··tags:3254 ··tags:
3255 ··-·CJIS-5.5.2.23255 ··-·CJIS-5.5.2.2
3256 ··-·NIST-800-171-3.4.53256 ··-·NIST-800-171-3.4.5
3257 ··-·NIST-800-53-AC-6(1)3257 ··-·NIST-800-53-AC-6(1)
3258 ··-·NIST-800-53-CM-6(a)3258 ··-·NIST-800-53-CM-6(a)
Offset 3265, 16 lines modifiedOffset 3265, 16 lines modified
3265 ··-·medium_severity3265 ··-·medium_severity
3266 ··-·no_reboot_needed3266 ··-·no_reboot_needed
3267 Remediation_Shell_script_⇲3267 Remediation_Shell_script_⇲
3268 Complexity:·low3268 Complexity:·low
3269 Disruption:·low3269 Disruption:·low
3270 Strategy:···configure3270 Strategy:···configure
3271 #·Remediation·is·applicable·only·in·certain·platforms3271 #·Remediation·is·applicable·only·in·certain·platforms
3272 if·[·!·-f·/sys/firmware/efi·]·&&·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/dev/3272 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/dev/null·|·grep·-q·installed·&&·[·!
3273 null·|·grep·-q·installed·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then3273 -f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
3274 chown·0·/boot/grub/grub.cfg3274 chown·0·/boot/grub/grub.cfg
  
3275 else3275 else
3276 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'3276 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
3277 fi3277 fi
3278 ***·Rule  ·Verify·/boot/grub/grub.cfg·Permissions·  [ref]·***3278 ***·Rule  ·Verify·/boot/grub/grub.cfg·Permissions·  [ref]·***
Offset 3310, 16 lines modifiedOffset 3310, 16 lines modified
3310 ··-·no_reboot_needed3310 ··-·no_reboot_needed
  
3311 -·name:·Test·for·existence·/boot/grub/grub.cfg3311 -·name:·Test·for·existence·/boot/grub/grub.cfg
3312 ··stat:3312 ··stat:
3313 ····path:·/boot/grub/grub.cfg3313 ····path:·/boot/grub/grub.cfg
3314 ··register:·file_exists3314 ··register:·file_exists
3315 ··when:3315 ··when:
3316 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3317 ··-·'"grub2-common"·in·ansible_facts.packages'3316 ··-·'"grub2-common"·in·ansible_facts.packages'
 3317 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
3318 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3318 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3319 ··tags:3319 ··tags:
3320 ··-·NIST-800-171-3.4.53320 ··-·NIST-800-171-3.4.5
3321 ··-·NIST-800-53-AC-6(1)3321 ··-·NIST-800-53-AC-6(1)
3322 ··-·NIST-800-53-CM-6(a)3322 ··-·NIST-800-53-CM-6(a)
3323 ··-·configure_strategy3323 ··-·configure_strategy
3324 ··-·file_permissions_grub2_cfg3324 ··-·file_permissions_grub2_cfg
Offset 3329, 16 lines modifiedOffset 3329, 16 lines modified
3329 ··-·no_reboot_needed3329 ··-·no_reboot_needed
  
3330 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg3330 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg
3331 ··file:3331 ··file:
3332 ····path:·/boot/grub/grub.cfg3332 ····path:·/boot/grub/grub.cfg
3333 ····mode:·u-xs,g-xwrs,o-xwrt3333 ····mode:·u-xs,g-xwrs,o-xwrt
3334 ··when:3334 ··when:
3335 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3336 ··-·'"grub2-common"·in·ansible_facts.packages'3335 ··-·'"grub2-common"·in·ansible_facts.packages'
 3336 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
3337 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3337 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3338 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists3338 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
3339 ··tags:3339 ··tags:
3340 ··-·NIST-800-171-3.4.53340 ··-·NIST-800-171-3.4.5
3341 ··-·NIST-800-53-AC-6(1)3341 ··-·NIST-800-53-AC-6(1)
3342 ··-·NIST-800-53-CM-6(a)3342 ··-·NIST-800-53-CM-6(a)
3343 ··-·configure_strategy3343 ··-·configure_strategy
Offset 3348, 16 lines modifiedOffset 3348, 16 lines modified
3348 ··-·medium_severity3348 ··-·medium_severity
3349 ··-·no_reboot_needed3349 ··-·no_reboot_needed
3350 Remediation_Shell_script_⇲3350 Remediation_Shell_script_⇲
3351 Complexity:·low3351 Complexity:·low
3352 Disruption:·low3352 Disruption:·low
3353 Strategy:···configure3353 Strategy:···configure
3354 #·Remediation·is·applicable·only·in·certain·platforms3354 #·Remediation·is·applicable·only·in·certain·platforms
3355 if·[·!·-f·/sys/firmware/efi·]·&&·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/3355 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/dev/null·|·grep·-q·installed·&&
3356 dev/null·|·grep·-q·installed·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then3356 [·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
3357 chmod·u-xs,g-xwrs,o-xwrt·/boot/grub/grub.cfg3357 chmod·u-xs,g-xwrs,o-xwrt·/boot/grub/grub.cfg
  
3358 else3358 else
3359 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'3359 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
3360 fi3360 fi
3361 ***·Rule  ·Set·Boot·Loader·Password·in·grub2·  [ref]·***3361 ***·Rule  ·Set·Boot·Loader·Password·in·grub2·  [ref]·***
16.8 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu2004-guide-cis_level1_workstation.html
    
Offset 40080, 22 lines modifiedOffset 40080, 22 lines modified
0009c8f0:·6564·0a0a·2d20·6e61·6d65·3a20·5465·7374··ed..-·name:·Test0009c8f0:·6564·0a0a·2d20·6e61·6d65·3a20·5465·7374··ed..-·name:·Test
0009c900:·2066·6f72·2065·7869·7374·656e·6365·202f···for·existence·/0009c900:·2066·6f72·2065·7869·7374·656e·6365·202f···for·existence·/
0009c910:·626f·6f74·2f67·7275·622f·6772·7562·2e63··boot/grub/grub.c0009c910:·626f·6f74·2f67·7275·622f·6772·7562·2e63··boot/grub/grub.c
0009c920:·6667·0a20·2073·7461·743a·0a20·2020·2070··fg.··stat:.····p0009c920:·6667·0a20·2073·7461·743a·0a20·2020·2070··fg.··stat:.····p
0009c930:·6174·683a·202f·626f·6f74·2f67·7275·622f··ath:·/boot/grub/0009c930:·6174·683a·202f·626f·6f74·2f67·7275·622f··ath:·/boot/grub/
0009c940:·6772·7562·2e63·6667·0a20·2072·6567·6973··grub.cfg.··regis0009c940:·6772·7562·2e63·6667·0a20·2072·6567·6973··grub.cfg.··regis
0009c950:·7465·723a·2066·696c·655f·6578·6973·7473··ter:·file_exists0009c950:·7465·723a·2066·696c·655f·6578·6973·7473··ter:·file_exists
0009c960:·0a20·2077·6865·6e3a·0a20·202d·2027·222f··.··when:.··-·'"/0009c960:·0a20·2077·6865·6e3a·0a20·202d·2027·2267··.··when:.··-·'"g
0009c970:·626f·6f74·2f65·6669·2220·6e6f·7420·696e··boot/efi"·not·in 
0009c980:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts· 
0009c990:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute= 
0009c9a0:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list' 
0009c9b0:·0a20·202d·2027·2267·7275·6232·2d63·6f6d··.··-·'"grub2-com 
0009c9c0:·6d6f·6e22·2069·6e20·616e·7369·626c·655f··mon"·in·ansible_ 
0009c9d0:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.0009c970:·7275·6232·2d63·6f6d·6d6f·6e22·2069·6e20··rub2-common"·in·
 0009c980:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
 0009c990:·636b·6167·6573·270a·2020·2d20·2722·2f62··ckages'.··-·'"/b
 0009c9a0:·6f6f·742f·6566·6922·206e·6f74·2069·6e20··oot/efi"·not·in·
 0009c9b0:·616e·7369·626c·655f·6d6f·756e·7473·207c··ansible_mounts·|
 0009c9c0:·206d·6170·2861·7474·7269·6275·7465·3d22···map(attribute="
 0009c9d0:·6d6f·756e·7422·2920·7c20·6c69·7374·270a··mount")·|·list'.
0009c9e0:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt0009c9e0:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt
0009c9f0:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type·0009c9f0:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type·
0009ca00:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker"0009ca00:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker"
0009ca10:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz0009ca10:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz
0009ca20:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co0009ca20:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co
0009ca30:·6e74·6169·6e65·7222·5d0a·2020·7461·6773··ntainer"].··tags0009ca30:·6e74·6169·6e65·7222·5d0a·2020·7461·6773··ntainer"].··tags
0009ca40:·3a0a·2020·2d20·434a·4953·2d35·2e35·2e32··:.··-·CJIS-5.5.20009ca40:·3a0a·2020·2d20·434a·4953·2d35·2e35·2e32··:.··-·CJIS-5.5.2
Offset 40115, 22 lines modifiedOffset 40115, 22 lines modified
0009cb20:·6562·6f6f·745f·6e65·6564·6564·0a0a·2d20··eboot_needed..-·0009cb20:·6562·6f6f·745f·6e65·6564·6564·0a0a·2d20··eboot_needed..-·
0009cb30:·6e61·6d65·3a20·456e·7375·7265·206f·776e··name:·Ensure·own0009cb30:·6e61·6d65·3a20·456e·7375·7265·206f·776e··name:·Ensure·own
0009cb40:·6572·2030·206f·6e20·2f62·6f6f·742f·6772··er·0·on·/boot/gr0009cb40:·6572·2030·206f·6e20·2f62·6f6f·742f·6772··er·0·on·/boot/gr
0009cb50:·7562·2f67·7275·622e·6366·670a·2020·6669··ub/grub.cfg.··fi0009cb50:·7562·2f67·7275·622e·6366·670a·2020·6669··ub/grub.cfg.··fi
0009cb60:·6c65·3a0a·2020·2020·7061·7468·3a20·2f62··le:.····path:·/b0009cb60:·6c65·3a0a·2020·2020·7061·7468·3a20·2f62··le:.····path:·/b
0009cb70:·6f6f·742f·6772·7562·2f67·7275·622e·6366··oot/grub/grub.cf0009cb70:·6f6f·742f·6772·7562·2f67·7275·622e·6366··oot/grub/grub.cf
0009cb80:·670a·2020·2020·6f77·6e65·723a·2027·3027··g.····owner:·'0'0009cb80:·670a·2020·2020·6f77·6e65·723a·2027·3027··g.····owner:·'0'
0009cb90:·0a20·2077·6865·6e3a·0a20·202d·2027·222f··.··when:.··-·'"/0009cb90:·0a20·2077·6865·6e3a·0a20·202d·2027·2267··.··when:.··-·'"g
0009cba0:·626f·6f74·2f65·6669·2220·6e6f·7420·696e··boot/efi"·not·in 
0009cbb0:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts· 
0009cbc0:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute= 
0009cbd0:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list' 
0009cbe0:·0a20·202d·2027·2267·7275·6232·2d63·6f6d··.··-·'"grub2-com 
0009cbf0:·6d6f·6e22·2069·6e20·616e·7369·626c·655f··mon"·in·ansible_ 
0009cc00:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.0009cba0:·7275·6232·2d63·6f6d·6d6f·6e22·2069·6e20··rub2-common"·in·
 0009cbb0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
 0009cbc0:·636b·6167·6573·270a·2020·2d20·2722·2f62··ckages'.··-·'"/b
 0009cbd0:·6f6f·742f·6566·6922·206e·6f74·2069·6e20··oot/efi"·not·in·
 0009cbe0:·616e·7369·626c·655f·6d6f·756e·7473·207c··ansible_mounts·|
 0009cbf0:·206d·6170·2861·7474·7269·6275·7465·3d22···map(attribute="
 0009cc00:·6d6f·756e·7422·2920·7c20·6c69·7374·270a··mount")·|·list'.
0009cc10:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt0009cc10:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt
0009cc20:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type·0009cc20:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type·
0009cc30:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker"0009cc30:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker"
0009cc40:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz0009cc40:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz
0009cc50:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co0009cc50:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co
0009cc60:·6e74·6169·6e65·7222·5d0a·2020·2d20·6669··ntainer"].··-·fi0009cc60:·6e74·6169·6e65·7222·5d0a·2020·2d20·6669··ntainer"].··-·fi
0009cc70:·6c65·5f65·7869·7374·732e·7374·6174·2069··le_exists.stat·i0009cc70:·6c65·5f65·7869·7374·732e·7374·6174·2069··le_exists.stat·i
Offset 40181, 23 lines modifiedOffset 40181, 23 lines modified
0009cf40:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td0009cf40:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td
0009cf50:·3e63·6f6e·6669·6775·7265·3c2f·7464·3e3c··>configure</td><0009cf50:·3e63·6f6e·6669·6775·7265·3c2f·7464·3e3c··>configure</td><
0009cf60:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre0009cf60:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre
0009cf70:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia0009cf70:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia
0009cf80:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab0009cf80:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab
0009cf90:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa0009cf90:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa
0009cfa0:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·0009cfa0:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·
 0009cfb0:·6470·6b67·2d71·7565·7279·202d·2d73·686f··dpkg-query·--sho
 0009cfc0:·7720·2d2d·7368·6f77·666f·726d·6174·3d27··w·--showformat='
 0009cfd0:·247b·6462·3a53·7461·7475·732d·5374·6174··${db:Status-Stat
 0009cfe0:·7573·7d5c·6e27·2027·6772·7562·322d·636f··us}\n'·'grub2-co
 0009cff0:·6d6d·6f6e·2720·3226·6774·3b2f·6465·762f··mmon'·2&gt;/dev/
 0009d000:·6e75·6c6c·207c·2067·7265·7020·2d71·2069··null·|·grep·-q·i
 0009d010:·6e73·7461·6c6c·6564·2026·616d·703b·2661··nstalled·&amp;&a
0009cfb0:·5b20·2120·2d66·202f·7379·732f·6669·726d··[·!·-f·/sys/firm0009d020:·6d70·3b20·5b20·2120·2d66·202f·7379·732f··mp;·[·!·-f·/sys/
 0009d030:·6669·726d·7761·7265·2f65·6669·205d·2026··firmware/efi·]·&
0009cfc0:·7761·7265·2f65·6669·205d·2026·616d·703b··ware/efi·]·&amp; 
0009cfd0:·2661·6d70·3b20·6470·6b67·2d71·7565·7279··&amp;·dpkg-query 
0009cfe0:·202d·2d73·686f·7720·2d2d·7368·6f77·666f···--show·--showfo 
0009cff0:·726d·6174·3d27·247b·6462·3a53·7461·7475··rmat='${db:Statu 
0009d000:·732d·5374·6174·7573·7d5c·6e27·2027·6772··s-Status}\n'·'gr 
0009d010:·7562·322d·636f·6d6d·6f6e·2720·3226·6774··ub2-common'·2&gt 
0009d020:·3b2f·6465·762f·6e75·6c6c·207c·2067·7265··;/dev/null·|·gre 
0009d030:·7020·2d71·2069·6e73·7461·6c6c·6564·2026··p·-q·installed·& 
0009d040:·616d·703b·2661·6d70·3b20·7b20·5b20·2120··amp;&amp;·{·[·!·0009d040:·616d·703b·2661·6d70·3b20·7b20·5b20·2120··amp;&amp;·{·[·!·
0009d050:·2d66·202f·2e64·6f63·6b65·7265·6e76·205d··-f·/.dockerenv·]0009d050:·2d66·202f·2e64·6f63·6b65·7265·6e76·205d··-f·/.dockerenv·]
0009d060:·2026·616d·703b·2661·6d70·3b20·5b20·2120···&amp;&amp;·[·!·0009d060:·2026·616d·703b·2661·6d70·3b20·5b20·2120···&amp;&amp;·[·!·
0009d070:·2d66·202f·7275·6e2f·2e63·6f6e·7461·696e··-f·/run/.contain0009d070:·2d66·202f·7275·6e2f·2e63·6f6e·7461·696e··-f·/run/.contain
0009d080:·6572·656e·7620·5d3b·207d·3b20·7468·656e··erenv·];·};·then0009d080:·6572·656e·7620·5d3b·207d·3b20·7468·656e··erenv·];·};·then
0009d090:·0a0a·6368·6f77·6e20·3020·2f62·6f6f·742f··..chown·0·/boot/0009d090:·0a0a·6368·6f77·6e20·3020·2f62·6f6f·742f··..chown·0·/boot/
0009d0a0:·6772·7562·2f67·7275·622e·6366·670a·0a65··grub/grub.cfg..e0009d0a0:·6772·7562·2f67·7275·622e·6366·670a·0a65··grub/grub.cfg..e
Offset 40649, 22 lines modifiedOffset 40649, 22 lines modified
0009ec80:·5465·7374·2066·6f72·2065·7869·7374·656e··Test·for·existen0009ec80:·5465·7374·2066·6f72·2065·7869·7374·656e··Test·for·existen
0009ec90:·6365·202f·626f·6f74·2f67·7275·622f·6772··ce·/boot/grub/gr0009ec90:·6365·202f·626f·6f74·2f67·7275·622f·6772··ce·/boot/grub/gr
0009eca0:·7562·2e63·6667·0a20·2073·7461·743a·0a20··ub.cfg.··stat:.·0009eca0:·7562·2e63·6667·0a20·2073·7461·743a·0a20··ub.cfg.··stat:.·
0009ecb0:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g0009ecb0:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g
0009ecc0:·7275·622f·6772·7562·2e63·6667·0a20·2072··rub/grub.cfg.··r0009ecc0:·7275·622f·6772·7562·2e63·6667·0a20·2072··rub/grub.cfg.··r
0009ecd0:·6567·6973·7465·723a·2066·696c·655f·6578··egister:·file_ex0009ecd0:·6567·6973·7465·723a·2066·696c·655f·6578··egister:·file_ex
0009ece0:·6973·7473·0a20·2077·6865·6e3a·0a20·202d··ists.··when:.··-0009ece0:·6973·7473·0a20·2077·6865·6e3a·0a20·202d··ists.··when:.··-
0009ecf0:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no 
0009ed00:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou 
0009ed10:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib 
0009ed20:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l 
0009ed30:·6973·7427·0a20·202d·2027·2267·7275·6232··ist'.··-·'"grub2 
0009ed40:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi 
0009ed50:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag0009ecf0:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common"
 0009ed00:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 0009ed10:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·
 0009ed20:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not
 0009ed30:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun
 0009ed40:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu
 0009ed50:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li
0009ed60:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_0009ed60:·7374·270a·2020·2d20·616e·7369·626c·655f··st'.··-·ansible_
0009ed70:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t0009ed70:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
0009ed80:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc0009ed80:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
0009ed90:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op0009ed90:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
0009eda0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",0009eda0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
0009edb0:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··0009edb0:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
0009edc0:·7461·6773·3a0a·2020·2d20·4e49·5354·2d38··tags:.··-·NIST-80009edc0:·7461·6773·3a0a·2020·2d20·4e49·5354·2d38··tags:.··-·NIST-8
0009edd0:·3030·2d31·3731·2d33·2e34·2e35·0a20·202d··00-171-3.4.5.··-0009edd0:·3030·2d31·3731·2d33·2e34·2e35·0a20·202d··00-171-3.4.5.··-
Offset 40684, 22 lines modifiedOffset 40684, 22 lines modified
0009eeb0:·732c·672d·7877·7273·2c6f·2d78·7772·7420··s,g-xwrs,o-xwrt·0009eeb0:·732c·672d·7877·7273·2c6f·2d78·7772·7420··s,g-xwrs,o-xwrt·
0009eec0:·6f6e·202f·626f·6f74·2f67·7275·622f·6772··on·/boot/grub/gr0009eec0:·6f6e·202f·626f·6f74·2f67·7275·622f·6772··on·/boot/grub/gr
0009eed0:·7562·2e63·6667·0a20·2066·696c·653a·0a20··ub.cfg.··file:.·0009eed0:·7562·2e63·6667·0a20·2066·696c·653a·0a20··ub.cfg.··file:.·
0009eee0:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g0009eee0:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g
0009eef0:·7275·622f·6772·7562·2e63·6667·0a20·2020··rub/grub.cfg.···0009eef0:·7275·622f·6772·7562·2e63·6667·0a20·2020··rub/grub.cfg.···
0009ef00:·206d·6f64·653a·2075·2d78·732c·672d·7877···mode:·u-xs,g-xw0009ef00:·206d·6f64·653a·2075·2d78·732c·672d·7877···mode:·u-xs,g-xw
0009ef10:·7273·2c6f·2d78·7772·740a·2020·7768·656e··rs,o-xwrt.··when0009ef10:·7273·2c6f·2d78·7772·740a·2020·7768·656e··rs,o-xwrt.··when
0009ef20:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef 
Max diff block lines reached; 2786/12990 bytes (21.45%) of diff not shown.
3.94 KB
html2text {}
    
Offset 3459, 16 lines modifiedOffset 3459, 16 lines modified
3459 ··-·no_reboot_needed3459 ··-·no_reboot_needed
  
3460 -·name:·Test·for·existence·/boot/grub/grub.cfg3460 -·name:·Test·for·existence·/boot/grub/grub.cfg
3461 ··stat:3461 ··stat:
3462 ····path:·/boot/grub/grub.cfg3462 ····path:·/boot/grub/grub.cfg
3463 ··register:·file_exists3463 ··register:·file_exists
3464 ··when:3464 ··when:
3465 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3466 ··-·'"grub2-common"·in·ansible_facts.packages'3465 ··-·'"grub2-common"·in·ansible_facts.packages'
 3466 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
3467 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3467 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3468 ··tags:3468 ··tags:
3469 ··-·CJIS-5.5.2.23469 ··-·CJIS-5.5.2.2
3470 ··-·NIST-800-171-3.4.53470 ··-·NIST-800-171-3.4.5
3471 ··-·NIST-800-53-AC-6(1)3471 ··-·NIST-800-53-AC-6(1)
3472 ··-·NIST-800-53-CM-6(a)3472 ··-·NIST-800-53-CM-6(a)
3473 ··-·PCI-DSS-Req-7.13473 ··-·PCI-DSS-Req-7.1
Offset 3480, 16 lines modifiedOffset 3480, 16 lines modified
3480 ··-·no_reboot_needed3480 ··-·no_reboot_needed
  
3481 -·name:·Ensure·owner·0·on·/boot/grub/grub.cfg3481 -·name:·Ensure·owner·0·on·/boot/grub/grub.cfg
3482 ··file:3482 ··file:
3483 ····path:·/boot/grub/grub.cfg3483 ····path:·/boot/grub/grub.cfg
3484 ····owner:·'0'3484 ····owner:·'0'
3485 ··when:3485 ··when:
3486 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3487 ··-·'"grub2-common"·in·ansible_facts.packages'3486 ··-·'"grub2-common"·in·ansible_facts.packages'
 3487 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
3488 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3488 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3489 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists3489 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
3490 ··tags:3490 ··tags:
3491 ··-·CJIS-5.5.2.23491 ··-·CJIS-5.5.2.2
3492 ··-·NIST-800-171-3.4.53492 ··-·NIST-800-171-3.4.5
3493 ··-·NIST-800-53-AC-6(1)3493 ··-·NIST-800-53-AC-6(1)
3494 ··-·NIST-800-53-CM-6(a)3494 ··-·NIST-800-53-CM-6(a)
Offset 3501, 16 lines modifiedOffset 3501, 16 lines modified
3501 ··-·medium_severity3501 ··-·medium_severity
3502 ··-·no_reboot_needed3502 ··-·no_reboot_needed
3503 Remediation_Shell_script_⇲3503 Remediation_Shell_script_⇲
3504 Complexity:·low3504 Complexity:·low
3505 Disruption:·low3505 Disruption:·low
3506 Strategy:···configure3506 Strategy:···configure
3507 #·Remediation·is·applicable·only·in·certain·platforms3507 #·Remediation·is·applicable·only·in·certain·platforms
3508 if·[·!·-f·/sys/firmware/efi·]·&&·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/dev/3508 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/dev/null·|·grep·-q·installed·&&·[·!
3509 null·|·grep·-q·installed·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then3509 -f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
3510 chown·0·/boot/grub/grub.cfg3510 chown·0·/boot/grub/grub.cfg
  
3511 else3511 else
3512 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'3512 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
3513 fi3513 fi
3514 ***·Rule  ·Verify·/boot/grub/grub.cfg·Permissions·  [ref]·***3514 ***·Rule  ·Verify·/boot/grub/grub.cfg·Permissions·  [ref]·***
Offset 3546, 16 lines modifiedOffset 3546, 16 lines modified
3546 ··-·no_reboot_needed3546 ··-·no_reboot_needed
  
3547 -·name:·Test·for·existence·/boot/grub/grub.cfg3547 -·name:·Test·for·existence·/boot/grub/grub.cfg
3548 ··stat:3548 ··stat:
3549 ····path:·/boot/grub/grub.cfg3549 ····path:·/boot/grub/grub.cfg
3550 ··register:·file_exists3550 ··register:·file_exists
3551 ··when:3551 ··when:
3552 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3553 ··-·'"grub2-common"·in·ansible_facts.packages'3552 ··-·'"grub2-common"·in·ansible_facts.packages'
 3553 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
3554 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3554 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3555 ··tags:3555 ··tags:
3556 ··-·NIST-800-171-3.4.53556 ··-·NIST-800-171-3.4.5
3557 ··-·NIST-800-53-AC-6(1)3557 ··-·NIST-800-53-AC-6(1)
3558 ··-·NIST-800-53-CM-6(a)3558 ··-·NIST-800-53-CM-6(a)
3559 ··-·configure_strategy3559 ··-·configure_strategy
3560 ··-·file_permissions_grub2_cfg3560 ··-·file_permissions_grub2_cfg
Offset 3565, 16 lines modifiedOffset 3565, 16 lines modified
3565 ··-·no_reboot_needed3565 ··-·no_reboot_needed
  
3566 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg3566 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg
3567 ··file:3567 ··file:
3568 ····path:·/boot/grub/grub.cfg3568 ····path:·/boot/grub/grub.cfg
3569 ····mode:·u-xs,g-xwrs,o-xwrt3569 ····mode:·u-xs,g-xwrs,o-xwrt
3570 ··when:3570 ··when:
3571 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3572 ··-·'"grub2-common"·in·ansible_facts.packages'3571 ··-·'"grub2-common"·in·ansible_facts.packages'
 3572 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
3573 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3573 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3574 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists3574 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
3575 ··tags:3575 ··tags:
3576 ··-·NIST-800-171-3.4.53576 ··-·NIST-800-171-3.4.5
3577 ··-·NIST-800-53-AC-6(1)3577 ··-·NIST-800-53-AC-6(1)
3578 ··-·NIST-800-53-CM-6(a)3578 ··-·NIST-800-53-CM-6(a)
3579 ··-·configure_strategy3579 ··-·configure_strategy
Offset 3584, 16 lines modifiedOffset 3584, 16 lines modified
3584 ··-·medium_severity3584 ··-·medium_severity
3585 ··-·no_reboot_needed3585 ··-·no_reboot_needed
3586 Remediation_Shell_script_⇲3586 Remediation_Shell_script_⇲
3587 Complexity:·low3587 Complexity:·low
3588 Disruption:·low3588 Disruption:·low
3589 Strategy:···configure3589 Strategy:···configure
3590 #·Remediation·is·applicable·only·in·certain·platforms3590 #·Remediation·is·applicable·only·in·certain·platforms
3591 if·[·!·-f·/sys/firmware/efi·]·&&·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/3591 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/dev/null·|·grep·-q·installed·&&
3592 dev/null·|·grep·-q·installed·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then3592 [·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
3593 chmod·u-xs,g-xwrs,o-xwrt·/boot/grub/grub.cfg3593 chmod·u-xs,g-xwrs,o-xwrt·/boot/grub/grub.cfg
  
3594 else3594 else
3595 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'3595 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
3596 fi3596 fi
3597 ***·Rule  ·Set·Boot·Loader·Password·in·grub2·  [ref]·***3597 ***·Rule  ·Set·Boot·Loader·Password·in·grub2·  [ref]·***
708 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu2004-guide-cis_level2_server.html
    
Offset 41162, 22 lines modifiedOffset 41162, 22 lines modified
000a0c90:·202d·2072·6573·7472·6963·745f·7374·7261···-·restrict_stra000a0c90:·202d·2072·6573·7472·6963·745f·7374·7261···-·restrict_stra
000a0ca0:·7465·6779·0a0a·2d20·6e61·6d65·3a20·5365··tegy..-·name:·Se000a0ca0:·7465·6779·0a0a·2d20·6e61·6d65·3a20·5365··tegy..-·name:·Se
000a0cb0:·7420·6172·6368·6974·6563·7475·7265·2066··t·architecture·f000a0cb0:·7420·6172·6368·6974·6563·7475·7265·2066··t·architecture·f
000a0cc0:·6f72·2061·7564·6974·2063·686d·6f64·2074··or·audit·chmod·t000a0cc0:·6f72·2061·7564·6974·2063·686d·6f64·2074··or·audit·chmod·t
000a0cd0:·6173·6b73·0a20·2073·6574·5f66·6163·743a··asks.··set_fact:000a0cd0:·6173·6b73·0a20·2073·6574·5f66·6163·743a··asks.··set_fact:
000a0ce0:·0a20·2020·2061·7564·6974·5f61·7263·683a··.····audit_arch:000a0ce0:·0a20·2020·2061·7564·6974·5f61·7263·683a··.····audit_arch:
000a0cf0:·2062·3634·0a20·2077·6865·6e3a·0a20·202d···b64.··when:.··-000a0cf0:·2062·3634·0a20·2077·6865·6e3a·0a20·202d···b64.··when:.··-
000a0d00:·2027·2261·7564·6974·6422·2069·6e20·616e···'"auditd"·in·an 
000a0d10:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack 
000a0d20:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl 
000a0d30:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization 
000a0d40:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d 
000a0d50:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·" 
000a0d60:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman 
000a0d70:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].000a0d00:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
 000a0d10:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
 000a0d20:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
 000a0d30:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
 000a0d40:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
 000a0d50:·696e·6572·225d·0a20·202d·2027·2261·7564··iner"].··-·'"aud
 000a0d60:·6974·6422·2069·6e20·616e·7369·626c·655f··itd"·in·ansible_
 000a0d70:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.
000a0d80:·2020·2d20·616e·7369·626c·655f·6172·6368····-·ansible_arch000a0d80:·2020·2d20·616e·7369·626c·655f·6172·6368····-·ansible_arch
000a0d90:·6974·6563·7475·7265·203d·3d20·2261·6172··itecture·==·"aar000a0d90:·6974·6563·7475·7265·203d·3d20·2261·6172··itecture·==·"aar
000a0da0:·6368·3634·2220·6f72·2061·6e73·6962·6c65··ch64"·or·ansible000a0da0:·6368·3634·2220·6f72·2061·6e73·6962·6c65··ch64"·or·ansible
000a0db0:·5f61·7263·6869·7465·6374·7572·6520·3d3d··_architecture·==000a0db0:·5f61·7263·6869·7465·6374·7572·6520·3d3d··_architecture·==
000a0dc0:·2022·7070·6336·3422·206f·7220·616e·7369···"ppc64"·or·ansi000a0dc0:·2022·7070·6336·3422·206f·7220·616e·7369···"ppc64"·or·ansi
000a0dd0:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture000a0dd0:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture
000a0de0:·0a20·2020·203d·3d20·2270·7063·3634·6c65··.····==·"ppc64le000a0de0:·0a20·2020·203d·3d20·2270·7063·3634·6c65··.····==·"ppc64le
Offset 41485, 23 lines modifiedOffset 41485, 23 lines modified
000a20c0:·6572·6d5f·6d6f·640a·2020·2020·2020·6372··erm_mod.······cr000a20c0:·6572·6d5f·6d6f·640a·2020·2020·2020·6372··erm_mod.······cr
000a20d0:·6561·7465·3a20·7472·7565·0a20·2020·2020··eate:·true.·····000a20d0:·6561·7465·3a20·7472·7565·0a20·2020·2020··eate:·true.·····
000a20e0:·206d·6f64·653a·206f·2d72·7778·0a20·2020···mode:·o-rwx.···000a20e0:·206d·6f64·653a·206f·2d72·7778·0a20·2020···mode:·o-rwx.···
000a20f0:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen000a20f0:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen
000a2100:·740a·2020·2020·7768·656e·3a20·7379·7363··t.····when:·sysc000a2100:·740a·2020·2020·7768·656e·3a20·7379·7363··t.····when:·sysc
000a2110:·616c·6c73·5f66·6f75·6e64·207c·206c·656e··alls_found·|·len000a2110:·616c·6c73·5f66·6f75·6e64·207c·206c·656e··alls_found·|·len
000a2120:·6774·6820·3d3d·2030·0a20·2077·6865·6e3a··gth·==·0.··when:000a2120:·6774·6820·3d3d·2030·0a20·2077·6865·6e3a··gth·==·0.··when:
000a2130:·0a20·202d·2027·2261·7564·6974·6422·2069··.··-·'"auditd"·i 
000a2140:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
000a2150:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an 
000a2160:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza 
000a2170:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in 
000a2180:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc 
000a2190:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po 
000a21a0:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe000a2130:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
 000a2140:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
 000a2150:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
 000a2160:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
 000a2170:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
 000a2180:·6f6e·7461·696e·6572·225d·0a20·202d·2027··ontainer"].··-·'
 000a2190:·2261·7564·6974·6422·2069·6e20·616e·7369··"auditd"·in·ansi
 000a21a0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
000a21b0:·7222·5d0a·2020·7461·6773·3a0a·2020·2d20··r"].··tags:.··-·000a21b0:·6573·270a·2020·7461·6773·3a0a·2020·2d20··es'.··tags:.··-·
000a21c0:·434a·4953·2d35·2e34·2e31·2e31·0a20·202d··CJIS-5.4.1.1.··-000a21c0:·434a·4953·2d35·2e34·2e31·2e31·0a20·202d··CJIS-5.4.1.1.··-
000a21d0:·2044·4953·412d·5354·4947·2d55·4254·552d···DISA-STIG-UBTU-000a21d0:·2044·4953·412d·5354·4947·2d55·4254·552d···DISA-STIG-UBTU-
000a21e0:·3230·2d30·3130·3135·320a·2020·2d20·4e49··20-010152.··-·NI000a21e0:·3230·2d30·3130·3135·320a·2020·2d20·4e49··20-010152.··-·NI
000a21f0:·5354·2d38·3030·2d31·3731·2d33·2e31·2e37··ST-800-171-3.1.7000a21f0:·5354·2d38·3030·2d31·3731·2d33·2e31·2e37··ST-800-171-3.1.7
000a2200:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53000a2200:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
000a2210:·2d41·552d·3132·2863·290a·2020·2d20·4e49··-AU-12(c).··-·NI000a2210:·2d41·552d·3132·2863·290a·2020·2d20·4e49··-AU-12(c).··-·NI
000a2220:·5354·2d38·3030·2d35·332d·4155·2d32·2864··ST-800-53-AU-2(d000a2220:·5354·2d38·3030·2d35·332d·4155·2d32·2864··ST-800-53-AU-2(d
Offset 41797, 22 lines modifiedOffset 41797, 22 lines modified
000a3440:·6f64·0a20·2020·2020·2063·7265·6174·653a··od.······create:000a3440:·6f64·0a20·2020·2020·2063·7265·6174·653a··od.······create:
000a3450:·2074·7275·650a·2020·2020·2020·6d6f·6465···true.······mode000a3450:·2074·7275·650a·2020·2020·2020·6d6f·6465···true.······mode
000a3460:·3a20·6f2d·7277·780a·2020·2020·2020·7374··:·o-rwx.······st000a3460:·3a20·6f2d·7277·780a·2020·2020·2020·7374··:·o-rwx.······st
000a3470:·6174·653a·2070·7265·7365·6e74·0a20·2020··ate:·present.···000a3470:·6174·653a·2070·7265·7365·6e74·0a20·2020··ate:·present.···
000a3480:·2077·6865·6e3a·2073·7973·6361·6c6c·735f···when:·syscalls_000a3480:·2077·6865·6e3a·2073·7973·6361·6c6c·735f···when:·syscalls_
000a3490:·666f·756e·6420·7c20·6c65·6e67·7468·203d··found·|·length·=000a3490:·666f·756e·6420·7c20·6c65·6e67·7468·203d··found·|·length·=
000a34a0:·3d20·300a·2020·7768·656e·3a0a·2020·2d20··=·0.··when:.··-·000a34a0:·3d20·300a·2020·7768·656e·3a0a·2020·2d20··=·0.··when:.··-·
000a34b0:·2722·6175·6469·7464·2220·696e·2061·6e73··'"auditd"·in·ans 
000a34c0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa 
000a34d0:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible 
000a34e0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_ 
000a34f0:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do 
000a3500:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o 
000a3510:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman" 
000a3520:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·000a34b0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
 000a34c0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
 000a34d0:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
 000a34e0:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
 000a34f0:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
 000a3500:·6e65·7222·5d0a·2020·2d20·2722·6175·6469··ner"].··-·'"audi
 000a3510:·7464·2220·696e·2061·6e73·6962·6c65·5f66··td"·in·ansible_f
 000a3520:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
000a3530:·202d·2061·7564·6974·5f61·7263·6820·3d3d···-·audit_arch·==000a3530:·202d·2061·7564·6974·5f61·7263·6820·3d3d···-·audit_arch·==
000a3540:·2022·6236·3422·0a20·2074·6167·733a·0a20···"b64".··tags:.·000a3540:·2022·6236·3422·0a20·2074·6167·733a·0a20···"b64".··tags:.·
000a3550:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.000a3550:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.
000a3560:·2020·2d20·4449·5341·2d53·5449·472d·5542····-·DISA-STIG-UB000a3560:·2020·2d20·4449·5341·2d53·5449·472d·5542····-·DISA-STIG-UB
000a3570:·5455·2d32·302d·3031·3031·3532·0a20·202d··TU-20-010152.··-000a3570:·5455·2d32·302d·3031·3031·3532·0a20·202d··TU-20-010152.··-
000a3580:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.000a3580:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.
000a3590:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-800000a3590:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-800
Offset 41846, 26 lines modifiedOffset 41846, 26 lines modified
000a3750:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class000a3750:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
000a3760:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse000a3760:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
000a3770:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i000a3770:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
000a3780:·646d·3132·3637·3922·3e3c·7072·653e·3c63··dm12679"><pre><c000a3780:·646d·3132·3637·3922·3e3c·7072·653e·3c63··dm12679"><pre><c
000a3790:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio000a3790:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio
000a37a0:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·000a37a0:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·
000a37b0:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·000a37b0:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·
000a37c0:·706c·6174·666f·726d·730a·6966·2064·706b··platforms.if·dpk000a37c0:·706c·6174·666f·726d·730a·6966·205b·2021··platforms.if·[·!
000a37d0:·672d·7175·6572·7920·2d2d·7368·6f77·202d··g-query·--show·- 
000a37e0:·2d73·686f·7766·6f72·6d61·743d·2724·7b64··-showformat='${d 
000a37f0:·623a·5374·6174·7573·2d53·7461·7475·737d··b:Status-Status} 
000a3800:·5c6e·2720·2761·7564·6974·6427·2032·2667··\n'·'auditd'·2&g 
000a3810:·743b·2f64·6576·2f6e·756c·6c20·7c20·6772··t;/dev/null·|·gr 
000a3820:·6570·202d·7120·696e·7374·616c·6c65·6420··ep·-q·installed· 
000a3830:·2661·6d70·3b26·616d·703b·205b·2021·202d··&amp;&amp;·[·!·- 
000a3840:·6620·2f2e·646f·636b·6572·656e·7620·5d20··f·/.dockerenv·]·000a37d0:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·
000a3850:·2661·6d70·3b26·616d·703b·205b·2021·202d··&amp;&amp;·[·!·-000a37e0:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!
000a3860:·6620·2f72·756e·2f2e·636f·6e74·6169·6e65··f·/run/.containe000a37f0:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai
 000a3800:·6e65·7265·6e76·205d·2026·616d·703b·2661··nerenv·]·&amp;&a
 000a3810:·6d70·3b20·6470·6b67·2d71·7565·7279·202d··mp;·dpkg-query·-
 000a3820:·2d73·686f·7720·2d2d·7368·6f77·666f·726d··-show·--showform
 000a3830:·6174·3d27·247b·6462·3a53·7461·7475·732d··at='${db:Status-
 000a3840:·5374·6174·7573·7d5c·6e27·2027·6175·6469··Status}\n'·'audi
 000a3850:·7464·2720·3226·6774·3b2f·6465·762f·6e75··td'·2&gt;/dev/nu
 000a3860:·6c6c·207c·2067·7265·7020·2d71·2069·6e73··ll·|·grep·-q·ins
000a3870:·7265·6e76·205d·3b20·7468·656e·0a0a·2320··renv·];·then..#·000a3870:·7461·6c6c·6564·3b20·7468·656e·0a0a·2320··talled;·then..#·
000a3880:·4669·7273·7420·7065·7266·6f72·6d20·7468··First·perform·th000a3880:·4669·7273·7420·7065·7266·6f72·6d20·7468··First·perform·th
000a3890:·6520·7265·6d65·6469·6174·696f·6e20·6f66··e·remediation·of000a3890:·6520·7265·6d65·6469·6174·696f·6e20·6f66··e·remediation·of
000a38a0:·2074·6865·2073·7973·6361·6c6c·2072·756c···the·syscall·rul000a38a0:·2074·6865·2073·7973·6361·6c6c·2072·756c···the·syscall·rul
000a38b0:·650a·2320·5265·7472·6965·7665·2068·6172··e.#·Retrieve·har000a38b0:·650a·2320·5265·7472·6965·7665·2068·6172··e.#·Retrieve·har
000a38c0:·6477·6172·6520·6172·6368·6974·6563·7475··dware·architectu000a38c0:·6477·6172·6520·6172·6368·6974·6563·7475··dware·architectu
000a38d0:·7265·206f·6620·7468·6520·756e·6465·726c··re·of·the·underl000a38d0:·7265·206f·6620·7468·6520·756e·6465·726c··re·of·the·underl
000a38e0:·7969·6e67·2073·7973·7465·6d0a·5b20·2224··ying·system.[·"$000a38e0:·7969·6e67·2073·7973·7465·6d0a·5b20·2224··ying·system.[·"$
Offset 43663, 22 lines modifiedOffset 43663, 22 lines modified
000aa8e0:·2d20·7265·7374·7269·6374·5f73·7472·6174··-·restrict_strat000aa8e0:·2d20·7265·7374·7269·6374·5f73·7472·6174··-·restrict_strat
000aa8f0:·6567·790a·0a2d·206e·616d·653a·2053·6574··egy..-·name:·Set000aa8f0:·6567·790a·0a2d·206e·616d·653a·2053·6574··egy..-·name:·Set
Max diff block lines reached; 553257/562564 bytes (98.35%) of diff not shown.
159 KB
html2text {}
    
Offset 3414, 16 lines modifiedOffset 3414, 16 lines modified
3414 ··-·reboot_required3414 ··-·reboot_required
3415 ··-·restrict_strategy3415 ··-·restrict_strategy
  
3416 -·name:·Set·architecture·for·audit·chmod·tasks3416 -·name:·Set·architecture·for·audit·chmod·tasks
3417 ··set_fact:3417 ··set_fact:
3418 ····audit_arch:·b643418 ····audit_arch:·b64
3419 ··when:3419 ··when:
3420 ··-·'"auditd"·in·ansible_facts.packages' 
3421 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3420 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3421 ··-·'"auditd"·in·ansible_facts.packages'
3422 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture3422 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
3423 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"3423 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
3424 ··tags:3424 ··tags:
3425 ··-·CJIS-5.4.1.13425 ··-·CJIS-5.4.1.1
3426 ··-·DISA-STIG-UBTU-20-0101523426 ··-·DISA-STIG-UBTU-20-010152
3427 ··-·NIST-800-171-3.1.73427 ··-·NIST-800-171-3.1.7
3428 ··-·NIST-800-53-AU-12(c)3428 ··-·NIST-800-53-AU-12(c)
Offset 3560, 16 lines modifiedOffset 3560, 16 lines modified
3560 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10003560 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
3561 ········-F·auid!=unset·-F·key=perm_mod3561 ········-F·auid!=unset·-F·key=perm_mod
3562 ······create:·true3562 ······create:·true
3563 ······mode:·o-rwx3563 ······mode:·o-rwx
3564 ······state:·present3564 ······state:·present
3565 ····when:·syscalls_found·|·length·==·03565 ····when:·syscalls_found·|·length·==·0
3566 ··when:3566 ··when:
3567 ··-·'"auditd"·in·ansible_facts.packages' 
3568 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3567 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3568 ··-·'"auditd"·in·ansible_facts.packages'
3569 ··tags:3569 ··tags:
3570 ··-·CJIS-5.4.1.13570 ··-·CJIS-5.4.1.1
3571 ··-·DISA-STIG-UBTU-20-0101523571 ··-·DISA-STIG-UBTU-20-010152
3572 ··-·NIST-800-171-3.1.73572 ··-·NIST-800-171-3.1.7
3573 ··-·NIST-800-53-AU-12(c)3573 ··-·NIST-800-53-AU-12(c)
3574 ··-·NIST-800-53-AU-2(d)3574 ··-·NIST-800-53-AU-2(d)
3575 ··-·NIST-800-53-CM-6(a)3575 ··-·NIST-800-53-CM-6(a)
Offset 3704, 16 lines modifiedOffset 3704, 16 lines modified
3704 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10003704 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
3705 ········-F·auid!=unset·-F·key=perm_mod3705 ········-F·auid!=unset·-F·key=perm_mod
3706 ······create:·true3706 ······create:·true
3707 ······mode:·o-rwx3707 ······mode:·o-rwx
3708 ······state:·present3708 ······state:·present
3709 ····when:·syscalls_found·|·length·==·03709 ····when:·syscalls_found·|·length·==·0
3710 ··when:3710 ··when:
3711 ··-·'"auditd"·in·ansible_facts.packages' 
3712 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3711 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3712 ··-·'"auditd"·in·ansible_facts.packages'
3713 ··-·audit_arch·==·"b64"3713 ··-·audit_arch·==·"b64"
3714 ··tags:3714 ··tags:
3715 ··-·CJIS-5.4.1.13715 ··-·CJIS-5.4.1.1
3716 ··-·DISA-STIG-UBTU-20-0101523716 ··-·DISA-STIG-UBTU-20-010152
3717 ··-·NIST-800-171-3.1.73717 ··-·NIST-800-171-3.1.7
3718 ··-·NIST-800-53-AU-12(c)3718 ··-·NIST-800-53-AU-12(c)
3719 ··-·NIST-800-53-AU-2(d)3719 ··-·NIST-800-53-AU-2(d)
Offset 3723, 16 lines modifiedOffset 3723, 16 lines modified
3723 ··-·low_complexity3723 ··-·low_complexity
3724 ··-·low_disruption3724 ··-·low_disruption
3725 ··-·medium_severity3725 ··-·medium_severity
3726 ··-·reboot_required3726 ··-·reboot_required
3727 ··-·restrict_strategy3727 ··-·restrict_strategy
3728 Remediation_Shell_script_⇲3728 Remediation_Shell_script_⇲
3729 #·Remediation·is·applicable·only·in·certain·platforms3729 #·Remediation·is·applicable·only·in·certain·platforms
3730 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'auditd'·2>/dev/null·|·grep·-q·installed·&&·[·!·- 
3731 f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then3730 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·dpkg-query·--show·--showformat='${db:Status-
 3731 Status}\n'·'auditd'·2>/dev/null·|·grep·-q·installed;·then
  
3732 #·First·perform·the·remediation·of·the·syscall·rule3732 #·First·perform·the·remediation·of·the·syscall·rule
3733 #·Retrieve·hardware·architecture·of·the·underlying·system3733 #·Retrieve·hardware·architecture·of·the·underlying·system
3734 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")3734 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
3735 for·ARCH·in·"${RULE_ARCHS[@]}"3735 for·ARCH·in·"${RULE_ARCHS[@]}"
3736 do3736 do
Offset 4124, 16 lines modifiedOffset 4124, 16 lines modified
4124 ··-·reboot_required4124 ··-·reboot_required
4125 ··-·restrict_strategy4125 ··-·restrict_strategy
  
4126 -·name:·Set·architecture·for·audit·chown·tasks4126 -·name:·Set·architecture·for·audit·chown·tasks
4127 ··set_fact:4127 ··set_fact:
4128 ····audit_arch:·b644128 ····audit_arch:·b64
4129 ··when:4129 ··when:
4130 ··-·'"auditd"·in·ansible_facts.packages' 
4131 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4130 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4131 ··-·'"auditd"·in·ansible_facts.packages'
4132 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture4132 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
4133 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"4133 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
4134 ··tags:4134 ··tags:
4135 ··-·CJIS-5.4.1.14135 ··-·CJIS-5.4.1.1
4136 ··-·DISA-STIG-UBTU-20-0101484136 ··-·DISA-STIG-UBTU-20-010148
4137 ··-·NIST-800-171-3.1.74137 ··-·NIST-800-171-3.1.7
4138 ··-·NIST-800-53-AU-12(c)4138 ··-·NIST-800-53-AU-12(c)
Offset 4272, 16 lines modifiedOffset 4272, 16 lines modified
4272 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10004272 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
4273 ········-F·auid!=unset·-F·key=perm_mod4273 ········-F·auid!=unset·-F·key=perm_mod
4274 ······create:·true4274 ······create:·true
4275 ······mode:·o-rwx4275 ······mode:·o-rwx
4276 ······state:·present4276 ······state:·present
4277 ····when:·syscalls_found·|·length·==·04277 ····when:·syscalls_found·|·length·==·0
4278 ··when:4278 ··when:
4279 ··-·'"auditd"·in·ansible_facts.packages' 
4280 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4279 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4280 ··-·'"auditd"·in·ansible_facts.packages'
4281 ··tags:4281 ··tags:
4282 ··-·CJIS-5.4.1.14282 ··-·CJIS-5.4.1.1
4283 ··-·DISA-STIG-UBTU-20-0101484283 ··-·DISA-STIG-UBTU-20-010148
4284 ··-·NIST-800-171-3.1.74284 ··-·NIST-800-171-3.1.7
4285 ··-·NIST-800-53-AU-12(c)4285 ··-·NIST-800-53-AU-12(c)
4286 ··-·NIST-800-53-AU-2(d)4286 ··-·NIST-800-53-AU-2(d)
4287 ··-·NIST-800-53-CM-6(a)4287 ··-·NIST-800-53-CM-6(a)
Offset 4418, 16 lines modifiedOffset 4418, 16 lines modified
4418 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10004418 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
4419 ········-F·auid!=unset·-F·key=perm_mod4419 ········-F·auid!=unset·-F·key=perm_mod
4420 ······create:·true4420 ······create:·true
4421 ······mode:·o-rwx4421 ······mode:·o-rwx
4422 ······state:·present4422 ······state:·present
4423 ····when:·syscalls_found·|·length·==·04423 ····when:·syscalls_found·|·length·==·0
4424 ··when:4424 ··when:
4425 ··-·'"auditd"·in·ansible_facts.packages' 
4426 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4425 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4426 ··-·'"auditd"·in·ansible_facts.packages'
4427 ··-·audit_arch·==·"b64"4427 ··-·audit_arch·==·"b64"
4428 ··tags:4428 ··tags:
4429 ··-·CJIS-5.4.1.14429 ··-·CJIS-5.4.1.1
4430 ··-·DISA-STIG-UBTU-20-0101484430 ··-·DISA-STIG-UBTU-20-010148
4431 ··-·NIST-800-171-3.1.74431 ··-·NIST-800-171-3.1.7
4432 ··-·NIST-800-53-AU-12(c)4432 ··-·NIST-800-53-AU-12(c)
4433 ··-·NIST-800-53-AU-2(d)4433 ··-·NIST-800-53-AU-2(d)
Offset 4437, 16 lines modifiedOffset 4437, 16 lines modified
4437 ··-·low_complexity4437 ··-·low_complexity
Max diff block lines reached; 157987/162445 bytes (97.26%) of diff not shown.
707 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu2004-guide-cis_level2_workstation.html
    
Offset 42730, 23 lines modifiedOffset 42730, 23 lines modified
000a6e90:·7569·7265·640a·2020·2d20·7265·7374·7269··uired.··-·restri000a6e90:·7569·7265·640a·2020·2d20·7265·7374·7269··uired.··-·restri
000a6ea0:·6374·5f73·7472·6174·6567·790a·0a2d·206e··ct_strategy..-·n000a6ea0:·6374·5f73·7472·6174·6567·790a·0a2d·206e··ct_strategy..-·n
000a6eb0:·616d·653a·2053·6574·2061·7263·6869·7465··ame:·Set·archite000a6eb0:·616d·653a·2053·6574·2061·7263·6869·7465··ame:·Set·archite
000a6ec0:·6374·7572·6520·666f·7220·6175·6469·7420··cture·for·audit·000a6ec0:·6374·7572·6520·666f·7220·6175·6469·7420··cture·for·audit·
000a6ed0:·6368·6d6f·6420·7461·736b·730a·2020·7365··chmod·tasks.··se000a6ed0:·6368·6d6f·6420·7461·736b·730a·2020·7365··chmod·tasks.··se
000a6ee0:·745f·6661·6374·3a0a·2020·2020·6175·6469··t_fact:.····audi000a6ee0:·745f·6661·6374·3a0a·2020·2020·6175·6469··t_fact:.····audi
000a6ef0:·745f·6172·6368·3a20·6236·340a·2020·7768··t_arch:·b64.··wh000a6ef0:·745f·6172·6368·3a20·6236·340a·2020·7768··t_arch:·b64.··wh
000a6f00:·656e·3a0a·2020·2d20·2722·6175·6469·7464··en:.··-·'"auditd 
000a6f10:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
000a6f20:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··- 
000a6f30:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual 
000a6f40:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not 
000a6f50:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·" 
000a6f60:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",· 
000a6f70:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta000a6f00:·656e·3a0a·2020·2d20·616e·7369·626c·655f··en:.··-·ansible_
 000a6f10:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
 000a6f20:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
 000a6f30:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
 000a6f40:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
 000a6f50:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
 000a6f60:·2d20·2722·6175·6469·7464·2220·696e·2061··-·'"auditd"·in·a
 000a6f70:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
000a6f80:·696e·6572·225d·0a20·202d·2061·6e73·6962··iner"].··-·ansib000a6f80:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib
000a6f90:·6c65·5f61·7263·6869·7465·6374·7572·6520··le_architecture·000a6f90:·6c65·5f61·7263·6869·7465·6374·7572·6520··le_architecture·
000a6fa0:·3d3d·2022·6161·7263·6836·3422·206f·7220··==·"aarch64"·or·000a6fa0:·3d3d·2022·6161·7263·6836·3422·206f·7220··==·"aarch64"·or·
000a6fb0:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec000a6fb0:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec
000a6fc0:·7475·7265·203d·3d20·2270·7063·3634·2220··ture·==·"ppc64"·000a6fc0:·7475·7265·203d·3d20·2270·7063·3634·2220··ture·==·"ppc64"·
000a6fd0:·6f72·2061·6e73·6962·6c65·5f61·7263·6869··or·ansible_archi000a6fd0:·6f72·2061·6e73·6962·6c65·5f61·7263·6869··or·ansible_archi
000a6fe0:·7465·6374·7572·650a·2020·2020·3d3d·2022··tecture.····==·"000a6fe0:·7465·6374·7572·650a·2020·2020·3d3d·2022··tecture.····==·"
000a6ff0:·7070·6336·346c·6522·206f·7220·616e·7369··ppc64le"·or·ansi000a6ff0:·7070·6336·346c·6522·206f·7220·616e·7369··ppc64le"·or·ansi
Offset 43053, 23 lines modifiedOffset 43053, 23 lines modified
000a82c0:·4620·6b65·793d·7065·726d·5f6d·6f64·0a20··F·key=perm_mod.·000a82c0:·4620·6b65·793d·7065·726d·5f6d·6f64·0a20··F·key=perm_mod.·
000a82d0:·2020·2020·2063·7265·6174·653a·2074·7275·······create:·tru000a82d0:·2020·2020·2063·7265·6174·653a·2074·7275·······create:·tru
000a82e0:·650a·2020·2020·2020·6d6f·6465·3a20·6f2d··e.······mode:·o-000a82e0:·650a·2020·2020·2020·6d6f·6465·3a20·6f2d··e.······mode:·o-
000a82f0:·7277·780a·2020·2020·2020·7374·6174·653a··rwx.······state:000a82f0:·7277·780a·2020·2020·2020·7374·6174·653a··rwx.······state:
000a8300:·2070·7265·7365·6e74·0a20·2020·2077·6865···present.····whe000a8300:·2070·7265·7365·6e74·0a20·2020·2077·6865···present.····whe
000a8310:·6e3a·2073·7973·6361·6c6c·735f·666f·756e··n:·syscalls_foun000a8310:·6e3a·2073·7973·6361·6c6c·735f·666f·756e··n:·syscalls_foun
000a8320:·6420·7c20·6c65·6e67·7468·203d·3d20·300a··d·|·length·==·0.000a8320:·6420·7c20·6c65·6e67·7468·203d·3d20·300a··d·|·length·==·0.
000a8330:·2020·7768·656e·3a0a·2020·2d20·2722·6175····when:.··-·'"au000a8330:·2020·7768·656e·3a0a·2020·2d20·616e·7369····when:.··-·ansi
000a8340:·6469·7464·2220·696e·2061·6e73·6962·6c65··ditd"·in·ansible 
000a8350:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages' 
000a8360:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir 
000a8370:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type 
000a8380:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker 
000a8390:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv 
000a83a0:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c 
000a83b0:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag000a8340:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
 000a8350:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
 000a8360:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
 000a8370:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
 000a8380:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
 000a8390:·5d0a·2020·2d20·2722·6175·6469·7464·2220··].··-·'"auditd"·
 000a83a0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 000a83b0:·2e70·6163·6b61·6765·7327·0a20·2074·6167··.packages'.··tag
000a83c0:·733a·0a20·202d·2043·4a49·532d·352e·342e··s:.··-·CJIS-5.4.000a83c0:·733a·0a20·202d·2043·4a49·532d·352e·342e··s:.··-·CJIS-5.4.
000a83d0:·312e·310a·2020·2d20·4449·5341·2d53·5449··1.1.··-·DISA-STI000a83d0:·312e·310a·2020·2d20·4449·5341·2d53·5449··1.1.··-·DISA-STI
000a83e0:·472d·5542·5455·2d32·302d·3031·3031·3532··G-UBTU-20-010152000a83e0:·472d·5542·5455·2d32·302d·3031·3031·3532··G-UBTU-20-010152
000a83f0:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17000a83f0:·0a20·202d·204e·4953·542d·3830·302d·3137··.··-·NIST-800-17
000a8400:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST000a8400:·312d·332e·312e·370a·2020·2d20·4e49·5354··1-3.1.7.··-·NIST
000a8410:·2d38·3030·2d35·332d·4155·2d31·3228·6329··-800-53-AU-12(c)000a8410:·2d38·3030·2d35·332d·4155·2d31·3228·6329··-800-53-AU-12(c)
000a8420:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53000a8420:·0a20·202d·204e·4953·542d·3830·302d·3533··.··-·NIST-800-53
Offset 43365, 23 lines modifiedOffset 43365, 23 lines modified
000a9640:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······000a9640:·3d70·6572·6d5f·6d6f·640a·2020·2020·2020··=perm_mod.······
000a9650:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···000a9650:·6372·6561·7465·3a20·7472·7565·0a20·2020··create:·true.···
000a9660:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·000a9660:·2020·206d·6f64·653a·206f·2d72·7778·0a20·····mode:·o-rwx.·
000a9670:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres000a9670:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres
000a9680:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy000a9680:·656e·740a·2020·2020·7768·656e·3a20·7379··ent.····when:·sy
000a9690:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l000a9690:·7363·616c·6c73·5f66·6f75·6e64·207c·206c··scalls_found·|·l
000a96a0:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe000a96a0:·656e·6774·6820·3d3d·2030·0a20·2077·6865··ength·==·0.··whe
000a96b0:·6e3a·0a20·202d·2027·2261·7564·6974·6422··n:.··-·'"auditd" 
000a96c0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
000a96d0:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-· 
000a96e0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali 
000a96f0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not· 
000a9700:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l 
000a9710:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·" 
000a9720:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai000a96b0:·6e3a·0a20·202d·2061·6e73·6962·6c65·5f76··n:.··-·ansible_v
 000a96c0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
 000a96d0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
 000a96e0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
 000a96f0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
 000a9700:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··-
 000a9710:·2027·2261·7564·6974·6422·2069·6e20·616e···'"auditd"·in·an
 000a9720:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
000a9730:·6e65·7222·5d0a·2020·2d20·6175·6469·745f··ner"].··-·audit_000a9730:·6167·6573·270a·2020·2d20·6175·6469·745f··ages'.··-·audit_
000a9740:·6172·6368·203d·3d20·2262·3634·220a·2020··arch·==·"b64".··000a9740:·6172·6368·203d·3d20·2262·3634·220a·2020··arch·==·"b64".··
000a9750:·7461·6773·3a0a·2020·2d20·434a·4953·2d35··tags:.··-·CJIS-5000a9750:·7461·6773·3a0a·2020·2d20·434a·4953·2d35··tags:.··-·CJIS-5
000a9760:·2e34·2e31·2e31·0a20·202d·2044·4953·412d··.4.1.1.··-·DISA-000a9760:·2e34·2e31·2e31·0a20·202d·2044·4953·412d··.4.1.1.··-·DISA-
000a9770:·5354·4947·2d55·4254·552d·3230·2d30·3130··STIG-UBTU-20-010000a9770:·5354·4947·2d55·4254·552d·3230·2d30·3130··STIG-UBTU-20-010
000a9780:·3135·320a·2020·2d20·4e49·5354·2d38·3030··152.··-·NIST-800000a9780:·3135·320a·2020·2d20·4e49·5354·2d38·3030··152.··-·NIST-800
000a9790:·2d31·3731·2d33·2e31·2e37·0a20·202d·204e··-171-3.1.7.··-·N000a9790:·2d31·3731·2d33·2e31·2e37·0a20·202d·204e··-171-3.1.7.··-·N
000a97a0:·4953·542d·3830·302d·3533·2d41·552d·3132··IST-800-53-AU-12000a97a0:·4953·542d·3830·302d·3533·2d41·552d·3132··IST-800-53-AU-12
Offset 43415, 25 lines modifiedOffset 43415, 25 lines modified
000a9960:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c000a9960:·7620·636c·6173·733d·2270·616e·656c·2d63··v·class="panel-c
000a9970:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse000a9970:·6f6c·6c61·7073·6520·636f·6c6c·6170·7365··ollapse·collapse
000a9980:·2220·6964·3d22·6964·6d31·3236·3739·223e··"·id="idm12679">000a9980:·2220·6964·3d22·6964·6d31·3236·3739·223e··"·id="idm12679">
000a9990:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem000a9990:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem
000a99a0:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl000a99a0:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl
000a99b0:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c000a99b0:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c
000a99c0:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms000a99c0:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms
000a99d0:·0a69·6620·6470·6b67·2d71·7565·7279·202d··.if·dpkg-query·- 
000a99e0:·2d73·686f·7720·2d2d·7368·6f77·666f·726d··-show·--showform 
000a99f0:·6174·3d27·247b·6462·3a53·7461·7475·732d··at='${db:Status- 
000a9a00:·5374·6174·7573·7d5c·6e27·2027·6175·6469··Status}\n'·'audi 
000a9a10:·7464·2720·3226·6774·3b2f·6465·762f·6e75··td'·2&gt;/dev/nu 
000a9a20:·6c6c·207c·2067·7265·7020·2d71·2069·6e73··ll·|·grep·-q·ins 
000a9a30:·7461·6c6c·6564·2026·616d·703b·2661·6d70··talled·&amp;&amp 
000a9a40:·3b20·5b20·2120·2d66·202f·2e64·6f63·6b65··;·[·!·-f·/.docke000a99d0:·0a69·6620·5b20·2120·2d66·202f·2e64·6f63··.if·[·!·-f·/.doc
000a9a50:·7265·6e76·205d·2026·616d·703b·2661·6d70··renv·]·&amp;&amp000a99e0:·6b65·7265·6e76·205d·2026·616d·703b·2661··kerenv·]·&amp;&a
000a9a60:·3b20·5b20·2120·2d66·202f·7275·6e2f·2e63··;·[·!·-f·/run/.c000a99f0:·6d70·3b20·5b20·2120·2d66·202f·7275·6e2f··mp;·[·!·-f·/run/
000a9a70:·6f6e·7461·696e·6572·656e·7620·5d3b·2074··ontainerenv·];·t000a9a00:·2e63·6f6e·7461·696e·6572·656e·7620·5d20··.containerenv·]·
 000a9a10:·2661·6d70·3b26·616d·703b·2064·706b·672d··&amp;&amp;·dpkg-
 000a9a20:·7175·6572·7920·2d2d·7368·6f77·202d·2d73··query·--show·--s
 000a9a30:·686f·7766·6f72·6d61·743d·2724·7b64·623a··howformat='${db:
 000a9a40:·5374·6174·7573·2d53·7461·7475·737d·5c6e··Status-Status}\n
 000a9a50:·2720·2761·7564·6974·6427·2032·2667·743b··'·'auditd'·2&gt;
 000a9a60:·2f64·6576·2f6e·756c·6c20·7c20·6772·6570··/dev/null·|·grep
 000a9a70:·202d·7120·696e·7374·616c·6c65·643b·2074···-q·installed;·t
000a9a80:·6865·6e0a·0a23·2046·6972·7374·2070·6572··hen..#·First·per000a9a80:·6865·6e0a·0a23·2046·6972·7374·2070·6572··hen..#·First·per
000a9a90:·666f·726d·2074·6865·2072·656d·6564·6961··form·the·remedia000a9a90:·666f·726d·2074·6865·2072·656d·6564·6961··form·the·remedia
000a9aa0:·7469·6f6e·206f·6620·7468·6520·7379·7363··tion·of·the·sysc000a9aa0:·7469·6f6e·206f·6620·7468·6520·7379·7363··tion·of·the·sysc
000a9ab0:·616c·6c20·7275·6c65·0a23·2052·6574·7269··all·rule.#·Retri000a9ab0:·616c·6c20·7275·6c65·0a23·2052·6574·7269··all·rule.#·Retri
000a9ac0:·6576·6520·6861·7264·7761·7265·2061·7263··eve·hardware·arc000a9ac0:·6576·6520·6861·7264·7761·7265·2061·7263··eve·hardware·arc
000a9ad0:·6869·7465·6374·7572·6520·6f66·2074·6865··hitecture·of·the000a9ad0:·6869·7465·6374·7572·6520·6f66·2074·6865··hitecture·of·the
000a9ae0:·2075·6e64·6572·6c79·696e·6720·7379·7374···underlying·syst000a9ae0:·2075·6e64·6572·6c79·696e·6720·7379·7374···underlying·syst
Offset 45231, 23 lines modifiedOffset 45231, 23 lines modified
000b0ae0:·6972·6564·0a20·202d·2072·6573·7472·6963··ired.··-·restric000b0ae0:·6972·6564·0a20·202d·2072·6573·7472·6963··ired.··-·restric
Max diff block lines reached; 551670/561046 bytes (98.33%) of diff not shown.
159 KB
html2text {}
    
Offset 3651, 16 lines modifiedOffset 3651, 16 lines modified
3651 ··-·reboot_required3651 ··-·reboot_required
3652 ··-·restrict_strategy3652 ··-·restrict_strategy
  
3653 -·name:·Set·architecture·for·audit·chmod·tasks3653 -·name:·Set·architecture·for·audit·chmod·tasks
3654 ··set_fact:3654 ··set_fact:
3655 ····audit_arch:·b643655 ····audit_arch:·b64
3656 ··when:3656 ··when:
3657 ··-·'"auditd"·in·ansible_facts.packages' 
3658 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3657 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3658 ··-·'"auditd"·in·ansible_facts.packages'
3659 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture3659 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
3660 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"3660 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
3661 ··tags:3661 ··tags:
3662 ··-·CJIS-5.4.1.13662 ··-·CJIS-5.4.1.1
3663 ··-·DISA-STIG-UBTU-20-0101523663 ··-·DISA-STIG-UBTU-20-010152
3664 ··-·NIST-800-171-3.1.73664 ··-·NIST-800-171-3.1.7
3665 ··-·NIST-800-53-AU-12(c)3665 ··-·NIST-800-53-AU-12(c)
Offset 3797, 16 lines modifiedOffset 3797, 16 lines modified
3797 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10003797 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
3798 ········-F·auid!=unset·-F·key=perm_mod3798 ········-F·auid!=unset·-F·key=perm_mod
3799 ······create:·true3799 ······create:·true
3800 ······mode:·o-rwx3800 ······mode:·o-rwx
3801 ······state:·present3801 ······state:·present
3802 ····when:·syscalls_found·|·length·==·03802 ····when:·syscalls_found·|·length·==·0
3803 ··when:3803 ··when:
3804 ··-·'"auditd"·in·ansible_facts.packages' 
3805 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3804 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3805 ··-·'"auditd"·in·ansible_facts.packages'
3806 ··tags:3806 ··tags:
3807 ··-·CJIS-5.4.1.13807 ··-·CJIS-5.4.1.1
3808 ··-·DISA-STIG-UBTU-20-0101523808 ··-·DISA-STIG-UBTU-20-010152
3809 ··-·NIST-800-171-3.1.73809 ··-·NIST-800-171-3.1.7
3810 ··-·NIST-800-53-AU-12(c)3810 ··-·NIST-800-53-AU-12(c)
3811 ··-·NIST-800-53-AU-2(d)3811 ··-·NIST-800-53-AU-2(d)
3812 ··-·NIST-800-53-CM-6(a)3812 ··-·NIST-800-53-CM-6(a)
Offset 3941, 16 lines modifiedOffset 3941, 16 lines modified
3941 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10003941 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
3942 ········-F·auid!=unset·-F·key=perm_mod3942 ········-F·auid!=unset·-F·key=perm_mod
3943 ······create:·true3943 ······create:·true
3944 ······mode:·o-rwx3944 ······mode:·o-rwx
3945 ······state:·present3945 ······state:·present
3946 ····when:·syscalls_found·|·length·==·03946 ····when:·syscalls_found·|·length·==·0
3947 ··when:3947 ··when:
3948 ··-·'"auditd"·in·ansible_facts.packages' 
3949 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3948 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3949 ··-·'"auditd"·in·ansible_facts.packages'
3950 ··-·audit_arch·==·"b64"3950 ··-·audit_arch·==·"b64"
3951 ··tags:3951 ··tags:
3952 ··-·CJIS-5.4.1.13952 ··-·CJIS-5.4.1.1
3953 ··-·DISA-STIG-UBTU-20-0101523953 ··-·DISA-STIG-UBTU-20-010152
3954 ··-·NIST-800-171-3.1.73954 ··-·NIST-800-171-3.1.7
3955 ··-·NIST-800-53-AU-12(c)3955 ··-·NIST-800-53-AU-12(c)
3956 ··-·NIST-800-53-AU-2(d)3956 ··-·NIST-800-53-AU-2(d)
Offset 3960, 16 lines modifiedOffset 3960, 16 lines modified
3960 ··-·low_complexity3960 ··-·low_complexity
3961 ··-·low_disruption3961 ··-·low_disruption
3962 ··-·medium_severity3962 ··-·medium_severity
3963 ··-·reboot_required3963 ··-·reboot_required
3964 ··-·restrict_strategy3964 ··-·restrict_strategy
3965 Remediation_Shell_script_⇲3965 Remediation_Shell_script_⇲
3966 #·Remediation·is·applicable·only·in·certain·platforms3966 #·Remediation·is·applicable·only·in·certain·platforms
3967 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'auditd'·2>/dev/null·|·grep·-q·installed·&&·[·!·- 
3968 f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then3967 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·dpkg-query·--show·--showformat='${db:Status-
 3968 Status}\n'·'auditd'·2>/dev/null·|·grep·-q·installed;·then
  
3969 #·First·perform·the·remediation·of·the·syscall·rule3969 #·First·perform·the·remediation·of·the·syscall·rule
3970 #·Retrieve·hardware·architecture·of·the·underlying·system3970 #·Retrieve·hardware·architecture·of·the·underlying·system
3971 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")3971 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
3972 for·ARCH·in·"${RULE_ARCHS[@]}"3972 for·ARCH·in·"${RULE_ARCHS[@]}"
3973 do3973 do
Offset 4361, 16 lines modifiedOffset 4361, 16 lines modified
4361 ··-·reboot_required4361 ··-·reboot_required
4362 ··-·restrict_strategy4362 ··-·restrict_strategy
  
4363 -·name:·Set·architecture·for·audit·chown·tasks4363 -·name:·Set·architecture·for·audit·chown·tasks
4364 ··set_fact:4364 ··set_fact:
4365 ····audit_arch:·b644365 ····audit_arch:·b64
4366 ··when:4366 ··when:
4367 ··-·'"auditd"·in·ansible_facts.packages' 
4368 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4367 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4368 ··-·'"auditd"·in·ansible_facts.packages'
4369 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture4369 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
4370 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"4370 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
4371 ··tags:4371 ··tags:
4372 ··-·CJIS-5.4.1.14372 ··-·CJIS-5.4.1.1
4373 ··-·DISA-STIG-UBTU-20-0101484373 ··-·DISA-STIG-UBTU-20-010148
4374 ··-·NIST-800-171-3.1.74374 ··-·NIST-800-171-3.1.7
4375 ··-·NIST-800-53-AU-12(c)4375 ··-·NIST-800-53-AU-12(c)
Offset 4509, 16 lines modifiedOffset 4509, 16 lines modified
4509 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10004509 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
4510 ········-F·auid!=unset·-F·key=perm_mod4510 ········-F·auid!=unset·-F·key=perm_mod
4511 ······create:·true4511 ······create:·true
4512 ······mode:·o-rwx4512 ······mode:·o-rwx
4513 ······state:·present4513 ······state:·present
4514 ····when:·syscalls_found·|·length·==·04514 ····when:·syscalls_found·|·length·==·0
4515 ··when:4515 ··when:
4516 ··-·'"auditd"·in·ansible_facts.packages' 
4517 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4516 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4517 ··-·'"auditd"·in·ansible_facts.packages'
4518 ··tags:4518 ··tags:
4519 ··-·CJIS-5.4.1.14519 ··-·CJIS-5.4.1.1
4520 ··-·DISA-STIG-UBTU-20-0101484520 ··-·DISA-STIG-UBTU-20-010148
4521 ··-·NIST-800-171-3.1.74521 ··-·NIST-800-171-3.1.7
4522 ··-·NIST-800-53-AU-12(c)4522 ··-·NIST-800-53-AU-12(c)
4523 ··-·NIST-800-53-AU-2(d)4523 ··-·NIST-800-53-AU-2(d)
4524 ··-·NIST-800-53-CM-6(a)4524 ··-·NIST-800-53-CM-6(a)
Offset 4655, 16 lines modifiedOffset 4655, 16 lines modified
4655 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10004655 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
4656 ········-F·auid!=unset·-F·key=perm_mod4656 ········-F·auid!=unset·-F·key=perm_mod
4657 ······create:·true4657 ······create:·true
4658 ······mode:·o-rwx4658 ······mode:·o-rwx
4659 ······state:·present4659 ······state:·present
4660 ····when:·syscalls_found·|·length·==·04660 ····when:·syscalls_found·|·length·==·0
4661 ··when:4661 ··when:
4662 ··-·'"auditd"·in·ansible_facts.packages' 
4663 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4662 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4663 ··-·'"auditd"·in·ansible_facts.packages'
4664 ··-·audit_arch·==·"b64"4664 ··-·audit_arch·==·"b64"
4665 ··tags:4665 ··tags:
4666 ··-·CJIS-5.4.1.14666 ··-·CJIS-5.4.1.1
4667 ··-·DISA-STIG-UBTU-20-0101484667 ··-·DISA-STIG-UBTU-20-010148
4668 ··-·NIST-800-171-3.1.74668 ··-·NIST-800-171-3.1.7
4669 ··-·NIST-800-53-AU-12(c)4669 ··-·NIST-800-53-AU-12(c)
4670 ··-·NIST-800-53-AU-2(d)4670 ··-·NIST-800-53-AU-2(d)
Offset 4674, 16 lines modifiedOffset 4674, 16 lines modified
4674 ··-·low_complexity4674 ··-·low_complexity
Max diff block lines reached; 157987/162445 bytes (97.26%) of diff not shown.
729 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu2004-guide-stig.html
    
Offset 43035, 23 lines modifiedOffset 43035, 23 lines modified
000a81a0:·640a·2020·2d20·7265·7374·7269·6374·5f73··d.··-·restrict_s000a81a0:·640a·2020·2d20·7265·7374·7269·6374·5f73··d.··-·restrict_s
000a81b0:·7472·6174·6567·790a·0a2d·206e·616d·653a··trategy..-·name:000a81b0:·7472·6174·6567·790a·0a2d·206e·616d·653a··trategy..-·name:
000a81c0:·2053·6574·2061·7263·6869·7465·6374·7572···Set·architectur000a81c0:·2053·6574·2061·7263·6869·7465·6374·7572···Set·architectur
000a81d0:·6520·666f·7220·6175·6469·7420·6368·6d6f··e·for·audit·chmo000a81d0:·6520·666f·7220·6175·6469·7420·6368·6d6f··e·for·audit·chmo
000a81e0:·6420·7461·736b·730a·2020·7365·745f·6661··d·tasks.··set_fa000a81e0:·6420·7461·736b·730a·2020·7365·745f·6661··d·tasks.··set_fa
000a81f0:·6374·3a0a·2020·2020·6175·6469·745f·6172··ct:.····audit_ar000a81f0:·6374·3a0a·2020·2020·6175·6469·745f·6172··ct:.····audit_ar
000a8200:·6368·3a20·6236·340a·2020·7768·656e·3a0a··ch:·b64.··when:.000a8200:·6368·3a20·6236·340a·2020·7768·656e·3a0a··ch:·b64.··when:.
000a8210:·2020·2d20·2722·6175·6469·7464·2220·696e····-·'"auditd"·in 
000a8220:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
000a8230:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans 
000a8240:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat 
000a8250:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in· 
000a8260:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc" 
000a8270:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod 
000a8280:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container000a8210:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt
 000a8220:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type·
 000a8230:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker"
 000a8240:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz
 000a8250:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co
 000a8260:·6e74·6169·6e65·7222·5d0a·2020·2d20·2722··ntainer"].··-·'"
 000a8270:·6175·6469·7464·2220·696e·2061·6e73·6962··auditd"·in·ansib
 000a8280:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
000a8290:·225d·0a20·202d·2061·6e73·6962·6c65·5f61··"].··-·ansible_a000a8290:·7327·0a20·202d·2061·6e73·6962·6c65·5f61··s'.··-·ansible_a
000a82a0:·7263·6869·7465·6374·7572·6520·3d3d·2022··rchitecture·==·"000a82a0:·7263·6869·7465·6374·7572·6520·3d3d·2022··rchitecture·==·"
000a82b0:·6161·7263·6836·3422·206f·7220·616e·7369··aarch64"·or·ansi000a82b0:·6161·7263·6836·3422·206f·7220·616e·7369··aarch64"·or·ansi
000a82c0:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture000a82c0:·626c·655f·6172·6368·6974·6563·7475·7265··ble_architecture
000a82d0:·203d·3d20·2270·7063·3634·2220·6f72·2061···==·"ppc64"·or·a000a82d0:·203d·3d20·2270·7063·3634·2220·6f72·2061···==·"ppc64"·or·a
000a82e0:·6e73·6962·6c65·5f61·7263·6869·7465·6374··nsible_architect000a82e0:·6e73·6962·6c65·5f61·7263·6869·7465·6374··nsible_architect
000a82f0:·7572·650a·2020·2020·3d3d·2022·7070·6336··ure.····==·"ppc6000a82f0:·7572·650a·2020·2020·3d3d·2022·7070·6336··ure.····==·"ppc6
000a8300:·346c·6522·206f·7220·616e·7369·626c·655f··4le"·or·ansible_000a8300:·346c·6522·206f·7220·616e·7369·626c·655f··4le"·or·ansible_
Offset 43358, 23 lines modifiedOffset 43358, 23 lines modified
000a95d0:·793d·7065·726d·5f6d·6f64·0a20·2020·2020··y=perm_mod.·····000a95d0:·793d·7065·726d·5f6d·6f64·0a20·2020·2020··y=perm_mod.·····
000a95e0:·2063·7265·6174·653a·2074·7275·650a·2020···create:·true.··000a95e0:·2063·7265·6174·653a·2074·7275·650a·2020···create:·true.··
000a95f0:·2020·2020·6d6f·6465·3a20·6f2d·7277·780a······mode:·o-rwx.000a95f0:·2020·2020·6d6f·6465·3a20·6f2d·7277·780a······mode:·o-rwx.
000a9600:·2020·2020·2020·7374·6174·653a·2070·7265········state:·pre000a9600:·2020·2020·2020·7374·6174·653a·2070·7265········state:·pre
000a9610:·7365·6e74·0a20·2020·2077·6865·6e3a·2073··sent.····when:·s000a9610:·7365·6e74·0a20·2020·2077·6865·6e3a·2073··sent.····when:·s
000a9620:·7973·6361·6c6c·735f·666f·756e·6420·7c20··yscalls_found·|·000a9620:·7973·6361·6c6c·735f·666f·756e·6420·7c20··yscalls_found·|·
000a9630:·6c65·6e67·7468·203d·3d20·300a·2020·7768··length·==·0.··wh000a9630:·6c65·6e67·7468·203d·3d20·300a·2020·7768··length·==·0.··wh
000a9640:·656e·3a0a·2020·2d20·2722·6175·6469·7464··en:.··-·'"auditd 
000a9650:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
000a9660:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··- 
000a9670:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual 
000a9680:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not 
000a9690:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·" 
000a96a0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",· 
000a96b0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta000a9640:·656e·3a0a·2020·2d20·616e·7369·626c·655f··en:.··-·ansible_
 000a9650:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
 000a9660:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
 000a9670:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
 000a9680:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
 000a9690:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
 000a96a0:·2d20·2722·6175·6469·7464·2220·696e·2061··-·'"auditd"·in·a
 000a96b0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
000a96c0:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·000a96c0:·6b61·6765·7327·0a20·2074·6167·733a·0a20··kages'.··tags:.·
000a96d0:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.000a96d0:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.
000a96e0:·2020·2d20·4449·5341·2d53·5449·472d·5542····-·DISA-STIG-UB000a96e0:·2020·2d20·4449·5341·2d53·5449·472d·5542····-·DISA-STIG-UB
000a96f0:·5455·2d32·302d·3031·3031·3532·0a20·202d··TU-20-010152.··-000a96f0:·5455·2d32·302d·3031·3031·3532·0a20·202d··TU-20-010152.··-
000a9700:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.000a9700:·204e·4953·542d·3830·302d·3137·312d·332e···NIST-800-171-3.
000a9710:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-800000a9710:·312e·370a·2020·2d20·4e49·5354·2d38·3030··1.7.··-·NIST-800
000a9720:·2d35·332d·4155·2d31·3228·6329·0a20·202d··-53-AU-12(c).··-000a9720:·2d35·332d·4155·2d31·3228·6329·0a20·202d··-53-AU-12(c).··-
000a9730:·204e·4953·542d·3830·302d·3533·2d41·552d···NIST-800-53-AU-000a9730:·204e·4953·542d·3830·302d·3533·2d41·552d···NIST-800-53-AU-
Offset 43670, 23 lines modifiedOffset 43670, 23 lines modified
000aa950:·6d5f·6d6f·640a·2020·2020·2020·6372·6561··m_mod.······crea000aa950:·6d5f·6d6f·640a·2020·2020·2020·6372·6561··m_mod.······crea
000aa960:·7465·3a20·7472·7565·0a20·2020·2020·206d··te:·true.······m000aa960:·7465·3a20·7472·7565·0a20·2020·2020·206d··te:·true.······m
000aa970:·6f64·653a·206f·2d72·7778·0a20·2020·2020··ode:·o-rwx.·····000aa970:·6f64·653a·206f·2d72·7778·0a20·2020·2020··ode:·o-rwx.·····
000aa980:·2073·7461·7465·3a20·7072·6573·656e·740a···state:·present.000aa980:·2073·7461·7465·3a20·7072·6573·656e·740a···state:·present.
000aa990:·2020·2020·7768·656e·3a20·7379·7363·616c······when:·syscal000aa990:·2020·2020·7768·656e·3a20·7379·7363·616c······when:·syscal
000aa9a0:·6c73·5f66·6f75·6e64·207c·206c·656e·6774··ls_found·|·lengt000aa9a0:·6c73·5f66·6f75·6e64·207c·206c·656e·6774··ls_found·|·lengt
000aa9b0:·6820·3d3d·2030·0a20·2077·6865·6e3a·0a20··h·==·0.··when:.·000aa9b0:·6820·3d3d·2030·0a20·2077·6865·6e3a·0a20··h·==·0.··when:.·
000aa9c0:·202d·2027·2261·7564·6974·6422·2069·6e20···-·'"auditd"·in· 
000aa9d0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa 
000aa9e0:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi 
000aa9f0:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati 
000aaa00:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[ 
000aaa10:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc", 
000aaa20:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm 
000aaa30:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"000aa9c0:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu
 000aa9d0:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n
 000aa9e0:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",
 000aa9f0:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"
 000aaa00:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con
 000aaa10:·7461·696e·6572·225d·0a20·202d·2027·2261··tainer"].··-·'"a
 000aaa20:·7564·6974·6422·2069·6e20·616e·7369·626c··uditd"·in·ansibl
 000aaa30:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
000aaa40:·5d0a·2020·2d20·6175·6469·745f·6172·6368··].··-·audit_arch000aaa40:·270a·2020·2d20·6175·6469·745f·6172·6368··'.··-·audit_arch
000aaa50:·203d·3d20·2262·3634·220a·2020·7461·6773···==·"b64".··tags000aaa50:·203d·3d20·2262·3634·220a·2020·7461·6773···==·"b64".··tags
000aaa60:·3a0a·2020·2d20·434a·4953·2d35·2e34·2e31··:.··-·CJIS-5.4.1000aaa60:·3a0a·2020·2d20·434a·4953·2d35·2e34·2e31··:.··-·CJIS-5.4.1
000aaa70:·2e31·0a20·202d·2044·4953·412d·5354·4947··.1.··-·DISA-STIG000aaa70:·2e31·0a20·202d·2044·4953·412d·5354·4947··.1.··-·DISA-STIG
000aaa80:·2d55·4254·552d·3230·2d30·3130·3135·320a··-UBTU-20-010152.000aaa80:·2d55·4254·552d·3230·2d30·3130·3135·320a··-UBTU-20-010152.
000aaa90:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-171000aaa90:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-171
000aaaa0:·2d33·2e31·2e37·0a20·202d·204e·4953·542d··-3.1.7.··-·NIST-000aaaa0:·2d33·2e31·2e37·0a20·202d·204e·4953·542d··-3.1.7.··-·NIST-
000aaab0:·3830·302d·3533·2d41·552d·3132·2863·290a··800-53-AU-12(c).000aaab0:·3830·302d·3533·2d41·552d·3132·2863·290a··800-53-AU-12(c).
Offset 43720, 25 lines modifiedOffset 43720, 25 lines modified
000aac70:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla000aac70:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
000aac80:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id000aac80:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
000aac90:·3d22·6964·6d31·3236·3739·223e·3c70·7265··="idm12679"><pre000aac90:·3d22·6964·6d31·3236·3739·223e·3c70·7265··="idm12679"><pre
000aaca0:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia000aaca0:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia
000aacb0:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab000aacb0:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab
000aacc0:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa000aacc0:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa
000aacd0:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·000aacd0:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·
000aace0:·6470·6b67·2d71·7565·7279·202d·2d73·686f··dpkg-query·--sho 
000aacf0:·7720·2d2d·7368·6f77·666f·726d·6174·3d27··w·--showformat=' 
000aad00:·247b·6462·3a53·7461·7475·732d·5374·6174··${db:Status-Stat 
000aad10:·7573·7d5c·6e27·2027·6175·6469·7464·2720··us}\n'·'auditd'· 
000aad20:·3226·6774·3b2f·6465·762f·6e75·6c6c·207c··2&gt;/dev/null·| 
000aad30:·2067·7265·7020·2d71·2069·6e73·7461·6c6c···grep·-q·install 
000aad40:·6564·2026·616d·703b·2661·6d70·3b20·5b20··ed·&amp;&amp;·[· 
000aad50:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv000aace0:·5b20·2120·2d66·202f·2e64·6f63·6b65·7265··[·!·-f·/.dockere
000aad60:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·000aacf0:·6e76·205d·2026·616d·703b·2661·6d70·3b20··nv·]·&amp;&amp;·
000aad70:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta000aad00:·5b20·2120·2d66·202f·7275·6e2f·2e63·6f6e··[·!·-f·/run/.con
000aad80:·696e·6572·656e·7620·5d3b·2074·6865·6e0a··inerenv·];·then.000aad10:·7461·696e·6572·656e·7620·5d20·2661·6d70··tainerenv·]·&amp
 000aad20:·3b26·616d·703b·2064·706b·672d·7175·6572··;&amp;·dpkg-quer
 000aad30:·7920·2d2d·7368·6f77·202d·2d73·686f·7766··y·--show·--showf
 000aad40:·6f72·6d61·743d·2724·7b64·623a·5374·6174··ormat='${db:Stat
 000aad50:·7573·2d53·7461·7475·737d·5c6e·2720·2761··us-Status}\n'·'a
 000aad60:·7564·6974·6427·2032·2667·743b·2f64·6576··uditd'·2&gt;/dev
 000aad70:·2f6e·756c·6c20·7c20·6772·6570·202d·7120··/null·|·grep·-q·
 000aad80:·696e·7374·616c·6c65·643b·2074·6865·6e0a··installed;·then.
000aad90:·0a23·2046·6972·7374·2070·6572·666f·726d··.#·First·perform000aad90:·0a23·2046·6972·7374·2070·6572·666f·726d··.#·First·perform
000aada0:·2074·6865·2072·656d·6564·6961·7469·6f6e···the·remediation000aada0:·2074·6865·2072·656d·6564·6961·7469·6f6e···the·remediation
000aadb0:·206f·6620·7468·6520·7379·7363·616c·6c20···of·the·syscall·000aadb0:·206f·6620·7468·6520·7379·7363·616c·6c20···of·the·syscall·
000aadc0:·7275·6c65·0a23·2052·6574·7269·6576·6520··rule.#·Retrieve·000aadc0:·7275·6c65·0a23·2052·6574·7269·6576·6520··rule.#·Retrieve·
000aadd0:·6861·7264·7761·7265·2061·7263·6869·7465··hardware·archite000aadd0:·6861·7264·7761·7265·2061·7263·6869·7465··hardware·archite
000aade0:·6374·7572·6520·6f66·2074·6865·2075·6e64··cture·of·the·und000aade0:·6374·7572·6520·6f66·2074·6865·2075·6e64··cture·of·the·und
000aadf0:·6572·6c79·696e·6720·7379·7374·656d·0a5b··erlying·system.[000aadf0:·6572·6c79·696e·6720·7379·7374·656d·0a5b··erlying·system.[
Offset 45536, 23 lines modifiedOffset 45536, 23 lines modified
000b1df0:·0a20·202d·2072·6573·7472·6963·745f·7374··.··-·restrict_st000b1df0:·0a20·202d·2072·6573·7472·6963·745f·7374··.··-·restrict_st
Max diff block lines reached; 566388/575764 bytes (98.37%) of diff not shown.
167 KB
html2text {}
    
Offset 3784, 16 lines modifiedOffset 3784, 16 lines modified
3784 ··-·reboot_required3784 ··-·reboot_required
3785 ··-·restrict_strategy3785 ··-·restrict_strategy
  
3786 -·name:·Set·architecture·for·audit·chmod·tasks3786 -·name:·Set·architecture·for·audit·chmod·tasks
3787 ··set_fact:3787 ··set_fact:
3788 ····audit_arch:·b643788 ····audit_arch:·b64
3789 ··when:3789 ··when:
3790 ··-·'"auditd"·in·ansible_facts.packages' 
3791 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3790 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3791 ··-·'"auditd"·in·ansible_facts.packages'
3792 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture3792 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
3793 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"3793 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
3794 ··tags:3794 ··tags:
3795 ··-·CJIS-5.4.1.13795 ··-·CJIS-5.4.1.1
3796 ··-·DISA-STIG-UBTU-20-0101523796 ··-·DISA-STIG-UBTU-20-010152
3797 ··-·NIST-800-171-3.1.73797 ··-·NIST-800-171-3.1.7
3798 ··-·NIST-800-53-AU-12(c)3798 ··-·NIST-800-53-AU-12(c)
Offset 3930, 16 lines modifiedOffset 3930, 16 lines modified
3930 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10003930 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
3931 ········-F·auid!=unset·-F·key=perm_mod3931 ········-F·auid!=unset·-F·key=perm_mod
3932 ······create:·true3932 ······create:·true
3933 ······mode:·o-rwx3933 ······mode:·o-rwx
3934 ······state:·present3934 ······state:·present
3935 ····when:·syscalls_found·|·length·==·03935 ····when:·syscalls_found·|·length·==·0
3936 ··when:3936 ··when:
3937 ··-·'"auditd"·in·ansible_facts.packages' 
3938 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3937 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 3938 ··-·'"auditd"·in·ansible_facts.packages'
3939 ··tags:3939 ··tags:
3940 ··-·CJIS-5.4.1.13940 ··-·CJIS-5.4.1.1
3941 ··-·DISA-STIG-UBTU-20-0101523941 ··-·DISA-STIG-UBTU-20-010152
3942 ··-·NIST-800-171-3.1.73942 ··-·NIST-800-171-3.1.7
3943 ··-·NIST-800-53-AU-12(c)3943 ··-·NIST-800-53-AU-12(c)
3944 ··-·NIST-800-53-AU-2(d)3944 ··-·NIST-800-53-AU-2(d)
3945 ··-·NIST-800-53-CM-6(a)3945 ··-·NIST-800-53-CM-6(a)
Offset 4074, 16 lines modifiedOffset 4074, 16 lines modified
4074 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10004074 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
4075 ········-F·auid!=unset·-F·key=perm_mod4075 ········-F·auid!=unset·-F·key=perm_mod
4076 ······create:·true4076 ······create:·true
4077 ······mode:·o-rwx4077 ······mode:·o-rwx
4078 ······state:·present4078 ······state:·present
4079 ····when:·syscalls_found·|·length·==·04079 ····when:·syscalls_found·|·length·==·0
4080 ··when:4080 ··when:
4081 ··-·'"auditd"·in·ansible_facts.packages' 
4082 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4081 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4082 ··-·'"auditd"·in·ansible_facts.packages'
4083 ··-·audit_arch·==·"b64"4083 ··-·audit_arch·==·"b64"
4084 ··tags:4084 ··tags:
4085 ··-·CJIS-5.4.1.14085 ··-·CJIS-5.4.1.1
4086 ··-·DISA-STIG-UBTU-20-0101524086 ··-·DISA-STIG-UBTU-20-010152
4087 ··-·NIST-800-171-3.1.74087 ··-·NIST-800-171-3.1.7
4088 ··-·NIST-800-53-AU-12(c)4088 ··-·NIST-800-53-AU-12(c)
4089 ··-·NIST-800-53-AU-2(d)4089 ··-·NIST-800-53-AU-2(d)
Offset 4093, 16 lines modifiedOffset 4093, 16 lines modified
4093 ··-·low_complexity4093 ··-·low_complexity
4094 ··-·low_disruption4094 ··-·low_disruption
4095 ··-·medium_severity4095 ··-·medium_severity
4096 ··-·reboot_required4096 ··-·reboot_required
4097 ··-·restrict_strategy4097 ··-·restrict_strategy
4098 Remediation_Shell_script_⇲4098 Remediation_Shell_script_⇲
4099 #·Remediation·is·applicable·only·in·certain·platforms4099 #·Remediation·is·applicable·only·in·certain·platforms
4100 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'auditd'·2>/dev/null·|·grep·-q·installed·&&·[·!·- 
4101 f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then4100 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·dpkg-query·--show·--showformat='${db:Status-
 4101 Status}\n'·'auditd'·2>/dev/null·|·grep·-q·installed;·then
  
4102 #·First·perform·the·remediation·of·the·syscall·rule4102 #·First·perform·the·remediation·of·the·syscall·rule
4103 #·Retrieve·hardware·architecture·of·the·underlying·system4103 #·Retrieve·hardware·architecture·of·the·underlying·system
4104 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")4104 [·"$(getconf·LONG_BIT)"·=·"32"·]·&&·RULE_ARCHS=("b32")·||·RULE_ARCHS=("b32"·"b64")
  
4105 for·ARCH·in·"${RULE_ARCHS[@]}"4105 for·ARCH·in·"${RULE_ARCHS[@]}"
4106 do4106 do
Offset 4494, 16 lines modifiedOffset 4494, 16 lines modified
4494 ··-·reboot_required4494 ··-·reboot_required
4495 ··-·restrict_strategy4495 ··-·restrict_strategy
  
4496 -·name:·Set·architecture·for·audit·chown·tasks4496 -·name:·Set·architecture·for·audit·chown·tasks
4497 ··set_fact:4497 ··set_fact:
4498 ····audit_arch:·b644498 ····audit_arch:·b64
4499 ··when:4499 ··when:
4500 ··-·'"auditd"·in·ansible_facts.packages' 
4501 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4500 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4501 ··-·'"auditd"·in·ansible_facts.packages'
4502 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture4502 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
4503 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"4503 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
4504 ··tags:4504 ··tags:
4505 ··-·CJIS-5.4.1.14505 ··-·CJIS-5.4.1.1
4506 ··-·DISA-STIG-UBTU-20-0101484506 ··-·DISA-STIG-UBTU-20-010148
4507 ··-·NIST-800-171-3.1.74507 ··-·NIST-800-171-3.1.7
4508 ··-·NIST-800-53-AU-12(c)4508 ··-·NIST-800-53-AU-12(c)
Offset 4642, 16 lines modifiedOffset 4642, 16 lines modified
4642 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10004642 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
4643 ········-F·auid!=unset·-F·key=perm_mod4643 ········-F·auid!=unset·-F·key=perm_mod
4644 ······create:·true4644 ······create:·true
4645 ······mode:·o-rwx4645 ······mode:·o-rwx
4646 ······state:·present4646 ······state:·present
4647 ····when:·syscalls_found·|·length·==·04647 ····when:·syscalls_found·|·length·==·0
4648 ··when:4648 ··when:
4649 ··-·'"auditd"·in·ansible_facts.packages' 
4650 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4649 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4650 ··-·'"auditd"·in·ansible_facts.packages'
4651 ··tags:4651 ··tags:
4652 ··-·CJIS-5.4.1.14652 ··-·CJIS-5.4.1.1
4653 ··-·DISA-STIG-UBTU-20-0101484653 ··-·DISA-STIG-UBTU-20-010148
4654 ··-·NIST-800-171-3.1.74654 ··-·NIST-800-171-3.1.7
4655 ··-·NIST-800-53-AU-12(c)4655 ··-·NIST-800-53-AU-12(c)
4656 ··-·NIST-800-53-AU-2(d)4656 ··-·NIST-800-53-AU-2(d)
4657 ··-·NIST-800-53-CM-6(a)4657 ··-·NIST-800-53-CM-6(a)
Offset 4788, 16 lines modifiedOffset 4788, 16 lines modified
4788 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=10004788 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid>=1000
4789 ········-F·auid!=unset·-F·key=perm_mod4789 ········-F·auid!=unset·-F·key=perm_mod
4790 ······create:·true4790 ······create:·true
4791 ······mode:·o-rwx4791 ······mode:·o-rwx
4792 ······state:·present4792 ······state:·present
4793 ····when:·syscalls_found·|·length·==·04793 ····when:·syscalls_found·|·length·==·0
4794 ··when:4794 ··when:
4795 ··-·'"auditd"·in·ansible_facts.packages' 
4796 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4795 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4796 ··-·'"auditd"·in·ansible_facts.packages'
4797 ··-·audit_arch·==·"b64"4797 ··-·audit_arch·==·"b64"
4798 ··tags:4798 ··tags:
4799 ··-·CJIS-5.4.1.14799 ··-·CJIS-5.4.1.1
4800 ··-·DISA-STIG-UBTU-20-0101484800 ··-·DISA-STIG-UBTU-20-010148
4801 ··-·NIST-800-171-3.1.74801 ··-·NIST-800-171-3.1.7
4802 ··-·NIST-800-53-AU-12(c)4802 ··-·NIST-800-53-AU-12(c)
4803 ··-·NIST-800-53-AU-2(d)4803 ··-·NIST-800-53-AU-2(d)
Offset 4807, 16 lines modifiedOffset 4807, 16 lines modified
4807 ··-·low_complexity4807 ··-·low_complexity
Max diff block lines reached; 166194/170652 bytes (97.39%) of diff not shown.
16.4 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu2204-guide-cis_level1_server.html
    
Offset 38096, 21 lines modifiedOffset 38096, 21 lines modified
00094cf0:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·00094cf0:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·
00094d00:·2f62·6f6f·742f·6772·7562·2f67·7275·622e··/boot/grub/grub.00094d00:·2f62·6f6f·742f·6772·7562·2f67·7275·622e··/boot/grub/grub.
00094d10:·6366·670a·2020·7374·6174·3a0a·2020·2020··cfg.··stat:.····00094d10:·6366·670a·2020·7374·6174·3a0a·2020·2020··cfg.··stat:.····
00094d20:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub00094d20:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub
00094d30:·2f67·7275·622e·6366·670a·2020·7265·6769··/grub.cfg.··regi00094d30:·2f67·7275·622e·6366·670a·2020·7265·6769··/grub.cfg.··regi
00094d40:·7374·6572·3a20·6669·6c65·5f65·7869·7374··ster:·file_exist00094d40:·7374·6572·3a20·6669·6c65·5f65·7869·7374··ster:·file_exist
00094d50:·730a·2020·7768·656e·3a0a·2020·2d20·2722··s.··when:.··-·'"00094d50:·730a·2020·7768·656e·3a0a·2020·2d20·2722··s.··when:.··-·'"
00094d60:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in 
00094d70:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
00094d80:·6163·6b61·6765·7327·0a20·202d·2027·222f··ackages'.··-·'"/ 
00094d90:·626f·6f74·2f65·6669·2220·6e6f·7420·696e··boot/efi"·not·in 
00094da0:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts· 
00094db0:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute= 
00094dc0:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list'00094d60:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i
 00094d70:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts
 00094d80:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute
 00094d90:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list
 00094da0:·270a·2020·2d20·2722·6772·7562·322d·636f··'.··-·'"grub2-co
 00094db0:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible
 00094dc0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
00094dd0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir00094dd0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
00094de0:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type00094de0:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
00094df0:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker00094df0:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
00094e00:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv00094e00:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
00094e10:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c00094e10:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
00094e20:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag00094e20:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag
00094e30:·733a·0a20·202d·2043·4a49·532d·352e·352e··s:.··-·CJIS-5.5.00094e30:·733a·0a20·202d·2043·4a49·532d·352e·352e··s:.··-·CJIS-5.5.
Offset 38131, 21 lines modifiedOffset 38131, 21 lines modified
00094f20:·206e·616d·653a·2045·6e73·7572·6520·6f77···name:·Ensure·ow00094f20:·206e·616d·653a·2045·6e73·7572·6520·6f77···name:·Ensure·ow
00094f30:·6e65·7220·3020·6f6e·202f·626f·6f74·2f67··ner·0·on·/boot/g00094f30:·6e65·7220·3020·6f6e·202f·626f·6f74·2f67··ner·0·on·/boot/g
00094f40:·7275·622f·6772·7562·2e63·6667·0a20·2066··rub/grub.cfg.··f00094f40:·7275·622f·6772·7562·2e63·6667·0a20·2066··rub/grub.cfg.··f
00094f50:·696c·653a·0a20·2020·2070·6174·683a·202f··ile:.····path:·/00094f50:·696c·653a·0a20·2020·2070·6174·683a·202f··ile:.····path:·/
00094f60:·626f·6f74·2f67·7275·622f·6772·7562·2e63··boot/grub/grub.c00094f60:·626f·6f74·2f67·7275·622f·6772·7562·2e63··boot/grub/grub.c
00094f70:·6667·0a20·2020·206f·776e·6572·3a20·2730··fg.····owner:·'000094f70:·6667·0a20·2020·206f·776e·6572·3a20·2730··fg.····owner:·'0
00094f80:·270a·2020·7768·656e·3a0a·2020·2d20·2722··'.··when:.··-·'"00094f80:·270a·2020·7768·656e·3a0a·2020·2d20·2722··'.··when:.··-·'"
00094f90:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in 
00094fa0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
00094fb0:·6163·6b61·6765·7327·0a20·202d·2027·222f··ackages'.··-·'"/ 
00094fc0:·626f·6f74·2f65·6669·2220·6e6f·7420·696e··boot/efi"·not·in 
00094fd0:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts· 
00094fe0:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute= 
00094ff0:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list'00094f90:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i
 00094fa0:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts
 00094fb0:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute
 00094fc0:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list
 00094fd0:·270a·2020·2d20·2722·6772·7562·322d·636f··'.··-·'"grub2-co
 00094fe0:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible
 00094ff0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
00095000:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir00095000:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
00095010:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type00095010:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
00095020:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker00095020:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
00095030:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv00095030:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
00095040:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c00095040:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
00095050:·6f6e·7461·696e·6572·225d·0a20·202d·2066··ontainer"].··-·f00095050:·6f6e·7461·696e·6572·225d·0a20·202d·2066··ontainer"].··-·f
00095060:·696c·655f·6578·6973·7473·2e73·7461·7420··ile_exists.stat·00095060:·696c·655f·6578·6973·7473·2e73·7461·7420··ile_exists.stat·
Offset 38196, 23 lines modifiedOffset 38196, 23 lines modified
00095330:·5374·7261·7465·6779·3a3c·2f74·683e·3c74··Strategy:</th><t00095330:·5374·7261·7465·6779·3a3c·2f74·683e·3c74··Strategy:</th><t
00095340:·643e·636f·6e66·6967·7572·653c·2f74·643e··d>configure</td>00095340:·643e·636f·6e66·6967·7572·653c·2f74·643e··d>configure</td>
00095350:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr00095350:·3c2f·7472·3e3c·2f74·6162·6c65·3e3c·7072··</tr></table><pr
00095360:·653e·3c63·6f64·653e·2320·5265·6d65·6469··e><code>#·Remedi00095360:·653e·3c63·6f64·653e·2320·5265·6d65·6469··e><code>#·Remedi
00095370:·6174·696f·6e20·6973·2061·7070·6c69·6361··ation·is·applica00095370:·6174·696f·6e20·6973·2061·7070·6c69·6361··ation·is·applica
00095380:·626c·6520·6f6e·6c79·2069·6e20·6365·7274··ble·only·in·cert00095380:·626c·6520·6f6e·6c79·2069·6e20·6365·7274··ble·only·in·cert
00095390:·6169·6e20·706c·6174·666f·726d·730a·6966··ain·platforms.if00095390:·6169·6e20·706c·6174·666f·726d·730a·6966··ain·platforms.if
000953a0:·2064·706b·672d·7175·6572·7920·2d2d·7368···dpkg-query·--sh 
000953b0:·6f77·202d·2d73·686f·7766·6f72·6d61·743d··ow·--showformat= 
000953c0:·2724·7b64·623a·5374·6174·7573·2d53·7461··'${db:Status-Sta 
000953d0:·7475·737d·5c6e·2720·2767·7275·6232·2d63··tus}\n'·'grub2-c 
000953e0:·6f6d·6d6f·6e27·2032·2667·743b·2f64·6576··ommon'·2&gt;/dev 
000953f0:·2f6e·756c·6c20·7c20·6772·6570·202d·7120··/null·|·grep·-q· 
00095400:·696e·7374·616c·6c65·6420·2661·6d70·3b26··installed·&amp;& 
00095410:·616d·703b·205b·2021·202d·6620·2f73·7973··amp;·[·!·-f·/sys000953a0:·205b·2021·202d·6620·2f73·7973·2f66·6972···[·!·-f·/sys/fir
00095420:·2f66·6972·6d77·6172·652f·6566·6920·5d20··/firmware/efi·]·000953b0:·6d77·6172·652f·6566·6920·5d20·2661·6d70··mware/efi·]·&amp
 000953c0:·3b26·616d·703b·2064·706b·672d·7175·6572··;&amp;·dpkg-quer
 000953d0:·7920·2d2d·7368·6f77·202d·2d73·686f·7766··y·--show·--showf
 000953e0:·6f72·6d61·743d·2724·7b64·623a·5374·6174··ormat='${db:Stat
 000953f0:·7573·2d53·7461·7475·737d·5c6e·2720·2767··us-Status}\n'·'g
 00095400:·7275·6232·2d63·6f6d·6d6f·6e27·2032·2667··rub2-common'·2&g
 00095410:·743b·2f64·6576·2f6e·756c·6c20·7c20·6772··t;/dev/null·|·gr
 00095420:·6570·202d·7120·696e·7374·616c·6c65·6420··ep·-q·installed·
00095430:·2661·6d70·3b26·616d·703b·207b·205b·2021··&amp;&amp;·{·[·!00095430:·2661·6d70·3b26·616d·703b·207b·205b·2021··&amp;&amp;·{·[·!
00095440:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·00095440:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·
00095450:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!00095450:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!
00095460:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai00095460:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai
00095470:·6e65·7265·6e76·205d·3b20·7d3b·2074·6865··nerenv·];·};·the00095470:·6e65·7265·6e76·205d·3b20·7d3b·2074·6865··nerenv·];·};·the
00095480:·6e0a·0a63·686f·776e·2030·202f·626f·6f74··n..chown·0·/boot00095480:·6e0a·0a63·686f·776e·2030·202f·626f·6f74··n..chown·0·/boot
00095490:·2f67·7275·622f·6772·7562·2e63·6667·0a0a··/grub/grub.cfg..00095490:·2f67·7275·622f·6772·7562·2e63·6667·0a0a··/grub/grub.cfg..
Offset 38664, 22 lines modifiedOffset 38664, 22 lines modified
00097070:·2054·6573·7420·666f·7220·6578·6973·7465···Test·for·existe00097070:·2054·6573·7420·666f·7220·6578·6973·7465···Test·for·existe
00097080:·6e63·6520·2f62·6f6f·742f·6772·7562·2f67··nce·/boot/grub/g00097080:·6e63·6520·2f62·6f6f·742f·6772·7562·2f67··nce·/boot/grub/g
00097090:·7275·622e·6366·670a·2020·7374·6174·3a0a··rub.cfg.··stat:.00097090:·7275·622e·6366·670a·2020·7374·6174·3a0a··rub.cfg.··stat:.
000970a0:·2020·2020·7061·7468·3a20·2f62·6f6f·742f······path:·/boot/000970a0:·2020·2020·7061·7468·3a20·2f62·6f6f·742f······path:·/boot/
000970b0:·6772·7562·2f67·7275·622e·6366·670a·2020··grub/grub.cfg.··000970b0:·6772·7562·2f67·7275·622e·6366·670a·2020··grub/grub.cfg.··
000970c0:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e000970c0:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e
000970d0:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··000970d0:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··
000970e0:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common 
000970f0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
00097100:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··- 
00097110:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no 
00097120:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou 
00097130:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib 
00097140:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l000970e0:·2d20·2722·2f62·6f6f·742f·6566·6922·206e··-·'"/boot/efi"·n
 000970f0:·6f74·2069·6e20·616e·7369·626c·655f·6d6f··ot·in·ansible_mo
 00097100:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri
 00097110:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|·
 00097120:·6c69·7374·270a·2020·2d20·2722·6772·7562··list'.··-·'"grub
 00097130:·322d·636f·6d6d·6f6e·2220·696e·2061·6e73··2-common"·in·ans
 00097140:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
00097150:·6973·7427·0a20·202d·2061·6e73·6962·6c65··ist'.··-·ansible00097150:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible
00097160:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_00097160:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
00097170:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do00097170:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
00097180:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o00097180:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
00097190:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"00097190:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
000971a0:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·000971a0:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
000971b0:·2074·6167·733a·0a20·202d·204e·4953·542d···tags:.··-·NIST-000971b0:·2074·6167·733a·0a20·202d·204e·4953·542d···tags:.··-·NIST-
000971c0:·3830·302d·3137·312d·332e·342e·350a·2020··800-171-3.4.5.··000971c0:·3830·302d·3137·312d·332e·342e·350a·2020··800-171-3.4.5.··
Offset 38699, 22 lines modifiedOffset 38699, 22 lines modified
000972a0:·7873·2c67·2d78·7772·732c·6f2d·7877·7274··xs,g-xwrs,o-xwrt000972a0:·7873·2c67·2d78·7772·732c·6f2d·7877·7274··xs,g-xwrs,o-xwrt
000972b0:·206f·6e20·2f62·6f6f·742f·6772·7562·2f67···on·/boot/grub/g000972b0:·206f·6e20·2f62·6f6f·742f·6772·7562·2f67···on·/boot/grub/g
000972c0:·7275·622e·6366·670a·2020·6669·6c65·3a0a··rub.cfg.··file:.000972c0:·7275·622e·6366·670a·2020·6669·6c65·3a0a··rub.cfg.··file:.
000972d0:·2020·2020·7061·7468·3a20·2f62·6f6f·742f······path:·/boot/000972d0:·2020·2020·7061·7468·3a20·2f62·6f6f·742f······path:·/boot/
000972e0:·6772·7562·2f67·7275·622e·6366·670a·2020··grub/grub.cfg.··000972e0:·6772·7562·2f67·7275·622e·6366·670a·2020··grub/grub.cfg.··
000972f0:·2020·6d6f·6465·3a20·752d·7873·2c67·2d78····mode:·u-xs,g-x000972f0:·2020·6d6f·6465·3a20·752d·7873·2c67·2d78····mode:·u-xs,g-x
00097300:·7772·732c·6f2d·7877·7274·0a20·2077·6865··wrs,o-xwrt.··whe00097300:·7772·732c·6f2d·7877·7274·0a20·2077·6865··wrs,o-xwrt.··whe
00097310:·6e3a·0a20·202d·2027·2267·7275·6232·2d63··n:.··-·'"grub2-c00097310:·6e3a·0a20·202d·2027·222f·626f·6f74·2f65··n:.··-·'"/boot/e
00097320:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl 
00097330:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages 
00097340:·270a·2020·2d20·2722·2f62·6f6f·742f·6566··'.··-·'"/boot/ef 
Max diff block lines reached; 2786/12714 bytes (21.91%) of diff not shown.
3.84 KB
html2text {}
    
Offset 3153, 16 lines modifiedOffset 3153, 16 lines modified
3153 ··-·no_reboot_needed3153 ··-·no_reboot_needed
  
3154 -·name:·Test·for·existence·/boot/grub/grub.cfg3154 -·name:·Test·for·existence·/boot/grub/grub.cfg
3155 ··stat:3155 ··stat:
3156 ····path:·/boot/grub/grub.cfg3156 ····path:·/boot/grub/grub.cfg
3157 ··register:·file_exists3157 ··register:·file_exists
3158 ··when:3158 ··when:
3159 ··-·'"grub2-common"·in·ansible_facts.packages' 
3160 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'3159 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 3160 ··-·'"grub2-common"·in·ansible_facts.packages'
3161 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3161 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3162 ··tags:3162 ··tags:
3163 ··-·CJIS-5.5.2.23163 ··-·CJIS-5.5.2.2
3164 ··-·NIST-800-171-3.4.53164 ··-·NIST-800-171-3.4.5
3165 ··-·NIST-800-53-AC-6(1)3165 ··-·NIST-800-53-AC-6(1)
3166 ··-·NIST-800-53-CM-6(a)3166 ··-·NIST-800-53-CM-6(a)
3167 ··-·PCI-DSS-Req-7.13167 ··-·PCI-DSS-Req-7.1
Offset 3174, 16 lines modifiedOffset 3174, 16 lines modified
3174 ··-·no_reboot_needed3174 ··-·no_reboot_needed
  
3175 -·name:·Ensure·owner·0·on·/boot/grub/grub.cfg3175 -·name:·Ensure·owner·0·on·/boot/grub/grub.cfg
3176 ··file:3176 ··file:
3177 ····path:·/boot/grub/grub.cfg3177 ····path:·/boot/grub/grub.cfg
3178 ····owner:·'0'3178 ····owner:·'0'
3179 ··when:3179 ··when:
3180 ··-·'"grub2-common"·in·ansible_facts.packages' 
3181 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'3180 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 3181 ··-·'"grub2-common"·in·ansible_facts.packages'
3182 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3182 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3183 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists3183 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
3184 ··tags:3184 ··tags:
3185 ··-·CJIS-5.5.2.23185 ··-·CJIS-5.5.2.2
3186 ··-·NIST-800-171-3.4.53186 ··-·NIST-800-171-3.4.5
3187 ··-·NIST-800-53-AC-6(1)3187 ··-·NIST-800-53-AC-6(1)
3188 ··-·NIST-800-53-CM-6(a)3188 ··-·NIST-800-53-CM-6(a)
Offset 3195, 16 lines modifiedOffset 3195, 16 lines modified
3195 ··-·medium_severity3195 ··-·medium_severity
3196 ··-·no_reboot_needed3196 ··-·no_reboot_needed
3197 Remediation_Shell_script_⇲3197 Remediation_Shell_script_⇲
3198 Complexity:·low3198 Complexity:·low
3199 Disruption:·low3199 Disruption:·low
3200 Strategy:···configure3200 Strategy:···configure
3201 #·Remediation·is·applicable·only·in·certain·platforms3201 #·Remediation·is·applicable·only·in·certain·platforms
3202 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/dev/null·|·grep·-q·installed·&&·[·!3202 if·[·!·-f·/sys/firmware/efi·]·&&·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/dev/
3203 -f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then3203 null·|·grep·-q·installed·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
3204 chown·0·/boot/grub/grub.cfg3204 chown·0·/boot/grub/grub.cfg
  
3205 else3205 else
3206 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'3206 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
3207 fi3207 fi
3208 ***·Rule  ·Verify·/boot/grub/grub.cfg·Permissions·  [ref]·***3208 ***·Rule  ·Verify·/boot/grub/grub.cfg·Permissions·  [ref]·***
Offset 3240, 16 lines modifiedOffset 3240, 16 lines modified
3240 ··-·no_reboot_needed3240 ··-·no_reboot_needed
  
3241 -·name:·Test·for·existence·/boot/grub/grub.cfg3241 -·name:·Test·for·existence·/boot/grub/grub.cfg
3242 ··stat:3242 ··stat:
3243 ····path:·/boot/grub/grub.cfg3243 ····path:·/boot/grub/grub.cfg
3244 ··register:·file_exists3244 ··register:·file_exists
3245 ··when:3245 ··when:
3246 ··-·'"grub2-common"·in·ansible_facts.packages' 
3247 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'3246 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 3247 ··-·'"grub2-common"·in·ansible_facts.packages'
3248 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3248 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3249 ··tags:3249 ··tags:
3250 ··-·NIST-800-171-3.4.53250 ··-·NIST-800-171-3.4.5
3251 ··-·NIST-800-53-AC-6(1)3251 ··-·NIST-800-53-AC-6(1)
3252 ··-·NIST-800-53-CM-6(a)3252 ··-·NIST-800-53-CM-6(a)
3253 ··-·configure_strategy3253 ··-·configure_strategy
3254 ··-·file_permissions_grub2_cfg3254 ··-·file_permissions_grub2_cfg
Offset 3259, 16 lines modifiedOffset 3259, 16 lines modified
3259 ··-·no_reboot_needed3259 ··-·no_reboot_needed
  
3260 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg3260 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg
3261 ··file:3261 ··file:
3262 ····path:·/boot/grub/grub.cfg3262 ····path:·/boot/grub/grub.cfg
3263 ····mode:·u-xs,g-xwrs,o-xwrt3263 ····mode:·u-xs,g-xwrs,o-xwrt
3264 ··when:3264 ··when:
3265 ··-·'"grub2-common"·in·ansible_facts.packages' 
3266 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'3265 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 3266 ··-·'"grub2-common"·in·ansible_facts.packages'
3267 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3267 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3268 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists3268 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
3269 ··tags:3269 ··tags:
3270 ··-·NIST-800-171-3.4.53270 ··-·NIST-800-171-3.4.5
3271 ··-·NIST-800-53-AC-6(1)3271 ··-·NIST-800-53-AC-6(1)
3272 ··-·NIST-800-53-CM-6(a)3272 ··-·NIST-800-53-CM-6(a)
3273 ··-·configure_strategy3273 ··-·configure_strategy
Offset 3278, 16 lines modifiedOffset 3278, 16 lines modified
3278 ··-·medium_severity3278 ··-·medium_severity
3279 ··-·no_reboot_needed3279 ··-·no_reboot_needed
3280 Remediation_Shell_script_⇲3280 Remediation_Shell_script_⇲
3281 Complexity:·low3281 Complexity:·low
3282 Disruption:·low3282 Disruption:·low
3283 Strategy:···configure3283 Strategy:···configure
3284 #·Remediation·is·applicable·only·in·certain·platforms3284 #·Remediation·is·applicable·only·in·certain·platforms
3285 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/dev/null·|·grep·-q·installed·&&3285 if·[·!·-f·/sys/firmware/efi·]·&&·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/
3286 [·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then3286 dev/null·|·grep·-q·installed·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
3287 chmod·u-xs,g-xwrs,o-xwrt·/boot/grub/grub.cfg3287 chmod·u-xs,g-xwrs,o-xwrt·/boot/grub/grub.cfg
  
3288 else3288 else
3289 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'3289 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
3290 fi3290 fi
3291 ***·Rule  ·Set·Boot·Loader·Password·in·grub2·  [ref]·***3291 ***·Rule  ·Set·Boot·Loader·Password·in·grub2·  [ref]·***
16.4 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu2204-guide-cis_level1_workstation.html
    
Offset 39645, 21 lines modifiedOffset 39645, 21 lines modified
0009adc0:·7374·2066·6f72·2065·7869·7374·656e·6365··st·for·existence0009adc0:·7374·2066·6f72·2065·7869·7374·656e·6365··st·for·existence
0009add0:·202f·626f·6f74·2f67·7275·622f·6772·7562···/boot/grub/grub0009add0:·202f·626f·6f74·2f67·7275·622f·6772·7562···/boot/grub/grub
0009ade0:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···0009ade0:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···
0009adf0:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru0009adf0:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru
0009ae00:·622f·6772·7562·2e63·6667·0a20·2072·6567··b/grub.cfg.··reg0009ae00:·622f·6772·7562·2e63·6667·0a20·2072·6567··b/grub.cfg.··reg
0009ae10:·6973·7465·723a·2066·696c·655f·6578·6973··ister:·file_exis0009ae10:·6973·7465·723a·2066·696c·655f·6578·6973··ister:·file_exis
0009ae20:·7473·0a20·2077·6865·6e3a·0a20·202d·2027··ts.··when:.··-·'0009ae20:·7473·0a20·2077·6865·6e3a·0a20·202d·2027··ts.··when:.··-·'
0009ae30:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i 
0009ae40:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
0009ae50:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'" 
0009ae60:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i 
0009ae70:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts 
0009ae80:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute 
0009ae90:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list0009ae30:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not·
 0009ae40:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount
 0009ae50:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut
 0009ae60:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis
 0009ae70:·7427·0a20·202d·2027·2267·7275·6232·2d63··t'.··-·'"grub2-c
 0009ae80:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl
 0009ae90:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
0009aea0:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi0009aea0:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
0009aeb0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ0009aeb0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
0009aec0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke0009aec0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
0009aed0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open0009aed0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
0009aee0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"0009aee0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
0009aef0:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta0009aef0:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta
0009af00:·6773·3a0a·2020·2d20·434a·4953·2d35·2e35··gs:.··-·CJIS-5.50009af00:·6773·3a0a·2020·2d20·434a·4953·2d35·2e35··gs:.··-·CJIS-5.5
Offset 39680, 21 lines modifiedOffset 39680, 21 lines modified
0009aff0:·2d20·6e61·6d65·3a20·456e·7375·7265·206f··-·name:·Ensure·o0009aff0:·2d20·6e61·6d65·3a20·456e·7375·7265·206f··-·name:·Ensure·o
0009b000:·776e·6572·2030·206f·6e20·2f62·6f6f·742f··wner·0·on·/boot/0009b000:·776e·6572·2030·206f·6e20·2f62·6f6f·742f··wner·0·on·/boot/
0009b010:·6772·7562·2f67·7275·622e·6366·670a·2020··grub/grub.cfg.··0009b010:·6772·7562·2f67·7275·622e·6366·670a·2020··grub/grub.cfg.··
0009b020:·6669·6c65·3a0a·2020·2020·7061·7468·3a20··file:.····path:·0009b020:·6669·6c65·3a0a·2020·2020·7061·7468·3a20··file:.····path:·
0009b030:·2f62·6f6f·742f·6772·7562·2f67·7275·622e··/boot/grub/grub.0009b030:·2f62·6f6f·742f·6772·7562·2f67·7275·622e··/boot/grub/grub.
0009b040:·6366·670a·2020·2020·6f77·6e65·723a·2027··cfg.····owner:·'0009b040:·6366·670a·2020·2020·6f77·6e65·723a·2027··cfg.····owner:·'
0009b050:·3027·0a20·2077·6865·6e3a·0a20·202d·2027··0'.··when:.··-·'0009b050:·3027·0a20·2077·6865·6e3a·0a20·202d·2027··0'.··when:.··-·'
0009b060:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i 
0009b070:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
0009b080:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'" 
0009b090:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i 
0009b0a0:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts 
0009b0b0:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute 
0009b0c0:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list0009b060:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not·
 0009b070:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount
 0009b080:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut
 0009b090:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis
 0009b0a0:·7427·0a20·202d·2027·2267·7275·6232·2d63··t'.··-·'"grub2-c
 0009b0b0:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl
 0009b0c0:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
0009b0d0:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi0009b0d0:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
0009b0e0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ0009b0e0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
0009b0f0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke0009b0f0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
0009b100:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open0009b100:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
0009b110:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"0009b110:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
0009b120:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·0009b120:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·
0009b130:·6669·6c65·5f65·7869·7374·732e·7374·6174··file_exists.stat0009b130:·6669·6c65·5f65·7869·7374·732e·7374·6174··file_exists.stat
Offset 39745, 23 lines modifiedOffset 39745, 23 lines modified
0009b400:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th><0009b400:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th><
0009b410:·7464·3e63·6f6e·6669·6775·7265·3c2f·7464··td>configure</td0009b410:·7464·3e63·6f6e·6669·6775·7265·3c2f·7464··td>configure</td
0009b420:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p0009b420:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p
0009b430:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed0009b430:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed
0009b440:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic0009b440:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic
0009b450:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer0009b450:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer
0009b460:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i0009b460:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i
0009b470:·6620·6470·6b67·2d71·7565·7279·202d·2d73··f·dpkg-query·--s 
0009b480:·686f·7720·2d2d·7368·6f77·666f·726d·6174··how·--showformat 
0009b490:·3d27·247b·6462·3a53·7461·7475·732d·5374··='${db:Status-St 
0009b4a0:·6174·7573·7d5c·6e27·2027·6772·7562·322d··atus}\n'·'grub2- 
0009b4b0:·636f·6d6d·6f6e·2720·3226·6774·3b2f·6465··common'·2&gt;/de 
0009b4c0:·762f·6e75·6c6c·207c·2067·7265·7020·2d71··v/null·|·grep·-q 
0009b4d0:·2069·6e73·7461·6c6c·6564·2026·616d·703b···installed·&amp; 
0009b4e0:·2661·6d70·3b20·5b20·2120·2d66·202f·7379··&amp;·[·!·-f·/sy0009b470:·6620·5b20·2120·2d66·202f·7379·732f·6669··f·[·!·-f·/sys/fi
0009b4f0:·732f·6669·726d·7761·7265·2f65·6669·205d··s/firmware/efi·]0009b480:·726d·7761·7265·2f65·6669·205d·2026·616d··rmware/efi·]·&am
 0009b490:·703b·2661·6d70·3b20·6470·6b67·2d71·7565··p;&amp;·dpkg-que
 0009b4a0:·7279·202d·2d73·686f·7720·2d2d·7368·6f77··ry·--show·--show
 0009b4b0:·666f·726d·6174·3d27·247b·6462·3a53·7461··format='${db:Sta
 0009b4c0:·7475·732d·5374·6174·7573·7d5c·6e27·2027··tus-Status}\n'·'
 0009b4d0:·6772·7562·322d·636f·6d6d·6f6e·2720·3226··grub2-common'·2&
 0009b4e0:·6774·3b2f·6465·762f·6e75·6c6c·207c·2067··gt;/dev/null·|·g
 0009b4f0:·7265·7020·2d71·2069·6e73·7461·6c6c·6564··rep·-q·installed
0009b500:·2026·616d·703b·2661·6d70·3b20·7b20·5b20···&amp;&amp;·{·[·0009b500:·2026·616d·703b·2661·6d70·3b20·7b20·5b20···&amp;&amp;·{·[·
0009b510:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv0009b510:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv
0009b520:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·0009b520:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·
0009b530:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta0009b530:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta
0009b540:·696e·6572·656e·7620·5d3b·207d·3b20·7468··inerenv·];·};·th0009b540:·696e·6572·656e·7620·5d3b·207d·3b20·7468··inerenv·];·};·th
0009b550:·656e·0a0a·6368·6f77·6e20·3020·2f62·6f6f··en..chown·0·/boo0009b550:·656e·0a0a·6368·6f77·6e20·3020·2f62·6f6f··en..chown·0·/boo
0009b560:·742f·6772·7562·2f67·7275·622e·6366·670a··t/grub/grub.cfg.0009b560:·742f·6772·7562·2f67·7275·622e·6366·670a··t/grub/grub.cfg.
Offset 40213, 22 lines modifiedOffset 40213, 22 lines modified
0009d140:·3a20·5465·7374·2066·6f72·2065·7869·7374··:·Test·for·exist0009d140:·3a20·5465·7374·2066·6f72·2065·7869·7374··:·Test·for·exist
0009d150:·656e·6365·202f·626f·6f74·2f67·7275·622f··ence·/boot/grub/0009d150:·656e·6365·202f·626f·6f74·2f67·7275·622f··ence·/boot/grub/
0009d160:·6772·7562·2e63·6667·0a20·2073·7461·743a··grub.cfg.··stat:0009d160:·6772·7562·2e63·6667·0a20·2073·7461·743a··grub.cfg.··stat:
0009d170:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot0009d170:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot
0009d180:·2f67·7275·622f·6772·7562·2e63·6667·0a20··/grub/grub.cfg.·0009d180:·2f67·7275·622f·6772·7562·2e63·6667·0a20··/grub/grub.cfg.·
0009d190:·2072·6567·6973·7465·723a·2066·696c·655f···register:·file_0009d190:·2072·6567·6973·7465·723a·2066·696c·655f···register:·file_
0009d1a0:·6578·6973·7473·0a20·2077·6865·6e3a·0a20··exists.··when:.·0009d1a0:·6578·6973·7473·0a20·2077·6865·6e3a·0a20··exists.··when:.·
0009d1b0:·202d·2027·2267·7275·6232·2d63·6f6d·6d6f···-·'"grub2-commo 
0009d1c0:·6e22·2069·6e20·616e·7369·626c·655f·6661··n"·in·ansible_fa 
0009d1d0:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.·· 
0009d1e0:·2d20·2722·2f62·6f6f·742f·6566·6922·206e··-·'"/boot/efi"·n 
0009d1f0:·6f74·2069·6e20·616e·7369·626c·655f·6d6f··ot·in·ansible_mo 
0009d200:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri 
0009d210:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|·0009d1b0:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"·
 0009d1c0:·6e6f·7420·696e·2061·6e73·6962·6c65·5f6d··not·in·ansible_m
 0009d1d0:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr
 0009d1e0:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·|
 0009d1f0:·206c·6973·7427·0a20·202d·2027·2267·7275···list'.··-·'"gru
 0009d200:·6232·2d63·6f6d·6d6f·6e22·2069·6e20·616e··b2-common"·in·an
 0009d210:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
0009d220:·6c69·7374·270a·2020·2d20·616e·7369·626c··list'.··-·ansibl0009d220:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl
0009d230:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization0009d230:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
0009d240:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d0009d240:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
0009d250:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"0009d250:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
0009d260:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman0009d260:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
0009d270:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].0009d270:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].
0009d280:·2020·7461·6773·3a0a·2020·2d20·4e49·5354····tags:.··-·NIST0009d280:·2020·7461·6773·3a0a·2020·2d20·4e49·5354····tags:.··-·NIST
0009d290:·2d38·3030·2d31·3731·2d33·2e34·2e35·0a20··-800-171-3.4.5.·0009d290:·2d38·3030·2d31·3731·2d33·2e34·2e35·0a20··-800-171-3.4.5.·
Offset 40248, 22 lines modifiedOffset 40248, 22 lines modified
0009d370:·2d78·732c·672d·7877·7273·2c6f·2d78·7772··-xs,g-xwrs,o-xwr0009d370:·2d78·732c·672d·7877·7273·2c6f·2d78·7772··-xs,g-xwrs,o-xwr
0009d380:·7420·6f6e·202f·626f·6f74·2f67·7275·622f··t·on·/boot/grub/0009d380:·7420·6f6e·202f·626f·6f74·2f67·7275·622f··t·on·/boot/grub/
0009d390:·6772·7562·2e63·6667·0a20·2066·696c·653a··grub.cfg.··file:0009d390:·6772·7562·2e63·6667·0a20·2066·696c·653a··grub.cfg.··file:
0009d3a0:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot0009d3a0:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot
0009d3b0:·2f67·7275·622f·6772·7562·2e63·6667·0a20··/grub/grub.cfg.·0009d3b0:·2f67·7275·622f·6772·7562·2e63·6667·0a20··/grub/grub.cfg.·
0009d3c0:·2020·206d·6f64·653a·2075·2d78·732c·672d·····mode:·u-xs,g-0009d3c0:·2020·206d·6f64·653a·2075·2d78·732c·672d·····mode:·u-xs,g-
0009d3d0:·7877·7273·2c6f·2d78·7772·740a·2020·7768··xwrs,o-xwrt.··wh0009d3d0:·7877·7273·2c6f·2d78·7772·740a·2020·7768··xwrs,o-xwrt.··wh
0009d3e0:·656e·3a0a·2020·2d20·2722·6772·7562·322d··en:.··-·'"grub2-0009d3e0:·656e·3a0a·2020·2d20·2722·2f62·6f6f·742f··en:.··-·'"/boot/
0009d3f0:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib 
0009d400:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package 
0009d410:·7327·0a20·202d·2027·222f·626f·6f74·2f65··s'.··-·'"/boot/e 
Max diff block lines reached; 2786/12714 bytes (21.91%) of diff not shown.
3.84 KB
html2text {}
    
Offset 3389, 16 lines modifiedOffset 3389, 16 lines modified
3389 ··-·no_reboot_needed3389 ··-·no_reboot_needed
  
3390 -·name:·Test·for·existence·/boot/grub/grub.cfg3390 -·name:·Test·for·existence·/boot/grub/grub.cfg
3391 ··stat:3391 ··stat:
3392 ····path:·/boot/grub/grub.cfg3392 ····path:·/boot/grub/grub.cfg
3393 ··register:·file_exists3393 ··register:·file_exists
3394 ··when:3394 ··when:
3395 ··-·'"grub2-common"·in·ansible_facts.packages' 
3396 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'3395 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 3396 ··-·'"grub2-common"·in·ansible_facts.packages'
3397 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3397 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3398 ··tags:3398 ··tags:
3399 ··-·CJIS-5.5.2.23399 ··-·CJIS-5.5.2.2
3400 ··-·NIST-800-171-3.4.53400 ··-·NIST-800-171-3.4.5
3401 ··-·NIST-800-53-AC-6(1)3401 ··-·NIST-800-53-AC-6(1)
3402 ··-·NIST-800-53-CM-6(a)3402 ··-·NIST-800-53-CM-6(a)
3403 ··-·PCI-DSS-Req-7.13403 ··-·PCI-DSS-Req-7.1
Offset 3410, 16 lines modifiedOffset 3410, 16 lines modified
3410 ··-·no_reboot_needed3410 ··-·no_reboot_needed
  
3411 -·name:·Ensure·owner·0·on·/boot/grub/grub.cfg3411 -·name:·Ensure·owner·0·on·/boot/grub/grub.cfg
3412 ··file:3412 ··file:
3413 ····path:·/boot/grub/grub.cfg3413 ····path:·/boot/grub/grub.cfg
3414 ····owner:·'0'3414 ····owner:·'0'
3415 ··when:3415 ··when:
3416 ··-·'"grub2-common"·in·ansible_facts.packages' 
3417 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'3416 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 3417 ··-·'"grub2-common"·in·ansible_facts.packages'
3418 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3418 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3419 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists3419 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
3420 ··tags:3420 ··tags:
3421 ··-·CJIS-5.5.2.23421 ··-·CJIS-5.5.2.2
3422 ··-·NIST-800-171-3.4.53422 ··-·NIST-800-171-3.4.5
3423 ··-·NIST-800-53-AC-6(1)3423 ··-·NIST-800-53-AC-6(1)
3424 ··-·NIST-800-53-CM-6(a)3424 ··-·NIST-800-53-CM-6(a)
Offset 3431, 16 lines modifiedOffset 3431, 16 lines modified
3431 ··-·medium_severity3431 ··-·medium_severity
3432 ··-·no_reboot_needed3432 ··-·no_reboot_needed
3433 Remediation_Shell_script_⇲3433 Remediation_Shell_script_⇲
3434 Complexity:·low3434 Complexity:·low
3435 Disruption:·low3435 Disruption:·low
3436 Strategy:···configure3436 Strategy:···configure
3437 #·Remediation·is·applicable·only·in·certain·platforms3437 #·Remediation·is·applicable·only·in·certain·platforms
3438 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/dev/null·|·grep·-q·installed·&&·[·!3438 if·[·!·-f·/sys/firmware/efi·]·&&·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/dev/
3439 -f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then3439 null·|·grep·-q·installed·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
3440 chown·0·/boot/grub/grub.cfg3440 chown·0·/boot/grub/grub.cfg
  
3441 else3441 else
3442 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'3442 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
3443 fi3443 fi
3444 ***·Rule  ·Verify·/boot/grub/grub.cfg·Permissions·  [ref]·***3444 ***·Rule  ·Verify·/boot/grub/grub.cfg·Permissions·  [ref]·***
Offset 3476, 16 lines modifiedOffset 3476, 16 lines modified
3476 ··-·no_reboot_needed3476 ··-·no_reboot_needed
  
3477 -·name:·Test·for·existence·/boot/grub/grub.cfg3477 -·name:·Test·for·existence·/boot/grub/grub.cfg
3478 ··stat:3478 ··stat:
3479 ····path:·/boot/grub/grub.cfg3479 ····path:·/boot/grub/grub.cfg
3480 ··register:·file_exists3480 ··register:·file_exists
3481 ··when:3481 ··when:
3482 ··-·'"grub2-common"·in·ansible_facts.packages' 
3483 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'3482 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 3483 ··-·'"grub2-common"·in·ansible_facts.packages'
3484 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3484 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3485 ··tags:3485 ··tags:
3486 ··-·NIST-800-171-3.4.53486 ··-·NIST-800-171-3.4.5
3487 ··-·NIST-800-53-AC-6(1)3487 ··-·NIST-800-53-AC-6(1)
3488 ··-·NIST-800-53-CM-6(a)3488 ··-·NIST-800-53-CM-6(a)
3489 ··-·configure_strategy3489 ··-·configure_strategy
3490 ··-·file_permissions_grub2_cfg3490 ··-·file_permissions_grub2_cfg
Offset 3495, 16 lines modifiedOffset 3495, 16 lines modified
3495 ··-·no_reboot_needed3495 ··-·no_reboot_needed
  
3496 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg3496 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg
3497 ··file:3497 ··file:
3498 ····path:·/boot/grub/grub.cfg3498 ····path:·/boot/grub/grub.cfg
3499 ····mode:·u-xs,g-xwrs,o-xwrt3499 ····mode:·u-xs,g-xwrs,o-xwrt
3500 ··when:3500 ··when:
3501 ··-·'"grub2-common"·in·ansible_facts.packages' 
3502 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'3501 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 3502 ··-·'"grub2-common"·in·ansible_facts.packages'
3503 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3503 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3504 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists3504 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
3505 ··tags:3505 ··tags:
3506 ··-·NIST-800-171-3.4.53506 ··-·NIST-800-171-3.4.5
3507 ··-·NIST-800-53-AC-6(1)3507 ··-·NIST-800-53-AC-6(1)
3508 ··-·NIST-800-53-CM-6(a)3508 ··-·NIST-800-53-CM-6(a)
3509 ··-·configure_strategy3509 ··-·configure_strategy
Offset 3514, 16 lines modifiedOffset 3514, 16 lines modified
3514 ··-·medium_severity3514 ··-·medium_severity
3515 ··-·no_reboot_needed3515 ··-·no_reboot_needed
3516 Remediation_Shell_script_⇲3516 Remediation_Shell_script_⇲
3517 Complexity:·low3517 Complexity:·low
3518 Disruption:·low3518 Disruption:·low
3519 Strategy:···configure3519 Strategy:···configure
3520 #·Remediation·is·applicable·only·in·certain·platforms3520 #·Remediation·is·applicable·only·in·certain·platforms
3521 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/dev/null·|·grep·-q·installed·&&3521 if·[·!·-f·/sys/firmware/efi·]·&&·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/
3522 [·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then3522 dev/null·|·grep·-q·installed·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
3523 chmod·u-xs,g-xwrs,o-xwrt·/boot/grub/grub.cfg3523 chmod·u-xs,g-xwrs,o-xwrt·/boot/grub/grub.cfg
  
3524 else3524 else
3525 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'3525 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
3526 fi3526 fi
3527 ***·Rule  ·Set·Boot·Loader·Password·in·grub2·  [ref]·***3527 ***·Rule  ·Set·Boot·Loader·Password·in·grub2·  [ref]·***
16.8 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu2204-guide-cis_level2_server.html
    
Offset 175019, 22 lines modifiedOffset 175019, 22 lines modified
002abaa0:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc002abaa0:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc
002abab0:·6520·2f62·6f6f·742f·6772·7562·2f67·7275··e·/boot/grub/gru002abab0:·6520·2f62·6f6f·742f·6772·7562·2f67·7275··e·/boot/grub/gru
002abac0:·622e·6366·670a·2020·7374·6174·3a0a·2020··b.cfg.··stat:.··002abac0:·622e·6366·670a·2020·7374·6174·3a0a·2020··b.cfg.··stat:.··
002abad0:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr002abad0:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr
002abae0:·7562·2f67·7275·622e·6366·670a·2020·7265··ub/grub.cfg.··re002abae0:·7562·2f67·7275·622e·6366·670a·2020·7265··ub/grub.cfg.··re
002abaf0:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi002abaf0:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi
002abb00:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·002abb00:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·
002abb10:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"· 
002abb20:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
002abb30:·2e70·6163·6b61·6765·7327·0a20·202d·2027··.packages'.··-·' 
002abb40:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not· 
002abb50:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount 
002abb60:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut 
002abb70:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis002abb10:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not
 002abb20:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun
 002abb30:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu
 002abb40:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li
 002abb50:·7374·270a·2020·2d20·2722·6772·7562·322d··st'.··-·'"grub2-
 002abb60:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib
 002abb70:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
002abb80:·7427·0a20·202d·2061·6e73·6962·6c65·5f76··t'.··-·ansible_v002abb80:·7327·0a20·202d·2061·6e73·6962·6c65·5f76··s'.··-·ansible_v
002abb90:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty002abb90:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
002abba0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock002abba0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
002abbb0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope002abbb0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
002abbc0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·002abbc0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
002abbd0:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t002abbd0:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t
002abbe0:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.002abbe0:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.
002abbf0:·352e·322e·320a·2020·2d20·4e49·5354·2d38··5.2.2.··-·NIST-8002abbf0:·352e·322e·320a·2020·2d20·4e49·5354·2d38··5.2.2.··-·NIST-8
Offset 175054, 22 lines modifiedOffset 175054, 22 lines modified
002abcd0:·0a2d·206e·616d·653a·2045·6e73·7572·6520··.-·name:·Ensure·002abcd0:·0a2d·206e·616d·653a·2045·6e73·7572·6520··.-·name:·Ensure·
002abce0:·6f77·6e65·7220·3020·6f6e·202f·626f·6f74··owner·0·on·/boot002abce0:·6f77·6e65·7220·3020·6f6e·202f·626f·6f74··owner·0·on·/boot
002abcf0:·2f67·7275·622f·6772·7562·2e63·6667·0a20··/grub/grub.cfg.·002abcf0:·2f67·7275·622f·6772·7562·2e63·6667·0a20··/grub/grub.cfg.·
002abd00:·2066·696c·653a·0a20·2020·2070·6174·683a···file:.····path:002abd00:·2066·696c·653a·0a20·2020·2070·6174·683a···file:.····path:
002abd10:·202f·626f·6f74·2f67·7275·622f·6772·7562···/boot/grub/grub002abd10:·202f·626f·6f74·2f67·7275·622f·6772·7562···/boot/grub/grub
002abd20:·2e63·6667·0a20·2020·206f·776e·6572·3a20··.cfg.····owner:·002abd20:·2e63·6667·0a20·2020·206f·776e·6572·3a20··.cfg.····owner:·
002abd30:·2730·270a·2020·7768·656e·3a0a·2020·2d20··'0'.··when:.··-·002abd30:·2730·270a·2020·7768·656e·3a0a·2020·2d20··'0'.··when:.··-·
002abd40:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"· 
002abd50:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
002abd60:·2e70·6163·6b61·6765·7327·0a20·202d·2027··.packages'.··-·' 
002abd70:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not· 
002abd80:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount 
002abd90:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut 
002abda0:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis002abd40:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not
 002abd50:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun
 002abd60:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu
 002abd70:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li
 002abd80:·7374·270a·2020·2d20·2722·6772·7562·322d··st'.··-·'"grub2-
 002abd90:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib
 002abda0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
002abdb0:·7427·0a20·202d·2061·6e73·6962·6c65·5f76··t'.··-·ansible_v002abdb0:·7327·0a20·202d·2061·6e73·6962·6c65·5f76··s'.··-·ansible_v
002abdc0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty002abdc0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
002abdd0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock002abdd0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
002abde0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope002abde0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
002abdf0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·002abdf0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
002abe00:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··-002abe00:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··-
002abe10:·2066·696c·655f·6578·6973·7473·2e73·7461···file_exists.sta002abe10:·2066·696c·655f·6578·6973·7473·2e73·7461···file_exists.sta
002abe20:·7420·6973·2064·6566·696e·6564·2061·6e64··t·is·defined·and002abe20:·7420·6973·2064·6566·696e·6564·2061·6e64··t·is·defined·and
Offset 175119, 24 lines modifiedOffset 175119, 24 lines modified
002ac0e0:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>002ac0e0:·683e·5374·7261·7465·6779·3a3c·2f74·683e··h>Strategy:</th>
002ac0f0:·3c74·643e·636f·6e66·6967·7572·653c·2f74··<td>configure</t002ac0f0:·3c74·643e·636f·6e66·6967·7572·653c·2f74··<td>configure</t
002ac100:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table><002ac100:·643e·3c2f·7472·3e3c·2f74·6162·6c65·3e3c··d></tr></table><
002ac110:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme002ac110:·7072·653e·3c63·6f64·653e·2320·5265·6d65··pre><code>#·Reme
002ac120:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli002ac120:·6469·6174·696f·6e20·6973·2061·7070·6c69··diation·is·appli
002ac130:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce002ac130:·6361·626c·6520·6f6e·6c79·2069·6e20·6365··cable·only·in·ce
002ac140:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.002ac140:·7274·6169·6e20·706c·6174·666f·726d·730a··rtain·platforms.
 002ac150:·6966·205b·2021·202d·6620·2f73·7973·2f66··if·[·!·-f·/sys/f
002ac150:·6966·2064·706b·672d·7175·6572·7920·2d2d··if·dpkg-query·-- 
002ac160:·7368·6f77·202d·2d73·686f·7766·6f72·6d61··show·--showforma 
002ac170:·743d·2724·7b64·623a·5374·6174·7573·2d53··t='${db:Status-S 
002ac180:·7461·7475·737d·5c6e·2720·2767·7275·6232··tatus}\n'·'grub2 
002ac190:·2d63·6f6d·6d6f·6e27·2032·2667·743b·2f64··-common'·2&gt;/d 
002ac1a0:·6576·2f6e·756c·6c20·7c20·6772·6570·202d··ev/null·|·grep·- 
002ac1b0:·7120·696e·7374·616c·6c65·6420·2661·6d70··q·installed·&amp 
002ac1c0:·3b26·616d·703b·205b·2021·202d·6620·2f73··;&amp;·[·!·-f·/s 
002ac1d0:·7973·2f66·6972·6d77·6172·652f·6566·6920··ys/firmware/efi·002ac160:·6972·6d77·6172·652f·6566·6920·5d20·2661··irmware/efi·]·&a
 002ac170:·6d70·3b26·616d·703b·2064·706b·672d·7175··mp;&amp;·dpkg-qu
 002ac180:·6572·7920·2d2d·7368·6f77·202d·2d73·686f··ery·--show·--sho
 002ac190:·7766·6f72·6d61·743d·2724·7b64·623a·5374··wformat='${db:St
 002ac1a0:·6174·7573·2d53·7461·7475·737d·5c6e·2720··atus-Status}\n'·
 002ac1b0:·2767·7275·6232·2d63·6f6d·6d6f·6e27·2032··'grub2-common'·2
 002ac1c0:·2667·743b·2f64·6576·2f6e·756c·6c20·7c20··&gt;/dev/null·|·
 002ac1d0:·6772·6570·202d·7120·696e·7374·616c·6c65··grep·-q·installe
002ac1e0:·5d20·2661·6d70·3b26·616d·703b·207b·205b··]·&amp;&amp;·{·[002ac1e0:·6420·2661·6d70·3b26·616d·703b·207b·205b··d·&amp;&amp;·{·[
002ac1f0:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren002ac1f0:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren
002ac200:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[002ac200:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[
002ac210:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont002ac210:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont
002ac220:·6169·6e65·7265·6e76·205d·3b20·7d3b·2074··ainerenv·];·};·t002ac220:·6169·6e65·7265·6e76·205d·3b20·7d3b·2074··ainerenv·];·};·t
002ac230:·6865·6e0a·0a63·686f·776e·2030·202f·626f··hen..chown·0·/bo002ac230:·6865·6e0a·0a63·686f·776e·2030·202f·626f··hen..chown·0·/bo
002ac240:·6f74·2f67·7275·622f·6772·7562·2e63·6667··ot/grub/grub.cfg002ac240:·6f74·2f67·7275·622f·6772·7562·2e63·6667··ot/grub/grub.cfg
002ac250:·0a0a·656c·7365·0a20·2020·2026·6774·3b26··..else.····&gt;&002ac250:·0a0a·656c·7365·0a20·2020·2026·6774·3b26··..else.····&gt;&
Offset 175587, 22 lines modifiedOffset 175587, 22 lines modified
002ade20:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis002ade20:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis
002ade30:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub002ade30:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub
002ade40:·2f67·7275·622e·6366·670a·2020·7374·6174··/grub.cfg.··stat002ade40:·2f67·7275·622e·6366·670a·2020·7374·6174··/grub.cfg.··stat
002ade50:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo002ade50:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo
002ade60:·742f·6772·7562·2f67·7275·622e·6366·670a··t/grub/grub.cfg.002ade60:·742f·6772·7562·2f67·7275·622e·6366·670a··t/grub/grub.cfg.
002ade70:·2020·7265·6769·7374·6572·3a20·6669·6c65····register:·file002ade70:·2020·7265·6769·7374·6572·3a20·6669·6c65····register:·file
002ade80:·5f65·7869·7374·730a·2020·7768·656e·3a0a··_exists.··when:.002ade80:·5f65·7869·7374·730a·2020·7768·656e·3a0a··_exists.··when:.
002ade90:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm 
002adea0:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f 
002adeb0:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.· 
002adec0:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"· 
002aded0:·6e6f·7420·696e·2061·6e73·6962·6c65·5f6d··not·in·ansible_m 
002adee0:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr 
002adef0:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·|002ade90:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi"
 002adea0:·206e·6f74·2069·6e20·616e·7369·626c·655f···not·in·ansible_
 002adeb0:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att
 002adec0:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")·
 002aded0:·7c20·6c69·7374·270a·2020·2d20·2722·6772··|·list'.··-·'"gr
 002adee0:·7562·322d·636f·6d6d·6f6e·2220·696e·2061··ub2-common"·in·a
 002adef0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
002adf00:·206c·6973·7427·0a20·202d·2061·6e73·6962···list'.··-·ansib002adf00:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib
002adf10:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio002adf10:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio
002adf20:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["002adf20:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["
002adf30:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·002adf30:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·
002adf40:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma002adf40:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma
002adf50:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]002adf50:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]
002adf60:·0a20·2074·6167·733a·0a20·202d·204e·4953··.··tags:.··-·NIS002adf60:·0a20·2074·6167·733a·0a20·202d·204e·4953··.··tags:.··-·NIS
002adf70:·542d·3830·302d·3137·312d·332e·342e·350a··T-800-171-3.4.5.002adf70:·542d·3830·302d·3137·312d·332e·342e·350a··T-800-171-3.4.5.
Offset 175622, 22 lines modifiedOffset 175622, 22 lines modified
002ae050:·752d·7873·2c67·2d78·7772·732c·6f2d·7877··u-xs,g-xwrs,o-xw002ae050:·752d·7873·2c67·2d78·7772·732c·6f2d·7877··u-xs,g-xwrs,o-xw
002ae060:·7274·206f·6e20·2f62·6f6f·742f·6772·7562··rt·on·/boot/grub002ae060:·7274·206f·6e20·2f62·6f6f·742f·6772·7562··rt·on·/boot/grub
002ae070:·2f67·7275·622e·6366·670a·2020·6669·6c65··/grub.cfg.··file002ae070:·2f67·7275·622e·6366·670a·2020·6669·6c65··/grub.cfg.··file
002ae080:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo002ae080:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo
002ae090:·742f·6772·7562·2f67·7275·622e·6366·670a··t/grub/grub.cfg.002ae090:·742f·6772·7562·2f67·7275·622e·6366·670a··t/grub/grub.cfg.
002ae0a0:·2020·2020·6d6f·6465·3a20·752d·7873·2c67······mode:·u-xs,g002ae0a0:·2020·2020·6d6f·6465·3a20·752d·7873·2c67······mode:·u-xs,g
002ae0b0:·2d78·7772·732c·6f2d·7877·7274·0a20·2077··-xwrs,o-xwrt.··w002ae0b0:·2d78·7772·732c·6f2d·7877·7274·0a20·2077··-xwrs,o-xwrt.··w
Max diff block lines reached; 2788/13140 bytes (21.22%) of diff not shown.
3.85 KB
html2text {}
    
Offset 39172, 16 lines modifiedOffset 39172, 16 lines modified
39172 ··-·no_reboot_needed39172 ··-·no_reboot_needed
  
39173 -·name:·Test·for·existence·/boot/grub/grub.cfg39173 -·name:·Test·for·existence·/boot/grub/grub.cfg
39174 ··stat:39174 ··stat:
39175 ····path:·/boot/grub/grub.cfg39175 ····path:·/boot/grub/grub.cfg
39176 ··register:·file_exists39176 ··register:·file_exists
39177 ··when:39177 ··when:
39178 ··-·'"grub2-common"·in·ansible_facts.packages' 
39179 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'39178 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 39179 ··-·'"grub2-common"·in·ansible_facts.packages'
39180 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]39180 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
39181 ··tags:39181 ··tags:
39182 ··-·CJIS-5.5.2.239182 ··-·CJIS-5.5.2.2
39183 ··-·NIST-800-171-3.4.539183 ··-·NIST-800-171-3.4.5
39184 ··-·NIST-800-53-AC-6(1)39184 ··-·NIST-800-53-AC-6(1)
39185 ··-·NIST-800-53-CM-6(a)39185 ··-·NIST-800-53-CM-6(a)
39186 ··-·PCI-DSS-Req-7.139186 ··-·PCI-DSS-Req-7.1
Offset 39193, 16 lines modifiedOffset 39193, 16 lines modified
39193 ··-·no_reboot_needed39193 ··-·no_reboot_needed
  
39194 -·name:·Ensure·owner·0·on·/boot/grub/grub.cfg39194 -·name:·Ensure·owner·0·on·/boot/grub/grub.cfg
39195 ··file:39195 ··file:
39196 ····path:·/boot/grub/grub.cfg39196 ····path:·/boot/grub/grub.cfg
39197 ····owner:·'0'39197 ····owner:·'0'
39198 ··when:39198 ··when:
39199 ··-·'"grub2-common"·in·ansible_facts.packages' 
39200 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'39199 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 39200 ··-·'"grub2-common"·in·ansible_facts.packages'
39201 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]39201 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
39202 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists39202 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
39203 ··tags:39203 ··tags:
39204 ··-·CJIS-5.5.2.239204 ··-·CJIS-5.5.2.2
39205 ··-·NIST-800-171-3.4.539205 ··-·NIST-800-171-3.4.5
39206 ··-·NIST-800-53-AC-6(1)39206 ··-·NIST-800-53-AC-6(1)
39207 ··-·NIST-800-53-CM-6(a)39207 ··-·NIST-800-53-CM-6(a)
Offset 39214, 16 lines modifiedOffset 39214, 16 lines modified
39214 ··-·medium_severity39214 ··-·medium_severity
39215 ··-·no_reboot_needed39215 ··-·no_reboot_needed
39216 Remediation_Shell_script_⇲39216 Remediation_Shell_script_⇲
39217 Complexity:·low39217 Complexity:·low
39218 Disruption:·low39218 Disruption:·low
39219 Strategy:···configure39219 Strategy:···configure
39220 #·Remediation·is·applicable·only·in·certain·platforms39220 #·Remediation·is·applicable·only·in·certain·platforms
39221 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/dev/null·|·grep·-q·installed·&&·[·!39221 if·[·!·-f·/sys/firmware/efi·]·&&·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/dev/
39222 -f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then39222 null·|·grep·-q·installed·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
39223 chown·0·/boot/grub/grub.cfg39223 chown·0·/boot/grub/grub.cfg
  
39224 else39224 else
39225 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'39225 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
39226 fi39226 fi
39227 ***·Rule  ·Verify·/boot/grub/grub.cfg·Permissions·  [ref]·***39227 ***·Rule  ·Verify·/boot/grub/grub.cfg·Permissions·  [ref]·***
Offset 39259, 16 lines modifiedOffset 39259, 16 lines modified
39259 ··-·no_reboot_needed39259 ··-·no_reboot_needed
  
39260 -·name:·Test·for·existence·/boot/grub/grub.cfg39260 -·name:·Test·for·existence·/boot/grub/grub.cfg
39261 ··stat:39261 ··stat:
39262 ····path:·/boot/grub/grub.cfg39262 ····path:·/boot/grub/grub.cfg
39263 ··register:·file_exists39263 ··register:·file_exists
39264 ··when:39264 ··when:
39265 ··-·'"grub2-common"·in·ansible_facts.packages' 
39266 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'39265 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 39266 ··-·'"grub2-common"·in·ansible_facts.packages'
39267 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]39267 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
39268 ··tags:39268 ··tags:
39269 ··-·NIST-800-171-3.4.539269 ··-·NIST-800-171-3.4.5
39270 ··-·NIST-800-53-AC-6(1)39270 ··-·NIST-800-53-AC-6(1)
39271 ··-·NIST-800-53-CM-6(a)39271 ··-·NIST-800-53-CM-6(a)
39272 ··-·configure_strategy39272 ··-·configure_strategy
39273 ··-·file_permissions_grub2_cfg39273 ··-·file_permissions_grub2_cfg
Offset 39278, 16 lines modifiedOffset 39278, 16 lines modified
39278 ··-·no_reboot_needed39278 ··-·no_reboot_needed
  
39279 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg39279 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg
39280 ··file:39280 ··file:
39281 ····path:·/boot/grub/grub.cfg39281 ····path:·/boot/grub/grub.cfg
39282 ····mode:·u-xs,g-xwrs,o-xwrt39282 ····mode:·u-xs,g-xwrs,o-xwrt
39283 ··when:39283 ··when:
39284 ··-·'"grub2-common"·in·ansible_facts.packages' 
39285 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'39284 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 39285 ··-·'"grub2-common"·in·ansible_facts.packages'
39286 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]39286 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
39287 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists39287 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
39288 ··tags:39288 ··tags:
39289 ··-·NIST-800-171-3.4.539289 ··-·NIST-800-171-3.4.5
39290 ··-·NIST-800-53-AC-6(1)39290 ··-·NIST-800-53-AC-6(1)
39291 ··-·NIST-800-53-CM-6(a)39291 ··-·NIST-800-53-CM-6(a)
39292 ··-·configure_strategy39292 ··-·configure_strategy
Offset 39297, 16 lines modifiedOffset 39297, 16 lines modified
39297 ··-·medium_severity39297 ··-·medium_severity
39298 ··-·no_reboot_needed39298 ··-·no_reboot_needed
39299 Remediation_Shell_script_⇲39299 Remediation_Shell_script_⇲
39300 Complexity:·low39300 Complexity:·low
39301 Disruption:·low39301 Disruption:·low
39302 Strategy:···configure39302 Strategy:···configure
39303 #·Remediation·is·applicable·only·in·certain·platforms39303 #·Remediation·is·applicable·only·in·certain·platforms
39304 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/dev/null·|·grep·-q·installed·&&39304 if·[·!·-f·/sys/firmware/efi·]·&&·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/
39305 [·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then39305 dev/null·|·grep·-q·installed·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
39306 chmod·u-xs,g-xwrs,o-xwrt·/boot/grub/grub.cfg39306 chmod·u-xs,g-xwrs,o-xwrt·/boot/grub/grub.cfg
  
39307 else39307 else
39308 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'39308 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
39309 fi39309 fi
39310 ***·Rule  ·Set·Boot·Loader·Password·in·grub2·  [ref]·***39310 ***·Rule  ·Set·Boot·Loader·Password·in·grub2·  [ref]·***
16.8 KB
./usr/share/doc/ssg-debderived/ssg-ubuntu2204-guide-cis_level2_workstation.html
    
Offset 176573, 22 lines modifiedOffset 176573, 22 lines modified
002b1bc0:·5465·7374·2066·6f72·2065·7869·7374·656e··Test·for·existen002b1bc0:·5465·7374·2066·6f72·2065·7869·7374·656e··Test·for·existen
002b1bd0:·6365·202f·626f·6f74·2f67·7275·622f·6772··ce·/boot/grub/gr002b1bd0:·6365·202f·626f·6f74·2f67·7275·622f·6772··ce·/boot/grub/gr
002b1be0:·7562·2e63·6667·0a20·2073·7461·743a·0a20··ub.cfg.··stat:.·002b1be0:·7562·2e63·6667·0a20·2073·7461·743a·0a20··ub.cfg.··stat:.·
002b1bf0:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g002b1bf0:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g
002b1c00:·7275·622f·6772·7562·2e63·6667·0a20·2072··rub/grub.cfg.··r002b1c00:·7275·622f·6772·7562·2e63·6667·0a20·2072··rub/grub.cfg.··r
002b1c10:·6567·6973·7465·723a·2066·696c·655f·6578··egister:·file_ex002b1c10:·6567·6973·7465·723a·2066·696c·655f·6578··egister:·file_ex
002b1c20:·6973·7473·0a20·2077·6865·6e3a·0a20·202d··ists.··when:.··-002b1c20:·6973·7473·0a20·2077·6865·6e3a·0a20·202d··ists.··when:.··-
 002b1c30:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no
 002b1c40:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou
 002b1c50:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib
002b1c30:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common" 
002b1c40:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
002b1c50:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-· 
002b1c60:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not 
002b1c70:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun 
002b1c80:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu 
002b1c90:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li002b1c60:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l
 002b1c70:·6973·7427·0a20·202d·2027·2267·7275·6232··ist'.··-·'"grub2
 002b1c80:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi
 002b1c90:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
002b1ca0:·7374·270a·2020·2d20·616e·7369·626c·655f··st'.··-·ansible_002b1ca0:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_
002b1cb0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t002b1cb0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
002b1cc0:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc002b1cc0:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
002b1cd0:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op002b1cd0:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
002b1ce0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",002b1ce0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
002b1cf0:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··002b1cf0:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
002b1d00:·7461·6773·3a0a·2020·2d20·434a·4953·2d35··tags:.··-·CJIS-5002b1d00:·7461·6773·3a0a·2020·2d20·434a·4953·2d35··tags:.··-·CJIS-5
002b1d10:·2e35·2e32·2e32·0a20·202d·204e·4953·542d··.5.2.2.··-·NIST-002b1d10:·2e35·2e32·2e32·0a20·202d·204e·4953·542d··.5.2.2.··-·NIST-
Offset 176608, 22 lines modifiedOffset 176608, 22 lines modified
002b1df0:·0a0a·2d20·6e61·6d65·3a20·456e·7375·7265··..-·name:·Ensure002b1df0:·0a0a·2d20·6e61·6d65·3a20·456e·7375·7265··..-·name:·Ensure
002b1e00:·206f·776e·6572·2030·206f·6e20·2f62·6f6f···owner·0·on·/boo002b1e00:·206f·776e·6572·2030·206f·6e20·2f62·6f6f···owner·0·on·/boo
002b1e10:·742f·6772·7562·2f67·7275·622e·6366·670a··t/grub/grub.cfg.002b1e10:·742f·6772·7562·2f67·7275·622e·6366·670a··t/grub/grub.cfg.
002b1e20:·2020·6669·6c65·3a0a·2020·2020·7061·7468····file:.····path002b1e20:·2020·6669·6c65·3a0a·2020·2020·7061·7468····file:.····path
002b1e30:·3a20·2f62·6f6f·742f·6772·7562·2f67·7275··:·/boot/grub/gru002b1e30:·3a20·2f62·6f6f·742f·6772·7562·2f67·7275··:·/boot/grub/gru
002b1e40:·622e·6366·670a·2020·2020·6f77·6e65·723a··b.cfg.····owner:002b1e40:·622e·6366·670a·2020·2020·6f77·6e65·723a··b.cfg.····owner:
002b1e50:·2027·3027·0a20·2077·6865·6e3a·0a20·202d···'0'.··when:.··-002b1e50:·2027·3027·0a20·2077·6865·6e3a·0a20·202d···'0'.··when:.··-
 002b1e60:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no
 002b1e70:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou
 002b1e80:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib
002b1e60:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common" 
002b1e70:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
002b1e80:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-· 
002b1e90:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not 
002b1ea0:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun 
002b1eb0:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu 
002b1ec0:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li002b1e90:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l
 002b1ea0:·6973·7427·0a20·202d·2027·2267·7275·6232··ist'.··-·'"grub2
 002b1eb0:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi
 002b1ec0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
002b1ed0:·7374·270a·2020·2d20·616e·7369·626c·655f··st'.··-·ansible_002b1ed0:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_
002b1ee0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t002b1ee0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
002b1ef0:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc002b1ef0:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
002b1f00:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op002b1f00:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
002b1f10:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",002b1f10:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
002b1f20:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··002b1f20:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
002b1f30:·2d20·6669·6c65·5f65·7869·7374·732e·7374··-·file_exists.st002b1f30:·2d20·6669·6c65·5f65·7869·7374·732e·7374··-·file_exists.st
002b1f40:·6174·2069·7320·6465·6669·6e65·6420·616e··at·is·defined·an002b1f40:·6174·2069·7320·6465·6669·6e65·6420·616e··at·is·defined·an
Offset 176673, 24 lines modifiedOffset 176673, 24 lines modified
002b2200:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th002b2200:·7468·3e53·7472·6174·6567·793a·3c2f·7468··th>Strategy:</th
002b2210:·3e3c·7464·3e63·6f6e·6669·6775·7265·3c2f··><td>configure</002b2210:·3e3c·7464·3e63·6f6e·6669·6775·7265·3c2f··><td>configure</
002b2220:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>002b2220:·7464·3e3c·2f74·723e·3c2f·7461·626c·653e··td></tr></table>
002b2230:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem002b2230:·3c70·7265·3e3c·636f·6465·3e23·2052·656d··<pre><code>#·Rem
002b2240:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl002b2240:·6564·6961·7469·6f6e·2069·7320·6170·706c··ediation·is·appl
002b2250:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c002b2250:·6963·6162·6c65·206f·6e6c·7920·696e·2063··icable·only·in·c
002b2260:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms002b2260:·6572·7461·696e·2070·6c61·7466·6f72·6d73··ertain·platforms
 002b2270:·0a69·6620·5b20·2120·2d66·202f·7379·732f··.if·[·!·-f·/sys/
002b2270:·0a69·6620·6470·6b67·2d71·7565·7279·202d··.if·dpkg-query·- 
002b2280:·2d73·686f·7720·2d2d·7368·6f77·666f·726d··-show·--showform 
002b2290:·6174·3d27·247b·6462·3a53·7461·7475·732d··at='${db:Status- 
002b22a0:·5374·6174·7573·7d5c·6e27·2027·6772·7562··Status}\n'·'grub 
002b22b0:·322d·636f·6d6d·6f6e·2720·3226·6774·3b2f··2-common'·2&gt;/ 
002b22c0:·6465·762f·6e75·6c6c·207c·2067·7265·7020··dev/null·|·grep· 
002b22d0:·2d71·2069·6e73·7461·6c6c·6564·2026·616d··-q·installed·&am 
002b22e0:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/ 
002b22f0:·7379·732f·6669·726d·7761·7265·2f65·6669··sys/firmware/efi002b2280:·6669·726d·7761·7265·2f65·6669·205d·2026··firmware/efi·]·&
 002b2290:·616d·703b·2661·6d70·3b20·6470·6b67·2d71··amp;&amp;·dpkg-q
 002b22a0:·7565·7279·202d·2d73·686f·7720·2d2d·7368··uery·--show·--sh
 002b22b0:·6f77·666f·726d·6174·3d27·247b·6462·3a53··owformat='${db:S
 002b22c0:·7461·7475·732d·5374·6174·7573·7d5c·6e27··tatus-Status}\n'
 002b22d0:·2027·6772·7562·322d·636f·6d6d·6f6e·2720···'grub2-common'·
 002b22e0:·3226·6774·3b2f·6465·762f·6e75·6c6c·207c··2&gt;/dev/null·|
 002b22f0:·2067·7265·7020·2d71·2069·6e73·7461·6c6c···grep·-q·install
002b2300:·205d·2026·616d·703b·2661·6d70·3b20·7b20···]·&amp;&amp;·{·002b2300:·6564·2026·616d·703b·2661·6d70·3b20·7b20··ed·&amp;&amp;·{·
002b2310:·5b20·2120·2d66·202f·2e64·6f63·6b65·7265··[·!·-f·/.dockere002b2310:·5b20·2120·2d66·202f·2e64·6f63·6b65·7265··[·!·-f·/.dockere
002b2320:·6e76·205d·2026·616d·703b·2661·6d70·3b20··nv·]·&amp;&amp;·002b2320:·6e76·205d·2026·616d·703b·2661·6d70·3b20··nv·]·&amp;&amp;·
002b2330:·5b20·2120·2d66·202f·7275·6e2f·2e63·6f6e··[·!·-f·/run/.con002b2330:·5b20·2120·2d66·202f·7275·6e2f·2e63·6f6e··[·!·-f·/run/.con
002b2340:·7461·696e·6572·656e·7620·5d3b·207d·3b20··tainerenv·];·};·002b2340:·7461·696e·6572·656e·7620·5d3b·207d·3b20··tainerenv·];·};·
002b2350:·7468·656e·0a0a·6368·6f77·6e20·3020·2f62··then..chown·0·/b002b2350:·7468·656e·0a0a·6368·6f77·6e20·3020·2f62··then..chown·0·/b
002b2360:·6f6f·742f·6772·7562·2f67·7275·622e·6366··oot/grub/grub.cf002b2360:·6f6f·742f·6772·7562·2f67·7275·622e·6366··oot/grub/grub.cf
002b2370:·670a·0a65·6c73·650a·2020·2020·2667·743b··g..else.····&gt;002b2370:·670a·0a65·6c73·650a·2020·2020·2667·743b··g..else.····&gt;
Offset 177141, 22 lines modifiedOffset 177141, 22 lines modified
002b3f40:·6d65·3a20·5465·7374·2066·6f72·2065·7869··me:·Test·for·exi002b3f40:·6d65·3a20·5465·7374·2066·6f72·2065·7869··me:·Test·for·exi
002b3f50:·7374·656e·6365·202f·626f·6f74·2f67·7275··stence·/boot/gru002b3f50:·7374·656e·6365·202f·626f·6f74·2f67·7275··stence·/boot/gru
002b3f60:·622f·6772·7562·2e63·6667·0a20·2073·7461··b/grub.cfg.··sta002b3f60:·622f·6772·7562·2e63·6667·0a20·2073·7461··b/grub.cfg.··sta
002b3f70:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo002b3f70:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo
002b3f80:·6f74·2f67·7275·622f·6772·7562·2e63·6667··ot/grub/grub.cfg002b3f80:·6f74·2f67·7275·622f·6772·7562·2e63·6667··ot/grub/grub.cfg
002b3f90:·0a20·2072·6567·6973·7465·723a·2066·696c··.··register:·fil002b3f90:·0a20·2072·6567·6973·7465·723a·2066·696c··.··register:·fil
002b3fa0:·655f·6578·6973·7473·0a20·2077·6865·6e3a··e_exists.··when:002b3fa0:·655f·6578·6973·7473·0a20·2077·6865·6e3a··e_exists.··when:
002b3fb0:·0a20·202d·2027·2267·7275·6232·2d63·6f6d··.··-·'"grub2-com 
002b3fc0:·6d6f·6e22·2069·6e20·616e·7369·626c·655f··mon"·in·ansible_ 
002b3fd0:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'. 
002b3fe0:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi" 
002b3ff0:·206e·6f74·2069·6e20·616e·7369·626c·655f···not·in·ansible_ 
002b4000:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att 
002b4010:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")·002b3fb0:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi
 002b3fc0:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible
 002b3fd0:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at
 002b3fe0:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount")
 002b3ff0:·207c·206c·6973·7427·0a20·202d·2027·2267···|·list'.··-·'"g
 002b4000:·7275·6232·2d63·6f6d·6d6f·6e22·2069·6e20··rub2-common"·in·
 002b4010:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
002b4020:·7c20·6c69·7374·270a·2020·2d20·616e·7369··|·list'.··-·ansi002b4020:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi
002b4030:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati002b4030:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
002b4040:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[002b4040:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
002b4050:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",002b4050:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
002b4060:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm002b4060:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
002b4070:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"002b4070:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
002b4080:·5d0a·2020·7461·6773·3a0a·2020·2d20·4e49··].··tags:.··-·NI002b4080:·5d0a·2020·7461·6773·3a0a·2020·2d20·4e49··].··tags:.··-·NI
002b4090:·5354·2d38·3030·2d31·3731·2d33·2e34·2e35··ST-800-171-3.4.5002b4090:·5354·2d38·3030·2d31·3731·2d33·2e34·2e35··ST-800-171-3.4.5
Offset 177176, 22 lines modifiedOffset 177176, 22 lines modified
002b4170:·2075·2d78·732c·672d·7877·7273·2c6f·2d78···u-xs,g-xwrs,o-x002b4170:·2075·2d78·732c·672d·7877·7273·2c6f·2d78···u-xs,g-xwrs,o-x
002b4180:·7772·7420·6f6e·202f·626f·6f74·2f67·7275··wrt·on·/boot/gru002b4180:·7772·7420·6f6e·202f·626f·6f74·2f67·7275··wrt·on·/boot/gru
002b4190:·622f·6772·7562·2e63·6667·0a20·2066·696c··b/grub.cfg.··fil002b4190:·622f·6772·7562·2e63·6667·0a20·2066·696c··b/grub.cfg.··fil
002b41a0:·653a·0a20·2020·2070·6174·683a·202f·626f··e:.····path:·/bo002b41a0:·653a·0a20·2020·2070·6174·683a·202f·626f··e:.····path:·/bo
002b41b0:·6f74·2f67·7275·622f·6772·7562·2e63·6667··ot/grub/grub.cfg002b41b0:·6f74·2f67·7275·622f·6772·7562·2e63·6667··ot/grub/grub.cfg
002b41c0:·0a20·2020·206d·6f64·653a·2075·2d78·732c··.····mode:·u-xs,002b41c0:·0a20·2020·206d·6f64·653a·2075·2d78·732c··.····mode:·u-xs,
002b41d0:·672d·7877·7273·2c6f·2d78·7772·740a·2020··g-xwrs,o-xwrt.··002b41d0:·672d·7877·7273·2c6f·2d78·7772·740a·2020··g-xwrs,o-xwrt.··
Max diff block lines reached; 2788/13140 bytes (21.22%) of diff not shown.
3.85 KB
html2text {}
    
Offset 39409, 16 lines modifiedOffset 39409, 16 lines modified
39409 ··-·no_reboot_needed39409 ··-·no_reboot_needed
  
39410 -·name:·Test·for·existence·/boot/grub/grub.cfg39410 -·name:·Test·for·existence·/boot/grub/grub.cfg
39411 ··stat:39411 ··stat:
39412 ····path:·/boot/grub/grub.cfg39412 ····path:·/boot/grub/grub.cfg
39413 ··register:·file_exists39413 ··register:·file_exists
39414 ··when:39414 ··when:
39415 ··-·'"grub2-common"·in·ansible_facts.packages' 
39416 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'39415 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 39416 ··-·'"grub2-common"·in·ansible_facts.packages'
39417 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]39417 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
39418 ··tags:39418 ··tags:
39419 ··-·CJIS-5.5.2.239419 ··-·CJIS-5.5.2.2
39420 ··-·NIST-800-171-3.4.539420 ··-·NIST-800-171-3.4.5
39421 ··-·NIST-800-53-AC-6(1)39421 ··-·NIST-800-53-AC-6(1)
39422 ··-·NIST-800-53-CM-6(a)39422 ··-·NIST-800-53-CM-6(a)
39423 ··-·PCI-DSS-Req-7.139423 ··-·PCI-DSS-Req-7.1
Offset 39430, 16 lines modifiedOffset 39430, 16 lines modified
39430 ··-·no_reboot_needed39430 ··-·no_reboot_needed
  
39431 -·name:·Ensure·owner·0·on·/boot/grub/grub.cfg39431 -·name:·Ensure·owner·0·on·/boot/grub/grub.cfg
39432 ··file:39432 ··file:
39433 ····path:·/boot/grub/grub.cfg39433 ····path:·/boot/grub/grub.cfg
39434 ····owner:·'0'39434 ····owner:·'0'
39435 ··when:39435 ··when:
39436 ··-·'"grub2-common"·in·ansible_facts.packages' 
39437 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'39436 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 39437 ··-·'"grub2-common"·in·ansible_facts.packages'
39438 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]39438 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
39439 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists39439 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
39440 ··tags:39440 ··tags:
39441 ··-·CJIS-5.5.2.239441 ··-·CJIS-5.5.2.2
39442 ··-·NIST-800-171-3.4.539442 ··-·NIST-800-171-3.4.5
39443 ··-·NIST-800-53-AC-6(1)39443 ··-·NIST-800-53-AC-6(1)
39444 ··-·NIST-800-53-CM-6(a)39444 ··-·NIST-800-53-CM-6(a)
Offset 39451, 16 lines modifiedOffset 39451, 16 lines modified
39451 ··-·medium_severity39451 ··-·medium_severity
39452 ··-·no_reboot_needed39452 ··-·no_reboot_needed
39453 Remediation_Shell_script_⇲39453 Remediation_Shell_script_⇲
39454 Complexity:·low39454 Complexity:·low
39455 Disruption:·low39455 Disruption:·low
39456 Strategy:···configure39456 Strategy:···configure
39457 #·Remediation·is·applicable·only·in·certain·platforms39457 #·Remediation·is·applicable·only·in·certain·platforms
39458 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/dev/null·|·grep·-q·installed·&&·[·!39458 if·[·!·-f·/sys/firmware/efi·]·&&·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/dev/
39459 -f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then39459 null·|·grep·-q·installed·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
39460 chown·0·/boot/grub/grub.cfg39460 chown·0·/boot/grub/grub.cfg
  
39461 else39461 else
39462 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'39462 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
39463 fi39463 fi
39464 ***·Rule  ·Verify·/boot/grub/grub.cfg·Permissions·  [ref]·***39464 ***·Rule  ·Verify·/boot/grub/grub.cfg·Permissions·  [ref]·***
Offset 39496, 16 lines modifiedOffset 39496, 16 lines modified
39496 ··-·no_reboot_needed39496 ··-·no_reboot_needed
  
39497 -·name:·Test·for·existence·/boot/grub/grub.cfg39497 -·name:·Test·for·existence·/boot/grub/grub.cfg
39498 ··stat:39498 ··stat:
39499 ····path:·/boot/grub/grub.cfg39499 ····path:·/boot/grub/grub.cfg
39500 ··register:·file_exists39500 ··register:·file_exists
39501 ··when:39501 ··when:
39502 ··-·'"grub2-common"·in·ansible_facts.packages' 
39503 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'39502 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 39503 ··-·'"grub2-common"·in·ansible_facts.packages'
39504 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]39504 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
39505 ··tags:39505 ··tags:
39506 ··-·NIST-800-171-3.4.539506 ··-·NIST-800-171-3.4.5
39507 ··-·NIST-800-53-AC-6(1)39507 ··-·NIST-800-53-AC-6(1)
39508 ··-·NIST-800-53-CM-6(a)39508 ··-·NIST-800-53-CM-6(a)
39509 ··-·configure_strategy39509 ··-·configure_strategy
39510 ··-·file_permissions_grub2_cfg39510 ··-·file_permissions_grub2_cfg
Offset 39515, 16 lines modifiedOffset 39515, 16 lines modified
39515 ··-·no_reboot_needed39515 ··-·no_reboot_needed
  
39516 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg39516 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg
39517 ··file:39517 ··file:
39518 ····path:·/boot/grub/grub.cfg39518 ····path:·/boot/grub/grub.cfg
39519 ····mode:·u-xs,g-xwrs,o-xwrt39519 ····mode:·u-xs,g-xwrs,o-xwrt
39520 ··when:39520 ··when:
39521 ··-·'"grub2-common"·in·ansible_facts.packages' 
39522 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'39521 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 39522 ··-·'"grub2-common"·in·ansible_facts.packages'
39523 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]39523 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
39524 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists39524 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
39525 ··tags:39525 ··tags:
39526 ··-·NIST-800-171-3.4.539526 ··-·NIST-800-171-3.4.5
39527 ··-·NIST-800-53-AC-6(1)39527 ··-·NIST-800-53-AC-6(1)
39528 ··-·NIST-800-53-CM-6(a)39528 ··-·NIST-800-53-CM-6(a)
39529 ··-·configure_strategy39529 ··-·configure_strategy
Offset 39534, 16 lines modifiedOffset 39534, 16 lines modified
39534 ··-·medium_severity39534 ··-·medium_severity
39535 ··-·no_reboot_needed39535 ··-·no_reboot_needed
39536 Remediation_Shell_script_⇲39536 Remediation_Shell_script_⇲
39537 Complexity:·low39537 Complexity:·low
39538 Disruption:·low39538 Disruption:·low
39539 Strategy:···configure39539 Strategy:···configure
39540 #·Remediation·is·applicable·only·in·certain·platforms39540 #·Remediation·is·applicable·only·in·certain·platforms
39541 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/dev/null·|·grep·-q·installed·&&39541 if·[·!·-f·/sys/firmware/efi·]·&&·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2>/
39542 [·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then39542 dev/null·|·grep·-q·installed·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
39543 chmod·u-xs,g-xwrs,o-xwrt·/boot/grub/grub.cfg39543 chmod·u-xs,g-xwrs,o-xwrt·/boot/grub/grub.cfg
  
39544 else39544 else
39545 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'39545 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
39546 fi39546 fi
39547 ***·Rule  ·Set·Boot·Loader·Password·in·grub2·  [ref]·***39547 ***·Rule  ·Set·Boot·Loader·Password·in·grub2·  [ref]·***
11.5 KB
./usr/share/scap-security-guide/ansible/ubuntu1804-playbook-cis.yml
Ordering differences only
    
Offset 138, 16 lines modifiedOffset 138, 16 lines modified
138 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/138 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
139 ······find:139 ······find:
140 ········paths:·/etc/audit/rules.d140 ········paths:·/etc/audit/rules.d
141 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+141 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
142 ········patterns:·'*.rules'142 ········patterns:·'*.rules'
143 ······register:·find_existing_watch_rules_d143 ······register:·find_existing_watch_rules_d
144 ······when:144 ······when:
145 ······-·'"audit"·in·ansible_facts.packages' 
146 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]145 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 146 ······-·'"audit"·in·ansible_facts.packages'
147 ······tags:147 ······tags:
148 ······-·CJIS-5.4.1.1148 ······-·CJIS-5.4.1.1
149 ······-·NIST-800-171-3.1.7149 ······-·NIST-800-171-3.1.7
150 ······-·NIST-800-53-AC-2(7)(b)150 ······-·NIST-800-53-AC-2(7)(b)
151 ······-·NIST-800-53-AC-6(9)151 ······-·NIST-800-53-AC-6(9)
152 ······-·NIST-800-53-AU-12(c)152 ······-·NIST-800-53-AU-12(c)
153 ······-·NIST-800-53-AU-2(d)153 ······-·NIST-800-53-AU-2(d)
Offset 164, 16 lines modifiedOffset 164, 16 lines modified
164 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions164 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
165 ······find:165 ······find:
166 ········paths:·/etc/audit/rules.d166 ········paths:·/etc/audit/rules.d
167 ········contains:·^.*(?:-F·key=|-k\s+)actions$167 ········contains:·^.*(?:-F·key=|-k\s+)actions$
168 ········patterns:·'*.rules'168 ········patterns:·'*.rules'
169 ······register:·find_watch_key169 ······register:·find_watch_key
170 ······when:170 ······when:
171 ······-·'"audit"·in·ansible_facts.packages' 
172 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]171 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 172 ······-·'"audit"·in·ansible_facts.packages'
173 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched173 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
174 ········==·0174 ········==·0
175 ······tags:175 ······tags:
176 ······-·CJIS-5.4.1.1176 ······-·CJIS-5.4.1.1
177 ······-·NIST-800-171-3.1.7177 ······-·NIST-800-171-3.1.7
178 ······-·NIST-800-53-AC-2(7)(b)178 ······-·NIST-800-53-AC-2(7)(b)
179 ······-·NIST-800-53-AC-6(9)179 ······-·NIST-800-53-AC-6(9)
Offset 190, 16 lines modifiedOffset 190, 16 lines modified
190 ······-·restrict_strategy190 ······-·restrict_strategy
  
191 ····-·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule191 ····-·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule
192 ······set_fact:192 ······set_fact:
193 ········all_files:193 ········all_files:
194 ········-·/etc/audit/rules.d/actions.rules194 ········-·/etc/audit/rules.d/actions.rules
195 ······when:195 ······when:
196 ······-·'"audit"·in·ansible_facts.packages' 
197 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]196 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 197 ······-·'"audit"·in·ansible_facts.packages'
198 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched198 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
199 ········is·defined·and·find_existing_watch_rules_d.matched·==·0199 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
200 ······tags:200 ······tags:
201 ······-·CJIS-5.4.1.1201 ······-·CJIS-5.4.1.1
202 ······-·NIST-800-171-3.1.7202 ······-·NIST-800-171-3.1.7
203 ······-·NIST-800-53-AC-2(7)(b)203 ······-·NIST-800-53-AC-2(7)(b)
204 ······-·NIST-800-53-AC-6(9)204 ······-·NIST-800-53-AC-6(9)
Offset 216, 16 lines modifiedOffset 216, 16 lines modified
216 ······-·restrict_strategy216 ······-·restrict_strategy
  
217 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule217 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
218 ······set_fact:218 ······set_fact:
219 ········all_files:219 ········all_files:
220 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'220 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
221 ······when:221 ······when:
222 ······-·'"audit"·in·ansible_facts.packages' 
223 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]222 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 223 ······-·'"audit"·in·ansible_facts.packages'
224 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched224 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
225 ········is·defined·and·find_existing_watch_rules_d.matched·==·0225 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
226 ······tags:226 ······tags:
227 ······-·CJIS-5.4.1.1227 ······-·CJIS-5.4.1.1
228 ······-·NIST-800-171-3.1.7228 ······-·NIST-800-171-3.1.7
229 ······-·NIST-800-53-AC-2(7)(b)229 ······-·NIST-800-53-AC-2(7)(b)
230 ······-·NIST-800-53-AC-6(9)230 ······-·NIST-800-53-AC-6(9)
Offset 244, 16 lines modifiedOffset 244, 16 lines modified
244 ····-·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/244 ····-·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/
245 ······lineinfile:245 ······lineinfile:
246 ········path:·'{{·all_files[0]·}}'246 ········path:·'{{·all_files[0]·}}'
247 ········line:·-w·/etc/sudoers·-p·wa·-k·actions247 ········line:·-w·/etc/sudoers·-p·wa·-k·actions
248 ········create:·true248 ········create:·true
249 ········mode:·'0640'249 ········mode:·'0640'
250 ······when:250 ······when:
251 ······-·'"audit"·in·ansible_facts.packages' 
252 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]251 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 252 ······-·'"audit"·in·ansible_facts.packages'
253 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched253 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
254 ········==·0254 ········==·0
255 ······tags:255 ······tags:
256 ······-·CJIS-5.4.1.1256 ······-·CJIS-5.4.1.1
257 ······-·NIST-800-171-3.1.7257 ······-·NIST-800-171-3.1.7
258 ······-·NIST-800-53-AC-2(7)(b)258 ······-·NIST-800-53-AC-2(7)(b)
259 ······-·NIST-800-53-AC-6(9)259 ······-·NIST-800-53-AC-6(9)
Offset 272, 16 lines modifiedOffset 272, 16 lines modified
272 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/audit.rules272 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/audit.rules
273 ······find:273 ······find:
274 ········paths:·/etc/audit/274 ········paths:·/etc/audit/
275 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+275 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
276 ········patterns:·audit.rules276 ········patterns:·audit.rules
277 ······register:·find_existing_watch_audit_rules277 ······register:·find_existing_watch_audit_rules
278 ······when:278 ······when:
279 ······-·'"audit"·in·ansible_facts.packages' 
280 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]279 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 280 ······-·'"audit"·in·ansible_facts.packages'
281 ······tags:281 ······tags:
282 ······-·CJIS-5.4.1.1282 ······-·CJIS-5.4.1.1
283 ······-·NIST-800-171-3.1.7283 ······-·NIST-800-171-3.1.7
284 ······-·NIST-800-53-AC-2(7)(b)284 ······-·NIST-800-53-AC-2(7)(b)
285 ······-·NIST-800-53-AC-6(9)285 ······-·NIST-800-53-AC-6(9)
286 ······-·NIST-800-53-AU-12(c)286 ······-·NIST-800-53-AU-12(c)
287 ······-·NIST-800-53-AU-2(d)287 ······-·NIST-800-53-AU-2(d)
Offset 299, 16 lines modifiedOffset 299, 16 lines modified
299 ······lineinfile:299 ······lineinfile:
300 ········line:·-w·/etc/sudoers·-p·wa·-k·actions300 ········line:·-w·/etc/sudoers·-p·wa·-k·actions
301 ········state:·present301 ········state:·present
302 ········dest:·/etc/audit/audit.rules302 ········dest:·/etc/audit/audit.rules
303 ········create:·true303 ········create:·true
304 ········mode:·'0640'304 ········mode:·'0640'
305 ······when:305 ······when:
306 ······-·'"audit"·in·ansible_facts.packages' 
307 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]306 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 307 ······-·'"audit"·in·ansible_facts.packages'
308 ······-·find_existing_watch_audit_rules.matched·is·defined·and·find_existing_watch_audit_rules.matched308 ······-·find_existing_watch_audit_rules.matched·is·defined·and·find_existing_watch_audit_rules.matched
309 ········==·0309 ········==·0
310 ······tags:310 ······tags:
311 ······-·CJIS-5.4.1.1311 ······-·CJIS-5.4.1.1
312 ······-·NIST-800-171-3.1.7312 ······-·NIST-800-171-3.1.7
313 ······-·NIST-800-53-AC-2(7)(b)313 ······-·NIST-800-53-AC-2(7)(b)
314 ······-·NIST-800-53-AC-6(9)314 ······-·NIST-800-53-AC-6(9)
Offset 327, 16 lines modifiedOffset 327, 16 lines modified
327 ····-·name:·Check·if·watch·rule·for·/etc/sudoers.d/·already·exists·in·/etc/audit/rules.d/327 ····-·name:·Check·if·watch·rule·for·/etc/sudoers.d/·already·exists·in·/etc/audit/rules.d/
Max diff block lines reached; 6662/11573 bytes (57.57%) of diff not shown.
2.8 KB
./usr/share/scap-security-guide/ansible/ubuntu2004-playbook-cis_level1_server.yml
Ordering differences only
    
Offset 1092, 16 lines modifiedOffset 1092, 16 lines modified
1092 ······-·no_reboot_needed1092 ······-·no_reboot_needed
  
1093 ····-·name:·Test·for·existence·/boot/grub/grub.cfg1093 ····-·name:·Test·for·existence·/boot/grub/grub.cfg
1094 ······stat:1094 ······stat:
1095 ········path:·/boot/grub/grub.cfg1095 ········path:·/boot/grub/grub.cfg
1096 ······register:·file_exists1096 ······register:·file_exists
1097 ······when:1097 ······when:
1098 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
1099 ······-·'"grub2-common"·in·ansible_facts.packages'1098 ······-·'"grub2-common"·in·ansible_facts.packages'
 1099 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
1100 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1100 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1101 ······tags:1101 ······tags:
1102 ······-·CJIS-5.5.2.21102 ······-·CJIS-5.5.2.2
1103 ······-·NIST-800-171-3.4.51103 ······-·NIST-800-171-3.4.5
1104 ······-·NIST-800-53-AC-6(1)1104 ······-·NIST-800-53-AC-6(1)
1105 ······-·NIST-800-53-CM-6(a)1105 ······-·NIST-800-53-CM-6(a)
1106 ······-·PCI-DSS-Req-7.11106 ······-·PCI-DSS-Req-7.1
Offset 1113, 16 lines modifiedOffset 1113, 16 lines modified
1113 ······-·no_reboot_needed1113 ······-·no_reboot_needed
  
1114 ····-·name:·Ensure·owner·0·on·/boot/grub/grub.cfg1114 ····-·name:·Ensure·owner·0·on·/boot/grub/grub.cfg
1115 ······file:1115 ······file:
1116 ········path:·/boot/grub/grub.cfg1116 ········path:·/boot/grub/grub.cfg
1117 ········owner:·'0'1117 ········owner:·'0'
1118 ······when:1118 ······when:
1119 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
1120 ······-·'"grub2-common"·in·ansible_facts.packages'1119 ······-·'"grub2-common"·in·ansible_facts.packages'
 1120 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
1121 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1121 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1122 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists1122 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
1123 ······tags:1123 ······tags:
1124 ······-·CJIS-5.5.2.21124 ······-·CJIS-5.5.2.2
1125 ······-·NIST-800-171-3.4.51125 ······-·NIST-800-171-3.4.5
1126 ······-·NIST-800-53-AC-6(1)1126 ······-·NIST-800-53-AC-6(1)
1127 ······-·NIST-800-53-CM-6(a)1127 ······-·NIST-800-53-CM-6(a)
Offset 1150, 16 lines modifiedOffset 1150, 16 lines modified
1150 ······-·no_reboot_needed1150 ······-·no_reboot_needed
  
1151 ····-·name:·Test·for·existence·/boot/grub/grub.cfg1151 ····-·name:·Test·for·existence·/boot/grub/grub.cfg
1152 ······stat:1152 ······stat:
1153 ········path:·/boot/grub/grub.cfg1153 ········path:·/boot/grub/grub.cfg
1154 ······register:·file_exists1154 ······register:·file_exists
1155 ······when:1155 ······when:
1156 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
1157 ······-·'"grub2-common"·in·ansible_facts.packages'1156 ······-·'"grub2-common"·in·ansible_facts.packages'
 1157 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
1158 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1158 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1159 ······tags:1159 ······tags:
1160 ······-·NIST-800-171-3.4.51160 ······-·NIST-800-171-3.4.5
1161 ······-·NIST-800-53-AC-6(1)1161 ······-·NIST-800-53-AC-6(1)
1162 ······-·NIST-800-53-CM-6(a)1162 ······-·NIST-800-53-CM-6(a)
1163 ······-·configure_strategy1163 ······-·configure_strategy
1164 ······-·file_permissions_grub2_cfg1164 ······-·file_permissions_grub2_cfg
Offset 1169, 16 lines modifiedOffset 1169, 16 lines modified
1169 ······-·no_reboot_needed1169 ······-·no_reboot_needed
  
1170 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg1170 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg
1171 ······file:1171 ······file:
1172 ········path:·/boot/grub/grub.cfg1172 ········path:·/boot/grub/grub.cfg
1173 ········mode:·u-xs,g-xwrs,o-xwrt1173 ········mode:·u-xs,g-xwrs,o-xwrt
1174 ······when:1174 ······when:
1175 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
1176 ······-·'"grub2-common"·in·ansible_facts.packages'1175 ······-·'"grub2-common"·in·ansible_facts.packages'
 1176 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
1177 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1177 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1178 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists1178 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
1179 ······tags:1179 ······tags:
1180 ······-·NIST-800-171-3.4.51180 ······-·NIST-800-171-3.4.5
1181 ······-·NIST-800-53-AC-6(1)1181 ······-·NIST-800-53-AC-6(1)
1182 ······-·NIST-800-53-CM-6(a)1182 ······-·NIST-800-53-CM-6(a)
1183 ······-·configure_strategy1183 ······-·configure_strategy
2.81 KB
./usr/share/scap-security-guide/ansible/ubuntu2004-playbook-cis_level1_workstation.yml
Ordering differences only
    
Offset 1061, 16 lines modifiedOffset 1061, 16 lines modified
1061 ······-·no_reboot_needed1061 ······-·no_reboot_needed
  
1062 ····-·name:·Test·for·existence·/boot/grub/grub.cfg1062 ····-·name:·Test·for·existence·/boot/grub/grub.cfg
1063 ······stat:1063 ······stat:
1064 ········path:·/boot/grub/grub.cfg1064 ········path:·/boot/grub/grub.cfg
1065 ······register:·file_exists1065 ······register:·file_exists
1066 ······when:1066 ······when:
1067 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
1068 ······-·'"grub2-common"·in·ansible_facts.packages'1067 ······-·'"grub2-common"·in·ansible_facts.packages'
 1068 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
1069 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1069 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1070 ······tags:1070 ······tags:
1071 ······-·CJIS-5.5.2.21071 ······-·CJIS-5.5.2.2
1072 ······-·NIST-800-171-3.4.51072 ······-·NIST-800-171-3.4.5
1073 ······-·NIST-800-53-AC-6(1)1073 ······-·NIST-800-53-AC-6(1)
1074 ······-·NIST-800-53-CM-6(a)1074 ······-·NIST-800-53-CM-6(a)
1075 ······-·PCI-DSS-Req-7.11075 ······-·PCI-DSS-Req-7.1
Offset 1082, 16 lines modifiedOffset 1082, 16 lines modified
1082 ······-·no_reboot_needed1082 ······-·no_reboot_needed
  
1083 ····-·name:·Ensure·owner·0·on·/boot/grub/grub.cfg1083 ····-·name:·Ensure·owner·0·on·/boot/grub/grub.cfg
1084 ······file:1084 ······file:
1085 ········path:·/boot/grub/grub.cfg1085 ········path:·/boot/grub/grub.cfg
1086 ········owner:·'0'1086 ········owner:·'0'
1087 ······when:1087 ······when:
1088 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
1089 ······-·'"grub2-common"·in·ansible_facts.packages'1088 ······-·'"grub2-common"·in·ansible_facts.packages'
 1089 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
1090 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1090 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1091 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists1091 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
1092 ······tags:1092 ······tags:
1093 ······-·CJIS-5.5.2.21093 ······-·CJIS-5.5.2.2
1094 ······-·NIST-800-171-3.4.51094 ······-·NIST-800-171-3.4.5
1095 ······-·NIST-800-53-AC-6(1)1095 ······-·NIST-800-53-AC-6(1)
1096 ······-·NIST-800-53-CM-6(a)1096 ······-·NIST-800-53-CM-6(a)
Offset 1119, 16 lines modifiedOffset 1119, 16 lines modified
1119 ······-·no_reboot_needed1119 ······-·no_reboot_needed
  
1120 ····-·name:·Test·for·existence·/boot/grub/grub.cfg1120 ····-·name:·Test·for·existence·/boot/grub/grub.cfg
1121 ······stat:1121 ······stat:
1122 ········path:·/boot/grub/grub.cfg1122 ········path:·/boot/grub/grub.cfg
1123 ······register:·file_exists1123 ······register:·file_exists
1124 ······when:1124 ······when:
1125 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
1126 ······-·'"grub2-common"·in·ansible_facts.packages'1125 ······-·'"grub2-common"·in·ansible_facts.packages'
 1126 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
1127 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1127 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1128 ······tags:1128 ······tags:
1129 ······-·NIST-800-171-3.4.51129 ······-·NIST-800-171-3.4.5
1130 ······-·NIST-800-53-AC-6(1)1130 ······-·NIST-800-53-AC-6(1)
1131 ······-·NIST-800-53-CM-6(a)1131 ······-·NIST-800-53-CM-6(a)
1132 ······-·configure_strategy1132 ······-·configure_strategy
1133 ······-·file_permissions_grub2_cfg1133 ······-·file_permissions_grub2_cfg
Offset 1138, 16 lines modifiedOffset 1138, 16 lines modified
1138 ······-·no_reboot_needed1138 ······-·no_reboot_needed
  
1139 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg1139 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg
1140 ······file:1140 ······file:
1141 ········path:·/boot/grub/grub.cfg1141 ········path:·/boot/grub/grub.cfg
1142 ········mode:·u-xs,g-xwrs,o-xwrt1142 ········mode:·u-xs,g-xwrs,o-xwrt
1143 ······when:1143 ······when:
1144 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
1145 ······-·'"grub2-common"·in·ansible_facts.packages'1144 ······-·'"grub2-common"·in·ansible_facts.packages'
 1145 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
1146 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1146 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1147 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists1147 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
1148 ······tags:1148 ······tags:
1149 ······-·NIST-800-171-3.4.51149 ······-·NIST-800-171-3.4.5
1150 ······-·NIST-800-53-AC-6(1)1150 ······-·NIST-800-53-AC-6(1)
1151 ······-·NIST-800-53-CM-6(a)1151 ······-·NIST-800-53-CM-6(a)
1152 ······-·configure_strategy1152 ······-·configure_strategy
127 KB
./usr/share/scap-security-guide/ansible/ubuntu2004-playbook-cis_level2_server.yml
Ordering differences only
    
Offset 1183, 16 lines modifiedOffset 1183, 16 lines modified
  
1183 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension1183 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
1184 ······find:1184 ······find:
1185 ········paths:·/etc/audit/rules.d/1185 ········paths:·/etc/audit/rules.d/
1186 ········patterns:·'*.rules'1186 ········patterns:·'*.rules'
1187 ······register:·find_rules_d1187 ······register:·find_rules_d
1188 ······when:1188 ······when:
1189 ······-·'"auditd"·in·ansible_facts.packages' 
1190 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1189 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1190 ······-·'"auditd"·in·ansible_facts.packages'
1191 ······tags:1191 ······tags:
1192 ······-·CJIS-5.4.1.11192 ······-·CJIS-5.4.1.1
1193 ······-·NIST-800-171-3.3.11193 ······-·NIST-800-171-3.3.1
1194 ······-·NIST-800-171-3.4.31194 ······-·NIST-800-171-3.4.3
1195 ······-·NIST-800-53-AC-6(9)1195 ······-·NIST-800-53-AC-6(9)
1196 ······-·NIST-800-53-CM-6(a)1196 ······-·NIST-800-53-CM-6(a)
1197 ······-·PCI-DSS-Req-10.5.21197 ······-·PCI-DSS-Req-10.5.2
Offset 1207, 16 lines modifiedOffset 1207, 16 lines modified
1207 ······lineinfile:1207 ······lineinfile:
1208 ········path:·'{{·item·}}'1208 ········path:·'{{·item·}}'
1209 ········regexp:·^\s*(?:-e)\s+.*$1209 ········regexp:·^\s*(?:-e)\s+.*$
1210 ········state:·absent1210 ········state:·absent
1211 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']1211 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
1212 ········}}'1212 ········}}'
1213 ······when:1213 ······when:
1214 ······-·'"auditd"·in·ansible_facts.packages' 
1215 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1214 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1215 ······-·'"auditd"·in·ansible_facts.packages'
1216 ······tags:1216 ······tags:
1217 ······-·CJIS-5.4.1.11217 ······-·CJIS-5.4.1.1
1218 ······-·NIST-800-171-3.3.11218 ······-·NIST-800-171-3.3.1
1219 ······-·NIST-800-171-3.4.31219 ······-·NIST-800-171-3.4.3
1220 ······-·NIST-800-53-AC-6(9)1220 ······-·NIST-800-53-AC-6(9)
1221 ······-·NIST-800-53-CM-6(a)1221 ······-·NIST-800-53-CM-6(a)
1222 ······-·PCI-DSS-Req-10.5.21222 ······-·PCI-DSS-Req-10.5.2
Offset 1233, 16 lines modifiedOffset 1233, 16 lines modified
1233 ········create:·true1233 ········create:·true
1234 ········line:·-e·21234 ········line:·-e·2
1235 ········mode:·o-rwx1235 ········mode:·o-rwx
1236 ······loop:1236 ······loop:
1237 ······-·/etc/audit/audit.rules1237 ······-·/etc/audit/audit.rules
1238 ······-·/etc/audit/rules.d/immutable.rules1238 ······-·/etc/audit/rules.d/immutable.rules
1239 ······when:1239 ······when:
1240 ······-·'"auditd"·in·ansible_facts.packages' 
1241 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1240 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1241 ······-·'"auditd"·in·ansible_facts.packages'
1242 ······tags:1242 ······tags:
1243 ······-·CJIS-5.4.1.11243 ······-·CJIS-5.4.1.1
1244 ······-·NIST-800-171-3.3.11244 ······-·NIST-800-171-3.3.1
1245 ······-·NIST-800-171-3.4.31245 ······-·NIST-800-171-3.4.3
1246 ······-·NIST-800-53-AC-6(9)1246 ······-·NIST-800-53-AC-6(9)
1247 ······-·NIST-800-53-CM-6(a)1247 ······-·NIST-800-53-CM-6(a)
1248 ······-·PCI-DSS-Req-10.5.21248 ······-·PCI-DSS-Req-10.5.2
Offset 1277, 16 lines modifiedOffset 1277, 16 lines modified
1277 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/1277 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
1278 ······find:1278 ······find:
1279 ········paths:·/etc/audit/rules.d1279 ········paths:·/etc/audit/rules.d
1280 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+1280 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
1281 ········patterns:·'*.rules'1281 ········patterns:·'*.rules'
1282 ······register:·find_existing_watch_rules_d1282 ······register:·find_existing_watch_rules_d
1283 ······when:1283 ······when:
1284 ······-·'"auditd"·in·ansible_facts.packages' 
1285 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1284 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1285 ······-·'"auditd"·in·ansible_facts.packages'
1286 ······tags:1286 ······tags:
1287 ······-·CJIS-5.4.1.11287 ······-·CJIS-5.4.1.1
1288 ······-·NIST-800-171-3.1.71288 ······-·NIST-800-171-3.1.7
1289 ······-·NIST-800-53-AC-2(7)(b)1289 ······-·NIST-800-53-AC-2(7)(b)
1290 ······-·NIST-800-53-AC-6(9)1290 ······-·NIST-800-53-AC-6(9)
1291 ······-·NIST-800-53-AU-12(c)1291 ······-·NIST-800-53-AU-12(c)
1292 ······-·NIST-800-53-AU-2(d)1292 ······-·NIST-800-53-AU-2(d)
Offset 1303, 16 lines modifiedOffset 1303, 16 lines modified
1303 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions1303 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
1304 ······find:1304 ······find:
1305 ········paths:·/etc/audit/rules.d1305 ········paths:·/etc/audit/rules.d
1306 ········contains:·^.*(?:-F·key=|-k\s+)actions$1306 ········contains:·^.*(?:-F·key=|-k\s+)actions$
1307 ········patterns:·'*.rules'1307 ········patterns:·'*.rules'
1308 ······register:·find_watch_key1308 ······register:·find_watch_key
1309 ······when:1309 ······when:
1310 ······-·'"auditd"·in·ansible_facts.packages' 
1311 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1310 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1311 ······-·'"auditd"·in·ansible_facts.packages'
1312 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched1312 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
1313 ········==·01313 ········==·0
1314 ······tags:1314 ······tags:
1315 ······-·CJIS-5.4.1.11315 ······-·CJIS-5.4.1.1
1316 ······-·NIST-800-171-3.1.71316 ······-·NIST-800-171-3.1.7
1317 ······-·NIST-800-53-AC-2(7)(b)1317 ······-·NIST-800-53-AC-2(7)(b)
1318 ······-·NIST-800-53-AC-6(9)1318 ······-·NIST-800-53-AC-6(9)
Offset 1329, 16 lines modifiedOffset 1329, 16 lines modified
1329 ······-·restrict_strategy1329 ······-·restrict_strategy
  
1330 ····-·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule1330 ····-·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule
1331 ······set_fact:1331 ······set_fact:
1332 ········all_files:1332 ········all_files:
1333 ········-·/etc/audit/rules.d/actions.rules1333 ········-·/etc/audit/rules.d/actions.rules
1334 ······when:1334 ······when:
1335 ······-·'"auditd"·in·ansible_facts.packages' 
1336 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1335 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1336 ······-·'"auditd"·in·ansible_facts.packages'
1337 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched1337 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
1338 ········is·defined·and·find_existing_watch_rules_d.matched·==·01338 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1339 ······tags:1339 ······tags:
1340 ······-·CJIS-5.4.1.11340 ······-·CJIS-5.4.1.1
1341 ······-·NIST-800-171-3.1.71341 ······-·NIST-800-171-3.1.7
1342 ······-·NIST-800-53-AC-2(7)(b)1342 ······-·NIST-800-53-AC-2(7)(b)
1343 ······-·NIST-800-53-AC-6(9)1343 ······-·NIST-800-53-AC-6(9)
Offset 1355, 16 lines modifiedOffset 1355, 16 lines modified
1355 ······-·restrict_strategy1355 ······-·restrict_strategy
  
1356 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule1356 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
1357 ······set_fact:1357 ······set_fact:
1358 ········all_files:1358 ········all_files:
1359 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'1359 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
1360 ······when:1360 ······when:
1361 ······-·'"auditd"·in·ansible_facts.packages' 
1362 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1361 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1362 ······-·'"auditd"·in·ansible_facts.packages'
1363 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched1363 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
1364 ········is·defined·and·find_existing_watch_rules_d.matched·==·01364 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1365 ······tags:1365 ······tags:
1366 ······-·CJIS-5.4.1.11366 ······-·CJIS-5.4.1.1
1367 ······-·NIST-800-171-3.1.71367 ······-·NIST-800-171-3.1.7
1368 ······-·NIST-800-53-AC-2(7)(b)1368 ······-·NIST-800-53-AC-2(7)(b)
1369 ······-·NIST-800-53-AC-6(9)1369 ······-·NIST-800-53-AC-6(9)
Offset 1383, 16 lines modifiedOffset 1383, 16 lines modified
1383 ····-·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/1383 ····-·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/
Max diff block lines reached; 124928/129622 bytes (96.38%) of diff not shown.
127 KB
./usr/share/scap-security-guide/ansible/ubuntu2004-playbook-cis_level2_workstation.yml
Ordering differences only
    
Offset 1152, 16 lines modifiedOffset 1152, 16 lines modified
  
1152 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension1152 ····-·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
1153 ······find:1153 ······find:
1154 ········paths:·/etc/audit/rules.d/1154 ········paths:·/etc/audit/rules.d/
1155 ········patterns:·'*.rules'1155 ········patterns:·'*.rules'
1156 ······register:·find_rules_d1156 ······register:·find_rules_d
1157 ······when:1157 ······when:
1158 ······-·'"auditd"·in·ansible_facts.packages' 
1159 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1158 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1159 ······-·'"auditd"·in·ansible_facts.packages'
1160 ······tags:1160 ······tags:
1161 ······-·CJIS-5.4.1.11161 ······-·CJIS-5.4.1.1
1162 ······-·NIST-800-171-3.3.11162 ······-·NIST-800-171-3.3.1
1163 ······-·NIST-800-171-3.4.31163 ······-·NIST-800-171-3.4.3
1164 ······-·NIST-800-53-AC-6(9)1164 ······-·NIST-800-53-AC-6(9)
1165 ······-·NIST-800-53-CM-6(a)1165 ······-·NIST-800-53-CM-6(a)
1166 ······-·PCI-DSS-Req-10.5.21166 ······-·PCI-DSS-Req-10.5.2
Offset 1176, 16 lines modifiedOffset 1176, 16 lines modified
1176 ······lineinfile:1176 ······lineinfile:
1177 ········path:·'{{·item·}}'1177 ········path:·'{{·item·}}'
1178 ········regexp:·^\s*(?:-e)\s+.*$1178 ········regexp:·^\s*(?:-e)\s+.*$
1179 ········state:·absent1179 ········state:·absent
1180 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']1180 ······loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
1181 ········}}'1181 ········}}'
1182 ······when:1182 ······when:
1183 ······-·'"auditd"·in·ansible_facts.packages' 
1184 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1183 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1184 ······-·'"auditd"·in·ansible_facts.packages'
1185 ······tags:1185 ······tags:
1186 ······-·CJIS-5.4.1.11186 ······-·CJIS-5.4.1.1
1187 ······-·NIST-800-171-3.3.11187 ······-·NIST-800-171-3.3.1
1188 ······-·NIST-800-171-3.4.31188 ······-·NIST-800-171-3.4.3
1189 ······-·NIST-800-53-AC-6(9)1189 ······-·NIST-800-53-AC-6(9)
1190 ······-·NIST-800-53-CM-6(a)1190 ······-·NIST-800-53-CM-6(a)
1191 ······-·PCI-DSS-Req-10.5.21191 ······-·PCI-DSS-Req-10.5.2
Offset 1202, 16 lines modifiedOffset 1202, 16 lines modified
1202 ········create:·true1202 ········create:·true
1203 ········line:·-e·21203 ········line:·-e·2
1204 ········mode:·o-rwx1204 ········mode:·o-rwx
1205 ······loop:1205 ······loop:
1206 ······-·/etc/audit/audit.rules1206 ······-·/etc/audit/audit.rules
1207 ······-·/etc/audit/rules.d/immutable.rules1207 ······-·/etc/audit/rules.d/immutable.rules
1208 ······when:1208 ······when:
1209 ······-·'"auditd"·in·ansible_facts.packages' 
1210 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1209 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1210 ······-·'"auditd"·in·ansible_facts.packages'
1211 ······tags:1211 ······tags:
1212 ······-·CJIS-5.4.1.11212 ······-·CJIS-5.4.1.1
1213 ······-·NIST-800-171-3.3.11213 ······-·NIST-800-171-3.3.1
1214 ······-·NIST-800-171-3.4.31214 ······-·NIST-800-171-3.4.3
1215 ······-·NIST-800-53-AC-6(9)1215 ······-·NIST-800-53-AC-6(9)
1216 ······-·NIST-800-53-CM-6(a)1216 ······-·NIST-800-53-CM-6(a)
1217 ······-·PCI-DSS-Req-10.5.21217 ······-·PCI-DSS-Req-10.5.2
Offset 1246, 16 lines modifiedOffset 1246, 16 lines modified
1246 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/1246 ····-·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
1247 ······find:1247 ······find:
1248 ········paths:·/etc/audit/rules.d1248 ········paths:·/etc/audit/rules.d
1249 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+1249 ········contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
1250 ········patterns:·'*.rules'1250 ········patterns:·'*.rules'
1251 ······register:·find_existing_watch_rules_d1251 ······register:·find_existing_watch_rules_d
1252 ······when:1252 ······when:
1253 ······-·'"auditd"·in·ansible_facts.packages' 
1254 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1253 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1254 ······-·'"auditd"·in·ansible_facts.packages'
1255 ······tags:1255 ······tags:
1256 ······-·CJIS-5.4.1.11256 ······-·CJIS-5.4.1.1
1257 ······-·NIST-800-171-3.1.71257 ······-·NIST-800-171-3.1.7
1258 ······-·NIST-800-53-AC-2(7)(b)1258 ······-·NIST-800-53-AC-2(7)(b)
1259 ······-·NIST-800-53-AC-6(9)1259 ······-·NIST-800-53-AC-6(9)
1260 ······-·NIST-800-53-AU-12(c)1260 ······-·NIST-800-53-AU-12(c)
1261 ······-·NIST-800-53-AU-2(d)1261 ······-·NIST-800-53-AU-2(d)
Offset 1272, 16 lines modifiedOffset 1272, 16 lines modified
1272 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions1272 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
1273 ······find:1273 ······find:
1274 ········paths:·/etc/audit/rules.d1274 ········paths:·/etc/audit/rules.d
1275 ········contains:·^.*(?:-F·key=|-k\s+)actions$1275 ········contains:·^.*(?:-F·key=|-k\s+)actions$
1276 ········patterns:·'*.rules'1276 ········patterns:·'*.rules'
1277 ······register:·find_watch_key1277 ······register:·find_watch_key
1278 ······when:1278 ······when:
1279 ······-·'"auditd"·in·ansible_facts.packages' 
1280 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1279 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1280 ······-·'"auditd"·in·ansible_facts.packages'
1281 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched1281 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
1282 ········==·01282 ········==·0
1283 ······tags:1283 ······tags:
1284 ······-·CJIS-5.4.1.11284 ······-·CJIS-5.4.1.1
1285 ······-·NIST-800-171-3.1.71285 ······-·NIST-800-171-3.1.7
1286 ······-·NIST-800-53-AC-2(7)(b)1286 ······-·NIST-800-53-AC-2(7)(b)
1287 ······-·NIST-800-53-AC-6(9)1287 ······-·NIST-800-53-AC-6(9)
Offset 1298, 16 lines modifiedOffset 1298, 16 lines modified
1298 ······-·restrict_strategy1298 ······-·restrict_strategy
  
1299 ····-·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule1299 ····-·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule
1300 ······set_fact:1300 ······set_fact:
1301 ········all_files:1301 ········all_files:
1302 ········-·/etc/audit/rules.d/actions.rules1302 ········-·/etc/audit/rules.d/actions.rules
1303 ······when:1303 ······when:
1304 ······-·'"auditd"·in·ansible_facts.packages' 
1305 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1304 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1305 ······-·'"auditd"·in·ansible_facts.packages'
1306 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched1306 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
1307 ········is·defined·and·find_existing_watch_rules_d.matched·==·01307 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1308 ······tags:1308 ······tags:
1309 ······-·CJIS-5.4.1.11309 ······-·CJIS-5.4.1.1
1310 ······-·NIST-800-171-3.1.71310 ······-·NIST-800-171-3.1.7
1311 ······-·NIST-800-53-AC-2(7)(b)1311 ······-·NIST-800-53-AC-2(7)(b)
1312 ······-·NIST-800-53-AC-6(9)1312 ······-·NIST-800-53-AC-6(9)
Offset 1324, 16 lines modifiedOffset 1324, 16 lines modified
1324 ······-·restrict_strategy1324 ······-·restrict_strategy
  
1325 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule1325 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
1326 ······set_fact:1326 ······set_fact:
1327 ········all_files:1327 ········all_files:
1328 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'1328 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
1329 ······when:1329 ······when:
1330 ······-·'"auditd"·in·ansible_facts.packages' 
1331 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1330 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 1331 ······-·'"auditd"·in·ansible_facts.packages'
1332 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched1332 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
1333 ········is·defined·and·find_existing_watch_rules_d.matched·==·01333 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
1334 ······tags:1334 ······tags:
1335 ······-·CJIS-5.4.1.11335 ······-·CJIS-5.4.1.1
1336 ······-·NIST-800-171-3.1.71336 ······-·NIST-800-171-3.1.7
1337 ······-·NIST-800-53-AC-2(7)(b)1337 ······-·NIST-800-53-AC-2(7)(b)
1338 ······-·NIST-800-53-AC-6(9)1338 ······-·NIST-800-53-AC-6(9)
Offset 1352, 16 lines modifiedOffset 1352, 16 lines modified
1352 ····-·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/1352 ····-·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/
Max diff block lines reached; 124928/129622 bytes (96.38%) of diff not shown.
117 KB
./usr/share/scap-security-guide/ansible/ubuntu2004-playbook-stig.yml
Ordering differences only
    
Offset 779, 16 lines modifiedOffset 779, 16 lines modified
779 ····-·name:·Check·if·watch·rule·for·/etc/group·already·exists·in·/etc/audit/rules.d/779 ····-·name:·Check·if·watch·rule·for·/etc/group·already·exists·in·/etc/audit/rules.d/
780 ······find:780 ······find:
781 ········paths:·/etc/audit/rules.d781 ········paths:·/etc/audit/rules.d
782 ········contains:·^\s*-w\s+/etc/group\s+-p\s+wa(\s|$)+782 ········contains:·^\s*-w\s+/etc/group\s+-p\s+wa(\s|$)+
783 ········patterns:·'*.rules'783 ········patterns:·'*.rules'
784 ······register:·find_existing_watch_rules_d784 ······register:·find_existing_watch_rules_d
785 ······when:785 ······when:
786 ······-·'"auditd"·in·ansible_facts.packages' 
787 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]786 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 787 ······-·'"auditd"·in·ansible_facts.packages'
788 ······tags:788 ······tags:
789 ······-·CJIS-5.4.1.1789 ······-·CJIS-5.4.1.1
790 ······-·DISA-STIG-UBTU-20-010101790 ······-·DISA-STIG-UBTU-20-010101
791 ······-·NIST-800-171-3.1.7791 ······-·NIST-800-171-3.1.7
792 ······-·NIST-800-53-AC-2(4)792 ······-·NIST-800-53-AC-2(4)
793 ······-·NIST-800-53-AC-6(9)793 ······-·NIST-800-53-AC-6(9)
794 ······-·NIST-800-53-AU-12(c)794 ······-·NIST-800-53-AU-12(c)
Offset 805, 16 lines modifiedOffset 805, 16 lines modified
805 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·audit_rules_usergroup_modification805 ····-·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·audit_rules_usergroup_modification
806 ······find:806 ······find:
807 ········paths:·/etc/audit/rules.d807 ········paths:·/etc/audit/rules.d
808 ········contains:·^.*(?:-F·key=|-k\s+)audit_rules_usergroup_modification$808 ········contains:·^.*(?:-F·key=|-k\s+)audit_rules_usergroup_modification$
809 ········patterns:·'*.rules'809 ········patterns:·'*.rules'
810 ······register:·find_watch_key810 ······register:·find_watch_key
811 ······when:811 ······when:
812 ······-·'"auditd"·in·ansible_facts.packages' 
813 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]812 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 813 ······-·'"auditd"·in·ansible_facts.packages'
814 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched814 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
815 ········==·0815 ········==·0
816 ······tags:816 ······tags:
817 ······-·CJIS-5.4.1.1817 ······-·CJIS-5.4.1.1
818 ······-·DISA-STIG-UBTU-20-010101818 ······-·DISA-STIG-UBTU-20-010101
819 ······-·NIST-800-171-3.1.7819 ······-·NIST-800-171-3.1.7
820 ······-·NIST-800-53-AC-2(4)820 ······-·NIST-800-53-AC-2(4)
Offset 832, 16 lines modifiedOffset 832, 16 lines modified
  
832 ····-·name:·Use·/etc/audit/rules.d/audit_rules_usergroup_modification.rules·as·the·recipient832 ····-·name:·Use·/etc/audit/rules.d/audit_rules_usergroup_modification.rules·as·the·recipient
833 ········for·the·rule833 ········for·the·rule
834 ······set_fact:834 ······set_fact:
835 ········all_files:835 ········all_files:
836 ········-·/etc/audit/rules.d/audit_rules_usergroup_modification.rules836 ········-·/etc/audit/rules.d/audit_rules_usergroup_modification.rules
837 ······when:837 ······when:
838 ······-·'"auditd"·in·ansible_facts.packages' 
839 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]838 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 839 ······-·'"auditd"·in·ansible_facts.packages'
840 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched840 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
841 ········is·defined·and·find_existing_watch_rules_d.matched·==·0841 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
842 ······tags:842 ······tags:
843 ······-·CJIS-5.4.1.1843 ······-·CJIS-5.4.1.1
844 ······-·DISA-STIG-UBTU-20-010101844 ······-·DISA-STIG-UBTU-20-010101
845 ······-·NIST-800-171-3.1.7845 ······-·NIST-800-171-3.1.7
846 ······-·NIST-800-53-AC-2(4)846 ······-·NIST-800-53-AC-2(4)
Offset 858, 16 lines modifiedOffset 858, 16 lines modified
858 ······-·restrict_strategy858 ······-·restrict_strategy
  
859 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule859 ····-·name:·Use·matched·file·as·the·recipient·for·the·rule
860 ······set_fact:860 ······set_fact:
861 ········all_files:861 ········all_files:
862 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'862 ········-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
863 ······when:863 ······when:
864 ······-·'"auditd"·in·ansible_facts.packages' 
865 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]864 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 865 ······-·'"auditd"·in·ansible_facts.packages'
866 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched866 ······-·find_watch_key.matched·is·defined·and·find_watch_key.matched·>·0·and·find_existing_watch_rules_d.matched
867 ········is·defined·and·find_existing_watch_rules_d.matched·==·0867 ········is·defined·and·find_existing_watch_rules_d.matched·==·0
868 ······tags:868 ······tags:
869 ······-·CJIS-5.4.1.1869 ······-·CJIS-5.4.1.1
870 ······-·DISA-STIG-UBTU-20-010101870 ······-·DISA-STIG-UBTU-20-010101
871 ······-·NIST-800-171-3.1.7871 ······-·NIST-800-171-3.1.7
872 ······-·NIST-800-53-AC-2(4)872 ······-·NIST-800-53-AC-2(4)
Offset 886, 16 lines modifiedOffset 886, 16 lines modified
886 ····-·name:·Add·watch·rule·for·/etc/group·in·/etc/audit/rules.d/886 ····-·name:·Add·watch·rule·for·/etc/group·in·/etc/audit/rules.d/
887 ······lineinfile:887 ······lineinfile:
888 ········path:·'{{·all_files[0]·}}'888 ········path:·'{{·all_files[0]·}}'
889 ········line:·-w·/etc/group·-p·wa·-k·audit_rules_usergroup_modification889 ········line:·-w·/etc/group·-p·wa·-k·audit_rules_usergroup_modification
890 ········create:·true890 ········create:·true
891 ········mode:·'0640'891 ········mode:·'0640'
892 ······when:892 ······when:
893 ······-·'"auditd"·in·ansible_facts.packages' 
894 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]893 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 894 ······-·'"auditd"·in·ansible_facts.packages'
895 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched895 ······-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
896 ········==·0896 ········==·0
897 ······tags:897 ······tags:
898 ······-·CJIS-5.4.1.1898 ······-·CJIS-5.4.1.1
899 ······-·DISA-STIG-UBTU-20-010101899 ······-·DISA-STIG-UBTU-20-010101
900 ······-·NIST-800-171-3.1.7900 ······-·NIST-800-171-3.1.7
901 ······-·NIST-800-53-AC-2(4)901 ······-·NIST-800-53-AC-2(4)
Offset 914, 16 lines modifiedOffset 914, 16 lines modified
914 ····-·name:·Check·if·watch·rule·for·/etc/group·already·exists·in·/etc/audit/audit.rules914 ····-·name:·Check·if·watch·rule·for·/etc/group·already·exists·in·/etc/audit/audit.rules
915 ······find:915 ······find:
916 ········paths:·/etc/audit/916 ········paths:·/etc/audit/
917 ········contains:·^\s*-w\s+/etc/group\s+-p\s+wa(\s|$)+917 ········contains:·^\s*-w\s+/etc/group\s+-p\s+wa(\s|$)+
918 ········patterns:·audit.rules918 ········patterns:·audit.rules
919 ······register:·find_existing_watch_audit_rules919 ······register:·find_existing_watch_audit_rules
920 ······when:920 ······when:
921 ······-·'"auditd"·in·ansible_facts.packages' 
922 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]921 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 922 ······-·'"auditd"·in·ansible_facts.packages'
923 ······tags:923 ······tags:
924 ······-·CJIS-5.4.1.1924 ······-·CJIS-5.4.1.1
925 ······-·DISA-STIG-UBTU-20-010101925 ······-·DISA-STIG-UBTU-20-010101
926 ······-·NIST-800-171-3.1.7926 ······-·NIST-800-171-3.1.7
927 ······-·NIST-800-53-AC-2(4)927 ······-·NIST-800-53-AC-2(4)
928 ······-·NIST-800-53-AC-6(9)928 ······-·NIST-800-53-AC-6(9)
929 ······-·NIST-800-53-AU-12(c)929 ······-·NIST-800-53-AU-12(c)
Offset 941, 16 lines modifiedOffset 941, 16 lines modified
941 ······lineinfile:941 ······lineinfile:
942 ········line:·-w·/etc/group·-p·wa·-k·audit_rules_usergroup_modification942 ········line:·-w·/etc/group·-p·wa·-k·audit_rules_usergroup_modification
943 ········state:·present943 ········state:·present
944 ········dest:·/etc/audit/audit.rules944 ········dest:·/etc/audit/audit.rules
945 ········create:·true945 ········create:·true
946 ········mode:·'0640'946 ········mode:·'0640'
947 ······when:947 ······when:
948 ······-·'"auditd"·in·ansible_facts.packages' 
949 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]948 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 949 ······-·'"auditd"·in·ansible_facts.packages'
950 ······-·find_existing_watch_audit_rules.matched·is·defined·and·find_existing_watch_audit_rules.matched950 ······-·find_existing_watch_audit_rules.matched·is·defined·and·find_existing_watch_audit_rules.matched
951 ········==·0951 ········==·0
952 ······tags:952 ······tags:
953 ······-·CJIS-5.4.1.1953 ······-·CJIS-5.4.1.1
954 ······-·DISA-STIG-UBTU-20-010101954 ······-·DISA-STIG-UBTU-20-010101
955 ······-·NIST-800-171-3.1.7955 ······-·NIST-800-171-3.1.7
956 ······-·NIST-800-53-AC-2(4)956 ······-·NIST-800-53-AC-2(4)
Offset 990, 16 lines modifiedOffset 990, 16 lines modified
990 ····-·name:·Check·if·watch·rule·for·/etc/gshadow·already·exists·in·/etc/audit/rules.d/990 ····-·name:·Check·if·watch·rule·for·/etc/gshadow·already·exists·in·/etc/audit/rules.d/
Max diff block lines reached; 114863/119929 bytes (95.78%) of diff not shown.
2.71 KB
./usr/share/scap-security-guide/ansible/ubuntu2204-playbook-cis_level1_server.yml
Ordering differences only
    
Offset 1062, 16 lines modifiedOffset 1062, 16 lines modified
1062 ······-·no_reboot_needed1062 ······-·no_reboot_needed
  
1063 ····-·name:·Test·for·existence·/boot/grub/grub.cfg1063 ····-·name:·Test·for·existence·/boot/grub/grub.cfg
1064 ······stat:1064 ······stat:
1065 ········path:·/boot/grub/grub.cfg1065 ········path:·/boot/grub/grub.cfg
1066 ······register:·file_exists1066 ······register:·file_exists
1067 ······when:1067 ······when:
1068 ······-·'"grub2-common"·in·ansible_facts.packages' 
1069 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'1068 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 1069 ······-·'"grub2-common"·in·ansible_facts.packages'
1070 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1070 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1071 ······tags:1071 ······tags:
1072 ······-·CJIS-5.5.2.21072 ······-·CJIS-5.5.2.2
1073 ······-·NIST-800-171-3.4.51073 ······-·NIST-800-171-3.4.5
1074 ······-·NIST-800-53-AC-6(1)1074 ······-·NIST-800-53-AC-6(1)
1075 ······-·NIST-800-53-CM-6(a)1075 ······-·NIST-800-53-CM-6(a)
1076 ······-·PCI-DSS-Req-7.11076 ······-·PCI-DSS-Req-7.1
Offset 1083, 16 lines modifiedOffset 1083, 16 lines modified
1083 ······-·no_reboot_needed1083 ······-·no_reboot_needed
  
1084 ····-·name:·Ensure·owner·0·on·/boot/grub/grub.cfg1084 ····-·name:·Ensure·owner·0·on·/boot/grub/grub.cfg
1085 ······file:1085 ······file:
1086 ········path:·/boot/grub/grub.cfg1086 ········path:·/boot/grub/grub.cfg
1087 ········owner:·'0'1087 ········owner:·'0'
1088 ······when:1088 ······when:
1089 ······-·'"grub2-common"·in·ansible_facts.packages' 
1090 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'1089 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 1090 ······-·'"grub2-common"·in·ansible_facts.packages'
1091 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1091 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1092 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists1092 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
1093 ······tags:1093 ······tags:
1094 ······-·CJIS-5.5.2.21094 ······-·CJIS-5.5.2.2
1095 ······-·NIST-800-171-3.4.51095 ······-·NIST-800-171-3.4.5
1096 ······-·NIST-800-53-AC-6(1)1096 ······-·NIST-800-53-AC-6(1)
1097 ······-·NIST-800-53-CM-6(a)1097 ······-·NIST-800-53-CM-6(a)
Offset 1120, 16 lines modifiedOffset 1120, 16 lines modified
1120 ······-·no_reboot_needed1120 ······-·no_reboot_needed
  
1121 ····-·name:·Test·for·existence·/boot/grub/grub.cfg1121 ····-·name:·Test·for·existence·/boot/grub/grub.cfg
1122 ······stat:1122 ······stat:
1123 ········path:·/boot/grub/grub.cfg1123 ········path:·/boot/grub/grub.cfg
1124 ······register:·file_exists1124 ······register:·file_exists
1125 ······when:1125 ······when:
1126 ······-·'"grub2-common"·in·ansible_facts.packages' 
1127 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'1126 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 1127 ······-·'"grub2-common"·in·ansible_facts.packages'
1128 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1128 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1129 ······tags:1129 ······tags:
1130 ······-·NIST-800-171-3.4.51130 ······-·NIST-800-171-3.4.5
1131 ······-·NIST-800-53-AC-6(1)1131 ······-·NIST-800-53-AC-6(1)
1132 ······-·NIST-800-53-CM-6(a)1132 ······-·NIST-800-53-CM-6(a)
1133 ······-·configure_strategy1133 ······-·configure_strategy
1134 ······-·file_permissions_grub2_cfg1134 ······-·file_permissions_grub2_cfg
Offset 1139, 16 lines modifiedOffset 1139, 16 lines modified
1139 ······-·no_reboot_needed1139 ······-·no_reboot_needed
  
1140 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg1140 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg
1141 ······file:1141 ······file:
1142 ········path:·/boot/grub/grub.cfg1142 ········path:·/boot/grub/grub.cfg
1143 ········mode:·u-xs,g-xwrs,o-xwrt1143 ········mode:·u-xs,g-xwrs,o-xwrt
1144 ······when:1144 ······when:
1145 ······-·'"grub2-common"·in·ansible_facts.packages' 
1146 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'1145 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 1146 ······-·'"grub2-common"·in·ansible_facts.packages'
1147 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1147 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1148 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists1148 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
1149 ······tags:1149 ······tags:
1150 ······-·NIST-800-171-3.4.51150 ······-·NIST-800-171-3.4.5
1151 ······-·NIST-800-53-AC-6(1)1151 ······-·NIST-800-53-AC-6(1)
1152 ······-·NIST-800-53-CM-6(a)1152 ······-·NIST-800-53-CM-6(a)
1153 ······-·configure_strategy1153 ······-·configure_strategy
2.71 KB
./usr/share/scap-security-guide/ansible/ubuntu2204-playbook-cis_level1_workstation.yml
Ordering differences only
    
Offset 1031, 16 lines modifiedOffset 1031, 16 lines modified
1031 ······-·no_reboot_needed1031 ······-·no_reboot_needed
  
1032 ····-·name:·Test·for·existence·/boot/grub/grub.cfg1032 ····-·name:·Test·for·existence·/boot/grub/grub.cfg
1033 ······stat:1033 ······stat:
1034 ········path:·/boot/grub/grub.cfg1034 ········path:·/boot/grub/grub.cfg
1035 ······register:·file_exists1035 ······register:·file_exists
1036 ······when:1036 ······when:
1037 ······-·'"grub2-common"·in·ansible_facts.packages' 
1038 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'1037 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 1038 ······-·'"grub2-common"·in·ansible_facts.packages'
1039 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1039 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1040 ······tags:1040 ······tags:
1041 ······-·CJIS-5.5.2.21041 ······-·CJIS-5.5.2.2
1042 ······-·NIST-800-171-3.4.51042 ······-·NIST-800-171-3.4.5
1043 ······-·NIST-800-53-AC-6(1)1043 ······-·NIST-800-53-AC-6(1)
1044 ······-·NIST-800-53-CM-6(a)1044 ······-·NIST-800-53-CM-6(a)
1045 ······-·PCI-DSS-Req-7.11045 ······-·PCI-DSS-Req-7.1
Offset 1052, 16 lines modifiedOffset 1052, 16 lines modified
1052 ······-·no_reboot_needed1052 ······-·no_reboot_needed
  
1053 ····-·name:·Ensure·owner·0·on·/boot/grub/grub.cfg1053 ····-·name:·Ensure·owner·0·on·/boot/grub/grub.cfg
1054 ······file:1054 ······file:
1055 ········path:·/boot/grub/grub.cfg1055 ········path:·/boot/grub/grub.cfg
1056 ········owner:·'0'1056 ········owner:·'0'
1057 ······when:1057 ······when:
1058 ······-·'"grub2-common"·in·ansible_facts.packages' 
1059 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'1058 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 1059 ······-·'"grub2-common"·in·ansible_facts.packages'
1060 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1060 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1061 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists1061 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
1062 ······tags:1062 ······tags:
1063 ······-·CJIS-5.5.2.21063 ······-·CJIS-5.5.2.2
1064 ······-·NIST-800-171-3.4.51064 ······-·NIST-800-171-3.4.5
1065 ······-·NIST-800-53-AC-6(1)1065 ······-·NIST-800-53-AC-6(1)
1066 ······-·NIST-800-53-CM-6(a)1066 ······-·NIST-800-53-CM-6(a)
Offset 1089, 16 lines modifiedOffset 1089, 16 lines modified
1089 ······-·no_reboot_needed1089 ······-·no_reboot_needed
  
1090 ····-·name:·Test·for·existence·/boot/grub/grub.cfg1090 ····-·name:·Test·for·existence·/boot/grub/grub.cfg
1091 ······stat:1091 ······stat:
1092 ········path:·/boot/grub/grub.cfg1092 ········path:·/boot/grub/grub.cfg
1093 ······register:·file_exists1093 ······register:·file_exists
1094 ······when:1094 ······when:
1095 ······-·'"grub2-common"·in·ansible_facts.packages' 
1096 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'1095 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 1096 ······-·'"grub2-common"·in·ansible_facts.packages'
1097 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1097 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1098 ······tags:1098 ······tags:
1099 ······-·NIST-800-171-3.4.51099 ······-·NIST-800-171-3.4.5
1100 ······-·NIST-800-53-AC-6(1)1100 ······-·NIST-800-53-AC-6(1)
1101 ······-·NIST-800-53-CM-6(a)1101 ······-·NIST-800-53-CM-6(a)
1102 ······-·configure_strategy1102 ······-·configure_strategy
1103 ······-·file_permissions_grub2_cfg1103 ······-·file_permissions_grub2_cfg
Offset 1108, 16 lines modifiedOffset 1108, 16 lines modified
1108 ······-·no_reboot_needed1108 ······-·no_reboot_needed
  
1109 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg1109 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg
1110 ······file:1110 ······file:
1111 ········path:·/boot/grub/grub.cfg1111 ········path:·/boot/grub/grub.cfg
1112 ········mode:·u-xs,g-xwrs,o-xwrt1112 ········mode:·u-xs,g-xwrs,o-xwrt
1113 ······when:1113 ······when:
1114 ······-·'"grub2-common"·in·ansible_facts.packages' 
1115 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'1114 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 1115 ······-·'"grub2-common"·in·ansible_facts.packages'
1116 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]1116 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
1117 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists1117 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
1118 ······tags:1118 ······tags:
1119 ······-·NIST-800-171-3.4.51119 ······-·NIST-800-171-3.4.5
1120 ······-·NIST-800-53-AC-6(1)1120 ······-·NIST-800-53-AC-6(1)
1121 ······-·NIST-800-53-CM-6(a)1121 ······-·NIST-800-53-CM-6(a)
1122 ······-·configure_strategy1122 ······-·configure_strategy
2.71 KB
./usr/share/scap-security-guide/ansible/ubuntu2204-playbook-cis_level2_server.yml
Ordering differences only
    
Offset 16207, 16 lines modifiedOffset 16207, 16 lines modified
16207 ······-·no_reboot_needed16207 ······-·no_reboot_needed
  
16208 ····-·name:·Test·for·existence·/boot/grub/grub.cfg16208 ····-·name:·Test·for·existence·/boot/grub/grub.cfg
16209 ······stat:16209 ······stat:
16210 ········path:·/boot/grub/grub.cfg16210 ········path:·/boot/grub/grub.cfg
16211 ······register:·file_exists16211 ······register:·file_exists
16212 ······when:16212 ······when:
16213 ······-·'"grub2-common"·in·ansible_facts.packages' 
16214 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'16213 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 16214 ······-·'"grub2-common"·in·ansible_facts.packages'
16215 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]16215 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
16216 ······tags:16216 ······tags:
16217 ······-·CJIS-5.5.2.216217 ······-·CJIS-5.5.2.2
16218 ······-·NIST-800-171-3.4.516218 ······-·NIST-800-171-3.4.5
16219 ······-·NIST-800-53-AC-6(1)16219 ······-·NIST-800-53-AC-6(1)
16220 ······-·NIST-800-53-CM-6(a)16220 ······-·NIST-800-53-CM-6(a)
16221 ······-·PCI-DSS-Req-7.116221 ······-·PCI-DSS-Req-7.1
Offset 16228, 16 lines modifiedOffset 16228, 16 lines modified
16228 ······-·no_reboot_needed16228 ······-·no_reboot_needed
  
16229 ····-·name:·Ensure·owner·0·on·/boot/grub/grub.cfg16229 ····-·name:·Ensure·owner·0·on·/boot/grub/grub.cfg
16230 ······file:16230 ······file:
16231 ········path:·/boot/grub/grub.cfg16231 ········path:·/boot/grub/grub.cfg
16232 ········owner:·'0'16232 ········owner:·'0'
16233 ······when:16233 ······when:
16234 ······-·'"grub2-common"·in·ansible_facts.packages' 
16235 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'16234 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 16235 ······-·'"grub2-common"·in·ansible_facts.packages'
16236 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]16236 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
16237 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists16237 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
16238 ······tags:16238 ······tags:
16239 ······-·CJIS-5.5.2.216239 ······-·CJIS-5.5.2.2
16240 ······-·NIST-800-171-3.4.516240 ······-·NIST-800-171-3.4.5
16241 ······-·NIST-800-53-AC-6(1)16241 ······-·NIST-800-53-AC-6(1)
16242 ······-·NIST-800-53-CM-6(a)16242 ······-·NIST-800-53-CM-6(a)
Offset 16265, 16 lines modifiedOffset 16265, 16 lines modified
16265 ······-·no_reboot_needed16265 ······-·no_reboot_needed
  
16266 ····-·name:·Test·for·existence·/boot/grub/grub.cfg16266 ····-·name:·Test·for·existence·/boot/grub/grub.cfg
16267 ······stat:16267 ······stat:
16268 ········path:·/boot/grub/grub.cfg16268 ········path:·/boot/grub/grub.cfg
16269 ······register:·file_exists16269 ······register:·file_exists
16270 ······when:16270 ······when:
16271 ······-·'"grub2-common"·in·ansible_facts.packages' 
16272 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'16271 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 16272 ······-·'"grub2-common"·in·ansible_facts.packages'
16273 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]16273 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
16274 ······tags:16274 ······tags:
16275 ······-·NIST-800-171-3.4.516275 ······-·NIST-800-171-3.4.5
16276 ······-·NIST-800-53-AC-6(1)16276 ······-·NIST-800-53-AC-6(1)
16277 ······-·NIST-800-53-CM-6(a)16277 ······-·NIST-800-53-CM-6(a)
16278 ······-·configure_strategy16278 ······-·configure_strategy
16279 ······-·file_permissions_grub2_cfg16279 ······-·file_permissions_grub2_cfg
Offset 16284, 16 lines modifiedOffset 16284, 16 lines modified
16284 ······-·no_reboot_needed16284 ······-·no_reboot_needed
  
16285 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg16285 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg
16286 ······file:16286 ······file:
16287 ········path:·/boot/grub/grub.cfg16287 ········path:·/boot/grub/grub.cfg
16288 ········mode:·u-xs,g-xwrs,o-xwrt16288 ········mode:·u-xs,g-xwrs,o-xwrt
16289 ······when:16289 ······when:
16290 ······-·'"grub2-common"·in·ansible_facts.packages' 
16291 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'16290 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 16291 ······-·'"grub2-common"·in·ansible_facts.packages'
16292 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]16292 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
16293 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists16293 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
16294 ······tags:16294 ······tags:
16295 ······-·NIST-800-171-3.4.516295 ······-·NIST-800-171-3.4.5
16296 ······-·NIST-800-53-AC-6(1)16296 ······-·NIST-800-53-AC-6(1)
16297 ······-·NIST-800-53-CM-6(a)16297 ······-·NIST-800-53-CM-6(a)
16298 ······-·configure_strategy16298 ······-·configure_strategy
2.72 KB
./usr/share/scap-security-guide/ansible/ubuntu2204-playbook-cis_level2_workstation.yml
Ordering differences only
    
Offset 16176, 16 lines modifiedOffset 16176, 16 lines modified
16176 ······-·no_reboot_needed16176 ······-·no_reboot_needed
  
16177 ····-·name:·Test·for·existence·/boot/grub/grub.cfg16177 ····-·name:·Test·for·existence·/boot/grub/grub.cfg
16178 ······stat:16178 ······stat:
16179 ········path:·/boot/grub/grub.cfg16179 ········path:·/boot/grub/grub.cfg
16180 ······register:·file_exists16180 ······register:·file_exists
16181 ······when:16181 ······when:
16182 ······-·'"grub2-common"·in·ansible_facts.packages' 
16183 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'16182 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 16183 ······-·'"grub2-common"·in·ansible_facts.packages'
16184 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]16184 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
16185 ······tags:16185 ······tags:
16186 ······-·CJIS-5.5.2.216186 ······-·CJIS-5.5.2.2
16187 ······-·NIST-800-171-3.4.516187 ······-·NIST-800-171-3.4.5
16188 ······-·NIST-800-53-AC-6(1)16188 ······-·NIST-800-53-AC-6(1)
16189 ······-·NIST-800-53-CM-6(a)16189 ······-·NIST-800-53-CM-6(a)
16190 ······-·PCI-DSS-Req-7.116190 ······-·PCI-DSS-Req-7.1
Offset 16197, 16 lines modifiedOffset 16197, 16 lines modified
16197 ······-·no_reboot_needed16197 ······-·no_reboot_needed
  
16198 ····-·name:·Ensure·owner·0·on·/boot/grub/grub.cfg16198 ····-·name:·Ensure·owner·0·on·/boot/grub/grub.cfg
16199 ······file:16199 ······file:
16200 ········path:·/boot/grub/grub.cfg16200 ········path:·/boot/grub/grub.cfg
16201 ········owner:·'0'16201 ········owner:·'0'
16202 ······when:16202 ······when:
16203 ······-·'"grub2-common"·in·ansible_facts.packages' 
16204 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'16203 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 16204 ······-·'"grub2-common"·in·ansible_facts.packages'
16205 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]16205 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
16206 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists16206 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
16207 ······tags:16207 ······tags:
16208 ······-·CJIS-5.5.2.216208 ······-·CJIS-5.5.2.2
16209 ······-·NIST-800-171-3.4.516209 ······-·NIST-800-171-3.4.5
16210 ······-·NIST-800-53-AC-6(1)16210 ······-·NIST-800-53-AC-6(1)
16211 ······-·NIST-800-53-CM-6(a)16211 ······-·NIST-800-53-CM-6(a)
Offset 16234, 16 lines modifiedOffset 16234, 16 lines modified
16234 ······-·no_reboot_needed16234 ······-·no_reboot_needed
  
16235 ····-·name:·Test·for·existence·/boot/grub/grub.cfg16235 ····-·name:·Test·for·existence·/boot/grub/grub.cfg
16236 ······stat:16236 ······stat:
16237 ········path:·/boot/grub/grub.cfg16237 ········path:·/boot/grub/grub.cfg
16238 ······register:·file_exists16238 ······register:·file_exists
16239 ······when:16239 ······when:
16240 ······-·'"grub2-common"·in·ansible_facts.packages' 
16241 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'16240 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 16241 ······-·'"grub2-common"·in·ansible_facts.packages'
16242 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]16242 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
16243 ······tags:16243 ······tags:
16244 ······-·NIST-800-171-3.4.516244 ······-·NIST-800-171-3.4.5
16245 ······-·NIST-800-53-AC-6(1)16245 ······-·NIST-800-53-AC-6(1)
16246 ······-·NIST-800-53-CM-6(a)16246 ······-·NIST-800-53-CM-6(a)
16247 ······-·configure_strategy16247 ······-·configure_strategy
16248 ······-·file_permissions_grub2_cfg16248 ······-·file_permissions_grub2_cfg
Offset 16253, 16 lines modifiedOffset 16253, 16 lines modified
16253 ······-·no_reboot_needed16253 ······-·no_reboot_needed
  
16254 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg16254 ····-·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg
16255 ······file:16255 ······file:
16256 ········path:·/boot/grub/grub.cfg16256 ········path:·/boot/grub/grub.cfg
16257 ········mode:·u-xs,g-xwrs,o-xwrt16257 ········mode:·u-xs,g-xwrs,o-xwrt
16258 ······when:16258 ······when:
16259 ······-·'"grub2-common"·in·ansible_facts.packages' 
16260 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'16259 ······-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
 16260 ······-·'"grub2-common"·in·ansible_facts.packages'
16261 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]16261 ······-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
16262 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists16262 ······-·file_exists.stat·is·defined·and·file_exists.stat.exists
16263 ······tags:16263 ······tags:
16264 ······-·NIST-800-171-3.4.516264 ······-·NIST-800-171-3.4.5
16265 ······-·NIST-800-53-AC-6(1)16265 ······-·NIST-800-53-AC-6(1)
16266 ······-·NIST-800-53-CM-6(a)16266 ······-·NIST-800-53-CM-6(a)
16267 ······-·configure_strategy16267 ······-·configure_strategy
114 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu1804-ds-1.2.xml
114 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu1804-ds-1.2.xml
    
Offset 8715, 16 lines modifiedOffset 8715, 16 lines modified
  
8715 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension8715 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
8716 ··find:8716 ··find:
8717 ····paths:·/etc/audit/rules.d/8717 ····paths:·/etc/audit/rules.d/
8718 ····patterns:·'*.rules'8718 ····patterns:·'*.rules'
8719 ··register:·find_rules_d8719 ··register:·find_rules_d
8720 ··when:8720 ··when:
8721 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
8722 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]8721 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 8722 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
8723 ··tags:8723 ··tags:
8724 ··-·CJIS-5.4.1.18724 ··-·CJIS-5.4.1.1
8725 ··-·NIST-800-171-3.3.18725 ··-·NIST-800-171-3.3.1
8726 ··-·NIST-800-171-3.4.38726 ··-·NIST-800-171-3.4.3
8727 ··-·NIST-800-53-AC-6(9)8727 ··-·NIST-800-53-AC-6(9)
8728 ··-·NIST-800-53-CM-6(a)8728 ··-·NIST-800-53-CM-6(a)
8729 ··-·PCI-DSS-Req-10.5.28729 ··-·PCI-DSS-Req-10.5.2
Offset 8739, 16 lines modifiedOffset 8739, 16 lines modified
8739 ··lineinfile:8739 ··lineinfile:
8740 ····path:·'{{·item·}}'8740 ····path:·'{{·item·}}'
8741 ····regexp:·^\s*(?:-e)\s+.*$8741 ····regexp:·^\s*(?:-e)\s+.*$
8742 ····state:·absent8742 ····state:·absent
8743 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']8743 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
8744 ····}}'8744 ····}}'
8745 ··when:8745 ··when:
8746 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
8747 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]8746 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 8747 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
8748 ··tags:8748 ··tags:
8749 ··-·CJIS-5.4.1.18749 ··-·CJIS-5.4.1.1
8750 ··-·NIST-800-171-3.3.18750 ··-·NIST-800-171-3.3.1
8751 ··-·NIST-800-171-3.4.38751 ··-·NIST-800-171-3.4.3
8752 ··-·NIST-800-53-AC-6(9)8752 ··-·NIST-800-53-AC-6(9)
8753 ··-·NIST-800-53-CM-6(a)8753 ··-·NIST-800-53-CM-6(a)
8754 ··-·PCI-DSS-Req-10.5.28754 ··-·PCI-DSS-Req-10.5.2
Offset 8765, 16 lines modifiedOffset 8765, 16 lines modified
8765 ····create:·true8765 ····create:·true
8766 ····line:·-e·28766 ····line:·-e·2
8767 ····mode:·o-rwx8767 ····mode:·o-rwx
8768 ··loop:8768 ··loop:
8769 ··-·/etc/audit/audit.rules8769 ··-·/etc/audit/audit.rules
8770 ··-·/etc/audit/rules.d/immutable.rules8770 ··-·/etc/audit/rules.d/immutable.rules
8771 ··when:8771 ··when:
8772 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
8773 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]8772 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 8773 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
8774 ··tags:8774 ··tags:
8775 ··-·CJIS-5.4.1.18775 ··-·CJIS-5.4.1.1
8776 ··-·NIST-800-171-3.3.18776 ··-·NIST-800-171-3.3.1
8777 ··-·NIST-800-171-3.4.38777 ··-·NIST-800-171-3.4.3
8778 ··-·NIST-800-53-AC-6(9)8778 ··-·NIST-800-53-AC-6(9)
8779 ··-·NIST-800-53-CM-6(a)8779 ··-·NIST-800-53-CM-6(a)
8780 ··-·PCI-DSS-Req-10.5.28780 ··-·PCI-DSS-Req-10.5.2
Offset 9118, 16 lines modifiedOffset 9118, 16 lines modified
9118 ··-·reboot_required9118 ··-·reboot_required
9119 ··-·restrict_strategy9119 ··-·restrict_strategy
  
9120 -·name:·Set·architecture·for·audit·mount·tasks9120 -·name:·Set·architecture·for·audit·mount·tasks
9121 ··set_fact:9121 ··set_fact:
9122 ····audit_arch:·b649122 ····audit_arch:·b64
9123 ··when:9123 ··when:
9124 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
9125 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]9124 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 9125 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
9126 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture9126 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
9127 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;9127 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
9128 ··tags:9128 ··tags:
9129 ··-·CJIS-5.4.1.19129 ··-·CJIS-5.4.1.1
9130 ··-·NIST-800-171-3.1.79130 ··-·NIST-800-171-3.1.7
9131 ··-·NIST-800-53-AC-6(9)9131 ··-·NIST-800-53-AC-6(9)
9132 ··-·NIST-800-53-AU-12(c)9132 ··-·NIST-800-53-AU-12(c)
Offset 9258, 16 lines modifiedOffset 9258, 16 lines modified
9258 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=10009258 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=1000
9259 ········-F·auid!=unset·-F·key=perm_mod9259 ········-F·auid!=unset·-F·key=perm_mod
9260 ······create:·true9260 ······create:·true
9261 ······mode:·o-rwx9261 ······mode:·o-rwx
9262 ······state:·present9262 ······state:·present
9263 ····when:·syscalls_found·|·length·==·09263 ····when:·syscalls_found·|·length·==·0
9264 ··when:9264 ··when:
9265 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
9266 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]9265 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 9266 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
9267 ··tags:9267 ··tags:
9268 ··-·CJIS-5.4.1.19268 ··-·CJIS-5.4.1.1
9269 ··-·NIST-800-171-3.1.79269 ··-·NIST-800-171-3.1.7
9270 ··-·NIST-800-53-AC-6(9)9270 ··-·NIST-800-53-AC-6(9)
9271 ··-·NIST-800-53-AU-12(c)9271 ··-·NIST-800-53-AU-12(c)
9272 ··-·NIST-800-53-AU-2(d)9272 ··-·NIST-800-53-AU-2(d)
9273 ··-·NIST-800-53-CM-6(a)9273 ··-·NIST-800-53-CM-6(a)
Offset 9396, 16 lines modifiedOffset 9396, 16 lines modified
9396 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=10009396 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=1000
9397 ········-F·auid!=unset·-F·key=perm_mod9397 ········-F·auid!=unset·-F·key=perm_mod
9398 ······create:·true9398 ······create:·true
9399 ······mode:·o-rwx9399 ······mode:·o-rwx
9400 ······state:·present9400 ······state:·present
9401 ····when:·syscalls_found·|·length·==·09401 ····when:·syscalls_found·|·length·==·0
9402 ··when:9402 ··when:
9403 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
9404 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]9403 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 9404 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
9405 ··-·audit_arch·==·&quot;b64&quot;9405 ··-·audit_arch·==·&quot;b64&quot;
9406 ··tags:9406 ··tags:
9407 ··-·CJIS-5.4.1.19407 ··-·CJIS-5.4.1.1
9408 ··-·NIST-800-171-3.1.79408 ··-·NIST-800-171-3.1.7
9409 ··-·NIST-800-53-AC-6(9)9409 ··-·NIST-800-53-AC-6(9)
9410 ··-·NIST-800-53-AU-12(c)9410 ··-·NIST-800-53-AU-12(c)
9411 ··-·NIST-800-53-AU-2(d)9411 ··-·NIST-800-53-AU-2(d)
Offset 9414, 15 lines modifiedOffset 9414, 15 lines modified
9414 ··-·audit_rules_media_export9414 ··-·audit_rules_media_export
9415 ··-·low_complexity9415 ··-·low_complexity
9416 ··-·low_disruption9416 ··-·low_disruption
9417 ··-·medium_severity9417 ··-·medium_severity
9418 ··-·reboot_required9418 ··-·reboot_required
9419 ··-·restrict_strategy</xccdf-1.2:fix>9419 ··-·restrict_strategy</xccdf-1.2:fix>
9420 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_media_export">#·Remediation·is·applicable·only·in·certain·platforms9420 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_media_export">#·Remediation·is·applicable·only·in·certain·platforms
9421 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'audit'·2&gt;/dev/null·|·grep·-q·installed·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then9421 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'audit'·2&gt;/dev/null·|·grep·-q·installed;·then
  
9422 #·First·perform·the·remediation·of·the·syscall·rule9422 #·First·perform·the·remediation·of·the·syscall·rule
9423 #·Retrieve·hardware·architecture·of·the·underlying·system9423 #·Retrieve·hardware·architecture·of·the·underlying·system
9424 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)9424 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
9425 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;9425 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
9426 do9426 do
Offset 10300, 16 lines modifiedOffset 10300, 16 lines modified
10300 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/10300 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
10301 ··find:10301 ··find:
10302 ····paths:·/etc/audit/rules.d10302 ····paths:·/etc/audit/rules.d
Max diff block lines reached; 111430/116446 bytes (95.69%) of diff not shown.
114 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu1804-ds.xml
114 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu1804-ds.xml
    
Offset 8715, 16 lines modifiedOffset 8715, 16 lines modified
  
8715 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension8715 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
8716 ··find:8716 ··find:
8717 ····paths:·/etc/audit/rules.d/8717 ····paths:·/etc/audit/rules.d/
8718 ····patterns:·'*.rules'8718 ····patterns:·'*.rules'
8719 ··register:·find_rules_d8719 ··register:·find_rules_d
8720 ··when:8720 ··when:
8721 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
8722 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]8721 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 8722 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
8723 ··tags:8723 ··tags:
8724 ··-·CJIS-5.4.1.18724 ··-·CJIS-5.4.1.1
8725 ··-·NIST-800-171-3.3.18725 ··-·NIST-800-171-3.3.1
8726 ··-·NIST-800-171-3.4.38726 ··-·NIST-800-171-3.4.3
8727 ··-·NIST-800-53-AC-6(9)8727 ··-·NIST-800-53-AC-6(9)
8728 ··-·NIST-800-53-CM-6(a)8728 ··-·NIST-800-53-CM-6(a)
8729 ··-·PCI-DSS-Req-10.5.28729 ··-·PCI-DSS-Req-10.5.2
Offset 8739, 16 lines modifiedOffset 8739, 16 lines modified
8739 ··lineinfile:8739 ··lineinfile:
8740 ····path:·'{{·item·}}'8740 ····path:·'{{·item·}}'
8741 ····regexp:·^\s*(?:-e)\s+.*$8741 ····regexp:·^\s*(?:-e)\s+.*$
8742 ····state:·absent8742 ····state:·absent
8743 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']8743 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
8744 ····}}'8744 ····}}'
8745 ··when:8745 ··when:
8746 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
8747 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]8746 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 8747 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
8748 ··tags:8748 ··tags:
8749 ··-·CJIS-5.4.1.18749 ··-·CJIS-5.4.1.1
8750 ··-·NIST-800-171-3.3.18750 ··-·NIST-800-171-3.3.1
8751 ··-·NIST-800-171-3.4.38751 ··-·NIST-800-171-3.4.3
8752 ··-·NIST-800-53-AC-6(9)8752 ··-·NIST-800-53-AC-6(9)
8753 ··-·NIST-800-53-CM-6(a)8753 ··-·NIST-800-53-CM-6(a)
8754 ··-·PCI-DSS-Req-10.5.28754 ··-·PCI-DSS-Req-10.5.2
Offset 8765, 16 lines modifiedOffset 8765, 16 lines modified
8765 ····create:·true8765 ····create:·true
8766 ····line:·-e·28766 ····line:·-e·2
8767 ····mode:·o-rwx8767 ····mode:·o-rwx
8768 ··loop:8768 ··loop:
8769 ··-·/etc/audit/audit.rules8769 ··-·/etc/audit/audit.rules
8770 ··-·/etc/audit/rules.d/immutable.rules8770 ··-·/etc/audit/rules.d/immutable.rules
8771 ··when:8771 ··when:
8772 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
8773 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]8772 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 8773 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
8774 ··tags:8774 ··tags:
8775 ··-·CJIS-5.4.1.18775 ··-·CJIS-5.4.1.1
8776 ··-·NIST-800-171-3.3.18776 ··-·NIST-800-171-3.3.1
8777 ··-·NIST-800-171-3.4.38777 ··-·NIST-800-171-3.4.3
8778 ··-·NIST-800-53-AC-6(9)8778 ··-·NIST-800-53-AC-6(9)
8779 ··-·NIST-800-53-CM-6(a)8779 ··-·NIST-800-53-CM-6(a)
8780 ··-·PCI-DSS-Req-10.5.28780 ··-·PCI-DSS-Req-10.5.2
Offset 9118, 16 lines modifiedOffset 9118, 16 lines modified
9118 ··-·reboot_required9118 ··-·reboot_required
9119 ··-·restrict_strategy9119 ··-·restrict_strategy
  
9120 -·name:·Set·architecture·for·audit·mount·tasks9120 -·name:·Set·architecture·for·audit·mount·tasks
9121 ··set_fact:9121 ··set_fact:
9122 ····audit_arch:·b649122 ····audit_arch:·b64
9123 ··when:9123 ··when:
9124 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
9125 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]9124 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 9125 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
9126 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture9126 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
9127 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;9127 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
9128 ··tags:9128 ··tags:
9129 ··-·CJIS-5.4.1.19129 ··-·CJIS-5.4.1.1
9130 ··-·NIST-800-171-3.1.79130 ··-·NIST-800-171-3.1.7
9131 ··-·NIST-800-53-AC-6(9)9131 ··-·NIST-800-53-AC-6(9)
9132 ··-·NIST-800-53-AU-12(c)9132 ··-·NIST-800-53-AU-12(c)
Offset 9258, 16 lines modifiedOffset 9258, 16 lines modified
9258 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=10009258 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=1000
9259 ········-F·auid!=unset·-F·key=perm_mod9259 ········-F·auid!=unset·-F·key=perm_mod
9260 ······create:·true9260 ······create:·true
9261 ······mode:·o-rwx9261 ······mode:·o-rwx
9262 ······state:·present9262 ······state:·present
9263 ····when:·syscalls_found·|·length·==·09263 ····when:·syscalls_found·|·length·==·0
9264 ··when:9264 ··when:
9265 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
9266 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]9265 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 9266 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
9267 ··tags:9267 ··tags:
9268 ··-·CJIS-5.4.1.19268 ··-·CJIS-5.4.1.1
9269 ··-·NIST-800-171-3.1.79269 ··-·NIST-800-171-3.1.7
9270 ··-·NIST-800-53-AC-6(9)9270 ··-·NIST-800-53-AC-6(9)
9271 ··-·NIST-800-53-AU-12(c)9271 ··-·NIST-800-53-AU-12(c)
9272 ··-·NIST-800-53-AU-2(d)9272 ··-·NIST-800-53-AU-2(d)
9273 ··-·NIST-800-53-CM-6(a)9273 ··-·NIST-800-53-CM-6(a)
Offset 9396, 16 lines modifiedOffset 9396, 16 lines modified
9396 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=10009396 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=1000
9397 ········-F·auid!=unset·-F·key=perm_mod9397 ········-F·auid!=unset·-F·key=perm_mod
9398 ······create:·true9398 ······create:·true
9399 ······mode:·o-rwx9399 ······mode:·o-rwx
9400 ······state:·present9400 ······state:·present
9401 ····when:·syscalls_found·|·length·==·09401 ····when:·syscalls_found·|·length·==·0
9402 ··when:9402 ··when:
9403 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
9404 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]9403 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 9404 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
9405 ··-·audit_arch·==·&quot;b64&quot;9405 ··-·audit_arch·==·&quot;b64&quot;
9406 ··tags:9406 ··tags:
9407 ··-·CJIS-5.4.1.19407 ··-·CJIS-5.4.1.1
9408 ··-·NIST-800-171-3.1.79408 ··-·NIST-800-171-3.1.7
9409 ··-·NIST-800-53-AC-6(9)9409 ··-·NIST-800-53-AC-6(9)
9410 ··-·NIST-800-53-AU-12(c)9410 ··-·NIST-800-53-AU-12(c)
9411 ··-·NIST-800-53-AU-2(d)9411 ··-·NIST-800-53-AU-2(d)
Offset 9414, 15 lines modifiedOffset 9414, 15 lines modified
9414 ··-·audit_rules_media_export9414 ··-·audit_rules_media_export
9415 ··-·low_complexity9415 ··-·low_complexity
9416 ··-·low_disruption9416 ··-·low_disruption
9417 ··-·medium_severity9417 ··-·medium_severity
9418 ··-·reboot_required9418 ··-·reboot_required
9419 ··-·restrict_strategy</xccdf-1.2:fix>9419 ··-·restrict_strategy</xccdf-1.2:fix>
9420 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_media_export">#·Remediation·is·applicable·only·in·certain·platforms9420 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_media_export">#·Remediation·is·applicable·only·in·certain·platforms
9421 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'audit'·2&gt;/dev/null·|·grep·-q·installed·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then9421 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'audit'·2&gt;/dev/null·|·grep·-q·installed;·then
  
9422 #·First·perform·the·remediation·of·the·syscall·rule9422 #·First·perform·the·remediation·of·the·syscall·rule
9423 #·Retrieve·hardware·architecture·of·the·underlying·system9423 #·Retrieve·hardware·architecture·of·the·underlying·system
9424 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)9424 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
9425 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;9425 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
9426 do9426 do
Offset 10300, 16 lines modifiedOffset 10300, 16 lines modified
10300 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/10300 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
10301 ··find:10301 ··find:
10302 ····paths:·/etc/audit/rules.d10302 ····paths:·/etc/audit/rules.d
Max diff block lines reached; 111430/116446 bytes (95.69%) of diff not shown.
114 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu1804-xccdf.xml
114 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu1804-xccdf.xml
    
Offset 8611, 16 lines modifiedOffset 8611, 16 lines modified
  
8611 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension8611 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
8612 ··find:8612 ··find:
8613 ····paths:·/etc/audit/rules.d/8613 ····paths:·/etc/audit/rules.d/
8614 ····patterns:·'*.rules'8614 ····patterns:·'*.rules'
8615 ··register:·find_rules_d8615 ··register:·find_rules_d
8616 ··when:8616 ··when:
8617 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
8618 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]8617 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 8618 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
8619 ··tags:8619 ··tags:
8620 ··-·CJIS-5.4.1.18620 ··-·CJIS-5.4.1.1
8621 ··-·NIST-800-171-3.3.18621 ··-·NIST-800-171-3.3.1
8622 ··-·NIST-800-171-3.4.38622 ··-·NIST-800-171-3.4.3
8623 ··-·NIST-800-53-AC-6(9)8623 ··-·NIST-800-53-AC-6(9)
8624 ··-·NIST-800-53-CM-6(a)8624 ··-·NIST-800-53-CM-6(a)
8625 ··-·PCI-DSS-Req-10.5.28625 ··-·PCI-DSS-Req-10.5.2
Offset 8635, 16 lines modifiedOffset 8635, 16 lines modified
8635 ··lineinfile:8635 ··lineinfile:
8636 ····path:·'{{·item·}}'8636 ····path:·'{{·item·}}'
8637 ····regexp:·^\s*(?:-e)\s+.*$8637 ····regexp:·^\s*(?:-e)\s+.*$
8638 ····state:·absent8638 ····state:·absent
8639 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']8639 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
8640 ····}}'8640 ····}}'
8641 ··when:8641 ··when:
8642 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
8643 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]8642 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 8643 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
8644 ··tags:8644 ··tags:
8645 ··-·CJIS-5.4.1.18645 ··-·CJIS-5.4.1.1
8646 ··-·NIST-800-171-3.3.18646 ··-·NIST-800-171-3.3.1
8647 ··-·NIST-800-171-3.4.38647 ··-·NIST-800-171-3.4.3
8648 ··-·NIST-800-53-AC-6(9)8648 ··-·NIST-800-53-AC-6(9)
8649 ··-·NIST-800-53-CM-6(a)8649 ··-·NIST-800-53-CM-6(a)
8650 ··-·PCI-DSS-Req-10.5.28650 ··-·PCI-DSS-Req-10.5.2
Offset 8661, 16 lines modifiedOffset 8661, 16 lines modified
8661 ····create:·true8661 ····create:·true
8662 ····line:·-e·28662 ····line:·-e·2
8663 ····mode:·o-rwx8663 ····mode:·o-rwx
8664 ··loop:8664 ··loop:
8665 ··-·/etc/audit/audit.rules8665 ··-·/etc/audit/audit.rules
8666 ··-·/etc/audit/rules.d/immutable.rules8666 ··-·/etc/audit/rules.d/immutable.rules
8667 ··when:8667 ··when:
8668 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
8669 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]8668 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 8669 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
8670 ··tags:8670 ··tags:
8671 ··-·CJIS-5.4.1.18671 ··-·CJIS-5.4.1.1
8672 ··-·NIST-800-171-3.3.18672 ··-·NIST-800-171-3.3.1
8673 ··-·NIST-800-171-3.4.38673 ··-·NIST-800-171-3.4.3
8674 ··-·NIST-800-53-AC-6(9)8674 ··-·NIST-800-53-AC-6(9)
8675 ··-·NIST-800-53-CM-6(a)8675 ··-·NIST-800-53-CM-6(a)
8676 ··-·PCI-DSS-Req-10.5.28676 ··-·PCI-DSS-Req-10.5.2
Offset 9014, 16 lines modifiedOffset 9014, 16 lines modified
9014 ··-·reboot_required9014 ··-·reboot_required
9015 ··-·restrict_strategy9015 ··-·restrict_strategy
  
9016 -·name:·Set·architecture·for·audit·mount·tasks9016 -·name:·Set·architecture·for·audit·mount·tasks
9017 ··set_fact:9017 ··set_fact:
9018 ····audit_arch:·b649018 ····audit_arch:·b64
9019 ··when:9019 ··when:
9020 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
9021 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]9020 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 9021 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
9022 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture9022 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
9023 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;9023 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
9024 ··tags:9024 ··tags:
9025 ··-·CJIS-5.4.1.19025 ··-·CJIS-5.4.1.1
9026 ··-·NIST-800-171-3.1.79026 ··-·NIST-800-171-3.1.7
9027 ··-·NIST-800-53-AC-6(9)9027 ··-·NIST-800-53-AC-6(9)
9028 ··-·NIST-800-53-AU-12(c)9028 ··-·NIST-800-53-AU-12(c)
Offset 9154, 16 lines modifiedOffset 9154, 16 lines modified
9154 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=10009154 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=1000
9155 ········-F·auid!=unset·-F·key=perm_mod9155 ········-F·auid!=unset·-F·key=perm_mod
9156 ······create:·true9156 ······create:·true
9157 ······mode:·o-rwx9157 ······mode:·o-rwx
9158 ······state:·present9158 ······state:·present
9159 ····when:·syscalls_found·|·length·==·09159 ····when:·syscalls_found·|·length·==·0
9160 ··when:9160 ··when:
9161 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
9162 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]9161 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 9162 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
9163 ··tags:9163 ··tags:
9164 ··-·CJIS-5.4.1.19164 ··-·CJIS-5.4.1.1
9165 ··-·NIST-800-171-3.1.79165 ··-·NIST-800-171-3.1.7
9166 ··-·NIST-800-53-AC-6(9)9166 ··-·NIST-800-53-AC-6(9)
9167 ··-·NIST-800-53-AU-12(c)9167 ··-·NIST-800-53-AU-12(c)
9168 ··-·NIST-800-53-AU-2(d)9168 ··-·NIST-800-53-AU-2(d)
9169 ··-·NIST-800-53-CM-6(a)9169 ··-·NIST-800-53-CM-6(a)
Offset 9292, 16 lines modifiedOffset 9292, 16 lines modified
9292 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=10009292 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=1000
9293 ········-F·auid!=unset·-F·key=perm_mod9293 ········-F·auid!=unset·-F·key=perm_mod
9294 ······create:·true9294 ······create:·true
9295 ······mode:·o-rwx9295 ······mode:·o-rwx
9296 ······state:·present9296 ······state:·present
9297 ····when:·syscalls_found·|·length·==·09297 ····when:·syscalls_found·|·length·==·0
9298 ··when:9298 ··when:
9299 ··-·'&quot;audit&quot;·in·ansible_facts.packages' 
9300 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]9299 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 9300 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
9301 ··-·audit_arch·==·&quot;b64&quot;9301 ··-·audit_arch·==·&quot;b64&quot;
9302 ··tags:9302 ··tags:
9303 ··-·CJIS-5.4.1.19303 ··-·CJIS-5.4.1.1
9304 ··-·NIST-800-171-3.1.79304 ··-·NIST-800-171-3.1.7
9305 ··-·NIST-800-53-AC-6(9)9305 ··-·NIST-800-53-AC-6(9)
9306 ··-·NIST-800-53-AU-12(c)9306 ··-·NIST-800-53-AU-12(c)
9307 ··-·NIST-800-53-AU-2(d)9307 ··-·NIST-800-53-AU-2(d)
Offset 9310, 15 lines modifiedOffset 9310, 15 lines modified
9310 ··-·audit_rules_media_export9310 ··-·audit_rules_media_export
9311 ··-·low_complexity9311 ··-·low_complexity
9312 ··-·low_disruption9312 ··-·low_disruption
9313 ··-·medium_severity9313 ··-·medium_severity
9314 ··-·reboot_required9314 ··-·reboot_required
9315 ··-·restrict_strategy</xccdf-1.2:fix>9315 ··-·restrict_strategy</xccdf-1.2:fix>
9316 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_media_export">#·Remediation·is·applicable·only·in·certain·platforms9316 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_media_export">#·Remediation·is·applicable·only·in·certain·platforms
9317 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'audit'·2&gt;/dev/null·|·grep·-q·installed·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then9317 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'audit'·2&gt;/dev/null·|·grep·-q·installed;·then
  
9318 #·First·perform·the·remediation·of·the·syscall·rule9318 #·First·perform·the·remediation·of·the·syscall·rule
9319 #·Retrieve·hardware·architecture·of·the·underlying·system9319 #·Retrieve·hardware·architecture·of·the·underlying·system
9320 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)9320 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
9321 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;9321 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
9322 do9322 do
Offset 10196, 16 lines modifiedOffset 10196, 16 lines modified
10196 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/10196 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
10197 ··find:10197 ··find:
10198 ····paths:·/etc/audit/rules.d10198 ····paths:·/etc/audit/rules.d
Max diff block lines reached; 111106/116118 bytes (95.68%) of diff not shown.
266 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2004-ds-1.2.xml
266 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2004-ds-1.2.xml
    
Offset 16284, 16 lines modifiedOffset 16284, 16 lines modified
  
16284 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension16284 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
16285 ··find:16285 ··find:
16286 ····paths:·/etc/audit/rules.d/16286 ····paths:·/etc/audit/rules.d/
16287 ····patterns:·'*.rules'16287 ····patterns:·'*.rules'
16288 ··register:·find_rules_d16288 ··register:·find_rules_d
16289 ··when:16289 ··when:
16290 ··-·'&quot;auditd&quot;·in·ansible_facts.packages' 
16291 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]16290 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 16291 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
16292 ··tags:16292 ··tags:
16293 ··-·CJIS-5.4.1.116293 ··-·CJIS-5.4.1.1
16294 ··-·NIST-800-171-3.3.116294 ··-·NIST-800-171-3.3.1
16295 ··-·NIST-800-171-3.4.316295 ··-·NIST-800-171-3.4.3
16296 ··-·NIST-800-53-AC-6(9)16296 ··-·NIST-800-53-AC-6(9)
16297 ··-·NIST-800-53-CM-6(a)16297 ··-·NIST-800-53-CM-6(a)
16298 ··-·PCI-DSS-Req-10.5.216298 ··-·PCI-DSS-Req-10.5.2
Offset 16308, 16 lines modifiedOffset 16308, 16 lines modified
16308 ··lineinfile:16308 ··lineinfile:
16309 ····path:·'{{·item·}}'16309 ····path:·'{{·item·}}'
16310 ····regexp:·^\s*(?:-e)\s+.*$16310 ····regexp:·^\s*(?:-e)\s+.*$
16311 ····state:·absent16311 ····state:·absent
16312 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']16312 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
16313 ····}}'16313 ····}}'
16314 ··when:16314 ··when:
16315 ··-·'&quot;auditd&quot;·in·ansible_facts.packages' 
16316 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]16315 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 16316 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
16317 ··tags:16317 ··tags:
16318 ··-·CJIS-5.4.1.116318 ··-·CJIS-5.4.1.1
16319 ··-·NIST-800-171-3.3.116319 ··-·NIST-800-171-3.3.1
16320 ··-·NIST-800-171-3.4.316320 ··-·NIST-800-171-3.4.3
16321 ··-·NIST-800-53-AC-6(9)16321 ··-·NIST-800-53-AC-6(9)
16322 ··-·NIST-800-53-CM-6(a)16322 ··-·NIST-800-53-CM-6(a)
16323 ··-·PCI-DSS-Req-10.5.216323 ··-·PCI-DSS-Req-10.5.2
Offset 16334, 16 lines modifiedOffset 16334, 16 lines modified
16334 ····create:·true16334 ····create:·true
16335 ····line:·-e·216335 ····line:·-e·2
16336 ····mode:·o-rwx16336 ····mode:·o-rwx
16337 ··loop:16337 ··loop:
16338 ··-·/etc/audit/audit.rules16338 ··-·/etc/audit/audit.rules
16339 ··-·/etc/audit/rules.d/immutable.rules16339 ··-·/etc/audit/rules.d/immutable.rules
16340 ··when:16340 ··when:
16341 ··-·'&quot;auditd&quot;·in·ansible_facts.packages' 
16342 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]16341 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 16342 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
16343 ··tags:16343 ··tags:
16344 ··-·CJIS-5.4.1.116344 ··-·CJIS-5.4.1.1
16345 ··-·NIST-800-171-3.3.116345 ··-·NIST-800-171-3.3.1
16346 ··-·NIST-800-171-3.4.316346 ··-·NIST-800-171-3.4.3
16347 ··-·NIST-800-53-AC-6(9)16347 ··-·NIST-800-53-AC-6(9)
16348 ··-·NIST-800-53-CM-6(a)16348 ··-·NIST-800-53-CM-6(a)
16349 ··-·PCI-DSS-Req-10.5.216349 ··-·PCI-DSS-Req-10.5.2
Offset 16687, 16 lines modifiedOffset 16687, 16 lines modified
16687 ··-·reboot_required16687 ··-·reboot_required
16688 ··-·restrict_strategy16688 ··-·restrict_strategy
  
16689 -·name:·Set·architecture·for·audit·mount·tasks16689 -·name:·Set·architecture·for·audit·mount·tasks
16690 ··set_fact:16690 ··set_fact:
16691 ····audit_arch:·b6416691 ····audit_arch:·b64
16692 ··when:16692 ··when:
16693 ··-·'&quot;auditd&quot;·in·ansible_facts.packages' 
16694 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]16693 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 16694 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
16695 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture16695 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
16696 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;16696 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
16697 ··tags:16697 ··tags:
16698 ··-·CJIS-5.4.1.116698 ··-·CJIS-5.4.1.1
16699 ··-·NIST-800-171-3.1.716699 ··-·NIST-800-171-3.1.7
16700 ··-·NIST-800-53-AC-6(9)16700 ··-·NIST-800-53-AC-6(9)
16701 ··-·NIST-800-53-AU-12(c)16701 ··-·NIST-800-53-AU-12(c)
Offset 16827, 16 lines modifiedOffset 16827, 16 lines modified
16827 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=100016827 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=1000
16828 ········-F·auid!=unset·-F·key=perm_mod16828 ········-F·auid!=unset·-F·key=perm_mod
16829 ······create:·true16829 ······create:·true
16830 ······mode:·o-rwx16830 ······mode:·o-rwx
16831 ······state:·present16831 ······state:·present
16832 ····when:·syscalls_found·|·length·==·016832 ····when:·syscalls_found·|·length·==·0
16833 ··when:16833 ··when:
16834 ··-·'&quot;auditd&quot;·in·ansible_facts.packages' 
16835 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]16834 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 16835 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
16836 ··tags:16836 ··tags:
16837 ··-·CJIS-5.4.1.116837 ··-·CJIS-5.4.1.1
16838 ··-·NIST-800-171-3.1.716838 ··-·NIST-800-171-3.1.7
16839 ··-·NIST-800-53-AC-6(9)16839 ··-·NIST-800-53-AC-6(9)
16840 ··-·NIST-800-53-AU-12(c)16840 ··-·NIST-800-53-AU-12(c)
16841 ··-·NIST-800-53-AU-2(d)16841 ··-·NIST-800-53-AU-2(d)
16842 ··-·NIST-800-53-CM-6(a)16842 ··-·NIST-800-53-CM-6(a)
Offset 16965, 16 lines modifiedOffset 16965, 16 lines modified
16965 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=100016965 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=1000
16966 ········-F·auid!=unset·-F·key=perm_mod16966 ········-F·auid!=unset·-F·key=perm_mod
16967 ······create:·true16967 ······create:·true
16968 ······mode:·o-rwx16968 ······mode:·o-rwx
16969 ······state:·present16969 ······state:·present
16970 ····when:·syscalls_found·|·length·==·016970 ····when:·syscalls_found·|·length·==·0
16971 ··when:16971 ··when:
16972 ··-·'&quot;auditd&quot;·in·ansible_facts.packages' 
16973 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]16972 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 16973 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
16974 ··-·audit_arch·==·&quot;b64&quot;16974 ··-·audit_arch·==·&quot;b64&quot;
16975 ··tags:16975 ··tags:
16976 ··-·CJIS-5.4.1.116976 ··-·CJIS-5.4.1.1
16977 ··-·NIST-800-171-3.1.716977 ··-·NIST-800-171-3.1.7
16978 ··-·NIST-800-53-AC-6(9)16978 ··-·NIST-800-53-AC-6(9)
16979 ··-·NIST-800-53-AU-12(c)16979 ··-·NIST-800-53-AU-12(c)
16980 ··-·NIST-800-53-AU-2(d)16980 ··-·NIST-800-53-AU-2(d)
Offset 16983, 15 lines modifiedOffset 16983, 15 lines modified
16983 ··-·audit_rules_media_export16983 ··-·audit_rules_media_export
16984 ··-·low_complexity16984 ··-·low_complexity
16985 ··-·low_disruption16985 ··-·low_disruption
16986 ··-·medium_severity16986 ··-·medium_severity
16987 ··-·reboot_required16987 ··-·reboot_required
16988 ··-·restrict_strategy</xccdf-1.2:fix>16988 ··-·restrict_strategy</xccdf-1.2:fix>
16989 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_media_export">#·Remediation·is·applicable·only·in·certain·platforms16989 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_media_export">#·Remediation·is·applicable·only·in·certain·platforms
16990 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'auditd'·2&gt;/dev/null·|·grep·-q·installed·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then16990 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'auditd'·2&gt;/dev/null·|·grep·-q·installed;·then
  
16991 #·First·perform·the·remediation·of·the·syscall·rule16991 #·First·perform·the·remediation·of·the·syscall·rule
16992 #·Retrieve·hardware·architecture·of·the·underlying·system16992 #·Retrieve·hardware·architecture·of·the·underlying·system
16993 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)16993 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
16994 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;16994 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
16995 do16995 do
Offset 17674, 15 lines modifiedOffset 17674, 15 lines modified
17674 ··············<xccdf-1.2:reference·href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</xccdf-1.2:reference>17674 ··············<xccdf-1.2:reference·href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</xccdf-1.2:reference>
17675 ··············<xccdf-1.2:reference·href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</xccdf-1.2:reference>17675 ··············<xccdf-1.2:reference·href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</xccdf-1.2:reference>
17676 ··············<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000472-GPOS-00217</xccdf-1.2:reference>17676 ··············<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000472-GPOS-00217</xccdf-1.2:reference>
Max diff block lines reached; 267035/272556 bytes (97.97%) of diff not shown.
266 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2004-ds.xml
266 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2004-ds.xml
    
Offset 16284, 16 lines modifiedOffset 16284, 16 lines modified
  
16284 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension16284 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
16285 ··find:16285 ··find:
16286 ····paths:·/etc/audit/rules.d/16286 ····paths:·/etc/audit/rules.d/
16287 ····patterns:·'*.rules'16287 ····patterns:·'*.rules'
16288 ··register:·find_rules_d16288 ··register:·find_rules_d
16289 ··when:16289 ··when:
16290 ··-·'&quot;auditd&quot;·in·ansible_facts.packages' 
16291 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]16290 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 16291 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
16292 ··tags:16292 ··tags:
16293 ··-·CJIS-5.4.1.116293 ··-·CJIS-5.4.1.1
16294 ··-·NIST-800-171-3.3.116294 ··-·NIST-800-171-3.3.1
16295 ··-·NIST-800-171-3.4.316295 ··-·NIST-800-171-3.4.3
16296 ··-·NIST-800-53-AC-6(9)16296 ··-·NIST-800-53-AC-6(9)
16297 ··-·NIST-800-53-CM-6(a)16297 ··-·NIST-800-53-CM-6(a)
16298 ··-·PCI-DSS-Req-10.5.216298 ··-·PCI-DSS-Req-10.5.2
Offset 16308, 16 lines modifiedOffset 16308, 16 lines modified
16308 ··lineinfile:16308 ··lineinfile:
16309 ····path:·'{{·item·}}'16309 ····path:·'{{·item·}}'
16310 ····regexp:·^\s*(?:-e)\s+.*$16310 ····regexp:·^\s*(?:-e)\s+.*$
16311 ····state:·absent16311 ····state:·absent
16312 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']16312 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
16313 ····}}'16313 ····}}'
16314 ··when:16314 ··when:
16315 ··-·'&quot;auditd&quot;·in·ansible_facts.packages' 
16316 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]16315 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 16316 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
16317 ··tags:16317 ··tags:
16318 ··-·CJIS-5.4.1.116318 ··-·CJIS-5.4.1.1
16319 ··-·NIST-800-171-3.3.116319 ··-·NIST-800-171-3.3.1
16320 ··-·NIST-800-171-3.4.316320 ··-·NIST-800-171-3.4.3
16321 ··-·NIST-800-53-AC-6(9)16321 ··-·NIST-800-53-AC-6(9)
16322 ··-·NIST-800-53-CM-6(a)16322 ··-·NIST-800-53-CM-6(a)
16323 ··-·PCI-DSS-Req-10.5.216323 ··-·PCI-DSS-Req-10.5.2
Offset 16334, 16 lines modifiedOffset 16334, 16 lines modified
16334 ····create:·true16334 ····create:·true
16335 ····line:·-e·216335 ····line:·-e·2
16336 ····mode:·o-rwx16336 ····mode:·o-rwx
16337 ··loop:16337 ··loop:
16338 ··-·/etc/audit/audit.rules16338 ··-·/etc/audit/audit.rules
16339 ··-·/etc/audit/rules.d/immutable.rules16339 ··-·/etc/audit/rules.d/immutable.rules
16340 ··when:16340 ··when:
16341 ··-·'&quot;auditd&quot;·in·ansible_facts.packages' 
16342 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]16341 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 16342 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
16343 ··tags:16343 ··tags:
16344 ··-·CJIS-5.4.1.116344 ··-·CJIS-5.4.1.1
16345 ··-·NIST-800-171-3.3.116345 ··-·NIST-800-171-3.3.1
16346 ··-·NIST-800-171-3.4.316346 ··-·NIST-800-171-3.4.3
16347 ··-·NIST-800-53-AC-6(9)16347 ··-·NIST-800-53-AC-6(9)
16348 ··-·NIST-800-53-CM-6(a)16348 ··-·NIST-800-53-CM-6(a)
16349 ··-·PCI-DSS-Req-10.5.216349 ··-·PCI-DSS-Req-10.5.2
Offset 16687, 16 lines modifiedOffset 16687, 16 lines modified
16687 ··-·reboot_required16687 ··-·reboot_required
16688 ··-·restrict_strategy16688 ··-·restrict_strategy
  
16689 -·name:·Set·architecture·for·audit·mount·tasks16689 -·name:·Set·architecture·for·audit·mount·tasks
16690 ··set_fact:16690 ··set_fact:
16691 ····audit_arch:·b6416691 ····audit_arch:·b64
16692 ··when:16692 ··when:
16693 ··-·'&quot;auditd&quot;·in·ansible_facts.packages' 
16694 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]16693 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 16694 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
16695 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture16695 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
16696 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;16696 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
16697 ··tags:16697 ··tags:
16698 ··-·CJIS-5.4.1.116698 ··-·CJIS-5.4.1.1
16699 ··-·NIST-800-171-3.1.716699 ··-·NIST-800-171-3.1.7
16700 ··-·NIST-800-53-AC-6(9)16700 ··-·NIST-800-53-AC-6(9)
16701 ··-·NIST-800-53-AU-12(c)16701 ··-·NIST-800-53-AU-12(c)
Offset 16827, 16 lines modifiedOffset 16827, 16 lines modified
16827 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=100016827 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=1000
16828 ········-F·auid!=unset·-F·key=perm_mod16828 ········-F·auid!=unset·-F·key=perm_mod
16829 ······create:·true16829 ······create:·true
16830 ······mode:·o-rwx16830 ······mode:·o-rwx
16831 ······state:·present16831 ······state:·present
16832 ····when:·syscalls_found·|·length·==·016832 ····when:·syscalls_found·|·length·==·0
16833 ··when:16833 ··when:
16834 ··-·'&quot;auditd&quot;·in·ansible_facts.packages' 
16835 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]16834 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 16835 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
16836 ··tags:16836 ··tags:
16837 ··-·CJIS-5.4.1.116837 ··-·CJIS-5.4.1.1
16838 ··-·NIST-800-171-3.1.716838 ··-·NIST-800-171-3.1.7
16839 ··-·NIST-800-53-AC-6(9)16839 ··-·NIST-800-53-AC-6(9)
16840 ··-·NIST-800-53-AU-12(c)16840 ··-·NIST-800-53-AU-12(c)
16841 ··-·NIST-800-53-AU-2(d)16841 ··-·NIST-800-53-AU-2(d)
16842 ··-·NIST-800-53-CM-6(a)16842 ··-·NIST-800-53-CM-6(a)
Offset 16965, 16 lines modifiedOffset 16965, 16 lines modified
16965 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=100016965 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=1000
16966 ········-F·auid!=unset·-F·key=perm_mod16966 ········-F·auid!=unset·-F·key=perm_mod
16967 ······create:·true16967 ······create:·true
16968 ······mode:·o-rwx16968 ······mode:·o-rwx
16969 ······state:·present16969 ······state:·present
16970 ····when:·syscalls_found·|·length·==·016970 ····when:·syscalls_found·|·length·==·0
16971 ··when:16971 ··when:
16972 ··-·'&quot;auditd&quot;·in·ansible_facts.packages' 
16973 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]16972 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 16973 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
16974 ··-·audit_arch·==·&quot;b64&quot;16974 ··-·audit_arch·==·&quot;b64&quot;
16975 ··tags:16975 ··tags:
16976 ··-·CJIS-5.4.1.116976 ··-·CJIS-5.4.1.1
16977 ··-·NIST-800-171-3.1.716977 ··-·NIST-800-171-3.1.7
16978 ··-·NIST-800-53-AC-6(9)16978 ··-·NIST-800-53-AC-6(9)
16979 ··-·NIST-800-53-AU-12(c)16979 ··-·NIST-800-53-AU-12(c)
16980 ··-·NIST-800-53-AU-2(d)16980 ··-·NIST-800-53-AU-2(d)
Offset 16983, 15 lines modifiedOffset 16983, 15 lines modified
16983 ··-·audit_rules_media_export16983 ··-·audit_rules_media_export
16984 ··-·low_complexity16984 ··-·low_complexity
16985 ··-·low_disruption16985 ··-·low_disruption
16986 ··-·medium_severity16986 ··-·medium_severity
16987 ··-·reboot_required16987 ··-·reboot_required
16988 ··-·restrict_strategy</xccdf-1.2:fix>16988 ··-·restrict_strategy</xccdf-1.2:fix>
16989 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_media_export">#·Remediation·is·applicable·only·in·certain·platforms16989 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_media_export">#·Remediation·is·applicable·only·in·certain·platforms
16990 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'auditd'·2&gt;/dev/null·|·grep·-q·installed·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then16990 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'auditd'·2&gt;/dev/null·|·grep·-q·installed;·then
  
16991 #·First·perform·the·remediation·of·the·syscall·rule16991 #·First·perform·the·remediation·of·the·syscall·rule
16992 #·Retrieve·hardware·architecture·of·the·underlying·system16992 #·Retrieve·hardware·architecture·of·the·underlying·system
16993 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)16993 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
16994 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;16994 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
16995 do16995 do
Offset 17674, 15 lines modifiedOffset 17674, 15 lines modified
17674 ··············<xccdf-1.2:reference·href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</xccdf-1.2:reference>17674 ··············<xccdf-1.2:reference·href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</xccdf-1.2:reference>
17675 ··············<xccdf-1.2:reference·href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</xccdf-1.2:reference>17675 ··············<xccdf-1.2:reference·href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</xccdf-1.2:reference>
17676 ··············<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000472-GPOS-00217</xccdf-1.2:reference>17676 ··············<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000472-GPOS-00217</xccdf-1.2:reference>
Max diff block lines reached; 267035/272556 bytes (97.97%) of diff not shown.
266 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2004-xccdf.xml
265 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2004-xccdf.xml
    
Offset 16180, 16 lines modifiedOffset 16180, 16 lines modified
  
16180 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension16180 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
16181 ··find:16181 ··find:
16182 ····paths:·/etc/audit/rules.d/16182 ····paths:·/etc/audit/rules.d/
16183 ····patterns:·'*.rules'16183 ····patterns:·'*.rules'
16184 ··register:·find_rules_d16184 ··register:·find_rules_d
16185 ··when:16185 ··when:
16186 ··-·'&quot;auditd&quot;·in·ansible_facts.packages' 
16187 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]16186 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 16187 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
16188 ··tags:16188 ··tags:
16189 ··-·CJIS-5.4.1.116189 ··-·CJIS-5.4.1.1
16190 ··-·NIST-800-171-3.3.116190 ··-·NIST-800-171-3.3.1
16191 ··-·NIST-800-171-3.4.316191 ··-·NIST-800-171-3.4.3
16192 ··-·NIST-800-53-AC-6(9)16192 ··-·NIST-800-53-AC-6(9)
16193 ··-·NIST-800-53-CM-6(a)16193 ··-·NIST-800-53-CM-6(a)
16194 ··-·PCI-DSS-Req-10.5.216194 ··-·PCI-DSS-Req-10.5.2
Offset 16204, 16 lines modifiedOffset 16204, 16 lines modified
16204 ··lineinfile:16204 ··lineinfile:
16205 ····path:·'{{·item·}}'16205 ····path:·'{{·item·}}'
16206 ····regexp:·^\s*(?:-e)\s+.*$16206 ····regexp:·^\s*(?:-e)\s+.*$
16207 ····state:·absent16207 ····state:·absent
16208 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']16208 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
16209 ····}}'16209 ····}}'
16210 ··when:16210 ··when:
16211 ··-·'&quot;auditd&quot;·in·ansible_facts.packages' 
16212 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]16211 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 16212 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
16213 ··tags:16213 ··tags:
16214 ··-·CJIS-5.4.1.116214 ··-·CJIS-5.4.1.1
16215 ··-·NIST-800-171-3.3.116215 ··-·NIST-800-171-3.3.1
16216 ··-·NIST-800-171-3.4.316216 ··-·NIST-800-171-3.4.3
16217 ··-·NIST-800-53-AC-6(9)16217 ··-·NIST-800-53-AC-6(9)
16218 ··-·NIST-800-53-CM-6(a)16218 ··-·NIST-800-53-CM-6(a)
16219 ··-·PCI-DSS-Req-10.5.216219 ··-·PCI-DSS-Req-10.5.2
Offset 16230, 16 lines modifiedOffset 16230, 16 lines modified
16230 ····create:·true16230 ····create:·true
16231 ····line:·-e·216231 ····line:·-e·2
16232 ····mode:·o-rwx16232 ····mode:·o-rwx
16233 ··loop:16233 ··loop:
16234 ··-·/etc/audit/audit.rules16234 ··-·/etc/audit/audit.rules
16235 ··-·/etc/audit/rules.d/immutable.rules16235 ··-·/etc/audit/rules.d/immutable.rules
16236 ··when:16236 ··when:
16237 ··-·'&quot;auditd&quot;·in·ansible_facts.packages' 
16238 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]16237 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 16238 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
16239 ··tags:16239 ··tags:
16240 ··-·CJIS-5.4.1.116240 ··-·CJIS-5.4.1.1
16241 ··-·NIST-800-171-3.3.116241 ··-·NIST-800-171-3.3.1
16242 ··-·NIST-800-171-3.4.316242 ··-·NIST-800-171-3.4.3
16243 ··-·NIST-800-53-AC-6(9)16243 ··-·NIST-800-53-AC-6(9)
16244 ··-·NIST-800-53-CM-6(a)16244 ··-·NIST-800-53-CM-6(a)
16245 ··-·PCI-DSS-Req-10.5.216245 ··-·PCI-DSS-Req-10.5.2
Offset 16583, 16 lines modifiedOffset 16583, 16 lines modified
16583 ··-·reboot_required16583 ··-·reboot_required
16584 ··-·restrict_strategy16584 ··-·restrict_strategy
  
16585 -·name:·Set·architecture·for·audit·mount·tasks16585 -·name:·Set·architecture·for·audit·mount·tasks
16586 ··set_fact:16586 ··set_fact:
16587 ····audit_arch:·b6416587 ····audit_arch:·b64
16588 ··when:16588 ··when:
16589 ··-·'&quot;auditd&quot;·in·ansible_facts.packages' 
16590 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]16589 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 16590 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
16591 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture16591 ··-·ansible_architecture·==·&quot;aarch64&quot;·or·ansible_architecture·==·&quot;ppc64&quot;·or·ansible_architecture
16592 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;16592 ····==·&quot;ppc64le&quot;·or·ansible_architecture·==·&quot;s390x&quot;·or·ansible_architecture·==·&quot;x86_64&quot;
16593 ··tags:16593 ··tags:
16594 ··-·CJIS-5.4.1.116594 ··-·CJIS-5.4.1.1
16595 ··-·NIST-800-171-3.1.716595 ··-·NIST-800-171-3.1.7
16596 ··-·NIST-800-53-AC-6(9)16596 ··-·NIST-800-53-AC-6(9)
16597 ··-·NIST-800-53-AU-12(c)16597 ··-·NIST-800-53-AU-12(c)
Offset 16723, 16 lines modifiedOffset 16723, 16 lines modified
16723 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=100016723 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=1000
16724 ········-F·auid!=unset·-F·key=perm_mod16724 ········-F·auid!=unset·-F·key=perm_mod
16725 ······create:·true16725 ······create:·true
16726 ······mode:·o-rwx16726 ······mode:·o-rwx
16727 ······state:·present16727 ······state:·present
16728 ····when:·syscalls_found·|·length·==·016728 ····when:·syscalls_found·|·length·==·0
16729 ··when:16729 ··when:
16730 ··-·'&quot;auditd&quot;·in·ansible_facts.packages' 
16731 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]16730 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 16731 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
16732 ··tags:16732 ··tags:
16733 ··-·CJIS-5.4.1.116733 ··-·CJIS-5.4.1.1
16734 ··-·NIST-800-171-3.1.716734 ··-·NIST-800-171-3.1.7
16735 ··-·NIST-800-53-AC-6(9)16735 ··-·NIST-800-53-AC-6(9)
16736 ··-·NIST-800-53-AU-12(c)16736 ··-·NIST-800-53-AU-12(c)
16737 ··-·NIST-800-53-AU-2(d)16737 ··-·NIST-800-53-AU-2(d)
16738 ··-·NIST-800-53-CM-6(a)16738 ··-·NIST-800-53-CM-6(a)
Offset 16861, 16 lines modifiedOffset 16861, 16 lines modified
16861 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=100016861 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·auid&gt;=1000
16862 ········-F·auid!=unset·-F·key=perm_mod16862 ········-F·auid!=unset·-F·key=perm_mod
16863 ······create:·true16863 ······create:·true
16864 ······mode:·o-rwx16864 ······mode:·o-rwx
16865 ······state:·present16865 ······state:·present
16866 ····when:·syscalls_found·|·length·==·016866 ····when:·syscalls_found·|·length·==·0
16867 ··when:16867 ··when:
16868 ··-·'&quot;auditd&quot;·in·ansible_facts.packages' 
16869 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]16868 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
 16869 ··-·'&quot;auditd&quot;·in·ansible_facts.packages'
16870 ··-·audit_arch·==·&quot;b64&quot;16870 ··-·audit_arch·==·&quot;b64&quot;
16871 ··tags:16871 ··tags:
16872 ··-·CJIS-5.4.1.116872 ··-·CJIS-5.4.1.1
16873 ··-·NIST-800-171-3.1.716873 ··-·NIST-800-171-3.1.7
16874 ··-·NIST-800-53-AC-6(9)16874 ··-·NIST-800-53-AC-6(9)
16875 ··-·NIST-800-53-AU-12(c)16875 ··-·NIST-800-53-AU-12(c)
16876 ··-·NIST-800-53-AU-2(d)16876 ··-·NIST-800-53-AU-2(d)
Offset 16879, 15 lines modifiedOffset 16879, 15 lines modified
16879 ··-·audit_rules_media_export16879 ··-·audit_rules_media_export
16880 ··-·low_complexity16880 ··-·low_complexity
16881 ··-·low_disruption16881 ··-·low_disruption
16882 ··-·medium_severity16882 ··-·medium_severity
16883 ··-·reboot_required16883 ··-·reboot_required
16884 ··-·restrict_strategy</xccdf-1.2:fix>16884 ··-·restrict_strategy</xccdf-1.2:fix>
16885 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_media_export">#·Remediation·is·applicable·only·in·certain·platforms16885 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="audit_rules_media_export">#·Remediation·is·applicable·only·in·certain·platforms
16886 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'auditd'·2&gt;/dev/null·|·grep·-q·installed·&amp;&amp;·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·then16886 if·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·]·&amp;&amp;·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'auditd'·2&gt;/dev/null·|·grep·-q·installed;·then
  
16887 #·First·perform·the·remediation·of·the·syscall·rule16887 #·First·perform·the·remediation·of·the·syscall·rule
16888 #·Retrieve·hardware·architecture·of·the·underlying·system16888 #·Retrieve·hardware·architecture·of·the·underlying·system
16889 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)16889 [·&quot;$(getconf·LONG_BIT)&quot;·=·&quot;32&quot;·]·&amp;&amp;·RULE_ARCHS=(&quot;b32&quot;)·||·RULE_ARCHS=(&quot;b32&quot;·&quot;b64&quot;)
  
16890 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;16890 for·ARCH·in·&quot;${RULE_ARCHS[@]}&quot;
16891 do16891 do
Offset 17570, 15 lines modifiedOffset 17570, 15 lines modified
17570 ··········<xccdf-1.2:reference·href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</xccdf-1.2:reference>17570 ··········<xccdf-1.2:reference·href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12(c)</xccdf-1.2:reference>
17571 ··········<xccdf-1.2:reference·href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</xccdf-1.2:reference>17571 ··········<xccdf-1.2:reference·href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf">AU-12.1(iv)</xccdf-1.2:reference>
17572 ··········<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000472-GPOS-00217</xccdf-1.2:reference>17572 ··········<xccdf-1.2:reference·href="https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cgeneral-purpose-os">SRG-OS-000472-GPOS-00217</xccdf-1.2:reference>
Max diff block lines reached; 266231/271732 bytes (97.98%) of diff not shown.
4.93 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2204-ds-1.2.xml
4.81 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2204-ds-1.2.xml
    
Offset 76545, 16 lines modifiedOffset 76545, 16 lines modified
76545 ··-·no_reboot_needed76545 ··-·no_reboot_needed
  
76546 -·name:·Test·for·existence·/boot/grub/grub.cfg76546 -·name:·Test·for·existence·/boot/grub/grub.cfg
76547 ··stat:76547 ··stat:
76548 ····path:·/boot/grub/grub.cfg76548 ····path:·/boot/grub/grub.cfg
76549 ··register:·file_exists76549 ··register:·file_exists
76550 ··when:76550 ··when:
76551 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
76552 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'76551 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 76552 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
76553 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]76553 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
76554 ··tags:76554 ··tags:
76555 ··-·CJIS-5.5.2.276555 ··-·CJIS-5.5.2.2
76556 ··-·NIST-800-171-3.4.576556 ··-·NIST-800-171-3.4.5
76557 ··-·NIST-800-53-AC-6(1)76557 ··-·NIST-800-53-AC-6(1)
76558 ··-·NIST-800-53-CM-6(a)76558 ··-·NIST-800-53-CM-6(a)
76559 ··-·PCI-DSS-Req-7.176559 ··-·PCI-DSS-Req-7.1
Offset 76566, 16 lines modifiedOffset 76566, 16 lines modified
76566 ··-·no_reboot_needed76566 ··-·no_reboot_needed
  
76567 -·name:·Ensure·owner·0·on·/boot/grub/grub.cfg76567 -·name:·Ensure·owner·0·on·/boot/grub/grub.cfg
76568 ··file:76568 ··file:
76569 ····path:·/boot/grub/grub.cfg76569 ····path:·/boot/grub/grub.cfg
76570 ····owner:·'0'76570 ····owner:·'0'
76571 ··when:76571 ··when:
76572 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
76573 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'76572 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 76573 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
76574 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]76574 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
76575 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists76575 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
76576 ··tags:76576 ··tags:
76577 ··-·CJIS-5.5.2.276577 ··-·CJIS-5.5.2.2
76578 ··-·NIST-800-171-3.4.576578 ··-·NIST-800-171-3.4.5
76579 ··-·NIST-800-53-AC-6(1)76579 ··-·NIST-800-53-AC-6(1)
76580 ··-·NIST-800-53-CM-6(a)76580 ··-·NIST-800-53-CM-6(a)
Offset 76583, 15 lines modifiedOffset 76583, 15 lines modified
76583 ··-·configure_strategy76583 ··-·configure_strategy
76584 ··-·file_owner_grub2_cfg76584 ··-·file_owner_grub2_cfg
76585 ··-·low_complexity76585 ··-·low_complexity
76586 ··-·low_disruption76586 ··-·low_disruption
76587 ··-·medium_severity76587 ··-·medium_severity
76588 ··-·no_reboot_needed</xccdf-1.2:fix>76588 ··-·no_reboot_needed</xccdf-1.2:fix>
76589 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms76589 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
76590 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2&gt;/dev/null·|·grep·-q·installed·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then76590 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2&gt;/dev/null·|·grep·-q·installed·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
76591 chown·0·/boot/grub/grub.cfg76591 chown·0·/boot/grub/grub.cfg
  
76592 else76592 else
76593 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'76593 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
76594 fi</xccdf-1.2:fix>76594 fi</xccdf-1.2:fix>
76595 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">76595 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 76687, 16 lines modifiedOffset 76687, 16 lines modified
76687 ··-·no_reboot_needed76687 ··-·no_reboot_needed
  
76688 -·name:·Test·for·existence·/boot/grub/grub.cfg76688 -·name:·Test·for·existence·/boot/grub/grub.cfg
76689 ··stat:76689 ··stat:
76690 ····path:·/boot/grub/grub.cfg76690 ····path:·/boot/grub/grub.cfg
76691 ··register:·file_exists76691 ··register:·file_exists
76692 ··when:76692 ··when:
76693 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
76694 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'76693 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 76694 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
76695 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]76695 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
76696 ··tags:76696 ··tags:
76697 ··-·NIST-800-171-3.4.576697 ··-·NIST-800-171-3.4.5
76698 ··-·NIST-800-53-AC-6(1)76698 ··-·NIST-800-53-AC-6(1)
76699 ··-·NIST-800-53-CM-6(a)76699 ··-·NIST-800-53-CM-6(a)
76700 ··-·configure_strategy76700 ··-·configure_strategy
76701 ··-·file_permissions_grub2_cfg76701 ··-·file_permissions_grub2_cfg
Offset 76706, 30 lines modifiedOffset 76706, 30 lines modified
76706 ··-·no_reboot_needed76706 ··-·no_reboot_needed
  
76707 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg76707 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg
76708 ··file:76708 ··file:
76709 ····path:·/boot/grub/grub.cfg76709 ····path:·/boot/grub/grub.cfg
76710 ····mode:·u-xs,g-xwrs,o-xwrt76710 ····mode:·u-xs,g-xwrs,o-xwrt
76711 ··when:76711 ··when:
76712 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
76713 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'76712 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 76713 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
76714 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]76714 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
76715 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists76715 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
76716 ··tags:76716 ··tags:
76717 ··-·NIST-800-171-3.4.576717 ··-·NIST-800-171-3.4.5
76718 ··-·NIST-800-53-AC-6(1)76718 ··-·NIST-800-53-AC-6(1)
76719 ··-·NIST-800-53-CM-6(a)76719 ··-·NIST-800-53-CM-6(a)
76720 ··-·configure_strategy76720 ··-·configure_strategy
76721 ··-·file_permissions_grub2_cfg76721 ··-·file_permissions_grub2_cfg
76722 ··-·low_complexity76722 ··-·low_complexity
76723 ··-·low_disruption76723 ··-·low_disruption
76724 ··-·medium_severity76724 ··-·medium_severity
76725 ··-·no_reboot_needed</xccdf-1.2:fix>76725 ··-·no_reboot_needed</xccdf-1.2:fix>
76726 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_permissions_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms76726 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_permissions_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
76727 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2&gt;/dev/null·|·grep·-q·installed·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then76727 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2&gt;/dev/null·|·grep·-q·installed·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
76728 chmod·u-xs,g-xwrs,o-xwrt·/boot/grub/grub.cfg76728 chmod·u-xs,g-xwrs,o-xwrt·/boot/grub/grub.cfg
  
76729 else76729 else
76730 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'76730 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
76731 fi</xccdf-1.2:fix>76731 fi</xccdf-1.2:fix>
76732 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">76732 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
4.91 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2204-ds.xml
4.8 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2204-ds.xml
    
Offset 76545, 16 lines modifiedOffset 76545, 16 lines modified
76545 ··-·no_reboot_needed76545 ··-·no_reboot_needed
  
76546 -·name:·Test·for·existence·/boot/grub/grub.cfg76546 -·name:·Test·for·existence·/boot/grub/grub.cfg
76547 ··stat:76547 ··stat:
76548 ····path:·/boot/grub/grub.cfg76548 ····path:·/boot/grub/grub.cfg
76549 ··register:·file_exists76549 ··register:·file_exists
76550 ··when:76550 ··when:
76551 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
76552 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'76551 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 76552 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
76553 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]76553 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
76554 ··tags:76554 ··tags:
76555 ··-·CJIS-5.5.2.276555 ··-·CJIS-5.5.2.2
76556 ··-·NIST-800-171-3.4.576556 ··-·NIST-800-171-3.4.5
76557 ··-·NIST-800-53-AC-6(1)76557 ··-·NIST-800-53-AC-6(1)
76558 ··-·NIST-800-53-CM-6(a)76558 ··-·NIST-800-53-CM-6(a)
76559 ··-·PCI-DSS-Req-7.176559 ··-·PCI-DSS-Req-7.1
Offset 76566, 16 lines modifiedOffset 76566, 16 lines modified
76566 ··-·no_reboot_needed76566 ··-·no_reboot_needed
  
76567 -·name:·Ensure·owner·0·on·/boot/grub/grub.cfg76567 -·name:·Ensure·owner·0·on·/boot/grub/grub.cfg
76568 ··file:76568 ··file:
76569 ····path:·/boot/grub/grub.cfg76569 ····path:·/boot/grub/grub.cfg
76570 ····owner:·'0'76570 ····owner:·'0'
76571 ··when:76571 ··when:
76572 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
76573 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'76572 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 76573 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
76574 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]76574 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
76575 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists76575 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
76576 ··tags:76576 ··tags:
76577 ··-·CJIS-5.5.2.276577 ··-·CJIS-5.5.2.2
76578 ··-·NIST-800-171-3.4.576578 ··-·NIST-800-171-3.4.5
76579 ··-·NIST-800-53-AC-6(1)76579 ··-·NIST-800-53-AC-6(1)
76580 ··-·NIST-800-53-CM-6(a)76580 ··-·NIST-800-53-CM-6(a)
Offset 76583, 15 lines modifiedOffset 76583, 15 lines modified
76583 ··-·configure_strategy76583 ··-·configure_strategy
76584 ··-·file_owner_grub2_cfg76584 ··-·file_owner_grub2_cfg
76585 ··-·low_complexity76585 ··-·low_complexity
76586 ··-·low_disruption76586 ··-·low_disruption
76587 ··-·medium_severity76587 ··-·medium_severity
76588 ··-·no_reboot_needed</xccdf-1.2:fix>76588 ··-·no_reboot_needed</xccdf-1.2:fix>
76589 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms76589 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
76590 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2&gt;/dev/null·|·grep·-q·installed·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then76590 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2&gt;/dev/null·|·grep·-q·installed·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
76591 chown·0·/boot/grub/grub.cfg76591 chown·0·/boot/grub/grub.cfg
  
76592 else76592 else
76593 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'76593 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
76594 fi</xccdf-1.2:fix>76594 fi</xccdf-1.2:fix>
76595 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">76595 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 76687, 16 lines modifiedOffset 76687, 16 lines modified
76687 ··-·no_reboot_needed76687 ··-·no_reboot_needed
  
76688 -·name:·Test·for·existence·/boot/grub/grub.cfg76688 -·name:·Test·for·existence·/boot/grub/grub.cfg
76689 ··stat:76689 ··stat:
76690 ····path:·/boot/grub/grub.cfg76690 ····path:·/boot/grub/grub.cfg
76691 ··register:·file_exists76691 ··register:·file_exists
76692 ··when:76692 ··when:
76693 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
76694 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'76693 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 76694 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
76695 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]76695 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
76696 ··tags:76696 ··tags:
76697 ··-·NIST-800-171-3.4.576697 ··-·NIST-800-171-3.4.5
76698 ··-·NIST-800-53-AC-6(1)76698 ··-·NIST-800-53-AC-6(1)
76699 ··-·NIST-800-53-CM-6(a)76699 ··-·NIST-800-53-CM-6(a)
76700 ··-·configure_strategy76700 ··-·configure_strategy
76701 ··-·file_permissions_grub2_cfg76701 ··-·file_permissions_grub2_cfg
Offset 76706, 30 lines modifiedOffset 76706, 30 lines modified
76706 ··-·no_reboot_needed76706 ··-·no_reboot_needed
  
76707 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg76707 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg
76708 ··file:76708 ··file:
76709 ····path:·/boot/grub/grub.cfg76709 ····path:·/boot/grub/grub.cfg
76710 ····mode:·u-xs,g-xwrs,o-xwrt76710 ····mode:·u-xs,g-xwrs,o-xwrt
76711 ··when:76711 ··when:
76712 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
76713 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'76712 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 76713 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
76714 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]76714 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
76715 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists76715 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
76716 ··tags:76716 ··tags:
76717 ··-·NIST-800-171-3.4.576717 ··-·NIST-800-171-3.4.5
76718 ··-·NIST-800-53-AC-6(1)76718 ··-·NIST-800-53-AC-6(1)
76719 ··-·NIST-800-53-CM-6(a)76719 ··-·NIST-800-53-CM-6(a)
76720 ··-·configure_strategy76720 ··-·configure_strategy
76721 ··-·file_permissions_grub2_cfg76721 ··-·file_permissions_grub2_cfg
76722 ··-·low_complexity76722 ··-·low_complexity
76723 ··-·low_disruption76723 ··-·low_disruption
76724 ··-·medium_severity76724 ··-·medium_severity
76725 ··-·no_reboot_needed</xccdf-1.2:fix>76725 ··-·no_reboot_needed</xccdf-1.2:fix>
76726 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_permissions_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms76726 ··············<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_permissions_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
76727 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2&gt;/dev/null·|·grep·-q·installed·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then76727 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2&gt;/dev/null·|·grep·-q·installed·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
76728 chmod·u-xs,g-xwrs,o-xwrt·/boot/grub/grub.cfg76728 chmod·u-xs,g-xwrs,o-xwrt·/boot/grub/grub.cfg
  
76729 else76729 else
76730 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'76730 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
76731 fi</xccdf-1.2:fix>76731 fi</xccdf-1.2:fix>
76732 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">76732 ··············<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
4.91 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2204-xccdf.xml
4.79 KB
./usr/share/xml/scap/ssg/content/ssg-ubuntu2204-xccdf.xml
    
Offset 76441, 16 lines modifiedOffset 76441, 16 lines modified
76441 ··-·no_reboot_needed76441 ··-·no_reboot_needed
  
76442 -·name:·Test·for·existence·/boot/grub/grub.cfg76442 -·name:·Test·for·existence·/boot/grub/grub.cfg
76443 ··stat:76443 ··stat:
76444 ····path:·/boot/grub/grub.cfg76444 ····path:·/boot/grub/grub.cfg
76445 ··register:·file_exists76445 ··register:·file_exists
76446 ··when:76446 ··when:
76447 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
76448 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'76447 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 76448 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
76449 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]76449 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
76450 ··tags:76450 ··tags:
76451 ··-·CJIS-5.5.2.276451 ··-·CJIS-5.5.2.2
76452 ··-·NIST-800-171-3.4.576452 ··-·NIST-800-171-3.4.5
76453 ··-·NIST-800-53-AC-6(1)76453 ··-·NIST-800-53-AC-6(1)
76454 ··-·NIST-800-53-CM-6(a)76454 ··-·NIST-800-53-CM-6(a)
76455 ··-·PCI-DSS-Req-7.176455 ··-·PCI-DSS-Req-7.1
Offset 76462, 16 lines modifiedOffset 76462, 16 lines modified
76462 ··-·no_reboot_needed76462 ··-·no_reboot_needed
  
76463 -·name:·Ensure·owner·0·on·/boot/grub/grub.cfg76463 -·name:·Ensure·owner·0·on·/boot/grub/grub.cfg
76464 ··file:76464 ··file:
76465 ····path:·/boot/grub/grub.cfg76465 ····path:·/boot/grub/grub.cfg
76466 ····owner:·'0'76466 ····owner:·'0'
76467 ··when:76467 ··when:
76468 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
76469 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'76468 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 76469 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
76470 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]76470 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
76471 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists76471 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
76472 ··tags:76472 ··tags:
76473 ··-·CJIS-5.5.2.276473 ··-·CJIS-5.5.2.2
76474 ··-·NIST-800-171-3.4.576474 ··-·NIST-800-171-3.4.5
76475 ··-·NIST-800-53-AC-6(1)76475 ··-·NIST-800-53-AC-6(1)
76476 ··-·NIST-800-53-CM-6(a)76476 ··-·NIST-800-53-CM-6(a)
Offset 76479, 15 lines modifiedOffset 76479, 15 lines modified
76479 ··-·configure_strategy76479 ··-·configure_strategy
76480 ··-·file_owner_grub2_cfg76480 ··-·file_owner_grub2_cfg
76481 ··-·low_complexity76481 ··-·low_complexity
76482 ··-·low_disruption76482 ··-·low_disruption
76483 ··-·medium_severity76483 ··-·medium_severity
76484 ··-·no_reboot_needed</xccdf-1.2:fix>76484 ··-·no_reboot_needed</xccdf-1.2:fix>
76485 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms76485 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_owner_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
76486 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2&gt;/dev/null·|·grep·-q·installed·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then76486 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2&gt;/dev/null·|·grep·-q·installed·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
76487 chown·0·/boot/grub/grub.cfg76487 chown·0·/boot/grub/grub.cfg
  
76488 else76488 else
76489 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'76489 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
76490 fi</xccdf-1.2:fix>76490 fi</xccdf-1.2:fix>
76491 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">76491 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
Offset 76583, 16 lines modifiedOffset 76583, 16 lines modified
76583 ··-·no_reboot_needed76583 ··-·no_reboot_needed
  
76584 -·name:·Test·for·existence·/boot/grub/grub.cfg76584 -·name:·Test·for·existence·/boot/grub/grub.cfg
76585 ··stat:76585 ··stat:
76586 ····path:·/boot/grub/grub.cfg76586 ····path:·/boot/grub/grub.cfg
76587 ··register:·file_exists76587 ··register:·file_exists
76588 ··when:76588 ··when:
76589 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
76590 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'76589 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 76590 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
76591 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]76591 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
76592 ··tags:76592 ··tags:
76593 ··-·NIST-800-171-3.4.576593 ··-·NIST-800-171-3.4.5
76594 ··-·NIST-800-53-AC-6(1)76594 ··-·NIST-800-53-AC-6(1)
76595 ··-·NIST-800-53-CM-6(a)76595 ··-·NIST-800-53-CM-6(a)
76596 ··-·configure_strategy76596 ··-·configure_strategy
76597 ··-·file_permissions_grub2_cfg76597 ··-·file_permissions_grub2_cfg
Offset 76602, 30 lines modifiedOffset 76602, 30 lines modified
76602 ··-·no_reboot_needed76602 ··-·no_reboot_needed
  
76603 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg76603 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub/grub.cfg
76604 ··file:76604 ··file:
76605 ····path:·/boot/grub/grub.cfg76605 ····path:·/boot/grub/grub.cfg
76606 ····mode:·u-xs,g-xwrs,o-xwrt76606 ····mode:·u-xs,g-xwrs,o-xwrt
76607 ··when:76607 ··when:
76608 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages' 
76609 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'76608 ··-·'&quot;/boot/efi&quot;·not·in·ansible_mounts·|·map(attribute=&quot;mount&quot;)·|·list'
 76609 ··-·'&quot;grub2-common&quot;·in·ansible_facts.packages'
76610 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]76610 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
76611 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists76611 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
76612 ··tags:76612 ··tags:
76613 ··-·NIST-800-171-3.4.576613 ··-·NIST-800-171-3.4.5
76614 ··-·NIST-800-53-AC-6(1)76614 ··-·NIST-800-53-AC-6(1)
76615 ··-·NIST-800-53-CM-6(a)76615 ··-·NIST-800-53-CM-6(a)
76616 ··-·configure_strategy76616 ··-·configure_strategy
76617 ··-·file_permissions_grub2_cfg76617 ··-·file_permissions_grub2_cfg
76618 ··-·low_complexity76618 ··-·low_complexity
76619 ··-·low_disruption76619 ··-·low_disruption
76620 ··-·medium_severity76620 ··-·medium_severity
76621 ··-·no_reboot_needed</xccdf-1.2:fix>76621 ··-·no_reboot_needed</xccdf-1.2:fix>
76622 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_permissions_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms76622 ··········<xccdf-1.2:fix·system="urn:xccdf:fix:script:sh"·id="file_permissions_grub2_cfg"·complexity="low"·disruption="low"·reboot="false"·strategy="configure">#·Remediation·is·applicable·only·in·certain·platforms
76623 if·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2&gt;/dev/null·|·grep·-q·installed·&amp;&amp;·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then76623 if·[·!·-f·/sys/firmware/efi·]·&amp;&amp;·dpkg-query·--show·--showformat='${db:Status-Status}\n'·'grub2-common'·2&gt;/dev/null·|·grep·-q·installed·&amp;&amp;·{·[·!·-f·/.dockerenv·]·&amp;&amp;·[·!·-f·/run/.containerenv·];·};·then
  
76624 chmod·u-xs,g-xwrs,o-xwrt·/boot/grub/grub.cfg76624 chmod·u-xs,g-xwrs,o-xwrt·/boot/grub/grub.cfg
  
76625 else76625 else
76626 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'76626 ····&gt;&amp;2·echo·'Remediation·is·not·applicable,·nothing·was·done'
76627 fi</xccdf-1.2:fix>76627 fi</xccdf-1.2:fix>
76628 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">76628 ··········<xccdf-1.2:check·system="http://oval.mitre.org/XMLSchema/oval-definitions-5">
159 KB
ssg-debian_0.1.65-1_all.deb
452 B
file list
    
Offset 1, 3 lines modifiedOffset 1, 3 lines modified
1 -rw-r--r--···0········0········0········4·2022-12-20·09:54:05.000000·debian-binary1 -rw-r--r--···0········0········0········4·2022-12-20·09:54:05.000000·debian-binary
2 -rw-r--r--···0········0········0·····1824·2022-12-20·09:54:05.000000·control.tar.xz2 -rw-r--r--···0········0········0·····1820·2022-12-20·09:54:05.000000·control.tar.xz
3 -rw-r--r--···0········0········0···826596·2022-12-20·09:54:05.000000·data.tar.xz3 -rw-r--r--···0········0········0···826496·2022-12-20·09:54:05.000000·data.tar.xz
98.0 B
control.tar.xz
70.0 B
control.tar
48.0 B
./md5sums
30.0 B
./md5sums
Files differ
158 KB
data.tar.xz
158 KB
data.tar
52.8 KB
./usr/share/xml/scap/ssg/content/ssg-debian10-ds-1.2.xml
52.7 KB
./usr/share/xml/scap/ssg/content/ssg-debian10-ds-1.2.xml
    
Offset 8329, 16 lines modifiedOffset 8329, 16 lines modified
  
8329 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension8329 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
8330 ··find:8330 ··find:
8331 ····paths:·/etc/audit/rules.d/8331 ····paths:·/etc/audit/rules.d/
8332 ····patterns:·'*.rules'8332 ····patterns:·'*.rules'
8333 ··register:·find_rules_d8333 ··register:·find_rules_d
8334 ··when:8334 ··when:
8335 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
8336 ··-·'&quot;audit&quot;·in·ansible_facts.packages'8335 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 8336 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
8337 ··tags:8337 ··tags:
8338 ··-·CJIS-5.4.1.18338 ··-·CJIS-5.4.1.1
8339 ··-·NIST-800-171-3.3.18339 ··-·NIST-800-171-3.3.1
8340 ··-·NIST-800-171-3.4.38340 ··-·NIST-800-171-3.4.3
8341 ··-·NIST-800-53-AC-6(9)8341 ··-·NIST-800-53-AC-6(9)
8342 ··-·NIST-800-53-CM-6(a)8342 ··-·NIST-800-53-CM-6(a)
8343 ··-·PCI-DSS-Req-10.5.28343 ··-·PCI-DSS-Req-10.5.2
Offset 8353, 16 lines modifiedOffset 8353, 16 lines modified
8353 ··lineinfile:8353 ··lineinfile:
8354 ····path:·'{{·item·}}'8354 ····path:·'{{·item·}}'
8355 ····regexp:·^\s*(?:-e)\s+.*$8355 ····regexp:·^\s*(?:-e)\s+.*$
8356 ····state:·absent8356 ····state:·absent
8357 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']8357 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
8358 ····}}'8358 ····}}'
8359 ··when:8359 ··when:
8360 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
8361 ··-·'&quot;audit&quot;·in·ansible_facts.packages'8360 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 8361 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
8362 ··tags:8362 ··tags:
8363 ··-·CJIS-5.4.1.18363 ··-·CJIS-5.4.1.1
8364 ··-·NIST-800-171-3.3.18364 ··-·NIST-800-171-3.3.1
8365 ··-·NIST-800-171-3.4.38365 ··-·NIST-800-171-3.4.3
8366 ··-·NIST-800-53-AC-6(9)8366 ··-·NIST-800-53-AC-6(9)
8367 ··-·NIST-800-53-CM-6(a)8367 ··-·NIST-800-53-CM-6(a)
8368 ··-·PCI-DSS-Req-10.5.28368 ··-·PCI-DSS-Req-10.5.2
Offset 8379, 16 lines modifiedOffset 8379, 16 lines modified
8379 ····create:·true8379 ····create:·true
8380 ····line:·-e·28380 ····line:·-e·2
8381 ····mode:·o-rwx8381 ····mode:·o-rwx
8382 ··loop:8382 ··loop:
8383 ··-·/etc/audit/audit.rules8383 ··-·/etc/audit/audit.rules
8384 ··-·/etc/audit/rules.d/immutable.rules8384 ··-·/etc/audit/rules.d/immutable.rules
8385 ··when:8385 ··when:
8386 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
8387 ··-·'&quot;audit&quot;·in·ansible_facts.packages'8386 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 8387 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
8388 ··tags:8388 ··tags:
8389 ··-·CJIS-5.4.1.18389 ··-·CJIS-5.4.1.1
8390 ··-·NIST-800-171-3.3.18390 ··-·NIST-800-171-3.3.1
8391 ··-·NIST-800-171-3.4.38391 ··-·NIST-800-171-3.4.3
8392 ··-·NIST-800-53-AC-6(9)8392 ··-·NIST-800-53-AC-6(9)
8393 ··-·NIST-800-53-CM-6(a)8393 ··-·NIST-800-53-CM-6(a)
8394 ··-·PCI-DSS-Req-10.5.28394 ··-·PCI-DSS-Req-10.5.2
Offset 9268, 16 lines modifiedOffset 9268, 16 lines modified
9268 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/9268 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
9269 ··find:9269 ··find:
9270 ····paths:·/etc/audit/rules.d9270 ····paths:·/etc/audit/rules.d
9271 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+9271 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
9272 ····patterns:·'*.rules'9272 ····patterns:·'*.rules'
9273 ··register:·find_existing_watch_rules_d9273 ··register:·find_existing_watch_rules_d
9274 ··when:9274 ··when:
9275 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
9276 ··-·'&quot;audit&quot;·in·ansible_facts.packages'9275 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 9276 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
9277 ··tags:9277 ··tags:
9278 ··-·CJIS-5.4.1.19278 ··-·CJIS-5.4.1.1
9279 ··-·NIST-800-171-3.1.79279 ··-·NIST-800-171-3.1.7
9280 ··-·NIST-800-53-AC-2(7)(b)9280 ··-·NIST-800-53-AC-2(7)(b)
9281 ··-·NIST-800-53-AC-6(9)9281 ··-·NIST-800-53-AC-6(9)
9282 ··-·NIST-800-53-AU-12(c)9282 ··-·NIST-800-53-AU-12(c)
9283 ··-·NIST-800-53-AU-2(d)9283 ··-·NIST-800-53-AU-2(d)
Offset 9294, 16 lines modifiedOffset 9294, 16 lines modified
9294 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions9294 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
9295 ··find:9295 ··find:
9296 ····paths:·/etc/audit/rules.d9296 ····paths:·/etc/audit/rules.d
9297 ····contains:·^.*(?:-F·key=|-k\s+)actions$9297 ····contains:·^.*(?:-F·key=|-k\s+)actions$
9298 ····patterns:·'*.rules'9298 ····patterns:·'*.rules'
9299 ··register:·find_watch_key9299 ··register:·find_watch_key
9300 ··when:9300 ··when:
9301 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
9302 ··-·'&quot;audit&quot;·in·ansible_facts.packages'9301 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 9302 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
9303 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched9303 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
9304 ····==·09304 ····==·0
9305 ··tags:9305 ··tags:
9306 ··-·CJIS-5.4.1.19306 ··-·CJIS-5.4.1.1
9307 ··-·NIST-800-171-3.1.79307 ··-·NIST-800-171-3.1.7
9308 ··-·NIST-800-53-AC-2(7)(b)9308 ··-·NIST-800-53-AC-2(7)(b)
9309 ··-·NIST-800-53-AC-6(9)9309 ··-·NIST-800-53-AC-6(9)
Offset 9320, 16 lines modifiedOffset 9320, 16 lines modified
9320 ··-·restrict_strategy9320 ··-·restrict_strategy
  
9321 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule9321 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule
9322 ··set_fact:9322 ··set_fact:
9323 ····all_files:9323 ····all_files:
9324 ····-·/etc/audit/rules.d/actions.rules9324 ····-·/etc/audit/rules.d/actions.rules
9325 ··when:9325 ··when:
9326 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
9327 ··-·'&quot;audit&quot;·in·ansible_facts.packages'9326 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 9327 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
9328 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched9328 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
9329 ····is·defined·and·find_existing_watch_rules_d.matched·==·09329 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
9330 ··tags:9330 ··tags:
9331 ··-·CJIS-5.4.1.19331 ··-·CJIS-5.4.1.1
9332 ··-·NIST-800-171-3.1.79332 ··-·NIST-800-171-3.1.7
9333 ··-·NIST-800-53-AC-2(7)(b)9333 ··-·NIST-800-53-AC-2(7)(b)
9334 ··-·NIST-800-53-AC-6(9)9334 ··-·NIST-800-53-AC-6(9)
Offset 9346, 16 lines modifiedOffset 9346, 16 lines modified
9346 ··-·restrict_strategy9346 ··-·restrict_strategy
  
9347 -·name:·Use·matched·file·as·the·recipient·for·the·rule9347 -·name:·Use·matched·file·as·the·recipient·for·the·rule
9348 ··set_fact:9348 ··set_fact:
9349 ····all_files:9349 ····all_files:
9350 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'9350 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
9351 ··when:9351 ··when:
9352 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
9353 ··-·'&quot;audit&quot;·in·ansible_facts.packages'9352 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 9353 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
9354 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·&gt;·0·and·find_existing_watch_rules_d.matched9354 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·&gt;·0·and·find_existing_watch_rules_d.matched
9355 ····is·defined·and·find_existing_watch_rules_d.matched·==·09355 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
9356 ··tags:9356 ··tags:
9357 ··-·CJIS-5.4.1.19357 ··-·CJIS-5.4.1.1
9358 ··-·NIST-800-171-3.1.79358 ··-·NIST-800-171-3.1.7
9359 ··-·NIST-800-53-AC-2(7)(b)9359 ··-·NIST-800-53-AC-2(7)(b)
9360 ··-·NIST-800-53-AC-6(9)9360 ··-·NIST-800-53-AC-6(9)
Offset 9374, 16 lines modifiedOffset 9374, 16 lines modified
9374 -·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/9374 -·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/
Max diff block lines reached; 48555/53886 bytes (90.11%) of diff not shown.
52.8 KB
./usr/share/xml/scap/ssg/content/ssg-debian10-ds.xml
52.7 KB
./usr/share/xml/scap/ssg/content/ssg-debian10-ds.xml
    
Offset 8329, 16 lines modifiedOffset 8329, 16 lines modified
  
8329 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension8329 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
8330 ··find:8330 ··find:
8331 ····paths:·/etc/audit/rules.d/8331 ····paths:·/etc/audit/rules.d/
8332 ····patterns:·'*.rules'8332 ····patterns:·'*.rules'
8333 ··register:·find_rules_d8333 ··register:·find_rules_d
8334 ··when:8334 ··when:
8335 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
8336 ··-·'&quot;audit&quot;·in·ansible_facts.packages'8335 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 8336 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
8337 ··tags:8337 ··tags:
8338 ··-·CJIS-5.4.1.18338 ··-·CJIS-5.4.1.1
8339 ··-·NIST-800-171-3.3.18339 ··-·NIST-800-171-3.3.1
8340 ··-·NIST-800-171-3.4.38340 ··-·NIST-800-171-3.4.3
8341 ··-·NIST-800-53-AC-6(9)8341 ··-·NIST-800-53-AC-6(9)
8342 ··-·NIST-800-53-CM-6(a)8342 ··-·NIST-800-53-CM-6(a)
8343 ··-·PCI-DSS-Req-10.5.28343 ··-·PCI-DSS-Req-10.5.2
Offset 8353, 16 lines modifiedOffset 8353, 16 lines modified
8353 ··lineinfile:8353 ··lineinfile:
8354 ····path:·'{{·item·}}'8354 ····path:·'{{·item·}}'
8355 ····regexp:·^\s*(?:-e)\s+.*$8355 ····regexp:·^\s*(?:-e)\s+.*$
8356 ····state:·absent8356 ····state:·absent
8357 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']8357 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
8358 ····}}'8358 ····}}'
8359 ··when:8359 ··when:
8360 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
8361 ··-·'&quot;audit&quot;·in·ansible_facts.packages'8360 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 8361 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
8362 ··tags:8362 ··tags:
8363 ··-·CJIS-5.4.1.18363 ··-·CJIS-5.4.1.1
8364 ··-·NIST-800-171-3.3.18364 ··-·NIST-800-171-3.3.1
8365 ··-·NIST-800-171-3.4.38365 ··-·NIST-800-171-3.4.3
8366 ··-·NIST-800-53-AC-6(9)8366 ··-·NIST-800-53-AC-6(9)
8367 ··-·NIST-800-53-CM-6(a)8367 ··-·NIST-800-53-CM-6(a)
8368 ··-·PCI-DSS-Req-10.5.28368 ··-·PCI-DSS-Req-10.5.2
Offset 8379, 16 lines modifiedOffset 8379, 16 lines modified
8379 ····create:·true8379 ····create:·true
8380 ····line:·-e·28380 ····line:·-e·2
8381 ····mode:·o-rwx8381 ····mode:·o-rwx
8382 ··loop:8382 ··loop:
8383 ··-·/etc/audit/audit.rules8383 ··-·/etc/audit/audit.rules
8384 ··-·/etc/audit/rules.d/immutable.rules8384 ··-·/etc/audit/rules.d/immutable.rules
8385 ··when:8385 ··when:
8386 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
8387 ··-·'&quot;audit&quot;·in·ansible_facts.packages'8386 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 8387 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
8388 ··tags:8388 ··tags:
8389 ··-·CJIS-5.4.1.18389 ··-·CJIS-5.4.1.1
8390 ··-·NIST-800-171-3.3.18390 ··-·NIST-800-171-3.3.1
8391 ··-·NIST-800-171-3.4.38391 ··-·NIST-800-171-3.4.3
8392 ··-·NIST-800-53-AC-6(9)8392 ··-·NIST-800-53-AC-6(9)
8393 ··-·NIST-800-53-CM-6(a)8393 ··-·NIST-800-53-CM-6(a)
8394 ··-·PCI-DSS-Req-10.5.28394 ··-·PCI-DSS-Req-10.5.2
Offset 9268, 16 lines modifiedOffset 9268, 16 lines modified
9268 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/9268 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
9269 ··find:9269 ··find:
9270 ····paths:·/etc/audit/rules.d9270 ····paths:·/etc/audit/rules.d
9271 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+9271 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
9272 ····patterns:·'*.rules'9272 ····patterns:·'*.rules'
9273 ··register:·find_existing_watch_rules_d9273 ··register:·find_existing_watch_rules_d
9274 ··when:9274 ··when:
9275 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
9276 ··-·'&quot;audit&quot;·in·ansible_facts.packages'9275 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 9276 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
9277 ··tags:9277 ··tags:
9278 ··-·CJIS-5.4.1.19278 ··-·CJIS-5.4.1.1
9279 ··-·NIST-800-171-3.1.79279 ··-·NIST-800-171-3.1.7
9280 ··-·NIST-800-53-AC-2(7)(b)9280 ··-·NIST-800-53-AC-2(7)(b)
9281 ··-·NIST-800-53-AC-6(9)9281 ··-·NIST-800-53-AC-6(9)
9282 ··-·NIST-800-53-AU-12(c)9282 ··-·NIST-800-53-AU-12(c)
9283 ··-·NIST-800-53-AU-2(d)9283 ··-·NIST-800-53-AU-2(d)
Offset 9294, 16 lines modifiedOffset 9294, 16 lines modified
9294 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions9294 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
9295 ··find:9295 ··find:
9296 ····paths:·/etc/audit/rules.d9296 ····paths:·/etc/audit/rules.d
9297 ····contains:·^.*(?:-F·key=|-k\s+)actions$9297 ····contains:·^.*(?:-F·key=|-k\s+)actions$
9298 ····patterns:·'*.rules'9298 ····patterns:·'*.rules'
9299 ··register:·find_watch_key9299 ··register:·find_watch_key
9300 ··when:9300 ··when:
9301 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
9302 ··-·'&quot;audit&quot;·in·ansible_facts.packages'9301 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 9302 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
9303 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched9303 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
9304 ····==·09304 ····==·0
9305 ··tags:9305 ··tags:
9306 ··-·CJIS-5.4.1.19306 ··-·CJIS-5.4.1.1
9307 ··-·NIST-800-171-3.1.79307 ··-·NIST-800-171-3.1.7
9308 ··-·NIST-800-53-AC-2(7)(b)9308 ··-·NIST-800-53-AC-2(7)(b)
9309 ··-·NIST-800-53-AC-6(9)9309 ··-·NIST-800-53-AC-6(9)
Offset 9320, 16 lines modifiedOffset 9320, 16 lines modified
9320 ··-·restrict_strategy9320 ··-·restrict_strategy
  
9321 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule9321 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule
9322 ··set_fact:9322 ··set_fact:
9323 ····all_files:9323 ····all_files:
9324 ····-·/etc/audit/rules.d/actions.rules9324 ····-·/etc/audit/rules.d/actions.rules
9325 ··when:9325 ··when:
9326 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
9327 ··-·'&quot;audit&quot;·in·ansible_facts.packages'9326 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 9327 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
9328 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched9328 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
9329 ····is·defined·and·find_existing_watch_rules_d.matched·==·09329 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
9330 ··tags:9330 ··tags:
9331 ··-·CJIS-5.4.1.19331 ··-·CJIS-5.4.1.1
9332 ··-·NIST-800-171-3.1.79332 ··-·NIST-800-171-3.1.7
9333 ··-·NIST-800-53-AC-2(7)(b)9333 ··-·NIST-800-53-AC-2(7)(b)
9334 ··-·NIST-800-53-AC-6(9)9334 ··-·NIST-800-53-AC-6(9)
Offset 9346, 16 lines modifiedOffset 9346, 16 lines modified
9346 ··-·restrict_strategy9346 ··-·restrict_strategy
  
9347 -·name:·Use·matched·file·as·the·recipient·for·the·rule9347 -·name:·Use·matched·file·as·the·recipient·for·the·rule
9348 ··set_fact:9348 ··set_fact:
9349 ····all_files:9349 ····all_files:
9350 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'9350 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
9351 ··when:9351 ··when:
9352 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
9353 ··-·'&quot;audit&quot;·in·ansible_facts.packages'9352 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 9353 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
9354 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·&gt;·0·and·find_existing_watch_rules_d.matched9354 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·&gt;·0·and·find_existing_watch_rules_d.matched
9355 ····is·defined·and·find_existing_watch_rules_d.matched·==·09355 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
9356 ··tags:9356 ··tags:
9357 ··-·CJIS-5.4.1.19357 ··-·CJIS-5.4.1.1
9358 ··-·NIST-800-171-3.1.79358 ··-·NIST-800-171-3.1.7
9359 ··-·NIST-800-53-AC-2(7)(b)9359 ··-·NIST-800-53-AC-2(7)(b)
9360 ··-·NIST-800-53-AC-6(9)9360 ··-·NIST-800-53-AC-6(9)
Offset 9374, 16 lines modifiedOffset 9374, 16 lines modified
9374 -·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/9374 -·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/
Max diff block lines reached; 48555/53886 bytes (90.11%) of diff not shown.
52.7 KB
./usr/share/xml/scap/ssg/content/ssg-debian10-xccdf.xml
52.5 KB
./usr/share/xml/scap/ssg/content/ssg-debian10-xccdf.xml
    
Offset 8229, 16 lines modifiedOffset 8229, 16 lines modified
  
8229 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension8229 -·name:·Collect·all·files·from·/etc/audit/rules.d·with·.rules·extension
8230 ··find:8230 ··find:
8231 ····paths:·/etc/audit/rules.d/8231 ····paths:·/etc/audit/rules.d/
8232 ····patterns:·'*.rules'8232 ····patterns:·'*.rules'
8233 ··register:·find_rules_d8233 ··register:·find_rules_d
8234 ··when:8234 ··when:
8235 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
8236 ··-·'&quot;audit&quot;·in·ansible_facts.packages'8235 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 8236 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
8237 ··tags:8237 ··tags:
8238 ··-·CJIS-5.4.1.18238 ··-·CJIS-5.4.1.1
8239 ··-·NIST-800-171-3.3.18239 ··-·NIST-800-171-3.3.1
8240 ··-·NIST-800-171-3.4.38240 ··-·NIST-800-171-3.4.3
8241 ··-·NIST-800-53-AC-6(9)8241 ··-·NIST-800-53-AC-6(9)
8242 ··-·NIST-800-53-CM-6(a)8242 ··-·NIST-800-53-CM-6(a)
8243 ··-·PCI-DSS-Req-10.5.28243 ··-·PCI-DSS-Req-10.5.2
Offset 8253, 16 lines modifiedOffset 8253, 16 lines modified
8253 ··lineinfile:8253 ··lineinfile:
8254 ····path:·'{{·item·}}'8254 ····path:·'{{·item·}}'
8255 ····regexp:·^\s*(?:-e)\s+.*$8255 ····regexp:·^\s*(?:-e)\s+.*$
8256 ····state:·absent8256 ····state:·absent
8257 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']8257 ··loop:·'{{·find_rules_d.files·|·map(attribute=''path'')·|·list·+·[''/etc/audit/audit.rules'']
8258 ····}}'8258 ····}}'
8259 ··when:8259 ··when:
8260 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
8261 ··-·'&quot;audit&quot;·in·ansible_facts.packages'8260 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 8261 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
8262 ··tags:8262 ··tags:
8263 ··-·CJIS-5.4.1.18263 ··-·CJIS-5.4.1.1
8264 ··-·NIST-800-171-3.3.18264 ··-·NIST-800-171-3.3.1
8265 ··-·NIST-800-171-3.4.38265 ··-·NIST-800-171-3.4.3
8266 ··-·NIST-800-53-AC-6(9)8266 ··-·NIST-800-53-AC-6(9)
8267 ··-·NIST-800-53-CM-6(a)8267 ··-·NIST-800-53-CM-6(a)
8268 ··-·PCI-DSS-Req-10.5.28268 ··-·PCI-DSS-Req-10.5.2
Offset 8279, 16 lines modifiedOffset 8279, 16 lines modified
8279 ····create:·true8279 ····create:·true
8280 ····line:·-e·28280 ····line:·-e·2
8281 ····mode:·o-rwx8281 ····mode:·o-rwx
8282 ··loop:8282 ··loop:
8283 ··-·/etc/audit/audit.rules8283 ··-·/etc/audit/audit.rules
8284 ··-·/etc/audit/rules.d/immutable.rules8284 ··-·/etc/audit/rules.d/immutable.rules
8285 ··when:8285 ··when:
8286 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
8287 ··-·'&quot;audit&quot;·in·ansible_facts.packages'8286 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 8287 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
8288 ··tags:8288 ··tags:
8289 ··-·CJIS-5.4.1.18289 ··-·CJIS-5.4.1.1
8290 ··-·NIST-800-171-3.3.18290 ··-·NIST-800-171-3.3.1
8291 ··-·NIST-800-171-3.4.38291 ··-·NIST-800-171-3.4.3
8292 ··-·NIST-800-53-AC-6(9)8292 ··-·NIST-800-53-AC-6(9)
8293 ··-·NIST-800-53-CM-6(a)8293 ··-·NIST-800-53-CM-6(a)
8294 ··-·PCI-DSS-Req-10.5.28294 ··-·PCI-DSS-Req-10.5.2
Offset 9168, 16 lines modifiedOffset 9168, 16 lines modified
9168 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/9168 -·name:·Check·if·watch·rule·for·/etc/sudoers·already·exists·in·/etc/audit/rules.d/
9169 ··find:9169 ··find:
9170 ····paths:·/etc/audit/rules.d9170 ····paths:·/etc/audit/rules.d
9171 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+9171 ····contains:·^\s*-w\s+/etc/sudoers\s+-p\s+wa(\s|$)+
9172 ····patterns:·'*.rules'9172 ····patterns:·'*.rules'
9173 ··register:·find_existing_watch_rules_d9173 ··register:·find_existing_watch_rules_d
9174 ··when:9174 ··when:
9175 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
9176 ··-·'&quot;audit&quot;·in·ansible_facts.packages'9175 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 9176 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
9177 ··tags:9177 ··tags:
9178 ··-·CJIS-5.4.1.19178 ··-·CJIS-5.4.1.1
9179 ··-·NIST-800-171-3.1.79179 ··-·NIST-800-171-3.1.7
9180 ··-·NIST-800-53-AC-2(7)(b)9180 ··-·NIST-800-53-AC-2(7)(b)
9181 ··-·NIST-800-53-AC-6(9)9181 ··-·NIST-800-53-AC-6(9)
9182 ··-·NIST-800-53-AU-12(c)9182 ··-·NIST-800-53-AU-12(c)
9183 ··-·NIST-800-53-AU-2(d)9183 ··-·NIST-800-53-AU-2(d)
Offset 9194, 16 lines modifiedOffset 9194, 16 lines modified
9194 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions9194 -·name:·Search·/etc/audit/rules.d·for·other·rules·with·specified·key·actions
9195 ··find:9195 ··find:
9196 ····paths:·/etc/audit/rules.d9196 ····paths:·/etc/audit/rules.d
9197 ····contains:·^.*(?:-F·key=|-k\s+)actions$9197 ····contains:·^.*(?:-F·key=|-k\s+)actions$
9198 ····patterns:·'*.rules'9198 ····patterns:·'*.rules'
9199 ··register:·find_watch_key9199 ··register:·find_watch_key
9200 ··when:9200 ··when:
9201 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
9202 ··-·'&quot;audit&quot;·in·ansible_facts.packages'9201 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 9202 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
9203 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched9203 ··-·find_existing_watch_rules_d.matched·is·defined·and·find_existing_watch_rules_d.matched
9204 ····==·09204 ····==·0
9205 ··tags:9205 ··tags:
9206 ··-·CJIS-5.4.1.19206 ··-·CJIS-5.4.1.1
9207 ··-·NIST-800-171-3.1.79207 ··-·NIST-800-171-3.1.7
9208 ··-·NIST-800-53-AC-2(7)(b)9208 ··-·NIST-800-53-AC-2(7)(b)
9209 ··-·NIST-800-53-AC-6(9)9209 ··-·NIST-800-53-AC-6(9)
Offset 9220, 16 lines modifiedOffset 9220, 16 lines modified
9220 ··-·restrict_strategy9220 ··-·restrict_strategy
  
9221 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule9221 -·name:·Use·/etc/audit/rules.d/actions.rules·as·the·recipient·for·the·rule
9222 ··set_fact:9222 ··set_fact:
9223 ····all_files:9223 ····all_files:
9224 ····-·/etc/audit/rules.d/actions.rules9224 ····-·/etc/audit/rules.d/actions.rules
9225 ··when:9225 ··when:
9226 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
9227 ··-·'&quot;audit&quot;·in·ansible_facts.packages'9226 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 9227 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
9228 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched9228 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·==·0·and·find_existing_watch_rules_d.matched
9229 ····is·defined·and·find_existing_watch_rules_d.matched·==·09229 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
9230 ··tags:9230 ··tags:
9231 ··-·CJIS-5.4.1.19231 ··-·CJIS-5.4.1.1
9232 ··-·NIST-800-171-3.1.79232 ··-·NIST-800-171-3.1.7
9233 ··-·NIST-800-53-AC-2(7)(b)9233 ··-·NIST-800-53-AC-2(7)(b)
9234 ··-·NIST-800-53-AC-6(9)9234 ··-·NIST-800-53-AC-6(9)
Offset 9246, 16 lines modifiedOffset 9246, 16 lines modified
9246 ··-·restrict_strategy9246 ··-·restrict_strategy
  
9247 -·name:·Use·matched·file·as·the·recipient·for·the·rule9247 -·name:·Use·matched·file·as·the·recipient·for·the·rule
9248 ··set_fact:9248 ··set_fact:
9249 ····all_files:9249 ····all_files:
9250 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'9250 ····-·'{{·find_watch_key.files·|·map(attribute=''path'')·|·list·|·first·}}'
9251 ··when:9251 ··when:
9252 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;] 
9253 ··-·'&quot;audit&quot;·in·ansible_facts.packages'9252 ··-·'&quot;audit&quot;·in·ansible_facts.packages'
 9253 ··-·ansible_virtualization_type·not·in·[&quot;docker&quot;,·&quot;lxc&quot;,·&quot;openvz&quot;,·&quot;podman&quot;,·&quot;container&quot;]
9254 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·&gt;·0·and·find_existing_watch_rules_d.matched9254 ··-·find_watch_key.matched·is·defined·and·find_watch_key.matched·&gt;·0·and·find_existing_watch_rules_d.matched
9255 ····is·defined·and·find_existing_watch_rules_d.matched·==·09255 ····is·defined·and·find_existing_watch_rules_d.matched·==·0
9256 ··tags:9256 ··tags:
9257 ··-·CJIS-5.4.1.19257 ··-·CJIS-5.4.1.1
9258 ··-·NIST-800-171-3.1.79258 ··-·NIST-800-171-3.1.7
9259 ··-·NIST-800-53-AC-2(7)(b)9259 ··-·NIST-800-53-AC-2(7)(b)
9260 ··-·NIST-800-53-AC-6(9)9260 ··-·NIST-800-53-AC-6(9)
Offset 9274, 16 lines modifiedOffset 9274, 16 lines modified
9274 -·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/9274 -·name:·Add·watch·rule·for·/etc/sudoers·in·/etc/audit/rules.d/
Max diff block lines reached; 48367/53698 bytes (90.07%) of diff not shown.
22.1 MB
ssg-nondebian_0.1.65-1_all.deb
452 B
file list
    
Offset 1, 3 lines modifiedOffset 1, 3 lines modified
1 -rw-r--r--···0········0········0········4·2022-12-20·09:54:05.000000·debian-binary1 -rw-r--r--···0········0········0········4·2022-12-20·09:54:05.000000·debian-binary
2 -rw-r--r--···0········0········0····15452·2022-12-20·09:54:05.000000·control.tar.xz2 -rw-r--r--···0········0········0····15448·2022-12-20·09:54:05.000000·control.tar.xz
3 -rw-r--r--···0········0········0·40200044·2022-12-20·09:54:05.000000·data.tar.xz3 -rw-r--r--···0········0········0·40203060·2022-12-20·09:54:05.000000·data.tar.xz
98.0 B
control.tar.xz
70.0 B
control.tar
48.0 B
./md5sums
30.0 B
./md5sums
Files differ
22.1 MB
data.tar.xz
22.1 MB
data.tar
113 KB
./usr/share/doc/ssg-nondebian/ssg-alinux2-guide-cis.html
    
Offset 55089, 21 lines modifiedOffset 55089, 21 lines modified
000d7300:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas000d7300:·2f61·3e3c·6272·3e3c·6469·7620·636c·6173··/a><br><div·clas
000d7310:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps000d7310:·733d·2270·616e·656c·2d63·6f6c·6c61·7073··s="panel-collaps
000d7320:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="000d7320:·6520·636f·6c6c·6170·7365·2220·6964·3d22··e·collapse"·id="
000d7330:·6964·6d31·3437·3033·223e·3c70·7265·3e3c··idm14703"><pre><000d7330:·6964·6d31·3437·3033·223e·3c70·7265·3e3c··idm14703"><pre><
000d7340:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati000d7340:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati
000d7350:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable000d7350:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable
000d7360:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain000d7360:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain
000d7370:·2070·6c61·7466·6f72·6d73·0a69·6620·7270···platforms.if·rp000d7370:·2070·6c61·7466·6f72·6d73·0a69·6620·5b20···platforms.if·[·
000d7380:·6d20·2d2d·7175·6965·7420·2d71·2061·7564··m·--quiet·-q·aud 
000d7390:·6974·2026·616d·703b·2661·6d70·3b20·5b20··it·&amp;&amp;·[· 
000d73a0:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv000d7380:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv
000d73b0:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·000d7390:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·
000d73c0:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta000d73a0:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta
000d73d0:·696e·6572·656e·7620·5d3b·2074·6865·6e0a··inerenv·];·then.000d73b0:·696e·6572·656e·7620·5d20·2661·6d70·3b26··inerenv·]·&amp;&
 000d73c0:·616d·703b·2072·706d·202d·2d71·7569·6574··amp;·rpm·--quiet
 000d73d0:·202d·7120·6175·6469·743b·2074·6865·6e0a···-q·audit;·then.
000d73e0:·0a23·2046·6972·7374·2070·6572·666f·726d··.#·First·perform000d73e0:·0a23·2046·6972·7374·2070·6572·666f·726d··.#·First·perform
000d73f0:·2074·6865·2072·656d·6564·6961·7469·6f6e···the·remediation000d73f0:·2074·6865·2072·656d·6564·6961·7469·6f6e···the·remediation
000d7400:·206f·6620·7468·6520·7379·7363·616c·6c20···of·the·syscall·000d7400:·206f·6620·7468·6520·7379·7363·616c·6c20···of·the·syscall·
000d7410:·7275·6c65·0a23·2052·6574·7269·6576·6520··rule.#·Retrieve·000d7410:·7275·6c65·0a23·2052·6574·7269·6576·6520··rule.#·Retrieve·
000d7420:·6861·7264·7761·7265·2061·7263·6869·7465··hardware·archite000d7420:·6861·7264·7761·7265·2061·7263·6869·7465··hardware·archite
000d7430:·6374·7572·6520·6f66·2074·6865·2075·6e64··cture·of·the·und000d7430:·6374·7572·6520·6f66·2074·6865·2075·6e64··cture·of·the·und
000d7440:·6572·6c79·696e·6720·7379·7374·656d·0a23··erlying·system.#000d7440:·6572·6c79·696e·6720·7379·7374·656d·0a23··erlying·system.#
Offset 56791, 20 lines modifiedOffset 56791, 20 lines modified
000ddd60:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla000ddd60:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
000ddd70:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id000ddd70:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
000ddd80:·3d22·6964·6d31·3530·3033·223e·3c70·7265··="idm15003"><pre000ddd80:·3d22·6964·6d31·3530·3033·223e·3c70·7265··="idm15003"><pre
000ddd90:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia000ddd90:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia
000ddda0:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab000ddda0:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab
000dddb0:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa000dddb0:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa
000dddc0:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·000dddc0:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·
000dddd0:·7270·6d20·2d2d·7175·6965·7420·2d71·2061··rpm·--quiet·-q·a 
000ddde0:·7564·6974·2026·616d·703b·2661·6d70·3b20··udit·&amp;&amp;· 
000dddf0:·5b20·2120·2d66·202f·2e64·6f63·6b65·7265··[·!·-f·/.dockere000dddd0:·5b20·2120·2d66·202f·2e64·6f63·6b65·7265··[·!·-f·/.dockere
000dde00:·6e76·205d·2026·616d·703b·2661·6d70·3b20··nv·]·&amp;&amp;·000ddde0:·6e76·205d·2026·616d·703b·2661·6d70·3b20··nv·]·&amp;&amp;·
000dde10:·5b20·2120·2d66·202f·7275·6e2f·2e63·6f6e··[·!·-f·/run/.con000dddf0:·5b20·2120·2d66·202f·7275·6e2f·2e63·6f6e··[·!·-f·/run/.con
000dde20:·7461·696e·6572·656e·7620·5d3b·2074·6865··tainerenv·];·the000dde00:·7461·696e·6572·656e·7620·5d20·2661·6d70··tainerenv·]·&amp
 000dde10:·3b26·616d·703b·2072·706d·202d·2d71·7569··;&amp;·rpm·--qui
 000dde20:·6574·202d·7120·6175·6469·743b·2074·6865··et·-q·audit;·the
000dde30:·6e0a·0a23·2046·6972·7374·2070·6572·666f··n..#·First·perfo000dde30:·6e0a·0a23·2046·6972·7374·2070·6572·666f··n..#·First·perfo
000dde40:·726d·2074·6865·2072·656d·6564·6961·7469··rm·the·remediati000dde40:·726d·2074·6865·2072·656d·6564·6961·7469··rm·the·remediati
000dde50:·6f6e·206f·6620·7468·6520·7379·7363·616c··on·of·the·syscal000dde50:·6f6e·206f·6620·7468·6520·7379·7363·616c··on·of·the·syscal
000dde60:·6c20·7275·6c65·0a23·2052·6574·7269·6576··l·rule.#·Retriev000dde60:·6c20·7275·6c65·0a23·2052·6574·7269·6576··l·rule.#·Retriev
000dde70:·6520·6861·7264·7761·7265·2061·7263·6869··e·hardware·archi000dde70:·6520·6861·7264·7761·7265·2061·7263·6869··e·hardware·archi
000dde80:·7465·6374·7572·6520·6f66·2074·6865·2075··tecture·of·the·u000dde80:·7465·6374·7572·6520·6f66·2074·6865·2075··tecture·of·the·u
000dde90:·6e64·6572·6c79·696e·6720·7379·7374·656d··nderlying·system000dde90:·6e64·6572·6c79·696e·6720·7379·7374·656d··nderlying·system
Offset 61153, 23 lines modifiedOffset 61153, 23 lines modified
000eee00:·5f72·6562·6f6f·745f·6e65·6564·6564·0a20··_reboot_needed.·000eee00:·5f72·6562·6f6f·745f·6e65·6564·6564·0a20··_reboot_needed.·
000eee10:·202d·2072·6573·7472·6963·745f·7374·7261···-·restrict_stra000eee10:·202d·2072·6573·7472·6963·745f·7374·7261···-·restrict_stra
000eee20:·7465·6779·0a0a·2d20·6e61·6d65·3a20·5365··tegy..-·name:·Se000eee20:·7465·6779·0a0a·2d20·6e61·6d65·3a20·5365··tegy..-·name:·Se
000eee30:·7420·6172·6368·6974·6563·7475·7265·2066··t·architecture·f000eee30:·7420·6172·6368·6974·6563·7475·7265·2066··t·architecture·f
000eee40:·6f72·2061·7564·6974·2074·6173·6b73·0a20··or·audit·tasks.·000eee40:·6f72·2061·7564·6974·2074·6173·6b73·0a20··or·audit·tasks.·
000eee50:·2073·6574·5f66·6163·743a·0a20·2020·2061···set_fact:.····a000eee50:·2073·6574·5f66·6163·743a·0a20·2020·2061···set_fact:.····a
000eee60:·7564·6974·5f61·7263·683a·2062·3634·0a20··udit_arch:·b64.·000eee60:·7564·6974·5f61·7263·683a·2062·3634·0a20··udit_arch:·b64.·
000eee70:·2077·6865·6e3a·0a20·202d·2027·2261·7564···when:.··-·'"aud000eee70:·2077·6865·6e3a·0a20·202d·2061·6e73·6962···when:.··-·ansib
000eee80:·6974·2220·696e·2061·6e73·6962·6c65·5f66··it"·in·ansible_f 
000eee90:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.· 
000eeea0:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu 
000eeeb0:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n 
000eeec0:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker", 
000eeed0:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz" 
000eeee0:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con 
000eeef0:·7461·696e·6572·225d·0a20·202d·2061·6e73··tainer"].··-·ans000eee80:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio
 000eee90:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["
 000eeea0:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·
 000eeeb0:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma
 000eeec0:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]
 000eeed0:·0a20·202d·2027·2261·7564·6974·2220·696e··.··-·'"audit"·in
 000eeee0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p
 000eeef0:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans
000eef00:·6962·6c65·5f61·7263·6869·7465·6374·7572··ible_architectur000eef00:·6962·6c65·5f61·7263·6869·7465·6374·7572··ible_architectur
000eef10:·6520·3d3d·2022·6161·7263·6836·3422·206f··e·==·"aarch64"·o000eef10:·6520·3d3d·2022·6161·7263·6836·3422·206f··e·==·"aarch64"·o
000eef20:·7220·616e·7369·626c·655f·6172·6368·6974··r·ansible_archit000eef20:·7220·616e·7369·626c·655f·6172·6368·6974··r·ansible_archit
000eef30:·6563·7475·7265·203d·3d20·2270·7063·3634··ecture·==·"ppc64000eef30:·6563·7475·7265·203d·3d20·2270·7063·3634··ecture·==·"ppc64
000eef40:·2220·6f72·2061·6e73·6962·6c65·5f61·7263··"·or·ansible_arc000eef40:·2220·6f72·2061·6e73·6962·6c65·5f61·7263··"·or·ansible_arc
000eef50:·6869·7465·6374·7572·650a·2020·2020·3d3d··hitecture.····==000eef50:·6869·7465·6374·7572·650a·2020·2020·3d3d··hitecture.····==
000eef60:·2022·7070·6336·346c·6522·206f·7220·616e···"ppc64le"·or·an000eef60:·2022·7070·6336·346c·6522·206f·7220·616e···"ppc64le"·or·an
Offset 61465, 23 lines modifiedOffset 61465, 23 lines modified
000f0180:·6175·6469·745f·7469·6d65·5f72·756c·6573··audit_time_rules000f0180:·6175·6469·745f·7469·6d65·5f72·756c·6573··audit_time_rules
000f0190:·0a20·2020·2020·2063·7265·6174·653a·2074··.······create:·t000f0190:·0a20·2020·2020·2063·7265·6174·653a·2074··.······create:·t
000f01a0:·7275·650a·2020·2020·2020·6d6f·6465·3a20··rue.······mode:·000f01a0:·7275·650a·2020·2020·2020·6d6f·6465·3a20··rue.······mode:·
000f01b0:·6f2d·7277·780a·2020·2020·2020·7374·6174··o-rwx.······stat000f01b0:·6f2d·7277·780a·2020·2020·2020·7374·6174··o-rwx.······stat
000f01c0:·653a·2070·7265·7365·6e74·0a20·2020·2077··e:·present.····w000f01c0:·653a·2070·7265·7365·6e74·0a20·2020·2077··e:·present.····w
000f01d0:·6865·6e3a·2073·7973·6361·6c6c·735f·666f··hen:·syscalls_fo000f01d0:·6865·6e3a·2073·7973·6361·6c6c·735f·666f··hen:·syscalls_fo
000f01e0:·756e·6420·7c20·6c65·6e67·7468·203d·3d20··und·|·length·==·000f01e0:·756e·6420·7c20·6c65·6e67·7468·203d·3d20··und·|·length·==·
000f01f0:·300a·2020·7768·656e·3a0a·2020·2d20·2722··0.··when:.··-·'"000f01f0:·300a·2020·7768·656e·3a0a·2020·2d20·616e··0.··when:.··-·an
000f0200:·6175·6469·7422·2069·6e20·616e·7369·626c··audit"·in·ansibl 
000f0210:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages 
000f0220:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi 
000f0230:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ 
000f0240:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke 
000f0250:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open 
000f0260:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·" 
000f0270:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta000f0200:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
 000f0210:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
 000f0220:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
 000f0230:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
 000f0240:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
 000f0250:·7222·5d0a·2020·2d20·2722·6175·6469·7422··r"].··-·'"audit"
 000f0260:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 000f0270:·732e·7061·636b·6167·6573·270a·2020·7461··s.packages'.··ta
000f0280:·6773·3a0a·2020·2d20·434a·4953·2d35·2e34··gs:.··-·CJIS-5.4000f0280:·6773·3a0a·2020·2d20·434a·4953·2d35·2e34··gs:.··-·CJIS-5.4
000f0290:·2e31·2e31·0a20·202d·204e·4953·542d·3830··.1.1.··-·NIST-80000f0290:·2e31·2e31·0a20·202d·204e·4953·542d·3830··.1.1.··-·NIST-80
000f02a0:·302d·3137·312d·332e·312e·370a·2020·2d20··0-171-3.1.7.··-·000f02a0:·302d·3137·312d·332e·312e·370a·2020·2d20··0-171-3.1.7.··-·
000f02b0:·4e49·5354·2d38·3030·2d35·332d·4143·2d36··NIST-800-53-AC-6000f02b0:·4e49·5354·2d38·3030·2d35·332d·4143·2d36··NIST-800-53-AC-6
000f02c0:·2839·290a·2020·2d20·4e49·5354·2d38·3030··(9).··-·NIST-800000f02c0:·2839·290a·2020·2d20·4e49·5354·2d38·3030··(9).··-·NIST-800
000f02d0:·2d35·332d·4155·2d31·3228·6329·0a20·202d··-53-AU-12(c).··-000f02d0:·2d35·332d·4155·2d31·3228·6329·0a20·202d··-53-AU-12(c).··-
000f02e0:·204e·4953·542d·3830·302d·3533·2d41·552d···NIST-800-53-AU-000f02e0:·204e·4953·542d·3830·302d·3533·2d41·552d···NIST-800-53-AU-
Offset 61765, 23 lines modifiedOffset 61765, 23 lines modified
000f1440:·745f·7469·6d65·5f72·756c·6573·0a20·2020··t_time_rules.···000f1440:·745f·7469·6d65·5f72·756c·6573·0a20·2020··t_time_rules.···
000f1450:·2020·2063·7265·6174·653a·2074·7275·650a·····create:·true.000f1450:·2020·2063·7265·6174·653a·2074·7275·650a·····create:·true.
000f1460:·2020·2020·2020·6d6f·6465·3a20·6f2d·7277········mode:·o-rw000f1460:·2020·2020·2020·6d6f·6465·3a20·6f2d·7277········mode:·o-rw
000f1470:·780a·2020·2020·2020·7374·6174·653a·2070··x.······state:·p000f1470:·780a·2020·2020·2020·7374·6174·653a·2070··x.······state:·p
000f1480:·7265·7365·6e74·0a20·2020·2077·6865·6e3a··resent.····when:000f1480:·7265·7365·6e74·0a20·2020·2077·6865·6e3a··resent.····when:
000f1490:·2073·7973·6361·6c6c·735f·666f·756e·6420···syscalls_found·000f1490:·2073·7973·6361·6c6c·735f·666f·756e·6420···syscalls_found·
000f14a0:·7c20·6c65·6e67·7468·203d·3d20·300a·2020··|·length·==·0.··000f14a0:·7c20·6c65·6e67·7468·203d·3d20·300a·2020··|·length·==·0.··
000f14b0:·7768·656e·3a0a·2020·2d20·2722·6175·6469··when:.··-·'"audi000f14b0:·7768·656e·3a0a·2020·2d20·616e·7369·626c··when:.··-·ansibl
000f14c0:·7422·2069·6e20·616e·7369·626c·655f·6661··t"·in·ansible_fa 
000f14d0:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.·· 
000f14e0:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua 
000f14f0:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no 
000f1500:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",· 
000f1510:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz", 
000f1520:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont000f14c0:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
 000f14d0:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
 000f14e0:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
 000f14f0:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
Max diff block lines reached; 79208/89274 bytes (88.72%) of diff not shown.
25.7 KB
html2text {}
    
Offset 3169, 15 lines modifiedOffset 3169, 15 lines modified
3169 ············A.16.1.5,·A.16.1.7,·A.6.2.1,·A.6.2.2,·AU-2(d),·AU-12(c),·AC-6(9),·CM-6(a),·DE.AE-3,·DE.AE-5,·DE.CM-1,·DE.CM-3169 ············A.16.1.5,·A.16.1.7,·A.6.2.1,·A.6.2.2,·AU-2(d),·AU-12(c),·AC-6(9),·CM-6(a),·DE.AE-3,·DE.AE-5,·DE.CM-1,·DE.CM-
3170 ············3,·DE.CM-7,·ID.SC-4,·PR.AC-3,·PR.PT-1,·PR.PT-4,·RS.AN-1,·RS.AN-4,·FAU_GEN.1.1.c,·Req-10.2.7,·SRG-OS-000037-3170 ············3,·DE.CM-7,·ID.SC-4,·PR.AC-3,·PR.PT-1,·PR.PT-4,·RS.AN-1,·RS.AN-4,·FAU_GEN.1.1.c,·Req-10.2.7,·SRG-OS-000037-
3171 ············GPOS-00015,·SRG-OS-000042-GPOS-00020,·SRG-OS-000062-GPOS-00031,·SRG-OS-000392-GPOS-00172,·SRG-OS-000462-3171 ············GPOS-00015,·SRG-OS-000042-GPOS-00020,·SRG-OS-000062-GPOS-00031,·SRG-OS-000392-GPOS-00172,·SRG-OS-000462-
3172 ············GPOS-00206,·SRG-OS-000471-GPOS-00215,·SRG-OS-000471-GPOS-00216,·SRG-OS-000477-GPOS-00222,·SRG-OS-000477-VMM-3172 ············GPOS-00206,·SRG-OS-000471-GPOS-00215,·SRG-OS-000471-GPOS-00216,·SRG-OS-000477-GPOS-00222,·SRG-OS-000477-VMM-
3173 ············001970,·4.1.173173 ············001970,·4.1.17
3174 Remediation_Shell_script_⇲3174 Remediation_Shell_script_⇲
3175 #·Remediation·is·applicable·only·in·certain·platforms3175 #·Remediation·is·applicable·only·in·certain·platforms
3176 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then3176 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
3177 #·First·perform·the·remediation·of·the·syscall·rule3177 #·First·perform·the·remediation·of·the·syscall·rule
3178 #·Retrieve·hardware·architecture·of·the·underlying·system3178 #·Retrieve·hardware·architecture·of·the·underlying·system
3179 #·Note:·32-bit·and·64-bit·kernel·syscall·numbers·not·always·line·up·=>3179 #·Note:·32-bit·and·64-bit·kernel·syscall·numbers·not·always·line·up·=>
3180 #·······it's·required·on·a·64-bit·system·to·check·also·for·the·presence3180 #·······it's·required·on·a·64-bit·system·to·check·also·for·the·presence
3181 #·······of·32-bit's·equivalent·of·the·corresponding·rule.3181 #·······of·32-bit's·equivalent·of·the·corresponding·rule.
3182 #·······(See·`man·7·audit.rules`·for·details·)3182 #·······(See·`man·7·audit.rules`·for·details·)
Offset 3535, 15 lines modifiedOffset 3535, 15 lines modified
3535 ············A.16.1.5,·A.16.1.7,·A.6.2.1,·A.6.2.2,·AU-2(d),·AU-12(c),·AC-6(9),·CM-6(a),·DE.AE-3,·DE.AE-5,·DE.CM-1,·DE.CM-3535 ············A.16.1.5,·A.16.1.7,·A.6.2.1,·A.6.2.2,·AU-2(d),·AU-12(c),·AC-6(9),·CM-6(a),·DE.AE-3,·DE.AE-5,·DE.CM-1,·DE.CM-
3536 ············3,·DE.CM-7,·ID.SC-4,·PR.AC-3,·PR.PT-1,·PR.PT-4,·RS.AN-1,·RS.AN-4,·FAU_GEN.1.1.c,·Req-10.2.7,·SRG-OS-000037-3536 ············3,·DE.CM-7,·ID.SC-4,·PR.AC-3,·PR.PT-1,·PR.PT-4,·RS.AN-1,·RS.AN-4,·FAU_GEN.1.1.c,·Req-10.2.7,·SRG-OS-000037-
3537 ············GPOS-00015,·SRG-OS-000042-GPOS-00020,·SRG-OS-000062-GPOS-00031,·SRG-OS-000392-GPOS-00172,·SRG-OS-000462-3537 ············GPOS-00015,·SRG-OS-000042-GPOS-00020,·SRG-OS-000062-GPOS-00031,·SRG-OS-000392-GPOS-00172,·SRG-OS-000462-
3538 ············GPOS-00206,·SRG-OS-000471-GPOS-00215,·SRG-OS-000471-GPOS-00216,·SRG-OS-000477-GPOS-00222,·SRG-OS-000477-VMM-3538 ············GPOS-00206,·SRG-OS-000471-GPOS-00215,·SRG-OS-000471-GPOS-00216,·SRG-OS-000477-GPOS-00222,·SRG-OS-000477-VMM-
3539 ············001970,·4.1.173539 ············001970,·4.1.17
3540 Remediation_Shell_script_⇲3540 Remediation_Shell_script_⇲
3541 #·Remediation·is·applicable·only·in·certain·platforms3541 #·Remediation·is·applicable·only·in·certain·platforms
3542 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then3542 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
3543 #·First·perform·the·remediation·of·the·syscall·rule3543 #·First·perform·the·remediation·of·the·syscall·rule
3544 #·Retrieve·hardware·architecture·of·the·underlying·system3544 #·Retrieve·hardware·architecture·of·the·underlying·system
3545 #·Note:·32-bit·and·64-bit·kernel·syscall·numbers·not·always·line·up·=>3545 #·Note:·32-bit·and·64-bit·kernel·syscall·numbers·not·always·line·up·=>
3546 #·······it's·required·on·a·64-bit·system·to·check·also·for·the·presence3546 #·······it's·required·on·a·64-bit·system·to·check·also·for·the·presence
3547 #·······of·32-bit's·equivalent·of·the·corresponding·rule.3547 #·······of·32-bit's·equivalent·of·the·corresponding·rule.
3548 #·······(See·`man·7·audit.rules`·for·details·)3548 #·······(See·`man·7·audit.rules`·for·details·)
Offset 4062, 16 lines modifiedOffset 4062, 16 lines modified
4062 ··-·no_reboot_needed4062 ··-·no_reboot_needed
4063 ··-·restrict_strategy4063 ··-·restrict_strategy
  
4064 -·name:·Set·architecture·for·audit·tasks4064 -·name:·Set·architecture·for·audit·tasks
4065 ··set_fact:4065 ··set_fact:
4066 ····audit_arch:·b644066 ····audit_arch:·b64
4067 ··when:4067 ··when:
4068 ··-·'"audit"·in·ansible_facts.packages' 
4069 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4068 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4069 ··-·'"audit"·in·ansible_facts.packages'
4070 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture4070 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
4071 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"4071 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
4072 ··tags:4072 ··tags:
4073 ··-·CJIS-5.4.1.14073 ··-·CJIS-5.4.1.1
4074 ··-·NIST-800-171-3.1.74074 ··-·NIST-800-171-3.1.7
4075 ··-·NIST-800-53-AC-6(9)4075 ··-·NIST-800-53-AC-6(9)
4076 ··-·NIST-800-53-AU-12(c)4076 ··-·NIST-800-53-AU-12(c)
Offset 4204, 16 lines modifiedOffset 4204, 16 lines modified
4204 ······path:·'{{·audit_file·}}'4204 ······path:·'{{·audit_file·}}'
4205 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_time_rules4205 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_time_rules
4206 ······create:·true4206 ······create:·true
4207 ······mode:·o-rwx4207 ······mode:·o-rwx
4208 ······state:·present4208 ······state:·present
4209 ····when:·syscalls_found·|·length·==·04209 ····when:·syscalls_found·|·length·==·0
4210 ··when:4210 ··when:
4211 ··-·'"audit"·in·ansible_facts.packages' 
4212 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4211 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4212 ··-·'"audit"·in·ansible_facts.packages'
4213 ··tags:4213 ··tags:
4214 ··-·CJIS-5.4.1.14214 ··-·CJIS-5.4.1.1
4215 ··-·NIST-800-171-3.1.74215 ··-·NIST-800-171-3.1.7
4216 ··-·NIST-800-53-AC-6(9)4216 ··-·NIST-800-53-AC-6(9)
4217 ··-·NIST-800-53-AU-12(c)4217 ··-·NIST-800-53-AU-12(c)
4218 ··-·NIST-800-53-AU-2(d)4218 ··-·NIST-800-53-AU-2(d)
4219 ··-·NIST-800-53-CM-6(a)4219 ··-·NIST-800-53-CM-6(a)
Offset 4343, 16 lines modifiedOffset 4343, 16 lines modified
4343 ······path:·'{{·audit_file·}}'4343 ······path:·'{{·audit_file·}}'
4344 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_time_rules4344 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_time_rules
4345 ······create:·true4345 ······create:·true
4346 ······mode:·o-rwx4346 ······mode:·o-rwx
4347 ······state:·present4347 ······state:·present
4348 ····when:·syscalls_found·|·length·==·04348 ····when:·syscalls_found·|·length·==·0
4349 ··when:4349 ··when:
4350 ··-·'"audit"·in·ansible_facts.packages' 
4351 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4350 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4351 ··-·'"audit"·in·ansible_facts.packages'
4352 ··-·audit_arch·==·"b64"4352 ··-·audit_arch·==·"b64"
4353 ··tags:4353 ··tags:
4354 ··-·CJIS-5.4.1.14354 ··-·CJIS-5.4.1.1
4355 ··-·NIST-800-171-3.1.74355 ··-·NIST-800-171-3.1.7
4356 ··-·NIST-800-53-AC-6(9)4356 ··-·NIST-800-53-AC-6(9)
4357 ··-·NIST-800-53-AU-12(c)4357 ··-·NIST-800-53-AU-12(c)
4358 ··-·NIST-800-53-AU-2(d)4358 ··-·NIST-800-53-AU-2(d)
Offset 4417, 16 lines modifiedOffset 4417, 16 lines modified
4417 ··-·no_reboot_needed4417 ··-·no_reboot_needed
4418 ··-·restrict_strategy4418 ··-·restrict_strategy
  
4419 -·name:·Set·architecture·for·audit·tasks4419 -·name:·Set·architecture·for·audit·tasks
4420 ··set_fact:4420 ··set_fact:
4421 ····audit_arch:·b644421 ····audit_arch:·b64
4422 ··when:4422 ··when:
4423 ··-·'"audit"·in·ansible_facts.packages' 
4424 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4423 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4424 ··-·'"audit"·in·ansible_facts.packages'
4425 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture4425 ··-·ansible_architecture·==·"aarch64"·or·ansible_architecture·==·"ppc64"·or·ansible_architecture
4426 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"4426 ····==·"ppc64le"·or·ansible_architecture·==·"s390x"·or·ansible_architecture·==·"x86_64"
4427 ··tags:4427 ··tags:
4428 ··-·CJIS-5.4.1.14428 ··-·CJIS-5.4.1.1
4429 ··-·NIST-800-171-3.1.74429 ··-·NIST-800-171-3.1.7
4430 ··-·NIST-800-53-AC-6(9)4430 ··-·NIST-800-53-AC-6(9)
4431 ··-·NIST-800-53-AU-12(c)4431 ··-·NIST-800-53-AU-12(c)
Offset 4559, 16 lines modifiedOffset 4559, 16 lines modified
4559 ······path:·'{{·audit_file·}}'4559 ······path:·'{{·audit_file·}}'
4560 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_time_rules4560 ······line:·-a·always,exit·-F·arch=b32·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_time_rules
4561 ······create:·true4561 ······create:·true
4562 ······mode:·o-rwx4562 ······mode:·o-rwx
4563 ······state:·present4563 ······state:·present
4564 ····when:·syscalls_found·|·length·==·04564 ····when:·syscalls_found·|·length·==·0
4565 ··when:4565 ··when:
4566 ··-·'"audit"·in·ansible_facts.packages' 
4567 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4566 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 4567 ··-·'"audit"·in·ansible_facts.packages'
4568 ··tags:4568 ··tags:
4569 ··-·CJIS-5.4.1.14569 ··-·CJIS-5.4.1.1
4570 ··-·NIST-800-171-3.1.74570 ··-·NIST-800-171-3.1.7
4571 ··-·NIST-800-53-AC-6(9)4571 ··-·NIST-800-53-AC-6(9)
4572 ··-·NIST-800-53-AU-12(c)4572 ··-·NIST-800-53-AU-12(c)
4573 ··-·NIST-800-53-AU-2(d)4573 ··-·NIST-800-53-AU-2(d)
4574 ··-·NIST-800-53-CM-6(a)4574 ··-·NIST-800-53-CM-6(a)
Offset 4699, 16 lines modifiedOffset 4699, 16 lines modified
4699 ······path:·'{{·audit_file·}}'4699 ······path:·'{{·audit_file·}}'
4700 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_time_rules4700 ······line:·-a·always,exit·-F·arch=b64·-S·{{·syscalls·|·join(',')·}}·-F·key=audit_time_rules
4701 ······create:·true4701 ······create:·true
4702 ······mode:·o-rwx4702 ······mode:·o-rwx
4703 ······state:·present4703 ······state:·present
Max diff block lines reached; 20768/26322 bytes (78.90%) of diff not shown.
22.2 KB
./usr/share/doc/ssg-nondebian/ssg-alinux2-guide-cis_l1.html
    
Offset 38584, 22 lines modifiedOffset 38584, 22 lines modified
00096b70:·6d65·3a20·5465·7374·2066·6f72·2065·7869··me:·Test·for·exi00096b70:·6d65·3a20·5465·7374·2066·6f72·2065·7869··me:·Test·for·exi
00096b80:·7374·656e·6365·202f·626f·6f74·2f67·7275··stence·/boot/gru00096b80:·7374·656e·6365·202f·626f·6f74·2f67·7275··stence·/boot/gru
00096b90:·6232·2f67·7275·622e·6366·670a·2020·7374··b2/grub.cfg.··st00096b90:·6232·2f67·7275·622e·6366·670a·2020·7374··b2/grub.cfg.··st
00096ba0:·6174·3a0a·2020·2020·7061·7468·3a20·2f62··at:.····path:·/b00096ba0:·6174·3a0a·2020·2020·7061·7468·3a20·2f62··at:.····path:·/b
00096bb0:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c00096bb0:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c
00096bc0:·6667·0a20·2072·6567·6973·7465·723a·2066··fg.··register:·f00096bc0:·6667·0a20·2072·6567·6973·7465·723a·2066··fg.··register:·f
00096bd0:·696c·655f·6578·6973·7473·0a20·2077·6865··ile_exists.··whe00096bd0:·696c·655f·6578·6973·7473·0a20·2077·6865··ile_exists.··whe
00096be0:·6e3a·0a20·202d·2027·2267·7275·6232·2d63··n:.··-·'"grub2-c00096be0:·6e3a·0a20·202d·2027·222f·626f·6f74·2f65··n:.··-·'"/boot/e
 00096bf0:·6669·2220·696e·2061·6e73·6962·6c65·5f6d··fi"·in·ansible_m
 00096c00:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr
 00096c10:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·|
 00096c20:·206c·6973·7427·0a20·202d·2027·2267·7275···list'.··-·'"gru
00096bf0:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl00096c30:·6232·2d63·6f6d·6d6f·6e22·2069·6e20·616e··b2-common"·in·an
00096c00:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages00096c40:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
00096c10:·270a·2020·2d20·2722·2f62·6f6f·742f·6566··'.··-·'"/boot/ef 
00096c20:·6922·2069·6e20·616e·7369·626c·655f·6d6f··i"·in·ansible_mo 
00096c30:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri 
00096c40:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|· 
00096c50:·6c69·7374·270a·2020·2d20·616e·7369·626c··list'.··-·ansibl00096c50:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl
00096c60:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization00096c60:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
00096c70:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d00096c70:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
00096c80:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"00096c80:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
00096c90:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman00096c90:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
00096ca0:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].00096ca0:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].
00096cb0:·2020·7461·6773·3a0a·2020·2d20·434a·4953····tags:.··-·CJIS00096cb0:·2020·7461·6773·3a0a·2020·2d20·434a·4953····tags:.··-·CJIS
00096cc0:·2d35·2e35·2e32·2e32·0a20·202d·204e·4953··-5.5.2.2.··-·NIS00096cc0:·2d35·2e35·2e32·2e32·0a20·202d·204e·4953··-5.5.2.2.··-·NIS
Offset 38620, 22 lines modifiedOffset 38620, 22 lines modified
00096db0:·616d·653a·2045·6e73·7572·6520·6772·6f75··ame:·Ensure·grou00096db0:·616d·653a·2045·6e73·7572·6520·6772·6f75··ame:·Ensure·grou
00096dc0:·7020·6f77·6e65·7220·3020·6f6e·202f·626f··p·owner·0·on·/bo00096dc0:·7020·6f77·6e65·7220·3020·6f6e·202f·626f··p·owner·0·on·/bo
00096dd0:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf00096dd0:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
00096de0:·670a·2020·6669·6c65·3a0a·2020·2020·7061··g.··file:.····pa00096de0:·670a·2020·6669·6c65·3a0a·2020·2020·7061··g.··file:.····pa
00096df0:·7468·3a20·2f62·6f6f·742f·6772·7562·322f··th:·/boot/grub2/00096df0:·7468·3a20·2f62·6f6f·742f·6772·7562·322f··th:·/boot/grub2/
00096e00:·6772·7562·2e63·6667·0a20·2020·2067·726f··grub.cfg.····gro00096e00:·6772·7562·2e63·6667·0a20·2020·2067·726f··grub.cfg.····gro
00096e10:·7570·3a20·2730·270a·2020·7768·656e·3a0a··up:·'0'.··when:.00096e10:·7570·3a20·2730·270a·2020·7768·656e·3a0a··up:·'0'.··when:.
 00096e20:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi"
 00096e30:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun
 00096e40:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu
 00096e50:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li
00096e20:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm00096e60:·7374·270a·2020·2d20·2722·6772·7562·322d··st'.··-·'"grub2-
00096e30:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f00096e70:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib
00096e40:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·00096e80:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
00096e50:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"· 
00096e60:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount 
00096e70:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut 
00096e80:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis 
00096e90:·7427·0a20·202d·2061·6e73·6962·6c65·5f76··t'.··-·ansible_v00096e90:·7327·0a20·202d·2061·6e73·6962·6c65·5f76··s'.··-·ansible_v
00096ea0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty00096ea0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
00096eb0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock00096eb0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
00096ec0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope00096ec0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
00096ed0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·00096ed0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
00096ee0:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··-00096ee0:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··-
00096ef0:·2066·696c·655f·6578·6973·7473·2e73·7461···file_exists.sta00096ef0:·2066·696c·655f·6578·6973·7473·2e73·7461···file_exists.sta
00096f00:·7420·6973·2064·6566·696e·6564·2061·6e64··t·is·defined·and00096f00:·7420·6973·2064·6566·696e·6564·2061·6e64··t·is·defined·and
Offset 38685, 19 lines modifiedOffset 38685, 19 lines modified
000971c0:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat000971c0:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat
000971d0:·6567·793a·3c2f·7468·3e3c·7464·3e63·6f6e··egy:</th><td>con000971d0:·6567·793a·3c2f·7468·3e3c·7464·3e63·6f6e··egy:</th><td>con
000971e0:·6669·6775·7265·3c2f·7464·3e3c·2f74·723e··figure</td></tr>000971e0:·6669·6775·7265·3c2f·7464·3e3c·2f74·723e··figure</td></tr>
000971f0:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co000971f0:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co
00097200:·6465·3e23·2052·656d·6564·6961·7469·6f6e··de>#·Remediation00097200:·6465·3e23·2052·656d·6564·6961·7469·6f6e··de>#·Remediation
00097210:·2069·7320·6170·706c·6963·6162·6c65·206f···is·applicable·o00097210:·2069·7320·6170·706c·6963·6162·6c65·206f···is·applicable·o
00097220:·6e6c·7920·696e·2063·6572·7461·696e·2070··nly·in·certain·p00097220:·6e6c·7920·696e·2063·6572·7461·696e·2070··nly·in·certain·p
00097230:·6c61·7466·6f72·6d73·0a69·6620·7270·6d20··latforms.if·rpm·00097230:·6c61·7466·6f72·6d73·0a69·6620·5b20·2d66··latforms.if·[·-f
 00097240:·202f·7379·732f·6669·726d·7761·7265·2f65···/sys/firmware/e
 00097250:·6669·205d·2026·616d·703b·2661·6d70·3b20··fi·]·&amp;&amp;·
00097240:·2d2d·7175·6965·7420·2d71·2067·7275·6232··--quiet·-q·grub200097260:·7270·6d20·2d2d·7175·6965·7420·2d71·2067··rpm·--quiet·-q·g
00097250:·2d63·6f6d·6d6f·6e20·2661·6d70·3b26·616d··-common·&amp;&am00097270:·7275·6232·2d63·6f6d·6d6f·6e20·2661·6d70··rub2-common·&amp
00097260:·703b·205b·202d·6620·2f73·7973·2f66·6972··p;·[·-f·/sys/fir 
00097270:·6d77·6172·652f·6566·6920·5d20·2661·6d70··mware/efi·]·&amp 
00097280:·3b26·616d·703b·207b·205b·2021·202d·6620··;&amp;·{·[·!·-f·00097280:·3b26·616d·703b·207b·205b·2021·202d·6620··;&amp;·{·[·!·-f·
00097290:·2f2e·646f·636b·6572·656e·7620·5d20·2661··/.dockerenv·]·&a00097290:·2f2e·646f·636b·6572·656e·7620·5d20·2661··/.dockerenv·]·&a
000972a0:·6d70·3b26·616d·703b·205b·2021·202d·6620··mp;&amp;·[·!·-f·000972a0:·6d70·3b26·616d·703b·205b·2021·202d·6620··mp;&amp;·[·!·-f·
000972b0:·2f72·756e·2f2e·636f·6e74·6169·6e65·7265··/run/.containere000972b0:·2f72·756e·2f2e·636f·6e74·6169·6e65·7265··/run/.containere
000972c0:·6e76·205d·3b20·7d3b·2074·6865·6e0a·0a63··nv·];·};·then..c000972c0:·6e76·205d·3b20·7d3b·2074·6865·6e0a·0a63··nv·];·};·then..c
000972d0:·6867·7270·2030·202f·626f·6f74·2f67·7275··hgrp·0·/boot/gru000972d0:·6867·7270·2030·202f·626f·6f74·2f67·7275··hgrp·0·/boot/gru
000972e0:·6232·2f67·7275·622e·6366·670a·0a65·6c73··b2/grub.cfg..els000972e0:·6232·2f67·7275·622e·6366·670a·0a65·6c73··b2/grub.cfg..els
Offset 39077, 21 lines modifiedOffset 39077, 21 lines modified
00098a40:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·00098a40:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·
00098a50:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub00098a50:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
00098a60:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···00098a60:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···
00098a70:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru00098a70:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru
00098a80:·6232·2f67·7275·622e·6366·670a·2020·7265··b2/grub.cfg.··re00098a80:·6232·2f67·7275·622e·6366·670a·2020·7265··b2/grub.cfg.··re
00098a90:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi00098a90:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi
00098aa0:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·00098aa0:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·
 00098ab0:·2722·2f62·6f6f·742f·6566·6922·2069·6e20··'"/boot/efi"·in·
 00098ac0:·616e·7369·626c·655f·6d6f·756e·7473·207c··ansible_mounts·|
 00098ad0:·206d·6170·2861·7474·7269·6275·7465·3d22···map(attribute="
 00098ae0:·6d6f·756e·7422·2920·7c20·6c69·7374·270a··mount")·|·list'.
00098ab0:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"·00098af0:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm
00098ac0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts00098b00:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f
00098ad0:·2e70·6163·6b61·6765·7327·0a20·202d·2027··.packages'.··-·'00098b10:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
00098ae0:·222f·626f·6f74·2f65·6669·2220·696e·2061··"/boot/efi"·in·a 
00098af0:·6e73·6962·6c65·5f6d·6f75·6e74·7320·7c20··nsible_mounts·|· 
00098b00:·6d61·7028·6174·7472·6962·7574·653d·226d··map(attribute="m 
00098b10:·6f75·6e74·2229·207c·206c·6973·7427·0a20··ount")·|·list'.· 
00098b20:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu00098b20:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu
00098b30:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n00098b30:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n
00098b40:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",00098b40:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",
00098b50:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"00098b50:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"
00098b60:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con00098b60:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con
00098b70:·7461·696e·6572·225d·0a20·2074·6167·733a··tainer"].··tags:00098b70:·7461·696e·6572·225d·0a20·2074·6167·733a··tainer"].··tags:
00098b80:·0a20·202d·2043·4a49·532d·352e·352e·322e··.··-·CJIS-5.5.2.00098b80:·0a20·202d·2043·4a49·532d·352e·352e·322e··.··-·CJIS-5.5.2.
Offset 39112, 21 lines modifiedOffset 39112, 21 lines modified
00098c70:·0a2d·206e·616d·653a·2045·6e73·7572·6520··.-·name:·Ensure·00098c70:·0a2d·206e·616d·653a·2045·6e73·7572·6520··.-·name:·Ensure·
00098c80:·6f77·6e65·7220·3020·6f6e·202f·626f·6f74··owner·0·on·/boot00098c80:·6f77·6e65·7220·3020·6f6e·202f·626f·6f74··owner·0·on·/boot
00098c90:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.00098c90:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.
00098ca0:·2020·6669·6c65·3a0a·2020·2020·7061·7468····file:.····path00098ca0:·2020·6669·6c65·3a0a·2020·2020·7061·7468····file:.····path
00098cb0:·3a20·2f62·6f6f·742f·6772·7562·322f·6772··:·/boot/grub2/gr00098cb0:·3a20·2f62·6f6f·742f·6772·7562·322f·6772··:·/boot/grub2/gr
00098cc0:·7562·2e63·6667·0a20·2020·206f·776e·6572··ub.cfg.····owner00098cc0:·7562·2e63·6667·0a20·2020·206f·776e·6572··ub.cfg.····owner
00098cd0:·3a20·2730·270a·2020·7768·656e·3a0a·2020··:·'0'.··when:.··00098cd0:·3a20·2730·270a·2020·7768·656e·3a0a·2020··:·'0'.··when:.··
 00098ce0:·2d20·2722·2f62·6f6f·742f·6566·6922·2069··-·'"/boot/efi"·i
 00098cf0:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts
 00098d00:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute
 00098d10:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list
00098ce0:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common00098d20:·270a·2020·2d20·2722·6772·7562·322d·636f··'.··-·'"grub2-co
00098cf0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac00098d30:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible
00098d00:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-00098d40:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
00098d10:·2027·222f·626f·6f74·2f65·6669·2220·696e···'"/boot/efi"·in 
00098d20:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts· 
00098d30:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute= 
00098d40:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list' 
00098d50:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir00098d50:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
00098d60:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type00098d60:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
00098d70:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker00098d70:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
00098d80:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv00098d80:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
00098d90:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c00098d90:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
00098da0:·6f6e·7461·696e·6572·225d·0a20·202d·2066··ontainer"].··-·f00098da0:·6f6e·7461·696e·6572·225d·0a20·202d·2066··ontainer"].··-·f
00098db0:·696c·655f·6578·6973·7473·2e73·7461·7420··ile_exists.stat·00098db0:·696c·655f·6578·6973·7473·2e73·7461·7420··ile_exists.stat·
Max diff block lines reached; 7530/17346 bytes (43.41%) of diff not shown.
5.13 KB
html2text {}
    
Offset 2682, 16 lines modifiedOffset 2682, 16 lines modified
2682 ··-·no_reboot_needed2682 ··-·no_reboot_needed
  
2683 -·name:·Test·for·existence·/boot/grub2/grub.cfg2683 -·name:·Test·for·existence·/boot/grub2/grub.cfg
2684 ··stat:2684 ··stat:
2685 ····path:·/boot/grub2/grub.cfg2685 ····path:·/boot/grub2/grub.cfg
2686 ··register:·file_exists2686 ··register:·file_exists
2687 ··when:2687 ··when:
2688 ··-·'"grub2-common"·in·ansible_facts.packages' 
2689 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'2688 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
 2689 ··-·'"grub2-common"·in·ansible_facts.packages'
2690 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2690 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2691 ··tags:2691 ··tags:
2692 ··-·CJIS-5.5.2.22692 ··-·CJIS-5.5.2.2
2693 ··-·NIST-800-171-3.4.52693 ··-·NIST-800-171-3.4.5
2694 ··-·NIST-800-53-AC-6(1)2694 ··-·NIST-800-53-AC-6(1)
2695 ··-·NIST-800-53-CM-6(a)2695 ··-·NIST-800-53-CM-6(a)
2696 ··-·PCI-DSS-Req-7.12696 ··-·PCI-DSS-Req-7.1
Offset 2703, 16 lines modifiedOffset 2703, 16 lines modified
2703 ··-·no_reboot_needed2703 ··-·no_reboot_needed
  
2704 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg2704 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
2705 ··file:2705 ··file:
2706 ····path:·/boot/grub2/grub.cfg2706 ····path:·/boot/grub2/grub.cfg
2707 ····group:·'0'2707 ····group:·'0'
2708 ··when:2708 ··when:
2709 ··-·'"grub2-common"·in·ansible_facts.packages' 
2710 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'2709 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
 2710 ··-·'"grub2-common"·in·ansible_facts.packages'
2711 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2711 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2712 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists2712 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
2713 ··tags:2713 ··tags:
2714 ··-·CJIS-5.5.2.22714 ··-·CJIS-5.5.2.2
2715 ··-·NIST-800-171-3.4.52715 ··-·NIST-800-171-3.4.5
2716 ··-·NIST-800-53-AC-6(1)2716 ··-·NIST-800-53-AC-6(1)
2717 ··-·NIST-800-53-CM-6(a)2717 ··-·NIST-800-53-CM-6(a)
Offset 2724, 15 lines modifiedOffset 2724, 15 lines modified
2724 ··-·medium_severity2724 ··-·medium_severity
2725 ··-·no_reboot_needed2725 ··-·no_reboot_needed
2726 Remediation_Shell_script_⇲2726 Remediation_Shell_script_⇲
2727 Complexity:·low2727 Complexity:·low
2728 Disruption:·low2728 Disruption:·low
2729 Strategy:···configure2729 Strategy:···configure
2730 #·Remediation·is·applicable·only·in·certain·platforms2730 #·Remediation·is·applicable·only·in·certain·platforms
2731 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};2731 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};
2732 then2732 then
  
2733 chgrp·0·/boot/grub2/grub.cfg2733 chgrp·0·/boot/grub2/grub.cfg
  
2734 else2734 else
2735 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'2735 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
2736 fi2736 fi
Offset 2768, 16 lines modifiedOffset 2768, 16 lines modified
2768 ··-·no_reboot_needed2768 ··-·no_reboot_needed
  
2769 -·name:·Test·for·existence·/boot/grub2/grub.cfg2769 -·name:·Test·for·existence·/boot/grub2/grub.cfg
2770 ··stat:2770 ··stat:
2771 ····path:·/boot/grub2/grub.cfg2771 ····path:·/boot/grub2/grub.cfg
2772 ··register:·file_exists2772 ··register:·file_exists
2773 ··when:2773 ··when:
2774 ··-·'"grub2-common"·in·ansible_facts.packages' 
2775 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'2774 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
 2775 ··-·'"grub2-common"·in·ansible_facts.packages'
2776 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2776 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2777 ··tags:2777 ··tags:
2778 ··-·CJIS-5.5.2.22778 ··-·CJIS-5.5.2.2
2779 ··-·NIST-800-171-3.4.52779 ··-·NIST-800-171-3.4.5
2780 ··-·NIST-800-53-AC-6(1)2780 ··-·NIST-800-53-AC-6(1)
2781 ··-·NIST-800-53-CM-6(a)2781 ··-·NIST-800-53-CM-6(a)
2782 ··-·PCI-DSS-Req-7.12782 ··-·PCI-DSS-Req-7.1
Offset 2789, 16 lines modifiedOffset 2789, 16 lines modified
2789 ··-·no_reboot_needed2789 ··-·no_reboot_needed
  
2790 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg2790 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
2791 ··file:2791 ··file:
2792 ····path:·/boot/grub2/grub.cfg2792 ····path:·/boot/grub2/grub.cfg
2793 ····owner:·'0'2793 ····owner:·'0'
2794 ··when:2794 ··when:
2795 ··-·'"grub2-common"·in·ansible_facts.packages' 
2796 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'2795 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
 2796 ··-·'"grub2-common"·in·ansible_facts.packages'
2797 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2797 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2798 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists2798 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
2799 ··tags:2799 ··tags:
2800 ··-·CJIS-5.5.2.22800 ··-·CJIS-5.5.2.2
2801 ··-·NIST-800-171-3.4.52801 ··-·NIST-800-171-3.4.5
2802 ··-·NIST-800-53-AC-6(1)2802 ··-·NIST-800-53-AC-6(1)
2803 ··-·NIST-800-53-CM-6(a)2803 ··-·NIST-800-53-CM-6(a)
Offset 2810, 15 lines modifiedOffset 2810, 15 lines modified
2810 ··-·medium_severity2810 ··-·medium_severity
2811 ··-·no_reboot_needed2811 ··-·no_reboot_needed
2812 Remediation_Shell_script_⇲2812 Remediation_Shell_script_⇲
2813 Complexity:·low2813 Complexity:·low
2814 Disruption:·low2814 Disruption:·low
2815 Strategy:···configure2815 Strategy:···configure
2816 #·Remediation·is·applicable·only·in·certain·platforms2816 #·Remediation·is·applicable·only·in·certain·platforms
2817 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};2817 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};
2818 then2818 then
  
2819 chown·0·/boot/grub2/grub.cfg2819 chown·0·/boot/grub2/grub.cfg
  
2820 else2820 else
2821 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'2821 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
2822 fi2822 fi
Offset 2852, 16 lines modifiedOffset 2852, 16 lines modified
2852 ··-·no_reboot_needed2852 ··-·no_reboot_needed
  
2853 -·name:·Test·for·existence·/boot/grub2/grub.cfg2853 -·name:·Test·for·existence·/boot/grub2/grub.cfg
2854 ··stat:2854 ··stat:
2855 ····path:·/boot/grub2/grub.cfg2855 ····path:·/boot/grub2/grub.cfg
2856 ··register:·file_exists2856 ··register:·file_exists
2857 ··when:2857 ··when:
2858 ··-·'"grub2-common"·in·ansible_facts.packages' 
2859 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'2858 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
 2859 ··-·'"grub2-common"·in·ansible_facts.packages'
2860 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]2860 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
2861 ··tags:2861 ··tags:
2862 ··-·NIST-800-171-3.4.52862 ··-·NIST-800-171-3.4.5
2863 ··-·NIST-800-53-AC-6(1)2863 ··-·NIST-800-53-AC-6(1)
2864 ··-·NIST-800-53-CM-6(a)2864 ··-·NIST-800-53-CM-6(a)
2865 ··-·configure_strategy2865 ··-·configure_strategy
2866 ··-·file_permissions_efi_grub2_cfg2866 ··-·file_permissions_efi_grub2_cfg
Offset 2871, 16 lines modifiedOffset 2871, 16 lines modified
2871 ··-·no_reboot_needed2871 ··-·no_reboot_needed
  
2872 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg2872 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
2873 ··file:2873 ··file:
2874 ····path:·/boot/grub2/grub.cfg2874 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 1080/5230 bytes (20.65%) of diff not shown.
3.12 KB
./usr/share/doc/ssg-nondebian/ssg-alinux2-guide-standard.html
    
Offset 23175, 21 lines modifiedOffset 23175, 21 lines modified
0005a860:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class0005a860:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
0005a870:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse0005a870:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
0005a880:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i0005a880:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
0005a890:·646d·3134·3535·3422·3e3c·7072·653e·3c63··dm14554"><pre><c0005a890:·646d·3134·3535·3422·3e3c·7072·653e·3c63··dm14554"><pre><c
0005a8a0:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio0005a8a0:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio
0005a8b0:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·0005a8b0:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·
0005a8c0:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·0005a8c0:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·
0005a8d0:·706c·6174·666f·726d·730a·6966·2072·706d··platforms.if·rpm0005a8d0:·706c·6174·666f·726d·730a·6966·205b·2021··platforms.if·[·!
0005a8e0:·202d·2d71·7569·6574·202d·7120·6175·6469···--quiet·-q·audi 
0005a8f0:·7420·2661·6d70·3b26·616d·703b·205b·2021··t·&amp;&amp;·[·! 
0005a900:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·0005a8e0:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·
0005a910:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!0005a8f0:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!
0005a920:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai0005a900:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai
0005a930:·6e65·7265·6e76·205d·3b20·7468·656e·0a0a··nerenv·];·then..0005a910:·6e65·7265·6e76·205d·2026·616d·703b·2661··nerenv·]·&amp;&a
 0005a920:·6d70·3b20·7270·6d20·2d2d·7175·6965·7420··mp;·rpm·--quiet·
 0005a930:·2d71·2061·7564·6974·3b20·7468·656e·0a0a··-q·audit;·then..
0005a940:·2320·4669·7273·7420·7065·7266·6f72·6d20··#·First·perform·0005a940:·2320·4669·7273·7420·7065·7266·6f72·6d20··#·First·perform·
0005a950:·7468·6520·7265·6d65·6469·6174·696f·6e20··the·remediation·0005a950:·7468·6520·7265·6d65·6469·6174·696f·6e20··the·remediation·
0005a960:·6f66·2074·6865·2073·7973·6361·6c6c·2072··of·the·syscall·r0005a960:·6f66·2074·6865·2073·7973·6361·6c6c·2072··of·the·syscall·r
0005a970:·756c·650a·2320·5265·7472·6965·7665·2068··ule.#·Retrieve·h0005a970:·756c·650a·2320·5265·7472·6965·7665·2068··ule.#·Retrieve·h
0005a980:·6172·6477·6172·6520·6172·6368·6974·6563··ardware·architec0005a980:·6172·6477·6172·6520·6172·6368·6974·6563··ardware·architec
0005a990:·7475·7265·206f·6620·7468·6520·756e·6465··ture·of·the·unde0005a990:·7475·7265·206f·6620·7468·6520·756e·6465··ture·of·the·unde
0005a9a0:·726c·7969·6e67·2073·7973·7465·6d0a·2320··rlying·system.#·0005a9a0:·726c·7969·6e67·2073·7973·7465·6d0a·2320··rlying·system.#·
1.09 KB
html2text {}
    
Offset 996, 15 lines modifiedOffset 996, 15 lines modified
996 ············4.1,·SR_4.3,·SR_5.1,·SR_5.2,·SR_5.3,·SR_6.1,·SR_6.2,·SR_7.1,·SR_7.6,·A.11.2.6,996 ············4.1,·SR_4.3,·SR_5.1,·SR_5.2,·SR_5.3,·SR_6.1,·SR_6.2,·SR_7.1,·SR_7.6,·A.11.2.6,
997 ············A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.7.1,·A.13.1.1,·A.13.2.1,·A.14.1.3,997 ············A.12.4.1,·A.12.4.2,·A.12.4.3,·A.12.4.4,·A.12.7.1,·A.13.1.1,·A.13.2.1,·A.14.1.3,
998 ············A.14.2.7,·A.15.2.1,·A.15.2.2,·A.16.1.4,·A.16.1.5,·A.16.1.7,·A.6.2.1,·A.6.2.2,·AU-2(d),998 ············A.14.2.7,·A.15.2.1,·A.15.2.2,·A.16.1.4,·A.16.1.5,·A.16.1.7,·A.6.2.1,·A.6.2.2,·AU-2(d),
999 ············AU-12(c),·AC-6(9),·CM-6(a),·DE.AE-3,·DE.AE-5,·DE.CM-1,·DE.CM-3,·DE.CM-7,·ID.SC-4,999 ············AU-12(c),·AC-6(9),·CM-6(a),·DE.AE-3,·DE.AE-5,·DE.CM-1,·DE.CM-3,·DE.CM-7,·ID.SC-4,
1000 ············PR.AC-3,·PR.PT-1,·PR.PT-4,·RS.AN-1,·RS.AN-4,·Req-10.2.71000 ············PR.AC-3,·PR.PT-1,·PR.PT-4,·RS.AN-1,·RS.AN-4,·Req-10.2.7
1001 Remediation_Shell_script_⇲1001 Remediation_Shell_script_⇲
1002 #·Remediation·is·applicable·only·in·certain·platforms1002 #·Remediation·is·applicable·only·in·certain·platforms
1003 if·rpm·--quiet·-q·audit·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then1003 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·audit;·then
  
1004 #·First·perform·the·remediation·of·the·syscall·rule1004 #·First·perform·the·remediation·of·the·syscall·rule
1005 #·Retrieve·hardware·architecture·of·the·underlying·system1005 #·Retrieve·hardware·architecture·of·the·underlying·system
1006 #·Note:·32-bit·and·64-bit·kernel·syscall·numbers·not·always·line·up·=>1006 #·Note:·32-bit·and·64-bit·kernel·syscall·numbers·not·always·line·up·=>
1007 #·······it's·required·on·a·64-bit·system·to·check·also·for·the·presence1007 #·······it's·required·on·a·64-bit·system·to·check·also·for·the·presence
1008 #·······of·32-bit's·equivalent·of·the·corresponding·rule.1008 #·······of·32-bit's·equivalent·of·the·corresponding·rule.
1009 #·······(See·`man·7·audit.rules`·for·details·)1009 #·······(See·`man·7·audit.rules`·for·details·)
22.2 KB
./usr/share/doc/ssg-nondebian/ssg-alinux3-guide-cis.html
    
Offset 66360, 22 lines modifiedOffset 66360, 22 lines modified
00103370:·6d65·3a20·5465·7374·2066·6f72·2065·7869··me:·Test·for·exi00103370:·6d65·3a20·5465·7374·2066·6f72·2065·7869··me:·Test·for·exi
00103380:·7374·656e·6365·202f·626f·6f74·2f67·7275··stence·/boot/gru00103380:·7374·656e·6365·202f·626f·6f74·2f67·7275··stence·/boot/gru
00103390:·6232·2f67·7275·622e·6366·670a·2020·7374··b2/grub.cfg.··st00103390:·6232·2f67·7275·622e·6366·670a·2020·7374··b2/grub.cfg.··st
001033a0:·6174·3a0a·2020·2020·7061·7468·3a20·2f62··at:.····path:·/b001033a0:·6174·3a0a·2020·2020·7061·7468·3a20·2f62··at:.····path:·/b
001033b0:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c001033b0:·6f6f·742f·6772·7562·322f·6772·7562·2e63··oot/grub2/grub.c
001033c0:·6667·0a20·2072·6567·6973·7465·723a·2066··fg.··register:·f001033c0:·6667·0a20·2072·6567·6973·7465·723a·2066··fg.··register:·f
001033d0:·696c·655f·6578·6973·7473·0a20·2077·6865··ile_exists.··whe001033d0:·696c·655f·6578·6973·7473·0a20·2077·6865··ile_exists.··whe
001033e0:·6e3a·0a20·202d·2027·222f·626f·6f74·2f65··n:.··-·'"/boot/e001033e0:·6e3a·0a20·202d·2027·2267·7275·6232·2d63··n:.··-·'"grub2-c
001033f0:·6669·2220·696e·2061·6e73·6962·6c65·5f6d··fi"·in·ansible_m 
00103400:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr 
00103410:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·| 
00103420:·206c·6973·7427·0a20·202d·2027·2267·7275···list'.··-·'"gru 
00103430:·6232·2d63·6f6d·6d6f·6e22·2069·6e20·616e··b2-common"·in·an001033f0:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl
00103440:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack00103400:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
 00103410:·270a·2020·2d20·2722·2f62·6f6f·742f·6566··'.··-·'"/boot/ef
 00103420:·6922·2069·6e20·616e·7369·626c·655f·6d6f··i"·in·ansible_mo
 00103430:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri
 00103440:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|·
00103450:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl00103450:·6c69·7374·270a·2020·2d20·616e·7369·626c··list'.··-·ansibl
00103460:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization00103460:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
00103470:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d00103470:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
00103480:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"00103480:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
00103490:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman00103490:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
001034a0:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].001034a0:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].
001034b0:·2020·7461·6773·3a0a·2020·2d20·434a·4953····tags:.··-·CJIS001034b0:·2020·7461·6773·3a0a·2020·2d20·434a·4953····tags:.··-·CJIS
001034c0:·2d35·2e35·2e32·2e32·0a20·202d·204e·4953··-5.5.2.2.··-·NIS001034c0:·2d35·2e35·2e32·2e32·0a20·202d·204e·4953··-5.5.2.2.··-·NIS
Offset 66396, 22 lines modifiedOffset 66396, 22 lines modified
001035b0:·616d·653a·2045·6e73·7572·6520·6772·6f75··ame:·Ensure·grou001035b0:·616d·653a·2045·6e73·7572·6520·6772·6f75··ame:·Ensure·grou
001035c0:·7020·6f77·6e65·7220·3020·6f6e·202f·626f··p·owner·0·on·/bo001035c0:·7020·6f77·6e65·7220·3020·6f6e·202f·626f··p·owner·0·on·/bo
001035d0:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf001035d0:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
001035e0:·670a·2020·6669·6c65·3a0a·2020·2020·7061··g.··file:.····pa001035e0:·670a·2020·6669·6c65·3a0a·2020·2020·7061··g.··file:.····pa
001035f0:·7468·3a20·2f62·6f6f·742f·6772·7562·322f··th:·/boot/grub2/001035f0:·7468·3a20·2f62·6f6f·742f·6772·7562·322f··th:·/boot/grub2/
00103600:·6772·7562·2e63·6667·0a20·2020·2067·726f··grub.cfg.····gro00103600:·6772·7562·2e63·6667·0a20·2020·2067·726f··grub.cfg.····gro
00103610:·7570·3a20·2730·270a·2020·7768·656e·3a0a··up:·'0'.··when:.00103610:·7570·3a20·2730·270a·2020·7768·656e·3a0a··up:·'0'.··when:.
00103620:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi" 
00103630:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun 
00103640:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu 
00103650:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li 
00103660:·7374·270a·2020·2d20·2722·6772·7562·322d··st'.··-·'"grub2-00103620:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm
00103670:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib00103630:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f
00103680:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package00103640:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
 00103650:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"·
 00103660:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount
 00103670:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut
 00103680:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis
00103690:·7327·0a20·202d·2061·6e73·6962·6c65·5f76··s'.··-·ansible_v00103690:·7427·0a20·202d·2061·6e73·6962·6c65·5f76··t'.··-·ansible_v
001036a0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty001036a0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
001036b0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock001036b0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
001036c0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope001036c0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
001036d0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·001036d0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
001036e0:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··-001036e0:·2263·6f6e·7461·696e·6572·225d·0a20·202d··"container"].··-
001036f0:·2066·696c·655f·6578·6973·7473·2e73·7461···file_exists.sta001036f0:·2066·696c·655f·6578·6973·7473·2e73·7461···file_exists.sta
00103700:·7420·6973·2064·6566·696e·6564·2061·6e64··t·is·defined·and00103700:·7420·6973·2064·6566·696e·6564·2061·6e64··t·is·defined·and
Offset 66461, 19 lines modifiedOffset 66461, 19 lines modified
001039c0:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat001039c0:·7472·3e3c·7472·3e3c·7468·3e53·7472·6174··tr><tr><th>Strat
001039d0:·6567·793a·3c2f·7468·3e3c·7464·3e63·6f6e··egy:</th><td>con001039d0:·6567·793a·3c2f·7468·3e3c·7464·3e63·6f6e··egy:</th><td>con
001039e0:·6669·6775·7265·3c2f·7464·3e3c·2f74·723e··figure</td></tr>001039e0:·6669·6775·7265·3c2f·7464·3e3c·2f74·723e··figure</td></tr>
001039f0:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co001039f0:·3c2f·7461·626c·653e·3c70·7265·3e3c·636f··</table><pre><co
00103a00:·6465·3e23·2052·656d·6564·6961·7469·6f6e··de>#·Remediation00103a00:·6465·3e23·2052·656d·6564·6961·7469·6f6e··de>#·Remediation
00103a10:·2069·7320·6170·706c·6963·6162·6c65·206f···is·applicable·o00103a10:·2069·7320·6170·706c·6963·6162·6c65·206f···is·applicable·o
00103a20:·6e6c·7920·696e·2063·6572·7461·696e·2070··nly·in·certain·p00103a20:·6e6c·7920·696e·2063·6572·7461·696e·2070··nly·in·certain·p
00103a30:·6c61·7466·6f72·6d73·0a69·6620·5b20·2d66··latforms.if·[·-f00103a30:·6c61·7466·6f72·6d73·0a69·6620·7270·6d20··latforms.if·rpm·
00103a40:·202f·7379·732f·6669·726d·7761·7265·2f65···/sys/firmware/e 
00103a50:·6669·205d·2026·616d·703b·2661·6d70·3b20··fi·]·&amp;&amp;· 
00103a60:·7270·6d20·2d2d·7175·6965·7420·2d71·2067··rpm·--quiet·-q·g00103a40:·2d2d·7175·6965·7420·2d71·2067·7275·6232··--quiet·-q·grub2
00103a70:·7275·6232·2d63·6f6d·6d6f·6e20·2661·6d70··rub2-common·&amp00103a50:·2d63·6f6d·6d6f·6e20·2661·6d70·3b26·616d··-common·&amp;&am
 00103a60:·703b·205b·202d·6620·2f73·7973·2f66·6972··p;·[·-f·/sys/fir
 00103a70:·6d77·6172·652f·6566·6920·5d20·2661·6d70··mware/efi·]·&amp
00103a80:·3b26·616d·703b·207b·205b·2021·202d·6620··;&amp;·{·[·!·-f·00103a80:·3b26·616d·703b·207b·205b·2021·202d·6620··;&amp;·{·[·!·-f·
00103a90:·2f2e·646f·636b·6572·656e·7620·5d20·2661··/.dockerenv·]·&a00103a90:·2f2e·646f·636b·6572·656e·7620·5d20·2661··/.dockerenv·]·&a
00103aa0:·6d70·3b26·616d·703b·205b·2021·202d·6620··mp;&amp;·[·!·-f·00103aa0:·6d70·3b26·616d·703b·205b·2021·202d·6620··mp;&amp;·[·!·-f·
00103ab0:·2f72·756e·2f2e·636f·6e74·6169·6e65·7265··/run/.containere00103ab0:·2f72·756e·2f2e·636f·6e74·6169·6e65·7265··/run/.containere
00103ac0:·6e76·205d·3b20·7d3b·2074·6865·6e0a·0a63··nv·];·};·then..c00103ac0:·6e76·205d·3b20·7d3b·2074·6865·6e0a·0a63··nv·];·};·then..c
00103ad0:·6867·7270·2030·202f·626f·6f74·2f67·7275··hgrp·0·/boot/gru00103ad0:·6867·7270·2030·202f·626f·6f74·2f67·7275··hgrp·0·/boot/gru
00103ae0:·6232·2f67·7275·622e·6366·670a·0a65·6c73··b2/grub.cfg..els00103ae0:·6232·2f67·7275·622e·6366·670a·0a65·6c73··b2/grub.cfg..els
Offset 66853, 21 lines modifiedOffset 66853, 21 lines modified
00105240:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·00105240:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·
00105250:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub00105250:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
00105260:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···00105260:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···
00105270:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru00105270:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru
00105280:·6232·2f67·7275·622e·6366·670a·2020·7265··b2/grub.cfg.··re00105280:·6232·2f67·7275·622e·6366·670a·2020·7265··b2/grub.cfg.··re
00105290:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi00105290:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi
001052a0:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·001052a0:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·
001052b0:·2722·2f62·6f6f·742f·6566·6922·2069·6e20··'"/boot/efi"·in· 
001052c0:·616e·7369·626c·655f·6d6f·756e·7473·207c··ansible_mounts·| 
001052d0:·206d·6170·2861·7474·7269·6275·7465·3d22···map(attribute=" 
001052e0:·6d6f·756e·7422·2920·7c20·6c69·7374·270a··mount")·|·list'. 
001052f0:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm001052b0:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"·
00105300:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f001052c0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
00105310:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·001052d0:·2e70·6163·6b61·6765·7327·0a20·202d·2027··.packages'.··-·'
 001052e0:·222f·626f·6f74·2f65·6669·2220·696e·2061··"/boot/efi"·in·a
 001052f0:·6e73·6962·6c65·5f6d·6f75·6e74·7320·7c20··nsible_mounts·|·
 00105300:·6d61·7028·6174·7472·6962·7574·653d·226d··map(attribute="m
 00105310:·6f75·6e74·2229·207c·206c·6973·7427·0a20··ount")·|·list'.·
00105320:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu00105320:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu
00105330:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n00105330:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n
00105340:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",00105340:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",
00105350:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"00105350:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"
00105360:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con00105360:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con
00105370:·7461·696e·6572·225d·0a20·2074·6167·733a··tainer"].··tags:00105370:·7461·696e·6572·225d·0a20·2074·6167·733a··tainer"].··tags:
00105380:·0a20·202d·2043·4a49·532d·352e·352e·322e··.··-·CJIS-5.5.2.00105380:·0a20·202d·2043·4a49·532d·352e·352e·322e··.··-·CJIS-5.5.2.
Offset 66888, 21 lines modifiedOffset 66888, 21 lines modified
00105470:·0a2d·206e·616d·653a·2045·6e73·7572·6520··.-·name:·Ensure·00105470:·0a2d·206e·616d·653a·2045·6e73·7572·6520··.-·name:·Ensure·
00105480:·6f77·6e65·7220·3020·6f6e·202f·626f·6f74··owner·0·on·/boot00105480:·6f77·6e65·7220·3020·6f6e·202f·626f·6f74··owner·0·on·/boot
00105490:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.00105490:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.
001054a0:·2020·6669·6c65·3a0a·2020·2020·7061·7468····file:.····path001054a0:·2020·6669·6c65·3a0a·2020·2020·7061·7468····file:.····path
001054b0:·3a20·2f62·6f6f·742f·6772·7562·322f·6772··:·/boot/grub2/gr001054b0:·3a20·2f62·6f6f·742f·6772·7562·322f·6772··:·/boot/grub2/gr
001054c0:·7562·2e63·6667·0a20·2020·206f·776e·6572··ub.cfg.····owner001054c0:·7562·2e63·6667·0a20·2020·206f·776e·6572··ub.cfg.····owner
001054d0:·3a20·2730·270a·2020·7768·656e·3a0a·2020··:·'0'.··when:.··001054d0:·3a20·2730·270a·2020·7768·656e·3a0a·2020··:·'0'.··when:.··
001054e0:·2d20·2722·2f62·6f6f·742f·6566·6922·2069··-·'"/boot/efi"·i 
001054f0:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts 
00105500:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute 
00105510:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list 
00105520:·270a·2020·2d20·2722·6772·7562·322d·636f··'.··-·'"grub2-co001054e0:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common
00105530:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible001054f0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
00105540:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'00105500:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-
 00105510:·2027·222f·626f·6f74·2f65·6669·2220·696e···'"/boot/efi"·in
 00105520:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts·
 00105530:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute=
 00105540:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list'
00105550:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir00105550:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
00105560:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type00105560:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
00105570:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker00105570:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
00105580:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv00105580:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
00105590:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c00105590:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
001055a0:·6f6e·7461·696e·6572·225d·0a20·202d·2066··ontainer"].··-·f001055a0:·6f6e·7461·696e·6572·225d·0a20·202d·2066··ontainer"].··-·f
001055b0:·696c·655f·6578·6973·7473·2e73·7461·7420··ile_exists.stat·001055b0:·696c·655f·6578·6973·7473·2e73·7461·7420··ile_exists.stat·
Max diff block lines reached; 7530/17346 bytes (43.41%) of diff not shown.
5.12 KB
html2text {}
    
Offset 5671, 16 lines modifiedOffset 5671, 16 lines modified
5671 ··-·no_reboot_needed5671 ··-·no_reboot_needed
  
5672 -·name:·Test·for·existence·/boot/grub2/grub.cfg5672 -·name:·Test·for·existence·/boot/grub2/grub.cfg
5673 ··stat:5673 ··stat:
5674 ····path:·/boot/grub2/grub.cfg5674 ····path:·/boot/grub2/grub.cfg
5675 ··register:·file_exists5675 ··register:·file_exists
5676 ··when:5676 ··when:
5677 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5678 ··-·'"grub2-common"·in·ansible_facts.packages'5677 ··-·'"grub2-common"·in·ansible_facts.packages'
 5678 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5679 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5679 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5680 ··tags:5680 ··tags:
5681 ··-·CJIS-5.5.2.25681 ··-·CJIS-5.5.2.2
5682 ··-·NIST-800-171-3.4.55682 ··-·NIST-800-171-3.4.5
5683 ··-·NIST-800-53-AC-6(1)5683 ··-·NIST-800-53-AC-6(1)
5684 ··-·NIST-800-53-CM-6(a)5684 ··-·NIST-800-53-CM-6(a)
5685 ··-·PCI-DSS-Req-7.15685 ··-·PCI-DSS-Req-7.1
Offset 5692, 16 lines modifiedOffset 5692, 16 lines modified
5692 ··-·no_reboot_needed5692 ··-·no_reboot_needed
  
5693 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg5693 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
5694 ··file:5694 ··file:
5695 ····path:·/boot/grub2/grub.cfg5695 ····path:·/boot/grub2/grub.cfg
5696 ····group:·'0'5696 ····group:·'0'
5697 ··when:5697 ··when:
5698 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5699 ··-·'"grub2-common"·in·ansible_facts.packages'5698 ··-·'"grub2-common"·in·ansible_facts.packages'
 5699 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5700 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5700 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5701 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists5701 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
5702 ··tags:5702 ··tags:
5703 ··-·CJIS-5.5.2.25703 ··-·CJIS-5.5.2.2
5704 ··-·NIST-800-171-3.4.55704 ··-·NIST-800-171-3.4.5
5705 ··-·NIST-800-53-AC-6(1)5705 ··-·NIST-800-53-AC-6(1)
5706 ··-·NIST-800-53-CM-6(a)5706 ··-·NIST-800-53-CM-6(a)
Offset 5713, 15 lines modifiedOffset 5713, 15 lines modified
5713 ··-·medium_severity5713 ··-·medium_severity
5714 ··-·no_reboot_needed5714 ··-·no_reboot_needed
5715 Remediation_Shell_script_⇲5715 Remediation_Shell_script_⇲
5716 Complexity:·low5716 Complexity:·low
5717 Disruption:·low5717 Disruption:·low
5718 Strategy:···configure5718 Strategy:···configure
5719 #·Remediation·is·applicable·only·in·certain·platforms5719 #·Remediation·is·applicable·only·in·certain·platforms
5720 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/5720 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/
5721 run/.containerenv·];·};·then5721 run/.containerenv·];·};·then
  
5722 chgrp·0·/boot/grub2/grub.cfg5722 chgrp·0·/boot/grub2/grub.cfg
  
5723 else5723 else
5724 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'5724 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
5725 fi5725 fi
Offset 5758, 16 lines modifiedOffset 5758, 16 lines modified
5758 ··-·no_reboot_needed5758 ··-·no_reboot_needed
  
5759 -·name:·Test·for·existence·/boot/grub2/grub.cfg5759 -·name:·Test·for·existence·/boot/grub2/grub.cfg
5760 ··stat:5760 ··stat:
5761 ····path:·/boot/grub2/grub.cfg5761 ····path:·/boot/grub2/grub.cfg
5762 ··register:·file_exists5762 ··register:·file_exists
5763 ··when:5763 ··when:
5764 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5765 ··-·'"grub2-common"·in·ansible_facts.packages'5764 ··-·'"grub2-common"·in·ansible_facts.packages'
 5765 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5766 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5766 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5767 ··tags:5767 ··tags:
5768 ··-·CJIS-5.5.2.25768 ··-·CJIS-5.5.2.2
5769 ··-·NIST-800-171-3.4.55769 ··-·NIST-800-171-3.4.5
5770 ··-·NIST-800-53-AC-6(1)5770 ··-·NIST-800-53-AC-6(1)
5771 ··-·NIST-800-53-CM-6(a)5771 ··-·NIST-800-53-CM-6(a)
5772 ··-·PCI-DSS-Req-7.15772 ··-·PCI-DSS-Req-7.1
Offset 5779, 16 lines modifiedOffset 5779, 16 lines modified
5779 ··-·no_reboot_needed5779 ··-·no_reboot_needed
  
5780 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg5780 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
5781 ··file:5781 ··file:
5782 ····path:·/boot/grub2/grub.cfg5782 ····path:·/boot/grub2/grub.cfg
5783 ····owner:·'0'5783 ····owner:·'0'
5784 ··when:5784 ··when:
5785 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5786 ··-·'"grub2-common"·in·ansible_facts.packages'5785 ··-·'"grub2-common"·in·ansible_facts.packages'
 5786 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5787 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5787 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5788 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists5788 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
5789 ··tags:5789 ··tags:
5790 ··-·CJIS-5.5.2.25790 ··-·CJIS-5.5.2.2
5791 ··-·NIST-800-171-3.4.55791 ··-·NIST-800-171-3.4.5
5792 ··-·NIST-800-53-AC-6(1)5792 ··-·NIST-800-53-AC-6(1)
5793 ··-·NIST-800-53-CM-6(a)5793 ··-·NIST-800-53-CM-6(a)
Offset 5800, 15 lines modifiedOffset 5800, 15 lines modified
5800 ··-·medium_severity5800 ··-·medium_severity
5801 ··-·no_reboot_needed5801 ··-·no_reboot_needed
5802 Remediation_Shell_script_⇲5802 Remediation_Shell_script_⇲
5803 Complexity:·low5803 Complexity:·low
5804 Disruption:·low5804 Disruption:·low
5805 Strategy:···configure5805 Strategy:···configure
5806 #·Remediation·is·applicable·only·in·certain·platforms5806 #·Remediation·is·applicable·only·in·certain·platforms
5807 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/5807 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/
5808 run/.containerenv·];·};·then5808 run/.containerenv·];·};·then
  
5809 chown·0·/boot/grub2/grub.cfg5809 chown·0·/boot/grub2/grub.cfg
  
5810 else5810 else
5811 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'5811 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
5812 fi5812 fi
Offset 5843, 16 lines modifiedOffset 5843, 16 lines modified
5843 ··-·no_reboot_needed5843 ··-·no_reboot_needed
  
5844 -·name:·Test·for·existence·/boot/grub2/grub.cfg5844 -·name:·Test·for·existence·/boot/grub2/grub.cfg
5845 ··stat:5845 ··stat:
5846 ····path:·/boot/grub2/grub.cfg5846 ····path:·/boot/grub2/grub.cfg
5847 ··register:·file_exists5847 ··register:·file_exists
5848 ··when:5848 ··when:
5849 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
5850 ··-·'"grub2-common"·in·ansible_facts.packages'5849 ··-·'"grub2-common"·in·ansible_facts.packages'
 5850 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
5851 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]5851 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
5852 ··tags:5852 ··tags:
5853 ··-·NIST-800-171-3.4.55853 ··-·NIST-800-171-3.4.5
5854 ··-·NIST-800-53-AC-6(1)5854 ··-·NIST-800-53-AC-6(1)
5855 ··-·NIST-800-53-CM-6(a)5855 ··-·NIST-800-53-CM-6(a)
5856 ··-·configure_strategy5856 ··-·configure_strategy
5857 ··-·file_permissions_efi_grub2_cfg5857 ··-·file_permissions_efi_grub2_cfg
Offset 5862, 16 lines modifiedOffset 5862, 16 lines modified
5862 ··-·no_reboot_needed5862 ··-·no_reboot_needed
  
5863 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg5863 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
5864 ··file:5864 ··file:
5865 ····path:·/boot/grub2/grub.cfg5865 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 1011/5222 bytes (19.36%) of diff not shown.
21.9 KB
./usr/share/doc/ssg-nondebian/ssg-alinux3-guide-cis_l1.html
    
Offset 40145, 21 lines modifiedOffset 40145, 21 lines modified
0009cd00:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc0009cd00:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc
0009cd10:·6520·2f62·6f6f·742f·6772·7562·322f·6772··e·/boot/grub2/gr0009cd10:·6520·2f62·6f6f·742f·6772·7562·322f·6772··e·/boot/grub2/gr
0009cd20:·7562·2e63·6667·0a20·2073·7461·743a·0a20··ub.cfg.··stat:.·0009cd20:·7562·2e63·6667·0a20·2073·7461·743a·0a20··ub.cfg.··stat:.·
0009cd30:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g0009cd30:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g
0009cd40:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··0009cd40:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··
0009cd50:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e0009cd50:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e
0009cd60:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··0009cd60:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··
0009cd70:·2d20·2722·2f62·6f6f·742f·6566·6922·2069··-·'"/boot/efi"·i 
0009cd80:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts 
0009cd90:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute 
0009cda0:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list 
0009cdb0:·270a·2020·2d20·2722·6772·7562·322d·636f··'.··-·'"grub2-co0009cd70:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common
0009cdc0:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible0009cd80:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
0009cdd0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'0009cd90:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-
 0009cda0:·2027·222f·626f·6f74·2f65·6669·2220·696e···'"/boot/efi"·in
 0009cdb0:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts·
 0009cdc0:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute=
 0009cdd0:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list'
0009cde0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir0009cde0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
0009cdf0:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type0009cdf0:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
0009ce00:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker0009ce00:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
0009ce10:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv0009ce10:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
0009ce20:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c0009ce20:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
0009ce30:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag0009ce30:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag
0009ce40:·733a·0a20·202d·2043·4a49·532d·352e·352e··s:.··-·CJIS-5.5.0009ce40:·733a·0a20·202d·2043·4a49·532d·352e·352e··s:.··-·CJIS-5.5.
Offset 40181, 21 lines modifiedOffset 40181, 21 lines modified
0009cf40:·456e·7375·7265·2067·726f·7570·206f·776e··Ensure·group·own0009cf40:·456e·7375·7265·2067·726f·7570·206f·776e··Ensure·group·own
0009cf50:·6572·2030·206f·6e20·2f62·6f6f·742f·6772··er·0·on·/boot/gr0009cf50:·6572·2030·206f·6e20·2f62·6f6f·742f·6772··er·0·on·/boot/gr
0009cf60:·7562·322f·6772·7562·2e63·6667·0a20·2066··ub2/grub.cfg.··f0009cf60:·7562·322f·6772·7562·2e63·6667·0a20·2066··ub2/grub.cfg.··f
0009cf70:·696c·653a·0a20·2020·2070·6174·683a·202f··ile:.····path:·/0009cf70:·696c·653a·0a20·2020·2070·6174·683a·202f··ile:.····path:·/
0009cf80:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.0009cf80:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
0009cf90:·6366·670a·2020·2020·6772·6f75·703a·2027··cfg.····group:·'0009cf90:·6366·670a·2020·2020·6772·6f75·703a·2027··cfg.····group:·'
0009cfa0:·3027·0a20·2077·6865·6e3a·0a20·202d·2027··0'.··when:.··-·'0009cfa0:·3027·0a20·2077·6865·6e3a·0a20·202d·2027··0'.··when:.··-·'
0009cfb0:·222f·626f·6f74·2f65·6669·2220·696e·2061··"/boot/efi"·in·a 
0009cfc0:·6e73·6962·6c65·5f6d·6f75·6e74·7320·7c20··nsible_mounts·|· 
0009cfd0:·6d61·7028·6174·7472·6962·7574·653d·226d··map(attribute="m 
0009cfe0:·6f75·6e74·2229·207c·206c·6973·7427·0a20··ount")·|·list'.· 
0009cff0:·202d·2027·2267·7275·6232·2d63·6f6d·6d6f···-·'"grub2-commo0009cfb0:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i
0009d000:·6e22·2069·6e20·616e·7369·626c·655f·6661··n"·in·ansible_fa0009cfc0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
0009d010:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··0009cfd0:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'"
 0009cfe0:·2f62·6f6f·742f·6566·6922·2069·6e20·616e··/boot/efi"·in·an
 0009cff0:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m
 0009d000:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo
 0009d010:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.··
0009d020:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua0009d020:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
0009d030:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no0009d030:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
0009d040:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·0009d040:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
0009d050:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",0009d050:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
0009d060:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont0009d060:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
0009d070:·6169·6e65·7222·5d0a·2020·2d20·6669·6c65··ainer"].··-·file0009d070:·6169·6e65·7222·5d0a·2020·2d20·6669·6c65··ainer"].··-·file
0009d080:·5f65·7869·7374·732e·7374·6174·2069·7320··_exists.stat·is·0009d080:·5f65·7869·7374·732e·7374·6174·2069·7320··_exists.stat·is·
Offset 40246, 19 lines modifiedOffset 40246, 19 lines modified
0009d350:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<0009d350:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<
0009d360:·2f74·683e·3c74·643e·636f·6e66·6967·7572··/th><td>configur0009d360:·2f74·683e·3c74·643e·636f·6e66·6967·7572··/th><td>configur
0009d370:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab0009d370:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab
0009d380:·6c65·3e3c·7072·653e·3c63·6f64·653e·2320··le><pre><code>#·0009d380:·6c65·3e3c·7072·653e·3c63·6f64·653e·2320··le><pre><code>#·
0009d390:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a0009d390:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a
0009d3a0:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i0009d3a0:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i
0009d3b0:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo0009d3b0:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo
 0009d3c0:·726d·730a·6966·2072·706d·202d·2d71·7569··rms.if·rpm·--qui
0009d3c0:·726d·730a·6966·205b·202d·6620·2f73·7973··rms.if·[·-f·/sys 
0009d3d0:·2f66·6972·6d77·6172·652f·6566·6920·5d20··/firmware/efi·]· 
0009d3e0:·2661·6d70·3b26·616d·703b·2072·706d·202d··&amp;&amp;·rpm·- 
0009d3f0:·2d71·7569·6574·202d·7120·6772·7562·322d··-quiet·-q·grub2-0009d3d0:·6574·202d·7120·6772·7562·322d·636f·6d6d··et·-q·grub2-comm
0009d400:·636f·6d6d·6f6e·2026·616d·703b·2661·6d70··common·&amp;&amp0009d3e0:·6f6e·2026·616d·703b·2661·6d70·3b20·5b20··on·&amp;&amp;·[·
 0009d3f0:·2d66·202f·7379·732f·6669·726d·7761·7265··-f·/sys/firmware
 0009d400:·2f65·6669·205d·2026·616d·703b·2661·6d70··/efi·]·&amp;&amp
0009d410:·3b20·7b20·5b20·2120·2d66·202f·2e64·6f63··;·{·[·!·-f·/.doc0009d410:·3b20·7b20·5b20·2120·2d66·202f·2e64·6f63··;·{·[·!·-f·/.doc
0009d420:·6b65·7265·6e76·205d·2026·616d·703b·2661··kerenv·]·&amp;&a0009d420:·6b65·7265·6e76·205d·2026·616d·703b·2661··kerenv·]·&amp;&a
0009d430:·6d70·3b20·5b20·2120·2d66·202f·7275·6e2f··mp;·[·!·-f·/run/0009d430:·6d70·3b20·5b20·2120·2d66·202f·7275·6e2f··mp;·[·!·-f·/run/
0009d440:·2e63·6f6e·7461·696e·6572·656e·7620·5d3b··.containerenv·];0009d440:·2e63·6f6e·7461·696e·6572·656e·7620·5d3b··.containerenv·];
0009d450:·207d·3b20·7468·656e·0a0a·6368·6772·7020···};·then..chgrp·0009d450:·207d·3b20·7468·656e·0a0a·6368·6772·7020···};·then..chgrp·
0009d460:·3020·2f62·6f6f·742f·6772·7562·322f·6772··0·/boot/grub2/gr0009d460:·3020·2f62·6f6f·742f·6772·7562·322f·6772··0·/boot/grub2/gr
0009d470:·7562·2e63·6667·0a0a·656c·7365·0a20·2020··ub.cfg..else.···0009d470:·7562·2e63·6667·0a0a·656c·7365·0a20·2020··ub.cfg..else.···
Offset 40637, 22 lines modifiedOffset 40637, 22 lines modified
0009ebc0:·2d20·6e61·6d65·3a20·5465·7374·2066·6f72··-·name:·Test·for0009ebc0:·2d20·6e61·6d65·3a20·5465·7374·2066·6f72··-·name:·Test·for
0009ebd0:·2065·7869·7374·656e·6365·202f·626f·6f74···existence·/boot0009ebd0:·2065·7869·7374·656e·6365·202f·626f·6f74···existence·/boot
0009ebe0:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.0009ebe0:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.
0009ebf0:·2020·7374·6174·3a0a·2020·2020·7061·7468····stat:.····path0009ebf0:·2020·7374·6174·3a0a·2020·2020·7061·7468····stat:.····path
0009ec00:·3a20·2f62·6f6f·742f·6772·7562·322f·6772··:·/boot/grub2/gr0009ec00:·3a20·2f62·6f6f·742f·6772·7562·322f·6772··:·/boot/grub2/gr
0009ec10:·7562·2e63·6667·0a20·2072·6567·6973·7465··ub.cfg.··registe0009ec10:·7562·2e63·6667·0a20·2072·6567·6973·7465··ub.cfg.··registe
0009ec20:·723a·2066·696c·655f·6578·6973·7473·0a20··r:·file_exists.·0009ec20:·723a·2066·696c·655f·6578·6973·7473·0a20··r:·file_exists.·
0009ec30:·2077·6865·6e3a·0a20·202d·2027·222f·626f···when:.··-·'"/bo0009ec30:·2077·6865·6e3a·0a20·202d·2027·2267·7275···when:.··-·'"gru
0009ec40:·6f74·2f65·6669·2220·696e·2061·6e73·6962··ot/efi"·in·ansib 
0009ec50:·6c65·5f6d·6f75·6e74·7320·7c20·6d61·7028··le_mounts·|·map( 
0009ec60:·6174·7472·6962·7574·653d·226d·6f75·6e74··attribute="mount 
0009ec70:·2229·207c·206c·6973·7427·0a20·202d·2027··")·|·list'.··-·' 
0009ec80:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i0009ec40:·6232·2d63·6f6d·6d6f·6e22·2069·6e20·616e··b2-common"·in·an
0009ec90:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.0009ec50:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
0009eca0:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an0009ec60:·6167·6573·270a·2020·2d20·2722·2f62·6f6f··ages'.··-·'"/boo
 0009ec70:·742f·6566·6922·2069·6e20·616e·7369·626c··t/efi"·in·ansibl
 0009ec80:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a
 0009ec90:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount"
 0009eca0:·2920·7c20·6c69·7374·270a·2020·2d20·616e··)·|·list'.··-·an
0009ecb0:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza0009ecb0:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
0009ecc0:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in0009ecc0:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
0009ecd0:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc0009ecd0:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
0009ece0:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po0009ece0:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
0009ecf0:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe0009ecf0:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
0009ed00:·7222·5d0a·2020·7461·6773·3a0a·2020·2d20··r"].··tags:.··-·0009ed00:·7222·5d0a·2020·7461·6773·3a0a·2020·2d20··r"].··tags:.··-·
0009ed10:·434a·4953·2d35·2e35·2e32·2e32·0a20·202d··CJIS-5.5.2.2.··-0009ed10:·434a·4953·2d35·2e35·2e32·2e32·0a20·202d··CJIS-5.5.2.2.··-
Offset 40672, 22 lines modifiedOffset 40672, 22 lines modified
0009edf0:·6f6f·745f·6e65·6564·6564·0a0a·2d20·6e61··oot_needed..-·na0009edf0:·6f6f·745f·6e65·6564·6564·0a0a·2d20·6e61··oot_needed..-·na
0009ee00:·6d65·3a20·456e·7375·7265·206f·776e·6572··me:·Ensure·owner0009ee00:·6d65·3a20·456e·7375·7265·206f·776e·6572··me:·Ensure·owner
0009ee10:·2030·206f·6e20·2f62·6f6f·742f·6772·7562···0·on·/boot/grub0009ee10:·2030·206f·6e20·2f62·6f6f·742f·6772·7562···0·on·/boot/grub
0009ee20:·322f·6772·7562·2e63·6667·0a20·2066·696c··2/grub.cfg.··fil0009ee20:·322f·6772·7562·2e63·6667·0a20·2066·696c··2/grub.cfg.··fil
0009ee30:·653a·0a20·2020·2070·6174·683a·202f·626f··e:.····path:·/bo0009ee30:·653a·0a20·2020·2070·6174·683a·202f·626f··e:.····path:·/bo
0009ee40:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf0009ee40:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
0009ee50:·670a·2020·2020·6f77·6e65·723a·2027·3027··g.····owner:·'0'0009ee50:·670a·2020·2020·6f77·6e65·723a·2027·3027··g.····owner:·'0'
0009ee60:·0a20·2077·6865·6e3a·0a20·202d·2027·222f··.··when:.··-·'"/0009ee60:·0a20·2077·6865·6e3a·0a20·202d·2027·2267··.··when:.··-·'"g
0009ee70:·626f·6f74·2f65·6669·2220·696e·2061·6e73··boot/efi"·in·ans 
0009ee80:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma 
0009ee90:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou 
0009eea0:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··- 
0009eeb0:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common"0009ee70:·7275·6232·2d63·6f6d·6d6f·6e22·2069·6e20··rub2-common"·in·
0009eec0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact0009ee80:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
0009eed0:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·0009ee90:·636b·6167·6573·270a·2020·2d20·2722·2f62··ckages'.··-·'"/b
 0009eea0:·6f6f·742f·6566·6922·2069·6e20·616e·7369··oot/efi"·in·ansi
 0009eeb0:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map
 0009eec0:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun
 0009eed0:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-·
0009eee0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali0009eee0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
0009eef0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·0009eef0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
0009ef00:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l0009ef00:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
0009ef10:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"0009ef10:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
0009ef20:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai0009ef20:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
0009ef30:·6e65·7222·5d0a·2020·2d20·6669·6c65·5f65··ner"].··-·file_e0009ef30:·6e65·7222·5d0a·2020·2d20·6669·6c65·5f65··ner"].··-·file_e
Max diff block lines reached; 7280/17070 bytes (42.65%) of diff not shown.
5.12 KB
html2text {}
    
Offset 3075, 16 lines modifiedOffset 3075, 16 lines modified
3075 ··-·no_reboot_needed3075 ··-·no_reboot_needed
  
3076 -·name:·Test·for·existence·/boot/grub2/grub.cfg3076 -·name:·Test·for·existence·/boot/grub2/grub.cfg
3077 ··stat:3077 ··stat:
3078 ····path:·/boot/grub2/grub.cfg3078 ····path:·/boot/grub2/grub.cfg
3079 ··register:·file_exists3079 ··register:·file_exists
3080 ··when:3080 ··when:
3081 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3082 ··-·'"grub2-common"·in·ansible_facts.packages'3081 ··-·'"grub2-common"·in·ansible_facts.packages'
 3082 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
3083 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3083 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3084 ··tags:3084 ··tags:
3085 ··-·CJIS-5.5.2.23085 ··-·CJIS-5.5.2.2
3086 ··-·NIST-800-171-3.4.53086 ··-·NIST-800-171-3.4.5
3087 ··-·NIST-800-53-AC-6(1)3087 ··-·NIST-800-53-AC-6(1)
3088 ··-·NIST-800-53-CM-6(a)3088 ··-·NIST-800-53-CM-6(a)
3089 ··-·PCI-DSS-Req-7.13089 ··-·PCI-DSS-Req-7.1
Offset 3096, 16 lines modifiedOffset 3096, 16 lines modified
3096 ··-·no_reboot_needed3096 ··-·no_reboot_needed
  
3097 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg3097 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
3098 ··file:3098 ··file:
3099 ····path:·/boot/grub2/grub.cfg3099 ····path:·/boot/grub2/grub.cfg
3100 ····group:·'0'3100 ····group:·'0'
3101 ··when:3101 ··when:
3102 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3103 ··-·'"grub2-common"·in·ansible_facts.packages'3102 ··-·'"grub2-common"·in·ansible_facts.packages'
 3103 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
3104 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3104 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3105 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists3105 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
3106 ··tags:3106 ··tags:
3107 ··-·CJIS-5.5.2.23107 ··-·CJIS-5.5.2.2
3108 ··-·NIST-800-171-3.4.53108 ··-·NIST-800-171-3.4.5
3109 ··-·NIST-800-53-AC-6(1)3109 ··-·NIST-800-53-AC-6(1)
3110 ··-·NIST-800-53-CM-6(a)3110 ··-·NIST-800-53-CM-6(a)
Offset 3117, 15 lines modifiedOffset 3117, 15 lines modified
3117 ··-·medium_severity3117 ··-·medium_severity
3118 ··-·no_reboot_needed3118 ··-·no_reboot_needed
3119 Remediation_Shell_script_⇲3119 Remediation_Shell_script_⇲
3120 Complexity:·low3120 Complexity:·low
3121 Disruption:·low3121 Disruption:·low
3122 Strategy:···configure3122 Strategy:···configure
3123 #·Remediation·is·applicable·only·in·certain·platforms3123 #·Remediation·is·applicable·only·in·certain·platforms
3124 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/3124 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/
3125 run/.containerenv·];·};·then3125 run/.containerenv·];·};·then
  
3126 chgrp·0·/boot/grub2/grub.cfg3126 chgrp·0·/boot/grub2/grub.cfg
  
3127 else3127 else
3128 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'3128 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
3129 fi3129 fi
Offset 3162, 16 lines modifiedOffset 3162, 16 lines modified
3162 ··-·no_reboot_needed3162 ··-·no_reboot_needed
  
3163 -·name:·Test·for·existence·/boot/grub2/grub.cfg3163 -·name:·Test·for·existence·/boot/grub2/grub.cfg
3164 ··stat:3164 ··stat:
3165 ····path:·/boot/grub2/grub.cfg3165 ····path:·/boot/grub2/grub.cfg
3166 ··register:·file_exists3166 ··register:·file_exists
3167 ··when:3167 ··when:
3168 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3169 ··-·'"grub2-common"·in·ansible_facts.packages'3168 ··-·'"grub2-common"·in·ansible_facts.packages'
 3169 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
3170 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3170 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3171 ··tags:3171 ··tags:
3172 ··-·CJIS-5.5.2.23172 ··-·CJIS-5.5.2.2
3173 ··-·NIST-800-171-3.4.53173 ··-·NIST-800-171-3.4.5
3174 ··-·NIST-800-53-AC-6(1)3174 ··-·NIST-800-53-AC-6(1)
3175 ··-·NIST-800-53-CM-6(a)3175 ··-·NIST-800-53-CM-6(a)
3176 ··-·PCI-DSS-Req-7.13176 ··-·PCI-DSS-Req-7.1
Offset 3183, 16 lines modifiedOffset 3183, 16 lines modified
3183 ··-·no_reboot_needed3183 ··-·no_reboot_needed
  
3184 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg3184 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
3185 ··file:3185 ··file:
3186 ····path:·/boot/grub2/grub.cfg3186 ····path:·/boot/grub2/grub.cfg
3187 ····owner:·'0'3187 ····owner:·'0'
3188 ··when:3188 ··when:
3189 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3190 ··-·'"grub2-common"·in·ansible_facts.packages'3189 ··-·'"grub2-common"·in·ansible_facts.packages'
 3190 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
3191 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3191 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3192 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists3192 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
3193 ··tags:3193 ··tags:
3194 ··-·CJIS-5.5.2.23194 ··-·CJIS-5.5.2.2
3195 ··-·NIST-800-171-3.4.53195 ··-·NIST-800-171-3.4.5
3196 ··-·NIST-800-53-AC-6(1)3196 ··-·NIST-800-53-AC-6(1)
3197 ··-·NIST-800-53-CM-6(a)3197 ··-·NIST-800-53-CM-6(a)
Offset 3204, 15 lines modifiedOffset 3204, 15 lines modified
3204 ··-·medium_severity3204 ··-·medium_severity
3205 ··-·no_reboot_needed3205 ··-·no_reboot_needed
3206 Remediation_Shell_script_⇲3206 Remediation_Shell_script_⇲
3207 Complexity:·low3207 Complexity:·low
3208 Disruption:·low3208 Disruption:·low
3209 Strategy:···configure3209 Strategy:···configure
3210 #·Remediation·is·applicable·only·in·certain·platforms3210 #·Remediation·is·applicable·only·in·certain·platforms
3211 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/3211 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/
3212 run/.containerenv·];·};·then3212 run/.containerenv·];·};·then
  
3213 chown·0·/boot/grub2/grub.cfg3213 chown·0·/boot/grub2/grub.cfg
  
3214 else3214 else
3215 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'3215 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
3216 fi3216 fi
Offset 3247, 16 lines modifiedOffset 3247, 16 lines modified
3247 ··-·no_reboot_needed3247 ··-·no_reboot_needed
  
3248 -·name:·Test·for·existence·/boot/grub2/grub.cfg3248 -·name:·Test·for·existence·/boot/grub2/grub.cfg
3249 ··stat:3249 ··stat:
3250 ····path:·/boot/grub2/grub.cfg3250 ····path:·/boot/grub2/grub.cfg
3251 ··register:·file_exists3251 ··register:·file_exists
3252 ··when:3252 ··when:
3253 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
3254 ··-·'"grub2-common"·in·ansible_facts.packages'3253 ··-·'"grub2-common"·in·ansible_facts.packages'
 3254 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
3255 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]3255 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
3256 ··tags:3256 ··tags:
3257 ··-·NIST-800-171-3.4.53257 ··-·NIST-800-171-3.4.5
3258 ··-·NIST-800-53-AC-6(1)3258 ··-·NIST-800-53-AC-6(1)
3259 ··-·NIST-800-53-CM-6(a)3259 ··-·NIST-800-53-CM-6(a)
3260 ··-·configure_strategy3260 ··-·configure_strategy
3261 ··-·file_permissions_efi_grub2_cfg3261 ··-·file_permissions_efi_grub2_cfg
Offset 3266, 16 lines modifiedOffset 3266, 16 lines modified
3266 ··-·no_reboot_needed3266 ··-·no_reboot_needed
  
3267 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg3267 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
3268 ··file:3268 ··file:
3269 ····path:·/boot/grub2/grub.cfg3269 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 1011/5222 bytes (19.36%) of diff not shown.
90.3 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-cis.html
    
Offset 185605, 22 lines modifiedOffset 185605, 22 lines modified
002d5040:·206e·616d·653a·2054·6573·7420·666f·7220···name:·Test·for·002d5040:·206e·616d·653a·2054·6573·7420·666f·7220···name:·Test·for·
002d5050:·6578·6973·7465·6e63·6520·2f62·6f6f·742f··existence·/boot/002d5050:·6578·6973·7465·6e63·6520·2f62·6f6f·742f··existence·/boot/
002d5060:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·002d5060:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·
002d5070:·2073·7461·743a·0a20·2020·2070·6174·683a···stat:.····path:002d5070:·2073·7461·743a·0a20·2020·2070·6174·683a···stat:.····path:
002d5080:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru002d5080:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
002d5090:·622e·6366·670a·2020·7265·6769·7374·6572··b.cfg.··register002d5090:·622e·6366·670a·2020·7265·6769·7374·6572··b.cfg.··register
002d50a0:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··002d50a0:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··
002d50b0:·7768·656e·3a0a·2020·2d20·2722·2f62·6f6f··when:.··-·'"/boo002d50b0:·7768·656e·3a0a·2020·2d20·2722·6772·7562··when:.··-·'"grub
002d50c0:·742f·6566·6922·206e·6f74·2069·6e20·616e··t/efi"·not·in·an 
002d50d0:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m 
002d50e0:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo 
002d50f0:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.·· 
002d5100:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common 
002d5110:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
002d5120:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-002d50c0:·322d·636f·6d6d·6f6e·2220·696e·2061·6e73··2-common"·in·ans
 002d50d0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
 002d50e0:·6765·7327·0a20·202d·2027·222f·626f·6f74··ges'.··-·'"/boot
 002d50f0:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans
 002d5100:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma
 002d5110:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou
 002d5120:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··-
002d5130:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual002d5130:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
002d5140:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not002d5140:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
002d5150:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"002d5150:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
002d5160:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·002d5160:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
002d5170:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta002d5170:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
002d5180:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·002d5180:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·
002d5190:·202d·2043·4a49·532d·352e·352e·322e·320a···-·CJIS-5.5.2.2.002d5190:·202d·2043·4a49·532d·352e·352e·322e·320a···-·CJIS-5.5.2.2.
Offset 185641, 22 lines modifiedOffset 185641, 22 lines modified
002d5280:·2d20·6e61·6d65·3a20·456e·7375·7265·2067··-·name:·Ensure·g002d5280:·2d20·6e61·6d65·3a20·456e·7375·7265·2067··-·name:·Ensure·g
002d5290:·726f·7570·206f·776e·6572·2030·206f·6e20··roup·owner·0·on·002d5290:·726f·7570·206f·776e·6572·2030·206f·6e20··roup·owner·0·on·
002d52a0:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub002d52a0:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
002d52b0:·2e63·6667·0a20·2066·696c·653a·0a20·2020··.cfg.··file:.···002d52b0:·2e63·6667·0a20·2066·696c·653a·0a20·2020··.cfg.··file:.···
002d52c0:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru002d52c0:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru
002d52d0:·6232·2f67·7275·622e·6366·670a·2020·2020··b2/grub.cfg.····002d52d0:·6232·2f67·7275·622e·6366·670a·2020·2020··b2/grub.cfg.····
002d52e0:·6772·6f75·703a·2027·3027·0a20·2077·6865··group:·'0'.··whe002d52e0:·6772·6f75·703a·2027·3027·0a20·2077·6865··group:·'0'.··whe
002d52f0:·6e3a·0a20·202d·2027·222f·626f·6f74·2f65··n:.··-·'"/boot/e002d52f0:·6e3a·0a20·202d·2027·2267·7275·6232·2d63··n:.··-·'"grub2-c
002d5300:·6669·2220·6e6f·7420·696e·2061·6e73·6962··fi"·not·in·ansib 
002d5310:·6c65·5f6d·6f75·6e74·7320·7c20·6d61·7028··le_mounts·|·map( 
002d5320:·6174·7472·6962·7574·653d·226d·6f75·6e74··attribute="mount 
002d5330:·2229·207c·206c·6973·7427·0a20·202d·2027··")·|·list'.··-·' 
002d5340:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i 
002d5350:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
002d5360:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an002d5300:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl
 002d5310:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
 002d5320:·270a·2020·2d20·2722·2f62·6f6f·742f·6566··'.··-·'"/boot/ef
 002d5330:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl
 002d5340:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a
 002d5350:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount"
 002d5360:·2920·7c20·6c69·7374·270a·2020·2d20·616e··)·|·list'.··-·an
002d5370:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza002d5370:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
002d5380:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in002d5380:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
002d5390:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc002d5390:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
002d53a0:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po002d53a0:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
002d53b0:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe002d53b0:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
002d53c0:·7222·5d0a·2020·2d20·6669·6c65·5f65·7869··r"].··-·file_exi002d53c0:·7222·5d0a·2020·2d20·6669·6c65·5f65·7869··r"].··-·file_exi
002d53d0:·7374·732e·7374·6174·2069·7320·6465·6669··sts.stat·is·defi002d53d0:·7374·732e·7374·6174·2069·7320·6465·6669··sts.stat·is·defi
Offset 185706, 19 lines modifiedOffset 185706, 19 lines modified
002d5690:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St002d5690:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St
002d56a0:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>002d56a0:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>
002d56b0:·636f·6e66·6967·7572·653c·2f74·643e·3c2f··configure</td></002d56b0:·636f·6e66·6967·7572·653c·2f74·643e·3c2f··configure</td></
002d56c0:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>002d56c0:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>
002d56d0:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat002d56d0:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat
002d56e0:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl002d56e0:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl
002d56f0:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai002d56f0:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai
002d5700:·6e20·706c·6174·666f·726d·730a·6966·205b··n·platforms.if·[002d5700:·6e20·706c·6174·666f·726d·730a·6966·2072··n·platforms.if·r
002d5710:·2021·202d·6620·2f73·7973·2f66·6972·6d77···!·-f·/sys/firmw 
002d5720:·6172·652f·6566·6920·5d20·2661·6d70·3b26··are/efi·]·&amp;& 
002d5730:·616d·703b·2072·706d·202d·2d71·7569·6574··amp;·rpm·--quiet 
002d5740:·202d·7120·6772·7562·322d·636f·6d6d·6f6e···-q·grub2-common002d5710:·706d·202d·2d71·7569·6574·202d·7120·6772··pm·--quiet·-q·gr
 002d5720:·7562·322d·636f·6d6d·6f6e·2026·616d·703b··ub2-common·&amp;
 002d5730:·2661·6d70·3b20·5b20·2120·2d66·202f·7379··&amp;·[·!·-f·/sy
 002d5740:·732f·6669·726d·7761·7265·2f65·6669·205d··s/firmware/efi·]
002d5750:·2026·616d·703b·2661·6d70·3b20·7b20·5b20···&amp;&amp;·{·[·002d5750:·2026·616d·703b·2661·6d70·3b20·7b20·5b20···&amp;&amp;·{·[·
002d5760:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv002d5760:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv
002d5770:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·002d5770:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·
002d5780:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta002d5780:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta
002d5790:·696e·6572·656e·7620·5d3b·207d·3b20·7468··inerenv·];·};·th002d5790:·696e·6572·656e·7620·5d3b·207d·3b20·7468··inerenv·];·};·th
002d57a0:·656e·0a0a·6368·6772·7020·3020·2f62·6f6f··en..chgrp·0·/boo002d57a0:·656e·0a0a·6368·6772·7020·3020·2f62·6f6f··en..chgrp·0·/boo
002d57b0:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg002d57b0:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg
Offset 186209, 22 lines modifiedOffset 186209, 22 lines modified
002d7600:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·002d7600:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·
002d7610:·2f62·6f6f·742f·6772·7562·322f·7573·6572··/boot/grub2/user002d7610:·2f62·6f6f·742f·6772·7562·322f·7573·6572··/boot/grub2/user
002d7620:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···002d7620:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···
002d7630:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru002d7630:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru
002d7640:·6232·2f75·7365·722e·6366·670a·2020·7265··b2/user.cfg.··re002d7640:·6232·2f75·7365·722e·6366·670a·2020·7265··b2/user.cfg.··re
002d7650:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi002d7650:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi
002d7660:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·002d7660:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·
002d7670:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not 
002d7680:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun 
002d7690:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu 
002d76a0:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li 
002d76b0:·7374·270a·2020·2d20·2722·6772·7562·322d··st'.··-·'"grub2- 
002d76c0:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib 
002d76d0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package002d7670:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"·
 002d7680:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 002d7690:·2e70·6163·6b61·6765·7327·0a20·202d·2027··.packages'.··-·'
 002d76a0:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not·
 002d76b0:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount
 002d76c0:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut
 002d76d0:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis
002d76e0:·7327·0a20·202d·2061·6e73·6962·6c65·5f76··s'.··-·ansible_v002d76e0:·7427·0a20·202d·2061·6e73·6962·6c65·5f76··t'.··-·ansible_v
002d76f0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty002d76f0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
002d7700:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock002d7700:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
002d7710:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope002d7710:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
002d7720:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·002d7720:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
002d7730:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t002d7730:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t
002d7740:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.002d7740:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.
002d7750:·352e·322e·320a·2020·2d20·4e49·5354·2d38··5.2.2.··-·NIST-8002d7750:·352e·322e·320a·2020·2d20·4e49·5354·2d38··5.2.2.··-·NIST-8
Offset 186244, 22 lines modifiedOffset 186244, 22 lines modified
002d7830:·6465·640a·0a2d·206e·616d·653a·2045·6e73··ded..-·name:·Ens002d7830:·6465·640a·0a2d·206e·616d·653a·2045·6e73··ded..-·name:·Ens
002d7840:·7572·6520·6772·6f75·7020·6f77·6e65·7220··ure·group·owner·002d7840:·7572·6520·6772·6f75·7020·6f77·6e65·7220··ure·group·owner·
002d7850:·3020·6f6e·202f·626f·6f74·2f67·7275·6232··0·on·/boot/grub2002d7850:·3020·6f6e·202f·626f·6f74·2f67·7275·6232··0·on·/boot/grub2
002d7860:·2f75·7365·722e·6366·670a·2020·6669·6c65··/user.cfg.··file002d7860:·2f75·7365·722e·6366·670a·2020·6669·6c65··/user.cfg.··file
002d7870:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo002d7870:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo
002d7880:·742f·6772·7562·322f·7573·6572·2e63·6667··t/grub2/user.cfg002d7880:·742f·6772·7562·322f·7573·6572·2e63·6667··t/grub2/user.cfg
002d7890:·0a20·2020·2067·726f·7570·3a20·2730·270a··.····group:·'0'.002d7890:·0a20·2020·2067·726f·7570·3a20·2730·270a··.····group:·'0'.
002d78a0:·2020·7768·656e·3a0a·2020·2d20·2722·2f62····when:.··-·'"/b002d78a0:·2020·7768·656e·3a0a·2020·2d20·2722·6772····when:.··-·'"gr
002d78b0:·6f6f·742f·6566·6922·206e·6f74·2069·6e20··oot/efi"·not·in· 
002d78c0:·616e·7369·626c·655f·6d6f·756e·7473·207c··ansible_mounts·| 
002d78d0:·206d·6170·2861·7474·7269·6275·7465·3d22···map(attribute=" 
002d78e0:·6d6f·756e·7422·2920·7c20·6c69·7374·270a··mount")·|·list'. 
002d78f0:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm 
002d7900:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f 
002d7910:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·002d78b0:·7562·322d·636f·6d6d·6f6e·2220·696e·2061··ub2-common"·in·a
 002d78c0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
 002d78d0:·6b61·6765·7327·0a20·202d·2027·222f·626f··kages'.··-·'"/bo
Max diff block lines reached; 60208/69870 bytes (86.17%) of diff not shown.
22.0 KB
html2text {}
    
Offset 41793, 16 lines modifiedOffset 41793, 16 lines modified
41793 ··-·no_reboot_needed41793 ··-·no_reboot_needed
  
41794 -·name:·Test·for·existence·/boot/grub2/grub.cfg41794 -·name:·Test·for·existence·/boot/grub2/grub.cfg
41795 ··stat:41795 ··stat:
41796 ····path:·/boot/grub2/grub.cfg41796 ····path:·/boot/grub2/grub.cfg
41797 ··register:·file_exists41797 ··register:·file_exists
41798 ··when:41798 ··when:
41799 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41800 ··-·'"grub2-common"·in·ansible_facts.packages'41799 ··-·'"grub2-common"·in·ansible_facts.packages'
 41800 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
41801 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41801 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41802 ··tags:41802 ··tags:
41803 ··-·CJIS-5.5.2.241803 ··-·CJIS-5.5.2.2
41804 ··-·NIST-800-171-3.4.541804 ··-·NIST-800-171-3.4.5
41805 ··-·NIST-800-53-AC-6(1)41805 ··-·NIST-800-53-AC-6(1)
41806 ··-·NIST-800-53-CM-6(a)41806 ··-·NIST-800-53-CM-6(a)
41807 ··-·PCI-DSS-Req-7.141807 ··-·PCI-DSS-Req-7.1
Offset 41814, 16 lines modifiedOffset 41814, 16 lines modified
41814 ··-·no_reboot_needed41814 ··-·no_reboot_needed
  
41815 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg41815 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
41816 ··file:41816 ··file:
41817 ····path:·/boot/grub2/grub.cfg41817 ····path:·/boot/grub2/grub.cfg
41818 ····group:·'0'41818 ····group:·'0'
41819 ··when:41819 ··when:
41820 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41821 ··-·'"grub2-common"·in·ansible_facts.packages'41820 ··-·'"grub2-common"·in·ansible_facts.packages'
 41821 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
41822 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41822 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41823 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists41823 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
41824 ··tags:41824 ··tags:
41825 ··-·CJIS-5.5.2.241825 ··-·CJIS-5.5.2.2
41826 ··-·NIST-800-171-3.4.541826 ··-·NIST-800-171-3.4.5
41827 ··-·NIST-800-53-AC-6(1)41827 ··-·NIST-800-53-AC-6(1)
41828 ··-·NIST-800-53-CM-6(a)41828 ··-·NIST-800-53-CM-6(a)
Offset 41835, 15 lines modifiedOffset 41835, 15 lines modified
41835 ··-·medium_severity41835 ··-·medium_severity
41836 ··-·no_reboot_needed41836 ··-·no_reboot_needed
41837 Remediation_Shell_script_⇲41837 Remediation_Shell_script_⇲
41838 Complexity:·low41838 Complexity:·low
41839 Disruption:·low41839 Disruption:·low
41840 Strategy:···configure41840 Strategy:···configure
41841 #·Remediation·is·applicable·only·in·certain·platforms41841 #·Remediation·is·applicable·only·in·certain·platforms
41842 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then41842 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
41843 chgrp·0·/boot/grub2/grub.cfg41843 chgrp·0·/boot/grub2/grub.cfg
  
41844 else41844 else
41845 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'41845 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
41846 fi41846 fi
41847 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***41847 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***
Offset 41874, 16 lines modifiedOffset 41874, 16 lines modified
41874 ··-·no_reboot_needed41874 ··-·no_reboot_needed
  
41875 -·name:·Test·for·existence·/boot/grub2/user.cfg41875 -·name:·Test·for·existence·/boot/grub2/user.cfg
41876 ··stat:41876 ··stat:
41877 ····path:·/boot/grub2/user.cfg41877 ····path:·/boot/grub2/user.cfg
41878 ··register:·file_exists41878 ··register:·file_exists
41879 ··when:41879 ··when:
41880 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41881 ··-·'"grub2-common"·in·ansible_facts.packages'41880 ··-·'"grub2-common"·in·ansible_facts.packages'
 41881 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
41882 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41882 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41883 ··tags:41883 ··tags:
41884 ··-·CJIS-5.5.2.241884 ··-·CJIS-5.5.2.2
41885 ··-·NIST-800-171-3.4.541885 ··-·NIST-800-171-3.4.5
41886 ··-·NIST-800-53-AC-6(1)41886 ··-·NIST-800-53-AC-6(1)
41887 ··-·NIST-800-53-CM-6(a)41887 ··-·NIST-800-53-CM-6(a)
41888 ··-·PCI-DSS-Req-7.141888 ··-·PCI-DSS-Req-7.1
Offset 41895, 16 lines modifiedOffset 41895, 16 lines modified
41895 ··-·no_reboot_needed41895 ··-·no_reboot_needed
  
41896 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg41896 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
41897 ··file:41897 ··file:
41898 ····path:·/boot/grub2/user.cfg41898 ····path:·/boot/grub2/user.cfg
41899 ····group:·'0'41899 ····group:·'0'
41900 ··when:41900 ··when:
41901 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41902 ··-·'"grub2-common"·in·ansible_facts.packages'41901 ··-·'"grub2-common"·in·ansible_facts.packages'
 41902 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
41903 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41903 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41904 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists41904 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
41905 ··tags:41905 ··tags:
41906 ··-·CJIS-5.5.2.241906 ··-·CJIS-5.5.2.2
41907 ··-·NIST-800-171-3.4.541907 ··-·NIST-800-171-3.4.5
41908 ··-·NIST-800-53-AC-6(1)41908 ··-·NIST-800-53-AC-6(1)
41909 ··-·NIST-800-53-CM-6(a)41909 ··-·NIST-800-53-CM-6(a)
Offset 41916, 15 lines modifiedOffset 41916, 15 lines modified
41916 ··-·medium_severity41916 ··-·medium_severity
41917 ··-·no_reboot_needed41917 ··-·no_reboot_needed
41918 Remediation_Shell_script_⇲41918 Remediation_Shell_script_⇲
41919 Complexity:·low41919 Complexity:·low
41920 Disruption:·low41920 Disruption:·low
41921 Strategy:···configure41921 Strategy:···configure
41922 #·Remediation·is·applicable·only·in·certain·platforms41922 #·Remediation·is·applicable·only·in·certain·platforms
41923 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then41923 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
41924 chgrp·0·/boot/grub2/user.cfg41924 chgrp·0·/boot/grub2/user.cfg
  
41925 else41925 else
41926 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'41926 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
41927 fi41927 fi
41928 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***41928 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 41955, 16 lines modifiedOffset 41955, 16 lines modified
41955 ··-·no_reboot_needed41955 ··-·no_reboot_needed
  
41956 -·name:·Test·for·existence·/boot/grub2/grub.cfg41956 -·name:·Test·for·existence·/boot/grub2/grub.cfg
41957 ··stat:41957 ··stat:
41958 ····path:·/boot/grub2/grub.cfg41958 ····path:·/boot/grub2/grub.cfg
41959 ··register:·file_exists41959 ··register:·file_exists
41960 ··when:41960 ··when:
41961 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41962 ··-·'"grub2-common"·in·ansible_facts.packages'41961 ··-·'"grub2-common"·in·ansible_facts.packages'
 41962 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
41963 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41963 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41964 ··tags:41964 ··tags:
41965 ··-·CJIS-5.5.2.241965 ··-·CJIS-5.5.2.2
41966 ··-·NIST-800-171-3.4.541966 ··-·NIST-800-171-3.4.5
41967 ··-·NIST-800-53-AC-6(1)41967 ··-·NIST-800-53-AC-6(1)
41968 ··-·NIST-800-53-CM-6(a)41968 ··-·NIST-800-53-CM-6(a)
41969 ··-·PCI-DSS-Req-7.141969 ··-·PCI-DSS-Req-7.1
Offset 41976, 16 lines modifiedOffset 41976, 16 lines modified
41976 ··-·no_reboot_needed41976 ··-·no_reboot_needed
  
41977 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg41977 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
41978 ··file:41978 ··file:
41979 ····path:·/boot/grub2/grub.cfg41979 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 18069/22482 bytes (80.37%) of diff not shown.
89.9 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-cis_server_l1.html
    
Offset 59536, 22 lines modifiedOffset 59536, 22 lines modified
000e88f0:·6e61·6d65·3a20·5465·7374·2066·6f72·2065··name:·Test·for·e000e88f0:·6e61·6d65·3a20·5465·7374·2066·6f72·2065··name:·Test·for·e
000e8900:·7869·7374·656e·6365·202f·626f·6f74·2f67··xistence·/boot/g000e8900:·7869·7374·656e·6365·202f·626f·6f74·2f67··xistence·/boot/g
000e8910:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··000e8910:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··
000e8920:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:·000e8920:·7374·6174·3a0a·2020·2020·7061·7468·3a20··stat:.····path:·
000e8930:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub000e8930:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
000e8940:·2e63·6667·0a20·2072·6567·6973·7465·723a··.cfg.··register:000e8940:·2e63·6667·0a20·2072·6567·6973·7465·723a··.cfg.··register:
000e8950:·2066·696c·655f·6578·6973·7473·0a20·2077···file_exists.··w000e8950:·2066·696c·655f·6578·6973·7473·0a20·2077···file_exists.··w
000e8960:·6865·6e3a·0a20·202d·2027·222f·626f·6f74··hen:.··-·'"/boot000e8960:·6865·6e3a·0a20·202d·2027·2267·7275·6232··hen:.··-·'"grub2
000e8970:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans 
000e8980:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma 
000e8990:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou 
000e89a0:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··- 
000e89b0:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common" 
000e89c0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
000e89d0:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·000e8970:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi
 000e8980:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
 000e8990:·6573·270a·2020·2d20·2722·2f62·6f6f·742f··es'.··-·'"/boot/
 000e89a0:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi
 000e89b0:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map
 000e89c0:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun
 000e89d0:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-·
000e89e0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali000e89e0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
000e89f0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·000e89f0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
000e8a00:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l000e8a00:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
000e8a10:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"000e8a10:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
000e8a20:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai000e8a20:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
000e8a30:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··000e8a30:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··
000e8a40:·2d20·434a·4953·2d35·2e35·2e32·2e32·0a20··-·CJIS-5.5.2.2.·000e8a40:·2d20·434a·4953·2d35·2e35·2e32·2e32·0a20··-·CJIS-5.5.2.2.·
Offset 59572, 22 lines modifiedOffset 59572, 22 lines modified
000e8b30:·206e·616d·653a·2045·6e73·7572·6520·6772···name:·Ensure·gr000e8b30:·206e·616d·653a·2045·6e73·7572·6520·6772···name:·Ensure·gr
000e8b40:·6f75·7020·6f77·6e65·7220·3020·6f6e·202f··oup·owner·0·on·/000e8b40:·6f75·7020·6f77·6e65·7220·3020·6f6e·202f··oup·owner·0·on·/
000e8b50:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.000e8b50:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
000e8b60:·6366·670a·2020·6669·6c65·3a0a·2020·2020··cfg.··file:.····000e8b60:·6366·670a·2020·6669·6c65·3a0a·2020·2020··cfg.··file:.····
000e8b70:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub000e8b70:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub
000e8b80:·322f·6772·7562·2e63·6667·0a20·2020·2067··2/grub.cfg.····g000e8b80:·322f·6772·7562·2e63·6667·0a20·2020·2067··2/grub.cfg.····g
000e8b90:·726f·7570·3a20·2730·270a·2020·7768·656e··roup:·'0'.··when000e8b90:·726f·7570·3a20·2730·270a·2020·7768·656e··roup:·'0'.··when
000e8ba0:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef 
000e8bb0:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl 
000e8bc0:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a 
000e8bd0:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount" 
000e8be0:·2920·7c20·6c69·7374·270a·2020·2d20·2722··)·|·list'.··-·'" 
000e8bf0:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in 
000e8c00:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
000e8c10:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans000e8ba0:·3a0a·2020·2d20·2722·6772·7562·322d·636f··:.··-·'"grub2-co
 000e8bb0:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible
 000e8bc0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 000e8bd0:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi
 000e8be0:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible
 000e8bf0:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at
 000e8c00:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount")
 000e8c10:·207c·206c·6973·7427·0a20·202d·2061·6e73···|·list'.··-·ans
000e8c20:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat000e8c20:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
000e8c30:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·000e8c30:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
000e8c40:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"000e8c40:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
000e8c50:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod000e8c50:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
000e8c60:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container000e8c60:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
000e8c70:·225d·0a20·202d·2066·696c·655f·6578·6973··"].··-·file_exis000e8c70:·225d·0a20·202d·2066·696c·655f·6578·6973··"].··-·file_exis
000e8c80:·7473·2e73·7461·7420·6973·2064·6566·696e··ts.stat·is·defin000e8c80:·7473·2e73·7461·7420·6973·2064·6566·696e··ts.stat·is·defin
Offset 59637, 19 lines modifiedOffset 59637, 19 lines modified
000e8f40:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str000e8f40:·3c2f·7472·3e3c·7472·3e3c·7468·3e53·7472··</tr><tr><th>Str
000e8f50:·6174·6567·793a·3c2f·7468·3e3c·7464·3e63··ategy:</th><td>c000e8f50:·6174·6567·793a·3c2f·7468·3e3c·7464·3e63··ategy:</th><td>c
000e8f60:·6f6e·6669·6775·7265·3c2f·7464·3e3c·2f74··onfigure</td></t000e8f60:·6f6e·6669·6775·7265·3c2f·7464·3e3c·2f74··onfigure</td></t
000e8f70:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><000e8f70:·723e·3c2f·7461·626c·653e·3c70·7265·3e3c··r></table><pre><
000e8f80:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati000e8f80:·636f·6465·3e23·2052·656d·6564·6961·7469··code>#·Remediati
000e8f90:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable000e8f90:·6f6e·2069·7320·6170·706c·6963·6162·6c65··on·is·applicable
000e8fa0:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain000e8fa0:·206f·6e6c·7920·696e·2063·6572·7461·696e···only·in·certain
000e8fb0:·2070·6c61·7466·6f72·6d73·0a69·6620·5b20···platforms.if·[·000e8fb0:·2070·6c61·7466·6f72·6d73·0a69·6620·7270···platforms.if·rp
000e8fc0:·2120·2d66·202f·7379·732f·6669·726d·7761··!·-f·/sys/firmwa 
000e8fd0:·7265·2f65·6669·205d·2026·616d·703b·2661··re/efi·]·&amp;&a 
000e8fe0:·6d70·3b20·7270·6d20·2d2d·7175·6965·7420··mp;·rpm·--quiet· 
000e8ff0:·2d71·2067·7275·6232·2d63·6f6d·6d6f·6e20··-q·grub2-common·000e8fc0:·6d20·2d2d·7175·6965·7420·2d71·2067·7275··m·--quiet·-q·gru
 000e8fd0:·6232·2d63·6f6d·6d6f·6e20·2661·6d70·3b26··b2-common·&amp;&
 000e8fe0:·616d·703b·205b·2021·202d·6620·2f73·7973··amp;·[·!·-f·/sys
 000e8ff0:·2f66·6972·6d77·6172·652f·6566·6920·5d20··/firmware/efi·]·
000e9000:·2661·6d70·3b26·616d·703b·207b·205b·2021··&amp;&amp;·{·[·!000e9000:·2661·6d70·3b26·616d·703b·207b·205b·2021··&amp;&amp;·{·[·!
000e9010:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·000e9010:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·
000e9020:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!000e9020:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!
000e9030:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai000e9030:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai
000e9040:·6e65·7265·6e76·205d·3b20·7d3b·2074·6865··nerenv·];·};·the000e9040:·6e65·7265·6e76·205d·3b20·7d3b·2074·6865··nerenv·];·};·the
000e9050:·6e0a·0a63·6867·7270·2030·202f·626f·6f74··n..chgrp·0·/boot000e9050:·6e0a·0a63·6867·7270·2030·202f·626f·6f74··n..chgrp·0·/boot
000e9060:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.000e9060:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.
Offset 60140, 21 lines modifiedOffset 60140, 21 lines modified
000eaeb0:·2066·6f72·2065·7869·7374·656e·6365·202f···for·existence·/000eaeb0:·2066·6f72·2065·7869·7374·656e·6365·202f···for·existence·/
000eaec0:·626f·6f74·2f67·7275·6232·2f75·7365·722e··boot/grub2/user.000eaec0:·626f·6f74·2f67·7275·6232·2f75·7365·722e··boot/grub2/user.
000eaed0:·6366·670a·2020·7374·6174·3a0a·2020·2020··cfg.··stat:.····000eaed0:·6366·670a·2020·7374·6174·3a0a·2020·2020··cfg.··stat:.····
000eaee0:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub000eaee0:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub
000eaef0:·322f·7573·6572·2e63·6667·0a20·2072·6567··2/user.cfg.··reg000eaef0:·322f·7573·6572·2e63·6667·0a20·2072·6567··2/user.cfg.··reg
000eaf00:·6973·7465·723a·2066·696c·655f·6578·6973··ister:·file_exis000eaf00:·6973·7465·723a·2066·696c·655f·6578·6973··ister:·file_exis
000eaf10:·7473·0a20·2077·6865·6e3a·0a20·202d·2027··ts.··when:.··-·'000eaf10:·7473·0a20·2077·6865·6e3a·0a20·202d·2027··ts.··when:.··-·'
000eaf20:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not· 
000eaf30:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount 
000eaf40:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut 
000eaf50:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis 
000eaf60:·7427·0a20·202d·2027·2267·7275·6232·2d63··t'.··-·'"grub2-c 
000eaf70:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl 
000eaf80:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages000eaf20:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i
 000eaf30:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
 000eaf40:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'"
 000eaf50:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i
 000eaf60:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts
 000eaf70:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute
 000eaf80:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list
000eaf90:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi000eaf90:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
000eafa0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ000eafa0:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
000eafb0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke000eafb0:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
000eafc0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open000eafc0:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
000eafd0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"000eafd0:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
000eafe0:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta000eafe0:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta
000eaff0:·6773·3a0a·2020·2d20·434a·4953·2d35·2e35··gs:.··-·CJIS-5.5000eaff0:·6773·3a0a·2020·2d20·434a·4953·2d35·2e35··gs:.··-·CJIS-5.5
Offset 60175, 22 lines modifiedOffset 60175, 22 lines modified
000eb0e0:·6564·0a0a·2d20·6e61·6d65·3a20·456e·7375··ed..-·name:·Ensu000eb0e0:·6564·0a0a·2d20·6e61·6d65·3a20·456e·7375··ed..-·name:·Ensu
000eb0f0:·7265·2067·726f·7570·206f·776e·6572·2030··re·group·owner·0000eb0f0:·7265·2067·726f·7570·206f·776e·6572·2030··re·group·owner·0
000eb100:·206f·6e20·2f62·6f6f·742f·6772·7562·322f···on·/boot/grub2/000eb100:·206f·6e20·2f62·6f6f·742f·6772·7562·322f···on·/boot/grub2/
000eb110:·7573·6572·2e63·6667·0a20·2066·696c·653a··user.cfg.··file:000eb110:·7573·6572·2e63·6667·0a20·2066·696c·653a··user.cfg.··file:
000eb120:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot000eb120:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot
000eb130:·2f67·7275·6232·2f75·7365·722e·6366·670a··/grub2/user.cfg.000eb130:·2f67·7275·6232·2f75·7365·722e·6366·670a··/grub2/user.cfg.
000eb140:·2020·2020·6772·6f75·703a·2027·3027·0a20······group:·'0'.·000eb140:·2020·2020·6772·6f75·703a·2027·3027·0a20······group:·'0'.·
000eb150:·2077·6865·6e3a·0a20·202d·2027·222f·626f···when:.··-·'"/bo000eb150:·2077·6865·6e3a·0a20·202d·2027·2267·7275···when:.··-·'"gru
000eb160:·6f74·2f65·6669·2220·6e6f·7420·696e·2061··ot/efi"·not·in·a 
000eb170:·6e73·6962·6c65·5f6d·6f75·6e74·7320·7c20··nsible_mounts·|· 
000eb180:·6d61·7028·6174·7472·6962·7574·653d·226d··map(attribute="m 
000eb190:·6f75·6e74·2229·207c·206c·6973·7427·0a20··ount")·|·list'.· 
000eb1a0:·202d·2027·2267·7275·6232·2d63·6f6d·6d6f···-·'"grub2-commo 
000eb1b0:·6e22·2069·6e20·616e·7369·626c·655f·6661··n"·in·ansible_fa 
000eb1c0:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··000eb160:·6232·2d63·6f6d·6d6f·6e22·2069·6e20·616e··b2-common"·in·an
 000eb170:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
 000eb180:·6167·6573·270a·2020·2d20·2722·2f62·6f6f··ages'.··-·'"/boo
Max diff block lines reached; 60008/69522 bytes (86.32%) of diff not shown.
21.9 KB
html2text {}
    
Offset 8118, 16 lines modifiedOffset 8118, 16 lines modified
8118 ··-·no_reboot_needed8118 ··-·no_reboot_needed
  
8119 -·name:·Test·for·existence·/boot/grub2/grub.cfg8119 -·name:·Test·for·existence·/boot/grub2/grub.cfg
8120 ··stat:8120 ··stat:
8121 ····path:·/boot/grub2/grub.cfg8121 ····path:·/boot/grub2/grub.cfg
8122 ··register:·file_exists8122 ··register:·file_exists
8123 ··when:8123 ··when:
8124 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8125 ··-·'"grub2-common"·in·ansible_facts.packages'8124 ··-·'"grub2-common"·in·ansible_facts.packages'
 8125 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
8126 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8126 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8127 ··tags:8127 ··tags:
8128 ··-·CJIS-5.5.2.28128 ··-·CJIS-5.5.2.2
8129 ··-·NIST-800-171-3.4.58129 ··-·NIST-800-171-3.4.5
8130 ··-·NIST-800-53-AC-6(1)8130 ··-·NIST-800-53-AC-6(1)
8131 ··-·NIST-800-53-CM-6(a)8131 ··-·NIST-800-53-CM-6(a)
8132 ··-·PCI-DSS-Req-7.18132 ··-·PCI-DSS-Req-7.1
Offset 8139, 16 lines modifiedOffset 8139, 16 lines modified
8139 ··-·no_reboot_needed8139 ··-·no_reboot_needed
  
8140 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg8140 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
8141 ··file:8141 ··file:
8142 ····path:·/boot/grub2/grub.cfg8142 ····path:·/boot/grub2/grub.cfg
8143 ····group:·'0'8143 ····group:·'0'
8144 ··when:8144 ··when:
8145 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8146 ··-·'"grub2-common"·in·ansible_facts.packages'8145 ··-·'"grub2-common"·in·ansible_facts.packages'
 8146 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
8147 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8147 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8148 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists8148 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
8149 ··tags:8149 ··tags:
8150 ··-·CJIS-5.5.2.28150 ··-·CJIS-5.5.2.2
8151 ··-·NIST-800-171-3.4.58151 ··-·NIST-800-171-3.4.5
8152 ··-·NIST-800-53-AC-6(1)8152 ··-·NIST-800-53-AC-6(1)
8153 ··-·NIST-800-53-CM-6(a)8153 ··-·NIST-800-53-CM-6(a)
Offset 8160, 15 lines modifiedOffset 8160, 15 lines modified
8160 ··-·medium_severity8160 ··-·medium_severity
8161 ··-·no_reboot_needed8161 ··-·no_reboot_needed
8162 Remediation_Shell_script_⇲8162 Remediation_Shell_script_⇲
8163 Complexity:·low8163 Complexity:·low
8164 Disruption:·low8164 Disruption:·low
8165 Strategy:···configure8165 Strategy:···configure
8166 #·Remediation·is·applicable·only·in·certain·platforms8166 #·Remediation·is·applicable·only·in·certain·platforms
8167 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then8167 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
8168 chgrp·0·/boot/grub2/grub.cfg8168 chgrp·0·/boot/grub2/grub.cfg
  
8169 else8169 else
8170 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'8170 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
8171 fi8171 fi
8172 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***8172 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***
Offset 8199, 16 lines modifiedOffset 8199, 16 lines modified
8199 ··-·no_reboot_needed8199 ··-·no_reboot_needed
  
8200 -·name:·Test·for·existence·/boot/grub2/user.cfg8200 -·name:·Test·for·existence·/boot/grub2/user.cfg
8201 ··stat:8201 ··stat:
8202 ····path:·/boot/grub2/user.cfg8202 ····path:·/boot/grub2/user.cfg
8203 ··register:·file_exists8203 ··register:·file_exists
8204 ··when:8204 ··when:
8205 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8206 ··-·'"grub2-common"·in·ansible_facts.packages'8205 ··-·'"grub2-common"·in·ansible_facts.packages'
 8206 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
8207 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8207 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8208 ··tags:8208 ··tags:
8209 ··-·CJIS-5.5.2.28209 ··-·CJIS-5.5.2.2
8210 ··-·NIST-800-171-3.4.58210 ··-·NIST-800-171-3.4.5
8211 ··-·NIST-800-53-AC-6(1)8211 ··-·NIST-800-53-AC-6(1)
8212 ··-·NIST-800-53-CM-6(a)8212 ··-·NIST-800-53-CM-6(a)
8213 ··-·PCI-DSS-Req-7.18213 ··-·PCI-DSS-Req-7.1
Offset 8220, 16 lines modifiedOffset 8220, 16 lines modified
8220 ··-·no_reboot_needed8220 ··-·no_reboot_needed
  
8221 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg8221 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
8222 ··file:8222 ··file:
8223 ····path:·/boot/grub2/user.cfg8223 ····path:·/boot/grub2/user.cfg
8224 ····group:·'0'8224 ····group:·'0'
8225 ··when:8225 ··when:
8226 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8227 ··-·'"grub2-common"·in·ansible_facts.packages'8226 ··-·'"grub2-common"·in·ansible_facts.packages'
 8227 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
8228 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8228 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8229 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists8229 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
8230 ··tags:8230 ··tags:
8231 ··-·CJIS-5.5.2.28231 ··-·CJIS-5.5.2.2
8232 ··-·NIST-800-171-3.4.58232 ··-·NIST-800-171-3.4.5
8233 ··-·NIST-800-53-AC-6(1)8233 ··-·NIST-800-53-AC-6(1)
8234 ··-·NIST-800-53-CM-6(a)8234 ··-·NIST-800-53-CM-6(a)
Offset 8241, 15 lines modifiedOffset 8241, 15 lines modified
8241 ··-·medium_severity8241 ··-·medium_severity
8242 ··-·no_reboot_needed8242 ··-·no_reboot_needed
8243 Remediation_Shell_script_⇲8243 Remediation_Shell_script_⇲
8244 Complexity:·low8244 Complexity:·low
8245 Disruption:·low8245 Disruption:·low
8246 Strategy:···configure8246 Strategy:···configure
8247 #·Remediation·is·applicable·only·in·certain·platforms8247 #·Remediation·is·applicable·only·in·certain·platforms
8248 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then8248 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
8249 chgrp·0·/boot/grub2/user.cfg8249 chgrp·0·/boot/grub2/user.cfg
  
8250 else8250 else
8251 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'8251 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
8252 fi8252 fi
8253 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***8253 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 8280, 16 lines modifiedOffset 8280, 16 lines modified
8280 ··-·no_reboot_needed8280 ··-·no_reboot_needed
  
8281 -·name:·Test·for·existence·/boot/grub2/grub.cfg8281 -·name:·Test·for·existence·/boot/grub2/grub.cfg
8282 ··stat:8282 ··stat:
8283 ····path:·/boot/grub2/grub.cfg8283 ····path:·/boot/grub2/grub.cfg
8284 ··register:·file_exists8284 ··register:·file_exists
8285 ··when:8285 ··when:
8286 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8287 ··-·'"grub2-common"·in·ansible_facts.packages'8286 ··-·'"grub2-common"·in·ansible_facts.packages'
 8287 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
8288 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8288 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8289 ··tags:8289 ··tags:
8290 ··-·CJIS-5.5.2.28290 ··-·CJIS-5.5.2.2
8291 ··-·NIST-800-171-3.4.58291 ··-·NIST-800-171-3.4.5
8292 ··-·NIST-800-53-AC-6(1)8292 ··-·NIST-800-53-AC-6(1)
8293 ··-·NIST-800-53-CM-6(a)8293 ··-·NIST-800-53-CM-6(a)
8294 ··-·PCI-DSS-Req-7.18294 ··-·PCI-DSS-Req-7.1
Offset 8301, 16 lines modifiedOffset 8301, 16 lines modified
8301 ··-·no_reboot_needed8301 ··-·no_reboot_needed
  
8302 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg8302 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
8303 ··file:8303 ··file:
8304 ····path:·/boot/grub2/grub.cfg8304 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 18013/22410 bytes (80.38%) of diff not shown.
90.2 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-cis_workstation_l1.html
    
Offset 59532, 22 lines modifiedOffset 59532, 22 lines modified
000e88b0:·206e·616d·653a·2054·6573·7420·666f·7220···name:·Test·for·000e88b0:·206e·616d·653a·2054·6573·7420·666f·7220···name:·Test·for·
000e88c0:·6578·6973·7465·6e63·6520·2f62·6f6f·742f··existence·/boot/000e88c0:·6578·6973·7465·6e63·6520·2f62·6f6f·742f··existence·/boot/
000e88d0:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·000e88d0:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·
000e88e0:·2073·7461·743a·0a20·2020·2070·6174·683a···stat:.····path:000e88e0:·2073·7461·743a·0a20·2020·2070·6174·683a···stat:.····path:
000e88f0:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru000e88f0:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
000e8900:·622e·6366·670a·2020·7265·6769·7374·6572··b.cfg.··register000e8900:·622e·6366·670a·2020·7265·6769·7374·6572··b.cfg.··register
000e8910:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··000e8910:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··
000e8920:·7768·656e·3a0a·2020·2d20·2722·2f62·6f6f··when:.··-·'"/boo000e8920:·7768·656e·3a0a·2020·2d20·2722·6772·7562··when:.··-·'"grub
000e8930:·742f·6566·6922·206e·6f74·2069·6e20·616e··t/efi"·not·in·an 
000e8940:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m 
000e8950:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo 
000e8960:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.·· 
000e8970:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common 
000e8980:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
000e8990:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-000e8930:·322d·636f·6d6d·6f6e·2220·696e·2061·6e73··2-common"·in·ans
 000e8940:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
 000e8950:·6765·7327·0a20·202d·2027·222f·626f·6f74··ges'.··-·'"/boot
 000e8960:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans
 000e8970:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma
 000e8980:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou
 000e8990:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··-
000e89a0:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual000e89a0:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
000e89b0:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not000e89b0:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
000e89c0:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"000e89c0:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
000e89d0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·000e89d0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
000e89e0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta000e89e0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
000e89f0:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·000e89f0:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·
000e8a00:·202d·2043·4a49·532d·352e·352e·322e·320a···-·CJIS-5.5.2.2.000e8a00:·202d·2043·4a49·532d·352e·352e·322e·320a···-·CJIS-5.5.2.2.
Offset 59568, 22 lines modifiedOffset 59568, 22 lines modified
000e8af0:·2d20·6e61·6d65·3a20·456e·7375·7265·2067··-·name:·Ensure·g000e8af0:·2d20·6e61·6d65·3a20·456e·7375·7265·2067··-·name:·Ensure·g
000e8b00:·726f·7570·206f·776e·6572·2030·206f·6e20··roup·owner·0·on·000e8b00:·726f·7570·206f·776e·6572·2030·206f·6e20··roup·owner·0·on·
000e8b10:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub000e8b10:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
000e8b20:·2e63·6667·0a20·2066·696c·653a·0a20·2020··.cfg.··file:.···000e8b20:·2e63·6667·0a20·2066·696c·653a·0a20·2020··.cfg.··file:.···
000e8b30:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru000e8b30:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru
000e8b40:·6232·2f67·7275·622e·6366·670a·2020·2020··b2/grub.cfg.····000e8b40:·6232·2f67·7275·622e·6366·670a·2020·2020··b2/grub.cfg.····
000e8b50:·6772·6f75·703a·2027·3027·0a20·2077·6865··group:·'0'.··whe000e8b50:·6772·6f75·703a·2027·3027·0a20·2077·6865··group:·'0'.··whe
000e8b60:·6e3a·0a20·202d·2027·222f·626f·6f74·2f65··n:.··-·'"/boot/e000e8b60:·6e3a·0a20·202d·2027·2267·7275·6232·2d63··n:.··-·'"grub2-c
000e8b70:·6669·2220·6e6f·7420·696e·2061·6e73·6962··fi"·not·in·ansib 
000e8b80:·6c65·5f6d·6f75·6e74·7320·7c20·6d61·7028··le_mounts·|·map( 
000e8b90:·6174·7472·6962·7574·653d·226d·6f75·6e74··attribute="mount 
000e8ba0:·2229·207c·206c·6973·7427·0a20·202d·2027··")·|·list'.··-·' 
000e8bb0:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i 
000e8bc0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts. 
000e8bd0:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an000e8b70:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl
 000e8b80:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
 000e8b90:·270a·2020·2d20·2722·2f62·6f6f·742f·6566··'.··-·'"/boot/ef
 000e8ba0:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl
 000e8bb0:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a
 000e8bc0:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount"
 000e8bd0:·2920·7c20·6c69·7374·270a·2020·2d20·616e··)·|·list'.··-·an
000e8be0:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza000e8be0:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
000e8bf0:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in000e8bf0:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
000e8c00:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc000e8c00:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
000e8c10:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po000e8c10:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
000e8c20:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe000e8c20:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
000e8c30:·7222·5d0a·2020·2d20·6669·6c65·5f65·7869··r"].··-·file_exi000e8c30:·7222·5d0a·2020·2d20·6669·6c65·5f65·7869··r"].··-·file_exi
000e8c40:·7374·732e·7374·6174·2069·7320·6465·6669··sts.stat·is·defi000e8c40:·7374·732e·7374·6174·2069·7320·6465·6669··sts.stat·is·defi
Offset 59633, 19 lines modifiedOffset 59633, 19 lines modified
000e8f00:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St000e8f00:·3e3c·2f74·723e·3c74·723e·3c74·683e·5374··></tr><tr><th>St
000e8f10:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>000e8f10:·7261·7465·6779·3a3c·2f74·683e·3c74·643e··rategy:</th><td>
000e8f20:·636f·6e66·6967·7572·653c·2f74·643e·3c2f··configure</td></000e8f20:·636f·6e66·6967·7572·653c·2f74·643e·3c2f··configure</td></
000e8f30:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>000e8f30:·7472·3e3c·2f74·6162·6c65·3e3c·7072·653e··tr></table><pre>
000e8f40:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat000e8f40:·3c63·6f64·653e·2320·5265·6d65·6469·6174··<code>#·Remediat
000e8f50:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl000e8f50:·696f·6e20·6973·2061·7070·6c69·6361·626c··ion·is·applicabl
000e8f60:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai000e8f60:·6520·6f6e·6c79·2069·6e20·6365·7274·6169··e·only·in·certai
000e8f70:·6e20·706c·6174·666f·726d·730a·6966·205b··n·platforms.if·[000e8f70:·6e20·706c·6174·666f·726d·730a·6966·2072··n·platforms.if·r
000e8f80:·2021·202d·6620·2f73·7973·2f66·6972·6d77···!·-f·/sys/firmw 
000e8f90:·6172·652f·6566·6920·5d20·2661·6d70·3b26··are/efi·]·&amp;& 
000e8fa0:·616d·703b·2072·706d·202d·2d71·7569·6574··amp;·rpm·--quiet 
000e8fb0:·202d·7120·6772·7562·322d·636f·6d6d·6f6e···-q·grub2-common000e8f80:·706d·202d·2d71·7569·6574·202d·7120·6772··pm·--quiet·-q·gr
 000e8f90:·7562·322d·636f·6d6d·6f6e·2026·616d·703b··ub2-common·&amp;
 000e8fa0:·2661·6d70·3b20·5b20·2120·2d66·202f·7379··&amp;·[·!·-f·/sy
 000e8fb0:·732f·6669·726d·7761·7265·2f65·6669·205d··s/firmware/efi·]
000e8fc0:·2026·616d·703b·2661·6d70·3b20·7b20·5b20···&amp;&amp;·{·[·000e8fc0:·2026·616d·703b·2661·6d70·3b20·7b20·5b20···&amp;&amp;·{·[·
000e8fd0:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv000e8fd0:·2120·2d66·202f·2e64·6f63·6b65·7265·6e76··!·-f·/.dockerenv
000e8fe0:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·000e8fe0:·205d·2026·616d·703b·2661·6d70·3b20·5b20···]·&amp;&amp;·[·
000e8ff0:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta000e8ff0:·2120·2d66·202f·7275·6e2f·2e63·6f6e·7461··!·-f·/run/.conta
000e9000:·696e·6572·656e·7620·5d3b·207d·3b20·7468··inerenv·];·};·th000e9000:·696e·6572·656e·7620·5d3b·207d·3b20·7468··inerenv·];·};·th
000e9010:·656e·0a0a·6368·6772·7020·3020·2f62·6f6f··en..chgrp·0·/boo000e9010:·656e·0a0a·6368·6772·7020·3020·2f62·6f6f··en..chgrp·0·/boo
000e9020:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg000e9020:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg
Offset 60136, 22 lines modifiedOffset 60136, 22 lines modified
000eae70:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·000eae70:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·
000eae80:·2f62·6f6f·742f·6772·7562·322f·7573·6572··/boot/grub2/user000eae80:·2f62·6f6f·742f·6772·7562·322f·7573·6572··/boot/grub2/user
000eae90:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···000eae90:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···
000eaea0:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru000eaea0:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru
000eaeb0:·6232·2f75·7365·722e·6366·670a·2020·7265··b2/user.cfg.··re000eaeb0:·6232·2f75·7365·722e·6366·670a·2020·7265··b2/user.cfg.··re
000eaec0:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi000eaec0:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi
000eaed0:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·000eaed0:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·
000eaee0:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not 
000eaef0:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun 
000eaf00:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu 
000eaf10:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li 
000eaf20:·7374·270a·2020·2d20·2722·6772·7562·322d··st'.··-·'"grub2- 
000eaf30:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib 
000eaf40:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package000eaee0:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"·
 000eaef0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 000eaf00:·2e70·6163·6b61·6765·7327·0a20·202d·2027··.packages'.··-·'
 000eaf10:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not·
 000eaf20:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount
 000eaf30:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut
 000eaf40:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis
000eaf50:·7327·0a20·202d·2061·6e73·6962·6c65·5f76··s'.··-·ansible_v000eaf50:·7427·0a20·202d·2061·6e73·6962·6c65·5f76··t'.··-·ansible_v
000eaf60:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty000eaf60:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
000eaf70:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock000eaf70:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
000eaf80:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope000eaf80:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
000eaf90:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·000eaf90:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
000eafa0:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t000eafa0:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t
000eafb0:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.000eafb0:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.
000eafc0:·352e·322e·320a·2020·2d20·4e49·5354·2d38··5.2.2.··-·NIST-8000eafc0:·352e·322e·320a·2020·2d20·4e49·5354·2d38··5.2.2.··-·NIST-8
Offset 60171, 22 lines modifiedOffset 60171, 22 lines modified
000eb0a0:·6465·640a·0a2d·206e·616d·653a·2045·6e73··ded..-·name:·Ens000eb0a0:·6465·640a·0a2d·206e·616d·653a·2045·6e73··ded..-·name:·Ens
000eb0b0:·7572·6520·6772·6f75·7020·6f77·6e65·7220··ure·group·owner·000eb0b0:·7572·6520·6772·6f75·7020·6f77·6e65·7220··ure·group·owner·
000eb0c0:·3020·6f6e·202f·626f·6f74·2f67·7275·6232··0·on·/boot/grub2000eb0c0:·3020·6f6e·202f·626f·6f74·2f67·7275·6232··0·on·/boot/grub2
000eb0d0:·2f75·7365·722e·6366·670a·2020·6669·6c65··/user.cfg.··file000eb0d0:·2f75·7365·722e·6366·670a·2020·6669·6c65··/user.cfg.··file
000eb0e0:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo000eb0e0:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo
000eb0f0:·742f·6772·7562·322f·7573·6572·2e63·6667··t/grub2/user.cfg000eb0f0:·742f·6772·7562·322f·7573·6572·2e63·6667··t/grub2/user.cfg
000eb100:·0a20·2020·2067·726f·7570·3a20·2730·270a··.····group:·'0'.000eb100:·0a20·2020·2067·726f·7570·3a20·2730·270a··.····group:·'0'.
000eb110:·2020·7768·656e·3a0a·2020·2d20·2722·2f62····when:.··-·'"/b000eb110:·2020·7768·656e·3a0a·2020·2d20·2722·6772····when:.··-·'"gr
000eb120:·6f6f·742f·6566·6922·206e·6f74·2069·6e20··oot/efi"·not·in· 
000eb130:·616e·7369·626c·655f·6d6f·756e·7473·207c··ansible_mounts·| 
000eb140:·206d·6170·2861·7474·7269·6275·7465·3d22···map(attribute=" 
000eb150:·6d6f·756e·7422·2920·7c20·6c69·7374·270a··mount")·|·list'. 
000eb160:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm 
000eb170:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f 
000eb180:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·000eb120:·7562·322d·636f·6d6d·6f6e·2220·696e·2061··ub2-common"·in·a
 000eb130:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
 000eb140:·6b61·6765·7327·0a20·202d·2027·222f·626f··kages'.··-·'"/bo
Max diff block lines reached; 60146/69798 bytes (86.17%) of diff not shown.
21.9 KB
html2text {}
    
Offset 8118, 16 lines modifiedOffset 8118, 16 lines modified
8118 ··-·no_reboot_needed8118 ··-·no_reboot_needed
  
8119 -·name:·Test·for·existence·/boot/grub2/grub.cfg8119 -·name:·Test·for·existence·/boot/grub2/grub.cfg
8120 ··stat:8120 ··stat:
8121 ····path:·/boot/grub2/grub.cfg8121 ····path:·/boot/grub2/grub.cfg
8122 ··register:·file_exists8122 ··register:·file_exists
8123 ··when:8123 ··when:
8124 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8125 ··-·'"grub2-common"·in·ansible_facts.packages'8124 ··-·'"grub2-common"·in·ansible_facts.packages'
 8125 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
8126 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8126 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8127 ··tags:8127 ··tags:
8128 ··-·CJIS-5.5.2.28128 ··-·CJIS-5.5.2.2
8129 ··-·NIST-800-171-3.4.58129 ··-·NIST-800-171-3.4.5
8130 ··-·NIST-800-53-AC-6(1)8130 ··-·NIST-800-53-AC-6(1)
8131 ··-·NIST-800-53-CM-6(a)8131 ··-·NIST-800-53-CM-6(a)
8132 ··-·PCI-DSS-Req-7.18132 ··-·PCI-DSS-Req-7.1
Offset 8139, 16 lines modifiedOffset 8139, 16 lines modified
8139 ··-·no_reboot_needed8139 ··-·no_reboot_needed
  
8140 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg8140 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
8141 ··file:8141 ··file:
8142 ····path:·/boot/grub2/grub.cfg8142 ····path:·/boot/grub2/grub.cfg
8143 ····group:·'0'8143 ····group:·'0'
8144 ··when:8144 ··when:
8145 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8146 ··-·'"grub2-common"·in·ansible_facts.packages'8145 ··-·'"grub2-common"·in·ansible_facts.packages'
 8146 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
8147 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8147 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8148 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists8148 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
8149 ··tags:8149 ··tags:
8150 ··-·CJIS-5.5.2.28150 ··-·CJIS-5.5.2.2
8151 ··-·NIST-800-171-3.4.58151 ··-·NIST-800-171-3.4.5
8152 ··-·NIST-800-53-AC-6(1)8152 ··-·NIST-800-53-AC-6(1)
8153 ··-·NIST-800-53-CM-6(a)8153 ··-·NIST-800-53-CM-6(a)
Offset 8160, 15 lines modifiedOffset 8160, 15 lines modified
8160 ··-·medium_severity8160 ··-·medium_severity
8161 ··-·no_reboot_needed8161 ··-·no_reboot_needed
8162 Remediation_Shell_script_⇲8162 Remediation_Shell_script_⇲
8163 Complexity:·low8163 Complexity:·low
8164 Disruption:·low8164 Disruption:·low
8165 Strategy:···configure8165 Strategy:···configure
8166 #·Remediation·is·applicable·only·in·certain·platforms8166 #·Remediation·is·applicable·only·in·certain·platforms
8167 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then8167 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
8168 chgrp·0·/boot/grub2/grub.cfg8168 chgrp·0·/boot/grub2/grub.cfg
  
8169 else8169 else
8170 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'8170 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
8171 fi8171 fi
8172 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***8172 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***
Offset 8199, 16 lines modifiedOffset 8199, 16 lines modified
8199 ··-·no_reboot_needed8199 ··-·no_reboot_needed
  
8200 -·name:·Test·for·existence·/boot/grub2/user.cfg8200 -·name:·Test·for·existence·/boot/grub2/user.cfg
8201 ··stat:8201 ··stat:
8202 ····path:·/boot/grub2/user.cfg8202 ····path:·/boot/grub2/user.cfg
8203 ··register:·file_exists8203 ··register:·file_exists
8204 ··when:8204 ··when:
8205 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8206 ··-·'"grub2-common"·in·ansible_facts.packages'8205 ··-·'"grub2-common"·in·ansible_facts.packages'
 8206 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
8207 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8207 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8208 ··tags:8208 ··tags:
8209 ··-·CJIS-5.5.2.28209 ··-·CJIS-5.5.2.2
8210 ··-·NIST-800-171-3.4.58210 ··-·NIST-800-171-3.4.5
8211 ··-·NIST-800-53-AC-6(1)8211 ··-·NIST-800-53-AC-6(1)
8212 ··-·NIST-800-53-CM-6(a)8212 ··-·NIST-800-53-CM-6(a)
8213 ··-·PCI-DSS-Req-7.18213 ··-·PCI-DSS-Req-7.1
Offset 8220, 16 lines modifiedOffset 8220, 16 lines modified
8220 ··-·no_reboot_needed8220 ··-·no_reboot_needed
  
8221 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg8221 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
8222 ··file:8222 ··file:
8223 ····path:·/boot/grub2/user.cfg8223 ····path:·/boot/grub2/user.cfg
8224 ····group:·'0'8224 ····group:·'0'
8225 ··when:8225 ··when:
8226 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8227 ··-·'"grub2-common"·in·ansible_facts.packages'8226 ··-·'"grub2-common"·in·ansible_facts.packages'
 8227 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
8228 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8228 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8229 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists8229 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
8230 ··tags:8230 ··tags:
8231 ··-·CJIS-5.5.2.28231 ··-·CJIS-5.5.2.2
8232 ··-·NIST-800-171-3.4.58232 ··-·NIST-800-171-3.4.5
8233 ··-·NIST-800-53-AC-6(1)8233 ··-·NIST-800-53-AC-6(1)
8234 ··-·NIST-800-53-CM-6(a)8234 ··-·NIST-800-53-CM-6(a)
Offset 8241, 15 lines modifiedOffset 8241, 15 lines modified
8241 ··-·medium_severity8241 ··-·medium_severity
8242 ··-·no_reboot_needed8242 ··-·no_reboot_needed
8243 Remediation_Shell_script_⇲8243 Remediation_Shell_script_⇲
8244 Complexity:·low8244 Complexity:·low
8245 Disruption:·low8245 Disruption:·low
8246 Strategy:···configure8246 Strategy:···configure
8247 #·Remediation·is·applicable·only·in·certain·platforms8247 #·Remediation·is·applicable·only·in·certain·platforms
8248 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then8248 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
8249 chgrp·0·/boot/grub2/user.cfg8249 chgrp·0·/boot/grub2/user.cfg
  
8250 else8250 else
8251 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'8251 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
8252 fi8252 fi
8253 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***8253 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 8280, 16 lines modifiedOffset 8280, 16 lines modified
8280 ··-·no_reboot_needed8280 ··-·no_reboot_needed
  
8281 -·name:·Test·for·existence·/boot/grub2/grub.cfg8281 -·name:·Test·for·existence·/boot/grub2/grub.cfg
8282 ··stat:8282 ··stat:
8283 ····path:·/boot/grub2/grub.cfg8283 ····path:·/boot/grub2/grub.cfg
8284 ··register:·file_exists8284 ··register:·file_exists
8285 ··when:8285 ··when:
8286 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8287 ··-·'"grub2-common"·in·ansible_facts.packages'8286 ··-·'"grub2-common"·in·ansible_facts.packages'
 8287 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
8288 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8288 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8289 ··tags:8289 ··tags:
8290 ··-·CJIS-5.5.2.28290 ··-·CJIS-5.5.2.2
8291 ··-·NIST-800-171-3.4.58291 ··-·NIST-800-171-3.4.5
8292 ··-·NIST-800-53-AC-6(1)8292 ··-·NIST-800-53-AC-6(1)
8293 ··-·NIST-800-53-CM-6(a)8293 ··-·NIST-800-53-CM-6(a)
8294 ··-·PCI-DSS-Req-7.18294 ··-·PCI-DSS-Req-7.1
Offset 8301, 16 lines modifiedOffset 8301, 16 lines modified
8301 ··-·no_reboot_needed8301 ··-·no_reboot_needed
  
8302 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg8302 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
8303 ··file:8303 ··file:
8304 ····path:·/boot/grub2/grub.cfg8304 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 18013/22410 bytes (80.38%) of diff not shown.
89.8 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-cis_workstation_l2.html
    
Offset 185602, 22 lines modifiedOffset 185602, 22 lines modified
002d5010:·2054·6573·7420·666f·7220·6578·6973·7465···Test·for·existe002d5010:·2054·6573·7420·666f·7220·6578·6973·7465···Test·for·existe
002d5020:·6e63·6520·2f62·6f6f·742f·6772·7562·322f··nce·/boot/grub2/002d5020:·6e63·6520·2f62·6f6f·742f·6772·7562·322f··nce·/boot/grub2/
002d5030:·6772·7562·2e63·6667·0a20·2073·7461·743a··grub.cfg.··stat:002d5030:·6772·7562·2e63·6667·0a20·2073·7461·743a··grub.cfg.··stat:
002d5040:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot002d5040:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot
002d5050:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.002d5050:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.
002d5060:·2020·7265·6769·7374·6572·3a20·6669·6c65····register:·file002d5060:·2020·7265·6769·7374·6572·3a20·6669·6c65····register:·file
002d5070:·5f65·7869·7374·730a·2020·7768·656e·3a0a··_exists.··when:.002d5070:·5f65·7869·7374·730a·2020·7768·656e·3a0a··_exists.··when:.
002d5080:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi" 
002d5090:·206e·6f74·2069·6e20·616e·7369·626c·655f···not·in·ansible_ 
002d50a0:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att 
002d50b0:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")· 
002d50c0:·7c20·6c69·7374·270a·2020·2d20·2722·6772··|·list'.··-·'"gr 
002d50d0:·7562·322d·636f·6d6d·6f6e·2220·696e·2061··ub2-common"·in·a 
002d50e0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac002d5080:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm
 002d5090:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f
 002d50a0:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
 002d50b0:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"·
 002d50c0:·6e6f·7420·696e·2061·6e73·6962·6c65·5f6d··not·in·ansible_m
 002d50d0:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr
 002d50e0:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·|
002d50f0:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib002d50f0:·206c·6973·7427·0a20·202d·2061·6e73·6962···list'.··-·ansib
002d5100:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio002d5100:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio
002d5110:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["002d5110:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["
002d5120:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·002d5120:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·
002d5130:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma002d5130:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma
002d5140:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]002d5140:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]
002d5150:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI002d5150:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI
002d5160:·532d·352e·352e·322e·320a·2020·2d20·4e49··S-5.5.2.2.··-·NI002d5160:·532d·352e·352e·322e·320a·2020·2d20·4e49··S-5.5.2.2.··-·NI
Offset 185638, 22 lines modifiedOffset 185638, 22 lines modified
002d5250:·3a20·456e·7375·7265·2067·726f·7570·206f··:·Ensure·group·o002d5250:·3a20·456e·7375·7265·2067·726f·7570·206f··:·Ensure·group·o
002d5260:·776e·6572·2030·206f·6e20·2f62·6f6f·742f··wner·0·on·/boot/002d5260:·776e·6572·2030·206f·6e20·2f62·6f6f·742f··wner·0·on·/boot/
002d5270:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·002d5270:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·
002d5280:·2066·696c·653a·0a20·2020·2070·6174·683a···file:.····path:002d5280:·2066·696c·653a·0a20·2020·2070·6174·683a···file:.····path:
002d5290:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru002d5290:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
002d52a0:·622e·6366·670a·2020·2020·6772·6f75·703a··b.cfg.····group:002d52a0:·622e·6366·670a·2020·2020·6772·6f75·703a··b.cfg.····group:
002d52b0:·2027·3027·0a20·2077·6865·6e3a·0a20·202d···'0'.··when:.··-002d52b0:·2027·3027·0a20·2077·6865·6e3a·0a20·202d···'0'.··when:.··-
002d52c0:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no 
002d52d0:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou 
002d52e0:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib 
002d52f0:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l 
002d5300:·6973·7427·0a20·202d·2027·2267·7275·6232··ist'.··-·'"grub2 
002d5310:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi 
002d5320:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag002d52c0:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common"
 002d52d0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 002d52e0:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·
 002d52f0:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not
 002d5300:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun
 002d5310:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu
 002d5320:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li
002d5330:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_002d5330:·7374·270a·2020·2d20·616e·7369·626c·655f··st'.··-·ansible_
002d5340:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t002d5340:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
002d5350:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc002d5350:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
002d5360:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op002d5360:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
002d5370:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",002d5370:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
002d5380:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··002d5380:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
002d5390:·2d20·6669·6c65·5f65·7869·7374·732e·7374··-·file_exists.st002d5390:·2d20·6669·6c65·5f65·7869·7374·732e·7374··-·file_exists.st
002d53a0:·6174·2069·7320·6465·6669·6e65·6420·616e··at·is·defined·an002d53a0:·6174·2069·7320·6465·6669·6e65·6420·616e··at·is·defined·an
Offset 185703, 19 lines modifiedOffset 185703, 19 lines modified
002d5660:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy002d5660:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy
002d5670:·3a3c·2f74·683e·3c74·643e·636f·6e66·6967··:</th><td>config002d5670:·3a3c·2f74·683e·3c74·643e·636f·6e66·6967··:</th><td>config
002d5680:·7572·653c·2f74·643e·3c2f·7472·3e3c·2f74··ure</td></tr></t002d5680:·7572·653c·2f74·643e·3c2f·7472·3e3c·2f74··ure</td></tr></t
002d5690:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>002d5690:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>
002d56a0:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is002d56a0:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is
002d56b0:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only002d56b0:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only
002d56c0:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat002d56c0:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat
002d56d0:·666f·726d·730a·6966·205b·2021·202d·6620··forms.if·[·!·-f·002d56d0:·666f·726d·730a·6966·2072·706d·202d·2d71··forms.if·rpm·--q
002d56e0:·2f73·7973·2f66·6972·6d77·6172·652f·6566··/sys/firmware/ef 
002d56f0:·6920·5d20·2661·6d70·3b26·616d·703b·2072··i·]·&amp;&amp;·r 
002d5700:·706d·202d·2d71·7569·6574·202d·7120·6772··pm·--quiet·-q·gr 
002d5710:·7562·322d·636f·6d6d·6f6e·2026·616d·703b··ub2-common·&amp;002d56e0:·7569·6574·202d·7120·6772·7562·322d·636f··uiet·-q·grub2-co
 002d56f0:·6d6d·6f6e·2026·616d·703b·2661·6d70·3b20··mmon·&amp;&amp;·
 002d5700:·5b20·2120·2d66·202f·7379·732f·6669·726d··[·!·-f·/sys/firm
 002d5710:·7761·7265·2f65·6669·205d·2026·616d·703b··ware/efi·]·&amp;
002d5720:·2661·6d70·3b20·7b20·5b20·2120·2d66·202f··&amp;·{·[·!·-f·/002d5720:·2661·6d70·3b20·7b20·5b20·2120·2d66·202f··&amp;·{·[·!·-f·/
002d5730:·2e64·6f63·6b65·7265·6e76·205d·2026·616d··.dockerenv·]·&am002d5730:·2e64·6f63·6b65·7265·6e76·205d·2026·616d··.dockerenv·]·&am
002d5740:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/002d5740:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/
002d5750:·7275·6e2f·2e63·6f6e·7461·696e·6572·656e··run/.containeren002d5750:·7275·6e2f·2e63·6f6e·7461·696e·6572·656e··run/.containeren
002d5760:·7620·5d3b·207d·3b20·7468·656e·0a0a·6368··v·];·};·then..ch002d5760:·7620·5d3b·207d·3b20·7468·656e·0a0a·6368··v·];·};·then..ch
002d5770:·6772·7020·3020·2f62·6f6f·742f·6772·7562··grp·0·/boot/grub002d5770:·6772·7020·3020·2f62·6f6f·742f·6772·7562··grp·0·/boot/grub
002d5780:·322f·6772·7562·2e63·6667·0a0a·656c·7365··2/grub.cfg..else002d5780:·322f·6772·7562·2e63·6667·0a0a·656c·7365··2/grub.cfg..else
Offset 186205, 22 lines modifiedOffset 186205, 22 lines modified
002d75c0:·206e·616d·653a·2054·6573·7420·666f·7220···name:·Test·for·002d75c0:·206e·616d·653a·2054·6573·7420·666f·7220···name:·Test·for·
002d75d0:·6578·6973·7465·6e63·6520·2f62·6f6f·742f··existence·/boot/002d75d0:·6578·6973·7465·6e63·6520·2f62·6f6f·742f··existence·/boot/
002d75e0:·6772·7562·322f·7573·6572·2e63·6667·0a20··grub2/user.cfg.·002d75e0:·6772·7562·322f·7573·6572·2e63·6667·0a20··grub2/user.cfg.·
002d75f0:·2073·7461·743a·0a20·2020·2070·6174·683a···stat:.····path:002d75f0:·2073·7461·743a·0a20·2020·2070·6174·683a···stat:.····path:
002d7600:·202f·626f·6f74·2f67·7275·6232·2f75·7365···/boot/grub2/use002d7600:·202f·626f·6f74·2f67·7275·6232·2f75·7365···/boot/grub2/use
002d7610:·722e·6366·670a·2020·7265·6769·7374·6572··r.cfg.··register002d7610:·722e·6366·670a·2020·7265·6769·7374·6572··r.cfg.··register
002d7620:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··002d7620:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··
002d7630:·7768·656e·3a0a·2020·2d20·2722·2f62·6f6f··when:.··-·'"/boo002d7630:·7768·656e·3a0a·2020·2d20·2722·6772·7562··when:.··-·'"grub
002d7640:·742f·6566·6922·206e·6f74·2069·6e20·616e··t/efi"·not·in·an 
002d7650:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m 
002d7660:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo 
002d7670:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.·· 
002d7680:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common 
002d7690:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
002d76a0:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-002d7640:·322d·636f·6d6d·6f6e·2220·696e·2061·6e73··2-common"·in·ans
 002d7650:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
 002d7660:·6765·7327·0a20·202d·2027·222f·626f·6f74··ges'.··-·'"/boot
 002d7670:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans
 002d7680:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma
 002d7690:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou
 002d76a0:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··-
002d76b0:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual002d76b0:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
002d76c0:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not002d76c0:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
002d76d0:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"002d76d0:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
002d76e0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·002d76e0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
002d76f0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta002d76f0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
002d7700:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·002d7700:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·
002d7710:·202d·2043·4a49·532d·352e·352e·322e·320a···-·CJIS-5.5.2.2.002d7710:·202d·2043·4a49·532d·352e·352e·322e·320a···-·CJIS-5.5.2.2.
Offset 186241, 22 lines modifiedOffset 186241, 22 lines modified
002d7800:·206e·616d·653a·2045·6e73·7572·6520·6772···name:·Ensure·gr002d7800:·206e·616d·653a·2045·6e73·7572·6520·6772···name:·Ensure·gr
002d7810:·6f75·7020·6f77·6e65·7220·3020·6f6e·202f··oup·owner·0·on·/002d7810:·6f75·7020·6f77·6e65·7220·3020·6f6e·202f··oup·owner·0·on·/
002d7820:·626f·6f74·2f67·7275·6232·2f75·7365·722e··boot/grub2/user.002d7820:·626f·6f74·2f67·7275·6232·2f75·7365·722e··boot/grub2/user.
002d7830:·6366·670a·2020·6669·6c65·3a0a·2020·2020··cfg.··file:.····002d7830:·6366·670a·2020·6669·6c65·3a0a·2020·2020··cfg.··file:.····
002d7840:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub002d7840:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub
002d7850:·322f·7573·6572·2e63·6667·0a20·2020·2067··2/user.cfg.····g002d7850:·322f·7573·6572·2e63·6667·0a20·2020·2067··2/user.cfg.····g
002d7860:·726f·7570·3a20·2730·270a·2020·7768·656e··roup:·'0'.··when002d7860:·726f·7570·3a20·2730·270a·2020·7768·656e··roup:·'0'.··when
002d7870:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef 
002d7880:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl 
002d7890:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a 
002d78a0:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount" 
002d78b0:·2920·7c20·6c69·7374·270a·2020·2d20·2722··)·|·list'.··-·'" 
002d78c0:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in 
002d78d0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
002d78e0:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans002d7870:·3a0a·2020·2d20·2722·6772·7562·322d·636f··:.··-·'"grub2-co
 002d7880:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible
 002d7890:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
Max diff block lines reached; 59656/69318 bytes (86.06%) of diff not shown.
22.0 KB
html2text {}
    
Offset 41793, 16 lines modifiedOffset 41793, 16 lines modified
41793 ··-·no_reboot_needed41793 ··-·no_reboot_needed
  
41794 -·name:·Test·for·existence·/boot/grub2/grub.cfg41794 -·name:·Test·for·existence·/boot/grub2/grub.cfg
41795 ··stat:41795 ··stat:
41796 ····path:·/boot/grub2/grub.cfg41796 ····path:·/boot/grub2/grub.cfg
41797 ··register:·file_exists41797 ··register:·file_exists
41798 ··when:41798 ··when:
41799 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41800 ··-·'"grub2-common"·in·ansible_facts.packages'41799 ··-·'"grub2-common"·in·ansible_facts.packages'
 41800 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
41801 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41801 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41802 ··tags:41802 ··tags:
41803 ··-·CJIS-5.5.2.241803 ··-·CJIS-5.5.2.2
41804 ··-·NIST-800-171-3.4.541804 ··-·NIST-800-171-3.4.5
41805 ··-·NIST-800-53-AC-6(1)41805 ··-·NIST-800-53-AC-6(1)
41806 ··-·NIST-800-53-CM-6(a)41806 ··-·NIST-800-53-CM-6(a)
41807 ··-·PCI-DSS-Req-7.141807 ··-·PCI-DSS-Req-7.1
Offset 41814, 16 lines modifiedOffset 41814, 16 lines modified
41814 ··-·no_reboot_needed41814 ··-·no_reboot_needed
  
41815 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg41815 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
41816 ··file:41816 ··file:
41817 ····path:·/boot/grub2/grub.cfg41817 ····path:·/boot/grub2/grub.cfg
41818 ····group:·'0'41818 ····group:·'0'
41819 ··when:41819 ··when:
41820 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41821 ··-·'"grub2-common"·in·ansible_facts.packages'41820 ··-·'"grub2-common"·in·ansible_facts.packages'
 41821 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
41822 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41822 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41823 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists41823 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
41824 ··tags:41824 ··tags:
41825 ··-·CJIS-5.5.2.241825 ··-·CJIS-5.5.2.2
41826 ··-·NIST-800-171-3.4.541826 ··-·NIST-800-171-3.4.5
41827 ··-·NIST-800-53-AC-6(1)41827 ··-·NIST-800-53-AC-6(1)
41828 ··-·NIST-800-53-CM-6(a)41828 ··-·NIST-800-53-CM-6(a)
Offset 41835, 15 lines modifiedOffset 41835, 15 lines modified
41835 ··-·medium_severity41835 ··-·medium_severity
41836 ··-·no_reboot_needed41836 ··-·no_reboot_needed
41837 Remediation_Shell_script_⇲41837 Remediation_Shell_script_⇲
41838 Complexity:·low41838 Complexity:·low
41839 Disruption:·low41839 Disruption:·low
41840 Strategy:···configure41840 Strategy:···configure
41841 #·Remediation·is·applicable·only·in·certain·platforms41841 #·Remediation·is·applicable·only·in·certain·platforms
41842 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then41842 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
41843 chgrp·0·/boot/grub2/grub.cfg41843 chgrp·0·/boot/grub2/grub.cfg
  
41844 else41844 else
41845 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'41845 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
41846 fi41846 fi
41847 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***41847 ***·Rule  ·Verify·/boot/grub2/user.cfg·Group·Ownership·  [ref]·***
Offset 41874, 16 lines modifiedOffset 41874, 16 lines modified
41874 ··-·no_reboot_needed41874 ··-·no_reboot_needed
  
41875 -·name:·Test·for·existence·/boot/grub2/user.cfg41875 -·name:·Test·for·existence·/boot/grub2/user.cfg
41876 ··stat:41876 ··stat:
41877 ····path:·/boot/grub2/user.cfg41877 ····path:·/boot/grub2/user.cfg
41878 ··register:·file_exists41878 ··register:·file_exists
41879 ··when:41879 ··when:
41880 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41881 ··-·'"grub2-common"·in·ansible_facts.packages'41880 ··-·'"grub2-common"·in·ansible_facts.packages'
 41881 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
41882 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41882 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41883 ··tags:41883 ··tags:
41884 ··-·CJIS-5.5.2.241884 ··-·CJIS-5.5.2.2
41885 ··-·NIST-800-171-3.4.541885 ··-·NIST-800-171-3.4.5
41886 ··-·NIST-800-53-AC-6(1)41886 ··-·NIST-800-53-AC-6(1)
41887 ··-·NIST-800-53-CM-6(a)41887 ··-·NIST-800-53-CM-6(a)
41888 ··-·PCI-DSS-Req-7.141888 ··-·PCI-DSS-Req-7.1
Offset 41895, 16 lines modifiedOffset 41895, 16 lines modified
41895 ··-·no_reboot_needed41895 ··-·no_reboot_needed
  
41896 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg41896 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
41897 ··file:41897 ··file:
41898 ····path:·/boot/grub2/user.cfg41898 ····path:·/boot/grub2/user.cfg
41899 ····group:·'0'41899 ····group:·'0'
41900 ··when:41900 ··when:
41901 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41902 ··-·'"grub2-common"·in·ansible_facts.packages'41901 ··-·'"grub2-common"·in·ansible_facts.packages'
 41902 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
41903 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41903 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41904 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists41904 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
41905 ··tags:41905 ··tags:
41906 ··-·CJIS-5.5.2.241906 ··-·CJIS-5.5.2.2
41907 ··-·NIST-800-171-3.4.541907 ··-·NIST-800-171-3.4.5
41908 ··-·NIST-800-53-AC-6(1)41908 ··-·NIST-800-53-AC-6(1)
41909 ··-·NIST-800-53-CM-6(a)41909 ··-·NIST-800-53-CM-6(a)
Offset 41916, 15 lines modifiedOffset 41916, 15 lines modified
41916 ··-·medium_severity41916 ··-·medium_severity
41917 ··-·no_reboot_needed41917 ··-·no_reboot_needed
41918 Remediation_Shell_script_⇲41918 Remediation_Shell_script_⇲
41919 Complexity:·low41919 Complexity:·low
41920 Disruption:·low41920 Disruption:·low
41921 Strategy:···configure41921 Strategy:···configure
41922 #·Remediation·is·applicable·only·in·certain·platforms41922 #·Remediation·is·applicable·only·in·certain·platforms
41923 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then41923 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
41924 chgrp·0·/boot/grub2/user.cfg41924 chgrp·0·/boot/grub2/user.cfg
  
41925 else41925 else
41926 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'41926 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
41927 fi41927 fi
41928 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***41928 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 41955, 16 lines modifiedOffset 41955, 16 lines modified
41955 ··-·no_reboot_needed41955 ··-·no_reboot_needed
  
41956 -·name:·Test·for·existence·/boot/grub2/grub.cfg41956 -·name:·Test·for·existence·/boot/grub2/grub.cfg
41957 ··stat:41957 ··stat:
41958 ····path:·/boot/grub2/grub.cfg41958 ····path:·/boot/grub2/grub.cfg
41959 ··register:·file_exists41959 ··register:·file_exists
41960 ··when:41960 ··when:
41961 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41962 ··-·'"grub2-common"·in·ansible_facts.packages'41961 ··-·'"grub2-common"·in·ansible_facts.packages'
 41962 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
41963 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41963 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41964 ··tags:41964 ··tags:
41965 ··-·CJIS-5.5.2.241965 ··-·CJIS-5.5.2.2
41966 ··-·NIST-800-171-3.4.541966 ··-·NIST-800-171-3.4.5
41967 ··-·NIST-800-53-AC-6(1)41967 ··-·NIST-800-53-AC-6(1)
41968 ··-·NIST-800-53-CM-6(a)41968 ··-·NIST-800-53-CM-6(a)
41969 ··-·PCI-DSS-Req-7.141969 ··-·PCI-DSS-Req-7.1
Offset 41976, 16 lines modifiedOffset 41976, 16 lines modified
41976 ··-·no_reboot_needed41976 ··-·no_reboot_needed
  
41977 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg41977 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
41978 ··file:41978 ··file:
41979 ····path:·/boot/grub2/grub.cfg41979 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 18069/22482 bytes (80.37%) of diff not shown.
15.1 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-cjis.html
    
Offset 134543, 22 lines modifiedOffset 134543, 22 lines modified
0020d8e0:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc0020d8e0:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc
0020d8f0:·6520·2f62·6f6f·742f·6772·7562·322f·6772··e·/boot/grub2/gr0020d8f0:·6520·2f62·6f6f·742f·6772·7562·322f·6772··e·/boot/grub2/gr
0020d900:·7562·2e63·6667·0a20·2073·7461·743a·0a20··ub.cfg.··stat:.·0020d900:·7562·2e63·6667·0a20·2073·7461·743a·0a20··ub.cfg.··stat:.·
0020d910:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g0020d910:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g
0020d920:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··0020d920:·7275·6232·2f67·7275·622e·6366·670a·2020··rub2/grub.cfg.··
0020d930:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e0020d930:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e
0020d940:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··0020d940:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··
0020d950:·2d20·2722·2f62·6f6f·742f·6566·6922·206e··-·'"/boot/efi"·n 
0020d960:·6f74·2069·6e20·616e·7369·626c·655f·6d6f··ot·in·ansible_mo 
0020d970:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri 
0020d980:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|· 
0020d990:·6c69·7374·270a·2020·2d20·2722·6772·7562··list'.··-·'"grub 
0020d9a0:·322d·636f·6d6d·6f6e·2220·696e·2061·6e73··2-common"·in·ans 
0020d9b0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa0020d950:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common
 0020d960:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
 0020d970:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-
 0020d980:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no
 0020d990:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou
 0020d9a0:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib
 0020d9b0:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l
0020d9c0:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible0020d9c0:·6973·7427·0a20·202d·2061·6e73·6962·6c65··ist'.··-·ansible
0020d9d0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_0020d9d0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
0020d9e0:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do0020d9e0:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
0020d9f0:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o0020d9f0:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
0020da00:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"0020da00:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
0020da10:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·0020da10:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
0020da20:·2074·6167·733a·0a20·202d·2043·4a49·532d···tags:.··-·CJIS-0020da20:·2074·6167·733a·0a20·202d·2043·4a49·532d···tags:.··-·CJIS-
0020da30:·352e·352e·322e·320a·2020·2d20·4e49·5354··5.5.2.2.··-·NIST0020da30:·352e·352e·322e·320a·2020·2d20·4e49·5354··5.5.2.2.··-·NIST
Offset 134579, 21 lines modifiedOffset 134579, 21 lines modified
0020db20:·456e·7375·7265·2067·726f·7570·206f·776e··Ensure·group·own0020db20:·456e·7375·7265·2067·726f·7570·206f·776e··Ensure·group·own
0020db30:·6572·2030·206f·6e20·2f62·6f6f·742f·6772··er·0·on·/boot/gr0020db30:·6572·2030·206f·6e20·2f62·6f6f·742f·6772··er·0·on·/boot/gr
0020db40:·7562·322f·6772·7562·2e63·6667·0a20·2066··ub2/grub.cfg.··f0020db40:·7562·322f·6772·7562·2e63·6667·0a20·2066··ub2/grub.cfg.··f
0020db50:·696c·653a·0a20·2020·2070·6174·683a·202f··ile:.····path:·/0020db50:·696c·653a·0a20·2020·2070·6174·683a·202f··ile:.····path:·/
0020db60:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.0020db60:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
0020db70:·6366·670a·2020·2020·6772·6f75·703a·2027··cfg.····group:·'0020db70:·6366·670a·2020·2020·6772·6f75·703a·2027··cfg.····group:·'
0020db80:·3027·0a20·2077·6865·6e3a·0a20·202d·2027··0'.··when:.··-·'0020db80:·3027·0a20·2077·6865·6e3a·0a20·202d·2027··0'.··when:.··-·'
0020db90:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not· 
0020dba0:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount 
0020dbb0:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut 
0020dbc0:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis 
0020dbd0:·7427·0a20·202d·2027·2267·7275·6232·2d63··t'.··-·'"grub2-c 
0020dbe0:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl 
0020dbf0:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages0020db90:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i
 0020dba0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
 0020dbb0:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'"
 0020dbc0:·2f62·6f6f·742f·6566·6922·206e·6f74·2069··/boot/efi"·not·i
 0020dbd0:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts
 0020dbe0:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute
 0020dbf0:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list
0020dc00:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi0020dc00:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
0020dc10:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ0020dc10:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
0020dc20:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke0020dc20:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
0020dc30:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open0020dc30:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
0020dc40:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"0020dc40:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
0020dc50:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·0020dc50:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·
0020dc60:·6669·6c65·5f65·7869·7374·732e·7374·6174··file_exists.stat0020dc60:·6669·6c65·5f65·7869·7374·732e·7374·6174··file_exists.stat
Offset 134644, 19 lines modifiedOffset 134644, 19 lines modified
0020df30:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<0020df30:·723e·3c74·683e·5374·7261·7465·6779·3a3c··r><th>Strategy:<
0020df40:·2f74·683e·3c74·643e·636f·6e66·6967·7572··/th><td>configur0020df40:·2f74·683e·3c74·643e·636f·6e66·6967·7572··/th><td>configur
0020df50:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab0020df50:·653c·2f74·643e·3c2f·7472·3e3c·2f74·6162··e</td></tr></tab
0020df60:·6c65·3e3c·7072·653e·3c63·6f64·653e·2320··le><pre><code>#·0020df60:·6c65·3e3c·7072·653e·3c63·6f64·653e·2320··le><pre><code>#·
0020df70:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a0020df70:·5265·6d65·6469·6174·696f·6e20·6973·2061··Remediation·is·a
0020df80:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i0020df80:·7070·6c69·6361·626c·6520·6f6e·6c79·2069··pplicable·only·i
0020df90:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo0020df90:·6e20·6365·7274·6169·6e20·706c·6174·666f··n·certain·platfo
0020dfa0:·726d·730a·6966·205b·2021·202d·6620·2f73··rms.if·[·!·-f·/s 
0020dfb0:·7973·2f66·6972·6d77·6172·652f·6566·6920··ys/firmware/efi· 
0020dfc0:·5d20·2661·6d70·3b26·616d·703b·2072·706d··]·&amp;&amp;·rpm 
0020dfd0:·202d·2d71·7569·6574·202d·7120·6772·7562···--quiet·-q·grub 
0020dfe0:·322d·636f·6d6d·6f6e·2026·616d·703b·2661··2-common·&amp;&a0020dfa0:·726d·730a·6966·2072·706d·202d·2d71·7569··rms.if·rpm·--qui
 0020dfb0:·6574·202d·7120·6772·7562·322d·636f·6d6d··et·-q·grub2-comm
 0020dfc0:·6f6e·2026·616d·703b·2661·6d70·3b20·5b20··on·&amp;&amp;·[·
 0020dfd0:·2120·2d66·202f·7379·732f·6669·726d·7761··!·-f·/sys/firmwa
 0020dfe0:·7265·2f65·6669·205d·2026·616d·703b·2661··re/efi·]·&amp;&a
0020dff0:·6d70·3b20·7b20·5b20·2120·2d66·202f·2e64··mp;·{·[·!·-f·/.d0020dff0:·6d70·3b20·7b20·5b20·2120·2d66·202f·2e64··mp;·{·[·!·-f·/.d
0020e000:·6f63·6b65·7265·6e76·205d·2026·616d·703b··ockerenv·]·&amp;0020e000:·6f63·6b65·7265·6e76·205d·2026·616d·703b··ockerenv·]·&amp;
0020e010:·2661·6d70·3b20·5b20·2120·2d66·202f·7275··&amp;·[·!·-f·/ru0020e010:·2661·6d70·3b20·5b20·2120·2d66·202f·7275··&amp;·[·!·-f·/ru
0020e020:·6e2f·2e63·6f6e·7461·696e·6572·656e·7620··n/.containerenv·0020e020:·6e2f·2e63·6f6e·7461·696e·6572·656e·7620··n/.containerenv·
0020e030:·5d3b·207d·3b20·7468·656e·0a0a·6368·6772··];·};·then..chgr0020e030:·5d3b·207d·3b20·7468·656e·0a0a·6368·6772··];·};·then..chgr
0020e040:·7020·3020·2f62·6f6f·742f·6772·7562·322f··p·0·/boot/grub2/0020e040:·7020·3020·2f62·6f6f·742f·6772·7562·322f··p·0·/boot/grub2/
0020e050:·6772·7562·2e63·6667·0a0a·656c·7365·0a20··grub.cfg..else.·0020e050:·6772·7562·2e63·6667·0a0a·656c·7365·0a20··grub.cfg..else.·
Offset 135122, 22 lines modifiedOffset 135122, 22 lines modified
0020fd10:·616d·653a·2054·6573·7420·666f·7220·6578··ame:·Test·for·ex0020fd10:·616d·653a·2054·6573·7420·666f·7220·6578··ame:·Test·for·ex
0020fd20:·6973·7465·6e63·6520·2f62·6f6f·742f·6772··istence·/boot/gr0020fd20:·6973·7465·6e63·6520·2f62·6f6f·742f·6772··istence·/boot/gr
0020fd30:·7562·322f·6772·7562·2e63·6667·0a20·2073··ub2/grub.cfg.··s0020fd30:·7562·322f·6772·7562·2e63·6667·0a20·2073··ub2/grub.cfg.··s
0020fd40:·7461·743a·0a20·2020·2070·6174·683a·202f··tat:.····path:·/0020fd40:·7461·743a·0a20·2020·2070·6174·683a·202f··tat:.····path:·/
0020fd50:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.0020fd50:·626f·6f74·2f67·7275·6232·2f67·7275·622e··boot/grub2/grub.
0020fd60:·6366·670a·2020·7265·6769·7374·6572·3a20··cfg.··register:·0020fd60:·6366·670a·2020·7265·6769·7374·6572·3a20··cfg.··register:·
0020fd70:·6669·6c65·5f65·7869·7374·730a·2020·7768··file_exists.··wh0020fd70:·6669·6c65·5f65·7869·7374·730a·2020·7768··file_exists.··wh
0020fd80:·656e·3a0a·2020·2d20·2722·2f62·6f6f·742f··en:.··-·'"/boot/0020fd80:·656e·3a0a·2020·2d20·2722·6772·7562·322d··en:.··-·'"grub2-
0020fd90:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi 
0020fda0:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map 
0020fdb0:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun 
0020fdc0:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-· 
0020fdd0:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"· 
0020fde0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
0020fdf0:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a0020fd90:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib
 0020fda0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
 0020fdb0:·7327·0a20·202d·2027·222f·626f·6f74·2f65··s'.··-·'"/boot/e
 0020fdc0:·6669·2220·6e6f·7420·696e·2061·6e73·6962··fi"·not·in·ansib
 0020fdd0:·6c65·5f6d·6f75·6e74·7320·7c20·6d61·7028··le_mounts·|·map(
 0020fde0:·6174·7472·6962·7574·653d·226d·6f75·6e74··attribute="mount
 0020fdf0:·2229·207c·206c·6973·7427·0a20·202d·2061··")·|·list'.··-·a
0020fe00:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz0020fe00:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
0020fe10:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i0020fe10:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
0020fe20:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx0020fe20:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
0020fe30:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p0020fe30:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
0020fe40:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain0020fe40:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
0020fe50:·6572·225d·0a20·2074·6167·733a·0a20·202d··er"].··tags:.··-0020fe50:·6572·225d·0a20·2074·6167·733a·0a20·202d··er"].··tags:.··-
0020fe60:·2043·4a49·532d·352e·352e·322e·320a·2020···CJIS-5.5.2.2.··0020fe60:·2043·4a49·532d·352e·352e·322e·320a·2020···CJIS-5.5.2.2.··
Offset 135157, 22 lines modifiedOffset 135157, 22 lines modified
0020ff40:·5f6e·6565·6465·640a·0a2d·206e·616d·653a··_needed..-·name:0020ff40:·5f6e·6565·6465·640a·0a2d·206e·616d·653a··_needed..-·name:
0020ff50:·2045·6e73·7572·6520·6f77·6e65·7220·3020···Ensure·owner·0·0020ff50:·2045·6e73·7572·6520·6f77·6e65·7220·3020···Ensure·owner·0·
0020ff60:·6f6e·202f·626f·6f74·2f67·7275·6232·2f67··on·/boot/grub2/g0020ff60:·6f6e·202f·626f·6f74·2f67·7275·6232·2f67··on·/boot/grub2/g
0020ff70:·7275·622e·6366·670a·2020·6669·6c65·3a0a··rub.cfg.··file:.0020ff70:·7275·622e·6366·670a·2020·6669·6c65·3a0a··rub.cfg.··file:.
0020ff80:·2020·2020·7061·7468·3a20·2f62·6f6f·742f······path:·/boot/0020ff80:·2020·2020·7061·7468·3a20·2f62·6f6f·742f······path:·/boot/
0020ff90:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·0020ff90:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·
0020ffa0:·2020·206f·776e·6572·3a20·2730·270a·2020·····owner:·'0'.··0020ffa0:·2020·206f·776e·6572·3a20·2730·270a·2020·····owner:·'0'.··
0020ffb0:·7768·656e·3a0a·2020·2d20·2722·2f62·6f6f··when:.··-·'"/boo0020ffb0:·7768·656e·3a0a·2020·2d20·2722·6772·7562··when:.··-·'"grub
0020ffc0:·742f·6566·6922·206e·6f74·2069·6e20·616e··t/efi"·not·in·an 
0020ffd0:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m 
0020ffe0:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo 
0020fff0:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.·· 
00210000:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common 
00210010:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
00210020:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-0020ffc0:·322d·636f·6d6d·6f6e·2220·696e·2061·6e73··2-common"·in·ans
 0020ffd0:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
 0020ffe0:·6765·7327·0a20·202d·2027·222f·626f·6f74··ges'.··-·'"/boot
Max diff block lines reached; 2098/11622 bytes (18.05%) of diff not shown.
3.62 KB
html2text {}
    
Offset 28864, 16 lines modifiedOffset 28864, 16 lines modified
28864 ··-·no_reboot_needed28864 ··-·no_reboot_needed
  
28865 -·name:·Test·for·existence·/boot/grub2/grub.cfg28865 -·name:·Test·for·existence·/boot/grub2/grub.cfg
28866 ··stat:28866 ··stat:
28867 ····path:·/boot/grub2/grub.cfg28867 ····path:·/boot/grub2/grub.cfg
28868 ··register:·file_exists28868 ··register:·file_exists
28869 ··when:28869 ··when:
28870 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
28871 ··-·'"grub2-common"·in·ansible_facts.packages'28870 ··-·'"grub2-common"·in·ansible_facts.packages'
 28871 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
28872 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]28872 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
28873 ··tags:28873 ··tags:
28874 ··-·CJIS-5.5.2.228874 ··-·CJIS-5.5.2.2
28875 ··-·NIST-800-171-3.4.528875 ··-·NIST-800-171-3.4.5
28876 ··-·NIST-800-53-AC-6(1)28876 ··-·NIST-800-53-AC-6(1)
28877 ··-·NIST-800-53-CM-6(a)28877 ··-·NIST-800-53-CM-6(a)
28878 ··-·PCI-DSS-Req-7.128878 ··-·PCI-DSS-Req-7.1
Offset 28885, 16 lines modifiedOffset 28885, 16 lines modified
28885 ··-·no_reboot_needed28885 ··-·no_reboot_needed
  
28886 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg28886 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
28887 ··file:28887 ··file:
28888 ····path:·/boot/grub2/grub.cfg28888 ····path:·/boot/grub2/grub.cfg
28889 ····group:·'0'28889 ····group:·'0'
28890 ··when:28890 ··when:
28891 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
28892 ··-·'"grub2-common"·in·ansible_facts.packages'28891 ··-·'"grub2-common"·in·ansible_facts.packages'
 28892 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
28893 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]28893 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
28894 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists28894 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
28895 ··tags:28895 ··tags:
28896 ··-·CJIS-5.5.2.228896 ··-·CJIS-5.5.2.2
28897 ··-·NIST-800-171-3.4.528897 ··-·NIST-800-171-3.4.5
28898 ··-·NIST-800-53-AC-6(1)28898 ··-·NIST-800-53-AC-6(1)
28899 ··-·NIST-800-53-CM-6(a)28899 ··-·NIST-800-53-CM-6(a)
Offset 28906, 15 lines modifiedOffset 28906, 15 lines modified
28906 ··-·medium_severity28906 ··-·medium_severity
28907 ··-·no_reboot_needed28907 ··-·no_reboot_needed
28908 Remediation_Shell_script_⇲28908 Remediation_Shell_script_⇲
28909 Complexity:·low28909 Complexity:·low
28910 Disruption:·low28910 Disruption:·low
28911 Strategy:···configure28911 Strategy:···configure
28912 #·Remediation·is·applicable·only·in·certain·platforms28912 #·Remediation·is·applicable·only·in·certain·platforms
28913 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then28913 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
28914 chgrp·0·/boot/grub2/grub.cfg28914 chgrp·0·/boot/grub2/grub.cfg
  
28915 else28915 else
28916 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'28916 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
28917 fi28917 fi
28918 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***28918 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 28945, 16 lines modifiedOffset 28945, 16 lines modified
28945 ··-·no_reboot_needed28945 ··-·no_reboot_needed
  
28946 -·name:·Test·for·existence·/boot/grub2/grub.cfg28946 -·name:·Test·for·existence·/boot/grub2/grub.cfg
28947 ··stat:28947 ··stat:
28948 ····path:·/boot/grub2/grub.cfg28948 ····path:·/boot/grub2/grub.cfg
28949 ··register:·file_exists28949 ··register:·file_exists
28950 ··when:28950 ··when:
28951 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
28952 ··-·'"grub2-common"·in·ansible_facts.packages'28951 ··-·'"grub2-common"·in·ansible_facts.packages'
 28952 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
28953 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]28953 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
28954 ··tags:28954 ··tags:
28955 ··-·CJIS-5.5.2.228955 ··-·CJIS-5.5.2.2
28956 ··-·NIST-800-171-3.4.528956 ··-·NIST-800-171-3.4.5
28957 ··-·NIST-800-53-AC-6(1)28957 ··-·NIST-800-53-AC-6(1)
28958 ··-·NIST-800-53-CM-6(a)28958 ··-·NIST-800-53-CM-6(a)
28959 ··-·PCI-DSS-Req-7.128959 ··-·PCI-DSS-Req-7.1
Offset 28966, 16 lines modifiedOffset 28966, 16 lines modified
28966 ··-·no_reboot_needed28966 ··-·no_reboot_needed
  
28967 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg28967 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
28968 ··file:28968 ··file:
28969 ····path:·/boot/grub2/grub.cfg28969 ····path:·/boot/grub2/grub.cfg
28970 ····owner:·'0'28970 ····owner:·'0'
28971 ··when:28971 ··when:
28972 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
28973 ··-·'"grub2-common"·in·ansible_facts.packages'28972 ··-·'"grub2-common"·in·ansible_facts.packages'
 28973 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
28974 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]28974 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
28975 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists28975 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
28976 ··tags:28976 ··tags:
28977 ··-·CJIS-5.5.2.228977 ··-·CJIS-5.5.2.2
28978 ··-·NIST-800-171-3.4.528978 ··-·NIST-800-171-3.4.5
28979 ··-·NIST-800-53-AC-6(1)28979 ··-·NIST-800-53-AC-6(1)
28980 ··-·NIST-800-53-CM-6(a)28980 ··-·NIST-800-53-CM-6(a)
Offset 28987, 15 lines modifiedOffset 28987, 15 lines modified
28987 ··-·medium_severity28987 ··-·medium_severity
28988 ··-·no_reboot_needed28988 ··-·no_reboot_needed
28989 Remediation_Shell_script_⇲28989 Remediation_Shell_script_⇲
28990 Complexity:·low28990 Complexity:·low
28991 Disruption:·low28991 Disruption:·low
28992 Strategy:···configure28992 Strategy:···configure
28993 #·Remediation·is·applicable·only·in·certain·platforms28993 #·Remediation·is·applicable·only·in·certain·platforms
28994 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then28994 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
28995 chown·0·/boot/grub2/grub.cfg28995 chown·0·/boot/grub2/grub.cfg
  
28996 else28996 else
28997 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'28997 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
28998 fi28998 fi
28999 Group  ·Network·Configuration·and·Firewalls·  Group·contains·9·groups·and·12·rules28999 Group  ·Network·Configuration·and·Firewalls·  Group·contains·9·groups·and·12·rules
15.2 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-hipaa.html
    
Offset 200621, 22 lines modifiedOffset 200621, 22 lines modified
0030fac0:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·0030fac0:·7420·666f·7220·6578·6973·7465·6e63·6520··t·for·existence·
0030fad0:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub0030fad0:·2f62·6f6f·742f·6772·7562·322f·6772·7562··/boot/grub2/grub
0030fae0:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···0030fae0:·2e63·6667·0a20·2073·7461·743a·0a20·2020··.cfg.··stat:.···
0030faf0:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru0030faf0:·2070·6174·683a·202f·626f·6f74·2f67·7275···path:·/boot/gru
0030fb00:·6232·2f67·7275·622e·6366·670a·2020·7265··b2/grub.cfg.··re0030fb00:·6232·2f67·7275·622e·6366·670a·2020·7265··b2/grub.cfg.··re
0030fb10:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi0030fb10:·6769·7374·6572·3a20·6669·6c65·5f65·7869··gister:·file_exi
0030fb20:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·0030fb20:·7374·730a·2020·7768·656e·3a0a·2020·2d20··sts.··when:.··-·
0030fb30:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not 
0030fb40:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun 
0030fb50:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu 
0030fb60:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li 
0030fb70:·7374·270a·2020·2d20·2722·6772·7562·322d··st'.··-·'"grub2- 
0030fb80:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib 
0030fb90:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package0030fb30:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"·
 0030fb40:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts
 0030fb50:·2e70·6163·6b61·6765·7327·0a20·202d·2027··.packages'.··-·'
 0030fb60:·222f·626f·6f74·2f65·6669·2220·6e6f·7420··"/boot/efi"·not·
 0030fb70:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount
 0030fb80:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut
 0030fb90:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis
0030fba0:·7327·0a20·202d·2061·6e73·6962·6c65·5f76··s'.··-·ansible_v0030fba0:·7427·0a20·202d·2061·6e73·6962·6c65·5f76··t'.··-·ansible_v
0030fbb0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty0030fbb0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
0030fbc0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock0030fbc0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
0030fbd0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope0030fbd0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
0030fbe0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·0030fbe0:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
0030fbf0:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t0030fbf0:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t
0030fc00:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.0030fc00:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.
0030fc10:·352e·322e·320a·2020·2d20·4e49·5354·2d38··5.2.2.··-·NIST-80030fc10:·352e·322e·320a·2020·2d20·4e49·5354·2d38··5.2.2.··-·NIST-8
Offset 200656, 22 lines modifiedOffset 200656, 22 lines modified
0030fcf0:·6564·6564·0a0a·2d20·6e61·6d65·3a20·456e··eded..-·name:·En0030fcf0:·6564·6564·0a0a·2d20·6e61·6d65·3a20·456e··eded..-·name:·En
0030fd00:·7375·7265·2067·726f·7570·206f·776e·6572··sure·group·owner0030fd00:·7375·7265·2067·726f·7570·206f·776e·6572··sure·group·owner
0030fd10:·2030·206f·6e20·2f62·6f6f·742f·6772·7562···0·on·/boot/grub0030fd10:·2030·206f·6e20·2f62·6f6f·742f·6772·7562···0·on·/boot/grub
0030fd20:·322f·6772·7562·2e63·6667·0a20·2066·696c··2/grub.cfg.··fil0030fd20:·322f·6772·7562·2e63·6667·0a20·2066·696c··2/grub.cfg.··fil
0030fd30:·653a·0a20·2020·2070·6174·683a·202f·626f··e:.····path:·/bo0030fd30:·653a·0a20·2020·2070·6174·683a·202f·626f··e:.····path:·/bo
0030fd40:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf0030fd40:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
0030fd50:·670a·2020·2020·6772·6f75·703a·2027·3027··g.····group:·'0'0030fd50:·670a·2020·2020·6772·6f75·703a·2027·3027··g.····group:·'0'
0030fd60:·0a20·2077·6865·6e3a·0a20·202d·2027·222f··.··when:.··-·'"/0030fd60:·0a20·2077·6865·6e3a·0a20·202d·2027·2267··.··when:.··-·'"g
0030fd70:·626f·6f74·2f65·6669·2220·6e6f·7420·696e··boot/efi"·not·in 
0030fd80:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts· 
0030fd90:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute= 
0030fda0:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list' 
0030fdb0:·0a20·202d·2027·2267·7275·6232·2d63·6f6d··.··-·'"grub2-com 
0030fdc0:·6d6f·6e22·2069·6e20·616e·7369·626c·655f··mon"·in·ansible_ 
0030fdd0:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.0030fd70:·7275·6232·2d63·6f6d·6d6f·6e22·2069·6e20··rub2-common"·in·
 0030fd80:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
 0030fd90:·636b·6167·6573·270a·2020·2d20·2722·2f62··ckages'.··-·'"/b
 0030fda0:·6f6f·742f·6566·6922·206e·6f74·2069·6e20··oot/efi"·not·in·
 0030fdb0:·616e·7369·626c·655f·6d6f·756e·7473·207c··ansible_mounts·|
 0030fdc0:·206d·6170·2861·7474·7269·6275·7465·3d22···map(attribute="
 0030fdd0:·6d6f·756e·7422·2920·7c20·6c69·7374·270a··mount")·|·list'.
0030fde0:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt0030fde0:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt
0030fdf0:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type·0030fdf0:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type·
0030fe00:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker"0030fe00:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker"
0030fe10:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz0030fe10:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz
0030fe20:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co0030fe20:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co
0030fe30:·6e74·6169·6e65·7222·5d0a·2020·2d20·6669··ntainer"].··-·fi0030fe30:·6e74·6169·6e65·7222·5d0a·2020·2d20·6669··ntainer"].··-·fi
0030fe40:·6c65·5f65·7869·7374·732e·7374·6174·2069··le_exists.stat·i0030fe40:·6c65·5f65·7869·7374·732e·7374·6174·2069··le_exists.stat·i
Offset 200722, 19 lines modifiedOffset 200722, 19 lines modified
00310110:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t00310110:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t
00310120:·683e·3c74·643e·636f·6e66·6967·7572·653c··h><td>configure<00310120:·683e·3c74·643e·636f·6e66·6967·7572·653c··h><td>configure<
00310130:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table00310130:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table
00310140:·3e3c·7072·653e·3c63·6f64·653e·2320·5265··><pre><code>#·Re00310140:·3e3c·7072·653e·3c63·6f64·653e·2320·5265··><pre><code>#·Re
00310150:·6d65·6469·6174·696f·6e20·6973·2061·7070··mediation·is·app00310150:·6d65·6469·6174·696f·6e20·6973·2061·7070··mediation·is·app
00310160:·6c69·6361·626c·6520·6f6e·6c79·2069·6e20··licable·only·in·00310160:·6c69·6361·626c·6520·6f6e·6c79·2069·6e20··licable·only·in·
00310170:·6365·7274·6169·6e20·706c·6174·666f·726d··certain·platform00310170:·6365·7274·6169·6e20·706c·6174·666f·726d··certain·platform
00310180:·730a·6966·205b·2021·202d·6620·2f73·7973··s.if·[·!·-f·/sys 
00310190:·2f66·6972·6d77·6172·652f·6566·6920·5d20··/firmware/efi·]· 
003101a0:·2661·6d70·3b26·616d·703b·2072·706d·202d··&amp;&amp;·rpm·- 
003101b0:·2d71·7569·6574·202d·7120·6772·7562·322d··-quiet·-q·grub2-00310180:·730a·6966·2072·706d·202d·2d71·7569·6574··s.if·rpm·--quiet
 00310190:·202d·7120·6772·7562·322d·636f·6d6d·6f6e···-q·grub2-common
 003101a0:·2026·616d·703b·2661·6d70·3b20·5b20·2120···&amp;&amp;·[·!·
 003101b0:·2d66·202f·7379·732f·6669·726d·7761·7265··-f·/sys/firmware
003101c0:·636f·6d6d·6f6e·2026·616d·703b·2661·6d70··common·&amp;&amp003101c0:·2f65·6669·205d·2026·616d·703b·2661·6d70··/efi·]·&amp;&amp
003101d0:·3b20·7b20·5b20·2120·2d66·202f·2e64·6f63··;·{·[·!·-f·/.doc003101d0:·3b20·7b20·5b20·2120·2d66·202f·2e64·6f63··;·{·[·!·-f·/.doc
003101e0:·6b65·7265·6e76·205d·2026·616d·703b·2661··kerenv·]·&amp;&a003101e0:·6b65·7265·6e76·205d·2026·616d·703b·2661··kerenv·]·&amp;&a
003101f0:·6d70·3b20·5b20·2120·2d66·202f·7275·6e2f··mp;·[·!·-f·/run/003101f0:·6d70·3b20·5b20·2120·2d66·202f·7275·6e2f··mp;·[·!·-f·/run/
00310200:·2e63·6f6e·7461·696e·6572·656e·7620·5d3b··.containerenv·];00310200:·2e63·6f6e·7461·696e·6572·656e·7620·5d3b··.containerenv·];
00310210:·207d·3b20·7468·656e·0a0a·6368·6772·7020···};·then..chgrp·00310210:·207d·3b20·7468·656e·0a0a·6368·6772·7020···};·then..chgrp·
00310220:·3020·2f62·6f6f·742f·6772·7562·322f·6772··0·/boot/grub2/gr00310220:·3020·2f62·6f6f·742f·6772·7562·322f·6772··0·/boot/grub2/gr
00310230:·7562·2e63·6667·0a0a·656c·7365·0a20·2020··ub.cfg..else.···00310230:·7562·2e63·6667·0a0a·656c·7365·0a20·2020··ub.cfg..else.···
Offset 201200, 22 lines modifiedOffset 201200, 22 lines modified
00311ef0:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis00311ef0:·653a·2054·6573·7420·666f·7220·6578·6973··e:·Test·for·exis
00311f00:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub00311f00:·7465·6e63·6520·2f62·6f6f·742f·6772·7562··tence·/boot/grub
00311f10:·322f·6772·7562·2e63·6667·0a20·2073·7461··2/grub.cfg.··sta00311f10:·322f·6772·7562·2e63·6667·0a20·2073·7461··2/grub.cfg.··sta
00311f20:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo00311f20:·743a·0a20·2020·2070·6174·683a·202f·626f··t:.····path:·/bo
00311f30:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf00311f30:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
00311f40:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi00311f40:·670a·2020·7265·6769·7374·6572·3a20·6669··g.··register:·fi
00311f50:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when00311f50:·6c65·5f65·7869·7374·730a·2020·7768·656e··le_exists.··when
00311f60:·3a0a·2020·2d20·2722·2f62·6f6f·742f·6566··:.··-·'"/boot/ef 
00311f70:·6922·206e·6f74·2069·6e20·616e·7369·626c··i"·not·in·ansibl 
00311f80:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a 
00311f90:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount" 
00311fa0:·2920·7c20·6c69·7374·270a·2020·2d20·2722··)·|·list'.··-·'" 
00311fb0:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in 
00311fc0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
00311fd0:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans00311f60:·3a0a·2020·2d20·2722·6772·7562·322d·636f··:.··-·'"grub2-co
 00311f70:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible
 00311f80:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'
 00311f90:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi
 00311fa0:·2220·6e6f·7420·696e·2061·6e73·6962·6c65··"·not·in·ansible
 00311fb0:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at
 00311fc0:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount")
 00311fd0:·207c·206c·6973·7427·0a20·202d·2061·6e73···|·list'.··-·ans
00311fe0:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat00311fe0:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat
00311ff0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·00311ff0:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in·
00312000:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"00312000:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc"
00312010:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod00312010:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod
00312020:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container00312020:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container
00312030:·225d·0a20·2074·6167·733a·0a20·202d·2043··"].··tags:.··-·C00312030:·225d·0a20·2074·6167·733a·0a20·202d·2043··"].··tags:.··-·C
00312040:·4a49·532d·352e·352e·322e·320a·2020·2d20··JIS-5.5.2.2.··-·00312040:·4a49·532d·352e·352e·322e·320a·2020·2d20··JIS-5.5.2.2.··-·
Offset 201235, 22 lines modifiedOffset 201235, 22 lines modified
00312120:·6565·6465·640a·0a2d·206e·616d·653a·2045··eeded..-·name:·E00312120:·6565·6465·640a·0a2d·206e·616d·653a·2045··eeded..-·name:·E
00312130:·6e73·7572·6520·6f77·6e65·7220·3020·6f6e··nsure·owner·0·on00312130:·6e73·7572·6520·6f77·6e65·7220·3020·6f6e··nsure·owner·0·on
00312140:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru00312140:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
00312150:·622e·6366·670a·2020·6669·6c65·3a0a·2020··b.cfg.··file:.··00312150:·622e·6366·670a·2020·6669·6c65·3a0a·2020··b.cfg.··file:.··
00312160:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr00312160:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr
00312170:·7562·322f·6772·7562·2e63·6667·0a20·2020··ub2/grub.cfg.···00312170:·7562·322f·6772·7562·2e63·6667·0a20·2020··ub2/grub.cfg.···
00312180:·206f·776e·6572·3a20·2730·270a·2020·7768···owner:·'0'.··wh00312180:·206f·776e·6572·3a20·2730·270a·2020·7768···owner:·'0'.··wh
00312190:·656e·3a0a·2020·2d20·2722·2f62·6f6f·742f··en:.··-·'"/boot/00312190:·656e·3a0a·2020·2d20·2722·6772·7562·322d··en:.··-·'"grub2-
003121a0:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi 
003121b0:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map 
003121c0:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun 
003121d0:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-· 
003121e0:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"· 
003121f0:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
00312200:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a003121a0:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib
 003121b0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
Max diff block lines reached; 2098/11760 bytes (17.84%) of diff not shown.
3.6 KB
html2text {}
    
Offset 48239, 16 lines modifiedOffset 48239, 16 lines modified
48239 ··-·no_reboot_needed48239 ··-·no_reboot_needed
  
48240 -·name:·Test·for·existence·/boot/grub2/grub.cfg48240 -·name:·Test·for·existence·/boot/grub2/grub.cfg
48241 ··stat:48241 ··stat:
48242 ····path:·/boot/grub2/grub.cfg48242 ····path:·/boot/grub2/grub.cfg
48243 ··register:·file_exists48243 ··register:·file_exists
48244 ··when:48244 ··when:
48245 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
48246 ··-·'"grub2-common"·in·ansible_facts.packages'48245 ··-·'"grub2-common"·in·ansible_facts.packages'
 48246 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
48247 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]48247 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
48248 ··tags:48248 ··tags:
48249 ··-·CJIS-5.5.2.248249 ··-·CJIS-5.5.2.2
48250 ··-·NIST-800-171-3.4.548250 ··-·NIST-800-171-3.4.5
48251 ··-·NIST-800-53-AC-6(1)48251 ··-·NIST-800-53-AC-6(1)
48252 ··-·NIST-800-53-CM-6(a)48252 ··-·NIST-800-53-CM-6(a)
48253 ··-·PCI-DSS-Req-7.148253 ··-·PCI-DSS-Req-7.1
Offset 48260, 16 lines modifiedOffset 48260, 16 lines modified
48260 ··-·no_reboot_needed48260 ··-·no_reboot_needed
  
48261 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg48261 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
48262 ··file:48262 ··file:
48263 ····path:·/boot/grub2/grub.cfg48263 ····path:·/boot/grub2/grub.cfg
48264 ····group:·'0'48264 ····group:·'0'
48265 ··when:48265 ··when:
48266 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
48267 ··-·'"grub2-common"·in·ansible_facts.packages'48266 ··-·'"grub2-common"·in·ansible_facts.packages'
 48267 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
48268 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]48268 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
48269 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists48269 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
48270 ··tags:48270 ··tags:
48271 ··-·CJIS-5.5.2.248271 ··-·CJIS-5.5.2.2
48272 ··-·NIST-800-171-3.4.548272 ··-·NIST-800-171-3.4.5
48273 ··-·NIST-800-53-AC-6(1)48273 ··-·NIST-800-53-AC-6(1)
48274 ··-·NIST-800-53-CM-6(a)48274 ··-·NIST-800-53-CM-6(a)
Offset 48281, 15 lines modifiedOffset 48281, 15 lines modified
48281 ··-·medium_severity48281 ··-·medium_severity
48282 ··-·no_reboot_needed48282 ··-·no_reboot_needed
48283 Remediation_Shell_script_⇲48283 Remediation_Shell_script_⇲
48284 Complexity:·low48284 Complexity:·low
48285 Disruption:·low48285 Disruption:·low
48286 Strategy:···configure48286 Strategy:···configure
48287 #·Remediation·is·applicable·only·in·certain·platforms48287 #·Remediation·is·applicable·only·in·certain·platforms
48288 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then48288 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
48289 chgrp·0·/boot/grub2/grub.cfg48289 chgrp·0·/boot/grub2/grub.cfg
  
48290 else48290 else
48291 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'48291 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
48292 fi48292 fi
48293 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***48293 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 48320, 16 lines modifiedOffset 48320, 16 lines modified
48320 ··-·no_reboot_needed48320 ··-·no_reboot_needed
  
48321 -·name:·Test·for·existence·/boot/grub2/grub.cfg48321 -·name:·Test·for·existence·/boot/grub2/grub.cfg
48322 ··stat:48322 ··stat:
48323 ····path:·/boot/grub2/grub.cfg48323 ····path:·/boot/grub2/grub.cfg
48324 ··register:·file_exists48324 ··register:·file_exists
48325 ··when:48325 ··when:
48326 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
48327 ··-·'"grub2-common"·in·ansible_facts.packages'48326 ··-·'"grub2-common"·in·ansible_facts.packages'
 48327 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
48328 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]48328 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
48329 ··tags:48329 ··tags:
48330 ··-·CJIS-5.5.2.248330 ··-·CJIS-5.5.2.2
48331 ··-·NIST-800-171-3.4.548331 ··-·NIST-800-171-3.4.5
48332 ··-·NIST-800-53-AC-6(1)48332 ··-·NIST-800-53-AC-6(1)
48333 ··-·NIST-800-53-CM-6(a)48333 ··-·NIST-800-53-CM-6(a)
48334 ··-·PCI-DSS-Req-7.148334 ··-·PCI-DSS-Req-7.1
Offset 48341, 16 lines modifiedOffset 48341, 16 lines modified
48341 ··-·no_reboot_needed48341 ··-·no_reboot_needed
  
48342 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg48342 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
48343 ··file:48343 ··file:
48344 ····path:·/boot/grub2/grub.cfg48344 ····path:·/boot/grub2/grub.cfg
48345 ····owner:·'0'48345 ····owner:·'0'
48346 ··when:48346 ··when:
48347 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
48348 ··-·'"grub2-common"·in·ansible_facts.packages'48347 ··-·'"grub2-common"·in·ansible_facts.packages'
 48348 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
48349 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]48349 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
48350 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists48350 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
48351 ··tags:48351 ··tags:
48352 ··-·CJIS-5.5.2.248352 ··-·CJIS-5.5.2.2
48353 ··-·NIST-800-171-3.4.548353 ··-·NIST-800-171-3.4.5
48354 ··-·NIST-800-53-AC-6(1)48354 ··-·NIST-800-53-AC-6(1)
48355 ··-·NIST-800-53-CM-6(a)48355 ··-·NIST-800-53-CM-6(a)
Offset 48362, 15 lines modifiedOffset 48362, 15 lines modified
48362 ··-·medium_severity48362 ··-·medium_severity
48363 ··-·no_reboot_needed48363 ··-·no_reboot_needed
48364 Remediation_Shell_script_⇲48364 Remediation_Shell_script_⇲
48365 Complexity:·low48365 Complexity:·low
48366 Disruption:·low48366 Disruption:·low
48367 Strategy:···configure48367 Strategy:···configure
48368 #·Remediation·is·applicable·only·in·certain·platforms48368 #·Remediation·is·applicable·only·in·certain·platforms
48369 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then48369 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
48370 chown·0·/boot/grub2/grub.cfg48370 chown·0·/boot/grub2/grub.cfg
  
48371 else48371 else
48372 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'48372 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
48373 fi48373 fi
48374 ***·Rule  ·Set·Boot·Loader·Password·in·grub2·  [ref]·***48374 ***·Rule  ·Set·Boot·Loader·Password·in·grub2·  [ref]·***
15.2 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-pci-dss.html
    
Offset 192426, 22 lines modifiedOffset 192426, 22 lines modified
002efa90:·2054·6573·7420·666f·7220·6578·6973·7465···Test·for·existe002efa90:·2054·6573·7420·666f·7220·6578·6973·7465···Test·for·existe
002efaa0:·6e63·6520·2f62·6f6f·742f·6772·7562·322f··nce·/boot/grub2/002efaa0:·6e63·6520·2f62·6f6f·742f·6772·7562·322f··nce·/boot/grub2/
002efab0:·6772·7562·2e63·6667·0a20·2073·7461·743a··grub.cfg.··stat:002efab0:·6772·7562·2e63·6667·0a20·2073·7461·743a··grub.cfg.··stat:
002efac0:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot002efac0:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot
002efad0:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.002efad0:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.
002efae0:·2020·7265·6769·7374·6572·3a20·6669·6c65····register:·file002efae0:·2020·7265·6769·7374·6572·3a20·6669·6c65····register:·file
002efaf0:·5f65·7869·7374·730a·2020·7768·656e·3a0a··_exists.··when:.002efaf0:·5f65·7869·7374·730a·2020·7768·656e·3a0a··_exists.··when:.
002efb00:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi" 
002efb10:·206e·6f74·2069·6e20·616e·7369·626c·655f···not·in·ansible_ 
002efb20:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att 
002efb30:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")· 
002efb40:·7c20·6c69·7374·270a·2020·2d20·2722·6772··|·list'.··-·'"gr 
002efb50:·7562·322d·636f·6d6d·6f6e·2220·696e·2061··ub2-common"·in·a 
002efb60:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac002efb00:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm
 002efb10:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f
 002efb20:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
 002efb30:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"·
 002efb40:·6e6f·7420·696e·2061·6e73·6962·6c65·5f6d··not·in·ansible_m
 002efb50:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr
 002efb60:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·|
002efb70:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib002efb70:·206c·6973·7427·0a20·202d·2061·6e73·6962···list'.··-·ansib
002efb80:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio002efb80:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio
002efb90:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["002efb90:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["
002efba0:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·002efba0:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·
002efbb0:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma002efbb0:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma
002efbc0:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]002efbc0:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]
002efbd0:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI002efbd0:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI
002efbe0:·532d·352e·352e·322e·320a·2020·2d20·4e49··S-5.5.2.2.··-·NI002efbe0:·532d·352e·352e·322e·320a·2020·2d20·4e49··S-5.5.2.2.··-·NI
Offset 192462, 22 lines modifiedOffset 192462, 22 lines modified
002efcd0:·3a20·456e·7375·7265·2067·726f·7570·206f··:·Ensure·group·o002efcd0:·3a20·456e·7375·7265·2067·726f·7570·206f··:·Ensure·group·o
002efce0:·776e·6572·2030·206f·6e20·2f62·6f6f·742f··wner·0·on·/boot/002efce0:·776e·6572·2030·206f·6e20·2f62·6f6f·742f··wner·0·on·/boot/
002efcf0:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·002efcf0:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·
002efd00:·2066·696c·653a·0a20·2020·2070·6174·683a···file:.····path:002efd00:·2066·696c·653a·0a20·2020·2070·6174·683a···file:.····path:
002efd10:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru002efd10:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
002efd20:·622e·6366·670a·2020·2020·6772·6f75·703a··b.cfg.····group:002efd20:·622e·6366·670a·2020·2020·6772·6f75·703a··b.cfg.····group:
002efd30:·2027·3027·0a20·2077·6865·6e3a·0a20·202d···'0'.··when:.··-002efd30:·2027·3027·0a20·2077·6865·6e3a·0a20·202d···'0'.··when:.··-
002efd40:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no 
002efd50:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou 
002efd60:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib 
002efd70:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l 
002efd80:·6973·7427·0a20·202d·2027·2267·7275·6232··ist'.··-·'"grub2 
002efd90:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi 
002efda0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag002efd40:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common"
 002efd50:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 002efd60:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·
 002efd70:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not
 002efd80:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun
 002efd90:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu
 002efda0:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li
002efdb0:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_002efdb0:·7374·270a·2020·2d20·616e·7369·626c·655f··st'.··-·ansible_
002efdc0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t002efdc0:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
002efdd0:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc002efdd0:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
002efde0:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op002efde0:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
002efdf0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",002efdf0:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
002efe00:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··002efe00:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
002efe10:·2d20·6669·6c65·5f65·7869·7374·732e·7374··-·file_exists.st002efe10:·2d20·6669·6c65·5f65·7869·7374·732e·7374··-·file_exists.st
002efe20:·6174·2069·7320·6465·6669·6e65·6420·616e··at·is·defined·an002efe20:·6174·2069·7320·6465·6669·6e65·6420·616e··at·is·defined·an
Offset 192527, 19 lines modifiedOffset 192527, 19 lines modified
002f00e0:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy002f00e0:·3c74·723e·3c74·683e·5374·7261·7465·6779··<tr><th>Strategy
002f00f0:·3a3c·2f74·683e·3c74·643e·636f·6e66·6967··:</th><td>config002f00f0:·3a3c·2f74·683e·3c74·643e·636f·6e66·6967··:</th><td>config
002f0100:·7572·653c·2f74·643e·3c2f·7472·3e3c·2f74··ure</td></tr></t002f0100:·7572·653c·2f74·643e·3c2f·7472·3e3c·2f74··ure</td></tr></t
002f0110:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>002f0110:·6162·6c65·3e3c·7072·653e·3c63·6f64·653e··able><pre><code>
002f0120:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is002f0120:·2320·5265·6d65·6469·6174·696f·6e20·6973··#·Remediation·is
002f0130:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only002f0130:·2061·7070·6c69·6361·626c·6520·6f6e·6c79···applicable·only
002f0140:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat002f0140:·2069·6e20·6365·7274·6169·6e20·706c·6174···in·certain·plat
002f0150:·666f·726d·730a·6966·205b·2021·202d·6620··forms.if·[·!·-f·002f0150:·666f·726d·730a·6966·2072·706d·202d·2d71··forms.if·rpm·--q
002f0160:·2f73·7973·2f66·6972·6d77·6172·652f·6566··/sys/firmware/ef 
002f0170:·6920·5d20·2661·6d70·3b26·616d·703b·2072··i·]·&amp;&amp;·r 
002f0180:·706d·202d·2d71·7569·6574·202d·7120·6772··pm·--quiet·-q·gr 
002f0190:·7562·322d·636f·6d6d·6f6e·2026·616d·703b··ub2-common·&amp;002f0160:·7569·6574·202d·7120·6772·7562·322d·636f··uiet·-q·grub2-co
 002f0170:·6d6d·6f6e·2026·616d·703b·2661·6d70·3b20··mmon·&amp;&amp;·
 002f0180:·5b20·2120·2d66·202f·7379·732f·6669·726d··[·!·-f·/sys/firm
 002f0190:·7761·7265·2f65·6669·205d·2026·616d·703b··ware/efi·]·&amp;
002f01a0:·2661·6d70·3b20·7b20·5b20·2120·2d66·202f··&amp;·{·[·!·-f·/002f01a0:·2661·6d70·3b20·7b20·5b20·2120·2d66·202f··&amp;·{·[·!·-f·/
002f01b0:·2e64·6f63·6b65·7265·6e76·205d·2026·616d··.dockerenv·]·&am002f01b0:·2e64·6f63·6b65·7265·6e76·205d·2026·616d··.dockerenv·]·&am
002f01c0:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/002f01c0:·703b·2661·6d70·3b20·5b20·2120·2d66·202f··p;&amp;·[·!·-f·/
002f01d0:·7275·6e2f·2e63·6f6e·7461·696e·6572·656e··run/.containeren002f01d0:·7275·6e2f·2e63·6f6e·7461·696e·6572·656e··run/.containeren
002f01e0:·7620·5d3b·207d·3b20·7468·656e·0a0a·6368··v·];·};·then..ch002f01e0:·7620·5d3b·207d·3b20·7468·656e·0a0a·6368··v·];·};·then..ch
002f01f0:·6772·7020·3020·2f62·6f6f·742f·6772·7562··grp·0·/boot/grub002f01f0:·6772·7020·3020·2f62·6f6f·742f·6772·7562··grp·0·/boot/grub
002f0200:·322f·6772·7562·2e63·6667·0a0a·656c·7365··2/grub.cfg..else002f0200:·322f·6772·7562·2e63·6667·0a0a·656c·7365··2/grub.cfg..else
Offset 193005, 22 lines modifiedOffset 193005, 22 lines modified
002f1ec0:·206e·616d·653a·2054·6573·7420·666f·7220···name:·Test·for·002f1ec0:·206e·616d·653a·2054·6573·7420·666f·7220···name:·Test·for·
002f1ed0:·6578·6973·7465·6e63·6520·2f62·6f6f·742f··existence·/boot/002f1ed0:·6578·6973·7465·6e63·6520·2f62·6f6f·742f··existence·/boot/
002f1ee0:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·002f1ee0:·6772·7562·322f·6772·7562·2e63·6667·0a20··grub2/grub.cfg.·
002f1ef0:·2073·7461·743a·0a20·2020·2070·6174·683a···stat:.····path:002f1ef0:·2073·7461·743a·0a20·2020·2070·6174·683a···stat:.····path:
002f1f00:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru002f1f00:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
002f1f10:·622e·6366·670a·2020·7265·6769·7374·6572··b.cfg.··register002f1f10:·622e·6366·670a·2020·7265·6769·7374·6572··b.cfg.··register
002f1f20:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··002f1f20:·3a20·6669·6c65·5f65·7869·7374·730a·2020··:·file_exists.··
002f1f30:·7768·656e·3a0a·2020·2d20·2722·2f62·6f6f··when:.··-·'"/boo002f1f30:·7768·656e·3a0a·2020·2d20·2722·6772·7562··when:.··-·'"grub
002f1f40:·742f·6566·6922·206e·6f74·2069·6e20·616e··t/efi"·not·in·an 
002f1f50:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m 
002f1f60:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo 
002f1f70:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.·· 
002f1f80:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common 
002f1f90:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac 
002f1fa0:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-002f1f40:·322d·636f·6d6d·6f6e·2220·696e·2061·6e73··2-common"·in·ans
 002f1f50:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
 002f1f60:·6765·7327·0a20·202d·2027·222f·626f·6f74··ges'.··-·'"/boot
 002f1f70:·2f65·6669·2220·6e6f·7420·696e·2061·6e73··/efi"·not·in·ans
 002f1f80:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma
 002f1f90:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou
 002f1fa0:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··-
002f1fb0:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual002f1fb0:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
002f1fc0:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not002f1fc0:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
002f1fd0:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"002f1fd0:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
002f1fe0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·002f1fe0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
002f1ff0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta002f1ff0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
002f2000:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·002f2000:·696e·6572·225d·0a20·2074·6167·733a·0a20··iner"].··tags:.·
002f2010:·202d·2043·4a49·532d·352e·352e·322e·320a···-·CJIS-5.5.2.2.002f2010:·202d·2043·4a49·532d·352e·352e·322e·320a···-·CJIS-5.5.2.2.
Offset 193040, 22 lines modifiedOffset 193040, 22 lines modified
002f20f0:·6f74·5f6e·6565·6465·640a·0a2d·206e·616d··ot_needed..-·nam002f20f0:·6f74·5f6e·6565·6465·640a·0a2d·206e·616d··ot_needed..-·nam
002f2100:·653a·2045·6e73·7572·6520·6f77·6e65·7220··e:·Ensure·owner·002f2100:·653a·2045·6e73·7572·6520·6f77·6e65·7220··e:·Ensure·owner·
002f2110:·3020·6f6e·202f·626f·6f74·2f67·7275·6232··0·on·/boot/grub2002f2110:·3020·6f6e·202f·626f·6f74·2f67·7275·6232··0·on·/boot/grub2
002f2120:·2f67·7275·622e·6366·670a·2020·6669·6c65··/grub.cfg.··file002f2120:·2f67·7275·622e·6366·670a·2020·6669·6c65··/grub.cfg.··file
002f2130:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo002f2130:·3a0a·2020·2020·7061·7468·3a20·2f62·6f6f··:.····path:·/boo
002f2140:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg002f2140:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg
002f2150:·0a20·2020·206f·776e·6572·3a20·2730·270a··.····owner:·'0'.002f2150:·0a20·2020·206f·776e·6572·3a20·2730·270a··.····owner:·'0'.
002f2160:·2020·7768·656e·3a0a·2020·2d20·2722·2f62····when:.··-·'"/b002f2160:·2020·7768·656e·3a0a·2020·2d20·2722·6772····when:.··-·'"gr
002f2170:·6f6f·742f·6566·6922·206e·6f74·2069·6e20··oot/efi"·not·in· 
002f2180:·616e·7369·626c·655f·6d6f·756e·7473·207c··ansible_mounts·| 
002f2190:·206d·6170·2861·7474·7269·6275·7465·3d22···map(attribute=" 
002f21a0:·6d6f·756e·7422·2920·7c20·6c69·7374·270a··mount")·|·list'. 
002f21b0:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm 
002f21c0:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f 
002f21d0:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·002f2170:·7562·322d·636f·6d6d·6f6e·2220·696e·2061··ub2-common"·in·a
 002f2180:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac
 002f2190:·6b61·6765·7327·0a20·202d·2027·222f·626f··kages'.··-·'"/bo
Max diff block lines reached; 2098/11760 bytes (17.84%) of diff not shown.
3.6 KB
html2text {}
    
Offset 44623, 16 lines modifiedOffset 44623, 16 lines modified
44623 ··-·no_reboot_needed44623 ··-·no_reboot_needed
  
44624 -·name:·Test·for·existence·/boot/grub2/grub.cfg44624 -·name:·Test·for·existence·/boot/grub2/grub.cfg
44625 ··stat:44625 ··stat:
44626 ····path:·/boot/grub2/grub.cfg44626 ····path:·/boot/grub2/grub.cfg
44627 ··register:·file_exists44627 ··register:·file_exists
44628 ··when:44628 ··when:
44629 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
44630 ··-·'"grub2-common"·in·ansible_facts.packages'44629 ··-·'"grub2-common"·in·ansible_facts.packages'
 44630 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
44631 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]44631 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
44632 ··tags:44632 ··tags:
44633 ··-·CJIS-5.5.2.244633 ··-·CJIS-5.5.2.2
44634 ··-·NIST-800-171-3.4.544634 ··-·NIST-800-171-3.4.5
44635 ··-·NIST-800-53-AC-6(1)44635 ··-·NIST-800-53-AC-6(1)
44636 ··-·NIST-800-53-CM-6(a)44636 ··-·NIST-800-53-CM-6(a)
44637 ··-·PCI-DSS-Req-7.144637 ··-·PCI-DSS-Req-7.1
Offset 44644, 16 lines modifiedOffset 44644, 16 lines modified
44644 ··-·no_reboot_needed44644 ··-·no_reboot_needed
  
44645 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg44645 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
44646 ··file:44646 ··file:
44647 ····path:·/boot/grub2/grub.cfg44647 ····path:·/boot/grub2/grub.cfg
44648 ····group:·'0'44648 ····group:·'0'
44649 ··when:44649 ··when:
44650 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
44651 ··-·'"grub2-common"·in·ansible_facts.packages'44650 ··-·'"grub2-common"·in·ansible_facts.packages'
 44651 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
44652 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]44652 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
44653 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists44653 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
44654 ··tags:44654 ··tags:
44655 ··-·CJIS-5.5.2.244655 ··-·CJIS-5.5.2.2
44656 ··-·NIST-800-171-3.4.544656 ··-·NIST-800-171-3.4.5
44657 ··-·NIST-800-53-AC-6(1)44657 ··-·NIST-800-53-AC-6(1)
44658 ··-·NIST-800-53-CM-6(a)44658 ··-·NIST-800-53-CM-6(a)
Offset 44665, 15 lines modifiedOffset 44665, 15 lines modified
44665 ··-·medium_severity44665 ··-·medium_severity
44666 ··-·no_reboot_needed44666 ··-·no_reboot_needed
44667 Remediation_Shell_script_⇲44667 Remediation_Shell_script_⇲
44668 Complexity:·low44668 Complexity:·low
44669 Disruption:·low44669 Disruption:·low
44670 Strategy:···configure44670 Strategy:···configure
44671 #·Remediation·is·applicable·only·in·certain·platforms44671 #·Remediation·is·applicable·only·in·certain·platforms
44672 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then44672 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
44673 chgrp·0·/boot/grub2/grub.cfg44673 chgrp·0·/boot/grub2/grub.cfg
  
44674 else44674 else
44675 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'44675 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
44676 fi44676 fi
44677 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***44677 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 44704, 16 lines modifiedOffset 44704, 16 lines modified
44704 ··-·no_reboot_needed44704 ··-·no_reboot_needed
  
44705 -·name:·Test·for·existence·/boot/grub2/grub.cfg44705 -·name:·Test·for·existence·/boot/grub2/grub.cfg
44706 ··stat:44706 ··stat:
44707 ····path:·/boot/grub2/grub.cfg44707 ····path:·/boot/grub2/grub.cfg
44708 ··register:·file_exists44708 ··register:·file_exists
44709 ··when:44709 ··when:
44710 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
44711 ··-·'"grub2-common"·in·ansible_facts.packages'44710 ··-·'"grub2-common"·in·ansible_facts.packages'
 44711 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
44712 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]44712 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
44713 ··tags:44713 ··tags:
44714 ··-·CJIS-5.5.2.244714 ··-·CJIS-5.5.2.2
44715 ··-·NIST-800-171-3.4.544715 ··-·NIST-800-171-3.4.5
44716 ··-·NIST-800-53-AC-6(1)44716 ··-·NIST-800-53-AC-6(1)
44717 ··-·NIST-800-53-CM-6(a)44717 ··-·NIST-800-53-CM-6(a)
44718 ··-·PCI-DSS-Req-7.144718 ··-·PCI-DSS-Req-7.1
Offset 44725, 16 lines modifiedOffset 44725, 16 lines modified
44725 ··-·no_reboot_needed44725 ··-·no_reboot_needed
  
44726 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg44726 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
44727 ··file:44727 ··file:
44728 ····path:·/boot/grub2/grub.cfg44728 ····path:·/boot/grub2/grub.cfg
44729 ····owner:·'0'44729 ····owner:·'0'
44730 ··when:44730 ··when:
44731 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
44732 ··-·'"grub2-common"·in·ansible_facts.packages'44731 ··-·'"grub2-common"·in·ansible_facts.packages'
 44732 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
44733 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]44733 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
44734 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists44734 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
44735 ··tags:44735 ··tags:
44736 ··-·CJIS-5.5.2.244736 ··-·CJIS-5.5.2.2
44737 ··-·NIST-800-171-3.4.544737 ··-·NIST-800-171-3.4.5
44738 ··-·NIST-800-53-AC-6(1)44738 ··-·NIST-800-53-AC-6(1)
44739 ··-·NIST-800-53-CM-6(a)44739 ··-·NIST-800-53-CM-6(a)
Offset 44746, 15 lines modifiedOffset 44746, 15 lines modified
44746 ··-·medium_severity44746 ··-·medium_severity
44747 ··-·no_reboot_needed44747 ··-·no_reboot_needed
44748 Remediation_Shell_script_⇲44748 Remediation_Shell_script_⇲
44749 Complexity:·low44749 Complexity:·low
44750 Disruption:·low44750 Disruption:·low
44751 Strategy:···configure44751 Strategy:···configure
44752 #·Remediation·is·applicable·only·in·certain·platforms44752 #·Remediation·is·applicable·only·in·certain·platforms
44753 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then44753 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
44754 chown·0·/boot/grub2/grub.cfg44754 chown·0·/boot/grub2/grub.cfg
  
44755 else44755 else
44756 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'44756 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
44757 fi44757 fi
44758 Group  ·Configure·Syslog·  Group·contains·2·groups·and·4·rules44758 Group  ·Configure·Syslog·  Group·contains·2·groups·and·4·rules
22.8 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-rht-ccp.html
    
Offset 44578, 22 lines modifiedOffset 44578, 22 lines modified
000ae210:·2d20·6e61·6d65·3a20·5465·7374·2066·6f72··-·name:·Test·for000ae210:·2d20·6e61·6d65·3a20·5465·7374·2066·6f72··-·name:·Test·for
000ae220:·2065·7869·7374·656e·6365·202f·626f·6f74···existence·/boot000ae220:·2065·7869·7374·656e·6365·202f·626f·6f74···existence·/boot
000ae230:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.000ae230:·2f67·7275·6232·2f67·7275·622e·6366·670a··/grub2/grub.cfg.
000ae240:·2020·7374·6174·3a0a·2020·2020·7061·7468····stat:.····path000ae240:·2020·7374·6174·3a0a·2020·2020·7061·7468····stat:.····path
000ae250:·3a20·2f62·6f6f·742f·6772·7562·322f·6772··:·/boot/grub2/gr000ae250:·3a20·2f62·6f6f·742f·6772·7562·322f·6772··:·/boot/grub2/gr
000ae260:·7562·2e63·6667·0a20·2072·6567·6973·7465··ub.cfg.··registe000ae260:·7562·2e63·6667·0a20·2072·6567·6973·7465··ub.cfg.··registe
000ae270:·723a·2066·696c·655f·6578·6973·7473·0a20··r:·file_exists.·000ae270:·723a·2066·696c·655f·6578·6973·7473·0a20··r:·file_exists.·
000ae280:·2077·6865·6e3a·0a20·202d·2027·222f·626f···when:.··-·'"/bo000ae280:·2077·6865·6e3a·0a20·202d·2027·2267·7275···when:.··-·'"gru
000ae290:·6f74·2f65·6669·2220·6e6f·7420·696e·2061··ot/efi"·not·in·a 
000ae2a0:·6e73·6962·6c65·5f6d·6f75·6e74·7320·7c20··nsible_mounts·|· 
000ae2b0:·6d61·7028·6174·7472·6962·7574·653d·226d··map(attribute="m 
000ae2c0:·6f75·6e74·2229·207c·206c·6973·7427·0a20··ount")·|·list'.· 
000ae2d0:·202d·2027·2267·7275·6232·2d63·6f6d·6d6f···-·'"grub2-commo 
000ae2e0:·6e22·2069·6e20·616e·7369·626c·655f·6661··n"·in·ansible_fa 
000ae2f0:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··000ae290:·6232·2d63·6f6d·6d6f·6e22·2069·6e20·616e··b2-common"·in·an
 000ae2a0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
 000ae2b0:·6167·6573·270a·2020·2d20·2722·2f62·6f6f··ages'.··-·'"/boo
 000ae2c0:·742f·6566·6922·206e·6f74·2069·6e20·616e··t/efi"·not·in·an
 000ae2d0:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m
 000ae2e0:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo
 000ae2f0:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.··
000ae300:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua000ae300:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
000ae310:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no000ae310:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
000ae320:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·000ae320:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
000ae330:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",000ae330:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
000ae340:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont000ae340:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
000ae350:·6169·6e65·7222·5d0a·2020·7461·6773·3a0a··ainer"].··tags:.000ae350:·6169·6e65·7222·5d0a·2020·7461·6773·3a0a··ainer"].··tags:.
000ae360:·2020·2d20·434a·4953·2d35·2e35·2e32·2e32····-·CJIS-5.5.2.2000ae360:·2020·2d20·434a·4953·2d35·2e35·2e32·2e32····-·CJIS-5.5.2.2
Offset 44614, 22 lines modifiedOffset 44614, 22 lines modified
000ae450:·0a2d·206e·616d·653a·2045·6e73·7572·6520··.-·name:·Ensure·000ae450:·0a2d·206e·616d·653a·2045·6e73·7572·6520··.-·name:·Ensure·
000ae460:·6772·6f75·7020·6f77·6e65·7220·3020·6f6e··group·owner·0·on000ae460:·6772·6f75·7020·6f77·6e65·7220·3020·6f6e··group·owner·0·on
000ae470:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru000ae470:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
000ae480:·622e·6366·670a·2020·6669·6c65·3a0a·2020··b.cfg.··file:.··000ae480:·622e·6366·670a·2020·6669·6c65·3a0a·2020··b.cfg.··file:.··
000ae490:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr000ae490:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr
000ae4a0:·7562·322f·6772·7562·2e63·6667·0a20·2020··ub2/grub.cfg.···000ae4a0:·7562·322f·6772·7562·2e63·6667·0a20·2020··ub2/grub.cfg.···
000ae4b0:·2067·726f·7570·3a20·2730·270a·2020·7768···group:·'0'.··wh000ae4b0:·2067·726f·7570·3a20·2730·270a·2020·7768···group:·'0'.··wh
000ae4c0:·656e·3a0a·2020·2d20·2722·2f62·6f6f·742f··en:.··-·'"/boot/000ae4c0:·656e·3a0a·2020·2d20·2722·6772·7562·322d··en:.··-·'"grub2-
000ae4d0:·6566·6922·206e·6f74·2069·6e20·616e·7369··efi"·not·in·ansi 
000ae4e0:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map 
000ae4f0:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun 
000ae500:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-· 
000ae510:·2722·6772·7562·322d·636f·6d6d·6f6e·2220··'"grub2-common"· 
000ae520:·696e·2061·6e73·6962·6c65·5f66·6163·7473··in·ansible_facts 
000ae530:·2e70·6163·6b61·6765·7327·0a20·202d·2061··.packages'.··-·a000ae4d0:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib
 000ae4e0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
 000ae4f0:·7327·0a20·202d·2027·222f·626f·6f74·2f65··s'.··-·'"/boot/e
 000ae500:·6669·2220·6e6f·7420·696e·2061·6e73·6962··fi"·not·in·ansib
 000ae510:·6c65·5f6d·6f75·6e74·7320·7c20·6d61·7028··le_mounts·|·map(
 000ae520:·6174·7472·6962·7574·653d·226d·6f75·6e74··attribute="mount
 000ae530:·2229·207c·206c·6973·7427·0a20·202d·2061··")·|·list'.··-·a
000ae540:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz000ae540:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
000ae550:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i000ae550:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
000ae560:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx000ae560:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
000ae570:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p000ae570:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
000ae580:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain000ae580:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
000ae590:·6572·225d·0a20·202d·2066·696c·655f·6578··er"].··-·file_ex000ae590:·6572·225d·0a20·202d·2066·696c·655f·6578··er"].··-·file_ex
000ae5a0:·6973·7473·2e73·7461·7420·6973·2064·6566··ists.stat·is·def000ae5a0:·6973·7473·2e73·7461·7420·6973·2064·6566··ists.stat·is·def
Offset 44680, 19 lines modifiedOffset 44680, 19 lines modified
000ae870:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td000ae870:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td
000ae880:·3e63·6f6e·6669·6775·7265·3c2f·7464·3e3c··>configure</td><000ae880:·3e63·6f6e·6669·6775·7265·3c2f·7464·3e3c··>configure</td><
000ae890:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre000ae890:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre
000ae8a0:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia000ae8a0:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia
000ae8b0:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab000ae8b0:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab
000ae8c0:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa000ae8c0:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa
000ae8d0:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·000ae8d0:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·
000ae8e0:·5b20·2120·2d66·202f·7379·732f·6669·726d··[·!·-f·/sys/firm 
000ae8f0:·7761·7265·2f65·6669·205d·2026·616d·703b··ware/efi·]·&amp; 
000ae900:·2661·6d70·3b20·7270·6d20·2d2d·7175·6965··&amp;·rpm·--quie 
000ae910:·7420·2d71·2067·7275·6232·2d63·6f6d·6d6f··t·-q·grub2-commo000ae8e0:·7270·6d20·2d2d·7175·6965·7420·2d71·2067··rpm·--quiet·-q·g
 000ae8f0:·7275·6232·2d63·6f6d·6d6f·6e20·2661·6d70··rub2-common·&amp
 000ae900:·3b26·616d·703b·205b·2021·202d·6620·2f73··;&amp;·[·!·-f·/s
 000ae910:·7973·2f66·6972·6d77·6172·652f·6566·6920··ys/firmware/efi·
000ae920:·6e20·2661·6d70·3b26·616d·703b·207b·205b··n·&amp;&amp;·{·[000ae920:·5d20·2661·6d70·3b26·616d·703b·207b·205b··]·&amp;&amp;·{·[
000ae930:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren000ae930:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren
000ae940:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[000ae940:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[
000ae950:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont000ae950:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont
000ae960:·6169·6e65·7265·6e76·205d·3b20·7d3b·2074··ainerenv·];·};·t000ae960:·6169·6e65·7265·6e76·205d·3b20·7d3b·2074··ainerenv·];·};·t
000ae970:·6865·6e0a·0a63·6867·7270·2030·202f·626f··hen..chgrp·0·/bo000ae970:·6865·6e0a·0a63·6867·7270·2030·202f·626f··hen..chgrp·0·/bo
000ae980:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf000ae980:·6f74·2f67·7275·6232·2f67·7275·622e·6366··ot/grub2/grub.cf
000ae990:·670a·0a65·6c73·650a·2020·2020·2667·743b··g..else.····&gt;000ae990:·670a·0a65·6c73·650a·2020·2020·2667·743b··g..else.····&gt;
Offset 45158, 22 lines modifiedOffset 45158, 22 lines modified
000b0650:·7374·2066·6f72·2065·7869·7374·656e·6365··st·for·existence000b0650:·7374·2066·6f72·2065·7869·7374·656e·6365··st·for·existence
000b0660:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru000b0660:·202f·626f·6f74·2f67·7275·6232·2f67·7275···/boot/grub2/gru
000b0670:·622e·6366·670a·2020·7374·6174·3a0a·2020··b.cfg.··stat:.··000b0670:·622e·6366·670a·2020·7374·6174·3a0a·2020··b.cfg.··stat:.··
000b0680:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr000b0680:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr
000b0690:·7562·322f·6772·7562·2e63·6667·0a20·2072··ub2/grub.cfg.··r000b0690:·7562·322f·6772·7562·2e63·6667·0a20·2072··ub2/grub.cfg.··r
000b06a0:·6567·6973·7465·723a·2066·696c·655f·6578··egister:·file_ex000b06a0:·6567·6973·7465·723a·2066·696c·655f·6578··egister:·file_ex
000b06b0:·6973·7473·0a20·2077·6865·6e3a·0a20·202d··ists.··when:.··-000b06b0:·6973·7473·0a20·2077·6865·6e3a·0a20·202d··ists.··when:.··-
000b06c0:·2027·222f·626f·6f74·2f65·6669·2220·6e6f···'"/boot/efi"·no 
000b06d0:·7420·696e·2061·6e73·6962·6c65·5f6d·6f75··t·in·ansible_mou 
000b06e0:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib 
000b06f0:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l 
000b0700:·6973·7427·0a20·202d·2027·2267·7275·6232··ist'.··-·'"grub2 
000b0710:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi 
000b0720:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag000b06c0:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common"
 000b06d0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact
 000b06e0:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·
 000b06f0:·2722·2f62·6f6f·742f·6566·6922·206e·6f74··'"/boot/efi"·not
 000b0700:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun
 000b0710:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu
 000b0720:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li
000b0730:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_000b0730:·7374·270a·2020·2d20·616e·7369·626c·655f··st'.··-·ansible_
000b0740:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t000b0740:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
000b0750:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc000b0750:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
000b0760:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op000b0760:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
000b0770:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",000b0770:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
000b0780:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··000b0780:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
000b0790:·7461·6773·3a0a·2020·2d20·434a·4953·2d35··tags:.··-·CJIS-5000b0790:·7461·6773·3a0a·2020·2d20·434a·4953·2d35··tags:.··-·CJIS-5
000b07a0:·2e35·2e32·2e32·0a20·202d·204e·4953·542d··.5.2.2.··-·NIST-000b07a0:·2e35·2e32·2e32·0a20·202d·204e·4953·542d··.5.2.2.··-·NIST-
Offset 45193, 22 lines modifiedOffset 45193, 22 lines modified
000b0880:·0a0a·2d20·6e61·6d65·3a20·456e·7375·7265··..-·name:·Ensure000b0880:·0a0a·2d20·6e61·6d65·3a20·456e·7375·7265··..-·name:·Ensure
000b0890:·206f·776e·6572·2030·206f·6e20·2f62·6f6f···owner·0·on·/boo000b0890:·206f·776e·6572·2030·206f·6e20·2f62·6f6f···owner·0·on·/boo
000b08a0:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg000b08a0:·742f·6772·7562·322f·6772·7562·2e63·6667··t/grub2/grub.cfg
000b08b0:·0a20·2066·696c·653a·0a20·2020·2070·6174··.··file:.····pat000b08b0:·0a20·2066·696c·653a·0a20·2020·2070·6174··.··file:.····pat
000b08c0:·683a·202f·626f·6f74·2f67·7275·6232·2f67··h:·/boot/grub2/g000b08c0:·683a·202f·626f·6f74·2f67·7275·6232·2f67··h:·/boot/grub2/g
000b08d0:·7275·622e·6366·670a·2020·2020·6f77·6e65··rub.cfg.····owne000b08d0:·7275·622e·6366·670a·2020·2020·6f77·6e65··rub.cfg.····owne
000b08e0:·723a·2027·3027·0a20·2077·6865·6e3a·0a20··r:·'0'.··when:.·000b08e0:·723a·2027·3027·0a20·2077·6865·6e3a·0a20··r:·'0'.··when:.·
000b08f0:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"· 
000b0900:·6e6f·7420·696e·2061·6e73·6962·6c65·5f6d··not·in·ansible_m 
000b0910:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr 
000b0920:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·| 
000b0930:·206c·6973·7427·0a20·202d·2027·2267·7275···list'.··-·'"gru 
000b0940:·6232·2d63·6f6d·6d6f·6e22·2069·6e20·616e··b2-common"·in·an 
000b0950:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack000b08f0:·202d·2027·2267·7275·6232·2d63·6f6d·6d6f···-·'"grub2-commo
 000b0900:·6e22·2069·6e20·616e·7369·626c·655f·6661··n"·in·ansible_fa
 000b0910:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
 000b0920:·2d20·2722·2f62·6f6f·742f·6566·6922·206e··-·'"/boot/efi"·n
Max diff block lines reached; 7970/17622 bytes (45.23%) of diff not shown.
5.44 KB
html2text {}
    
Offset 4816, 16 lines modifiedOffset 4816, 16 lines modified
4816 ··-·no_reboot_needed4816 ··-·no_reboot_needed
  
4817 -·name:·Test·for·existence·/boot/grub2/grub.cfg4817 -·name:·Test·for·existence·/boot/grub2/grub.cfg
4818 ··stat:4818 ··stat:
4819 ····path:·/boot/grub2/grub.cfg4819 ····path:·/boot/grub2/grub.cfg
4820 ··register:·file_exists4820 ··register:·file_exists
4821 ··when:4821 ··when:
4822 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
4823 ··-·'"grub2-common"·in·ansible_facts.packages'4822 ··-·'"grub2-common"·in·ansible_facts.packages'
 4823 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
4824 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4824 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4825 ··tags:4825 ··tags:
4826 ··-·CJIS-5.5.2.24826 ··-·CJIS-5.5.2.2
4827 ··-·NIST-800-171-3.4.54827 ··-·NIST-800-171-3.4.5
4828 ··-·NIST-800-53-AC-6(1)4828 ··-·NIST-800-53-AC-6(1)
4829 ··-·NIST-800-53-CM-6(a)4829 ··-·NIST-800-53-CM-6(a)
4830 ··-·PCI-DSS-Req-7.14830 ··-·PCI-DSS-Req-7.1
Offset 4837, 16 lines modifiedOffset 4837, 16 lines modified
4837 ··-·no_reboot_needed4837 ··-·no_reboot_needed
  
4838 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg4838 -·name:·Ensure·group·owner·0·on·/boot/grub2/grub.cfg
4839 ··file:4839 ··file:
4840 ····path:·/boot/grub2/grub.cfg4840 ····path:·/boot/grub2/grub.cfg
4841 ····group:·'0'4841 ····group:·'0'
4842 ··when:4842 ··when:
4843 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
4844 ··-·'"grub2-common"·in·ansible_facts.packages'4843 ··-·'"grub2-common"·in·ansible_facts.packages'
 4844 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
4845 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4845 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4846 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists4846 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
4847 ··tags:4847 ··tags:
4848 ··-·CJIS-5.5.2.24848 ··-·CJIS-5.5.2.2
4849 ··-·NIST-800-171-3.4.54849 ··-·NIST-800-171-3.4.5
4850 ··-·NIST-800-53-AC-6(1)4850 ··-·NIST-800-53-AC-6(1)
4851 ··-·NIST-800-53-CM-6(a)4851 ··-·NIST-800-53-CM-6(a)
Offset 4858, 15 lines modifiedOffset 4858, 15 lines modified
4858 ··-·medium_severity4858 ··-·medium_severity
4859 ··-·no_reboot_needed4859 ··-·no_reboot_needed
4860 Remediation_Shell_script_⇲4860 Remediation_Shell_script_⇲
4861 Complexity:·low4861 Complexity:·low
4862 Disruption:·low4862 Disruption:·low
4863 Strategy:···configure4863 Strategy:···configure
4864 #·Remediation·is·applicable·only·in·certain·platforms4864 #·Remediation·is·applicable·only·in·certain·platforms
4865 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then4865 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
4866 chgrp·0·/boot/grub2/grub.cfg4866 chgrp·0·/boot/grub2/grub.cfg
  
4867 else4867 else
4868 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'4868 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
4869 fi4869 fi
4870 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***4870 ***·Rule  ·Verify·/boot/grub2/grub.cfg·User·Ownership·  [ref]·***
Offset 4897, 16 lines modifiedOffset 4897, 16 lines modified
4897 ··-·no_reboot_needed4897 ··-·no_reboot_needed
  
4898 -·name:·Test·for·existence·/boot/grub2/grub.cfg4898 -·name:·Test·for·existence·/boot/grub2/grub.cfg
4899 ··stat:4899 ··stat:
4900 ····path:·/boot/grub2/grub.cfg4900 ····path:·/boot/grub2/grub.cfg
4901 ··register:·file_exists4901 ··register:·file_exists
4902 ··when:4902 ··when:
4903 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
4904 ··-·'"grub2-common"·in·ansible_facts.packages'4903 ··-·'"grub2-common"·in·ansible_facts.packages'
 4904 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
4905 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4905 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4906 ··tags:4906 ··tags:
4907 ··-·CJIS-5.5.2.24907 ··-·CJIS-5.5.2.2
4908 ··-·NIST-800-171-3.4.54908 ··-·NIST-800-171-3.4.5
4909 ··-·NIST-800-53-AC-6(1)4909 ··-·NIST-800-53-AC-6(1)
4910 ··-·NIST-800-53-CM-6(a)4910 ··-·NIST-800-53-CM-6(a)
4911 ··-·PCI-DSS-Req-7.14911 ··-·PCI-DSS-Req-7.1
Offset 4918, 16 lines modifiedOffset 4918, 16 lines modified
4918 ··-·no_reboot_needed4918 ··-·no_reboot_needed
  
4919 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg4919 -·name:·Ensure·owner·0·on·/boot/grub2/grub.cfg
4920 ··file:4920 ··file:
4921 ····path:·/boot/grub2/grub.cfg4921 ····path:·/boot/grub2/grub.cfg
4922 ····owner:·'0'4922 ····owner:·'0'
4923 ··when:4923 ··when:
4924 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
4925 ··-·'"grub2-common"·in·ansible_facts.packages'4924 ··-·'"grub2-common"·in·ansible_facts.packages'
 4925 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
4926 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4926 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4927 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists4927 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
4928 ··tags:4928 ··tags:
4929 ··-·CJIS-5.5.2.24929 ··-·CJIS-5.5.2.2
4930 ··-·NIST-800-171-3.4.54930 ··-·NIST-800-171-3.4.5
4931 ··-·NIST-800-53-AC-6(1)4931 ··-·NIST-800-53-AC-6(1)
4932 ··-·NIST-800-53-CM-6(a)4932 ··-·NIST-800-53-CM-6(a)
Offset 4939, 15 lines modifiedOffset 4939, 15 lines modified
4939 ··-·medium_severity4939 ··-·medium_severity
4940 ··-·no_reboot_needed4940 ··-·no_reboot_needed
4941 Remediation_Shell_script_⇲4941 Remediation_Shell_script_⇲
4942 Complexity:·low4942 Complexity:·low
4943 Disruption:·low4943 Disruption:·low
4944 Strategy:···configure4944 Strategy:···configure
4945 #·Remediation·is·applicable·only·in·certain·platforms4945 #·Remediation·is·applicable·only·in·certain·platforms
4946 if·[·!·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then4946 if·rpm·--quiet·-q·grub2-common·&&·[·!·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
4947 chown·0·/boot/grub2/grub.cfg4947 chown·0·/boot/grub2/grub.cfg
  
4948 else4948 else
4949 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'4949 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
4950 fi4950 fi
4951 ***·Rule  ·Verify·/boot/grub2/grub.cfg·Permissions·  [ref]·***4951 ***·Rule  ·Verify·/boot/grub2/grub.cfg·Permissions·  [ref]·***
Offset 4976, 16 lines modifiedOffset 4976, 16 lines modified
4976 ··-·no_reboot_needed4976 ··-·no_reboot_needed
  
4977 -·name:·Test·for·existence·/boot/grub2/grub.cfg4977 -·name:·Test·for·existence·/boot/grub2/grub.cfg
4978 ··stat:4978 ··stat:
4979 ····path:·/boot/grub2/grub.cfg4979 ····path:·/boot/grub2/grub.cfg
4980 ··register:·file_exists4980 ··register:·file_exists
4981 ··when:4981 ··when:
4982 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list' 
4983 ··-·'"grub2-common"·in·ansible_facts.packages'4982 ··-·'"grub2-common"·in·ansible_facts.packages'
 4983 ··-·'"/boot/efi"·not·in·ansible_mounts·|·map(attribute="mount")·|·list'
4984 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]4984 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
4985 ··tags:4985 ··tags:
4986 ··-·NIST-800-171-3.4.54986 ··-·NIST-800-171-3.4.5
4987 ··-·NIST-800-53-AC-6(1)4987 ··-·NIST-800-53-AC-6(1)
4988 ··-·NIST-800-53-CM-6(a)4988 ··-·NIST-800-53-CM-6(a)
4989 ··-·configure_strategy4989 ··-·configure_strategy
4990 ··-·file_permissions_grub2_cfg4990 ··-·file_permissions_grub2_cfg
Offset 4995, 16 lines modifiedOffset 4995, 16 lines modified
4995 ··-·no_reboot_needed4995 ··-·no_reboot_needed
  
4996 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg4996 -·name:·Ensure·permission·u-xs,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
4997 ··file:4997 ··file:
4998 ····path:·/boot/grub2/grub.cfg4998 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 1108/5548 bytes (19.97%) of diff not shown.
5.23 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-stig.html
    
Offset 350589, 23 lines modifiedOffset 350589, 23 lines modified
005597c0:·7472·6963·7469·6f6e·735c·732a·3d5c·732a··trictions\s*=\s*005597c0:·7472·6963·7469·6f6e·735c·732a·3d5c·732a··trictions\s*=\s*
005597d0:·0a20·2020·2020·206c·696e·653a·2073·6d74··.······line:·smt005597d0:·0a20·2020·2020·206c·696e·653a·2073·6d74··.······line:·smt
005597e0:·7064·5f63·6c69·656e·745f·7265·7374·7269··pd_client_restri005597e0:·7064·5f63·6c69·656e·745f·7265·7374·7269··pd_client_restri
005597f0:·6374·696f·6e73·203d·2070·6572·6d69·745f··ctions·=·permit_005597f0:·6374·696f·6e73·203d·2070·6572·6d69·745f··ctions·=·permit_
00559800:·6d79·6e65·7477·6f72·6b73·2c72·656a·6563··mynetworks,rejec00559800:·6d79·6e65·7477·6f72·6b73·2c72·656a·6563··mynetworks,rejec
00559810:·740a·2020·2020·2020·7374·6174·653a·2070··t.······state:·p00559810:·740a·2020·2020·2020·7374·6174·653a·2070··t.······state:·p
00559820:·7265·7365·6e74·0a20·2077·6865·6e3a·0a20··resent.··when:.·00559820:·7265·7365·6e74·0a20·2077·6865·6e3a·0a20··resent.··when:.·
00559830:·202d·2027·2270·6f73·7466·6978·2220·696e···-·'"postfix"·in 
00559840:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p 
00559850:·6163·6b61·6765·7327·0a20·202d·2061·6e73··ackages'.··-·ans 
00559860:·6962·6c65·5f76·6972·7475·616c·697a·6174··ible_virtualizat 
00559870:·696f·6e5f·7479·7065·206e·6f74·2069·6e20··ion_type·not·in· 
00559880:·5b22·646f·636b·6572·222c·2022·6c78·6322··["docker",·"lxc" 
00559890:·2c20·226f·7065·6e76·7a22·2c20·2270·6f64··,·"openvz",·"pod 
005598a0:·6d61·6e22·2c20·2263·6f6e·7461·696e·6572··man",·"container00559830:·202d·2061·6e73·6962·6c65·5f76·6972·7475···-·ansible_virtu
 00559840:·616c·697a·6174·696f·6e5f·7479·7065·206e··alization_type·n
 00559850:·6f74·2069·6e20·5b22·646f·636b·6572·222c··ot·in·["docker",
 00559860:·2022·6c78·6322·2c20·226f·7065·6e76·7a22···"lxc",·"openvz"
 00559870:·2c20·2270·6f64·6d61·6e22·2c20·2263·6f6e··,·"podman",·"con
 00559880:·7461·696e·6572·225d·0a20·202d·2027·2270··tainer"].··-·'"p
 00559890:·6f73·7466·6978·2220·696e·2061·6e73·6962··ostfix"·in·ansib
 005598a0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
005598b0:·225d·0a20·2074·6167·733a·0a20·202d·2044··"].··tags:.··-·D005598b0:·7327·0a20·2074·6167·733a·0a20·202d·2044··s'.··tags:.··-·D
005598c0:·4953·412d·5354·4947·2d52·4845·4c2d·3038··ISA-STIG-RHEL-08005598c0:·4953·412d·5354·4947·2d52·4845·4c2d·3038··ISA-STIG-RHEL-08
005598d0:·2d30·3430·3239·300a·2020·2d20·6c6f·775f··-040290.··-·low_005598d0:·2d30·3430·3239·300a·2020·2d20·6c6f·775f··-040290.··-·low_
005598e0:·636f·6d70·6c65·7869·7479·0a20·202d·206c··complexity.··-·l005598e0:·636f·6d70·6c65·7869·7479·0a20·202d·206c··complexity.··-·l
005598f0:·6f77·5f64·6973·7275·7074·696f·6e0a·2020··ow_disruption.··005598f0:·6f77·5f64·6973·7275·7074·696f·6e0a·2020··ow_disruption.··
00559900:·2d20·6d65·6469·756d·5f73·6576·6572·6974··-·medium_severit00559900:·2d20·6d65·6469·756d·5f73·6576·6572·6974··-·medium_severit
00559910:·790a·2020·2d20·6e6f·5f72·6562·6f6f·745f··y.··-·no_reboot_00559910:·790a·2020·2d20·6e6f·5f72·6562·6f6f·745f··y.··-·no_reboot_
00559920:·6e65·6564·6564·0a20·202d·2070·6f73·7466··needed.··-·postf00559920:·6e65·6564·6564·0a20·202d·2070·6f73·7466··needed.··-·postf
Offset 350629, 20 lines modifiedOffset 350629, 20 lines modified
00559a40:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col00559a40:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col
00559a50:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·00559a50:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·
00559a60:·6964·3d22·6964·6d37·3238·3533·223e·3c70··id="idm72853"><p00559a60:·6964·3d22·6964·6d37·3238·3533·223e·3c70··id="idm72853"><p
00559a70:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed00559a70:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed
00559a80:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic00559a80:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic
00559a90:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer00559a90:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer
00559aa0:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i00559aa0:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i
00559ab0:·6620·7270·6d20·2d2d·7175·6965·7420·2d71··f·rpm·--quiet·-q 
00559ac0:·2070·6f73·7466·6978·2026·616d·703b·2661···postfix·&amp;&a 
00559ad0:·6d70·3b20·5b20·2120·2d66·202f·2e64·6f63··mp;·[·!·-f·/.doc00559ab0:·6620·5b20·2120·2d66·202f·2e64·6f63·6b65··f·[·!·-f·/.docke
00559ae0:·6b65·7265·6e76·205d·2026·616d·703b·2661··kerenv·]·&amp;&a00559ac0:·7265·6e76·205d·2026·616d·703b·2661·6d70··renv·]·&amp;&amp
00559af0:·6d70·3b20·5b20·2120·2d66·202f·7275·6e2f··mp;·[·!·-f·/run/00559ad0:·3b20·5b20·2120·2d66·202f·7275·6e2f·2e63··;·[·!·-f·/run/.c
00559b00:·2e63·6f6e·7461·696e·6572·656e·7620·5d3b··.containerenv·];00559ae0:·6f6e·7461·696e·6572·656e·7620·5d20·2661··ontainerenv·]·&a
 00559af0:·6d70·3b26·616d·703b·2072·706d·202d·2d71··mp;&amp;·rpm·--q
 00559b00:·7569·6574·202d·7120·706f·7374·6669·783b··uiet·-q·postfix;
00559b10:·2074·6865·6e0a·0a69·6620·2120·6772·6570···then..if·!·grep00559b10:·2074·6865·6e0a·0a69·6620·2120·6772·6570···then..if·!·grep
00559b20:·202d·7120·5e73·6d74·7064·5f63·6c69·656e···-q·^smtpd_clien00559b20:·202d·7120·5e73·6d74·7064·5f63·6c69·656e···-q·^smtpd_clien
00559b30:·745f·7265·7374·7269·6374·696f·6e73·202f··t_restrictions·/00559b30:·745f·7265·7374·7269·6374·696f·6e73·202f··t_restrictions·/
00559b40:·6574·632f·706f·7374·6669·782f·6d61·696e··etc/postfix/main00559b40:·6574·632f·706f·7374·6669·782f·6d61·696e··etc/postfix/main
00559b50:·2e63·663b·2074·6865·6e0a·0965·6368·6f20··.cf;·then..echo·00559b50:·2e63·663b·2074·6865·6e0a·0965·6368·6f20··.cf;·then..echo·
00559b60:·2273·6d74·7064·5f63·6c69·656e·745f·7265··"smtpd_client_re00559b60:·2273·6d74·7064·5f63·6c69·656e·745f·7265··"smtpd_client_re
00559b70:·7374·7269·6374·696f·6e73·203d·2070·6572··strictions·=·per00559b70:·7374·7269·6374·696f·6e73·203d·2070·6572··strictions·=·per
1.15 KB
html2text {}
    
Offset 74696, 27 lines modifiedOffset 74696, 27 lines modified
74696 ····lineinfile:74696 ····lineinfile:
74697 ······path:·/etc/postfix/main.cf74697 ······path:·/etc/postfix/main.cf
74698 ······create:·true74698 ······create:·true
74699 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*74699 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
74700 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject74700 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject
74701 ······state:·present74701 ······state:·present
74702 ··when:74702 ··when:
74703 ··-·'"postfix"·in·ansible_facts.packages' 
74704 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]74703 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 74704 ··-·'"postfix"·in·ansible_facts.packages'
74705 ··tags:74705 ··tags:
74706 ··-·DISA-STIG-RHEL-08-04029074706 ··-·DISA-STIG-RHEL-08-040290
74707 ··-·low_complexity74707 ··-·low_complexity
74708 ··-·low_disruption74708 ··-·low_disruption
74709 ··-·medium_severity74709 ··-·medium_severity
74710 ··-·no_reboot_needed74710 ··-·no_reboot_needed
74711 ··-·postfix_prevent_unrestricted_relay74711 ··-·postfix_prevent_unrestricted_relay
74712 ··-·restrict_strategy74712 ··-·restrict_strategy
74713 Remediation_Shell_script_⇲74713 Remediation_Shell_script_⇲
74714 #·Remediation·is·applicable·only·in·certain·platforms74714 #·Remediation·is·applicable·only·in·certain·platforms
74715 if·rpm·--quiet·-q·postfix·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then74715 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·postfix;·then
  
74716 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then74716 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then
74717 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf74717 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf
74718 else74718 else
74719 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf74719 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf
74720 fi74720 fi
  
5.37 KB
./usr/share/doc/ssg-nondebian/ssg-centos8-guide-stig_gui.html
    
Offset 350299, 23 lines modifiedOffset 350299, 23 lines modified
005585a0:·5f63·6c69·656e·745f·7265·7374·7269·6374··_client_restrict005585a0:·5f63·6c69·656e·745f·7265·7374·7269·6374··_client_restrict
005585b0:·696f·6e73·5c73·2a3d·5c73·2a0a·2020·2020··ions\s*=\s*.····005585b0:·696f·6e73·5c73·2a3d·5c73·2a0a·2020·2020··ions\s*=\s*.····
005585c0:·2020·6c69·6e65·3a20·736d·7470·645f·636c····line:·smtpd_cl005585c0:·2020·6c69·6e65·3a20·736d·7470·645f·636c····line:·smtpd_cl
005585d0:·6965·6e74·5f72·6573·7472·6963·7469·6f6e··ient_restriction005585d0:·6965·6e74·5f72·6573·7472·6963·7469·6f6e··ient_restriction
005585e0:·7320·3d20·7065·726d·6974·5f6d·796e·6574··s·=·permit_mynet005585e0:·7320·3d20·7065·726d·6974·5f6d·796e·6574··s·=·permit_mynet
005585f0:·776f·726b·732c·7265·6a65·6374·0a20·2020··works,reject.···005585f0:·776f·726b·732c·7265·6a65·6374·0a20·2020··works,reject.···
00558600:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen00558600:·2020·2073·7461·7465·3a20·7072·6573·656e·····state:·presen
00558610:·740a·2020·7768·656e·3a0a·2020·2d20·2722··t.··when:.··-·'"00558610:·740a·2020·7768·656e·3a0a·2020·2d20·616e··t.··when:.··-·an
00558620:·706f·7374·6669·7822·2069·6e20·616e·7369··postfix"·in·ansi 
00558630:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag 
00558640:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_ 
00558650:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t 
00558660:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc 
00558670:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op 
00558680:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman", 
00558690:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··00558620:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
 00558630:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
 00558640:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
 00558650:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
 00558660:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
 00558670:·7222·5d0a·2020·2d20·2722·706f·7374·6669··r"].··-·'"postfi
 00558680:·7822·2069·6e20·616e·7369·626c·655f·6661··x"·in·ansible_fa
 00558690:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
005586a0:·7461·6773·3a0a·2020·2d20·4449·5341·2d53··tags:.··-·DISA-S005586a0:·7461·6773·3a0a·2020·2d20·4449·5341·2d53··tags:.··-·DISA-S
005586b0:·5449·472d·5248·454c·2d30·382d·3034·3032··TIG-RHEL-08-0402005586b0:·5449·472d·5248·454c·2d30·382d·3034·3032··TIG-RHEL-08-0402
005586c0:·3930·0a20·202d·206c·6f77·5f63·6f6d·706c··90.··-·low_compl005586c0:·3930·0a20·202d·206c·6f77·5f63·6f6d·706c··90.··-·low_compl
005586d0:·6578·6974·790a·2020·2d20·6c6f·775f·6469··exity.··-·low_di005586d0:·6578·6974·790a·2020·2d20·6c6f·775f·6469··exity.··-·low_di
005586e0:·7372·7570·7469·6f6e·0a20·202d·206d·6564··sruption.··-·med005586e0:·7372·7570·7469·6f6e·0a20·202d·206d·6564··sruption.··-·med
005586f0:·6975·6d5f·7365·7665·7269·7479·0a20·202d··ium_severity.··-005586f0:·6975·6d5f·7365·7665·7269·7479·0a20·202d··ium_severity.··-
00558700:·206e·6f5f·7265·626f·6f74·5f6e·6565·6465···no_reboot_neede00558700:·206e·6f5f·7265·626f·6f74·5f6e·6565·6465···no_reboot_neede
Offset 350339, 21 lines modifiedOffset 350339, 21 lines modified
00558820:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class00558820:·613e·3c62·723e·3c64·6976·2063·6c61·7373··a><br><div·class
00558830:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse00558830:·3d22·7061·6e65·6c2d·636f·6c6c·6170·7365··="panel-collapse
00558840:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i00558840:·2063·6f6c·6c61·7073·6522·2069·643d·2269···collapse"·id="i
00558850:·646d·3732·3835·3322·3e3c·7072·653e·3c63··dm72853"><pre><c00558850:·646d·3732·3835·3322·3e3c·7072·653e·3c63··dm72853"><pre><c
00558860:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio00558860:·6f64·653e·2320·5265·6d65·6469·6174·696f··ode>#·Remediatio
00558870:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·00558870:·6e20·6973·2061·7070·6c69·6361·626c·6520··n·is·applicable·
00558880:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·00558880:·6f6e·6c79·2069·6e20·6365·7274·6169·6e20··only·in·certain·
00558890:·706c·6174·666f·726d·730a·6966·2072·706d··platforms.if·rpm00558890:·706c·6174·666f·726d·730a·6966·205b·2021··platforms.if·[·!
005588a0:·202d·2d71·7569·6574·202d·7120·706f·7374···--quiet·-q·post 
005588b0:·6669·7820·2661·6d70·3b26·616d·703b·205b··fix·&amp;&amp;·[ 
005588c0:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren005588a0:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·
005588d0:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[005588b0:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!
005588e0:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont005588c0:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai
005588f0:·6169·6e65·7265·6e76·205d·3b20·7468·656e··ainerenv·];·then005588d0:·6e65·7265·6e76·205d·2026·616d·703b·2661··nerenv·]·&amp;&a
 005588e0:·6d70·3b20·7270·6d20·2d2d·7175·6965·7420··mp;·rpm·--quiet·
 005588f0:·2d71·2070·6f73·7466·6978·3b20·7468·656e··-q·postfix;·then
00558900:·0a0a·6966·2021·2067·7265·7020·2d71·205e··..if·!·grep·-q·^00558900:·0a0a·6966·2021·2067·7265·7020·2d71·205e··..if·!·grep·-q·^
00558910:·736d·7470·645f·636c·6965·6e74·5f72·6573··smtpd_client_res00558910:·736d·7470·645f·636c·6965·6e74·5f72·6573··smtpd_client_res
00558920:·7472·6963·7469·6f6e·7320·2f65·7463·2f70··trictions·/etc/p00558920:·7472·6963·7469·6f6e·7320·2f65·7463·2f70··trictions·/etc/p
00558930:·6f73·7466·6978·2f6d·6169·6e2e·6366·3b20··ostfix/main.cf;·00558930:·6f73·7466·6978·2f6d·6169·6e2e·6366·3b20··ostfix/main.cf;·
00558940:·7468·656e·0a09·6563·686f·2022·736d·7470··then..echo·"smtp00558940:·7468·656e·0a09·6563·686f·2022·736d·7470··then..echo·"smtp
00558950:·645f·636c·6965·6e74·5f72·6573·7472·6963··d_client_restric00558950:·645f·636c·6965·6e74·5f72·6573·7472·6963··d_client_restric
00558960:·7469·6f6e·7320·3d20·7065·726d·6974·5f6d··tions·=·permit_m00558960:·7469·6f6e·7320·3d20·7065·726d·6974·5f6d··tions·=·permit_m
1.15 KB
html2text {}
    
Offset 74645, 27 lines modifiedOffset 74645, 27 lines modified
74645 ····lineinfile:74645 ····lineinfile:
74646 ······path:·/etc/postfix/main.cf74646 ······path:·/etc/postfix/main.cf
74647 ······create:·true74647 ······create:·true
74648 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*74648 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
74649 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject74649 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject
74650 ······state:·present74650 ······state:·present
74651 ··when:74651 ··when:
74652 ··-·'"postfix"·in·ansible_facts.packages' 
74653 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]74652 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 74653 ··-·'"postfix"·in·ansible_facts.packages'
74654 ··tags:74654 ··tags:
74655 ··-·DISA-STIG-RHEL-08-04029074655 ··-·DISA-STIG-RHEL-08-040290
74656 ··-·low_complexity74656 ··-·low_complexity
74657 ··-·low_disruption74657 ··-·low_disruption
74658 ··-·medium_severity74658 ··-·medium_severity
74659 ··-·no_reboot_needed74659 ··-·no_reboot_needed
74660 ··-·postfix_prevent_unrestricted_relay74660 ··-·postfix_prevent_unrestricted_relay
74661 ··-·restrict_strategy74661 ··-·restrict_strategy
74662 Remediation_Shell_script_⇲74662 Remediation_Shell_script_⇲
74663 #·Remediation·is·applicable·only·in·certain·platforms74663 #·Remediation·is·applicable·only·in·certain·platforms
74664 if·rpm·--quiet·-q·postfix·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then74664 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·postfix;·then
  
74665 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then74665 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then
74666 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf74666 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf
74667 else74667 else
74668 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf74668 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf
74669 fi74669 fi
  
29.7 KB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-cis.html
    
Offset 186674, 22 lines modifiedOffset 186674, 22 lines modified
002d9310:·0a0a·2d20·6e61·6d65·3a20·5465·7374·2066··..-·name:·Test·f002d9310:·0a0a·2d20·6e61·6d65·3a20·5465·7374·2066··..-·name:·Test·f
002d9320:·6f72·2065·7869·7374·656e·6365·202f·626f··or·existence·/bo002d9320:·6f72·2065·7869·7374·656e·6365·202f·626f··or·existence·/bo
002d9330:·6f74·2f67·7275·6232·2f75·7365·722e·6366··ot/grub2/user.cf002d9330:·6f74·2f67·7275·6232·2f75·7365·722e·6366··ot/grub2/user.cf
002d9340:·670a·2020·7374·6174·3a0a·2020·2020·7061··g.··stat:.····pa002d9340:·670a·2020·7374·6174·3a0a·2020·2020·7061··g.··stat:.····pa
002d9350:·7468·3a20·2f62·6f6f·742f·6772·7562·322f··th:·/boot/grub2/002d9350:·7468·3a20·2f62·6f6f·742f·6772·7562·322f··th:·/boot/grub2/
002d9360:·7573·6572·2e63·6667·0a20·2072·6567·6973··user.cfg.··regis002d9360:·7573·6572·2e63·6667·0a20·2072·6567·6973··user.cfg.··regis
002d9370:·7465·723a·2066·696c·655f·6578·6973·7473··ter:·file_exists002d9370:·7465·723a·2066·696c·655f·6578·6973·7473··ter:·file_exists
002d9380:·0a20·2077·6865·6e3a·0a20·202d·2027·222f··.··when:.··-·'"/002d9380:·0a20·2077·6865·6e3a·0a20·202d·2027·2267··.··when:.··-·'"g
002d9390:·626f·6f74·2f65·6669·2220·696e·2061·6e73··boot/efi"·in·ans 
002d93a0:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma 
002d93b0:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou 
002d93c0:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··- 
002d93d0:·2027·2267·7275·6232·2d63·6f6d·6d6f·6e22···'"grub2-common"002d9390:·7275·6232·2d63·6f6d·6d6f·6e22·2069·6e20··rub2-common"·in·
002d93e0:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact002d93a0:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
002d93f0:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·002d93b0:·636b·6167·6573·270a·2020·2d20·2722·2f62··ckages'.··-·'"/b
 002d93c0:·6f6f·742f·6566·6922·2069·6e20·616e·7369··oot/efi"·in·ansi
 002d93d0:·626c·655f·6d6f·756e·7473·207c·206d·6170··ble_mounts·|·map
 002d93e0:·2861·7474·7269·6275·7465·3d22·6d6f·756e··(attribute="moun
 002d93f0:·7422·2920·7c20·6c69·7374·270a·2020·2d20··t")·|·list'.··-·
002d9400:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali002d9400:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
002d9410:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·002d9410:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
002d9420:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l002d9420:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
002d9430:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"002d9430:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
002d9440:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai002d9440:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
002d9450:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··002d9450:·6e65·7222·5d0a·2020·7461·6773·3a0a·2020··ner"].··tags:.··
002d9460:·2d20·434a·4953·2d35·2e35·2e32·2e32·0a20··-·CJIS-5.5.2.2.·002d9460:·2d20·434a·4953·2d35·2e35·2e32·2e32·0a20··-·CJIS-5.5.2.2.·
Offset 186710, 22 lines modifiedOffset 186710, 22 lines modified
002d9550:·0a0a·2d20·6e61·6d65·3a20·456e·7375·7265··..-·name:·Ensure002d9550:·0a0a·2d20·6e61·6d65·3a20·456e·7375·7265··..-·name:·Ensure
002d9560:·2067·726f·7570·206f·776e·6572·2030·206f···group·owner·0·o002d9560:·2067·726f·7570·206f·776e·6572·2030·206f···group·owner·0·o
002d9570:·6e20·2f62·6f6f·742f·6772·7562·322f·7573··n·/boot/grub2/us002d9570:·6e20·2f62·6f6f·742f·6772·7562·322f·7573··n·/boot/grub2/us
002d9580:·6572·2e63·6667·0a20·2066·696c·653a·0a20··er.cfg.··file:.·002d9580:·6572·2e63·6667·0a20·2066·696c·653a·0a20··er.cfg.··file:.·
002d9590:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g002d9590:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g
002d95a0:·7275·6232·2f75·7365·722e·6366·670a·2020··rub2/user.cfg.··002d95a0:·7275·6232·2f75·7365·722e·6366·670a·2020··rub2/user.cfg.··
002d95b0:·2020·6772·6f75·703a·2027·3027·0a20·2077····group:·'0'.··w002d95b0:·2020·6772·6f75·703a·2027·3027·0a20·2077····group:·'0'.··w
002d95c0:·6865·6e3a·0a20·202d·2027·222f·626f·6f74··hen:.··-·'"/boot002d95c0:·6865·6e3a·0a20·202d·2027·2267·7275·6232··hen:.··-·'"grub2
002d95d0:·2f65·6669·2220·696e·2061·6e73·6962·6c65··/efi"·in·ansible 
002d95e0:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at 
002d95f0:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount") 
002d9600:·207c·206c·6973·7427·0a20·202d·2027·2267···|·list'.··-·'"g 
002d9610:·7275·6232·2d63·6f6d·6d6f·6e22·2069·6e20··rub2-common"·in·002d95d0:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi
002d9620:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa002d95e0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
 002d95f0:·6573·270a·2020·2d20·2722·2f62·6f6f·742f··es'.··-·'"/boot/
 002d9600:·6566·6922·2069·6e20·616e·7369·626c·655f··efi"·in·ansible_
 002d9610:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att
 002d9620:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")·
002d9630:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi002d9630:·7c20·6c69·7374·270a·2020·2d20·616e·7369··|·list'.··-·ansi
002d9640:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati002d9640:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
002d9650:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[002d9650:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
002d9660:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",002d9660:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
002d9670:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm002d9670:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
002d9680:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"002d9680:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
002d9690:·5d0a·2020·2d20·6669·6c65·5f65·7869·7374··].··-·file_exist002d9690:·5d0a·2020·2d20·6669·6c65·5f65·7869·7374··].··-·file_exist
002d96a0:·732e·7374·6174·2069·7320·6465·6669·6e65··s.stat·is·define002d96a0:·732e·7374·6174·2069·7320·6465·6669·6e65··s.stat·is·define
Offset 186776, 18 lines modifiedOffset 186776, 18 lines modified
002d9970:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td002d9970:·7472·6174·6567·793a·3c2f·7468·3e3c·7464··trategy:</th><td
002d9980:·3e63·6f6e·6669·6775·7265·3c2f·7464·3e3c··>configure</td><002d9980:·3e63·6f6e·6669·6775·7265·3c2f·7464·3e3c··>configure</td><
002d9990:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre002d9990:·2f74·723e·3c2f·7461·626c·653e·3c70·7265··/tr></table><pre
002d99a0:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia002d99a0:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia
002d99b0:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab002d99b0:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab
002d99c0:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa002d99c0:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa
002d99d0:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·002d99d0:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·
002d99e0:·5b20·2d66·202f·7379·732f·6669·726d·7761··[·-f·/sys/firmwa 
002d99f0:·7265·2f65·6669·205d·2026·616d·703b·2661··re/efi·]·&amp;&a 
002d9a00:·6d70·3b20·7270·6d20·2d2d·7175·6965·7420··mp;·rpm·--quiet·002d99e0:·7270·6d20·2d2d·7175·6965·7420·2d71·2067··rpm·--quiet·-q·g
002d9a10:·2d71·2067·7275·6232·2d63·6f6d·6d6f·6e20··-q·grub2-common·002d99f0:·7275·6232·2d63·6f6d·6d6f·6e20·2661·6d70··rub2-common·&amp
 002d9a00:·3b26·616d·703b·205b·202d·6620·2f73·7973··;&amp;·[·-f·/sys
 002d9a10:·2f66·6972·6d77·6172·652f·6566·6920·5d20··/firmware/efi·]·
002d9a20:·2661·6d70·3b26·616d·703b·207b·205b·2021··&amp;&amp;·{·[·!002d9a20:·2661·6d70·3b26·616d·703b·207b·205b·2021··&amp;&amp;·{·[·!
002d9a30:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·002d9a30:·202d·6620·2f2e·646f·636b·6572·656e·7620···-f·/.dockerenv·
002d9a40:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!002d9a40:·5d20·2661·6d70·3b26·616d·703b·205b·2021··]·&amp;&amp;·[·!
002d9a50:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai002d9a50:·202d·6620·2f72·756e·2f2e·636f·6e74·6169···-f·/run/.contai
002d9a60:·6e65·7265·6e76·205d·3b20·7d3b·2074·6865··nerenv·];·};·the002d9a60:·6e65·7265·6e76·205d·3b20·7d3b·2074·6865··nerenv·];·};·the
002d9a70:·6e0a·0a63·6867·7270·2030·202f·626f·6f74··n..chgrp·0·/boot002d9a70:·6e0a·0a63·6867·7270·2030·202f·626f·6f74··n..chgrp·0·/boot
002d9a80:·2f67·7275·6232·2f75·7365·722e·6366·670a··/grub2/user.cfg.002d9a80:·2f67·7275·6232·2f75·7365·722e·6366·670a··/grub2/user.cfg.
Offset 187170, 21 lines modifiedOffset 187170, 21 lines modified
002db210:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc002db210:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc
002db220:·6520·2f62·6f6f·742f·6772·7562·322f·7573··e·/boot/grub2/us002db220:·6520·2f62·6f6f·742f·6772·7562·322f·7573··e·/boot/grub2/us
002db230:·6572·2e63·6667·0a20·2073·7461·743a·0a20··er.cfg.··stat:.·002db230:·6572·2e63·6667·0a20·2073·7461·743a·0a20··er.cfg.··stat:.·
002db240:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g002db240:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g
002db250:·7275·6232·2f75·7365·722e·6366·670a·2020··rub2/user.cfg.··002db250:·7275·6232·2f75·7365·722e·6366·670a·2020··rub2/user.cfg.··
002db260:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e002db260:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e
002db270:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··002db270:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··
002db280:·2d20·2722·2f62·6f6f·742f·6566·6922·2069··-·'"/boot/efi"·i 
002db290:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts 
002db2a0:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute 
002db2b0:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list 
002db2c0:·270a·2020·2d20·2722·6772·7562·322d·636f··'.··-·'"grub2-co002db280:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common
002db2d0:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible002db290:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
002db2e0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'002db2a0:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-
 002db2b0:·2027·222f·626f·6f74·2f65·6669·2220·696e···'"/boot/efi"·in
 002db2c0:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts·
 002db2d0:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute=
 002db2e0:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list'
002db2f0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir002db2f0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
002db300:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type002db300:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
002db310:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker002db310:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
002db320:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv002db320:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
002db330:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c002db330:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
002db340:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag002db340:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag
002db350:·733a·0a20·202d·2043·4a49·532d·352e·352e··s:.··-·CJIS-5.5.002db350:·733a·0a20·202d·2043·4a49·532d·352e·352e··s:.··-·CJIS-5.5.
Offset 187205, 21 lines modifiedOffset 187205, 21 lines modified
002db440:·0a0a·2d20·6e61·6d65·3a20·456e·7375·7265··..-·name:·Ensure002db440:·0a0a·2d20·6e61·6d65·3a20·456e·7375·7265··..-·name:·Ensure
002db450:·206f·776e·6572·2030·206f·6e20·2f62·6f6f···owner·0·on·/boo002db450:·206f·776e·6572·2030·206f·6e20·2f62·6f6f···owner·0·on·/boo
002db460:·742f·6772·7562·322f·7573·6572·2e63·6667··t/grub2/user.cfg002db460:·742f·6772·7562·322f·7573·6572·2e63·6667··t/grub2/user.cfg
002db470:·0a20·2066·696c·653a·0a20·2020·2070·6174··.··file:.····pat002db470:·0a20·2066·696c·653a·0a20·2020·2070·6174··.··file:.····pat
002db480:·683a·202f·626f·6f74·2f67·7275·6232·2f75··h:·/boot/grub2/u002db480:·683a·202f·626f·6f74·2f67·7275·6232·2f75··h:·/boot/grub2/u
002db490:·7365·722e·6366·670a·2020·2020·6f77·6e65··ser.cfg.····owne002db490:·7365·722e·6366·670a·2020·2020·6f77·6e65··ser.cfg.····owne
002db4a0:·723a·2027·3027·0a20·2077·6865·6e3a·0a20··r:·'0'.··when:.·002db4a0:·723a·2027·3027·0a20·2077·6865·6e3a·0a20··r:·'0'.··when:.·
002db4b0:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"· 
002db4c0:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount 
002db4d0:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut 
002db4e0:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis 
002db4f0:·7427·0a20·202d·2027·2267·7275·6232·2d63··t'.··-·'"grub2-c002db4b0:·202d·2027·2267·7275·6232·2d63·6f6d·6d6f···-·'"grub2-commo
002db500:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl002db4c0:·6e22·2069·6e20·616e·7369·626c·655f·6661··n"·in·ansible_fa
002db510:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages002db4d0:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
 002db4e0:·2d20·2722·2f62·6f6f·742f·6566·6922·2069··-·'"/boot/efi"·i
 002db4f0:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts
 002db500:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute
 002db510:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list
002db520:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi002db520:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
002db530:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ002db530:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
002db540:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke002db540:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
002db550:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open002db550:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
002db560:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"002db560:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
002db570:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·002db570:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·
002db580:·6669·6c65·5f65·7869·7374·732e·7374·6174··file_exists.stat002db580:·6669·6c65·5f65·7869·7374·732e·7374·6174··file_exists.stat
Offset 187270, 19 lines modifiedOffset 187270, 19 lines modified
Max diff block lines reached; 13140/22830 bytes (57.56%) of diff not shown.
7.25 KB
html2text {}
    
Offset 41738, 16 lines modifiedOffset 41738, 16 lines modified
41738 ··-·no_reboot_needed41738 ··-·no_reboot_needed
  
41739 -·name:·Test·for·existence·/boot/grub2/user.cfg41739 -·name:·Test·for·existence·/boot/grub2/user.cfg
41740 ··stat:41740 ··stat:
41741 ····path:·/boot/grub2/user.cfg41741 ····path:·/boot/grub2/user.cfg
41742 ··register:·file_exists41742 ··register:·file_exists
41743 ··when:41743 ··when:
41744 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41745 ··-·'"grub2-common"·in·ansible_facts.packages'41744 ··-·'"grub2-common"·in·ansible_facts.packages'
 41745 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
41746 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41746 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41747 ··tags:41747 ··tags:
41748 ··-·CJIS-5.5.2.241748 ··-·CJIS-5.5.2.2
41749 ··-·NIST-800-171-3.4.541749 ··-·NIST-800-171-3.4.5
41750 ··-·NIST-800-53-AC-6(1)41750 ··-·NIST-800-53-AC-6(1)
41751 ··-·NIST-800-53-CM-6(a)41751 ··-·NIST-800-53-CM-6(a)
41752 ··-·PCI-DSS-Req-7.141752 ··-·PCI-DSS-Req-7.1
Offset 41759, 16 lines modifiedOffset 41759, 16 lines modified
41759 ··-·no_reboot_needed41759 ··-·no_reboot_needed
  
41760 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg41760 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
41761 ··file:41761 ··file:
41762 ····path:·/boot/grub2/user.cfg41762 ····path:·/boot/grub2/user.cfg
41763 ····group:·'0'41763 ····group:·'0'
41764 ··when:41764 ··when:
41765 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41766 ··-·'"grub2-common"·in·ansible_facts.packages'41765 ··-·'"grub2-common"·in·ansible_facts.packages'
 41766 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
41767 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41767 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41768 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists41768 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
41769 ··tags:41769 ··tags:
41770 ··-·CJIS-5.5.2.241770 ··-·CJIS-5.5.2.2
41771 ··-·NIST-800-171-3.4.541771 ··-·NIST-800-171-3.4.5
41772 ··-·NIST-800-53-AC-6(1)41772 ··-·NIST-800-53-AC-6(1)
41773 ··-·NIST-800-53-CM-6(a)41773 ··-·NIST-800-53-CM-6(a)
Offset 41780, 15 lines modifiedOffset 41780, 15 lines modified
41780 ··-·medium_severity41780 ··-·medium_severity
41781 ··-·no_reboot_needed41781 ··-·no_reboot_needed
41782 Remediation_Shell_script_⇲41782 Remediation_Shell_script_⇲
41783 Complexity:·low41783 Complexity:·low
41784 Disruption:·low41784 Disruption:·low
41785 Strategy:···configure41785 Strategy:···configure
41786 #·Remediation·is·applicable·only·in·certain·platforms41786 #·Remediation·is·applicable·only·in·certain·platforms
41787 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then41787 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
41788 chgrp·0·/boot/grub2/user.cfg41788 chgrp·0·/boot/grub2/user.cfg
  
41789 else41789 else
41790 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'41790 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
41791 fi41791 fi
41792 ***·Rule  ·Verify·/boot/grub2/user.cfg·User·Ownership·  [ref]·***41792 ***·Rule  ·Verify·/boot/grub2/user.cfg·User·Ownership·  [ref]·***
Offset 41819, 16 lines modifiedOffset 41819, 16 lines modified
41819 ··-·no_reboot_needed41819 ··-·no_reboot_needed
  
41820 -·name:·Test·for·existence·/boot/grub2/user.cfg41820 -·name:·Test·for·existence·/boot/grub2/user.cfg
41821 ··stat:41821 ··stat:
41822 ····path:·/boot/grub2/user.cfg41822 ····path:·/boot/grub2/user.cfg
41823 ··register:·file_exists41823 ··register:·file_exists
41824 ··when:41824 ··when:
41825 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41826 ··-·'"grub2-common"·in·ansible_facts.packages'41825 ··-·'"grub2-common"·in·ansible_facts.packages'
 41826 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
41827 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41827 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41828 ··tags:41828 ··tags:
41829 ··-·CJIS-5.5.2.241829 ··-·CJIS-5.5.2.2
41830 ··-·NIST-800-171-3.4.541830 ··-·NIST-800-171-3.4.5
41831 ··-·NIST-800-53-AC-6(1)41831 ··-·NIST-800-53-AC-6(1)
41832 ··-·NIST-800-53-CM-6(a)41832 ··-·NIST-800-53-CM-6(a)
41833 ··-·PCI-DSS-Req-7.141833 ··-·PCI-DSS-Req-7.1
Offset 41840, 16 lines modifiedOffset 41840, 16 lines modified
41840 ··-·no_reboot_needed41840 ··-·no_reboot_needed
  
41841 -·name:·Ensure·owner·0·on·/boot/grub2/user.cfg41841 -·name:·Ensure·owner·0·on·/boot/grub2/user.cfg
41842 ··file:41842 ··file:
41843 ····path:·/boot/grub2/user.cfg41843 ····path:·/boot/grub2/user.cfg
41844 ····owner:·'0'41844 ····owner:·'0'
41845 ··when:41845 ··when:
41846 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41847 ··-·'"grub2-common"·in·ansible_facts.packages'41846 ··-·'"grub2-common"·in·ansible_facts.packages'
 41847 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
41848 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41848 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41849 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists41849 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
41850 ··tags:41850 ··tags:
41851 ··-·CJIS-5.5.2.241851 ··-·CJIS-5.5.2.2
41852 ··-·NIST-800-171-3.4.541852 ··-·NIST-800-171-3.4.5
41853 ··-·NIST-800-53-AC-6(1)41853 ··-·NIST-800-53-AC-6(1)
41854 ··-·NIST-800-53-CM-6(a)41854 ··-·NIST-800-53-CM-6(a)
Offset 41861, 15 lines modifiedOffset 41861, 15 lines modified
41861 ··-·medium_severity41861 ··-·medium_severity
41862 ··-·no_reboot_needed41862 ··-·no_reboot_needed
41863 Remediation_Shell_script_⇲41863 Remediation_Shell_script_⇲
41864 Complexity:·low41864 Complexity:·low
41865 Disruption:·low41865 Disruption:·low
41866 Strategy:···configure41866 Strategy:···configure
41867 #·Remediation·is·applicable·only·in·certain·platforms41867 #·Remediation·is·applicable·only·in·certain·platforms
41868 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then41868 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
41869 chown·0·/boot/grub2/user.cfg41869 chown·0·/boot/grub2/user.cfg
  
41870 else41870 else
41871 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'41871 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
41872 fi41872 fi
41873 ***·Rule  ·Verify·the·UEFI·Boot·Loader·grub.cfg·Permissions·  [ref]·***41873 ***·Rule  ·Verify·the·UEFI·Boot·Loader·grub.cfg·Permissions·  [ref]·***
Offset 41898, 16 lines modifiedOffset 41898, 16 lines modified
41898 ··-·no_reboot_needed41898 ··-·no_reboot_needed
  
41899 -·name:·Test·for·existence·/boot/grub2/grub.cfg41899 -·name:·Test·for·existence·/boot/grub2/grub.cfg
41900 ··stat:41900 ··stat:
41901 ····path:·/boot/grub2/grub.cfg41901 ····path:·/boot/grub2/grub.cfg
41902 ··register:·file_exists41902 ··register:·file_exists
41903 ··when:41903 ··when:
41904 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41905 ··-·'"grub2-common"·in·ansible_facts.packages'41904 ··-·'"grub2-common"·in·ansible_facts.packages'
 41905 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
41906 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41906 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41907 ··tags:41907 ··tags:
41908 ··-·NIST-800-171-3.4.541908 ··-·NIST-800-171-3.4.5
41909 ··-·NIST-800-53-AC-6(1)41909 ··-·NIST-800-53-AC-6(1)
41910 ··-·NIST-800-53-CM-6(a)41910 ··-·NIST-800-53-CM-6(a)
41911 ··-·configure_strategy41911 ··-·configure_strategy
41912 ··-·file_permissions_efi_grub2_cfg41912 ··-·file_permissions_efi_grub2_cfg
Offset 41917, 16 lines modifiedOffset 41917, 16 lines modified
41917 ··-·no_reboot_needed41917 ··-·no_reboot_needed
  
41918 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg41918 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
41919 ··file:41919 ··file:
41920 ····path:·/boot/grub2/grub.cfg41920 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 2985/7404 bytes (40.32%) of diff not shown.
29.8 KB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-cis_server_l1.html
    
Offset 61428, 21 lines modifiedOffset 61428, 21 lines modified
000eff30:·5465·7374·2066·6f72·2065·7869·7374·656e··Test·for·existen000eff30:·5465·7374·2066·6f72·2065·7869·7374·656e··Test·for·existen
000eff40:·6365·202f·626f·6f74·2f67·7275·6232·2f75··ce·/boot/grub2/u000eff40:·6365·202f·626f·6f74·2f67·7275·6232·2f75··ce·/boot/grub2/u
000eff50:·7365·722e·6366·670a·2020·7374·6174·3a0a··ser.cfg.··stat:.000eff50:·7365·722e·6366·670a·2020·7374·6174·3a0a··ser.cfg.··stat:.
000eff60:·2020·2020·7061·7468·3a20·2f62·6f6f·742f······path:·/boot/000eff60:·2020·2020·7061·7468·3a20·2f62·6f6f·742f······path:·/boot/
000eff70:·6772·7562·322f·7573·6572·2e63·6667·0a20··grub2/user.cfg.·000eff70:·6772·7562·322f·7573·6572·2e63·6667·0a20··grub2/user.cfg.·
000eff80:·2072·6567·6973·7465·723a·2066·696c·655f···register:·file_000eff80:·2072·6567·6973·7465·723a·2066·696c·655f···register:·file_
000eff90:·6578·6973·7473·0a20·2077·6865·6e3a·0a20··exists.··when:.·000eff90:·6578·6973·7473·0a20·2077·6865·6e3a·0a20··exists.··when:.·
000effa0:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"· 
000effb0:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount 
000effc0:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut 
000effd0:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis 
000effe0:·7427·0a20·202d·2027·2267·7275·6232·2d63··t'.··-·'"grub2-c000effa0:·202d·2027·2267·7275·6232·2d63·6f6d·6d6f···-·'"grub2-commo
000efff0:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl000effb0:·6e22·2069·6e20·616e·7369·626c·655f·6661··n"·in·ansible_fa
000f0000:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages000effc0:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··
 000effd0:·2d20·2722·2f62·6f6f·742f·6566·6922·2069··-·'"/boot/efi"·i
 000effe0:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts
 000efff0:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute
 000f0000:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list
000f0010:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi000f0010:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
000f0020:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ000f0020:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
000f0030:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke000f0030:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
000f0040:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open000f0040:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
000f0050:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"000f0050:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
000f0060:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta000f0060:·636f·6e74·6169·6e65·7222·5d0a·2020·7461··container"].··ta
000f0070:·6773·3a0a·2020·2d20·434a·4953·2d35·2e35··gs:.··-·CJIS-5.5000f0070:·6773·3a0a·2020·2d20·434a·4953·2d35·2e35··gs:.··-·CJIS-5.5
Offset 61464, 21 lines modifiedOffset 61464, 21 lines modified
000f0170:·456e·7375·7265·2067·726f·7570·206f·776e··Ensure·group·own000f0170:·456e·7375·7265·2067·726f·7570·206f·776e··Ensure·group·own
000f0180:·6572·2030·206f·6e20·2f62·6f6f·742f·6772··er·0·on·/boot/gr000f0180:·6572·2030·206f·6e20·2f62·6f6f·742f·6772··er·0·on·/boot/gr
000f0190:·7562·322f·7573·6572·2e63·6667·0a20·2066··ub2/user.cfg.··f000f0190:·7562·322f·7573·6572·2e63·6667·0a20·2066··ub2/user.cfg.··f
000f01a0:·696c·653a·0a20·2020·2070·6174·683a·202f··ile:.····path:·/000f01a0:·696c·653a·0a20·2020·2070·6174·683a·202f··ile:.····path:·/
000f01b0:·626f·6f74·2f67·7275·6232·2f75·7365·722e··boot/grub2/user.000f01b0:·626f·6f74·2f67·7275·6232·2f75·7365·722e··boot/grub2/user.
000f01c0:·6366·670a·2020·2020·6772·6f75·703a·2027··cfg.····group:·'000f01c0:·6366·670a·2020·2020·6772·6f75·703a·2027··cfg.····group:·'
000f01d0:·3027·0a20·2077·6865·6e3a·0a20·202d·2027··0'.··when:.··-·'000f01d0:·3027·0a20·2077·6865·6e3a·0a20·202d·2027··0'.··when:.··-·'
000f01e0:·222f·626f·6f74·2f65·6669·2220·696e·2061··"/boot/efi"·in·a 
000f01f0:·6e73·6962·6c65·5f6d·6f75·6e74·7320·7c20··nsible_mounts·|· 
000f0200:·6d61·7028·6174·7472·6962·7574·653d·226d··map(attribute="m 
000f0210:·6f75·6e74·2229·207c·206c·6973·7427·0a20··ount")·|·list'.· 
000f0220:·202d·2027·2267·7275·6232·2d63·6f6d·6d6f···-·'"grub2-commo000f01e0:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i
000f0230:·6e22·2069·6e20·616e·7369·626c·655f·6661··n"·in·ansible_fa000f01f0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
000f0240:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··000f0200:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'"
 000f0210:·2f62·6f6f·742f·6566·6922·2069·6e20·616e··/boot/efi"·in·an
 000f0220:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m
 000f0230:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo
 000f0240:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.··
000f0250:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua000f0250:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
000f0260:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no000f0260:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
000f0270:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·000f0270:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
000f0280:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",000f0280:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
000f0290:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont000f0290:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
000f02a0:·6169·6e65·7222·5d0a·2020·2d20·6669·6c65··ainer"].··-·file000f02a0:·6169·6e65·7222·5d0a·2020·2d20·6669·6c65··ainer"].··-·file
000f02b0:·5f65·7869·7374·732e·7374·6174·2069·7320··_exists.stat·is·000f02b0:·5f65·7869·7374·732e·7374·6174·2069·7320··_exists.stat·is·
Offset 61529, 19 lines modifiedOffset 61529, 19 lines modified
000f0580:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</000f0580:·3e3c·7468·3e53·7472·6174·6567·793a·3c2f··><th>Strategy:</
000f0590:·7468·3e3c·7464·3e63·6f6e·6669·6775·7265··th><td>configure000f0590:·7468·3e3c·7464·3e63·6f6e·6669·6775·7265··th><td>configure
000f05a0:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl000f05a0:·3c2f·7464·3e3c·2f74·723e·3c2f·7461·626c··</td></tr></tabl
000f05b0:·653e·3c70·7265·3e3c·636f·6465·3e23·2052··e><pre><code>#·R000f05b0:·653e·3c70·7265·3e3c·636f·6465·3e23·2052··e><pre><code>#·R
000f05c0:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap000f05c0:·656d·6564·6961·7469·6f6e·2069·7320·6170··emediation·is·ap
000f05d0:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in000f05d0:·706c·6963·6162·6c65·206f·6e6c·7920·696e··plicable·only·in
000f05e0:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor000f05e0:·2063·6572·7461·696e·2070·6c61·7466·6f72···certain·platfor
 000f05f0:·6d73·0a69·6620·7270·6d20·2d2d·7175·6965··ms.if·rpm·--quie
000f05f0:·6d73·0a69·6620·5b20·2d66·202f·7379·732f··ms.if·[·-f·/sys/ 
000f0600:·6669·726d·7761·7265·2f65·6669·205d·2026··firmware/efi·]·& 
000f0610:·616d·703b·2661·6d70·3b20·7270·6d20·2d2d··amp;&amp;·rpm·-- 
000f0620:·7175·6965·7420·2d71·2067·7275·6232·2d63··quiet·-q·grub2-c000f0600:·7420·2d71·2067·7275·6232·2d63·6f6d·6d6f··t·-q·grub2-commo
 000f0610:·6e20·2661·6d70·3b26·616d·703b·205b·202d··n·&amp;&amp;·[·-
 000f0620:·6620·2f73·7973·2f66·6972·6d77·6172·652f··f·/sys/firmware/
000f0630:·6f6d·6d6f·6e20·2661·6d70·3b26·616d·703b··ommon·&amp;&amp;000f0630:·6566·6920·5d20·2661·6d70·3b26·616d·703b··efi·]·&amp;&amp;
000f0640:·207b·205b·2021·202d·6620·2f2e·646f·636b···{·[·!·-f·/.dock000f0640:·207b·205b·2021·202d·6620·2f2e·646f·636b···{·[·!·-f·/.dock
000f0650:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am000f0650:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am
000f0660:·703b·205b·2021·202d·6620·2f72·756e·2f2e··p;·[·!·-f·/run/.000f0660:·703b·205b·2021·202d·6620·2f72·756e·2f2e··p;·[·!·-f·/run/.
000f0670:·636f·6e74·6169·6e65·7265·6e76·205d·3b20··containerenv·];·000f0670:·636f·6e74·6169·6e65·7265·6e76·205d·3b20··containerenv·];·
000f0680:·7d3b·2074·6865·6e0a·0a63·6867·7270·2030··};·then..chgrp·0000f0680:·7d3b·2074·6865·6e0a·0a63·6867·7270·2030··};·then..chgrp·0
000f0690:·202f·626f·6f74·2f67·7275·6232·2f75·7365···/boot/grub2/use000f0690:·202f·626f·6f74·2f67·7275·6232·2f75·7365···/boot/grub2/use
000f06a0:·722e·6366·670a·0a65·6c73·650a·2020·2020··r.cfg..else.····000f06a0:·722e·6366·670a·0a65·6c73·650a·2020·2020··r.cfg..else.····
Offset 61923, 22 lines modifiedOffset 61923, 22 lines modified
000f1e20:·616d·653a·2054·6573·7420·666f·7220·6578··ame:·Test·for·ex000f1e20:·616d·653a·2054·6573·7420·666f·7220·6578··ame:·Test·for·ex
000f1e30:·6973·7465·6e63·6520·2f62·6f6f·742f·6772··istence·/boot/gr000f1e30:·6973·7465·6e63·6520·2f62·6f6f·742f·6772··istence·/boot/gr
000f1e40:·7562·322f·7573·6572·2e63·6667·0a20·2073··ub2/user.cfg.··s000f1e40:·7562·322f·7573·6572·2e63·6667·0a20·2073··ub2/user.cfg.··s
000f1e50:·7461·743a·0a20·2020·2070·6174·683a·202f··tat:.····path:·/000f1e50:·7461·743a·0a20·2020·2070·6174·683a·202f··tat:.····path:·/
000f1e60:·626f·6f74·2f67·7275·6232·2f75·7365·722e··boot/grub2/user.000f1e60:·626f·6f74·2f67·7275·6232·2f75·7365·722e··boot/grub2/user.
000f1e70:·6366·670a·2020·7265·6769·7374·6572·3a20··cfg.··register:·000f1e70:·6366·670a·2020·7265·6769·7374·6572·3a20··cfg.··register:·
000f1e80:·6669·6c65·5f65·7869·7374·730a·2020·7768··file_exists.··wh000f1e80:·6669·6c65·5f65·7869·7374·730a·2020·7768··file_exists.··wh
000f1e90:·656e·3a0a·2020·2d20·2722·2f62·6f6f·742f··en:.··-·'"/boot/000f1e90:·656e·3a0a·2020·2d20·2722·6772·7562·322d··en:.··-·'"grub2-
000f1ea0:·6566·6922·2069·6e20·616e·7369·626c·655f··efi"·in·ansible_ 
000f1eb0:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att 
000f1ec0:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")· 
000f1ed0:·7c20·6c69·7374·270a·2020·2d20·2722·6772··|·list'.··-·'"gr 
000f1ee0:·7562·322d·636f·6d6d·6f6e·2220·696e·2061··ub2-common"·in·a000f1ea0:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib
000f1ef0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac000f1eb0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
 000f1ec0:·7327·0a20·202d·2027·222f·626f·6f74·2f65··s'.··-·'"/boot/e
 000f1ed0:·6669·2220·696e·2061·6e73·6962·6c65·5f6d··fi"·in·ansible_m
 000f1ee0:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr
 000f1ef0:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·|
000f1f00:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib000f1f00:·206c·6973·7427·0a20·202d·2061·6e73·6962···list'.··-·ansib
000f1f10:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio000f1f10:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio
000f1f20:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["000f1f20:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["
000f1f30:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·000f1f30:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·
000f1f40:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma000f1f40:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma
000f1f50:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]000f1f50:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]
000f1f60:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI000f1f60:·0a20·2074·6167·733a·0a20·202d·2043·4a49··.··tags:.··-·CJI
000f1f70:·532d·352e·352e·322e·320a·2020·2d20·4e49··S-5.5.2.2.··-·NI000f1f70:·532d·352e·352e·322e·320a·2020·2d20·4e49··S-5.5.2.2.··-·NI
Offset 61958, 22 lines modifiedOffset 61958, 22 lines modified
000f2050:·6e65·6564·6564·0a0a·2d20·6e61·6d65·3a20··needed..-·name:·000f2050:·6e65·6564·6564·0a0a·2d20·6e61·6d65·3a20··needed..-·name:·
000f2060:·456e·7375·7265·206f·776e·6572·2030·206f··Ensure·owner·0·o000f2060:·456e·7375·7265·206f·776e·6572·2030·206f··Ensure·owner·0·o
000f2070:·6e20·2f62·6f6f·742f·6772·7562·322f·7573··n·/boot/grub2/us000f2070:·6e20·2f62·6f6f·742f·6772·7562·322f·7573··n·/boot/grub2/us
000f2080:·6572·2e63·6667·0a20·2066·696c·653a·0a20··er.cfg.··file:.·000f2080:·6572·2e63·6667·0a20·2066·696c·653a·0a20··er.cfg.··file:.·
000f2090:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g000f2090:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g
000f20a0:·7275·6232·2f75·7365·722e·6366·670a·2020··rub2/user.cfg.··000f20a0:·7275·6232·2f75·7365·722e·6366·670a·2020··rub2/user.cfg.··
000f20b0:·2020·6f77·6e65·723a·2027·3027·0a20·2077····owner:·'0'.··w000f20b0:·2020·6f77·6e65·723a·2027·3027·0a20·2077····owner:·'0'.··w
000f20c0:·6865·6e3a·0a20·202d·2027·222f·626f·6f74··hen:.··-·'"/boot000f20c0:·6865·6e3a·0a20·202d·2027·2267·7275·6232··hen:.··-·'"grub2
000f20d0:·2f65·6669·2220·696e·2061·6e73·6962·6c65··/efi"·in·ansible 
000f20e0:·5f6d·6f75·6e74·7320·7c20·6d61·7028·6174··_mounts·|·map(at 
000f20f0:·7472·6962·7574·653d·226d·6f75·6e74·2229··tribute="mount") 
000f2100:·207c·206c·6973·7427·0a20·202d·2027·2267···|·list'.··-·'"g 
000f2110:·7275·6232·2d63·6f6d·6d6f·6e22·2069·6e20··rub2-common"·in·000f20d0:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi
000f2120:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa000f20e0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag
 000f20f0:·6573·270a·2020·2d20·2722·2f62·6f6f·742f··es'.··-·'"/boot/
 000f2100:·6566·6922·2069·6e20·616e·7369·626c·655f··efi"·in·ansible_
 000f2110:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att
 000f2120:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")·
000f2130:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi000f2130:·7c20·6c69·7374·270a·2020·2d20·616e·7369··|·list'.··-·ansi
000f2140:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati000f2140:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
000f2150:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[000f2150:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
000f2160:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",000f2160:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
000f2170:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm000f2170:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
000f2180:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"000f2180:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
000f2190:·5d0a·2020·2d20·6669·6c65·5f65·7869·7374··].··-·file_exist000f2190:·5d0a·2020·2d20·6669·6c65·5f65·7869·7374··].··-·file_exist
Max diff block lines reached; 13154/22944 bytes (57.33%) of diff not shown.
7.23 KB
html2text {}
    
Offset 8245, 16 lines modifiedOffset 8245, 16 lines modified
8245 ··-·no_reboot_needed8245 ··-·no_reboot_needed
  
8246 -·name:·Test·for·existence·/boot/grub2/user.cfg8246 -·name:·Test·for·existence·/boot/grub2/user.cfg
8247 ··stat:8247 ··stat:
8248 ····path:·/boot/grub2/user.cfg8248 ····path:·/boot/grub2/user.cfg
8249 ··register:·file_exists8249 ··register:·file_exists
8250 ··when:8250 ··when:
8251 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8252 ··-·'"grub2-common"·in·ansible_facts.packages'8251 ··-·'"grub2-common"·in·ansible_facts.packages'
 8252 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
8253 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8253 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8254 ··tags:8254 ··tags:
8255 ··-·CJIS-5.5.2.28255 ··-·CJIS-5.5.2.2
8256 ··-·NIST-800-171-3.4.58256 ··-·NIST-800-171-3.4.5
8257 ··-·NIST-800-53-AC-6(1)8257 ··-·NIST-800-53-AC-6(1)
8258 ··-·NIST-800-53-CM-6(a)8258 ··-·NIST-800-53-CM-6(a)
8259 ··-·PCI-DSS-Req-7.18259 ··-·PCI-DSS-Req-7.1
Offset 8266, 16 lines modifiedOffset 8266, 16 lines modified
8266 ··-·no_reboot_needed8266 ··-·no_reboot_needed
  
8267 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg8267 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
8268 ··file:8268 ··file:
8269 ····path:·/boot/grub2/user.cfg8269 ····path:·/boot/grub2/user.cfg
8270 ····group:·'0'8270 ····group:·'0'
8271 ··when:8271 ··when:
8272 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8273 ··-·'"grub2-common"·in·ansible_facts.packages'8272 ··-·'"grub2-common"·in·ansible_facts.packages'
 8273 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
8274 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8274 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8275 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists8275 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
8276 ··tags:8276 ··tags:
8277 ··-·CJIS-5.5.2.28277 ··-·CJIS-5.5.2.2
8278 ··-·NIST-800-171-3.4.58278 ··-·NIST-800-171-3.4.5
8279 ··-·NIST-800-53-AC-6(1)8279 ··-·NIST-800-53-AC-6(1)
8280 ··-·NIST-800-53-CM-6(a)8280 ··-·NIST-800-53-CM-6(a)
Offset 8287, 15 lines modifiedOffset 8287, 15 lines modified
8287 ··-·medium_severity8287 ··-·medium_severity
8288 ··-·no_reboot_needed8288 ··-·no_reboot_needed
8289 Remediation_Shell_script_⇲8289 Remediation_Shell_script_⇲
8290 Complexity:·low8290 Complexity:·low
8291 Disruption:·low8291 Disruption:·low
8292 Strategy:···configure8292 Strategy:···configure
8293 #·Remediation·is·applicable·only·in·certain·platforms8293 #·Remediation·is·applicable·only·in·certain·platforms
8294 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then8294 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
8295 chgrp·0·/boot/grub2/user.cfg8295 chgrp·0·/boot/grub2/user.cfg
  
8296 else8296 else
8297 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'8297 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
8298 fi8298 fi
8299 ***·Rule  ·Verify·/boot/grub2/user.cfg·User·Ownership·  [ref]·***8299 ***·Rule  ·Verify·/boot/grub2/user.cfg·User·Ownership·  [ref]·***
Offset 8326, 16 lines modifiedOffset 8326, 16 lines modified
8326 ··-·no_reboot_needed8326 ··-·no_reboot_needed
  
8327 -·name:·Test·for·existence·/boot/grub2/user.cfg8327 -·name:·Test·for·existence·/boot/grub2/user.cfg
8328 ··stat:8328 ··stat:
8329 ····path:·/boot/grub2/user.cfg8329 ····path:·/boot/grub2/user.cfg
8330 ··register:·file_exists8330 ··register:·file_exists
8331 ··when:8331 ··when:
8332 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8333 ··-·'"grub2-common"·in·ansible_facts.packages'8332 ··-·'"grub2-common"·in·ansible_facts.packages'
 8333 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
8334 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8334 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8335 ··tags:8335 ··tags:
8336 ··-·CJIS-5.5.2.28336 ··-·CJIS-5.5.2.2
8337 ··-·NIST-800-171-3.4.58337 ··-·NIST-800-171-3.4.5
8338 ··-·NIST-800-53-AC-6(1)8338 ··-·NIST-800-53-AC-6(1)
8339 ··-·NIST-800-53-CM-6(a)8339 ··-·NIST-800-53-CM-6(a)
8340 ··-·PCI-DSS-Req-7.18340 ··-·PCI-DSS-Req-7.1
Offset 8347, 16 lines modifiedOffset 8347, 16 lines modified
8347 ··-·no_reboot_needed8347 ··-·no_reboot_needed
  
8348 -·name:·Ensure·owner·0·on·/boot/grub2/user.cfg8348 -·name:·Ensure·owner·0·on·/boot/grub2/user.cfg
8349 ··file:8349 ··file:
8350 ····path:·/boot/grub2/user.cfg8350 ····path:·/boot/grub2/user.cfg
8351 ····owner:·'0'8351 ····owner:·'0'
8352 ··when:8352 ··when:
8353 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8354 ··-·'"grub2-common"·in·ansible_facts.packages'8353 ··-·'"grub2-common"·in·ansible_facts.packages'
 8354 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
8355 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8355 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8356 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists8356 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
8357 ··tags:8357 ··tags:
8358 ··-·CJIS-5.5.2.28358 ··-·CJIS-5.5.2.2
8359 ··-·NIST-800-171-3.4.58359 ··-·NIST-800-171-3.4.5
8360 ··-·NIST-800-53-AC-6(1)8360 ··-·NIST-800-53-AC-6(1)
8361 ··-·NIST-800-53-CM-6(a)8361 ··-·NIST-800-53-CM-6(a)
Offset 8368, 15 lines modifiedOffset 8368, 15 lines modified
8368 ··-·medium_severity8368 ··-·medium_severity
8369 ··-·no_reboot_needed8369 ··-·no_reboot_needed
8370 Remediation_Shell_script_⇲8370 Remediation_Shell_script_⇲
8371 Complexity:·low8371 Complexity:·low
8372 Disruption:·low8372 Disruption:·low
8373 Strategy:···configure8373 Strategy:···configure
8374 #·Remediation·is·applicable·only·in·certain·platforms8374 #·Remediation·is·applicable·only·in·certain·platforms
8375 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then8375 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
8376 chown·0·/boot/grub2/user.cfg8376 chown·0·/boot/grub2/user.cfg
  
8377 else8377 else
8378 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'8378 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
8379 fi8379 fi
8380 ***·Rule  ·Verify·the·UEFI·Boot·Loader·grub.cfg·Permissions·  [ref]·***8380 ***·Rule  ·Verify·the·UEFI·Boot·Loader·grub.cfg·Permissions·  [ref]·***
Offset 8405, 16 lines modifiedOffset 8405, 16 lines modified
8405 ··-·no_reboot_needed8405 ··-·no_reboot_needed
  
8406 -·name:·Test·for·existence·/boot/grub2/grub.cfg8406 -·name:·Test·for·existence·/boot/grub2/grub.cfg
8407 ··stat:8407 ··stat:
8408 ····path:·/boot/grub2/grub.cfg8408 ····path:·/boot/grub2/grub.cfg
8409 ··register:·file_exists8409 ··register:·file_exists
8410 ··when:8410 ··when:
8411 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8412 ··-·'"grub2-common"·in·ansible_facts.packages'8411 ··-·'"grub2-common"·in·ansible_facts.packages'
 8412 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
8413 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8413 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8414 ··tags:8414 ··tags:
8415 ··-·NIST-800-171-3.4.58415 ··-·NIST-800-171-3.4.5
8416 ··-·NIST-800-53-AC-6(1)8416 ··-·NIST-800-53-AC-6(1)
8417 ··-·NIST-800-53-CM-6(a)8417 ··-·NIST-800-53-CM-6(a)
8418 ··-·configure_strategy8418 ··-·configure_strategy
8419 ··-·file_permissions_efi_grub2_cfg8419 ··-·file_permissions_efi_grub2_cfg
Offset 8424, 16 lines modifiedOffset 8424, 16 lines modified
8424 ··-·no_reboot_needed8424 ··-·no_reboot_needed
  
8425 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg8425 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
8426 ··file:8426 ··file:
8427 ····path:·/boot/grub2/grub.cfg8427 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 2977/7380 bytes (40.34%) of diff not shown.
29.9 KB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-cis_workstation_l1.html
    
Offset 61424, 21 lines modifiedOffset 61424, 21 lines modified
000efef0:·2066·6f72·2065·7869·7374·656e·6365·202f···for·existence·/000efef0:·2066·6f72·2065·7869·7374·656e·6365·202f···for·existence·/
000eff00:·626f·6f74·2f67·7275·6232·2f75·7365·722e··boot/grub2/user.000eff00:·626f·6f74·2f67·7275·6232·2f75·7365·722e··boot/grub2/user.
000eff10:·6366·670a·2020·7374·6174·3a0a·2020·2020··cfg.··stat:.····000eff10:·6366·670a·2020·7374·6174·3a0a·2020·2020··cfg.··stat:.····
000eff20:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub000eff20:·7061·7468·3a20·2f62·6f6f·742f·6772·7562··path:·/boot/grub
000eff30:·322f·7573·6572·2e63·6667·0a20·2072·6567··2/user.cfg.··reg000eff30:·322f·7573·6572·2e63·6667·0a20·2072·6567··2/user.cfg.··reg
000eff40:·6973·7465·723a·2066·696c·655f·6578·6973··ister:·file_exis000eff40:·6973·7465·723a·2066·696c·655f·6578·6973··ister:·file_exis
000eff50:·7473·0a20·2077·6865·6e3a·0a20·202d·2027··ts.··when:.··-·'000eff50:·7473·0a20·2077·6865·6e3a·0a20·202d·2027··ts.··when:.··-·'
000eff60:·222f·626f·6f74·2f65·6669·2220·696e·2061··"/boot/efi"·in·a 
000eff70:·6e73·6962·6c65·5f6d·6f75·6e74·7320·7c20··nsible_mounts·|· 
000eff80:·6d61·7028·6174·7472·6962·7574·653d·226d··map(attribute="m 
000eff90:·6f75·6e74·2229·207c·206c·6973·7427·0a20··ount")·|·list'.· 
000effa0:·202d·2027·2267·7275·6232·2d63·6f6d·6d6f···-·'"grub2-commo000eff60:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i
000effb0:·6e22·2069·6e20·616e·7369·626c·655f·6661··n"·in·ansible_fa000eff70:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.
000effc0:·6374·732e·7061·636b·6167·6573·270a·2020··cts.packages'.··000eff80:·7061·636b·6167·6573·270a·2020·2d20·2722··packages'.··-·'"
 000eff90:·2f62·6f6f·742f·6566·6922·2069·6e20·616e··/boot/efi"·in·an
 000effa0:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m
 000effb0:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo
 000effc0:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.··
000effd0:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua000effd0:·2d20·616e·7369·626c·655f·7669·7274·7561··-·ansible_virtua
000effe0:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no000effe0:·6c69·7a61·7469·6f6e·5f74·7970·6520·6e6f··lization_type·no
000efff0:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·000efff0:·7420·696e·205b·2264·6f63·6b65·7222·2c20··t·in·["docker",·
000f0000:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",000f0000:·226c·7863·222c·2022·6f70·656e·767a·222c··"lxc",·"openvz",
000f0010:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont000f0010:·2022·706f·646d·616e·222c·2022·636f·6e74···"podman",·"cont
000f0020:·6169·6e65·7222·5d0a·2020·7461·6773·3a0a··ainer"].··tags:.000f0020:·6169·6e65·7222·5d0a·2020·7461·6773·3a0a··ainer"].··tags:.
000f0030:·2020·2d20·434a·4953·2d35·2e35·2e32·2e32····-·CJIS-5.5.2.2000f0030:·2020·2d20·434a·4953·2d35·2e35·2e32·2e32····-·CJIS-5.5.2.2
Offset 61459, 22 lines modifiedOffset 61459, 22 lines modified
000f0120:·6564·0a0a·2d20·6e61·6d65·3a20·456e·7375··ed..-·name:·Ensu000f0120:·6564·0a0a·2d20·6e61·6d65·3a20·456e·7375··ed..-·name:·Ensu
000f0130:·7265·2067·726f·7570·206f·776e·6572·2030··re·group·owner·0000f0130:·7265·2067·726f·7570·206f·776e·6572·2030··re·group·owner·0
000f0140:·206f·6e20·2f62·6f6f·742f·6772·7562·322f···on·/boot/grub2/000f0140:·206f·6e20·2f62·6f6f·742f·6772·7562·322f···on·/boot/grub2/
000f0150:·7573·6572·2e63·6667·0a20·2066·696c·653a··user.cfg.··file:000f0150:·7573·6572·2e63·6667·0a20·2066·696c·653a··user.cfg.··file:
000f0160:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot000f0160:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot
000f0170:·2f67·7275·6232·2f75·7365·722e·6366·670a··/grub2/user.cfg.000f0170:·2f67·7275·6232·2f75·7365·722e·6366·670a··/grub2/user.cfg.
000f0180:·2020·2020·6772·6f75·703a·2027·3027·0a20······group:·'0'.·000f0180:·2020·2020·6772·6f75·703a·2027·3027·0a20······group:·'0'.·
000f0190:·2077·6865·6e3a·0a20·202d·2027·222f·626f···when:.··-·'"/bo000f0190:·2077·6865·6e3a·0a20·202d·2027·2267·7275···when:.··-·'"gru
000f01a0:·6f74·2f65·6669·2220·696e·2061·6e73·6962··ot/efi"·in·ansib 
000f01b0:·6c65·5f6d·6f75·6e74·7320·7c20·6d61·7028··le_mounts·|·map( 
000f01c0:·6174·7472·6962·7574·653d·226d·6f75·6e74··attribute="mount 
000f01d0:·2229·207c·206c·6973·7427·0a20·202d·2027··")·|·list'.··-·' 
000f01e0:·2267·7275·6232·2d63·6f6d·6d6f·6e22·2069··"grub2-common"·i000f01a0:·6232·2d63·6f6d·6d6f·6e22·2069·6e20·616e··b2-common"·in·an
000f01f0:·6e20·616e·7369·626c·655f·6661·6374·732e··n·ansible_facts.000f01b0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack
000f0200:·7061·636b·6167·6573·270a·2020·2d20·616e··packages'.··-·an000f01c0:·6167·6573·270a·2020·2d20·2722·2f62·6f6f··ages'.··-·'"/boo
 000f01d0:·742f·6566·6922·2069·6e20·616e·7369·626c··t/efi"·in·ansibl
 000f01e0:·655f·6d6f·756e·7473·207c·206d·6170·2861··e_mounts·|·map(a
 000f01f0:·7474·7269·6275·7465·3d22·6d6f·756e·7422··ttribute="mount"
 000f0200:·2920·7c20·6c69·7374·270a·2020·2d20·616e··)·|·list'.··-·an
000f0210:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza000f0210:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza
000f0220:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in000f0220:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in
000f0230:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc000f0230:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc
000f0240:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po000f0240:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po
000f0250:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe000f0250:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe
000f0260:·7222·5d0a·2020·2d20·6669·6c65·5f65·7869··r"].··-·file_exi000f0260:·7222·5d0a·2020·2d20·6669·6c65·5f65·7869··r"].··-·file_exi
000f0270:·7374·732e·7374·6174·2069·7320·6465·6669··sts.stat·is·defi000f0270:·7374·732e·7374·6174·2069·7320·6465·6669··sts.stat·is·defi
Offset 61525, 19 lines modifiedOffset 61525, 19 lines modified
000f0540:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th><000f0540:·3e53·7472·6174·6567·793a·3c2f·7468·3e3c··>Strategy:</th><
000f0550:·7464·3e63·6f6e·6669·6775·7265·3c2f·7464··td>configure</td000f0550:·7464·3e63·6f6e·6669·6775·7265·3c2f·7464··td>configure</td
000f0560:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p000f0560:·3e3c·2f74·723e·3c2f·7461·626c·653e·3c70··></tr></table><p
000f0570:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed000f0570:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed
000f0580:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic000f0580:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic
000f0590:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer000f0590:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer
000f05a0:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i000f05a0:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i
000f05b0:·6620·5b20·2d66·202f·7379·732f·6669·726d··f·[·-f·/sys/firm 
000f05c0:·7761·7265·2f65·6669·205d·2026·616d·703b··ware/efi·]·&amp; 
000f05d0:·2661·6d70·3b20·7270·6d20·2d2d·7175·6965··&amp;·rpm·--quie000f05b0:·6620·7270·6d20·2d2d·7175·6965·7420·2d71··f·rpm·--quiet·-q
000f05e0:·7420·2d71·2067·7275·6232·2d63·6f6d·6d6f··t·-q·grub2-commo000f05c0:·2067·7275·6232·2d63·6f6d·6d6f·6e20·2661···grub2-common·&a
 000f05d0:·6d70·3b26·616d·703b·205b·202d·6620·2f73··mp;&amp;·[·-f·/s
 000f05e0:·7973·2f66·6972·6d77·6172·652f·6566·6920··ys/firmware/efi·
000f05f0:·6e20·2661·6d70·3b26·616d·703b·207b·205b··n·&amp;&amp;·{·[000f05f0:·5d20·2661·6d70·3b26·616d·703b·207b·205b··]·&amp;&amp;·{·[
000f0600:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren000f0600:·2021·202d·6620·2f2e·646f·636b·6572·656e···!·-f·/.dockeren
000f0610:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[000f0610:·7620·5d20·2661·6d70·3b26·616d·703b·205b··v·]·&amp;&amp;·[
000f0620:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont000f0620:·2021·202d·6620·2f72·756e·2f2e·636f·6e74···!·-f·/run/.cont
000f0630:·6169·6e65·7265·6e76·205d·3b20·7d3b·2074··ainerenv·];·};·t000f0630:·6169·6e65·7265·6e76·205d·3b20·7d3b·2074··ainerenv·];·};·t
000f0640:·6865·6e0a·0a63·6867·7270·2030·202f·626f··hen..chgrp·0·/bo000f0640:·6865·6e0a·0a63·6867·7270·2030·202f·626f··hen..chgrp·0·/bo
000f0650:·6f74·2f67·7275·6232·2f75·7365·722e·6366··ot/grub2/user.cf000f0650:·6f74·2f67·7275·6232·2f75·7365·722e·6366··ot/grub2/user.cf
000f0660:·670a·0a65·6c73·650a·2020·2020·2667·743b··g..else.····&gt;000f0660:·670a·0a65·6c73·650a·2020·2020·2667·743b··g..else.····&gt;
Offset 61919, 22 lines modifiedOffset 61919, 22 lines modified
000f1de0:·2054·6573·7420·666f·7220·6578·6973·7465···Test·for·existe000f1de0:·2054·6573·7420·666f·7220·6578·6973·7465···Test·for·existe
000f1df0:·6e63·6520·2f62·6f6f·742f·6772·7562·322f··nce·/boot/grub2/000f1df0:·6e63·6520·2f62·6f6f·742f·6772·7562·322f··nce·/boot/grub2/
000f1e00:·7573·6572·2e63·6667·0a20·2073·7461·743a··user.cfg.··stat:000f1e00:·7573·6572·2e63·6667·0a20·2073·7461·743a··user.cfg.··stat:
000f1e10:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot000f1e10:·0a20·2020·2070·6174·683a·202f·626f·6f74··.····path:·/boot
000f1e20:·2f67·7275·6232·2f75·7365·722e·6366·670a··/grub2/user.cfg.000f1e20:·2f67·7275·6232·2f75·7365·722e·6366·670a··/grub2/user.cfg.
000f1e30:·2020·7265·6769·7374·6572·3a20·6669·6c65····register:·file000f1e30:·2020·7265·6769·7374·6572·3a20·6669·6c65····register:·file
000f1e40:·5f65·7869·7374·730a·2020·7768·656e·3a0a··_exists.··when:.000f1e40:·5f65·7869·7374·730a·2020·7768·656e·3a0a··_exists.··when:.
000f1e50:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi" 
000f1e60:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun 
000f1e70:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu 
000f1e80:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li 
000f1e90:·7374·270a·2020·2d20·2722·6772·7562·322d··st'.··-·'"grub2-000f1e50:·2020·2d20·2722·6772·7562·322d·636f·6d6d····-·'"grub2-comm
000f1ea0:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib000f1e60:·6f6e·2220·696e·2061·6e73·6962·6c65·5f66··on"·in·ansible_f
000f1eb0:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package000f1e70:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
 000f1e80:·202d·2027·222f·626f·6f74·2f65·6669·2220···-·'"/boot/efi"·
 000f1e90:·696e·2061·6e73·6962·6c65·5f6d·6f75·6e74··in·ansible_mount
 000f1ea0:·7320·7c20·6d61·7028·6174·7472·6962·7574··s·|·map(attribut
 000f1eb0:·653d·226d·6f75·6e74·2229·207c·206c·6973··e="mount")·|·lis
000f1ec0:·7327·0a20·202d·2061·6e73·6962·6c65·5f76··s'.··-·ansible_v000f1ec0:·7427·0a20·202d·2061·6e73·6962·6c65·5f76··t'.··-·ansible_v
000f1ed0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty000f1ed0:·6972·7475·616c·697a·6174·696f·6e5f·7479··irtualization_ty
000f1ee0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock000f1ee0:·7065·206e·6f74·2069·6e20·5b22·646f·636b··pe·not·in·["dock
000f1ef0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope000f1ef0:·6572·222c·2022·6c78·6322·2c20·226f·7065··er",·"lxc",·"ope
000f1f00:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·000f1f00:·6e76·7a22·2c20·2270·6f64·6d61·6e22·2c20··nvz",·"podman",·
000f1f10:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t000f1f10:·2263·6f6e·7461·696e·6572·225d·0a20·2074··"container"].··t
000f1f20:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.000f1f20:·6167·733a·0a20·202d·2043·4a49·532d·352e··ags:.··-·CJIS-5.
000f1f30:·352e·322e·320a·2020·2d20·4e49·5354·2d38··5.2.2.··-·NIST-8000f1f30:·352e·322e·320a·2020·2d20·4e49·5354·2d38··5.2.2.··-·NIST-8
Offset 61954, 22 lines modifiedOffset 61954, 22 lines modified
000f2010:·6564·0a0a·2d20·6e61·6d65·3a20·456e·7375··ed..-·name:·Ensu000f2010:·6564·0a0a·2d20·6e61·6d65·3a20·456e·7375··ed..-·name:·Ensu
000f2020:·7265·206f·776e·6572·2030·206f·6e20·2f62··re·owner·0·on·/b000f2020:·7265·206f·776e·6572·2030·206f·6e20·2f62··re·owner·0·on·/b
000f2030:·6f6f·742f·6772·7562·322f·7573·6572·2e63··oot/grub2/user.c000f2030:·6f6f·742f·6772·7562·322f·7573·6572·2e63··oot/grub2/user.c
000f2040:·6667·0a20·2066·696c·653a·0a20·2020·2070··fg.··file:.····p000f2040:·6667·0a20·2066·696c·653a·0a20·2020·2070··fg.··file:.····p
000f2050:·6174·683a·202f·626f·6f74·2f67·7275·6232··ath:·/boot/grub2000f2050:·6174·683a·202f·626f·6f74·2f67·7275·6232··ath:·/boot/grub2
000f2060:·2f75·7365·722e·6366·670a·2020·2020·6f77··/user.cfg.····ow000f2060:·2f75·7365·722e·6366·670a·2020·2020·6f77··/user.cfg.····ow
000f2070:·6e65·723a·2027·3027·0a20·2077·6865·6e3a··ner:·'0'.··when:000f2070:·6e65·723a·2027·3027·0a20·2077·6865·6e3a··ner:·'0'.··when:
000f2080:·0a20·202d·2027·222f·626f·6f74·2f65·6669··.··-·'"/boot/efi 
000f2090:·2220·696e·2061·6e73·6962·6c65·5f6d·6f75··"·in·ansible_mou 
000f20a0:·6e74·7320·7c20·6d61·7028·6174·7472·6962··nts·|·map(attrib 
000f20b0:·7574·653d·226d·6f75·6e74·2229·207c·206c··ute="mount")·|·l 
000f20c0:·6973·7427·0a20·202d·2027·2267·7275·6232··ist'.··-·'"grub2000f2080:·0a20·202d·2027·2267·7275·6232·2d63·6f6d··.··-·'"grub2-com
000f20d0:·2d63·6f6d·6d6f·6e22·2069·6e20·616e·7369··-common"·in·ansi000f2090:·6d6f·6e22·2069·6e20·616e·7369·626c·655f··mon"·in·ansible_
000f20e0:·626c·655f·6661·6374·732e·7061·636b·6167··ble_facts.packag000f20a0:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.
 000f20b0:·2020·2d20·2722·2f62·6f6f·742f·6566·6922····-·'"/boot/efi"
 000f20c0:·2069·6e20·616e·7369·626c·655f·6d6f·756e···in·ansible_moun
 000f20d0:·7473·207c·206d·6170·2861·7474·7269·6275··ts·|·map(attribu
 000f20e0:·7465·3d22·6d6f·756e·7422·2920·7c20·6c69··te="mount")·|·li
000f20f0:·6573·270a·2020·2d20·616e·7369·626c·655f··es'.··-·ansible_000f20f0:·7374·270a·2020·2d20·616e·7369·626c·655f··st'.··-·ansible_
000f2100:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t000f2100:·7669·7274·7561·6c69·7a61·7469·6f6e·5f74··virtualization_t
000f2110:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc000f2110:·7970·6520·6e6f·7420·696e·205b·2264·6f63··ype·not·in·["doc
000f2120:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op000f2120:·6b65·7222·2c20·226c·7863·222c·2022·6f70··ker",·"lxc",·"op
000f2130:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",000f2130:·656e·767a·222c·2022·706f·646d·616e·222c··envz",·"podman",
000f2140:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··000f2140:·2022·636f·6e74·6169·6e65·7222·5d0a·2020···"container"].··
000f2150:·2d20·6669·6c65·5f65·7869·7374·732e·7374··-·file_exists.st000f2150:·2d20·6669·6c65·5f65·7869·7374·732e·7374··-·file_exists.st
Max diff block lines reached; 13154/23082 bytes (56.99%) of diff not shown.
7.23 KB
html2text {}
    
Offset 8244, 16 lines modifiedOffset 8244, 16 lines modified
8244 ··-·no_reboot_needed8244 ··-·no_reboot_needed
  
8245 -·name:·Test·for·existence·/boot/grub2/user.cfg8245 -·name:·Test·for·existence·/boot/grub2/user.cfg
8246 ··stat:8246 ··stat:
8247 ····path:·/boot/grub2/user.cfg8247 ····path:·/boot/grub2/user.cfg
8248 ··register:·file_exists8248 ··register:·file_exists
8249 ··when:8249 ··when:
8250 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8251 ··-·'"grub2-common"·in·ansible_facts.packages'8250 ··-·'"grub2-common"·in·ansible_facts.packages'
 8251 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
8252 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8252 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8253 ··tags:8253 ··tags:
8254 ··-·CJIS-5.5.2.28254 ··-·CJIS-5.5.2.2
8255 ··-·NIST-800-171-3.4.58255 ··-·NIST-800-171-3.4.5
8256 ··-·NIST-800-53-AC-6(1)8256 ··-·NIST-800-53-AC-6(1)
8257 ··-·NIST-800-53-CM-6(a)8257 ··-·NIST-800-53-CM-6(a)
8258 ··-·PCI-DSS-Req-7.18258 ··-·PCI-DSS-Req-7.1
Offset 8265, 16 lines modifiedOffset 8265, 16 lines modified
8265 ··-·no_reboot_needed8265 ··-·no_reboot_needed
  
8266 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg8266 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
8267 ··file:8267 ··file:
8268 ····path:·/boot/grub2/user.cfg8268 ····path:·/boot/grub2/user.cfg
8269 ····group:·'0'8269 ····group:·'0'
8270 ··when:8270 ··when:
8271 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8272 ··-·'"grub2-common"·in·ansible_facts.packages'8271 ··-·'"grub2-common"·in·ansible_facts.packages'
 8272 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
8273 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8273 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8274 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists8274 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
8275 ··tags:8275 ··tags:
8276 ··-·CJIS-5.5.2.28276 ··-·CJIS-5.5.2.2
8277 ··-·NIST-800-171-3.4.58277 ··-·NIST-800-171-3.4.5
8278 ··-·NIST-800-53-AC-6(1)8278 ··-·NIST-800-53-AC-6(1)
8279 ··-·NIST-800-53-CM-6(a)8279 ··-·NIST-800-53-CM-6(a)
Offset 8286, 15 lines modifiedOffset 8286, 15 lines modified
8286 ··-·medium_severity8286 ··-·medium_severity
8287 ··-·no_reboot_needed8287 ··-·no_reboot_needed
8288 Remediation_Shell_script_⇲8288 Remediation_Shell_script_⇲
8289 Complexity:·low8289 Complexity:·low
8290 Disruption:·low8290 Disruption:·low
8291 Strategy:···configure8291 Strategy:···configure
8292 #·Remediation·is·applicable·only·in·certain·platforms8292 #·Remediation·is·applicable·only·in·certain·platforms
8293 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then8293 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
8294 chgrp·0·/boot/grub2/user.cfg8294 chgrp·0·/boot/grub2/user.cfg
  
8295 else8295 else
8296 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'8296 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
8297 fi8297 fi
8298 ***·Rule  ·Verify·/boot/grub2/user.cfg·User·Ownership·  [ref]·***8298 ***·Rule  ·Verify·/boot/grub2/user.cfg·User·Ownership·  [ref]·***
Offset 8325, 16 lines modifiedOffset 8325, 16 lines modified
8325 ··-·no_reboot_needed8325 ··-·no_reboot_needed
  
8326 -·name:·Test·for·existence·/boot/grub2/user.cfg8326 -·name:·Test·for·existence·/boot/grub2/user.cfg
8327 ··stat:8327 ··stat:
8328 ····path:·/boot/grub2/user.cfg8328 ····path:·/boot/grub2/user.cfg
8329 ··register:·file_exists8329 ··register:·file_exists
8330 ··when:8330 ··when:
8331 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8332 ··-·'"grub2-common"·in·ansible_facts.packages'8331 ··-·'"grub2-common"·in·ansible_facts.packages'
 8332 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
8333 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8333 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8334 ··tags:8334 ··tags:
8335 ··-·CJIS-5.5.2.28335 ··-·CJIS-5.5.2.2
8336 ··-·NIST-800-171-3.4.58336 ··-·NIST-800-171-3.4.5
8337 ··-·NIST-800-53-AC-6(1)8337 ··-·NIST-800-53-AC-6(1)
8338 ··-·NIST-800-53-CM-6(a)8338 ··-·NIST-800-53-CM-6(a)
8339 ··-·PCI-DSS-Req-7.18339 ··-·PCI-DSS-Req-7.1
Offset 8346, 16 lines modifiedOffset 8346, 16 lines modified
8346 ··-·no_reboot_needed8346 ··-·no_reboot_needed
  
8347 -·name:·Ensure·owner·0·on·/boot/grub2/user.cfg8347 -·name:·Ensure·owner·0·on·/boot/grub2/user.cfg
8348 ··file:8348 ··file:
8349 ····path:·/boot/grub2/user.cfg8349 ····path:·/boot/grub2/user.cfg
8350 ····owner:·'0'8350 ····owner:·'0'
8351 ··when:8351 ··when:
8352 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8353 ··-·'"grub2-common"·in·ansible_facts.packages'8352 ··-·'"grub2-common"·in·ansible_facts.packages'
 8353 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
8354 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8354 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8355 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists8355 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
8356 ··tags:8356 ··tags:
8357 ··-·CJIS-5.5.2.28357 ··-·CJIS-5.5.2.2
8358 ··-·NIST-800-171-3.4.58358 ··-·NIST-800-171-3.4.5
8359 ··-·NIST-800-53-AC-6(1)8359 ··-·NIST-800-53-AC-6(1)
8360 ··-·NIST-800-53-CM-6(a)8360 ··-·NIST-800-53-CM-6(a)
Offset 8367, 15 lines modifiedOffset 8367, 15 lines modified
8367 ··-·medium_severity8367 ··-·medium_severity
8368 ··-·no_reboot_needed8368 ··-·no_reboot_needed
8369 Remediation_Shell_script_⇲8369 Remediation_Shell_script_⇲
8370 Complexity:·low8370 Complexity:·low
8371 Disruption:·low8371 Disruption:·low
8372 Strategy:···configure8372 Strategy:···configure
8373 #·Remediation·is·applicable·only·in·certain·platforms8373 #·Remediation·is·applicable·only·in·certain·platforms
8374 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then8374 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
8375 chown·0·/boot/grub2/user.cfg8375 chown·0·/boot/grub2/user.cfg
  
8376 else8376 else
8377 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'8377 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
8378 fi8378 fi
8379 ***·Rule  ·Verify·the·UEFI·Boot·Loader·grub.cfg·Permissions·  [ref]·***8379 ***·Rule  ·Verify·the·UEFI·Boot·Loader·grub.cfg·Permissions·  [ref]·***
Offset 8404, 16 lines modifiedOffset 8404, 16 lines modified
8404 ··-·no_reboot_needed8404 ··-·no_reboot_needed
  
8405 -·name:·Test·for·existence·/boot/grub2/grub.cfg8405 -·name:·Test·for·existence·/boot/grub2/grub.cfg
8406 ··stat:8406 ··stat:
8407 ····path:·/boot/grub2/grub.cfg8407 ····path:·/boot/grub2/grub.cfg
8408 ··register:·file_exists8408 ··register:·file_exists
8409 ··when:8409 ··when:
8410 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
8411 ··-·'"grub2-common"·in·ansible_facts.packages'8410 ··-·'"grub2-common"·in·ansible_facts.packages'
 8411 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
8412 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]8412 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
8413 ··tags:8413 ··tags:
8414 ··-·NIST-800-171-3.4.58414 ··-·NIST-800-171-3.4.5
8415 ··-·NIST-800-53-AC-6(1)8415 ··-·NIST-800-53-AC-6(1)
8416 ··-·NIST-800-53-CM-6(a)8416 ··-·NIST-800-53-CM-6(a)
8417 ··-·configure_strategy8417 ··-·configure_strategy
8418 ··-·file_permissions_efi_grub2_cfg8418 ··-·file_permissions_efi_grub2_cfg
Offset 8423, 16 lines modifiedOffset 8423, 16 lines modified
8423 ··-·no_reboot_needed8423 ··-·no_reboot_needed
  
8424 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg8424 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
8425 ··file:8425 ··file:
8426 ····path:·/boot/grub2/grub.cfg8426 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 2977/7380 bytes (40.34%) of diff not shown.
29.8 KB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-cis_workstation_l2.html
    
Offset 186671, 21 lines modifiedOffset 186671, 21 lines modified
002d92e0:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc002d92e0:·6573·7420·666f·7220·6578·6973·7465·6e63··est·for·existenc
002d92f0:·6520·2f62·6f6f·742f·6772·7562·322f·7573··e·/boot/grub2/us002d92f0:·6520·2f62·6f6f·742f·6772·7562·322f·7573··e·/boot/grub2/us
002d9300:·6572·2e63·6667·0a20·2073·7461·743a·0a20··er.cfg.··stat:.·002d9300:·6572·2e63·6667·0a20·2073·7461·743a·0a20··er.cfg.··stat:.·
002d9310:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g002d9310:·2020·2070·6174·683a·202f·626f·6f74·2f67·····path:·/boot/g
002d9320:·7275·6232·2f75·7365·722e·6366·670a·2020··rub2/user.cfg.··002d9320:·7275·6232·2f75·7365·722e·6366·670a·2020··rub2/user.cfg.··
002d9330:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e002d9330:·7265·6769·7374·6572·3a20·6669·6c65·5f65··register:·file_e
002d9340:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··002d9340:·7869·7374·730a·2020·7768·656e·3a0a·2020··xists.··when:.··
002d9350:·2d20·2722·2f62·6f6f·742f·6566·6922·2069··-·'"/boot/efi"·i 
002d9360:·6e20·616e·7369·626c·655f·6d6f·756e·7473··n·ansible_mounts 
002d9370:·207c·206d·6170·2861·7474·7269·6275·7465···|·map(attribute 
002d9380:·3d22·6d6f·756e·7422·2920·7c20·6c69·7374··="mount")·|·list 
002d9390:·270a·2020·2d20·2722·6772·7562·322d·636f··'.··-·'"grub2-co002d9350:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common
002d93a0:·6d6d·6f6e·2220·696e·2061·6e73·6962·6c65··mmon"·in·ansible002d9360:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac
002d93b0:·5f66·6163·7473·2e70·6163·6b61·6765·7327··_facts.packages'002d9370:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-
 002d9380:·2027·222f·626f·6f74·2f65·6669·2220·696e···'"/boot/efi"·in
 002d9390:·2061·6e73·6962·6c65·5f6d·6f75·6e74·7320···ansible_mounts·
 002d93a0:·7c20·6d61·7028·6174·7472·6962·7574·653d··|·map(attribute=
 002d93b0:·226d·6f75·6e74·2229·207c·206c·6973·7427··"mount")·|·list'
002d93c0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir002d93c0:·0a20·202d·2061·6e73·6962·6c65·5f76·6972··.··-·ansible_vir
002d93d0:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type002d93d0:·7475·616c·697a·6174·696f·6e5f·7479·7065··tualization_type
002d93e0:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker002d93e0:·206e·6f74·2069·6e20·5b22·646f·636b·6572···not·in·["docker
002d93f0:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv002d93f0:·222c·2022·6c78·6322·2c20·226f·7065·6e76··",·"lxc",·"openv
002d9400:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c002d9400:·7a22·2c20·2270·6f64·6d61·6e22·2c20·2263··z",·"podman",·"c
002d9410:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag002d9410:·6f6e·7461·696e·6572·225d·0a20·2074·6167··ontainer"].··tag
002d9420:·733a·0a20·202d·2043·4a49·532d·352e·352e··s:.··-·CJIS-5.5.002d9420:·733a·0a20·202d·2043·4a49·532d·352e·352e··s:.··-·CJIS-5.5.
Offset 186707, 21 lines modifiedOffset 186707, 21 lines modified
002d9520:·6e73·7572·6520·6772·6f75·7020·6f77·6e65··nsure·group·owne002d9520:·6e73·7572·6520·6772·6f75·7020·6f77·6e65··nsure·group·owne
002d9530:·7220·3020·6f6e·202f·626f·6f74·2f67·7275··r·0·on·/boot/gru002d9530:·7220·3020·6f6e·202f·626f·6f74·2f67·7275··r·0·on·/boot/gru
002d9540:·6232·2f75·7365·722e·6366·670a·2020·6669··b2/user.cfg.··fi002d9540:·6232·2f75·7365·722e·6366·670a·2020·6669··b2/user.cfg.··fi
002d9550:·6c65·3a0a·2020·2020·7061·7468·3a20·2f62··le:.····path:·/b002d9550:·6c65·3a0a·2020·2020·7061·7468·3a20·2f62··le:.····path:·/b
002d9560:·6f6f·742f·6772·7562·322f·7573·6572·2e63··oot/grub2/user.c002d9560:·6f6f·742f·6772·7562·322f·7573·6572·2e63··oot/grub2/user.c
002d9570:·6667·0a20·2020·2067·726f·7570·3a20·2730··fg.····group:·'0002d9570:·6667·0a20·2020·2067·726f·7570·3a20·2730··fg.····group:·'0
002d9580:·270a·2020·7768·656e·3a0a·2020·2d20·2722··'.··when:.··-·'"002d9580:·270a·2020·7768·656e·3a0a·2020·2d20·2722··'.··when:.··-·'"
002d9590:·2f62·6f6f·742f·6566·6922·2069·6e20·616e··/boot/efi"·in·an 
002d95a0:·7369·626c·655f·6d6f·756e·7473·207c·206d··sible_mounts·|·m 
002d95b0:·6170·2861·7474·7269·6275·7465·3d22·6d6f··ap(attribute="mo 
002d95c0:·756e·7422·2920·7c20·6c69·7374·270a·2020··unt")·|·list'.·· 
002d95d0:·2d20·2722·6772·7562·322d·636f·6d6d·6f6e··-·'"grub2-common002d9590:·6772·7562·322d·636f·6d6d·6f6e·2220·696e··grub2-common"·in
002d95e0:·2220·696e·2061·6e73·6962·6c65·5f66·6163··"·in·ansible_fac002d95a0:·2061·6e73·6962·6c65·5f66·6163·7473·2e70···ansible_facts.p
002d95f0:·7473·2e70·6163·6b61·6765·7327·0a20·202d··ts.packages'.··-002d95b0:·6163·6b61·6765·7327·0a20·202d·2027·222f··ackages'.··-·'"/
 002d95c0:·626f·6f74·2f65·6669·2220·696e·2061·6e73··boot/efi"·in·ans
 002d95d0:·6962·6c65·5f6d·6f75·6e74·7320·7c20·6d61··ible_mounts·|·ma
 002d95e0:·7028·6174·7472·6962·7574·653d·226d·6f75··p(attribute="mou
 002d95f0:·6e74·2229·207c·206c·6973·7427·0a20·202d··nt")·|·list'.··-
002d9600:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual002d9600:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual
002d9610:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not002d9610:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not
002d9620:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"002d9620:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·"
002d9630:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·002d9630:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",·
002d9640:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta002d9640:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta
002d9650:·696e·6572·225d·0a20·202d·2066·696c·655f··iner"].··-·file_002d9650:·696e·6572·225d·0a20·202d·2066·696c·655f··iner"].··-·file_
002d9660:·6578·6973·7473·2e73·7461·7420·6973·2064··exists.stat·is·d002d9660:·6578·6973·7473·2e73·7461·7420·6973·2064··exists.stat·is·d
Offset 186772, 19 lines modifiedOffset 186772, 19 lines modified
002d9930:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t002d9930:·3c74·683e·5374·7261·7465·6779·3a3c·2f74··<th>Strategy:</t
002d9940:·683e·3c74·643e·636f·6e66·6967·7572·653c··h><td>configure<002d9940:·683e·3c74·643e·636f·6e66·6967·7572·653c··h><td>configure<
002d9950:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table002d9950:·2f74·643e·3c2f·7472·3e3c·2f74·6162·6c65··/td></tr></table
002d9960:·3e3c·7072·653e·3c63·6f64·653e·2320·5265··><pre><code>#·Re002d9960:·3e3c·7072·653e·3c63·6f64·653e·2320·5265··><pre><code>#·Re
002d9970:·6d65·6469·6174·696f·6e20·6973·2061·7070··mediation·is·app002d9970:·6d65·6469·6174·696f·6e20·6973·2061·7070··mediation·is·app
002d9980:·6c69·6361·626c·6520·6f6e·6c79·2069·6e20··licable·only·in·002d9980:·6c69·6361·626c·6520·6f6e·6c79·2069·6e20··licable·only·in·
002d9990:·6365·7274·6169·6e20·706c·6174·666f·726d··certain·platform002d9990:·6365·7274·6169·6e20·706c·6174·666f·726d··certain·platform
 002d99a0:·730a·6966·2072·706d·202d·2d71·7569·6574··s.if·rpm·--quiet
002d99a0:·730a·6966·205b·202d·6620·2f73·7973·2f66··s.if·[·-f·/sys/f 
002d99b0:·6972·6d77·6172·652f·6566·6920·5d20·2661··irmware/efi·]·&a 
002d99c0:·6d70·3b26·616d·703b·2072·706d·202d·2d71··mp;&amp;·rpm·--q 
002d99d0:·7569·6574·202d·7120·6772·7562·322d·636f··uiet·-q·grub2-co002d99b0:·202d·7120·6772·7562·322d·636f·6d6d·6f6e···-q·grub2-common
 002d99c0:·2026·616d·703b·2661·6d70·3b20·5b20·2d66···&amp;&amp;·[·-f
 002d99d0:·202f·7379·732f·6669·726d·7761·7265·2f65···/sys/firmware/e
002d99e0:·6d6d·6f6e·2026·616d·703b·2661·6d70·3b20··mmon·&amp;&amp;·002d99e0:·6669·205d·2026·616d·703b·2661·6d70·3b20··fi·]·&amp;&amp;·
002d99f0:·7b20·5b20·2120·2d66·202f·2e64·6f63·6b65··{·[·!·-f·/.docke002d99f0:·7b20·5b20·2120·2d66·202f·2e64·6f63·6b65··{·[·!·-f·/.docke
002d9a00:·7265·6e76·205d·2026·616d·703b·2661·6d70··renv·]·&amp;&amp002d9a00:·7265·6e76·205d·2026·616d·703b·2661·6d70··renv·]·&amp;&amp
002d9a10:·3b20·5b20·2120·2d66·202f·7275·6e2f·2e63··;·[·!·-f·/run/.c002d9a10:·3b20·5b20·2120·2d66·202f·7275·6e2f·2e63··;·[·!·-f·/run/.c
002d9a20:·6f6e·7461·696e·6572·656e·7620·5d3b·207d··ontainerenv·];·}002d9a20:·6f6e·7461·696e·6572·656e·7620·5d3b·207d··ontainerenv·];·}
002d9a30:·3b20·7468·656e·0a0a·6368·6772·7020·3020··;·then..chgrp·0·002d9a30:·3b20·7468·656e·0a0a·6368·6772·7020·3020··;·then..chgrp·0·
002d9a40:·2f62·6f6f·742f·6772·7562·322f·7573·6572··/boot/grub2/user002d9a40:·2f62·6f6f·742f·6772·7562·322f·7573·6572··/boot/grub2/user
002d9a50:·2e63·6667·0a0a·656c·7365·0a20·2020·2026··.cfg..else.····&002d9a50:·2e63·6667·0a0a·656c·7365·0a20·2020·2026··.cfg..else.····&
Offset 187166, 22 lines modifiedOffset 187166, 22 lines modified
002db1d0:·6d65·3a20·5465·7374·2066·6f72·2065·7869··me:·Test·for·exi002db1d0:·6d65·3a20·5465·7374·2066·6f72·2065·7869··me:·Test·for·exi
002db1e0:·7374·656e·6365·202f·626f·6f74·2f67·7275··stence·/boot/gru002db1e0:·7374·656e·6365·202f·626f·6f74·2f67·7275··stence·/boot/gru
002db1f0:·6232·2f75·7365·722e·6366·670a·2020·7374··b2/user.cfg.··st002db1f0:·6232·2f75·7365·722e·6366·670a·2020·7374··b2/user.cfg.··st
002db200:·6174·3a0a·2020·2020·7061·7468·3a20·2f62··at:.····path:·/b002db200:·6174·3a0a·2020·2020·7061·7468·3a20·2f62··at:.····path:·/b
002db210:·6f6f·742f·6772·7562·322f·7573·6572·2e63··oot/grub2/user.c002db210:·6f6f·742f·6772·7562·322f·7573·6572·2e63··oot/grub2/user.c
002db220:·6667·0a20·2072·6567·6973·7465·723a·2066··fg.··register:·f002db220:·6667·0a20·2072·6567·6973·7465·723a·2066··fg.··register:·f
002db230:·696c·655f·6578·6973·7473·0a20·2077·6865··ile_exists.··whe002db230:·696c·655f·6578·6973·7473·0a20·2077·6865··ile_exists.··whe
002db240:·6e3a·0a20·202d·2027·222f·626f·6f74·2f65··n:.··-·'"/boot/e002db240:·6e3a·0a20·202d·2027·2267·7275·6232·2d63··n:.··-·'"grub2-c
002db250:·6669·2220·696e·2061·6e73·6962·6c65·5f6d··fi"·in·ansible_m 
002db260:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr 
002db270:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·| 
002db280:·206c·6973·7427·0a20·202d·2027·2267·7275···list'.··-·'"gru 
002db290:·6232·2d63·6f6d·6d6f·6e22·2069·6e20·616e··b2-common"·in·an002db250:·6f6d·6d6f·6e22·2069·6e20·616e·7369·626c··ommon"·in·ansibl
002db2a0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack002db260:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
 002db270:·270a·2020·2d20·2722·2f62·6f6f·742f·6566··'.··-·'"/boot/ef
 002db280:·6922·2069·6e20·616e·7369·626c·655f·6d6f··i"·in·ansible_mo
 002db290:·756e·7473·207c·206d·6170·2861·7474·7269··unts·|·map(attri
 002db2a0:·6275·7465·3d22·6d6f·756e·7422·2920·7c20··bute="mount")·|·
002db2b0:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl002db2b0:·6c69·7374·270a·2020·2d20·616e·7369·626c··list'.··-·ansibl
002db2c0:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization002db2c0:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization
002db2d0:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d002db2d0:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d
002db2e0:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"002db2e0:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·"
002db2f0:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman002db2f0:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman
002db300:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].002db300:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].
002db310:·2020·7461·6773·3a0a·2020·2d20·434a·4953····tags:.··-·CJIS002db310:·2020·7461·6773·3a0a·2020·2d20·434a·4953····tags:.··-·CJIS
002db320:·2d35·2e35·2e32·2e32·0a20·202d·204e·4953··-5.5.2.2.··-·NIS002db320:·2d35·2e35·2e32·2e32·0a20·202d·204e·4953··-5.5.2.2.··-·NIS
Offset 187201, 22 lines modifiedOffset 187201, 22 lines modified
002db400:·6565·6465·640a·0a2d·206e·616d·653a·2045··eeded..-·name:·E002db400:·6565·6465·640a·0a2d·206e·616d·653a·2045··eeded..-·name:·E
002db410:·6e73·7572·6520·6f77·6e65·7220·3020·6f6e··nsure·owner·0·on002db410:·6e73·7572·6520·6f77·6e65·7220·3020·6f6e··nsure·owner·0·on
002db420:·202f·626f·6f74·2f67·7275·6232·2f75·7365···/boot/grub2/use002db420:·202f·626f·6f74·2f67·7275·6232·2f75·7365···/boot/grub2/use
002db430:·722e·6366·670a·2020·6669·6c65·3a0a·2020··r.cfg.··file:.··002db430:·722e·6366·670a·2020·6669·6c65·3a0a·2020··r.cfg.··file:.··
002db440:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr002db440:·2020·7061·7468·3a20·2f62·6f6f·742f·6772····path:·/boot/gr
002db450:·7562·322f·7573·6572·2e63·6667·0a20·2020··ub2/user.cfg.···002db450:·7562·322f·7573·6572·2e63·6667·0a20·2020··ub2/user.cfg.···
002db460:·206f·776e·6572·3a20·2730·270a·2020·7768···owner:·'0'.··wh002db460:·206f·776e·6572·3a20·2730·270a·2020·7768···owner:·'0'.··wh
002db470:·656e·3a0a·2020·2d20·2722·2f62·6f6f·742f··en:.··-·'"/boot/002db470:·656e·3a0a·2020·2d20·2722·6772·7562·322d··en:.··-·'"grub2-
002db480:·6566·6922·2069·6e20·616e·7369·626c·655f··efi"·in·ansible_ 
002db490:·6d6f·756e·7473·207c·206d·6170·2861·7474··mounts·|·map(att 
002db4a0:·7269·6275·7465·3d22·6d6f·756e·7422·2920··ribute="mount")· 
002db4b0:·7c20·6c69·7374·270a·2020·2d20·2722·6772··|·list'.··-·'"gr 
002db4c0:·7562·322d·636f·6d6d·6f6e·2220·696e·2061··ub2-common"·in·a002db480:·636f·6d6d·6f6e·2220·696e·2061·6e73·6962··common"·in·ansib
002db4d0:·6e73·6962·6c65·5f66·6163·7473·2e70·6163··nsible_facts.pac002db490:·6c65·5f66·6163·7473·2e70·6163·6b61·6765··le_facts.package
 002db4a0:·7327·0a20·202d·2027·222f·626f·6f74·2f65··s'.··-·'"/boot/e
 002db4b0:·6669·2220·696e·2061·6e73·6962·6c65·5f6d··fi"·in·ansible_m
 002db4c0:·6f75·6e74·7320·7c20·6d61·7028·6174·7472··ounts·|·map(attr
 002db4d0:·6962·7574·653d·226d·6f75·6e74·2229·207c··ibute="mount")·|
002db4e0:·6b61·6765·7327·0a20·202d·2061·6e73·6962··kages'.··-·ansib002db4e0:·206c·6973·7427·0a20·202d·2061·6e73·6962···list'.··-·ansib
002db4f0:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio002db4f0:·6c65·5f76·6972·7475·616c·697a·6174·696f··le_virtualizatio
002db500:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["002db500:·6e5f·7479·7065·206e·6f74·2069·6e20·5b22··n_type·not·in·["
002db510:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·002db510:·646f·636b·6572·222c·2022·6c78·6322·2c20··docker",·"lxc",·
002db520:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma002db520:·226f·7065·6e76·7a22·2c20·2270·6f64·6d61··"openvz",·"podma
002db530:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]002db530:·6e22·2c20·2263·6f6e·7461·696e·6572·225d··n",·"container"]
002db540:·0a20·202d·2066·696c·655f·6578·6973·7473··.··-·file_exists002db540:·0a20·202d·2066·696c·655f·6578·6973·7473··.··-·file_exists
Max diff block lines reached; 13168/22968 bytes (57.33%) of diff not shown.
7.25 KB
html2text {}
    
Offset 41737, 16 lines modifiedOffset 41737, 16 lines modified
41737 ··-·no_reboot_needed41737 ··-·no_reboot_needed
  
41738 -·name:·Test·for·existence·/boot/grub2/user.cfg41738 -·name:·Test·for·existence·/boot/grub2/user.cfg
41739 ··stat:41739 ··stat:
41740 ····path:·/boot/grub2/user.cfg41740 ····path:·/boot/grub2/user.cfg
41741 ··register:·file_exists41741 ··register:·file_exists
41742 ··when:41742 ··when:
41743 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41744 ··-·'"grub2-common"·in·ansible_facts.packages'41743 ··-·'"grub2-common"·in·ansible_facts.packages'
 41744 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
41745 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41745 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41746 ··tags:41746 ··tags:
41747 ··-·CJIS-5.5.2.241747 ··-·CJIS-5.5.2.2
41748 ··-·NIST-800-171-3.4.541748 ··-·NIST-800-171-3.4.5
41749 ··-·NIST-800-53-AC-6(1)41749 ··-·NIST-800-53-AC-6(1)
41750 ··-·NIST-800-53-CM-6(a)41750 ··-·NIST-800-53-CM-6(a)
41751 ··-·PCI-DSS-Req-7.141751 ··-·PCI-DSS-Req-7.1
Offset 41758, 16 lines modifiedOffset 41758, 16 lines modified
41758 ··-·no_reboot_needed41758 ··-·no_reboot_needed
  
41759 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg41759 -·name:·Ensure·group·owner·0·on·/boot/grub2/user.cfg
41760 ··file:41760 ··file:
41761 ····path:·/boot/grub2/user.cfg41761 ····path:·/boot/grub2/user.cfg
41762 ····group:·'0'41762 ····group:·'0'
41763 ··when:41763 ··when:
41764 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41765 ··-·'"grub2-common"·in·ansible_facts.packages'41764 ··-·'"grub2-common"·in·ansible_facts.packages'
 41765 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
41766 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41766 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41767 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists41767 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
41768 ··tags:41768 ··tags:
41769 ··-·CJIS-5.5.2.241769 ··-·CJIS-5.5.2.2
41770 ··-·NIST-800-171-3.4.541770 ··-·NIST-800-171-3.4.5
41771 ··-·NIST-800-53-AC-6(1)41771 ··-·NIST-800-53-AC-6(1)
41772 ··-·NIST-800-53-CM-6(a)41772 ··-·NIST-800-53-CM-6(a)
Offset 41779, 15 lines modifiedOffset 41779, 15 lines modified
41779 ··-·medium_severity41779 ··-·medium_severity
41780 ··-·no_reboot_needed41780 ··-·no_reboot_needed
41781 Remediation_Shell_script_⇲41781 Remediation_Shell_script_⇲
41782 Complexity:·low41782 Complexity:·low
41783 Disruption:·low41783 Disruption:·low
41784 Strategy:···configure41784 Strategy:···configure
41785 #·Remediation·is·applicable·only·in·certain·platforms41785 #·Remediation·is·applicable·only·in·certain·platforms
41786 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then41786 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
41787 chgrp·0·/boot/grub2/user.cfg41787 chgrp·0·/boot/grub2/user.cfg
  
41788 else41788 else
41789 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'41789 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
41790 fi41790 fi
41791 ***·Rule  ·Verify·/boot/grub2/user.cfg·User·Ownership·  [ref]·***41791 ***·Rule  ·Verify·/boot/grub2/user.cfg·User·Ownership·  [ref]·***
Offset 41818, 16 lines modifiedOffset 41818, 16 lines modified
41818 ··-·no_reboot_needed41818 ··-·no_reboot_needed
  
41819 -·name:·Test·for·existence·/boot/grub2/user.cfg41819 -·name:·Test·for·existence·/boot/grub2/user.cfg
41820 ··stat:41820 ··stat:
41821 ····path:·/boot/grub2/user.cfg41821 ····path:·/boot/grub2/user.cfg
41822 ··register:·file_exists41822 ··register:·file_exists
41823 ··when:41823 ··when:
41824 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41825 ··-·'"grub2-common"·in·ansible_facts.packages'41824 ··-·'"grub2-common"·in·ansible_facts.packages'
 41825 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
41826 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41826 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41827 ··tags:41827 ··tags:
41828 ··-·CJIS-5.5.2.241828 ··-·CJIS-5.5.2.2
41829 ··-·NIST-800-171-3.4.541829 ··-·NIST-800-171-3.4.5
41830 ··-·NIST-800-53-AC-6(1)41830 ··-·NIST-800-53-AC-6(1)
41831 ··-·NIST-800-53-CM-6(a)41831 ··-·NIST-800-53-CM-6(a)
41832 ··-·PCI-DSS-Req-7.141832 ··-·PCI-DSS-Req-7.1
Offset 41839, 16 lines modifiedOffset 41839, 16 lines modified
41839 ··-·no_reboot_needed41839 ··-·no_reboot_needed
  
41840 -·name:·Ensure·owner·0·on·/boot/grub2/user.cfg41840 -·name:·Ensure·owner·0·on·/boot/grub2/user.cfg
41841 ··file:41841 ··file:
41842 ····path:·/boot/grub2/user.cfg41842 ····path:·/boot/grub2/user.cfg
41843 ····owner:·'0'41843 ····owner:·'0'
41844 ··when:41844 ··when:
41845 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41846 ··-·'"grub2-common"·in·ansible_facts.packages'41845 ··-·'"grub2-common"·in·ansible_facts.packages'
 41846 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
41847 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41847 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41848 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists41848 ··-·file_exists.stat·is·defined·and·file_exists.stat.exists
41849 ··tags:41849 ··tags:
41850 ··-·CJIS-5.5.2.241850 ··-·CJIS-5.5.2.2
41851 ··-·NIST-800-171-3.4.541851 ··-·NIST-800-171-3.4.5
41852 ··-·NIST-800-53-AC-6(1)41852 ··-·NIST-800-53-AC-6(1)
41853 ··-·NIST-800-53-CM-6(a)41853 ··-·NIST-800-53-CM-6(a)
Offset 41860, 15 lines modifiedOffset 41860, 15 lines modified
41860 ··-·medium_severity41860 ··-·medium_severity
41861 ··-·no_reboot_needed41861 ··-·no_reboot_needed
41862 Remediation_Shell_script_⇲41862 Remediation_Shell_script_⇲
41863 Complexity:·low41863 Complexity:·low
41864 Disruption:·low41864 Disruption:·low
41865 Strategy:···configure41865 Strategy:···configure
41866 #·Remediation·is·applicable·only·in·certain·platforms41866 #·Remediation·is·applicable·only·in·certain·platforms
41867 if·[·-f·/sys/firmware/efi·]·&&·rpm·--quiet·-q·grub2-common·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then41867 if·rpm·--quiet·-q·grub2-common·&&·[·-f·/sys/firmware/efi·]·&&·{·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·};·then
  
41868 chown·0·/boot/grub2/user.cfg41868 chown·0·/boot/grub2/user.cfg
  
41869 else41869 else
41870 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'41870 ····>&2·echo·'Remediation·is·not·applicable,·nothing·was·done'
41871 fi41871 fi
41872 ***·Rule  ·Verify·the·UEFI·Boot·Loader·grub.cfg·Permissions·  [ref]·***41872 ***·Rule  ·Verify·the·UEFI·Boot·Loader·grub.cfg·Permissions·  [ref]·***
Offset 41897, 16 lines modifiedOffset 41897, 16 lines modified
41897 ··-·no_reboot_needed41897 ··-·no_reboot_needed
  
41898 -·name:·Test·for·existence·/boot/grub2/grub.cfg41898 -·name:·Test·for·existence·/boot/grub2/grub.cfg
41899 ··stat:41899 ··stat:
41900 ····path:·/boot/grub2/grub.cfg41900 ····path:·/boot/grub2/grub.cfg
41901 ··register:·file_exists41901 ··register:·file_exists
41902 ··when:41902 ··when:
41903 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list' 
41904 ··-·'"grub2-common"·in·ansible_facts.packages'41903 ··-·'"grub2-common"·in·ansible_facts.packages'
 41904 ··-·'"/boot/efi"·in·ansible_mounts·|·map(attribute="mount")·|·list'
41905 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]41905 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
41906 ··tags:41906 ··tags:
41907 ··-·NIST-800-171-3.4.541907 ··-·NIST-800-171-3.4.5
41908 ··-·NIST-800-53-AC-6(1)41908 ··-·NIST-800-53-AC-6(1)
41909 ··-·NIST-800-53-CM-6(a)41909 ··-·NIST-800-53-CM-6(a)
41910 ··-·configure_strategy41910 ··-·configure_strategy
41911 ··-·file_permissions_efi_grub2_cfg41911 ··-·file_permissions_efi_grub2_cfg
Offset 41916, 16 lines modifiedOffset 41916, 16 lines modified
41916 ··-·no_reboot_needed41916 ··-·no_reboot_needed
  
41917 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg41917 -·name:·Ensure·permission·u-s,g-xwrs,o-xwrt·on·/boot/grub2/grub.cfg
41918 ··file:41918 ··file:
41919 ····path:·/boot/grub2/grub.cfg41919 ····path:·/boot/grub2/grub.cfg
Max diff block lines reached; 2985/7404 bytes (40.32%) of diff not shown.
5.05 KB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-stig.html
    
Offset 416870, 22 lines modifiedOffset 416870, 22 lines modified
0065c650:·6374·696f·6e73·5c73·2a3d·5c73·2a0a·2020··ctions\s*=\s*.··0065c650:·6374·696f·6e73·5c73·2a3d·5c73·2a0a·2020··ctions\s*=\s*.··
0065c660:·2020·2020·6c69·6e65·3a20·736d·7470·645f······line:·smtpd_0065c660:·2020·2020·6c69·6e65·3a20·736d·7470·645f······line:·smtpd_
0065c670:·636c·6965·6e74·5f72·6573·7472·6963·7469··client_restricti0065c670:·636c·6965·6e74·5f72·6573·7472·6963·7469··client_restricti
0065c680:·6f6e·7320·3d20·7065·726d·6974·5f6d·796e··ons·=·permit_myn0065c680:·6f6e·7320·3d20·7065·726d·6974·5f6d·796e··ons·=·permit_myn
0065c690:·6574·776f·726b·732c·7265·6a65·6374·0a20··etworks,reject.·0065c690:·6574·776f·726b·732c·7265·6a65·6374·0a20··etworks,reject.·
0065c6a0:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres0065c6a0:·2020·2020·2073·7461·7465·3a20·7072·6573·······state:·pres
0065c6b0:·656e·740a·2020·7768·656e·3a0a·2020·2d20··ent.··when:.··-·0065c6b0:·656e·740a·2020·7768·656e·3a0a·2020·2d20··ent.··when:.··-·
0065c6c0:·2722·706f·7374·6669·7822·2069·6e20·616e··'"postfix"·in·an 
0065c6d0:·7369·626c·655f·6661·6374·732e·7061·636b··sible_facts.pack 
0065c6e0:·6167·6573·270a·2020·2d20·616e·7369·626c··ages'.··-·ansibl 
0065c6f0:·655f·7669·7274·7561·6c69·7a61·7469·6f6e··e_virtualization 
0065c700:·5f74·7970·6520·6e6f·7420·696e·205b·2264··_type·not·in·["d 
0065c710:·6f63·6b65·7222·2c20·226c·7863·222c·2022··ocker",·"lxc",·" 
0065c720:·6f70·656e·767a·222c·2022·706f·646d·616e··openvz",·"podman 
0065c730:·222c·2022·636f·6e74·6169·6e65·7222·5d0a··",·"container"].0065c6c0:·616e·7369·626c·655f·7669·7274·7561·6c69··ansible_virtuali
 0065c6d0:·7a61·7469·6f6e·5f74·7970·6520·6e6f·7420··zation_type·not·
 0065c6e0:·696e·205b·2264·6f63·6b65·7222·2c20·226c··in·["docker",·"l
 0065c6f0:·7863·222c·2022·6f70·656e·767a·222c·2022··xc",·"openvz",·"
 0065c700:·706f·646d·616e·222c·2022·636f·6e74·6169··podman",·"contai
 0065c710:·6e65·7222·5d0a·2020·2d20·2722·706f·7374··ner"].··-·'"post
 0065c720:·6669·7822·2069·6e20·616e·7369·626c·655f··fix"·in·ansible_
 0065c730:·6661·6374·732e·7061·636b·6167·6573·270a··facts.packages'.
0065c740:·2020·7461·6773·3a0a·2020·2d20·6c6f·775f····tags:.··-·low_0065c740:·2020·7461·6773·3a0a·2020·2d20·6c6f·775f····tags:.··-·low_
0065c750:·636f·6d70·6c65·7869·7479·0a20·202d·206c··complexity.··-·l0065c750:·636f·6d70·6c65·7869·7479·0a20·202d·206c··complexity.··-·l
0065c760:·6f77·5f64·6973·7275·7074·696f·6e0a·2020··ow_disruption.··0065c760:·6f77·5f64·6973·7275·7074·696f·6e0a·2020··ow_disruption.··
0065c770:·2d20·6d65·6469·756d·5f73·6576·6572·6974··-·medium_severit0065c770:·2d20·6d65·6469·756d·5f73·6576·6572·6974··-·medium_severit
0065c780:·790a·2020·2d20·6e6f·5f72·6562·6f6f·745f··y.··-·no_reboot_0065c780:·790a·2020·2d20·6e6f·5f72·6562·6f6f·745f··y.··-·no_reboot_
0065c790:·6e65·6564·6564·0a20·202d·2070·6f73·7466··needed.··-·postf0065c790:·6e65·6564·6564·0a20·202d·2070·6f73·7466··needed.··-·postf
0065c7a0:·6978·5f70·7265·7665·6e74·5f75·6e72·6573··ix_prevent_unres0065c7a0:·6978·5f70·7265·7665·6e74·5f75·6e72·6573··ix_prevent_unres
Offset 416908, 20 lines modifiedOffset 416908, 20 lines modified
0065c8b0:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col0065c8b0:·636c·6173·733d·2270·616e·656c·2d63·6f6c··class="panel-col
0065c8c0:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·0065c8c0:·6c61·7073·6520·636f·6c6c·6170·7365·2220··lapse·collapse"·
0065c8d0:·6964·3d22·6964·6d36·3632·3934·223e·3c70··id="idm66294"><p0065c8d0:·6964·3d22·6964·6d36·3632·3934·223e·3c70··id="idm66294"><p
0065c8e0:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed0065c8e0:·7265·3e3c·636f·6465·3e23·2052·656d·6564··re><code>#·Remed
0065c8f0:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic0065c8f0:·6961·7469·6f6e·2069·7320·6170·706c·6963··iation·is·applic
0065c900:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer0065c900:·6162·6c65·206f·6e6c·7920·696e·2063·6572··able·only·in·cer
0065c910:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i0065c910:·7461·696e·2070·6c61·7466·6f72·6d73·0a69··tain·platforms.i
0065c920:·6620·7270·6d20·2d2d·7175·6965·7420·2d71··f·rpm·--quiet·-q 
0065c930:·2070·6f73·7466·6978·2026·616d·703b·2661···postfix·&amp;&a 
0065c940:·6d70·3b20·5b20·2120·2d66·202f·2e64·6f63··mp;·[·!·-f·/.doc0065c920:·6620·5b20·2120·2d66·202f·2e64·6f63·6b65··f·[·!·-f·/.docke
0065c950:·6b65·7265·6e76·205d·2026·616d·703b·2661··kerenv·]·&amp;&a0065c930:·7265·6e76·205d·2026·616d·703b·2661·6d70··renv·]·&amp;&amp
0065c960:·6d70·3b20·5b20·2120·2d66·202f·7275·6e2f··mp;·[·!·-f·/run/0065c940:·3b20·5b20·2120·2d66·202f·7275·6e2f·2e63··;·[·!·-f·/run/.c
0065c970:·2e63·6f6e·7461·696e·6572·656e·7620·5d3b··.containerenv·];0065c950:·6f6e·7461·696e·6572·656e·7620·5d20·2661··ontainerenv·]·&a
 0065c960:·6d70·3b26·616d·703b·2072·706d·202d·2d71··mp;&amp;·rpm·--q
 0065c970:·7569·6574·202d·7120·706f·7374·6669·783b··uiet·-q·postfix;
0065c980:·2074·6865·6e0a·0a69·6620·2120·6772·6570···then..if·!·grep0065c980:·2074·6865·6e0a·0a69·6620·2120·6772·6570···then..if·!·grep
0065c990:·202d·7120·5e73·6d74·7064·5f63·6c69·656e···-q·^smtpd_clien0065c990:·202d·7120·5e73·6d74·7064·5f63·6c69·656e···-q·^smtpd_clien
0065c9a0:·745f·7265·7374·7269·6374·696f·6e73·202f··t_restrictions·/0065c9a0:·745f·7265·7374·7269·6374·696f·6e73·202f··t_restrictions·/
0065c9b0:·6574·632f·706f·7374·6669·782f·6d61·696e··etc/postfix/main0065c9b0:·6574·632f·706f·7374·6669·782f·6d61·696e··etc/postfix/main
0065c9c0:·2e63·663b·2074·6865·6e0a·0965·6368·6f20··.cf;·then..echo·0065c9c0:·2e63·663b·2074·6865·6e0a·0965·6368·6f20··.cf;·then..echo·
0065c9d0:·2273·6d74·7064·5f63·6c69·656e·745f·7265··"smtpd_client_re0065c9d0:·2273·6d74·7064·5f63·6c69·656e·745f·7265··"smtpd_client_re
0065c9e0:·7374·7269·6374·696f·6e73·203d·2070·6572··strictions·=·per0065c9e0:·7374·7269·6374·696f·6e73·203d·2070·6572··strictions·=·per
1.12 KB
html2text {}
    
Offset 88767, 26 lines modifiedOffset 88767, 26 lines modified
88767 ····lineinfile:88767 ····lineinfile:
88768 ······path:·/etc/postfix/main.cf88768 ······path:·/etc/postfix/main.cf
88769 ······create:·true88769 ······create:·true
88770 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*88770 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
88771 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject88771 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject
88772 ······state:·present88772 ······state:·present
88773 ··when:88773 ··when:
88774 ··-·'"postfix"·in·ansible_facts.packages' 
88775 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]88774 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 88775 ··-·'"postfix"·in·ansible_facts.packages'
88776 ··tags:88776 ··tags:
88777 ··-·low_complexity88777 ··-·low_complexity
88778 ··-·low_disruption88778 ··-·low_disruption
88779 ··-·medium_severity88779 ··-·medium_severity
88780 ··-·no_reboot_needed88780 ··-·no_reboot_needed
88781 ··-·postfix_prevent_unrestricted_relay88781 ··-·postfix_prevent_unrestricted_relay
88782 ··-·restrict_strategy88782 ··-·restrict_strategy
88783 Remediation_Shell_script_⇲88783 Remediation_Shell_script_⇲
88784 #·Remediation·is·applicable·only·in·certain·platforms88784 #·Remediation·is·applicable·only·in·certain·platforms
88785 if·rpm·--quiet·-q·postfix·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then88785 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·postfix;·then
  
88786 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then88786 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then
88787 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf88787 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf
88788 else88788 else
88789 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf88789 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf
88790 fi88790 fi
  
5.2 KB
./usr/share/doc/ssg-nondebian/ssg-cs9-guide-stig_gui.html
    
Offset 416544, 23 lines modifiedOffset 416544, 23 lines modified
0065b1f0:·645f·636c·6965·6e74·5f72·6573·7472·6963··d_client_restric0065b1f0:·645f·636c·6965·6e74·5f72·6573·7472·6963··d_client_restric
0065b200:·7469·6f6e·735c·732a·3d5c·732a·0a20·2020··tions\s*=\s*.···0065b200:·7469·6f6e·735c·732a·3d5c·732a·0a20·2020··tions\s*=\s*.···
0065b210:·2020·206c·696e·653a·2073·6d74·7064·5f63·····line:·smtpd_c0065b210:·2020·206c·696e·653a·2073·6d74·7064·5f63·····line:·smtpd_c
0065b220:·6c69·656e·745f·7265·7374·7269·6374·696f··lient_restrictio0065b220:·6c69·656e·745f·7265·7374·7269·6374·696f··lient_restrictio
0065b230:·6e73·203d·2070·6572·6d69·745f·6d79·6e65··ns·=·permit_myne0065b230:·6e73·203d·2070·6572·6d69·745f·6d79·6e65··ns·=·permit_myne
0065b240:·7477·6f72·6b73·2c72·656a·6563·740a·2020··tworks,reject.··0065b240:·7477·6f72·6b73·2c72·656a·6563·740a·2020··tworks,reject.··
0065b250:·2020·2020·7374·6174·653a·2070·7265·7365······state:·prese0065b250:·2020·2020·7374·6174·653a·2070·7265·7365······state:·prese
0065b260:·6e74·0a20·2077·6865·6e3a·0a20·202d·2027··nt.··when:.··-·'0065b260:·6e74·0a20·2077·6865·6e3a·0a20·202d·2061··nt.··when:.··-·a
0065b270:·2270·6f73·7466·6978·2220·696e·2061·6e73··"postfix"·in·ans 
0065b280:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa 
0065b290:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible 
0065b2a0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_ 
0065b2b0:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do 
0065b2c0:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o 
0065b2d0:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman" 
0065b2e0:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·0065b270:·6e73·6962·6c65·5f76·6972·7475·616c·697a··nsible_virtualiz
 0065b280:·6174·696f·6e5f·7479·7065·206e·6f74·2069··ation_type·not·i
 0065b290:·6e20·5b22·646f·636b·6572·222c·2022·6c78··n·["docker",·"lx
 0065b2a0:·6322·2c20·226f·7065·6e76·7a22·2c20·2270··c",·"openvz",·"p
 0065b2b0:·6f64·6d61·6e22·2c20·2263·6f6e·7461·696e··odman",·"contain
 0065b2c0:·6572·225d·0a20·202d·2027·2270·6f73·7466··er"].··-·'"postf
 0065b2d0:·6978·2220·696e·2061·6e73·6962·6c65·5f66··ix"·in·ansible_f
 0065b2e0:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·
0065b2f0:·2074·6167·733a·0a20·202d·206c·6f77·5f63···tags:.··-·low_c0065b2f0:·2074·6167·733a·0a20·202d·206c·6f77·5f63···tags:.··-·low_c
0065b300:·6f6d·706c·6578·6974·790a·2020·2d20·6c6f··omplexity.··-·lo0065b300:·6f6d·706c·6578·6974·790a·2020·2d20·6c6f··omplexity.··-·lo
0065b310:·775f·6469·7372·7570·7469·6f6e·0a20·202d··w_disruption.··-0065b310:·775f·6469·7372·7570·7469·6f6e·0a20·202d··w_disruption.··-
0065b320:·206d·6564·6975·6d5f·7365·7665·7269·7479···medium_severity0065b320:·206d·6564·6975·6d5f·7365·7665·7269·7479···medium_severity
0065b330:·0a20·202d·206e·6f5f·7265·626f·6f74·5f6e··.··-·no_reboot_n0065b330:·0a20·202d·206e·6f5f·7265·626f·6f74·5f6e··.··-·no_reboot_n
0065b340:·6565·6465·640a·2020·2d20·706f·7374·6669··eeded.··-·postfi0065b340:·6565·6465·640a·2020·2d20·706f·7374·6669··eeded.··-·postfi
0065b350:·785f·7072·6576·656e·745f·756e·7265·7374··x_prevent_unrest0065b350:·785f·7072·6576·656e·745f·756e·7265·7374··x_prevent_unrest
Offset 416583, 20 lines modifiedOffset 416583, 20 lines modified
0065b460:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll0065b460:·6c61·7373·3d22·7061·6e65·6c2d·636f·6c6c··lass="panel-coll
0065b470:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i0065b470:·6170·7365·2063·6f6c·6c61·7073·6522·2069··apse·collapse"·i
0065b480:·643d·2269·646d·3636·3239·3422·3e3c·7072··d="idm66294"><pr0065b480:·643d·2269·646d·3636·3239·3422·3e3c·7072··d="idm66294"><pr
0065b490:·653e·3c63·6f64·653e·2320·5265·6d65·6469··e><code>#·Remedi0065b490:·653e·3c63·6f64·653e·2320·5265·6d65·6469··e><code>#·Remedi
0065b4a0:·6174·696f·6e20·6973·2061·7070·6c69·6361··ation·is·applica0065b4a0:·6174·696f·6e20·6973·2061·7070·6c69·6361··ation·is·applica
0065b4b0:·626c·6520·6f6e·6c79·2069·6e20·6365·7274··ble·only·in·cert0065b4b0:·626c·6520·6f6e·6c79·2069·6e20·6365·7274··ble·only·in·cert
0065b4c0:·6169·6e20·706c·6174·666f·726d·730a·6966··ain·platforms.if0065b4c0:·6169·6e20·706c·6174·666f·726d·730a·6966··ain·platforms.if
0065b4d0:·2072·706d·202d·2d71·7569·6574·202d·7120···rpm·--quiet·-q· 
0065b4e0:·706f·7374·6669·7820·2661·6d70·3b26·616d··postfix·&amp;&am 
0065b4f0:·703b·205b·2021·202d·6620·2f2e·646f·636b··p;·[·!·-f·/.dock0065b4d0:·205b·2021·202d·6620·2f2e·646f·636b·6572···[·!·-f·/.docker
0065b500:·6572·656e·7620·5d20·2661·6d70·3b26·616d··erenv·]·&amp;&am0065b4e0:·656e·7620·5d20·2661·6d70·3b26·616d·703b··env·]·&amp;&amp;
0065b510:·703b·205b·2021·202d·6620·2f72·756e·2f2e··p;·[·!·-f·/run/.0065b4f0:·205b·2021·202d·6620·2f72·756e·2f2e·636f···[·!·-f·/run/.co
0065b520:·636f·6e74·6169·6e65·7265·6e76·205d·3b20··containerenv·];·0065b500:·6e74·6169·6e65·7265·6e76·205d·2026·616d··ntainerenv·]·&am
 0065b510:·703b·2661·6d70·3b20·7270·6d20·2d2d·7175··p;&amp;·rpm·--qu
 0065b520:·6965·7420·2d71·2070·6f73·7466·6978·3b20··iet·-q·postfix;·
0065b530:·7468·656e·0a0a·6966·2021·2067·7265·7020··then..if·!·grep·0065b530:·7468·656e·0a0a·6966·2021·2067·7265·7020··then..if·!·grep·
0065b540:·2d71·205e·736d·7470·645f·636c·6965·6e74··-q·^smtpd_client0065b540:·2d71·205e·736d·7470·645f·636c·6965·6e74··-q·^smtpd_client
0065b550:·5f72·6573·7472·6963·7469·6f6e·7320·2f65··_restrictions·/e0065b550:·5f72·6573·7472·6963·7469·6f6e·7320·2f65··_restrictions·/e
0065b560:·7463·2f70·6f73·7466·6978·2f6d·6169·6e2e··tc/postfix/main.0065b560:·7463·2f70·6f73·7466·6978·2f6d·6169·6e2e··tc/postfix/main.
0065b570:·6366·3b20·7468·656e·0a09·6563·686f·2022··cf;·then..echo·"0065b570:·6366·3b20·7468·656e·0a09·6563·686f·2022··cf;·then..echo·"
0065b580:·736d·7470·645f·636c·6965·6e74·5f72·6573··smtpd_client_res0065b580:·736d·7470·645f·636c·6965·6e74·5f72·6573··smtpd_client_res
0065b590:·7472·6963·7469·6f6e·7320·3d20·7065·726d··trictions·=·perm0065b590:·7472·6963·7469·6f6e·7320·3d20·7065·726d··trictions·=·perm
1.12 KB
html2text {}
    
Offset 88694, 26 lines modifiedOffset 88694, 26 lines modified
88694 ····lineinfile:88694 ····lineinfile:
88695 ······path:·/etc/postfix/main.cf88695 ······path:·/etc/postfix/main.cf
88696 ······create:·true88696 ······create:·true
88697 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*88697 ······regexp:·^[·\t]*smtpd_client_restrictions\s*=\s*
88698 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject88698 ······line:·smtpd_client_restrictions·=·permit_mynetworks,reject
88699 ······state:·present88699 ······state:·present
88700 ··when:88700 ··when:
88701 ··-·'"postfix"·in·ansible_facts.packages' 
88702 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]88701 ··-·ansible_virtualization_type·not·in·["docker",·"lxc",·"openvz",·"podman",·"container"]
 88702 ··-·'"postfix"·in·ansible_facts.packages'
88703 ··tags:88703 ··tags:
88704 ··-·low_complexity88704 ··-·low_complexity
88705 ··-·low_disruption88705 ··-·low_disruption
88706 ··-·medium_severity88706 ··-·medium_severity
88707 ··-·no_reboot_needed88707 ··-·no_reboot_needed
88708 ··-·postfix_prevent_unrestricted_relay88708 ··-·postfix_prevent_unrestricted_relay
88709 ··-·restrict_strategy88709 ··-·restrict_strategy
88710 Remediation_Shell_script_⇲88710 Remediation_Shell_script_⇲
88711 #·Remediation·is·applicable·only·in·certain·platforms88711 #·Remediation·is·applicable·only·in·certain·platforms
88712 if·rpm·--quiet·-q·postfix·&&·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·];·then88712 if·[·!·-f·/.dockerenv·]·&&·[·!·-f·/run/.containerenv·]·&&·rpm·--quiet·-q·postfix;·then
  
88713 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then88713 if·!·grep·-q·^smtpd_client_restrictions·/etc/postfix/main.cf;·then
88714 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf88714 »       echo·"smtpd_client_restrictions·=·permit_mynetworks,reject"·>>·/etc/postfix/main.cf
88715 else88715 else
88716 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf88716 »       sed·-i·"s/^smtpd_client_restrictions.*/smtpd_client_restrictions·=·permit_mynetworks,reject/g"·/etc/postfix/main.cf
88717 fi88717 fi
  
1.18 MB
./usr/share/doc/ssg-nondebian/ssg-fedora-guide-ospp.html
    
Offset 54073, 23 lines modifiedOffset 54073, 23 lines modified
000d3380:·6f74·5f72·6571·7569·7265·640a·2020·2d20··ot_required.··-·000d3380:·6f74·5f72·6571·7569·7265·640a·2020·2d20··ot_required.··-·
000d3390:·7265·7374·7269·6374·5f73·7472·6174·6567··restrict_strateg000d3390:·7265·7374·7269·6374·5f73·7472·6174·6567··restrict_strateg
000d33a0:·790a·0a2d·206e·616d·653a·2053·6574·2061··y..-·name:·Set·a000d33a0:·790a·0a2d·206e·616d·653a·2053·6574·2061··y..-·name:·Set·a
000d33b0:·7263·6869·7465·6374·7572·6520·666f·7220··rchitecture·for·000d33b0:·7263·6869·7465·6374·7572·6520·666f·7220··rchitecture·for·
000d33c0:·6175·6469·7420·6368·6d6f·6420·7461·736b··audit·chmod·task000d33c0:·6175·6469·7420·6368·6d6f·6420·7461·736b··audit·chmod·task
000d33d0:·730a·2020·7365·745f·6661·6374·3a0a·2020··s.··set_fact:.··000d33d0:·730a·2020·7365·745f·6661·6374·3a0a·2020··s.··set_fact:.··
000d33e0:·2020·6175·6469·745f·6172·6368·3a20·6236····audit_arch:·b6000d33e0:·2020·6175·6469·745f·6172·6368·3a20·6236····audit_arch:·b6
000d33f0:·340a·2020·7768·656e·3a0a·2020·2d20·616e··4.··when:.··-·an000d33f0:·340a·2020·7768·656e·3a0a·2020·2d20·2722··4.··when:.··-·'"
000d3400:·7369·626c·655f·7669·7274·7561·6c69·7a61··sible_virtualiza 
000d3410:·7469·6f6e·5f74·7970·6520·6e6f·7420·696e··tion_type·not·in 
000d3420:·205b·2264·6f63·6b65·7222·2c20·226c·7863···["docker",·"lxc 
000d3430:·222c·2022·6f70·656e·767a·222c·2022·706f··",·"openvz",·"po 
000d3440:·646d·616e·222c·2022·636f·6e74·6169·6e65··dman",·"containe 
000d3450:·7222·5d0a·2020·2d20·2722·6175·6469·7422··r"].··-·'"audit" 
000d3460:·2069·6e20·616e·7369·626c·655f·6661·6374···in·ansible_fact 
000d3470:·732e·7061·636b·6167·6573·270a·2020·2d20··s.packages'.··-·000d3400:·6175·6469·7422·2069·6e20·616e·7369·626c··audit"·in·ansibl
 000d3410:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages
 000d3420:·270a·2020·2d20·616e·7369·626c·655f·7669··'.··-·ansible_vi
 000d3430:·7274·7561·6c69·7a61·7469·6f6e·5f74·7970··rtualization_typ
 000d3440:·6520·6e6f·7420·696e·205b·2264·6f63·6b65··e·not·in·["docke
 000d3450:·7222·2c20·226c·7863·222c·2022·6f70·656e··r",·"lxc",·"open
 000d3460:·767a·222c·2022·706f·646d·616e·222c·2022··vz",·"podman",·"
 000d3470:·636f·6e74·6169·6e65·7222·5d0a·2020·2d20··container"].··-·
000d3480:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec000d3480:·616e·7369·626c·655f·6172·6368·6974·6563··ansible_architec
000d3490:·7475·7265·203d·3d20·2261·6172·6368·3634··ture·==·"aarch64000d3490:·7475·7265·203d·3d20·2261·6172·6368·3634··ture·==·"aarch64
000d34a0:·2220·6f72·2061·6e73·6962·6c65·5f61·7263··"·or·ansible_arc000d34a0:·2220·6f72·2061·6e73·6962·6c65·5f61·7263··"·or·ansible_arc
000d34b0:·6869·7465·6374·7572·6520·3d3d·2022·7070··hitecture·==·"pp000d34b0:·6869·7465·6374·7572·6520·3d3d·2022·7070··hitecture·==·"pp
000d34c0:·6336·3422·206f·7220·616e·7369·626c·655f··c64"·or·ansible_000d34c0:·6336·3422·206f·7220·616e·7369·626c·655f··c64"·or·ansible_
000d34d0:·6172·6368·6974·6563·7475·7265·0a20·2020··architecture.···000d34d0:·6172·6368·6974·6563·7475·7265·0a20·2020··architecture.···
000d34e0:·203d·3d20·2270·7063·3634·6c65·2220·6f72···==·"ppc64le"·or000d34e0:·203d·3d20·2270·7063·3634·6c65·2220·6f72···==·"ppc64le"·or
Offset 54395, 23 lines modifiedOffset 54395, 23 lines modified
000d47a0:·726d·5f6d·6f64·0a20·2020·2020·2063·7265··rm_mod.······cre000d47a0:·726d·5f6d·6f64·0a20·2020·2020·2063·7265··rm_mod.······cre
000d47b0:·6174·653a·2074·7275·650a·2020·2020·2020··ate:·true.······000d47b0:·6174·653a·2074·7275·650a·2020·2020·2020··ate:·true.······
000d47c0:·6d6f·6465·3a20·6f2d·7277·780a·2020·2020··mode:·o-rwx.····000d47c0:·6d6f·6465·3a20·6f2d·7277·780a·2020·2020··mode:·o-rwx.····
000d47d0:·2020·7374·6174·653a·2070·7265·7365·6e74····state:·present000d47d0:·2020·7374·6174·653a·2070·7265·7365·6e74····state:·present
000d47e0:·0a20·2020·2077·6865·6e3a·2073·7973·6361··.····when:·sysca000d47e0:·0a20·2020·2077·6865·6e3a·2073·7973·6361··.····when:·sysca
000d47f0:·6c6c·735f·666f·756e·6420·7c20·6c65·6e67··lls_found·|·leng000d47f0:·6c6c·735f·666f·756e·6420·7c20·6c65·6e67··lls_found·|·leng
000d4800:·7468·203d·3d20·300a·2020·7768·656e·3a0a··th·==·0.··when:.000d4800:·7468·203d·3d20·300a·2020·7768·656e·3a0a··th·==·0.··when:.
000d4810:·2020·2d20·616e·7369·626c·655f·7669·7274····-·ansible_virt 
000d4820:·7561·6c69·7a61·7469·6f6e·5f74·7970·6520··ualization_type· 
000d4830:·6e6f·7420·696e·205b·2264·6f63·6b65·7222··not·in·["docker" 
000d4840:·2c20·226c·7863·222c·2022·6f70·656e·767a··,·"lxc",·"openvz 
000d4850:·222c·2022·706f·646d·616e·222c·2022·636f··",·"podman",·"co 
000d4860:·6e74·6169·6e65·7222·5d0a·2020·2d20·2722··ntainer"].··-·'" 
000d4870:·6175·6469·7422·2069·6e20·616e·7369·626c··audit"·in·ansibl 
000d4880:·655f·6661·6374·732e·7061·636b·6167·6573··e_facts.packages000d4810:·2020·2d20·2722·6175·6469·7422·2069·6e20····-·'"audit"·in·
 000d4820:·616e·7369·626c·655f·6661·6374·732e·7061··ansible_facts.pa
 000d4830:·636b·6167·6573·270a·2020·2d20·616e·7369··ckages'.··-·ansi
 000d4840:·626c·655f·7669·7274·7561·6c69·7a61·7469··ble_virtualizati
 000d4850:·6f6e·5f74·7970·6520·6e6f·7420·696e·205b··on_type·not·in·[
 000d4860:·2264·6f63·6b65·7222·2c20·226c·7863·222c··"docker",·"lxc",
 000d4870:·2022·6f70·656e·767a·222c·2022·706f·646d···"openvz",·"podm
 000d4880:·616e·222c·2022·636f·6e74·6169·6e65·7222··an",·"container"
000d4890:·270a·2020·7461·6773·3a0a·2020·2d20·434a··'.··tags:.··-·CJ000d4890:·5d0a·2020·7461·6773·3a0a·2020·2d20·434a··].··tags:.··-·CJ
000d48a0:·4953·2d35·2e34·2e31·2e31·0a20·202d·204e··IS-5.4.1.1.··-·N000d48a0:·4953·2d35·2e34·2e31·2e31·0a20·202d·204e··IS-5.4.1.1.··-·N
000d48b0:·4953·542d·3830·302d·3137·312d·332e·312e··IST-800-171-3.1.000d48b0:·4953·542d·3830·302d·3137·312d·332e·312e··IST-800-171-3.1.
000d48c0:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5000d48c0:·370a·2020·2d20·4e49·5354·2d38·3030·2d35··7.··-·NIST-800-5
000d48d0:·332d·4155·2d31·3228·6329·0a20·202d·204e··3-AU-12(c).··-·N000d48d0:·332d·4155·2d31·3228·6329·0a20·202d·204e··3-AU-12(c).··-·N
000d48e0:·4953·542d·3830·302d·3533·2d41·552d·3228··IST-800-53-AU-2(000d48e0:·4953·542d·3830·302d·3533·2d41·552d·3228··IST-800-53-AU-2(
000d48f0:·6429·0a20·202d·204e·4953·542d·3830·302d··d).··-·NIST-800-000d48f0:·6429·0a20·202d·204e·4953·542d·3830·302d··d).··-·NIST-800-
000d4900:·3533·2d43·4d2d·3628·6129·0a20·202d·2050··53-CM-6(a).··-·P000d4900:·3533·2d43·4d2d·3628·6129·0a20·202d·2050··53-CM-6(a).··-·P
Offset 54705, 22 lines modifiedOffset 54705, 22 lines modified
000d5b00:·6d6f·640a·2020·2020·2020·6372·6561·7465··mod.······create000d5b00:·6d6f·640a·2020·2020·2020·6372·6561·7465··mod.······create
000d5b10:·3a20·7472·7565·0a20·2020·2020·206d·6f64··:·true.······mod000d5b10:·3a20·7472·7565·0a20·2020·2020·206d·6f64··:·true.······mod
000d5b20:·653a·206f·2d72·7778·0a20·2020·2020·2073··e:·o-rwx.······s000d5b20:·653a·206f·2d72·7778·0a20·2020·2020·2073··e:·o-rwx.······s
000d5b30:·7461·7465·3a20·7072·6573·656e·740a·2020··tate:·present.··000d5b30:·7461·7465·3a20·7072·6573·656e·740a·2020··tate:·present.··
000d5b40:·2020·7768·656e·3a20·7379·7363·616c·6c73····when:·syscalls000d5b40:·2020·7768·656e·3a20·7379·7363·616c·6c73····when:·syscalls
000d5b50:·5f66·6f75·6e64·207c·206c·656e·6774·6820··_found·|·length·000d5b50:·5f66·6f75·6e64·207c·206c·656e·6774·6820··_found·|·length·
000d5b60:·3d3d·2030·0a20·2077·6865·6e3a·0a20·202d··==·0.··when:.··-000d5b60:·3d3d·2030·0a20·2077·6865·6e3a·0a20·202d··==·0.··when:.··-
000d5b70:·2061·6e73·6962·6c65·5f76·6972·7475·616c···ansible_virtual 
000d5b80:·697a·6174·696f·6e5f·7479·7065·206e·6f74··ization_type·not 
000d5b90:·2069·6e20·5b22·646f·636b·6572·222c·2022···in·["docker",·" 
000d5ba0:·6c78·6322·2c20·226f·7065·6e76·7a22·2c20··lxc",·"openvz",· 
000d5bb0:·2270·6f64·6d61·6e22·2c20·2263·6f6e·7461··"podman",·"conta 
000d5bc0:·696e·6572·225d·0a20·202d·2027·2261·7564··iner"].··-·'"aud 
000d5bd0:·6974·2220·696e·2061·6e73·6962·6c65·5f66··it"·in·ansible_f 
000d5be0:·6163·7473·2e70·6163·6b61·6765·7327·0a20··acts.packages'.·000d5b70:·2027·2261·7564·6974·2220·696e·2061·6e73···'"audit"·in·ans
 000d5b80:·6962·6c65·5f66·6163·7473·2e70·6163·6b61··ible_facts.packa
 000d5b90:·6765·7327·0a20·202d·2061·6e73·6962·6c65··ges'.··-·ansible
 000d5ba0:·5f76·6972·7475·616c·697a·6174·696f·6e5f··_virtualization_
 000d5bb0:·7479·7065·206e·6f74·2069·6e20·5b22·646f··type·not·in·["do
 000d5bc0:·636b·6572·222c·2022·6c78·6322·2c20·226f··cker",·"lxc",·"o
 000d5bd0:·7065·6e76·7a22·2c20·2270·6f64·6d61·6e22··penvz",·"podman"
 000d5be0:·2c20·2263·6f6e·7461·696e·6572·225d·0a20··,·"container"].·
000d5bf0:·202d·2061·7564·6974·5f61·7263·6820·3d3d···-·audit_arch·==000d5bf0:·202d·2061·7564·6974·5f61·7263·6820·3d3d···-·audit_arch·==
000d5c00:·2022·6236·3422·0a20·2074·6167·733a·0a20···"b64".··tags:.·000d5c00:·2022·6236·3422·0a20·2074·6167·733a·0a20···"b64".··tags:.·
000d5c10:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.000d5c10:·202d·2043·4a49·532d·352e·342e·312e·310a···-·CJIS-5.4.1.1.
000d5c20:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-171000d5c20:·2020·2d20·4e49·5354·2d38·3030·2d31·3731····-·NIST-800-171
000d5c30:·2d33·2e31·2e37·0a20·202d·204e·4953·542d··-3.1.7.··-·NIST-000d5c30:·2d33·2e31·2e37·0a20·202d·204e·4953·542d··-3.1.7.··-·NIST-
000d5c40:·3830·302d·3533·2d41·552d·3132·2863·290a··800-53-AU-12(c).000d5c40:·3830·302d·3533·2d41·552d·3132·2863·290a··800-53-AU-12(c).
000d5c50:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-000d5c50:·2020·2d20·4e49·5354·2d38·3030·2d35·332d····-·NIST-800-53-
Offset 54753, 20 lines modifiedOffset 54753, 20 lines modified
000d5e00:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla000d5e00:·6173·733d·2270·616e·656c·2d63·6f6c·6c61··ass="panel-colla
000d5e10:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id000d5e10:·7073·6520·636f·6c6c·6170·7365·2220·6964··pse·collapse"·id
000d5e20:·3d22·6964·6d31·3632·3838·223e·3c70·7265··="idm16288"><pre000d5e20:·3d22·6964·6d31·3632·3838·223e·3c70·7265··="idm16288"><pre
000d5e30:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia000d5e30:·3e3c·636f·6465·3e23·2052·656d·6564·6961··><code>#·Remedia
000d5e40:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab000d5e40:·7469·6f6e·2069·7320·6170·706c·6963·6162··tion·is·applicab
000d5e50:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa000d5e50:·6c65·206f·6e6c·7920·696e·2063·6572·7461··le·only·in·certa
000d5e60:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·000d5e60:·696e·2070·6c61·7466·6f72·6d73·0a69·6620··in·platforms.if·
 000d5e70:·7270·6d20·2d2d·7175·6965·7420·2d71·2061··rpm·--quiet·-q·a
 000d5e80:·7564·6974·2026·616d·703b·2661·6d70·3b20··udit·&amp;&amp;·
000d5e70:·5b20·2120·2d66·202f·2e64·6f63·6b65·7265··[·!·-f·/.dockere000d5e90:·5b20·2120·2d66·202f·2e64·6f63·6b65·7265··[·!·-f·/.dockere
000d5e80:·6e76·205d·2026·616d·703b·2661·6d70·3b20··nv·]·&amp;&amp;·000d5ea0:·6e76·205d·2026·616d·703b·2661·6d70·3b20··nv·]·&amp;&amp;·
000d5e90:·5b20·2120·2d66·202f·7275·6e2f·2e63·6f6e··[·!·-f·/run/.con000d5eb0:·5b20·2120·2d66·202f·7275·6e2f·2e63·6f6e··[·!·-f·/run/.con
000d5ea0:·7461·696e·6572·656e·7620·5d20·2661·6d70··tainerenv·]·&amp000d5ec0:·7461·696e·6572·656e·7620·5d3b·2074·6865··tainerenv·];·the
000d5eb0:·3b26·616d·703b·2072·706d·202d·2d71·7569··;&amp;·rpm·--qui 
000d5ec0:·6574·202d·7120·6175·6469·743b·2074·6865··et·-q·audit;·the 
000d5ed0:·6e0a·0a23·2046·6972·7374·2070·6572·666f··n..#·First·perfo000d5ed0:·6e0a·0a23·2046·6972·7374·2070·6572·666f··n..#·First·perfo
000d5ee0:·726d·2074·6865·2072·656d·6564·6961·7469··rm·the·remediati000d5ee0:·726d·2074·6865·2072·656d·6564·6961·7469··rm·the·remediati
000d5ef0:·6f6e·206f·6620·7468·6520·7379·7363·616c··on·of·the·syscal000d5ef0:·6f6e·206f·6620·7468·6520·7379·7363·616c··on·of·the·syscal
000d5f00:·6c20·7275·6c65·0a23·2052·6574·7269·6576··l·rule.#·Retriev000d5f00:·6c20·7275·6c65·0a23·2052·6574·7269·6576··l·rule.#·Retriev
000d5f10:·6520·6861·7264·7761·7265·2061·7263·6869··e·hardware·archi000d5f10:·6520·6861·7264·7761·7265·2061·7263·6869··e·hardware·archi
000d5f20:·7465·6374·7572·6520·6f66·2074·6865·2075··tecture·of·the·u000d5f20:·7465·6374·7572·6520·6f66·2074·6865·2075··tecture·of·the·u
000d5f30:·6e64·6572·6c79·696e·6720·7379·7374·656d··nderlying·system000d5f30:·6e64·6572·6c79·696e·6720·7379·7374·656d··nderlying·system
Offset 56550, 23 lines modifiedOffset 56550, 23 lines modified
000dce50:·7175·6972·6564·0a20·202d·2072·6573·7472··quired.··-·restr000dce50:·7175·6972·6564·0a20·202d·2072·6573·7472··quired.··-·restr
000dce60:·6963·745f·7374·7261·7465·6779·0a0a·2d20··ict_strategy..-·000dce60:·6963·745f·7374·7261·7465·6779·0a0a·2d20··ict_strategy..-·
000dce70:·6e61·6d65·3a20·5365·7420·6172·6368·6974··name:·Set·archit000dce70:·6e61·6d65·3a20·5365·7420·6172·6368·6974··name:·Set·archit
000dce80:·6563·7475·7265·2066·6f72·2061·7564·6974··ecture·for·audit000dce80:·6563·7475·7265·2066·6f72·2061·7564·6974··ecture·for·audit
000dce90:·2063·686f·776e·2074·6173·6b73·0a20·2073···chown·tasks.··s000dce90:·2063·686f·776e·2074·6173·6b73·0a20·2073···chown·tasks.··s
000dcea0:·6574·5f66·6163·743a·0a20